Windows 7 y samba
?
0 likes?235 views
This document summarizes the configuration changes needed to join Windows XP and Windows 7 clients to an Active Directory domain. For Windows XP, only registry changes to the LanmanWorkstation and Netlogon services are needed. For Windows 7, additional modifications are required, including registry edits to Tcpip and DNSClient settings, Group Policy changes to security options, and ignoring an error during domain join related to changing the domain name. While these steps allowed both clients to join the domain and access shared folders, the exact purpose and need for each individual change is not fully understood.
![WinXP or Win7 Clients:<br />[HKEY_LOCAL_MACHINEYSTEMurrentControlSetervicesanmanWorkstationarameters]quot;
EnableSecuritySignaturequot;
=dword:00000000quot;
DomainCompatibilityModequot;
=dword:00000001quot;
DNSNameResolutionRequiredquot;
=dword:00000000[HKEY_LOCAL_MACHINEYSTEMurrentControlSetervicesetlogonarameters]quot;
RequireSignOrSealquot;
=dword:00000001quot;
RequireStrongKeyquot;
=dword:00000001quot;
SealSecureChannelquot;
=dword:00000001quot;
SignSecureChannelquot;
=dword:00000001WinXP joins the domain OK and read the mapped logon drive P: and all shared folders OK!Win7: needs more modifications:REGEDIT:[HKEY_LOCAL_MACHINEYSTEMurrentControlSetervicescpiparameters]quot;
QualifyingDestinationThresholdquot;
=dword:00000003quot;
NV Domainquot;
=quot;
IPGquot;
quot;
NameServerquot;
=quot;
IPGquot;
[HKEY_LOCAL_MACHINEOFTWAREoliciesicrosoftystemNSClient]quot;
NV PrimaryDnsSuffixquot;
=quot;
IPGquot;
Gpedit.msc:Compouter|Windows Settings|Security Settings|Local Policies|Security Options-Network Security: LAN Manager Auth. Level: Send LM&NTLM use NTLMv2 session sec. if negociated-Network Security: Minimum session...both clients and servr: NO Required 128b encryptionComputer|Admin.Templates|System|User Profiles|-Do not check for user ownership of roaming profile: Enabled-Delete cache copies of roaming profile: EnabledReboot and now Win7 can join the domain, but with an error message about can't change the domain name to... but I just ignore it, and it works OK with any shared folders, the same way for WinXP.The only problem is that it won't map the logon drive P: but I can apply the quot;
logon.batquot;
instead.However, I don't understand all of what I have done to make it work as I just copied from other experts.Thanks to all experts online who already help us learning Linux. And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.PNguyen<br />](https://image.slidesharecdn.com/windows7ysamba-110110175358-phpapp02/85/Windows-7-y-samba-1-320.jpg)
Windows 7 y samba
- 1. WinXP or Win7 Clients:<br />[HKEY_LOCAL_MACHINEYSTEMurrentControlSetervicesanmanWorkstationarameters]quot; EnableSecuritySignaturequot; =dword:00000000quot; DomainCompatibilityModequot; =dword:00000001quot; DNSNameResolutionRequiredquot; =dword:00000000[HKEY_LOCAL_MACHINEYSTEMurrentControlSetervicesetlogonarameters]quot; RequireSignOrSealquot; =dword:00000001quot; RequireStrongKeyquot; =dword:00000001quot; SealSecureChannelquot; =dword:00000001quot; SignSecureChannelquot; =dword:00000001WinXP joins the domain OK and read the mapped logon drive P: and all shared folders OK!Win7: needs more modifications:REGEDIT:[HKEY_LOCAL_MACHINEYSTEMurrentControlSetervicescpiparameters]quot; QualifyingDestinationThresholdquot; =dword:00000003quot; NV Domainquot; =quot; IPGquot; quot; NameServerquot; =quot; IPGquot; [HKEY_LOCAL_MACHINEOFTWAREoliciesicrosoftystemNSClient]quot; NV PrimaryDnsSuffixquot; =quot; IPGquot; Gpedit.msc:Compouter|Windows Settings|Security Settings|Local Policies|Security Options-Network Security: LAN Manager Auth. Level: Send LM&NTLM use NTLMv2 session sec. if negociated-Network Security: Minimum session...both clients and servr: NO Required 128b encryptionComputer|Admin.Templates|System|User Profiles|-Do not check for user ownership of roaming profile: Enabled-Delete cache copies of roaming profile: EnabledReboot and now Win7 can join the domain, but with an error message about can't change the domain name to... but I just ignore it, and it works OK with any shared folders, the same way for WinXP.The only problem is that it won't map the logon drive P: but I can apply the quot; logon.batquot; instead.However, I don't understand all of what I have done to make it work as I just copied from other experts.Thanks to all experts online who already help us learning Linux. And thanks to anyone who can explain what I need or not need in the above modifications to make it runs correctly.PNguyen<br />