Window 2003 server i NT4 & 2000 miljø..

[slettet]

Eg har forleden dag innom i ei bedrift som skal setje opp ein ny Windows-server.

 

Dety er ei Compac Pro-Liant-maskin, med nokså ok spesifikasjoner. Eg spurte vedkommende som hadde bestilt den om OS, og han sa det skulle installeres Windows 2000 server.

Kvifor? Fordi dei gamle maskinene (serverene) som skal fortsatt være i bruk er både NT 4.0 og 2000, så han fekk beskjed om å installere 2000, då det kunne bli problem med 2003 i kombinasjon med NT4.

 

Eg syns det høyres svært rart ut. Fungerer ikkje NT4 og 2003 server sammen? Kvifor ikkje, isåfall?

 

Det er forresten to maskiner på det nettverket som står som "Domain kontroller". Kva har det å sei? Kva kan det forårsake?

[lurerpaa]

Her er en informativ paste:

 

Compatibility with previous operating systems

By default, security settings on domain controllers running Windows Server 2003 are configured to help prevent domain controller communications from being intercepted or tampered with by malicious users.

To successfully negotiate communications with a domain controller running Windows Server 2003, these default security settings require that client computers use both Server Message Block (SMB) signing, and encryption or signing of secure channel traffic.

The following Windows-based operating systems do not have built-in support for SMB signing or secure channel encryption and signing:

Windows for Workgroups 
Windows 95 
Windows NT 4.0 

The following table lists the required actions that you need to perform to enable client computers running any of these operating systems to successfully log on to the domain and access domain resources.

For client computers running Windows for Workgroups:
You need to: Upgrade the operating system.

For client computers running Windows 95:
You need to: Upgrade the operating system (recommended), or install the Active Directory client. For more information about the Active Directory client, see Active Directory clients.

For client computers running Windows NT 4.0:
You need to: Upgrade the operating system (recommended), or install Service Pack 4 (or later). Service Pack 3 provides support for SMB signing, but it does not support encryption or signing of secure channel traffic. 

SMB signing
By default, domain controllers running Windows Server 2003 require that all clients digitally sign SMB-based communications. The SMB protocol provides file sharing, printer sharing, various remote administration functions, and logon authentication for some clients running older operating system versions.

Client computers running Windows for Workgroups, Windows 95 without the Active Directory client, and Windows NT 4.0 Service Pack 2 (or earlier) do not support SMB signing, and, therefore, they cannot connect to domain controllers running Windows Server 2003 by default.

Although it is not recommended, you can prevent SMB signing from being required on all domain controllers running Windows Server 2003 in a domain. For more information, see To prevent domain controllers from requiring SMB signing.

Secure channel encryption or signing
Domain controllers running Windows Server 2003 require that all secure channel communications be either encrypted or signed. Windows NT-based computers use secure channels for communications between clients and domain controllers, and between domain controllers that have a trust relationship.

Client computers running Windows NT 4.0 Service Pack 3 (or earlier) do not support signing or encrypting secure channel communications, and, therefore, they cannot connect to domain controllers running Windows Server 2003 by default.

Also, any trusts established between domains with domain controllers running Windows NT 4.0 Service Pack 3 (or earlier) and domains with domain controllers running Windows Server 2003 might fail. If one domain contains a domain controller running Windows NT Service Pack 3 (or earlier) and the other domain contains a domain controller running Windows Server 2003, clients might have problems accessing shared resources located in the other domain.

Although it is not recommended, you can disable the secure channel requirement for all domain controllers running Windows Server 2003 in a domain. For more information, see To prevent domain controllers from requiring secure channel signing or encryption.

Note

If you install Windows Server 2003 domain controllers in your domain (one or more), they will not affect the security settings on domain controllers running Windows 2000 Server.