Solved

Interforest  Authentication

Posted on 2007-11-27
2
363 Views
Last Modified: 2012-05-05
Hi

Can someone explain this please.

Two win2003 forests linked via a forest trust.
I understand users in either forest can access resources in the other forest; however, I have a share with default permissions applied (except for share permission which is everyone Full Control) so how can a user from the other forest access this share without me explicitly giving permission to him or OtherDomain\Users group?

I thought the domain users groups were members of each other but I checked and this is not the case.

Thanks


 
0
Comment
Question by:Nael_Shahid
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 20358407
You need to add the User Group (from the other forest) in your NTFS ACLs.
0
 

Accepted Solution

by:
Nael_Shahid earned 0 total points
ID: 20358431
Yes but that is exactly the issue.

I have not added them into the ACL but they still have access. I want to know why.
0

Featured Post

Guide to Performance: Optimization & Monitoring

Nowadays, monitoring is a mixture of tools, systems, and codes—making it a very complex process. And with this complexity, comes variables for failure. Get DZone’s new Guide to Performance to learn how to proactively find these variables and solve them before a disruption occurs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Pop-up allow list 6 41
ADFS: AADSTS50107: Requested federation realm object 8 109
Raising Forest Functional Level 2 45
GPO question 3 30
This article runs through the process of deploying a single EXE application selectively to a group of user.
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question