Setup a domain trust with selective auth, two domains in different forests. When browsing a UNC path I get:"Logon failure: the machine you are logging onto is protected by an authentication firewall". All DCs are 2003 standard. The trust is two-way, and so is the error. The functional level was raised before attempting. Domain A has 2 Sites connected by a VPN and the VPN was down preventing the raise functional level process from completing for a while- just a side note. It wanted to see the other DC before it would work. The open authentication works, but it gives EVERY user in Domain B the same rights as the Domain Users group in Domain A, where I am trying to share out extra storage. That is too much access to domain A.
I have setup the local server security GP object on the data storage box in Domain A to allow rights assignment on Domain B, but I don't know if I edited the correct key at all. Very frustrating for it to work fine in a manner that I cannot use, but not work at all in a manner that I need to use. Windows firewall services are off on all DCs.
I am also unsure of the DNS changes i made to reference these two domains. I simply put in a DNS forwarder on DomainB to point requests for DomainA back to the AD integrated DNS server on DomainA and vice versa.