Home > Ask the Windows Security Experts > Active Directory and Network security management Questions & Answers > Granting access to resources in a multiple domain environment
Ask The Windows Security Expert: Questions & Answers
EMAIL THIS

Granting access to resources in a multiple domain environment

Wes Noonan EXPERT RESPONSE FROM: Wes Noonan

Pose a Question
Other Windows Security Categories
Meet all Windows Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 15 June 2005
We have four servers with Windows Server 2003. In every server there is a domain with Exchange Server 2003. The main domain is in the CITY and every domain has the server address 192.168.1.1, 192.168.2.1, 192.168.3.1, 192.168.5.1. When one user logs into other servers or finds any resources in other servers, a message appears that they have no privileges for this resource. We revised the DNS in every server and applied Microsoft patches, but the problem persists. What can we do to resolve this?

>
EXPERT RESPONSE
One thing I'm not clear on is whether you have multiple domains. It appears that you do and I'm going to work on that assumption as it fits with what I think is likely happening.

A common misconception with Windows domains is that if trusts exist between domains, users can access any resources, any where. This is commonly due to an expectation that comes from a single domain environment. In a single domain environment, all users are by default a member of the Domain Users group which is in turn automatically a member of the local Users group. This allows all users to access all resources (by default) with out much effort. This is not the case in a multiple domain environment however. No "automatic" group memberships occur between domains. Consequently, you have to explicitly grant access to resources for users in members of another domain.

So, let's say you have DOMAIN1 and DOMAIN2 and you want users in DOMAIN1 to access resources on SERVER1 in DOMAIN2.

1. You need to create a Global Security Group in DOMAIN1 and add the users that should have access to the resources on SERVER1 to it.

2. Next, on SERVER1 create a local group that has the appropriate rights to the resources in question.

3. Finally, make the Global Security Group from step 1 a member of the local group from step 2. Have the users logoff and then log back on again and they should be able to access the resources.


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Active Directory and Network security management
Allow Windows network access, but not admin rights
How can I manage file encryption on a Windows network?
Password security in Group Policy for Windows networks
Data protection on Microsoft networks
Group Policy Objects for Microsoft network security
Can I delete certificates from the CA?
Correctly configure admin rights on Windows networks
How do I apply a Group Policy Object at the OU level?
NTFS permissions control: Who will watch the watcher?
Disabling CMD in Group Policy

Configuration and Deployment
DHCP Client Service error affects network security
How to use a GPO to improve Windows folder security
Remote management for Windows system upgrades
How to secure BitLocker configurations
What's new and improved in IPsec in Windows Server 2008
Have my Windows patches actually been installed?
What's hot in Windows security: Ins and outs of Windows Server 2008
Rights management in Windows: Security expert roundup
Set write permissions in Windows network folders
Windows network rights, password policy and network security testing
Configuration and Deployment Research

Authentication
Windows Server 2008 security aided by NAP and IPsec
Manage administrator rights in Windows Server 2003
Why don't I have proper Windows Server 2003 rights to open a GPO?
How can I prevent Internet access with Windows SBS?
Windows server security management: Security expert roundup
Windows server management with Remote Desktop
File management on a Windows Server 2003 NAS system
Windows Small Business Server 2003 access management
How to grant Microsoft Windows network permissions
Intrusion prevention for Windows network security
Authentication Research

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary



Search and Browse the Expert Answer Center
Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
Browse our Expert Advice

HomeNewsTopicsITKnowledge ExchangeTipsAsk the ExpertsWebcastsWhite PapersIT DownloadsBlogs
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2004 - 2008, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts