Uppercase passwords don't work on W2K Network

[psheehan]

I have several W2K networks. I discovered a security problem with any uppercase passwords. Any Windows 95 or 98 clients on the W2K network bypass any uppercase passwords. For example: If I have a user called admin with a password of PASSWORD. I can go to any Win 95 or 98 station on the network and log in with password in any case and I will gain full access. Any of the NT 4.0 and W2kPro workstations on the network need to enter the correct password in the correct case in order to gain access.
All the servers are running SP2 and they are running in mixed mode.
Does anyone have any information on this or suggestions?

 

[TheOtherKiwi]

Doesn't sound like much of an issue. Have you tried a combination of upper and lower to see if it translates to an all upper case equivalent?

I wouldn't be surprised if this is a "feature" because of the clear text nature of passwords from applications (and I mean application) like win9x and their ilk.

 

[psheehan]

I tryed all combinations, upper lower and both. With the win9.x machines it doesn't matter. As long as the password entered matches the name it lets you in. That is pretty weak security.

 

[Stevehewitt]

In case you haven't noticed, Win9x isn't a network operating system. Theres hardly any security on it at all! If you want it secure, use 2k/NT. Nothing else will do, Upgrade my friend! Steve Hewitt
IT Administrator

Windows 2000 Microsoft Certified System Engineer

http://welcome.to/stevehewitt