Question : windows 2003 - windows 2008 forest trust permissions issue

Hello,

I have a 2 way forest trust between a windows 2008 and windows 2003 system but running native. The trust is fully in place and have created security groups on either forest and users from either forest can be added to the groups.

My question is, i am a domain admin on forest a and i want to connect to a pc's c$ share on domain b. When i try to do this, a username/password prompt appears. Also, domain admins from site b cannot connect to a c$ share without a username/password prompt.

Why is this?

Kind Regards

Phil

Answer : windows 2003 - windows 2008 forest trust permissions issue

Hi Phil,

The trouble is....

Only Local Groups can contain foreign security principals (users from a trusted domain in this case).

Local Groups cannot contain other Local Groups. That means a local group on a PC cannot contain a domain local group.

By default, the only group with Administrative Rights on a domain member is "Domain Admins". Which is a Global Group (and cannot contain a user in a trusted domain), nor can it contain a local group on the domain.

Because of that lot, there's no reason you should have admin rights on a PC within a trusted domain unless you put something in place to take care of it. Hence the username / password prompt.

Chris

Random Solutions

i have windows xp pro x64 3712 MB RAM limit

Tape Drive not reconized in Windows Explorer

how to set a page as a START page in worpress instead of comments ?

Error when installing exchange Sp1

Flash tabing and button listeners

Windows 2003 Acronis Restore Problem

Windows 2003 domain logon scrip for Vista client

Variable Function Names in RUBY? They exist in PHP and Perl

Bluescreens on shutdown with XP SP1

POP3 Resilience/Failover