2003 Member server in a NT4 domain

I have looked all overTechnet & asked for help finding a related artice, all
to no avail.I am looking for cofirmation to the following statement:

Windows Server 2003, operating in a Windows NT domain, cannot access
security group membership information from the Windows NT Domain - it
can only validate user accounts and passwords, and membership in
built-in domain groups such as Domain Users. When using logins from a NT
domain, Windows 2003 can only confirm that the user login is valid, and
whether it is a member of built-in groups such as the Domain User group.
Thus, security
settings on the Windows 2003 server can only be applied to the built-in groups
or to individual user accounts.

On a Window Server 2003, user accounts that cannot be fully queried
for security permissions are given Guest Access. To override this, the
users can be added to built-in groups on the server, such as the Power
Users group. Without membership in a local built-in group to which
security can be fully queried, Window 2003 cannot properly assign
permissions, and thus will not allow the users to execute programs.

Thank you in advance for helping me to reslove this issue.

I have never seen that info myself and I have never used Windows 2003 in a
NT4.0 domain. What I would suggest is that you install Windows 2003 in your
NT4.0 domain to see exactly what happens. You can download or otherwise
obtain a fully functional evaluation version of Windows 2003 to try before
you purchase. Beyond that I would refer to the KB link below on security
setting incompatibilities. Windows 2003 is configured to be much more secure
that any other version of Windows and because of such you may need to tweak
Local Security Policy [secpol.msc] quite a bit to get it to work with NT4.0
properly. --- Steve

http://support.microsoft.com/default...b;en-us;823659
http://microsoft.order-5.com/windowsserver2003evaldl2/

"caseyb1" <(E-Mail Removed)> wrote in message
news:37CE3ECA-0F2C-4FAA-AB57-(E-Mail Removed)...
>I have looked all overTechnet & asked for help finding a related artice,
>all
> to no avail.I am looking for cofirmation to the following statement:
>
> Windows Server 2003, operating in a Windows NT domain, cannot access
> security group membership information from the Windows NT Domain - it
> can only validate user accounts and passwords, and membership in
> built-in domain groups such as Domain Users. When using logins from a NT
> domain, Windows 2003 can only confirm that the user login is valid, and
> whether it is a member of built-in groups such as the Domain User group.
> Thus, security
> settings on the Windows 2003 server can only be applied to the built-in
> groups
> or to individual user accounts.
>
> On a Window Server 2003, user accounts that cannot be fully queried
> for security permissions are given Guest Access. To override this, the
> users can be added to built-in groups on the server, such as the Power
> Users group. Without membership in a local built-in group to which
> security can be fully queried, Window 2003 cannot properly assign
> permissions, and thus will not allow the users to execute programs.
>
> Thank you in advance for helping me to reslove this issue.
>
>

I have the scenario in place. Our vendor is stating that 2003 cannot query
into non built in groups for domain level permissions. The application fails
without elevated member server local rights. I am questioning the statement.
I believe that 2003 has no trouble at all in working in a NT4 domain.

"Steven L Umbach" wrote:

> I have never seen that info myself and I have never used Windows 2003 in a
> NT4.0 domain. What I would suggest is that you install Windows 2003 in your
> NT4.0 domain to see exactly what happens. You can download or otherwise
> obtain a fully functional evaluation version of Windows 2003 to try before
> you purchase. Beyond that I would refer to the KB link below on security
> setting incompatibilities. Windows 2003 is configured to be much more secure
> that any other version of Windows and because of such you may need to tweak
> Local Security Policy [secpol.msc] quite a bit to get it to work with NT4.0
> properly. --- Steve
>
> http://support.microsoft.com/default...b;en-us;823659
> http://microsoft.order-5.com/windowsserver2003evaldl2/
>
> "caseyb1" <(E-Mail Removed)> wrote in message
> news:37CE3ECA-0F2C-4FAA-AB57-(E-Mail Removed)...
> >I have looked all overTechnet & asked for help finding a related artice,
> >all
> > to no avail.I am looking for cofirmation to the following statement:
> >
> > Windows Server 2003, operating in a Windows NT domain, cannot access
> > security group membership information from the Windows NT Domain - it
> > can only validate user accounts and passwords, and membership in
> > built-in domain groups such as Domain Users. When using logins from a NT
> > domain, Windows 2003 can only confirm that the user login is valid, and
> > whether it is a member of built-in groups such as the Domain User group.
> > Thus, security
> > settings on the Windows 2003 server can only be applied to the built-in
> > groups
> > or to individual user accounts.
> >
> > On a Window Server 2003, user accounts that cannot be fully queried
> > for security permissions are given Guest Access. To override this, the
> > users can be added to built-in groups on the server, such as the Power
> > Users group. Without membership in a local built-in group to which
> > security can be fully queried, Window 2003 cannot properly assign
> > permissions, and thus will not allow the users to execute programs.
> >
> > Thank you in advance for helping me to reslove this issue.
> >
> >
>
>
>

I tend to agree with you, though I have not tried out myself. Windows 2003
can use ntlm and netbios over tcp/ip name resolution if needed so I don't
understand what the problem could be as long as there are not conflicting
security options. --- Steve


"caseyb1" <(E-Mail Removed)> wrote in message
news:CFB59BEF-4838-40FC-95A6-(E-Mail Removed)...
>I have the scenario in place. Our vendor is stating that 2003 cannot query
> into non built in groups for domain level permissions. The application
> fails
> without elevated member server local rights. I am questioning the
> statement.
> I believe that 2003 has no trouble at all in working in a NT4 domain.
>
> "Steven L Umbach" wrote:
>
>> I have never seen that info myself and I have never used Windows 2003 in
>> a
>> NT4.0 domain. What I would suggest is that you install Windows 2003 in
>> your
>> NT4.0 domain to see exactly what happens. You can download or otherwise
>> obtain a fully functional evaluation version of Windows 2003 to try
>> before
>> you purchase. Beyond that I would refer to the KB link below on security
>> setting incompatibilities. Windows 2003 is configured to be much more
>> secure
>> that any other version of Windows and because of such you may need to
>> tweak
>> Local Security Policy [secpol.msc] quite a bit to get it to work with
>> NT4.0
>> properly. --- Steve
>>
>> http://support.microsoft.com/default...b;en-us;823659
>> http://microsoft.order-5.com/windowsserver2003evaldl2/
>>
>> "caseyb1" <(E-Mail Removed)> wrote in message
>> news:37CE3ECA-0F2C-4FAA-AB57-(E-Mail Removed)...
>> >I have looked all overTechnet & asked for help finding a related artice,
>> >all
>> > to no avail.I am looking for cofirmation to the following statement:
>> >
>> > Windows Server 2003, operating in a Windows NT domain, cannot access
>> > security group membership information from the Windows NT Domain - it
>> > can only validate user accounts and passwords, and membership in
>> > built-in domain groups such as Domain Users. When using logins from a
>> > NT
>> > domain, Windows 2003 can only confirm that the user login is valid, and
>> > whether it is a member of built-in groups such as the Domain User
>> > group.
>> > Thus, security
>> > settings on the Windows 2003 server can only be applied to the built-in
>> > groups
>> > or to individual user accounts.
>> >
>> > On a Window Server 2003, user accounts that cannot be fully queried
>> > for security permissions are given Guest Access. To override this, the
>> > users can be added to built-in groups on the server, such as the Power
>> > Users group. Without membership in a local built-in group to which
>> > security can be fully queried, Window 2003 cannot properly assign
>> > permissions, and thus will not allow the users to execute programs.
>> >
>> > Thank you in advance for helping me to reslove this issue.
>> >
>> >
>>
>>
>>