A. When you run DCPROMO.EXE to create your Windows 2000 domain one of the stages asks if you wish to weaken security to enable 4.0 servers to act as RAS servers. If you said Yes but later decide you don't require this enter the following command:
C:\> <b>net localgroup "Pre-Windows 2000 Compatible Access" everyone </b>
This removes everyone from the local group "Pre-Windows 2000 Compatible Access". After entering the command you must restart the domain controller.
Security may be compromised when enabled because it allows anonymous users to read information in this domain. When Windows NT 4.0 RAS servers no longer exist in the domain, you can remove legacy access to Active Directory by using the command above.