Re: External Trust - Can't see share contents

---

• From: bstillion <bstillion@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Fri, 2 Jan 2009 09:32:02 -0800

---

Thanks Meinolf!
We used a group (Global) from the remote domain and placed it in
the ACL of the resource which allowed users there to access the
shared folder and its contents here.
What would be the need to use a Universal group in this situation?
We placed a global group from the other domain into the ACL of the resource
and it worked.

--
BStillion
Portland ME


"Meinolf Weber [MVP-DS]" wrote:

Hello bstillion,

Use the universal groups to configure the share access permissions. So that
the other forest users use there own account which has to be added to the
universal group that are configured on the share.

Best regards

Meinolf Weber
Disclaimer: This posting is provided "AS IS" with no warranties, and confers
no rights.
** Please do NOT email, only reply to Newsgroups
** HELP us help YOU!!! http://www.blakjak.demon.co.uk/mul_crss.htm

Goal: users in another forest can browse to a server share to view the
folders contents. The user should browse to \\servername\share and be
prompted for
username and password. There are local accounts on the server that
then allow
them to access the share.
Environment
Windows Server 2003 Domain with an External Trust to the remote
domain.
Connection is a point-to-point (TLS) being used primarily to
store/retrieve
information on the servers here from the users there and is working
fine.
Remote user experience
user can browse to server, but when they double click the share they
get
an "Access Denied" error.
Troubleshooting steps taken
Share and NTFS permissions have been checked numerous times and
are Share = Local group with local accounts have Change. NTFS = Local
group
with local accounts have Modify access.
Confirmed "Selective Authentication" is applied to the External Trust
but
cannot add the "allow to authenticate" permission to the local group
(can't
browse to it.)
Confirmed that no ACL or firewall settings are blocking access or
authentication.
Got this to work from another domain but don't see the difference
between
the trusts.
Any help is greatly appreciated.

.

---

• Prev by Date: Re: Win2k to Win2k3 AD Upgrade
• Next by Date: Re: Win2k to Win2k3 AD Upgrade
• Previous by thread: Win2k to Win2k3 AD Upgrade
• Next by thread: Active Directory / Visual Source Safe Conflicts
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: newbie: connect to wmi remotely ... can you please help me with the remote access via wmi. ... acl on a share on a server in the same w2k3 domain. ... (microsoft.public.scripting.wsh) RE: External Trust - Cant see share contents ... the trust relationship passed through the credentials that did ... The other remote sites that are prompted for a username and password do not ... users in another forest can browse to a server share to view the ... There are local accounts on the server that then allow ... (microsoft.public.windows.server.active_directory) Re: Can change outlook profile without exprofe ? ... not sure *why* you'd ever use local accounts for users instead of domain ... Solli Moreira Honorio typed: ... I have migrated mailboxes from one standart server to a cluster ... services, even if I recreat the outlook profile, change registry keys ... (microsoft.public.exchange.admin) Re: IIS ftp server ... This machine has local accounts for remote users to connect ... What if the remote end was not using windows? ... they could still ftp in but as we set up their local ... (microsoft.public.windowsxp.network_web) RE: Active Directory Install ... If you're creating a new domain controller for a new domain, ... existing local accounts will be moved into your new domain. ... If this is a standalone server, couldn't you just use local policy to ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)