windows 2003 - windows 2008 forest trust permissions issue

Hello,

I have a 2 way forest trust between a windows 2008 and windows 2003 system but running native.  The trust is fully in place and have created security groups on either forest and users from either forest can be added to the groups.  

My question is, i am a domain admin on forest a and i want to connect to a pc's c$ share on domain b.  When i try to do this, a username/password prompt appears.  Also, domain admins from site b cannot connect to a c$ share without a username/password prompt.

Why is this?

Kind Regards

Phil
philipfarnesAsked:
Who is Participating?
 
Chris DentConnect With a Mentor PowerShell DeveloperCommented:

Hi Phil,

The trouble is....

Only Local Groups can contain foreign security principals (users from a trusted domain in this case).

Local Groups cannot contain other Local Groups. That means a local group on a PC cannot contain a domain local group.

By default, the only group with Administrative Rights on a domain member is "Domain Admins". Which is a Global Group (and cannot contain a user in a trusted domain), nor can it contain a local group on the domain.

Because of that lot, there's no reason you should have admin rights on a PC within a trusted domain unless you put something in place to take care of it. Hence the username / password prompt.

Chris
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.