Re: Trust Problem
From: Dave Clark (dave.clark_at_ddess.org)
Date: 06/08/04
- Next message: Peter Greenway: "Re: Problems With W2003 Time Server !"
- Previous message: Tom: "RE: Event 540, 538 576 and Anonymous Login"
- In reply to: Bob Qin [MSFT]: "Re: Trust Problem"
- Next in thread: Bob Qin [MSFT]: "Re: Trust Problem"
- Reply: Bob Qin [MSFT]: "Re: Trust Problem"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 8 Jun 2004 07:06:27 -0700
One thing I should say is that we do have those settings
set. And we have an existing NT DOMAIN in another site
that is working fine with these settings. Both of these
envionrments have had enhanced security applied to them.
Making wholesale changes to the AD enviornment, will that
then break access for that working NT domain (which we
don't want to happen as it is a production environment).
I would be more comfortable making changes to the non-
working NT side, than a working AD domain that has other
NT trusts already hanging off of it.
The non-functioning trust site has not had any enhanced
security settings set to the NT domain. So we are trying
to find that setting that is needed to get it to work with
our existing AD domain.
>-----Original Message-----
>Hi Dave,
>
>Please check if the following setting is enabled in a GPO
that applied to
>the Windows Server 2003 DC.
>
>Microsoft network client: Digitally sign communications
(always)
>
>The full path is Computer Settings\Securoty
Settings\Local
>Policies\Security Options
>
>If enabled, disable the setting and restart the
workstation service or
>reboot the DC's after replication has finished. Please
also check the
>default domain policy and default domain controller
policy for this setting.
>
>In addition, please try the following steps to dibble
RestrictAnonymous on
>Windows Server 2003.
>
>Open regedt32
>Go to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
>Double-click the "RestrictAnonymous" registry value,
change the value to
>zero (0), and then click OK.
>Reboot the server
>
>Wish it helps.
>
>Regards,
>Bob Qin
>Product Support Services
>Microsoft Corporation
>
>Get Secure! - www.microsoft.com/security
>
>====================================================
>When responding to posts, please "Reply to Group" via
your newsreader so
>that others may learn and benefit from your issue.
>====================================================
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>.
>
- Next message: Peter Greenway: "Re: Problems With W2003 Time Server !"
- Previous message: Tom: "RE: Event 540, 538 576 and Anonymous Login"
- In reply to: Bob Qin [MSFT]: "Re: Trust Problem"
- Next in thread: Bob Qin [MSFT]: "Re: Trust Problem"
- Reply: Bob Qin [MSFT]: "Re: Trust Problem"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
