I must be doing something stupid, but I can't figure this out. Wondering if anyone else has seen this.
I have two independant domains. One is production, and one I setup today to test Exchange 2010 deployment. I will call them test.local and production.local
Both of them are running on Server 2008 R2 DCs.
Production is in 2003 mode
Test is in 2008 mode
They are running on different IP ranges, but with a /16 subnet so I can ping all hosts from each other. They share a common gateway which is our firewall.
There is no type of forest trust or relationships setup. DNS IPs are:
Both accounts use the same username for domain admin but with different passwords.
There is a file server on the production domain that has shares set to Everyone (Read,Change). The files/folders then have ACLs set for the specific users/groups who need access (NTFS volumes of course). Production\Administrators have FC for all of the shares. This works as expected when a user from the production.local domain attempts to connect to a share they do not have access to, Access Denied.
Shockingly, when I attempted to connect to my fileserver.production.local machine from dc01.test.local, I was not prompted for a valid username and password from the production.local domain. To my further horror I was able to browse any of the files on the server. This doesn't make sense. I'm assuming that simply setting up a test domain with an Admin user should not give one full access to any other domains on that segment.
Has anyone seen this before? I've been a Windows Server admin for a long time and have always felt like I had a good command of Sharing and ACLs, but this has me scratching my head.