• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 376
  • Last Modified:

Allow incoming anonymous for DC

How can I allow anyone to access my DC in another domain without requiring any prompts at all?
0
sirbounty
Asked:
sirbounty
  • 5
  • 3
2 Solutions
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Setup a trust between the two domains.
0
 
sirbountyAuthor Commented:
Don't think so.
Domain A can see and communicate with Domain B - but not vice-versa (and never will).  Don't I have to be able to 'see' the domain in order to trust it?
0
 
sirbountyAuthor Commented:
I thought setting 'allow everyone to apply to anonymous' would work in a gpo - but it's not... :(
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
Lee W, MVPTechnology and Business Process AdvisorCommented:
You may be right - but you didn't mention that in your original question...

The only other option I can see is to add a net use line in a local script file...

NET USE \\SERVER\SHARE password /USER:domain\username

This way a connection is established with the domain controller as a user and further communications with that workstation/user to the server should happen without prompting.  Of course, this does require listing the password of the user account in a clear text file.  But other than that, it should work.
0
 
sirbountyAuthor Commented:
Not worried about the password - but I tried it that route and it didn't work.
Sorry for not explaining correctly - in a bit of a rush.

If domainA\username and domainB\username are the same and the password is the same - it works great.
If I force A's user to change pw on logon, then the don't sync and they're prompted to log in, inside a "minimized" dos window - and that doesn't seem to be working either.

Problem with the login bat - the way my company runs it - and I can't explain what the VBS does - but it checks their group membership first and creates 'shortcuts' to the domainb server - THEN it creates the mapped drives (because we'll soon move these 'shortcuts' onto the 'new' server and it'll all be drive mappings).

Problem is the user's won't be knowledgable enough to do this - we're doing about 100 this w/e and twice that next weekend... :(
0
 
vtsincCommented:
Perhaps a security policy such as NTLM levels?  Although if the passwords are the same when it works but you change the password policy (forcing a change) it sounds more like a problem with the trust, which is why I refer to authentication levels in the security policy for the new domain or DCs.  I'm a bit confused on which domain is A and B... can you elaborate?
0
 
sirbountyAuthor Commented:
Sure, I think...

I work for a large corp.  We've acquired a small, and poorly designed company.
We've migrated their data onto a temporary server.  We'll call this is TempDomain.
Now, through the firewall, we're allowing NewDomain to 'see' TempDomain.
The user's currently authenticate only to TempDomain, and cannot see NewDomain.
However, we're giving them new desktops, attaching them to our network and they're now authenticating against NewDomain, but their data, because they have to share it with those left behind in TempDomain, still sits on the TempDomain DC.  So their NewDomain login script creates shortcuts, to the TempDomain (security didn't want to duplicate the drive mappings - if we had, this wouldn't be a problem).  They are mapping one drive to one of the shares, and that particular shortcut works, if I have the bat file that maps the drive 'auto' log them in (which I don't mind doing on the backside, TempDomain).
I hope that explains it better - if not, feel free to ask...
0
 
sirbountyAuthor Commented:
Found another way - but thanx for the attempts
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Don't leave us hanging - how'd you do it?
0

Featured Post

[Webinar] Kill tickets & tabs using PowerShell

Are you tired of cycling through the same browser tabs everyday to close the same repetitive tickets? In this webinar JumpCloud will show how you can leverage RESTful APIs to build your own PowerShell modules to kill tickets & tabs using the PowerShell command Invoke-RestMethod.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now