Trust relationship

T

thomas B

Good morning everybody,

On my network windows 2000, I have 2 domains , A and B. So
I would like to create a one way trust relationship
between A and B, because I don't want for example that
users in domains B have access in ressources of Domain A.
But Windows 2000 integrate by default two ways . So how to
do that ?

Thanks a lot for yours reply

Thomas.
 
S

Simon Geary

You are correct that if the two domains are in the same forest a two-way
trust is automatically created between them. I'm not aware of any process
that would allow you to break this automatic trust but even if there was I
wouldn't advise it.

Can you not secure the resources with appropriate ACLs to deny access to
users from the other domain? This would be the common approach.

If the domain admins in the other domain are not trustworthy then the only
solution is to have the domains in two separate forests.
 
C

Cary Shultz [A.D. MVP]

Ditto!

Simply use groups to set both the NTFS and Share permissions on the shared
resources. You might even want to set an explicit DENY. If you created a
Security Group ( or one already exists ) of all users in DomainA and of all
users in DomainB you could set the explicit DENY to DomainB for any and all
shared resources in DomainA.

HTH,

Cary

PS...by 'shared resources' I mean user files/folders.....
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Cross Forest Trust 12
Trust relationship 1
win 2000 / 2003 ad problem 1
Separating trusted domains 4
Transitive Trusts 3
Further question regarding transitive nature of forest trusts 2
Trust Relationship between NT domain and a windows 2000 native mod 3
Win2k and WinNT domain trust issue 1

Top