Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Passwords may not be maintained in an environment that contains both Windows 2000-based computers and Windows Server 2003-based computers


View products that this article applies to.

Introduction

This article describes the different ways that Microsoft Windows Server 2000-based domain controllers and Microsoft Windows Server 2003-based domain controllers generate passwords. Because of this difference, passwords may not be maintained in a mixed environment.

↑ Back to the top


More information

On a Windows Server 2003-based domain controller, if the "Smart card is required for interactive logon" policy setting is enabled, the domain controller generates a random password for the user. However, Windows 2000 does not include the functionality to generate a random password. For example, suppose the following conditions are true:
  • You maintain a user object in an environment that contains both Windows 2000-based computers and Windows Server 2003-based computers.
  • In this environment, Active Directory Users and Computers is connected to a Windows 2000-based domain controller.
In this scenario, the domain controller does not generate a random password. Therefore, passwords are not maintained.

To make sure that passwords are set to random values in a mixed environment, connect to a Windows Server 2003-based domain controller. Then, make sure that the "Smart card is required for interactive logon" policy setting is enabled. To enable this policy setting, follow these steps:
  1. Click Start, click Run, type gpedit.msc, and then click OK.
  2. Click the appropriate policy object, expand Computer Configuration, expand Windows Settings, and then expand Security Settings.
  3. Expand Local Policies, and then click Security Options.
  4. In the right pane, double-click Interactive logon: Require smart card.
  5. Click Enabled, and then click OK.
For additional information about the "Interactive logon: Require smart card" security option, visit the following Microsoft Web site:For additional information about smart cards and passwords on a Windows Server 2003 domain controller, visit the following Microsoft Web site:

↑ Back to the top


Keywords: KB892424, kbpasswords, kbsmartcard, kbinfo, kbhowto

↑ Back to the top

Article Info
Article ID : 892424
Revision : 6
Created on : 10/30/2006
Published on : 10/30/2006
Exists online : False
Views : 318