Windows XP Welcome Screen and NT Server 4.0 Security

[Guest]

Hello,

Because I hate wasting time hunting for stuff I may or may not find, I'm
just looking for a quick answer to the following question:

In order to get the Welcome Logon Screen in Windows XP Client computers, do
I have to use Workgroups, or can I go the Domain Level for User Security on a
Windows NT 4.0 Server domain? I need to keep the Welcome Screen for logon
simplicity purposes, but I want Domain Level User security. My boss says
that she can only get the Welcome Screen in Workgroup mode, not domain mode.

Just a point in a good direction would be helpful, since I know pretty much
nothing about Windows XP at this point ( I never got past Windows 2k
Professional ).

Thanks in advance for any assistance.

 

[Bruce Chambers]

Hello,

Because I hate wasting time hunting for stuff I may or may not find, I'm
just looking for a quick answer to the following question:

In order to get the Welcome Logon Screen in Windows XP Client computers, do
I have to use Workgroups, or can I go the Domain Level for User Security on a
Windows NT 4.0 Server domain? I need to keep the Welcome Screen for logon
simplicity purposes,

"... Logon simplicity?" Your users can't remember their own names?

.... but I want Domain Level User security. My boss says
that she can only get the Welcome Screen in Workgroup mode, not domain mode.

That's correct. The Welcome Screen (along with Fast User Switching) is
automatically disabled whenever a WinXP Pro computer is added to a
domain, as the Welcome Screen and Fast User Switching (conveniences
added for home users) are completely at odds with any serious concept of
domain security.





--

Bruce Chambers

Help us help you:



They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety. -Benjamin Franklin

 

[Steven L Umbach]

As Bruce said that is not possible. Why in the world would you need to keep
the Welcome Screen? --- Steve

 

[Sigmundur Jonsson]

As Bruce said that is not possible. Why in the world would you need to keep
the Welcome Screen? --- Steve

How many users would then be listed? hahahaha I'll guess about 100
(Not a nice thing to see..)

 

[Guest]

Okay, hence comes the explaining I was hoping to avoid...( sigh )

I'm currently on a placement through unemployment with the K-W Multicultural
Centre ( http://www.kwmc.on.ca ) as their Database Analyst/IT Specialist (
read - if it's a computer, it's now my problem! ). I've been charged with
redoing and documenting our network here, by adding a Buffalo Linkstation to
it, doing all the due diligence/documentation and I realized I still needed
an NT server for DHCP, Printer Services, and User-Level Security. So, in the
meantime, my manager has concluded based on experience that the users here
are unable to remember and properly type their user names, hence the desire
for the Welcome Screen. I want the added protection of Domain security, and
she'll only let me go to a Domain setup if I can keep the Welcome screen, so
I guess I just lost that fight :-(

I'm reasonably well versed in Windows 95/98, Windows NT 3.51/4.0 and Windows
2000 Professional. Haven't worked with much beyond those in my career, and
so I'm struggling a bit to get a handle on Windows XP and it's logic. No
biggie, my next challenge is installing a new router, because our old one
doesn't have the capacity to handle the demands we put on it. I must admit,
it's fun in some ways working for a social service agency that doesn't have
the big bucks to get the latest and greatest.

Thanks for the replies, even if they weren't the news I wanted to hear.

All the best,

Colene Evans-Allen
Database Analyst/IT Specialist
Kitchener-Waterloo Multicultural Centre
Ontario, Canada

 

[Steven L Umbach]

OK. Thanks for the explanation. Without knowing a lot more about your whole
user situation and security needs you and the others that make the final
decision will need to decide what is most important - security/centralized
management or user convenience. In Windows XP in a domain the computer by
default will display the last logged on user name if that would be a help.
Also it can help if the user logon name is something really easy to remember
such as their first name and first two or three letters of their last name
or the month/year of their birth etc as in joan03. Hopefully you can make
your case as unless the number of users is really small the benefits of a
domain can be considerable though using NT4.0 - yikes! NT4.0 will greatly
diminish the benefits of XP Pro computers in a domain such as using Group
Policy. There are numerous books on XP Pro and rather than make a
recommendation I suggest that you browse them at your local bookstore to see
what you like as some assume you know nothing and others assume a fairly
large expertise. Also be sure to check out the FREE [they will like that]
Shared Computer Toolkit from Microsoft for XP SP2 if you need to stay in a
workgroup as it can do a LOT to lockdown users. Good luck. --- Steve

http://www.microsoft.com/windowsxp/sharedaccess/default.mspx --- Shared
Computer Toolkit. Requires service pack 2.

