Authenticate as user from one domain to another

Hi All,
Really struggling (on a live system). We have had PCOUNTER and new network printers installed over the last few days on a domain STUDENTS this allows monitoring of print work etc and is working fine. However the people before us created a second domain called BUSINESS that also need access to these printers.

The printers are shared off a server called VIPER (on the STUDENTS domain) which we can connect to from the BUSINESS domain, however when we try and install the printers as a BUSINESS user we get the "Policy controls do not permit, blah blah"

So far the only way we have got it to print is by connecting to VIPER as an admin, then getting the printer installed, the problem is that then the admin account gets billed for the printing, even if we log off and log back in as a user. I have even set the print security to everyone but it still requires authentication.

If I were to run a VBS script at logon to connect the printer, how could I ensure this authentication between the two domains without using generic IDs and preferably without setting up network maps to VIPER on 80 BUSINESS users machines?

Many thanks in advance, proper headscratcher for me atm.
Ned RamsayNetwork Operations ManagerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Have you established the trust between the STUDENTS and BUSINESS domain? Trust is needed when you need to share resources between domains. Unless you are using Internet Printing method which everyone group will allow non domain users to connect to shared network printers.
Ned RamsayNetwork Operations ManagerAuthor Commented:
There are no trusts between domains, this is the problem, I have taken over from a complete idiot of an IT manager!
Ned RamsayNetwork Operations ManagerAuthor Commented:
Does anyone have a step by step guide to setting up trusts between domains?
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

What version of domains are you running? win2k, win2k3, or win2k8?
Here's an example to create a two-way trust(Assuming you can manage both Domain A & B):
Run Active Directory Domains and Trusts->Right Click on the Domain  and select Properties Then click the "Trusts" tab. Then click on New Trust. Provide DNS or NetBIOS name of other domain(DomainB). Here you need an "incoming trusts". If no other specific restriction, do forest trust. When done, you should have DomainB listed on the bottom box of the "Domains that trust this domain(incoming trusts)"

Do the same but the opposite of the above.
Sorry I have provided you the one-way trust.
Here's the steps for two-way trust:
Scenarios, just an example:
DOMAIN-1--Domain Functional Level and Forest Functional Level is Windows Server 2003
Domain-2--Domain Functional Level is Windows Server 2003 and Forest Functional Level is Windows Server 2003

Note: you can start either on Domain1 or Domain2, the order of creation for the trust doesn't matter.
New Trust-->DNS or NetBIOS name of other domain-->External Trust-->Two-Way-->This Domain only-->Domain-Wide Authentication-->Trust Password-->No Need to confirm any trust at the moment

New Trust-->DNS or NetBIOS name of other domain-->Two-Way-->This Domain only--> Domain-Wide Authentication-->Trust Password-->No Need to confirm any trust at the moment

Note: Domain-Wide authentication above is just an example, you can also do selective authentication. But Domain-wide authentication should be used if you manage both domains.
More info:
One-way trust--If a one way trust from DomainA trusts-->Domain B. Users in DomainB will be able to access resources(like printer) in DomainA since DomainA is the trusting domain which trusts DomainB, meaning allow DomainB users to access their resources. DomainB then considered the trusted domain as being trusted by DomainA. When Users from DomainA hit "ctrl+Alt+Del" there will be two Domains that they can select to logon from, Which is DomainA and DomainB. This is because when a UserB using a computer that is a member of DomainA, he/she will be able to use the account UserB to logon to DomainB from a computer in DomainA. This computer is considered one type of the resources in addition to web services, file and print services etc.  However, Users in DomainA will not have these available. Like a UserA cannot use a computer which is a member of DomainB to logon to DomainA as the option is not available due to the type of trust, one-way trust from DomainA to DomainB.

Two-Way trust--DomainA trusts DomainB and DomainB also trusts DmainA. This will allow users in both domains to be able to access resources in each other's domain.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
BTW, before you create the turst above, you need to make sure firewall is opened between the two domain.
Ned RamsayNetwork Operations ManagerAuthor Commented:
Thanks Americom, ill let you know how I get on.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Project Management

From novice to tech pro — start learning today.