vista business laptop keeps getting locked out on NT4 domain

Discussion in 'Windows Vista Security' started by Jim Sharky, Apr 9, 2007.

  1. Jim Sharky

    Jim Sharky Guest

    OK....user has a SONY Vaio laptop running Vista Business.....was able to
    connect and join the domain (running on an NT4 Server)......

    Now, however, when I reboot the laptop, it will not retain my mapped drive
    (connected to the network).

    What I find when I check the user account on the domain is that it gets
    locked out when I try to access the mapped drive.

    User account on the laptop and on the domain are definitely the same.....but
    account is getting locked out each reboot without fail.

    Any thoughts?

    Jim Sharky, Apr 9, 2007
    1. Advertisements

  2. Jim Sharky

    Jesper Guest

    OK....user has a SONY Vaio laptop running Vista Business.....was able to
    First, NT 4.0 is WAY out of support and was not tested as a domain
    controller for Vista. Using Vista in an NT4 domain should be considered an
    untested and unsupported configuration.

    Second, it is possible that this happens because your lockout counter is set
    extremely low (like 3) because of how the authentication protocols work. I
    know there were a bunch of bugs in how NT4 handled NTLMv2 authentication and
    Vista will send nothing but by default. It also sounds from your description
    that the account you log on to the laptop with is a local account and that
    you then use a domain account to map the drives with? If so, it is even more
    likely to cause a problem. Try dropping the LMCompatibiiltyLevel setting
    down. Since you use NT 4 on your DC your level of security is so bad already
    that you are not going to lower it any further by doing so. To change the
    setting, do the following:

    1. Click the Window button
    2. In the search box type secpol.msc and hit enter
    3. Accept the elevation prompt
    4. Open the Local Policies and then Security Options
    5. Double-click "Network security: LAN Manager authentication level" and set
    it to "Send LM & NTLM responses"
    Jesper, Apr 9, 2007
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.