• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 552
  • Last Modified:

Fallback to NTLM in case of domain controller disconnection

Hi experts,
1.      Is it correct that the entire file share mechanism in windows server 2003 environment is working with NTLM, meaning that if the domain controller will be dropped; I will still have share capabilities?

2.      Regardless to that, is that correct that if I will lose connection to the domain controller (in server 2003 environment) all the components will fall back to NTLM mechanism and in potential all the basic services should work (printing,IIS,sharing..)?
Thanks in advance,
0
WAS_Infra
Asked:
WAS_Infra
1 Solution
 
rscottvanCommented:
NTLM is an authentication type, but has no bearing on your question.  NTLM or Kerberos can be used to authenticate with a Domain Controller, or a Member Server, or a Standalone Server, or a workstation.  Kerberos is a more secure mechanism.

If a system cannot connect to a Domain Controller to authenticate users, it will still authenticate them if they have previously logged on to that system.  This is because the local Security Account Management database will cache the credentials of anyone who has previously logged on, and will authenticate the user against those cached credentials if a DC cannot be reached.  (This is default behavior, it can be disabled if desired.)

So, if a user has never accessed a server resource (like a share) and tries to access it for the first time when a DC is not available, they will not be able to authenticate to use the resource.  However, if they have previously accessed any resource on that server, the server will grant access so long as the user is using the same credentials as the last time they accessed the resource.

Read more about it here:
http://support.microsoft.com/kb/913485
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now