Login to a domain in windows 7 Home Premium

Status
Not open for further replies.

electek

Distinguished
Dec 30, 2009
11
0
18,510
Hello, I have an older Win2000 Server that stores much of my vital info. It has worked flawlessly for ~ 10 years, through XP, XP-MCE, Vista (yuk) & even linux w/some effort. I'm trying to dump Vista and upgrade to Win7, but am having a duce of a time getting into my domain either by mapping the disk (method previously used) or just logging in for file sharing. I am using Win7 (x64) Home Premium (came as a "free" upgrade). I have also installed it "cleanly" w/o overwriting any Vista files. Suggestions seem to indicate that only the Pro/Ultimate can access, but this seems odd given the accessibility from even XP Home edition. Suggestions please! I really need my data.

Dave
 
Solution
Problem solved by adding a line to registry.
If you's using Windows Server 2003 or below:

1. Access HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
2. Create a new DWORD entry called LmCompatibilityLevel
3. Modify the entry and set the value to 1
4. Reboot

We're able to connect to our server in the office using Windows 7 Home Basic and Home Premium.
Actually I don't think that's necessarily true. It's true that only Pro/Ultimate can log on to a domain account, but it should be possible to create a file share on the server that doesn't require any logon credentials to access. Whether you'd want to actually leave your files wide open like that is another question, though.

It might involve enabling the Guest account on the server and giving Guest "full control" over all the files.


EDIT: This is misleading and basically wrong. Only Pro/Ultimate can join a domain, but any version should be able to access file or print shares if the appropriate logon credentials can be supplied. The server wouldn't have to use an unprotected share to do this.
 

electek

Distinguished
Dec 30, 2009
11
0
18,510
Hello Again & Thanks for the Replies,

Thanks for the info, I'm not particularly excited about leaving all the files open to anyone who could "hack" into my system, though it is somewhat protected through the Router etc. I understand that Pro can access a Domain, but have never had a problem even w/Vista accessing the Server if I supply a Password (Administrator or equivalent). Win7 will open the Password Box and add the Computer Name - "XYZ"\Administrator but doesn't accept the Domain Administrator Password, the same one I use in Vista. I've even tried utilizing that same process as the local Win7 Administrator w/o any better success. Anyone have another thought?

Dave
 
You don't even need to create a share without login credentials... I know because I do this with XP Home at work all the time.

Create the share on your server. When prompted for a user name and password on the client type in domainname\username and your password. The computer doesn't actually log on to the domain, but still requires the username and password to access the share.

Edit: Missed that part in your last post... instead of the computer name, substitute your domain name and it should work.
 

electek

Distinguished
Dec 30, 2009
11
0
18,510
Hi Zoron:

Tried that - eg - \\XYZ-Server \Data$ path Login Fails and returns Win7-PC\Administrator requesting XYZ-Server pass word - which when given immediately fails. I've tried substituting a different login name and/or computer name using the alternative login scenario with same results. If I browse on the Tab, I can "see" the Server listed, just can't access it at all. Very frustrating, but probably a simple solution once found.

Any other suggestions, please????

Dave
 
Maybe I'm misunderstanding you.... and I do apologize if I am.

My example: Domain name is FSCS

So when I type \\server\client, after a bit a box pops up prompting me for a username and password. So for username I type FSCS\myusername and then the password for my account on the domain. You do NOT use the computer name you MUST use the DOMAIN name... using the computer name is like attempting to log on locally and that just won't work.
 

electek

Distinguished
Dec 30, 2009
11
0
18,510
Sorry Zoron:

I've tried that, my Account as well as the Administrator Account for the Domain Server. Win7 does add the name of the specific computer - eg "Win7-XYZ"\Administrator that I've not been able to defeat, so that might be part of the problem. Perhaps I need to create an Account with the name of the Computer on the Domain Server (???). I'm just a bit surprised at this provision as most of the computers being sold came with Vista Home Premium vs Professional/Ultimate. While I appreciate the added security measures, there should be a way to easily log on. Again as noted above, regardless of what I attempt to use as a logon by other name, Win7 seems to insist on putting the computer name in front.

Dave
 
I suspect the problem you're having is that Windows 7 has disabled the older NTLM authentication scheme by default - you must use NTLMv2 now. They've done this because the older protocol can be cracked fairly easily by using "Rainbow Tables".

If this is true, you'll have to enable NTLM authentication in your Windows system. You can do this by running the security policy editor ("Start", type "Edit Group Policy" in the search field). Once it's running, navigate to:

Local Computer Policy -> Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options

In the middle pane there will be a series of policy items that start with: "Network Security: Restrict NTLM:..." - these are the ones that control NTLM authentication.

