咖迷社区(CAXA数码大方)

 找回密码
 立即注册

QQ登录

只需一步,快速开始

查看: 13325|回复: 1

开心大放送--MMC 103和Windows 2003 Server的PK

[复制链接]

3

主题

14

帖子

30

积分

普通用户

积分
30
发表于 2011-5-12 14:42:00 | 显示全部楼层 |阅读模式
有时候需要用映射网络驱动器的方法连接MMC103,winxp当然没问题,2003就不很顺利了,下面是在西门子工程师那里得到的资料,备用。

840D (PCU50 / MMC103) Access to a Windows 2003 Server
Subject to change without prior notice.
ã Siemens AG 2004 Page 1 / 2 Release 10.11.2004
Access-to-W2003Server.doc
840D (PCU50 / MMC103) Access to a Windows 2003 Server
For Windows 2003 Server (or later), the safety default settings for accessing the server have remained
unchanged. Win2K operating systems (or older) therefore either provide restricted server access or refuse
access. Win2003 Server can nevertheless principally be configured in such a way that the server is
accessible from all systems and even from the DOS level.
The following two mechanisms are relevant in this context:
Authentication and signing of communication
?Authentication: The authentication procedure has been changed three times since authentication has
been programmed from the DOS level. A total of four procedures are available nowadays:
1. LM
LAN Manager is the oldest procedure and also used for DOS. This procedure had to be used for
Win98 (or older).
2. NTLM
NT LAN Manager was introduced with Windows NT. It supports safe passwords and encoded
transmission.
3. NTLM version 2
This improved NTLM procedure has been in place since Windows 2000.
Windows NT ServicePack4 (or later) supports NTLMv2. For Win95/98 operating systems, Microsoft
provides the Active Directory Update which also supports NTLMv2. Nevertheless, NTLMv2 cannot be
used on the DOS level.
4. Kerberos
This standard procedure independent of all LM versions is available on Windows platforms for Win2k
(or later). For communication among each other, Win2k and WinXP always authenticate via the
Kerberos infrastructure. MS NT4 and previous operating systems do not support this infrastructure
and no upgrades are available for these versions. Kerberos imperatively requires Active Directory
which is only available for Win2K (or later).
Active policies and registry settings nevertheless determine the actual system behavior – no matter which
features are principally available. If NTLMv2 is supported, a total of six setting options stored in the Registry
can be used for authentication:
0 Send LM & NTLM responses - never use NTLMv2
1 Send LM & NTLM responses - use NTLMv2 session security if negotiated
2 Send NTLM response only
3 Send NTLMv2 response only
4 Send NTLMv2 response only\refuse LM
5 Send NTLMv2 response only\refuse LM&NTLM
With WIn2k (or later), these settings may be performed under 'Local Security Settings' -> 'Local Policies' ->
'Security Options' -> 'LAN Manager Authentication Level'.
With WinNT, the Registry must be modified directly via the following code:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet \Control\Lsa]
"lmcompatibilitylevel"=dword:00000000
According to the list above, this code can have the values 0-5. It does not exist by default. In this case, NT
uses the ‘0’ default setting.
840D (PCU50 / MMC103) Access to a Windows 2003 Server
Subject to change without prior notice.
ã Siemens AG 2004 Page 2 / 2 Release 10.11.2004
Access-to-W2003Server.doc
Digital signing of communication
Via the following settings, digital signing can be configured independently of the login procedure:
§ No signature
§ Sign if supported by the client
§ Always sign
Clients supporting the NTLMv2 protocol also support this feature.
This has the following effect on the access from MMC103/PCU50 to a Windows 2003 (or Win2k) server:
Access from DOS (PCU50/MMC103 in service mode:
Settings to be performed on the server:
§ The digital signature feature must be switched off.
§ The values 0+1 can be specified on the server for authentication purposes.
Access from MMC103 (Win95)
§ As AD extensions for Win95 are enabled for MMC, the same conditions as for the DOS access
apply in this context.
Access from PCU50 / WinNT
§ As Service Pack 6a is integrated in all PCU BASE 6.x, PCU50 operator panels principally are
NTLMv2-capable. Level 0 is nevertheless the default setting for Windows NT. A connection to a
W2003 server using Level 3 (or higher) therefore cannot be established. The corresponding Registry
code (see above) must be specified on the PCU using at least the value 1.
Access from PCU50 / WinXP
§ No restrictions
回复

使用道具 举报

0

主题

20

帖子

0

积分

禁止发言

积分
0
发表于 2015-3-23 10:58:14 | 显示全部楼层
提示: 作者被禁止或删除 内容自动屏蔽
回复 支持 反对

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

手机版|小黑屋|咖迷社区(CAXA数码大方) ( 京ICP备05001831号-1 )

GMT+8, 2024-12-5 03:40 , Processed in 0.140449 second(s), 18 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表