Solved

windows 2003 - windows 2008 forest trust permissions issue

Posted on 2009-05-11
1
504 Views
Last Modified: 2012-05-06
Hello,

I have a 2 way forest trust between a windows 2008 and windows 2003 system but running native.  The trust is fully in place and have created security groups on either forest and users from either forest can be added to the groups.  

My question is, i am a domain admin on forest a and i want to connect to a pc's c$ share on domain b.  When i try to do this, a username/password prompt appears.  Also, domain admins from site b cannot connect to a c$ share without a username/password prompt.

Why is this?

Kind Regards

Phil
0
Comment
Question by:philipfarnes
1 Comment
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 24355166

Hi Phil,

The trouble is....

Only Local Groups can contain foreign security principals (users from a trusted domain in this case).

Local Groups cannot contain other Local Groups. That means a local group on a PC cannot contain a domain local group.

By default, the only group with Administrative Rights on a domain member is "Domain Admins". Which is a Global Group (and cannot contain a user in a trusted domain), nor can it contain a local group on the domain.

Because of that lot, there's no reason you should have admin rights on a PC within a trusted domain unless you put something in place to take care of it. Hence the username / password prompt.

Chris
0

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
finding who created AD 4 45
Restore DNS Record 5 48
lync 2013 7 36
active directory 17 36
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now