I won’t bore you with all the trials I went through getting it up and running, just the final hurdle I overcame. I run Microsoft’s Exchange Server on my network for e-mail. I not only use Outlook to read my mail but also GoldMine as a POP3 client. My son in college in Oklahoma also gets his mail from our server using POP3 over the Internet. Well, one of the “features” of my newly installed ISA server was that we could no longer access our Exchange e-mail via POP3! Whenever we tried we would get an error message stating “A required privilege is not held by the client.” What privilege? What client? Well off it was to TechNet once again. There I found an article that explained it all, sort of. It explained that this message would occur when the Exchange Server service account (the user account Exchange uses to run) does not have the user right “Act as part of the Operating System”. It obviously used to have the right because until I installed ISA, I could access Exchange via POP3. Apparently the ISA installation had managed to erase this right.

But no problem. The TechNet article (Q189732) gave explicit instructions on how to fix this… in Windows NT. But everything is different in Windows 2000. To change this user right, I had to first go to “Group Policies”. The Group Policies management tool is not installed by default so I had to first create an MMC (Microsoft Management Console) snap-in for it. Then I had to drill down from Local Computer Policy to Computer Configuration to Windows Settings to Security Settings to Local Policies and finally to User Rights Assignment! In NT 4.0 it was about 2 clicks. This provided a list of all the user rights and sure enough the Act as part of the Operating System had no users configured, least of all the Exchange Server service account. No problem! I just Right-Clicked that right and selected Security from the drop down menu (it was the only choice besides HELP!). This let me add the appropriate user. Great! Done!

I went back to my GoldMine e-mail reader and tried to access my e-mail. Nope, wouldn’t work!! Back to the Group Policy and I saw that although my “Local Setting” showed my service account with the right, the “Effective Setting” did not. Out came the Windows 2000 MCSE study guide and I saw where Domain Policies override Local Policies. So now I have to track down the Domain Policies. For this I went to the Active Directory Users and Computers management tool. From here I Right-Clicked again on the Domain Name and selected Properties from the menu. From there I selected the Group Policies tab and was able to give my Exchange account the required permission at the Domain level. Ah, now surely it would work! Nope. Again even in the Domain Policies, the Effective Policy for that right was still blank. 

The last step was to get the new setting to take effect. Active Directory replicates. This means that it updates all the domain controllers with new information. But this doesn’t happen immediately. Not even on the local machine. There are a coupla-three ways to get new Group Policy settings to take effect; wait for Active Directory to replicate, reboot, or force the update. I chose to force the update. Back to the MCSE study guide to find the command. This is done with a Command Prompt (C:\>) command, SecEdit. The required syntax to update the policy settings was Secedit /refreshpolicy machine_policy. Just to be sure I also updated the user policy with Secedit /refreshpolicy user_policy. Now my “effective” settings also included my Exchange account. I tried e-mail from GoldMine and it worked! My son was also now able to get his e-mail from Oklahoma and life was good once again!

Connecting Windows 2000 to an NT Domain
I recently installed a new Windows 2000 Professional workstation for a client on an existing Windows NT 4.0 domain network. When I tried to get the new workstation to join the domain, I kept getting errors that either the domain didn't exist or couldn't be contacted. However I could “ping” the server, which was also the domain controller. I ran nbtstat -A <ip address> which showed that the domain name did exist. I figured that somehow the workstation just couldn't “see” the domain over the network. I tried configuring the address of the DNS and WINS servers. That did not resolve the problem. I added the domain controller information to the LMHOSTS file, which contains information the system can use to find stuff on the net. Naturally that had no effect either. Finally I went to dear old TechNet. I entered one of the error messages I'd received, "The specified domain either does not exist or could not be contacted." There were several “hits” but one seemed to fit best, Q285800 - Trying to Join a Windows NT 4.0 Domain Generates Error Message…”. This short article suggested making sure that WINS (Windows Internet Naming Service - translates computer names to IP addresses) was properly configured (it was), and to be sure that NetBIOS over TCP/IP was enabled. Surely it was... But I checked anyway. To do so, I brought up my network properties by “Right-Clicking” “My Network Places” and selecting “Properties”. Then I “right-clicked” the “Local Area Connection” icon and selected “Properties” again. From here I selected “Internet Protocol (TCP/IP)” and selected “Properties”. Then I selected the “Advanced...” button, clicked on the “WINS” tab, and selected “Enable NetBIOS over TCP/IP”. Now my system was able to “see” the NT 4 domain and I could proceed with my installation.