This web page may give you some clues as to which of these you have to change: http://developers.de/blogs/damir_dobric/archive/2009/08/16/enabling-of-ntlm-on-windows-7-and-windows-server-2008-r2.aspx
 

electek

Distinguished
Dec 30, 2009
11
0
18,510
Hello Simintal:

Thanks for the response, unfortunately regardless of what I try, I find nothing that will allow me to "re-activate" NTLM (V1). According to my research, Home Premium does not have a Group Policy function, thus trying your procedure has not been successful. It remains a mystery as to why I can't just create a path to the Server and insert my Administrator Password (for the Server). This works well w/Vista (though every time it re-boots, I have to access the Server with this process) which is a bit of a PITA, still however it does allow me access, no user files or computer names were required on the Server. During my research, I even invoked the GodFolder, and tried to find a Group Policy from that entry (great way to access everything in Win 7 :) ). Other suggestions welcomed, I really want to use Win 7 but my primary data resides on the Server, so w/o access, its a no go! :(

Dave
 
I don't have Home Premium so I can't say for sure, but you may be able to "build" a management console with group policy in it by doing the following:

Start -> Type "mmc" in the search box and run the "mmc.exe" (Microsoft Management Console)

File -> Add/Remove Snap-in...

Click to select the "Group Policy Object" in the left-hand list, click the "Add >" button, then click "Finish" in the pop-up dialogue box.

Click "OK".

If that worked, you should be able to navigate to the appropriate group policies in the left-hand pane of the console window.


If that doesn't work, you could try looking at the group policy on the Windows 2000 system to see if there's a way to enable NTLMv2 support.
 

electek

Distinguished
Dec 30, 2009
11
0
18,510
Hi Simintal and others:

I've tried to add Group Policies to Win7 as suggested, it simply doesn't exist or at least I've not been able to find and/or ferret it out. I even invoked "Godmode" (as an aside quite powerful!) w/o any luck. While my Vista machines have no problem getting to the Server, the Win7 only recognizes that it exists. I have also accessed the Server and "invoked" NTLMv2 (which surprisingly exists), at this point its not accepting any queries, but I've also not re-booted the Server (too much running at the moment). I have checked with my guru son and we both thought that it would start the NTLMv2 as soon as it was listed, but we may be wrong. I haven't found a way to activate that version w/o reboot, if anyone knows a "trick" I'm game! Still somewhat surprised that MS neutered this version of Win7 to this degree as it seems to be the primary version being "pushed" by most vendors.

As I may have no choice but to upgrade to Win7 Pro, does anyone have experience with it and a domain? Also with Win7 and "older" XP or earlier software. I've discovered some current programs that won't start on my trial copy of Home Premium.

Thanks again for the suggestions and help, hopefully this will eventually get resolved and we can Post a "Simple" solution for others!

Dave
 
Ever since XP, the "home" versions of Windows were never intended to be used with domains. Domain support has always been included only in the "Pro" or better versions.

The reason Windows 7 dropped the original NTLM protocol is that it doesn't use password salts, and this renders the system vulnerable to an attack using "rainbow tables". That's a pretty unacceptable risk in a modern operating system.

If you're able to activate NTLMv2 support on the server side then I'd expect everything to work. Let us know what happens once you get it rebooted.
 

mabe2010

Distinguished
Feb 3, 2010
1
0
18,510
Hi there. I had the same issue here. With 7 Home the computer can not be added to a domain. But it can access data on the domain servers. Just match the drive in explorer and add creditials of a user of the domain. eg. \\server\C$ domain\administrator password. Then the access is granted to the server and drive with creditials of the user. I am running server 2003 but it shopuld work with any server.
 

electek

Distinguished
Dec 30, 2009
11
0
18,510
Hello Siminlal & mabe2010:

For Siminlal, I've tried to invoke/activate NTLMv2 on the Server & have re-booted it several times, but w/o any luck. It seems to accept the Service, but I've not found anyway to specifically "start" v2 despite changes to the Policy Editor. I found a "vague" (really do mean vague !) description of a solution off of MSTech Site w/change to the Registry that I tried but thus far am still having same problems.

Mabe2010, thanks for the tip, I think that I've tried that as well, but will give it a go. All of my efforts to "map" a drive have thus far met with FAILURE. In my instance I can see the Domain on the Network - "xyz" Server but cannot access any of the files. I've tried direct login, mapping to the C$ and also in my case since the drive is split to the Data$ "defined" sub-directory w/o success. I've also attempted to login as both Administrator (Domain) w/Admin password and as a newly created Credential - e.g. Dave (Admin equivalent) w/new password with no success. What is "bizzare" to me is the format that is returned - i.e. - Win7 (computer name)\Administrator or Dave or XXX regardless of what is submitted. To compound this issue, neither Vista (Home Premium) and/or XP et al (in various incantations from SP1-3 & MCE) have had any problems. The only other non-mentioned item is that my Win7 (as is my Vista) is x64 bit, though as noted it has not been a problem with Vista.

For all, I've posted similar ? at the Microsoft site on the Tech side and have only gotten back the response that Home Premium can't join a Domain - duh! To me and maybe others, this does seem to be a "failure" for the NEW OS! I love the looks, I like the quicker access, I've heard of problems with various drivers (but have not yet experienced those) but I've got to have my DATA! My server is my life blood because it keeps on "ticking"!!! I can't even recall the number of times XP/MCE/Vista has "crapped" out on my local machine(s), but that Server (Win2K) has saved my "bacon" - What a disappointment if its no longer useable!

