Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

windows 2003 - windows 2008 forest trust permissions issue

Posted on 2009-05-11
1
Medium Priority
?
512 Views
Last Modified: 2012-05-06
Hello,

I have a 2 way forest trust between a windows 2008 and windows 2003 system but running native.  The trust is fully in place and have created security groups on either forest and users from either forest can be added to the groups.  

My question is, i am a domain admin on forest a and i want to connect to a pc's c$ share on domain b.  When i try to do this, a username/password prompt appears.  Also, domain admins from site b cannot connect to a c$ share without a username/password prompt.

Why is this?

Kind Regards

Phil
0
Comment
Question by:philipfarnes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 24355166

Hi Phil,

The trouble is....

Only Local Groups can contain foreign security principals (users from a trusted domain in this case).

Local Groups cannot contain other Local Groups. That means a local group on a PC cannot contain a domain local group.

By default, the only group with Administrative Rights on a domain member is "Domain Admins". Which is a Global Group (and cannot contain a user in a trusted domain), nor can it contain a local group on the domain.

Because of that lot, there's no reason you should have admin rights on a PC within a trusted domain unless you put something in place to take care of it. Hence the username / password prompt.

Chris
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question