The Windows NT 4.0 RAS/RRAS server must be able to validate the user's dial-in authority with a Windows 2000 domain controller.

To accomplish this, the Windows NT 4.0 RAS/RRAS server must be running Service Pack 4 or greater.

When you ran DCPROMO to create the domain, you must have selected the allow pre-Windows 2000 servers to access Active Directory option.

If the above 2 conditions are true, you need make no further adjustments.

If you didn't allow pre-Windows 2000 servers to access Active Directory, open a CMD prompt on the domain controller and type:

net localgroup "Pre-Windows 2000 Compatible Access" everyone /add

and restart your domain controller.

When Windows NT 4.0 servers no longer exist in the domain, type:

net localgroup "Pre-Windows 2000 Compatible Access" everyone /delete

and restart your domain controller. This removes the ability of anonymous users to read domain information.