vista business laptop keeps getting locked out on NT4 domain

  • Thread starter Thread starter Jim Sharky
  • Start date Start date
J

Jim Sharky

OK....user has a SONY Vaio laptop running Vista Business.....was able to
connect and join the domain (running on an NT4 Server)......

Now, however, when I reboot the laptop, it will not retain my mapped drive
(connected to the network).

What I find when I check the user account on the domain is that it gets
locked out when I try to access the mapped drive.

User account on the laptop and on the domain are definitely the same.....but
account is getting locked out each reboot without fail.

Any thoughts?

(e-mail address removed)
 
OK....user has a SONY Vaio laptop running Vista Business.....was able to
connect and join the domain (running on an NT4 Server)......

Now, however, when I reboot the laptop, it will not retain my mapped drive
(connected to the network).

What I find when I check the user account on the domain is that it gets
locked out when I try to access the mapped drive.

User account on the laptop and on the domain are definitely the same.....but
account is getting locked out each reboot without fail.
Click to expand...

First, NT 4.0 is WAY out of support and was not tested as a domain
controller for Vista. Using Vista in an NT4 domain should be considered an
untested and unsupported configuration.

Second, it is possible that this happens because your lockout counter is set
extremely low (like 3) because of how the authentication protocols work. I
know there were a bunch of bugs in how NT4 handled NTLMv2 authentication and
Vista will send nothing but by default. It also sounds from your description
that the account you log on to the laptop with is a local account and that
you then use a domain account to map the drives with? If so, it is even more
likely to cause a problem. Try dropping the LMCompatibiiltyLevel setting
down. Since you use NT 4 on your DC your level of security is so bad already
that you are not going to lower it any further by doing so. To change the
setting, do the following:

1. Click the Window button
2. In the search box type secpol.msc and hit enter
3. Accept the elevation prompt
4. Open the Local Policies and then Security Options
5. Double-click "Network security: LAN Manager authentication level" and set
it to "Send LM & NTLM responses"
 
Back
Top