Archived from groups: microsoft.public.windowsxp.security_admin (
More info?)
"howard168" <howard168.1jup98@no-mx.forums.iamnotageek.com> wrote in message
news:howard168.1jup98@no-mx.forums.iamnotageek.com...
>
> Thanks, Mike and everyone there.
>
> It looks like I should try someway else.
>
> We use Solaris as our servers. Can I implement a LDAP server under unix
> to meet my original request? ie. login to XP without a local account
> created first through. and how to implement it? (I am not a geek ;-()
>
> It's a lab environment with XPs on all workstations. All user accounts
> are located in the UNIX servers. It's hard to setup local accounts for
> all users on each PCs but we still need to restrict any unauthorized
> users.
>
> What we done at moment is to create a general user account on each XP
> pc without password and users can mount to their home directory on the
> file server with their user name and password. i.e. any user can access
> workstation locally. that causes some problem on lab management.
>
> Any suggestion will be appreciated. Thanks again.
>
> Howard
Howard,
I'm sorry if my response was not clear.
But as I said to logon to a Windows XP PC without a Local account the PC
first has to logon to the domain to allow it to then facilitate the
authentication of a user attempting to logon to it without a local account.
As I said this requires that the authentication server (the domain
controllers) provide the necessary information for the authorization
processes used by Windows. This means it must provide the SIDs necessary to
build the access token on that PC. In active Directory terms with is done
using the PAC in the Kerberos ticket or if you are failing back to the less
secure NTLM authentication packages via another process (RPC).
In either case the system being used to provide authentication must do this
in some way. A basic LDAP server will not provide this data.
As has been mentioned in other posts there are apparently products that can
emulate the old NT 4.0 domain functionality (NTLM authentication). Note
that while this may get you authenticated, you will not have any of the
additional advanced security and management technologies available to a
user/PC under a real Active Directory environment.
--
Regards,
Mike
--
Mike Brannigan [Microsoft]
This posting is provided "AS IS" with no warranties, and confers no
rights
Please note I cannot respond to e-mailed questions, please use these
newsgroups
"howard168" <howard168.1jup98@no-mx.forums.iamnotageek.com> wrote in message
news:howard168.1jup98@no-mx.forums.iamnotageek.com...
>
> Thanks, Mike and everyone there.
>
> It looks like I should try someway else.
>
> We use Solaris as our servers. Can I implement a LDAP server under unix
> to meet my original request? ie. login to XP without a local account
> created first through. and how to implement it? (I am not a geek ;-()
>
> It's a lab environment with XPs on all workstations. All user accounts
> are located in the UNIX servers. It's hard to setup local accounts for
> all users on each PCs but we still need to restrict any unauthorized
> users.
>
> What we done at moment is to create a general user account on each XP
> pc without password and users can mount to their home directory on the
> file server with their user name and password. i.e. any user can access
> workstation locally. that causes some problem on lab management.
>
> Any suggestion will be appreciated. Thanks again.
>
> Howard
>
>
> --
> howard168
> ------------------------------------------------------------------------
> howard168's Profile:
http://www.iamnotageek.com/member.php?userid=9679
> View this thread:
http://www.iamnotageek.com/showthread.php?t=810581
>