Windows 7 on a NT4 domain


Joined
May 7, 2009
Messages
1
Reaction score
0
I've installed Windows 7 RC (build 7100) on a separate partition on a vista machine. Problem is... I cannot connect to a NT4 domain.

so.. does anyone know....Does Windows 7 even support NT4 domains?

has anyone here connected to a NT4 domain?

(Vista works fine) I've made the obvious checks in network settings... IP / DNS / GAteway etc...

I've changed the value of "Network Security:Manager authentication level"
from "NTVLM2 responses only" to "LM and NTLM - use NTLMv2 session security
if negotiated"

From system properties (Computer Name Tab)... i'm clicking the change button and entering the Domain name.

Win asks for domain admin password which i put in

i get the following error message:

"The specified domain either does not exist or could not be contacted"


any help appreciated
 
Ad

Advertisements

Joined
Aug 17, 2009
Messages
6
Reaction score
0
Here is what they meant but I still can't get it to work.

secpol.msc ---> Local Policies ---> Security Options ---> Microsoft network client: Send unencrypted password to connect to third-party SMB servers set to enabled

I will keep looking.
 
Ad

Advertisements

Joined
Apr 10, 2010
Messages
2
Reaction score
1
Sorry to resurrect this...

This seems to be a very widely questioned issue - and here as in many other places there is usually not a consistent answer. Or, more commonly, the answer is "you need to upgrade your domain to something better".

I have been involved in IT for about 20 years now, and that answer actually makes my blood boil. There are many perfectly valid reasons for not upgrading a domain - the primary one being that there is not any need for it. If you have a very small enterprise and have no need for tighter security, roaming profiles, etc.. then I see no problem with keeping an NT4 domain around - that being said, if you're running Windows7 clients - you don't have a choice.

Although it is possible for a Vista client to join an NT4 domain as a member, it is not possible with Win7. This is only because of Microsoft, not because it won't work. The setting you require is not the one indicated, but is the NTLM Authentication setting.

Run secpol.msc and browse to Local Policies > Security Options and find the LAN Manager authentication level. Change this to "Send LM & NTLM - use NTLMv2 session security if negotiated".

You still will not be able to exist on the domain as a member - so you're left with what amounts to a slighly more secure workgroup-type setup. But you can then log into domain members with a domain\username + password combination.

At least that works with mine. Also that's the only setting that you need to change to be able to browse the network and have NT4 domain members show up in your network section of explorer. This change is 'harmless' (it does reduce the security of your machine, but as minimially as possible to allow communication with domain members running 95/98, NT4, etc.. as well as not disabling higher authentication levels required to authenticate to later domains (2K / 2K3 / 2K8).

Don't know if the OP found his/her answer already, but since this is one of the first results when searched for 'windows 7 NT4 domain' I thought I'd add some help. There may be some way of making Windows7 a full member of an NT4 domain, but I haven't found it, and even paid MS support won't say... so this seems like the best solution for me.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top