If you are still running a combination of Windows XP and Windows 7 client machines you may come across an issue when introducing your first Windows 2012 R2 Domain Controller server into your environment that your Windows XP clients no longer run login scripts. The problem is to do with the versions of SMB which is supported between client and server communication which can cause issues with connecting to shares via UNC or executing login scripts on the DC.
The following image will give you an idea of the versions of SMB between different clients and server.
As you can see Windows XP will only communicate using SMB 1. Now lets look at the “Server” service property settings of a Windows 2012 (non R2)
You can see that SMB1 and 2 driver is allowed. Now let’s have a look at the “Server” service property settings of a Windows 2012 R2 server.
You can see that the server is only allowing SMB 2 and not 1 and this is why you will get issues mentioned above. There is a workaround until you can upgrade your Windows XP clients and that is to amend the following registry key:-
HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesLanmanServerDependOnService
This is how it is by default
Once amended reboot the server and if you then check the “Server” service property settings again you will see that it’s changed
Your Windows XP clients will now be able to UNC and successfully run login scripts. You will need to do this on any additional Windows 2012 R2 Domain Controllers until you have removed these old clients.
I would recommend replacing these legacy clients as it is now end of life and Microsoft will no longer be providing security updates and hotfixes.