Re: AD trust and folder permission
- From: "Ace Fekay [MCT]" <aceman@xxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 20 Jul 2009 23:18:33 -0400
"dkblee" <dkblee@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:7012EB76-F53E-41CA-A5F9-8946BF88527F@xxxxxxxxxxxxxxxx
hi! We created an one way trust between our hq and branch office (different
forest, HQ created outgoing trust, and branch created incoming trust). I've
created a domain local group and add in the group created by the hq into my
branch office's domain local group.
I've shared a folder and (sharing permission everyone full access) set the
security permission to enable the hq group read access to the local shared
folder. I noticed that the user within the hq group can actually create and
made any changes in the shared folder i created in the branch office. It
seems that the security setting doesn't really take effect. I also noticed
that the folder created by the hq group's user will have full access in the
subfolders (the user in the hq group becomes the owner of the file/folders
created by them and the hq group still show read only access in the security
permission tab). Is this normal? My objective is to let the user in the hq
group to have access to my local shared file server instead of using my local
domain account and the hq domain account.
Please advise. Thanks.
DKBLEE,
Help me get this straight.
You first said:
We created an one way trust between our hq and branch office
(different forest, HQ created outgoing trust, and branch created
incoming trust).
So that means you've created a one way trust from HQ to the Branch, meaning HQ is trusting Branch. Branch is the trusted domain. So this means you want to trust and allow the Branch accounts to access HQ's resources. Is this correct?
But then you said:
I've created a domain local group and add in the
group created by the hq into my branch office's domain local group.
Where did you create the domain local group? On HQ or Branch?
If you created the Local Domain Group on Branch, then it appears to me that the trust direction is backwards.
Please elaborate on if you want to allow the Branch folks to access HQ's resources, or do you want to allow HQ to access Branch's resources.
Thank you,
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
aceman@xxxxxxxxxxxxxxxxxxxxxxx
http://twitter.com/acefekay
For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
.
- Follow-Ups:
- Re: AD trust and folder permission
- From: dkblee
- Re: AD trust and folder permission
- References:
- AD trust and folder permission
- From: dkblee
- AD trust and folder permission
- Prev by Date: Re: Group policy not applying to user configuration
- Next by Date: Re: AD trust and folder permission
- Previous by thread: Re: AD trust and folder permission
- Next by thread: Re: AD trust and folder permission
- Index(es):
Relevant Pages
|
