Supporting Clients with Windows Server 2003One of the first things you see when promoting a server to Windows 2003 is the warning regarding client support for Windows 95 and Windows 98 as shown in the Figure 15.4. This message dialog informs you at the time of upgrade that these client operating systems will no longer be available to authenticate to the domain after the upgrade is complete. Figure 15.4. Operating system compatibility notice.
This screen informs you that these client operating systems will no longer be able to authenticate; this is because the NTLM version is upgraded during the upgrade of the Windows 2000 domain to Windows 2003. Understanding Windows 2003 Client CapabilityTo enable these client systems to authenticate and access domain resources, additional client software must be installed or domain controller configurations completed to support authentication. The most common method of enabling support for client systems running nonsupport versions of Windows is to install the Microsoft Active Directory Client Software. Available for free download from Microsoft, the Active Directory Client installs the Active Directory extensions enabling support for Windows 95, Windows 98, and Windows NT Service Pack 6a systems in a Windows 2003 Active Directory environment. By installing the Active Directory Client extensions, client support is enabled in the following areas:
Enabling Legacy Client SupportThere are two methods you can use to enable legacy client support; the first is to install the Active Directory client software on each Windows NT and Windows 9X client. The other method is to relax the security setting on the local default domain security policy. When software updates cannot be installed on legacy clients before an upgrade to Windows 2003, you can provide support for these clients by disabling the SMB service in the local domain controller Group Policy. To disable SMB signing and enable support for legacy clients, open the local domain controller policy, you will see a screen similar to the one shown in Figure 15.5. Figure 15.5. Default domain controller security settings screen.
To provide support for legacy clients, complete the following steps:
When Domain Controllers Are Not in the Default Domain Controllers If the domain controllers being modified are not located in the default domain controllers organizational unit container, the policy must link the organizational unit with the domain controller, which will authenticate where the legacy client resides. |