Microsoft Windows NT 4.0 Guide Instrukcja Użytkownika Pobierz pdf (Strona 153)

Microsoft

Windows Server

™

2003 White Paper

Windows NT 4.0 Server Upgrade Guide 148

System Management Server 2.0 (SP2 and below)

Proxy Server

For more information about this software, see the Microsoft BackOffice Server page

at http://www.microsoft.com/backofficeserver. Web addresses can change, so you

might be unable to connect to this Web site.

For a list of software supported by this version of Windows, see the Microsoft

Windows Compatibility List at http://go.microsoft.com/fwlink/?LinkId=9946.

Windows 95 and Windows NT 4.0 interoperability issues (Read Details!)

=====================================================================

Windows 95 and Windows NT 4.0 interoperability issues.

SUMMARY

Windows Server 2003 Domain Controllers implement default security settings that

help prevent Domain Controller communications from being hijacked or otherwise

tampered with. Certain down level machines are not capable of meeting these

security requirements and thus cannot communicate with Windows Server 2003 Domain

Controllers without administrative intervention.

Affected machines include Windows for Workgroups, Windows 95 machines that do not

have the DS client pack installed, Windows NT 4.0 machines prior to Service Pack 4,

and devices, including Pocket PC 2002 and previous versions, based on the Windows

CE .NET version 4.1 or earlier.

SMB SIGNING

By default, Windows Server 2003 Domain Controllers require that all clients

digitally sign SMB-based communications. The SMB protocol is used to provide file

sharing, print sharing, various remote administration functions, and logon

authentication for some down level clients. Windows for Workgroups, Windows 95

machines without the DS Client Pack, Windows NT 4.0 machines prior to Service Pack

3, and devices, including Pocket PC 2002 and previous versions, based on the

Windows CE .NET version 4.1 or earlier are not capable of performing SMB signing

and therefore cannot connect to Windows Server 2003 Domain Controllers by default.

If such clients cannot be upgraded to a current operating system or upgraded to

meet the minimum requirements described above, then the SMB signing requirement can

be removed by disabling the following security policy in the Default Domain

Controller GPO on the domain controllers OU:

Computer Configuration\Windows Settings\Security Settings\Local Policies\Security

Options\Microsoft Network Server: Digitally sign communications (always)

Detailed instructions on how to modify this setting are provided below.

Warning: Disabling this security setting exposes all of your Domain Controller

communications to "man in the middle" types of attacks. Therefore it is highly

recommended that you upgrade your clients rather than disabling this security

setting. The DS Client Pack, necessary for Windows 95 clients to perform SMB

signing, can be obtained from the \clients\win9x subdirectory of the Windows 2000

Server CD.

1 2 ... 148 149 150 151 152 153 154 155

Komentarze do niniejszej Instrukcji

Brak uwag

Microsoft Windows NT 4.0 Guide Instrukcja Użytkownika Strona 153

Komentarze do niniejszej Instrukcji

Powiązane produkty i podręczniki dla Serwery Microsoft Windows NT 4.0 Guide