General discussion

  • Creator
    Topic
  • #2073421

    Windows NT 4 Workstation Authentication

    Locked

    by aguinaldo.lenoir ·

    I have a NT 4 Workstation that does it’s network Autentication with one of the Admin’s workstaions. How’s does it do this and how can I stop it.

All Comments

  • Author
    Replies
    • #3791457

      Windows NT 4 Workstation Authentication

      by steve elky ·

      In reply to Windows NT 4 Workstation Authentication

      I believe you are seeing a network authentication message in the Windows NT event log. This probably means that there is a drive mapped to the Admin station from the user workstation with the Reconnect at Logon option checked.

      If the machines are in the same domain and there is a share on the Admin station that the user on the workstation has rights to, the domain authentication token will be sufficient to grant rights. An authentication token is what an NT PDC/BDC or standalone server or local workstation generates when a user successfully logs into the respective security database. This token is then used within the boundaries of the security database, i.e. a domain or the local security database on a sinlge workstation or server (if the server is not a PDC/BDC.)

      If the machines are in different domains, but the Admin workstation is in a domain trusting the domain the user account is in, the reason is the same.

      If the machines are in different domains and there are no trusts, or are in a workgroup or different workgroups, there is probably an identical username and password on each of the machine’s (or domain’s) security database. NT is helpful and will pass the username and password hash to other machines. It mayalso be that upon logon, the user is prompted for a username and password to access the share on the Admin workstation.

      To stop this, if its being caused by a drive mapping, start NT Explorer, choose Tools, choose Disconnect Network Drive and select the drive corresponding to the Admin station.

      You could also remove any share or change the permissions.

      An extreme method is to block TCP port 139 and UPD ports 137 and 138 between the two machines with a router. This will stop essentially all Windows traffic.

    • #3791456

      Windows NT 4 Workstation Authentication

      by erikdr ·

      In reply to Windows NT 4 Workstation Authentication

      It looks like it’s in a workgroup with that Admin ws instead of being in a domain.

      Click on Control Panel – Network. In Identification, make sure the machine is member of the domain. (To change, you need to be logged on as a Domain Admin.)

      Hope this helps,

      / The Netherlands

    • #3791365

      Windows NT 4 Workstation Authentication

      by aguinaldo.lenoir ·

      In reply to Windows NT 4 Workstation Authentication

      This question was closed by the author

Viewing 2 reply threads