I have a problem and I hope you help me. So I have W98 and PC is connected to LAN. I would like to restrict access to network (domain) via user profiles. Is it possible?! I made a few user profiles and I set as net primary provider MS family client. I set LogonMustBeValidated in registry. So my idea is that some users go through this logon without logon to domain ( and they can work localy) and on the other hand some users can log to domain. I do not know how manage this, because window "Logon to domain" is same for all users. Is this real or not. Thank you.

Hi jcmain,

A few things to note:

1) Win98 and (networking) security aren't exactly tightly integrated.
a) You may take a (small) performance hit when using "User-Level Access" as opposed to "Share-level Access."

b) You can gain access to a Win98 machine at the password prompt by hitting 'Escpae' w/ no password ever entered.

2) Your LAN 'network' and your NT/Win2k 'domain' are actually two different things.

a) LAN can be provided by a HUB, a ROUTER, a SWITCH or, between just 2 computers using a special cable. (i've also heard of some new network cards that will allow a direct cable connection with normal cables)

b) The DOMAIN is provided by a computer running some server operating system, like NT, Win2k, Linux/Unix.

3) If you're routing your internet traffic thru the NT/Win2k machine, then you may/should have some options. However, if you're going through a seperate firewall/router/cable modem then you're stuck w/ the security options provided by the firewall/router/cable modem.



e.g.


[The Internet]
|
|
|
[ROUTER w/ firewall] - - - [NT Server (NT domain)]
|
|
|
[My Computer]

vs

[The Internet]
|
|
|
[NT Server (NT domain)]
|
|
|
[My Computer]


The difference:
In the first diagram, I can get on "My Computer" and access the internet w/o loggin into the domain. There may be some security options in the [ROUTER w/ firewall] but don't expect integration with NT/Win2k domains.

In the second diagram, I shouldn't be allowed past the [NT Server] without first logging into the NT Domain. Now, I don't know if you can then restrict access based on user profiles using native NT/Win2k mechanisms. (I believe WinRoute allows you to do that. BTW WinRoute is a software router that would allow you to share one external IP address w/ many, many internal computers using a layout similar to the second diagram.)

So, post back more details about your network layout, maybe I can suggest some solutions.