Security on Trust Between two domains

Currently i have my corporate Domain A and I have just created a test Domain B for our development/QA group for their testing.  I have setup everything except for a trust relationship between Domain A and Domain B.  DNS is working nicely with the conditional forwarding between the two domains.  I know i can set a 1 way trust so my corporate Domain A can be authenticated in Domain B and the Dev team can use the corporate accounts in their test environment.  They have also installed SCVMM 2008 R2 in their test environment domain B.  The problem is they have installed SCVMM 2008 R2 console on their corporate desktops Domain A and it will not authenticate and can't login into their scvmm test server.  I know a 2-way trust will work accrding to microsoft for scvmm, but i am worried as to if there is any vulnerabilities or security issues that i need to be concerned about if i was to make a two-way trust.

If i was to make a 2-way trust, is my Domain A proned to attacks or updates/Deletes, etc....?

Thanks.
josogAsked:
Who is Participating?
 
Darius GhassemConnect With a Mentor Commented:
Think about it this way. You must grant permissions for Domain B to access files and folders on Domain A so just don't give permissions.
Two trust will not make the domains into one domain they will still be managed seperately.

I would have consider settings RDP to Domain B instead of direct access over trust if you want to keep things secure if you do it this way then the QA group could have their own desktops for Domain B without affecting anything on Domain A.
0
 
josogAuthor Commented:
Using RDP was the original plan of mine, but they have applications their developing on their desktop uses their corporate accounts which also needs to be in their testing domain environment.  

I do notice when creating the 2 way trust, that from domain B, they can see all my accounts in DOmain A (like searching, viewing properties, etc...) but yet they can't edit anything.

as long as each domain is managed seperatly and the admin in domain B can't change anything in Domain A, i am happy.
0
 
Darius GhassemCommented:
That is the way it will work you must give permission to allow for editing.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.