Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Read-Only share over Forest Trust AD 2003

Posted on 2008-10-13
3
Medium Priority
?
269 Views
Last Modified: 2012-05-05
I have 2 Forests, test.prv and test2.prv. I have a group of users that need to get pictures from one to the other, but I need to maintain strict security and they can only write to the share from test.prv and need to have read only from test2.prv. I have to have the share present in test.prv domain as well. I have a functional trust setup. I have a group from test2.prv added to the server and share in test.prv, the authentication firewall is letting them to the share, but prompts for a password. I have the group's permissions as read only. It will not let me use the test2.prv credentials, but the test.prv credentials work. The problem is they have write access because the test.prv account does(this is what I assume). Is there a way to make it read-only over the forest trust only?

I am trying to find other ways to accomplish this task, if anyone has another way, let me know.
0
Comment
Question by:jeff6r
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 23

Expert Comment

by:ormerodrutter
ID: 22710095
Check if your domain is in Mixed Mode or Native Mode. If domain is still on MM upgrade it to NM.
Usually this kind of membership rights can be solved by using group nesting and universal groups, which are only available in Native Mode.
0
 

Author Comment

by:jeff6r
ID: 22710722
ormerodrutter,

I have both domains in Native mode. I have the users in a Global Group, that is part of a Universal Group all in test2.prv. Then that universal group is added to a Domain Local group on test.prv. This group is then applied to the share.

Thanks for the input.
0
 

Accepted Solution

by:
jeff6r earned 0 total points
ID: 24140996
I found this to be a problem with the authentication firewall of the trust. I got it to work, but not as I was hoping. I went a different route. Thanks for the comment and may be at some point I will need to accomplish this and I will look back here for help. Thanks.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

604 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question