 

[Colin Nash [MVP]]

OK. Thanks for the explanation. Without knowing a lot more about your
whole user situation and security needs you and the others that make the
final decision will need to decide what is most important -
security/centralized management or user convenience. In Windows XP in a
domain the computer by default will display the last logged on user name
if that would be a help. Also it can help if the user logon name is
something really easy to remember such as their first name and first two
or three letters of their last name or the month/year of their birth etc
as in joan03. Hopefully you can make your case as unless the number of
users is really small the benefits of a domain can be considerable though
using NT4.0 - yikes! NT4.0 will greatly diminish the benefits of XP Pro
computers in a domain such as using Group Policy. There are numerous books
on XP Pro and rather than make a recommendation I suggest that you browse
them at your local bookstore to see what you like as some assume you know
nothing and others assume a fairly large expertise. Also be sure to check
out the FREE [they will like that] Shared Computer Toolkit from Microsoft
for XP SP2 if you need to stay in a workgroup as it can do a LOT to
lockdown users. Good luck. --- Steve

Also, if cost is the issue that is keeping the centre from moving away from
NT4, this page may be of use:
http://www.microsoft.com/canada/ican/softwaredonations.mspx

 

[Guest]

Hello Colin & Steve,

Both of you have been extremely helpful to me!! Thank you

The challenges of this environment are really cool, but also a bit
frustrating. The good news is I know the older technology pretty well, the
bad news is that we're trying to move forward, and it's a challenge. Of
course, working on a network that has not one piece of paper in terms of
documentation has it's own unique problems, but I'm figuring out what's been
done here bit by bit. I was wanting to go to MS for a donation, because I
have used that program once before and it was on my to do list to try and see
if that program was still around.

Take care guys and again Thanks.

Colene Allen

PS to Colin: I was a Windows 9x MVP back in 1996/1997. Life got ugly and I
lost touch with the MVP community, but I'm so thrilled the program is still
around.

OK. Thanks for the explanation. Without knowing a lot more about your
whole user situation and security needs you and the others that make the
final decision will need to decide what is most important -
security/centralized management or user convenience. In Windows XP in a
domain the computer by default will display the last logged on user name
if that would be a help. Also it can help if the user logon name is
something really easy to remember such as their first name and first two
or three letters of their last name or the month/year of their birth etc
as in joan03. Hopefully you can make your case as unless the number of
users is really small the benefits of a domain can be considerable though
using NT4.0 - yikes! NT4.0 will greatly diminish the benefits of XP Pro
computers in a domain such as using Group Policy. There are numerous books
on XP Pro and rather than make a recommendation I suggest that you browse
them at your local bookstore to see what you like as some assume you know
nothing and others assume a fairly large expertise. Also be sure to check
out the FREE [they will like that] Shared Computer Toolkit from Microsoft
for XP SP2 if you need to stay in a workgroup as it can do a LOT to
lockdown users. Good luck. --- Steve

Also, if cost is the issue that is keeping the centre from moving away from
NT4, this page may be of use:
http://www.microsoft.com/canada/ican/softwaredonations.mspx

 

[Steven L Umbach]

Sounds good Colene and I wish you well. If you know the older stuff such as
NT4.0 that means you have a good background in networking. Much as changed
to the better with Active Directory and Group Policy. Just remember that
with an Active Directory domain that proper DNS configuration is absolutely
crucial to a properly functioning network. Come on back if you have any more
questions. The MVP program is alive and well and has been expanded quite a
bit. I have been a Security MVP since 2003 and am MCSE NT4.0, MCSE Windows
2000, and MCSE Security Windows 2003 . --- Steve

Hello Colin & Steve,

Both of you have been extremely helpful to me!! Thank you

The challenges of this environment are really cool, but also a bit
frustrating. The good news is I know the older technology pretty well,
the
bad news is that we're trying to move forward, and it's a challenge. Of
course, working on a network that has not one piece of paper in terms of
documentation has it's own unique problems, but I'm figuring out what's
been
done here bit by bit. I was wanting to go to MS for a donation, because I
have used that program once before and it was on my to do list to try and
see
if that program was still around.

Take care guys and again Thanks.

Colene Allen

PS to Colin: I was a Windows 9x MVP back in 1996/1997. Life got ugly and
I
lost touch with the MVP community, but I'm so thrilled the program is
still
around.

OK. Thanks for the explanation. Without knowing a lot more about your
whole user situation and security needs you and the others that make
the
final decision will need to decide what is most important -
security/centralized management or user convenience. In Windows XP in a
domain the computer by default will display the last logged on user
name
if that would be a help. Also it can help if the user logon name is
something really easy to remember such as their first name and first
two
or three letters of their last name or the month/year of their birth
etc
as in joan03. Hopefully you can make your case as unless the number of
users is really small the benefits of a domain can be considerable
though
using NT4.0 - yikes! NT4.0 will greatly diminish the benefits of XP Pro
computers in a domain such as using Group Policy. There are numerous
books
on XP Pro and rather than make a recommendation I suggest that you
browse
them at your local bookstore to see what you like as some assume you
know
nothing and others assume a fairly large expertise. Also be sure to
check
out the FREE [they will like that] Shared Computer Toolkit from
Microsoft
for XP SP2 if you need to stay in a workgroup as it can do a LOT to
lockdown users. Good luck. --- Steve

Also, if cost is the issue that is keeping the centre from moving away
from
NT4, this page may be of use:
http://www.microsoft.com/canada/ican/softwaredonations.mspx