(no)logon when PDC down

Daniel Fonseca daniel at med.up.pt
Tue Aug 25 10:19:17 GMT 1998


On Tue, 25 Aug 1998, Mick Haigh wrote:

> > I've checked around, and I can't seem to discover if there is a
> > registry hack to disable this "feature". Does anyone know how to
> > disable domain logins when the PDC is down?
> 
> Use system policies.  Fire up poledit and create a new policy, save it to
> //<PDCname>/netlogon/NTconfig.POL.  Somewhere in the policy settings there
> is an option not to allow logons without authentication.  Same applies for
> Win95 except the file is called config.POL

As to what concerns Windows 95 (don't know about 98 but it should be the
same) there's a hack (surprised?) that can bypass that registry entry.
Some 2 years ago I tried to make Windows 95 login as full bullet proof as
I could, in the Oporto Cibercafe (http://www.cibercafe.pt)

Here's the gory detail:

While at the logon prompt in 95 if you press that wonderful little Window
key (for those with a 95 Keyboard), it brings up TaskManager and you can
Run any application you like, via the "Run" command. If you choose to Run
Explorer.exe it will start up the desktop for you (surprise!) and
everything except the network shares will be available.

Here's what I did: Deleted/Renamed TASKMAN.EXE (anything goes) and as far
as I can tell (for 2 years now) everything works; even the taskmanager
itself after the login (suppose it must be within explorer, at that time).

The only thing I couldn't secure was if you changed the Domain to some
unexistent one, Windows 95 would complaint it didn't exist and *voila'*
here's a desktop for you... :( (fortunately, nobody remembered to do this)

Is there another registry entry for not allowing in when there's no PDC
(like this last mail on the list - "CachedLogonsCount" for NT), for
windows 95/98?

Cheers,

Daniel Fonseca

BTW, don't you think that samba is getting just *too* much options? :)
(started to implement a samba server from scratch, in a company yesterday,
and had to go through a very big smb.conf man page!) My question is: Has
anyone started an interface to help configure samba, or can I be the one?
(All help apreciated, of course - I'm thinking of Tcl/Tk for wider
platforms).



More information about the samba-ntdom mailing list