Thanks Steve, I just verified from a Windows XP Home Edition, DCOM
client does pick up the credential's from VPN.

The trick is to select the option to 'Include Windows logon domain' on
'Other' tab of the VPN properties dialog.

HTH,
Riyaz

-----Original Message-----
From: Steve Swartz [mailto:steveswMICROSOFT.COM]
Sent: Thursday, October 04, 2001 8:47 AM
To: DCOMDISCUSS.MICROSOFT.COM
Subject: Re: Is my DCom App now broken for XP??? Please advise...

If your user is creating a VPN connection from the XP Home SKU, they
should be able to do secure dcom unless the credman (aka keyring)
feature is disabled by policy on the server. This works very similarly
to the way that Windows 98 works. Generally, you should think of XP Home
as a Windows 98 like product from the point of view of these sorts of
behaviors. XP Professional is more like W2K Professional.

Here are more details from the security devs in the OS group....

==========

When you RAS in, the creds you supplied to ras access have been given to
the cred mgr. Since the cred mgr has the creds, it will supply them to
Kerberos and NTLM just as if you were domain joined. In fact you can use
a computer (XP PRO) with cred mgr and domain creds to give you the same
single-sign-on experience you have with domain accounts, but you don't
get any other benefits of domain membership like policy.

The XP home SKU is different in this regard - I'll let BenHutz answer
that question.

==========

If the context here is credman/RAS...

On Home Edition saving credentials in the credential manager is severly
limited. (fyi, creds in credman are seamlessly used by Kerberos and
NTML and SSL to connect to resources). The RAS session credential is
saved. This means your RAS credentials are used by default whenever you
connect to something with an integrated auth package. You can also save
server specific credentials. In other worsd, you cannot save
*.ntdev.microsoft.com, but you can save bensmchine.ntdev.microsoft.com.

-----Original Message-----
From: Howard Pinsley [mailto:HPinsleyKAYESCHOLER.COM]
Sent: Tuesday, October 02, 2001 1:51 PM
To: DCOMDISCUSS.MICROSOFT.COM
Subject: Is my DCom App now broken for XP??? Please advise...

I have a production DCom app that's been in use since 1999. It runs on
our LAN on Windows NT 4 (Desktop) and for mobile users on Windows 98.
The former is authenticted to our NT4 domain at login and the latter is
authenticated when dialing in to a RAS server with Dial-Up Networking.
(Actually, we have started to phase in Win2K servers and Active
Directory, but I don't think that changes the issues I'm facing).

More recently, I've had home users running Windows 2000 with a broadband
connection (either cable or DSL). They have been able to access the
DCom app by authenticating to our NT domain when they login. (We have
joined their computer into our domain).

Our first user showed up with Windows XP - HOME EDITION. I expected to
be able to treat it like Windows 2000. But I found some posts that
indicate that HOME EDITION cannot join our domain. So how do I get it
to access my DCom app?

Please help.
TIA

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM

----------------------------------------------------------------
Users Guide http://discuss.microsoft.com/archives/mailfaq.asp
contains important info. Save time, search the archives at
http://discuss.microsoft.com/archives/index.html .
To unsubscribe, mailto:DCOM-signoff-requestDISCUSS.MICROSOFT.COM

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]