Interforest  Authentication

Posted on 2007-11-27
Medium Priority
Last Modified: 2012-05-05

Can someone explain this please.

Two win2003 forests linked via a forest trust.
I understand users in either forest can access resources in the other forest; however, I have a share with default permissions applied (except for share permission which is everyone Full Control) so how can a user from the other forest access this share without me explicitly giving permission to him or OtherDomain\Users group?

I thought the domain users groups were members of each other but I checked and this is not the case.


Question by:Nael_Shahid
LVL 23

Expert Comment

ID: 20358407
You need to add the User Group (from the other forest) in your NTFS ACLs.

Accepted Solution

Nael_Shahid earned 0 total points
ID: 20358431
Yes but that is exactly the issue.

I have not added them into the ACL but they still have access. I want to know why.

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Sometimes it necessary to set special permissions on user objects.  For instance when using a Blackberry server, the SendAs permission needs to be set. I see many admins struggle with the setting that permission only to see it disappear within a few…
I’m willing to make a bet that your organization stores sensitive data in your Windows File Servers; files and folders that you really don’t want making it into the wrong hands.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

607 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question