Policy Not Applied When You Log On Using a Space in the Domain Name

ID: Q237923

The information in this article applies to:

Microsoft Windows 98
Microsoft Windows 95

SYMPTOMS

If you log on to a Microsoft Windows NT domain and you have one or more spaces at the end of the domain name in the Domain edit control on the Enter Network Password dialog box, your automatic (server-based) policy is not applied. You do not receive an error message if this occurs.

If you rely on automatic policies to configure Windows 95 or Windows 98 workstations, this issue may have security or desktop management implications.

CAUSE

This issue can occur because before Windows applies a policy from the validating domain controller's NETLOGON share, Windows invokes the network management API function 'NetWkstaGetInfo' in order to verify that the server is in the correct domain.

The domain name returned by the network is compared to the one obtained from the logon dialog box. Since the one domain name contains a trailing space, and the other does not, the compare fails, and the policy is not used.

RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp

The English version of this fix should have the following file attributes or later:


   Date      Time    Version     Size    File name     Platform
   ------------------------------------------------------------
   07/08/99  02:16PM 4.00.955    61,952  MSNET32.DLL   Windows 95
   07/08/99  02:51PM 4.10.2223   61,952  MSNET32.DLL   Windows 98

NOTE: If this product was already installed on your computer when you purchased it from the Original Equipment Manufacturer (OEM) and you need this fix, please call the Pay Per Incident number listed on the above Web site. If you contact Microsoft to obtain this fix, and if it is determined that you only require the fix you requested, no fee will be charged. However, if you request additional technical support, and if your no-charge technical support period has expired, or if you are not eligible for standard no-charge technical support, you may be charged a non-refundable fee.

For more information about eligibility for no-charge technical support, see the following article in the Microsoft Knowledge Base:

Q154871 Determining If You Are Eligible for No-Charge Technical Support

STATUS

Microsoft has confirmed this to be a problem in Windows 95 and Windows 98.

MORE INFORMATION

The update described in this article adds stronger domain name format validation to the logon process. If the update is applied, and a domain name with trailing SPACE characters is entered during logon, the following message will be displayed in a dialog box with the title 'Microsoft Networking':

Incorrect Parameter

For additional information about updates, please see the following article(s) in the Microsoft Knowledge Base:

Q161020 Implementing Windows 95 Updates

For additional information about system policies, see Chapter 15, "User Profiles and System Policies," in the Microsoft Windows 95 Resource Kit, or Chapter 8, "System Policies," in the Microsoft Windows 98 Resource Kit.

For addition information, a white paper entitled "Guide to Microsoft Windows NT 4.0 Profiles and Policies" can be downloaded from the Microsoft Web site:

http://www.microsoft.com

Additional query words: breach automatic policies


Keywords          : kbnetwork win95 win98 
Version           : WINDOWS:95
Platform          : WINDOWS 
Issue type        : kbbug

Last Reviewed: July 21, 1999