Re: Dos connection to SBS2K3 share

Thanks for the reply.

Have now found what to change and had success logging in.

Within Domain Controller Security Policy, go to Local Policies, Security
Options and change the following 3 items.

Microsoft network server: Digitally sign communications (always) to Not
Defined
Domain member: Digitally encrypt or sign secure channel data (always) to
Disabled
Network Security: LAN Manager authentication lelvel to Send LN & NTLM
responses

I know this makes the authentication process less secure etc, but...
How else can you set this up otherwise?
Besides, it turns out that this is only a problem with DC's.
If you have a a member server with the share on, you wouldn't have the
problem.

Hope others can get help from this solution.

Adrian

"Andrew Hodgson" wrote:

On Wed, 24 May 2006 02:56:02 -0700, Adrian Coles
<AdrianColes@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

Hi, this may possibly be in the wrong place, but I think it relates more to
2k3 permissions than Dos.

On our SBS2003 server I have created a hidden share called images$.
The ntfs and share permissions are set to allow the 'everyone' group full
access.

I have a floppy disk that boots up pc's on our network using DHCP.

When I run the net use command with the following syntax:
net use z: \\server\images$
I get asked for the password.
Any ideas why?

The floppy is set to use the Administrator name and via system.ini to
connect to the correct domain name and 'logged on' - although not
authenticated as is Dos.

Whatever password I type in, I get told that it is incorrect.
If I try:
net use z: \\server\images$ /USER:domain\Administrator
I get a message back saying /USER:domain\Administrator is an unknown switch.

I don't know if my net.exe is an incompatible version, or if I have missed
something in the sharing process on the server.
Ideally I would like to set the folder / share permission to allow
anonymouse access (basically let anyone in - it is only for PC images)

We had a similar issue with Ghost, it is because of the fact that the
2k3 domain controler requires signed SMB messages and the DOS client
doesn't support this. Just search for Windows 2003 access from Linux,
here is one such article:

http://www-03.ibm.com/servers/eserver/iseries/integratedxseries/windows/win2003qntcworkaround.html

Andrew.
--
Andrew Hodgson in Bromyard, Herefordshire, UK.
My Email: use <andrew at hodgsonfamily dot org>.

.

Relevant Pages

  • Re: SBS 2003 and TS-App Mode
    ... It's not secure... ... functionality over security and now you want functionality back. ... open and easy to use...they want TS on a domain controller back. ... Do not enable application server mode on a domain controllers. ...
    (microsoft.public.windows.server.sbs)
  • Re: Microsoft Security & Configuration Tool (MSCT)
    ... > install into the server become problem. ... How to undo the security configuration that I had already applied ... basicsv.inf is the Domain Controller Security Policy, ...
    (microsoft.public.security)
  • Re: MS and security: good effort but no cigar
    ... And last but not least, no fat, no dos, no multiboot. ... build upon the progress it's already made in security. ... a Windows system, it is still surprisingly easy to completely own that ... Then there's the issue of poorly secured server applications. ...
    (microsoft.public.windowsxp.general)
  • Re: SBS2003 and Terminal Services....
    ... SA loads so low in the TCP stack to not be an issue and protects the box ... Apply the Notssid.inf security template to TS running permissions ... Do not enable application server mode on a domain controllers. ... On Locally user right at the domain controller. ...
    (microsoft.public.windows.server.sbs)
  • Re: Security - Compromised!
    ... policy, no auditing/intrusion detection, etc. So I would say top things are ... to have properly configured firewall (test with external security scanner) ... Changes could have been made at domain or domain controller ... clean it would be time to run dcpromo on your new server. ...
    (microsoft.public.win2000.security)