Allow incoming anonymous for DC

Posted on 2005-03-12
Medium Priority
Last Modified: 2010-04-19
How can I allow anyone to access my DC in another domain without requiring any prompts at all?
Question by:sirbounty
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 96

Accepted Solution

Lee W, MVP earned 1000 total points
ID: 13526808
Setup a trust between the two domains.
LVL 67

Author Comment

ID: 13526835
Don't think so.
Domain A can see and communicate with Domain B - but not vice-versa (and never will).  Don't I have to be able to 'see' the domain in order to trust it?
LVL 67

Author Comment

ID: 13526844
I thought setting 'allow everyone to apply to anonymous' would work in a gpo - but it's not... :(
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 96

Expert Comment

by:Lee W, MVP
ID: 13526847
You may be right - but you didn't mention that in your original question...

The only other option I can see is to add a net use line in a local script file...

NET USE \\SERVER\SHARE password /USER:domain\username

This way a connection is established with the domain controller as a user and further communications with that workstation/user to the server should happen without prompting.  Of course, this does require listing the password of the user account in a clear text file.  But other than that, it should work.
LVL 67

Author Comment

ID: 13526871
Not worried about the password - but I tried it that route and it didn't work.
Sorry for not explaining correctly - in a bit of a rush.

If domainA\username and domainB\username are the same and the password is the same - it works great.
If I force A's user to change pw on logon, then the don't sync and they're prompted to log in, inside a "minimized" dos window - and that doesn't seem to be working either.

Problem with the login bat - the way my company runs it - and I can't explain what the VBS does - but it checks their group membership first and creates 'shortcuts' to the domainb server - THEN it creates the mapped drives (because we'll soon move these 'shortcuts' onto the 'new' server and it'll all be drive mappings).

Problem is the user's won't be knowledgable enough to do this - we're doing about 100 this w/e and twice that next weekend... :(

Assisted Solution

vtsinc earned 1000 total points
ID: 13527403
Perhaps a security policy such as NTLM levels?  Although if the passwords are the same when it works but you change the password policy (forcing a change) it sounds more like a problem with the trust, which is why I refer to authentication levels in the security policy for the new domain or DCs.  I'm a bit confused on which domain is A and B... can you elaborate?
LVL 67

Author Comment

ID: 13528639
Sure, I think...

I work for a large corp.  We've acquired a small, and poorly designed company.
We've migrated their data onto a temporary server.  We'll call this is TempDomain.
Now, through the firewall, we're allowing NewDomain to 'see' TempDomain.
The user's currently authenticate only to TempDomain, and cannot see NewDomain.
However, we're giving them new desktops, attaching them to our network and they're now authenticating against NewDomain, but their data, because they have to share it with those left behind in TempDomain, still sits on the TempDomain DC.  So their NewDomain login script creates shortcuts, to the TempDomain (security didn't want to duplicate the drive mappings - if we had, this wouldn't be a problem).  They are mapping one drive to one of the shares, and that particular shortcut works, if I have the bat file that maps the drive 'auto' log them in (which I don't mind doing on the backside, TempDomain).
I hope that explains it better - if not, feel free to ask...
LVL 67

Author Comment

ID: 13540312
Found another way - but thanx for the attempts
LVL 96

Expert Comment

by:Lee W, MVP
ID: 13540327
Don't leave us hanging - how'd you do it?

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
Setting up a Microsoft WSUS update system is free relatively speaking if you have hard disk space and processor capacity.   However, WSUS can be a blessing and a curse. For example, there is nothing worse than approving updates and they just have…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…
Suggested Courses

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question