I have a Delphi procedure to validate user credentials on my system integrated with Active Directory.
On Windows XP/2000, when the user presents invalid credentials, the program/system performs as expected. On a Windows 7 system, the procedure doesn't validate the credentials and allows the user to continue without a check.
It sounds like a bug in the way your app is processing logins/authentication, it sounds like it could be hitting an authentication type it doesn't understand and 'failing safe' by allowing users in.
Windows 7 (and Vista) changed a lot of security and authentication related settings and defaults. For instance, by default, 7 doesn't send LanManager or NTLMv1 authentication any more, it will only send NTLMv2. We've seen some strange behaviour from 3rd party apps that authenticate against AD using Java modules that has been traced back to this.
The easiest way to test is to set the 7 machines back to the XP behaviour (where it tries to authenticate using NTLMv2 and then falls back to the less secure protocols if that's not understood by the app).
The registry key to downgrade your login security to XP's level is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"LmCompatibilityLevel"=dword:00000001
(win7's default LmCompatibilityLevel is 3)
Alternatively you can set the same thing using GPOs. The policy setting you're looking for is in Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options and is called 'Network security: LAN Manager authentication level'
Obviously you should only really be doing this for testing, you don't want to leave your clients at a lower security level long term without fully understanding the risks.
You'll find a good description of these authentication settings here: TechNet The Most Misunderstood Windows Security Setting of All Time. More info on the changes in NTLM Authentication available here.
