Indiana University
University Information Technology Services
  
What are archived documents?

For Windows computers on the IU network, why does UITS recommend Windows 2000, XP Professional, or Vista Enterprise or Ultimate?

For network security reasons, the Indiana University network is configured to run authentication protocols not included in Windows 95, 98, 98SE, and Me. Since certain technologies depend on network authentication, Windows 95/98/Me computers cannot access some network resources. Therefore, UITS strongly recommends that you install only Windows 2000, XP Professional, or Vista Enterprise or Ultimate on Windows computers connected to the IU network.

Windows NT 4.0, 2000, XP Professional, and Vista Business, Enterprise, and Ultimate are all able to join the ADS Domain, which allows them to more fully utilize network features. However, UITS still advises against using NT 4.0. It can join the ADS Domain, despite the disabling of the older authentication protocol, but for many reasons (e.g., age, dropping of support) UITS excludes it from its list of recommended operating systems.

UITS also excludes Windows XP Home Edition, and Vista Home Basic and Home Premium, because they are not designed to join a domain or Active Directory. UITS does not recommend Vista Business Edition, because it's missing some features available in Vista Ultimate (e.g., Windows Media Center). If you're upgrading from Vista Home Premium, you need to upgrade to Vista Ultimate (not Vista Business) if you want to keep Windows Media Center.

UITS strongly recommends that when you buy a new computer to use on the university network (whether in a campus residence as a personally owned computer or in an office as a workstation), you order it with Windows XP Professional, Vista Ultimate, or, in situations where appropriate, Vista Enterprise. Also, Windows 2000 or later should be installed on your current computers as soon as possible, if it's not already. If your computer is unable to run Windows 2000 or XP Professional, UITS recommends that you upgrade or replace it.

Note: You can use the Get Connected web site to register your Windows Vista, Windows XP, or Mac OS X (10.3 and later) computer to use the Indiana University network in campus housing. Computers running Windows 2000 or Linux, as well as game consoles, must be manually registered. For help, contact the UITS Support Center. You cannot register earlier versions of Windows on the IU network in campus housing.

Further technical information for LSPs

In 2006, UITS disabled LAN Manager (LM) authentication on the domain controllers because that protocol is obsolete; NTLMv1 has also been disabled. NTLMv2 and Kerberos are now the only available domain authentication protocols. Most Windows 95/98/Me computers are thus unable to authenticate to ADS because they use only the LM protocol. NTLM upgrades are available for these operating systems, but UITS strongly discourages their use, due to the lack of support for them as well as the inability to uninstall them.

UITS discourages the use of Windows 95/98/Me and NT 4.0 for other reasons not related to disabling the LM protocol:

  • They cannot do Kerberos authentication.

  • Even with updates that allow NTLMv1 or v2, the operating systems themselves are simply less secure than Windows 2000 and XP Professional.

  • Older versions of Windows have already lost or will very soon lose support from Microsoft, which means that patches and security updates will no longer be available. For links to information about when support will be dropped for specific products, see Microsoft Support Lifecycle.

Also see:

This is document aloz in domain all.
Last modified on March 31, 2009.
Please tell us, did you find the answer to your question?