Here's my question, I have two domains (A & B) on a single subnet. All workstations and servers (except one server) are on domain A, the remaining server on it's own domain, domain B. I want users in domain A to be able to access shares on the server in domain B but I don't want the domain B server to be able to access anything in domain A (with the obvious exeption of checking critentials.) Is this possible and, if so, how?
2007-07-17 09:42:09 · 6 answers · asked by DrDebate 4 in Computers & Internet ➔ Computer Networking
Azred_tx, I cannot turn off the shares on domain A, that's where almost all network resources are. Also, I think your solution would require the domain B server to be put on domain A.
normanmoy, that's an interesting idea but security is a top priority which is why I'm trying to do this in the first place. I don't want everyone to have access to the domain B, just certain users to certain shares.
Above all, I need to domain B server to not be able to screw with domain A should it ever become compromised.
2007-07-17 09:53:37 · update #1
Are A and B in the same forest? If so, bad idea. Make sure B is on a different forest.
You can use AD to create a one-way trust relationship where B trusts A, but A does not trust B. Personally, I wouldn't create any trust relationship at all. I'd create user accounts in B for the users that have a reason to use it's resources, then force them to use their "B" credentials to access. Much more secure.
Since security is such an issue to you, I should point out the obvious. Having both domains on the same subnet is a really bad idea. Really, really bad idea. Even without trusts, you're open to a host of attacks from B to A on the same subnet. I'd throw a router between B and the network, putting B on a different subnet. Then firewall the heck out of the router. Shut down every port that isn't mission critical (DNS, DHCP, SMTP and HTTP come to mind as obvious threat avenues...) Treat the A to B connection as a DMZ.
Set it up right and you can have an ultra-secure setup with a minimum of inconvenience.
2007-07-17 11:39:59 · answer #1 · answered by antirion 5 · 0⤊ 0⤋
I Guss both the domains are in different Forest.
Go to Active Directory Domain and Trust on Domain B
Make a one way Trust
Domain B must trus Domain A
So the users from Doamin A will be able to login and access the resources in Domain B. But for users from Domain B, no privilage will be there on Domain A
Check the link for more information on creating a one way trust.
Cheers!
Shaba
2007-07-17 11:11:10 · answer #2 · answered by Shaba! 3 · 0⤊ 0⤋
You could just enable file share security for Domain B to be everyone, so users in Domain A can access the files. Then you set the security for the file shares in Domain A to domain users, then Domain B users should not be able to access those files.
2007-07-17 09:47:24 · answer #3 · answered by normanmoy 3 · 0⤊ 0⤋
Share the resources in domain B but not the ones in domain A. This way, domain A can see domain B as part of the network but not the other way around.
2007-07-17 09:47:06 · answer #4 · answered by Mathsorcerer 7 · 0⤊ 0⤋
External trust creates a trusted relationship between domains in different forests or to non-Windows domains. External trusts are not created automatically and are one-way in nature. For example, Domain B may let a user from Domain A log on, but Domain A doesn't allow access to any users from Domain B. If you need two-way trust between external domains, you can create them by using two one-way trusts.
To create an external trust http://technet2.microsoft.com/windowsserver/en/library/b30ef067-746e-4453-b879-804259aafdd31033.mspx?mfr=true
2007-07-17 11:08:11 · answer #5 · answered by ladeehwk 5 · 0⤊ 0⤋
the article is in simple terms telling you to eliminate the pc from the area and rejoin it. you need to be logged in by using fact the nearby pc administrator to try this. placed it back interior the Workgroup. connect the pc back into the area and it would restoration the problem.
2016-10-08 22:47:27 · answer #6 · answered by ? 4 · 0⤊ 0⤋