How To Add Users to the Pre-Windows 2000 Compatible Access Group

Article translations Article translations
Article ID: 303973
Expand all | Collapse all

On This Page

Summary

This step-by-step article describes how the Pre-Windows 2000 Compatible Access group is used, why it is needed in a mixed-mode domain, and how to set up the group by using the Active Directory Users and Computers snap-in and command line.

Setup procedures that you run in the graphical user interface (GUI) are done by a member of the domain administrators group on a domain controller (DC) that is running Windows 2000 in a mixed-mode environment.

Setup procedures that you run at a command prompt are done by a member of the domain administrators group on a DC that is running Windows NT 4.0 RAS (or RRAS) server in a mixed-mode environment.

Set Up the 2000 Compatible Access Group in the Active Directory Users and Computers Snap-in

By default, the Everyone special group is a member of the Pre-Windows 2000 Compatible Access group. This enables any RAS caller to be authenticated by the Windows NT 4.0 RAS server. If the Everyone special group has been deleted from the Pre-Windows 2000 Compatible Access:
  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
  2. In the console tree, click the server you want to work with.
  3. In the console tree, click the BUILTIN folder.
  4. In the Details pane, right-click the Pre-Windows 2000 Compatible Access group, and then click Properties.
  5. On the Members tab, click Add.
  6. In the Select Users, Contacts, Computers or Groups dialog box, click the Domain Users group, click Add, and then click OK.
  7. After you verify that the group has been added, click OK.

Set up the 2000 Compatible Access Group at the Command Line

Adding the Everyone special group can only be done at a command prompt. However, in the GUI, you can add the Domain Users group, and adding that group to the Pre-Windows 2000 Compatible Access group has almost the same effect because the Domain Users group is normally the largest and broadest group of users. The Windows NT 4.0 RAS or RRAS server requires a reboot. After the reboot, all domain users can be authenticated by the RAS or RRAS server.
  1. Click Start, and then click Run.
  2. Type cmd, and then click OK.
  3. At the command prompt, type net localgroup "Pre-Windows 2000 Compatible Access" everyone /add, and then press ENTER.
  4. Type exit, and then press ENTER.

Troubleshooting

Because servers must be restarted after you use these procedures, you should do so when network traffic is the lightest.




References

For additional information about the possible vulnerabilities can occur when you add the Everyone special group to the Pre-Windows 2000 Compatible Access group, click the following article number to view the article in the Microsoft Knowledge Base:
240855 Using Windows NT 4.0 RAS Servers in a Windows 2000 Domain

Properties

Article ID: 303973 - Last Review: June 19, 2014 - Revision: 4.0
Keywords: 
kbhowto kbhowtomaster KB303973

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com