Allow logins for pre-2000 machines

dmwdmw Member Posts: 81 ■■□□□□□□□□
Does anyone know how to allow logins for pre-2000 os's on a Windows 2003 domain controller. I am trying to use this machine as a ghost server and when booting from another machine via a ghost boot disk I can't get me credentials to go through.

I think it is because of access from DOS.
Rebooting computers since 1999

Comments

  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    What version of NTLM are you using on your network and/or the computer you are trying to access? Check in your local security policy under Local Policies\Security Options > Network security: LAN Manager authentication level.

    In order to access via a DOS bootdisk, you have to use "Send LM and NTLM responses".
    All things are possible, only believe.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    I set this under default domain controller sec policy as this is a DC but its still not working. How do I check the ntlm version. I think it is using ntlmv2.

    This is just a test scenario but am trying to get ghosting accross a network working.
    Rebooting computers since 1999
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    Actually changing the ntlm auth level worked, I think I just had to reboot a few times.


    Thanks!
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Glad to help. Keep in mind that lowering the NTLM version is a bad security practice on a live environment, so you may want to keep the ghosting procedure isolated on a segregated network.

    BTW - funny sig. :)
    All things are possible, only believe.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    Is another way to use ghost that I am missing? How can I get around this? Just setup ghost on a member server and alter that local policy?
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    dmw wrote:
    Is another way to use ghost that I am missing? How can I get around this? Just setup ghost on a member server and alter that local policy?

    The local policy will be overridden by the domain policy unless you move the Ghost machine to a workgroup, then you won't be able to use a domain login anyway.

    I use the Corporate version of Ghost which allows me to start a Ghost Cast session from the server to which the clients can then connect.
    All things are possible, only believe.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    How do you boot the clients? I want to be able to image machines up and also copy images down to deploy new machines. Do you use ghost suite to manage your images as well or another app?
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    I use Symantec Ghost Corporate edition 8.2, which is the last version they made before switching to Solution Suite. The two are very similar, and as far as imaging goes they are identical.

    I boot with a network boot disk (based on the network card of the client) and then run ghost.exe to connect to the ghost session running on the server.
    All things are possible, only believe.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    Great I will have to investigate the Ghostcast server. I just moved into a new position and am trying to get this setup to help in getting machines deployed. I had used it at a prior position but only to actually boot the computer and put the image on it. I had not involvement in the setup.
    Rebooting computers since 1999
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    OK well I ran a quick test and was able to get a laptop connected and ghosting to the server using ghostcast. I had to used the IP address but I am sure that is some config I need to work out.

    Before I go any further let me explain what I want to do. I want to get a base image configured how it needs to be and then copy that image up to the ghost server. Then I want to be able to ghost new machines as they come in with this image, after they have been imaged it should allow me to set the computer name and add to the domain. Is this similar to what you use it for?
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    dmw wrote:
    I had to used the IP address but I am sure that is some config I need to work out.

    Just make sure your DNS and WINS are set up correctly, but even at that having to enter the IP Address of the ghost server is no biggie.
    dmw wrote:
    I want to get a base image configured how it needs to be and then copy that image up to the ghost server. Then I want to be able to ghost new machines as they come in with this image, after they have been imaged it should allow me to set the computer name and add to the domain. Is this similar to what you use it for?

    Yes, exactly.


    A couple of things I would recommend:

    The imaged machine (master) should be in a workgroup. Join the domain after the image is completed.

    Second, make sure to be familiar with sysprep or all your computers will wind up with the same sid. Sysprep works best if you have an enterprise license for your windows machines, so you can add the product id to your sysprep.ini file, otherwise you will be prompted to enter it and activate windows during the first bootup after imaging.
    All things are possible, only believe.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    Sysprep is next on my list. I might have to setup so that I will need to enter the code and activate but that is not so bad.

    Appreciate the help!
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    My pleasure. Good luck and let us know how it goes. :)
    All things are possible, only believe.
  • rossonieri#1rossonieri#1 Member Posts: 799 ■■■□□□□□□□
    dmw wrote:
    I set this under default domain controller sec policy as this is a DC but its still not working. How do I check the ntlm version. I think it is using ntlmv2.

    This is just a test scenario but am trying to get ghosting accross a network working.

    i think - you have set the policies in the wrong place (Default DC Sec Pol) - you should place it under Default Domain Sec Pol.
    you check the NTLM version by using GPO first, create it and link it to your Default Domain Sec Pol - from there you should search your NTLM responds.

    cheers...
    the More I know, that is more and More I dont know.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    sprkymrk

    How does the licensing work for your version Do you have a separate license for each machine you image?


    [/quote]
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    dmw wrote:
    How does the licensing work for your version Do you have a separate license for each machine you image?

    Not really, the licensing is based on how many clients are known to the console. Mine is registered/licensed for up to 425 clients. If I just want to image computers but not install the Ghost Client I don't have a set limit. However, the Ghost Console is where the power is at. You can image a machine on the fly w/o a boot disk or anyone at the client machine, you can do user moves, deploy auto install packages, run inventory (software and hardware), execute remote commands, etc.
    All things are possible, only believe.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    So if I want to create a task that deploys animage to a machine while it is on I need to install ghost on that machine and will need a license but if I have an image created for my laptops I can just boot the laptop connect to the ghostcast server and image it.

    Thanks
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    dmw wrote:
    So if I want to create a task that deploys animage to a machine while it is on I need to install ghost on that machine and will need a license but if I have an image created for my laptops I can just boot the laptop connect to the ghostcast server and image it.

    Thanks

    That's pretty close to correct. I would contact Symantec before purchasing though, just to be sure.
    All things are possible, only believe.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    So I imaged to the network and then to test a put a brand new hard drive in my laptop and restored the image, it appeared to restore ok. When I boot the laptop it shows the bios screen and then just goes black with a blinking cursor in the top right hand corner.

    Thougts
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Can you provide some more details? Any command line switches? Run sysprep? Did you restore to the same size drive, smaller or bigger? Multiple partitions? Basic or dynamic disk? Any other details?
    All things are possible, only believe.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    No command line switches. Did not run sysprep as this was a machine that was already in use and I just wanted to see if I could image the drive and the copy that image to a blank drive.

    Basic disk with one 32GB ntfs partition and a fat32 service partition 5GB.

    The blank hard drive I restored to is a 60 GB drive.
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    dmw wrote:
    No command line switches. Did not run sysprep as this was a machine that was already in use and I just wanted to see if I could image the drive and the copy that image to a blank drive.

    Basic disk with one 32GB ntfs partition and a fat32 service partition 5GB.

    The blank hard drive I restored to is a 60 GB drive.

    Based on that it should have worked. Can you try to restore it again and see what happens? Is there a ghosterr.log file?
    All things are possible, only believe.
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    Not sure why the ghosting wasn't working but after trying a second time it worked. I have been working on this since my last post and pretty much have it going. Just putting the finishing touches on the image. Out of curiosity how big are your images for laptops usually? also do you have a "to do" list before imaging and/or running sysprep.

    Thanks
    Rebooting computers since 1999
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    My images range from about 3-5GB I think.

    My check list is pretty simple:
      Run disk cleanup. Delete any profiles that may have been added if you logged in as anyone other than the admin for some reason. Delete all System Restore backups. Clear all event logs. Clear the run, start, and recent files menus. Make sure you open Adobe and Office and other programs at least once, as many will prompt you to accept the EULA.
    Maybe some other stuff I am forgetting, but I am away on travel and don't have the list in front of me, but that's the basics anyway.
    All things are possible, only believe.
Sign In or Register to comment.