Dave


PS - Forgot to mention that I even changed from "Workgroup" to the Local "name" defined by the Server w/o any change or improvement. After looking at everything for a while, I thought maybe that might be causing it a problem in recognizing an accessible computer (foreign vs native) member of the "group". Still no help. My only other thought might be to try a VNC access but that's pretty far out there.

Dave
 
Actually, it makes sense. Domains are really not aimed at home users - they exist to provide centralized management and enforce policies. There's a lot more knowledge and work needed to set all that up, and it's typically only worth it for a business. So ever since the domain concept was introduced it's always been only the "Pro" or betters versions of the client OS that have been able to join a domain.

But you shouldn't need to join a domain in order to access file or print shares. All you should need is valid logon credentials for the server, assuming you can get both the client and server to talk the same NTLMv2 protocol. That means an account name and password that are valid on the server (which would typically be different than the account name and password you use to log on to the client).
 

meekiah

Distinguished
May 20, 2010
2
0
18,520
Problem solved by adding a line to registry.
If you's using Windows Server 2003 or below:

1. Access HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
2. Create a new DWORD entry called LmCompatibilityLevel
3. Modify the entry and set the value to 1
4. Reboot

We're able to connect to our server in the office using Windows 7 Home Basic and Home Premium.
 
Solution

electek

Distinguished
Dec 30, 2009
11
0
18,510
Hi all,

At the request of BOFM - Forum moderator, I am responding to my question. Specifically, I have never yet been able to access the Domain Server in question through Win7 Home Premium. I had not seen Meekiah's response, though that seems quite reasonable to me. In the mean time, I have decided to dispose of my Domain Server for various reasons, most specifically lack of access but perhaps more importantly lack of expandability. The Server had run out of room (4 x 9GB drives) without successor units that would fit the sca trays designed for this "beast" (Toshiba Magnia). Further it 'sucked power' (2 supplies/4 drives/2 Pentium III's etc etc etc)! When after several months of attempting access with Win7 it became apparent that I could not retrieve my necessary data, I decided it was time to "pull the plug"!!!

I would really like to thank you all for your suggestions and efforts at helping me with my delimma, I hope that others have/will profit from our discussions and efforts. I wish I still had the unit to try with Meekiah's suggestion, but alas it is history.

Thanks again for your support!

Dave
 

JessicaD

Distinguished
May 4, 2009
454
0
18,810


The ability to connect to a Domain is not included within Windows 7 Home Premium. You can always use Windows Anytime Upgrade to move to Windows 7 Professional and from there you will be able to connect to a domain.

Jessica
Microsoft Windows Client Team
 

electek

Distinguished
Dec 30, 2009
11
0
18,510


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

Jessica, thank you for your response, it mirrors several others, though it appears that some folks have had success. I'm a bit disappointed w/Microsoft in failing to provide even rudimentary access to a Domain Server, as Win7 Home Premium seems to be the version most "pushed" by vendors and most frequently the upgrade from XP Professional or Vista Home Premium.

Regarding the Domain, I was not attempting to "join" the Domain, merely access the data on my drives. This was easily accomplished in Win98, XP Basic, Vista Home Premium and even Linux. Again they did not join the Domain, they were able to map to the Domain Drive - e.g. \\Server\Data$ where Data was the specific Sub-Directory with information that was needed. On occasion depending upon the OS, I had to logon utilizing an Administrative Password on the Domain.

To me as a Network Administrator w/20+ years in the business, this constitutes a major oversight! I recognize that Win7 Professional enables that capacity (to join a Domain) as well as other functions, all of which are welcome, but I still feel that this version is 'overkill' for many users and even businesses w/limited numbers of clients.

Dave
 

JessicaD

Distinguished
May 4, 2009
454
0
18,810


Dave,

I see your point entirely. If you only wish to access shared drives -- you CAN do this in Windows 7 Home Premium. Windows 7 Home Premium is Equivalent to Windows XP Home -- XP Home also could not connect to a domain but could access network shares.

In Windows 7 Home Premium you can map the network shares to make them permanently accessible. Is this what you are looking to do or perhaps I am failing to understand still.

Thanks,

Jessica
Microsoft Windows Client Team
 

electek

Distinguished
Dec 30, 2009
11
0
18,510


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
Jessica,

Exactamundo! When attempting to access the share \\Server\Data$ the Win7 response would be "Win7-PC\Administrator" and regardless of the password (my Domain Password or even a specifically created password for this computer) it would not accept and allow access. It mere kept returning to "Win7-PC\Administrator".

I've tried every trick that was offered w/exception of Meekah's adding a line in the Registry.

Thanks for your response.

Dave
 
The problem was, of course, the Win7-PC part. The computer was attempting to access network resources using local login credentials... and that simply doesn't work. You have to be able to enter your domain name in the username box.
 
G

Guest

Guest
How absolutlely ridiculous.

So I can log on to MS Exchange Server from my Android handset with no problem whatsoever,

Yet,

I'm using Windows 7 Home Premium and I cannot do this because it will not permit the entry of a DOMAIN.

Whoever in Microsoft marketing that made this decision, you are completely bloody stupid !
 
Status
Not open for further replies.