Re: AD trust and folder permission
- From: dkblee <dkblee@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 20 Jul 2009 21:28:01 -0700
"Ace Fekay [MCT]" wrote:
"dkblee" <dkblee@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:7012EB76-F53E-41CA-A5F9-8946BF88527F@xxxxxxxxxxxxxxxxNo, i want to use the hq account to access my resources. Eg. i want to use
hi! We created an one way trust between our hq and branch office (different
forest, HQ created outgoing trust, and branch created incoming trust). I've
created a domain local group and add in the group created by the hq into my
branch office's domain local group.
I've shared a folder and (sharing permission everyone full access) set the
security permission to enable the hq group read access to the local shared
folder. I noticed that the user within the hq group can actually create and
made any changes in the shared folder i created in the branch office. It
seems that the security setting doesn't really take effect. I also noticed
that the folder created by the hq group's user will have full access in the
subfolders (the user in the hq group becomes the owner of the file/folders
created by them and the hq group still show read only access in the security
permission tab). Is this normal? My objective is to let the user in the hq
group to have access to my local shared file server instead of using my local
domain account and the hq domain account.
Please advise. Thanks.
DKBLEE,
Help me get this straight.
You first said:
We created an one way trust between our hq and branch office
(different forest, HQ created outgoing trust, and branch created
incoming trust).
So that means you've created a one way trust from HQ to the Branch, meaning HQ is trusting Branch. Branch is the trusted domain. So this means you want to trust and allow the Branch accounts to access HQ's resources. Is this correct?
the hq account to be able to access my file servers and access the corporate
email or resources. For my branch domain, i just need to create a domain
local group and add the hq users/group into my local domain group to achieve
this.
I created the domain local group in the branch office
But then you said:
I've created a domain local group and add in the
group created by the hq into my branch office's domain local group.
Where did you create the domain local group? On HQ or Branch?
I'm just testing on the domain local group. or do i need to create the
If you created the Local Domain Group on Branch, then it appears to me that the trust direction is backwards.
domain local group in the hq and add that group into my branch group?
Please elaborate on if you want to allow the Branch folks to access HQ's resources, or do you want to allow HQ to access Branch's resources. Basically....it's to enable hq account to access my branch resources. The hq side will not allow us to use our domain the access their resources directly.
Thanks.
.
Thank you,
--
Ace
This posting is provided "AS-IS" with no warranties or guarantees and confers no rights.
Please reply back to the newsgroup or forum to benefit from collaboration among responding engineers, and to help others benefit from your resolution.
Ace Fekay, MCT, MCSE, MCSA 2003 & 2000, MCSA Messaging
Microsoft Certified Trainer
aceman@xxxxxxxxxxxxxxxxxxxxxxx
http://twitter.com/acefekay
For urgent issues, you may want to contact Microsoft PSS directly. Please check http://support.microsoft.com for regional support phone numbers.
- Follow-Ups:
- Re: AD trust and folder permission
- From: Ace Fekay [MCT]
- Re: AD trust and folder permission
- References:
- AD trust and folder permission
- From: dkblee
- Re: AD trust and folder permission
- From: Ace Fekay [MCT]
- AD trust and folder permission
- Prev by Date: Re: AD trust and folder permission
- Next by Date: Re: AD trust and folder permission
- Previous by thread: Re: AD trust and folder permission
- Next by thread: Re: AD trust and folder permission
- Index(es):
Relevant Pages
|
