|
How can I disable 4.0 RAS servers in a Windows 2000 domain?
A.
When you run DCPROMO.EXE to create your Windows 2000 domain one of the
stages asks if you wish to weaken security to enable 4.0 servers to act as
RAS servers. If you said Yes but later decide you don't require this enter
the following command:
C:\> net localgroup "Pre-Windows 2000 Compatible Access" everyone
/delete
This removes everyone from the local group "Pre-Windows 2000 Compatible
Access". After entering the command you must restart the domain
controller.
Security may be compromised when enabled because it allows anonymous users
to read information in this domain. When Windows NT 4.0 RAS servers no
longer exist in the domain, you can remove legacy access to Active
Directory by using the command above.
|
مدرسة
الكمبيوتر 