G
Guest
Howdy
We are in the middle of an in-place upgrade from NT4 to Windows 2003 AD. We
are using the NT4Emulator key as a transitional step to prevent clients from
using Kerberos for a range of reasons. We are about to neutralize all
machines in our upgraded domain which will mean that all clients will begin
to use Kerberos once their secure channels are reset. We have chosen this
method over simply removing NT4Emulator as it gives us a better back-out
option (i.e. we can selectively back out machines from Keberos without having
rejoin the whole fleet to the domain).
My question is - once we remove the Emulator keys from the Domain
Controllers and all the clients are using Kerberos, is there any way we can
force the clients to use NTLM? The reason I ask is that we are concerned that
Kerberos may break some of our key applications and would like to ensure that
once the emulator is removed, we have an alternative to rejoining everything
to the domain.
Regards,
DB
We are in the middle of an in-place upgrade from NT4 to Windows 2003 AD. We
are using the NT4Emulator key as a transitional step to prevent clients from
using Kerberos for a range of reasons. We are about to neutralize all
machines in our upgraded domain which will mean that all clients will begin
to use Kerberos once their secure channels are reset. We have chosen this
method over simply removing NT4Emulator as it gives us a better back-out
option (i.e. we can selectively back out machines from Keberos without having
rejoin the whole fleet to the domain).
My question is - once we remove the Emulator keys from the Domain
Controllers and all the clients are using Kerberos, is there any way we can
force the clients to use NTLM? The reason I ask is that we are concerned that
Kerberos may break some of our key applications and would like to ensure that
once the emulator is removed, we have an alternative to rejoining everything
to the domain.
Regards,
DB