dt844MemberJun 08, 2006 at 1:56 am #112660
I did a new install of 2003 server and made it the sole DC (for now) of
a new forest and domain. I did another new install of 2003 server and
joined it to the new domain as a member server. I created a test file
share on each server (the DC and the member server). The two shares
have identical filesystem and share permissions. Both file shares work
normally from a workstation that has been joined to the domain.
However, when I use a workstation that is NOT yet part of the domain, I
can only access the share on the DC. Trying to access the share on the
member server results in continuous prompts for credentials.
– I am using a local account on the non-domain-member workstation
who’s user/pass is identical to that of a valid domain user.
– The non-domain workstation has the netbios version of the domain
name set for its workgroup membership.
– I can log in using the user/pass to the local console of the member
server, so that tells me the member server is getting the needed AD
– I have not yet raised the domain or forest functional levels.
I’m guessing there is a setting in the ‘Default Domain Controller’ gpo
that allows non-domain computers to connect using NTLM. Unfortunately I
can’t find the right security setting. I even tried linking that gpo
against the member server, but I still couldn’t connect to it.
We’ve already rescheduled our deployment of Windows 2003 (migrating
from Netware) once due to this problem, and I think I’ve exhausted all
my ideas to solve it. I hope somebody out there knows which knob to
Thanks in advance!
You must be logged in to reply to this topic.