Remove backwards compatibility in Server 2003

How can I remove the backwards compatiblity in Server 2003?  We are noticed various small things happening in a Server 2003 environment that continually pop up due the domain being backwards compliant for computer types that are not even running on the network.

I want to use the full functionality of Server 2003 while not caring about being backwards compatbile with NT 4.0, Windows 95 and DOS systems etc. that are not even on our network.  I have checked our domain controllers and we are running in the Windows 2003 mode/level so I am not sure where else to turn off any of the backwards compatibilty.

In the Pre-Windows 2003 group I have removed the following groups "everyone" and "authenticated users" but I have yet to remove the 'domain controller' group; I am not sure what problems that may cause.  I have also elevated the domain to run in full Windows 2003 mode so the mixed mode is no longer in play.

What am I missing in the domain to run at a clean Windows 2003 environment?

The domain is a simple, single domain model with 2 Windows 2003 servers acting as DC's with several other 2003 servers and XP clients.

Tia,
Andrew
itbossmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Carol ChisholmCommented:
Have you looked in the Domaind Functional Level (Right click on the domain in AD Domains and Trusts)?
0
Carol ChisholmCommented:
You might also want to check the forest functional level (next one up).

You don't mention your exact problems.
0
itbossmanAuthor Commented:
Both the forest and the domain reflect the functional level as Windows Server 2003.  The majority of the problems we are currently having is truncation with machine names and even with the warning screen that pops up; the text is treat one way if it is straight 2003 and a different way if the system is in mixed mode.  I also noticed in a different spot that said we were running in 'hybrid' mode but other than a few network devices, we are not running any UNIX level shares on the network.

Andrew
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Carol ChisholmCommented:
Hybrid is somewhere in the WINS and DHCP node settings.
Have you got rid of WINS completely? (You don't want WINS anymore)
Have you checked your DHCP server to see that the node settings are?

http://www.tech-faq.com/netbios-node-type.shtml

You may also want to check on the SMB signing, though I don't think that has anythign to do with truncation.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
itbossmanAuthor Commented:
Is there any downside to removing the 'domain controller' group from the Pre-Windows 2000' group?
0
Carol ChisholmCommented:
Not sure there, it does not exist in a 2003 install built from scratch, but you need to be very careful iun an upgraded domain.
0
ChiefITCommented:
Pay caution when messing with these registry edits and policies:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_2003_Active_Directory/Q_23132123.html

To remove backwards compatibility is to remove the ability to store and utilize LMHash and Hash authentication.
0
Carol ChisholmCommented:
I'm not sure it should be annoying you this much, I'd really suggest making sure the clients are not using old protocols (Netbeui), and that there is no WINS left in the network.
0
itbossmanAuthor Commented:
The domain is a clean 2003 domain but with that being said, the upgrade with one box was from 2003 to 2003 R2 for AD compatability (thanks MS).  We had two DC's running Server 2003, demoted one and brought another box up running Server 2003 R2 and that within itself caused problems.  Upgraded the 2003 server AD to R2 and thing have been 'off' ever since then with DNS.  Been working with MS for the last few months trying to get that one resolved - happens infrequently but it does have a pattern.

Anyway, working towards FISMA compliance and it is recommended that there is 0% backwards compatablity.  Since the network is straight XP or higher for clients, I don't see the 0 backwards compatiblity as an issue.

Andrew
0
ChiefITCommented:
The XP clients on a 2003 or 2003 R2 will be using kerberos authentication. So, AD authentication should be straight. DNS has been around since the 2000 server days. DHCP hasn't really changed since the NT days, Netbios and the browser service hasn't changed since the NT days. DFS and DFSR are really not much different. I just don't see what you are pointing to when you say "backwards compatible"!

You went from a mixed domain to a 2003 server R2 domain. I would still make the group policy edits to prevent LMhash authentication.

However, to totally agree with you, there is no backwards compatibility. 2003 and 2003 R2 should work fine in mixed mode. After using domain prep, forest prep and sysprep. The 2003 and 2003 R2 should be fine on the network together.


So, what seems to be their problem, that is not backwards compatible????
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Server Hardware

From novice to tech pro — start learning today.