Re: External trusts between domains are there any risks?
- From: Krusty <krusty@xxxxxxxxxxxxxxx>
- Date: Wed, 5 Jul 2006 06:26:02 -0700
Hi Joe,
Thanks for the Update,
I understand the implications of the trust, but surely if we migrate to the
WIN2K domain the same security issues arise with access to open shares and
applications for authed users?
As both domains are in the same company and we will migrate to a single
domain i dont get why my win2k admins are having a fit over the share.......
Thanks again...
Krusty
"Joe Richards [MVP]" wrote:
Yeah the W2K trusts you so it is the trusting and yes there are very.
possible security issues there. Any shares or applications that are open
to authenticated users or everyone will be open to users from your domain.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Krusty wrote:
Joe,
Thanks for the Info.
The trust is to allow the NT4 domain users to access limited resources in
the WIN2k domai, this will be file shares on a single server.
So i think thats NT4 is the trusted and WIN2k is the trusting (?)
Krusty
"Joe Richards [MVP]" wrote:
Well you don't specify the direction of the trust which makes a
difference but either way there can be information disclosure risks. In
one direction you can enumerate every account/computer a domain has, in
the other you can access file shares and applications that depend on
Windows security that aren't properly secured.
If your plans are to join the W2K domain in the future, you will take
your queues from the admins of the W2K domain, that is how you will get
in. So whatever mechanism they specify is what you will use.
--
Joe Richards Microsoft MVP Windows Server Directory Services
Author of O'Reilly Active Directory Third Edition
www.joeware.net
---O'Reilly Active Directory Third Edition now available---
http://www.joeware.net/win/ad3e.htm
Krusty wrote:
Question about using external trusts between domains?
I have a WIN2k and NT4 domains and need to have a one way trust setup
between the two. I am admin on the NT4 domain but not the Win2k domian. The
WIN2k admin refuses to put the trust in place, they say this is due to
security risks but refuse to identify or expand on exactly what these are.
Can anyone enlighten me as to what the security risks are, and if it would
cause issues if we were to migrate the NT4 domain to the Win2K domain in the
near future?
Thanks In advance.
Krusty
- Follow-Ups:
- Re: External trusts between domains are there any risks?
- From: Anthony
- Re: External trusts between domains are there any risks?
- References:
- Re: External trusts between domains are there any risks?
- From: Joe Richards [MVP]
- Re: External trusts between domains are there any risks?
- From: Joe Richards [MVP]
- Re: External trusts between domains are there any risks?
- Prev by Date: Re: Edit MS Active Directory
- Next by Date: Re: Roaming profiles & folder redirection..
- Previous by thread: Re: External trusts between domains are there any risks?
- Next by thread: Re: External trusts between domains are there any risks?
- Index(es):
Relevant Pages
|
