2003 Member server in a NT4 domain

Discussion in 'Windows Networking' started by =?Utf-8?B?Y2FzZXliMQ==?=, Mar 7, 2005.

  1. I have looked all overTechnet & asked for help finding a related artice, all
    to no avail.I am looking for cofirmation to the following statement:

    Windows Server 2003, operating in a Windows NT domain, cannot access
    security group membership information from the Windows NT Domain - it
    can only validate user accounts and passwords, and membership in
    built-in domain groups such as Domain Users. When using logins from a NT
    domain, Windows 2003 can only confirm that the user login is valid, and
    whether it is a member of built-in groups such as the Domain User group.
    Thus, security
    settings on the Windows 2003 server can only be applied to the built-in groups
    or to individual user accounts.

    On a Window Server 2003, user accounts that cannot be fully queried
    for security permissions are given Guest Access. To override this, the
    users can be added to built-in groups on the server, such as the Power
    Users group. Without membership in a local built-in group to which
    security can be fully queried, Window 2003 cannot properly assign
    permissions, and thus will not allow the users to execute programs.

    Thank you in advance for helping me to reslove this issue.
     
    =?Utf-8?B?Y2FzZXliMQ==?=, Mar 7, 2005
    #1
    1. Advertisements

  2. I have never seen that info myself and I have never used Windows 2003 in a
    NT4.0 domain. What I would suggest is that you install Windows 2003 in your
    NT4.0 domain to see exactly what happens. You can download or otherwise
    obtain a fully functional evaluation version of Windows 2003 to try before
    you purchase. Beyond that I would refer to the KB link below on security
    setting incompatibilities. Windows 2003 is configured to be much more secure
    that any other version of Windows and because of such you may need to tweak
    Local Security Policy [secpol.msc] quite a bit to get it to work with NT4.0
    properly. --- Steve

    http://support.microsoft.com/default.aspx?scid=kb;en-us;823659
    http://microsoft.order-5.com/windowsserver2003evaldl2/
     
    Steven L Umbach, Mar 8, 2005
    #2
    1. Advertisements

  3. I have the scenario in place. Our vendor is stating that 2003 cannot query
    into non built in groups for domain level permissions. The application fails
    without elevated member server local rights. I am questioning the statement.
    I believe that 2003 has no trouble at all in working in a NT4 domain.

     
    =?Utf-8?B?Y2FzZXliMQ==?=, Mar 8, 2005
    #3
  4. I tend to agree with you, though I have not tried out myself. Windows 2003
    can use ntlm and netbios over tcp/ip name resolution if needed so I don't
    understand what the problem could be as long as there are not conflicting
    security options. --- Steve


     
    Steven L Umbach, Mar 8, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.