| |
Interdomain Trust Facilities
A two-way trust relationship is created when two one-way trusts are created, one in each direction.
Where a one-way trust has been established between two MS Windows NT4 domains (let's call them
DomA and DomB), the following facilities are created:
-
DomA (completes the trust connection)
Trusts
DomB.
-
DomA is the
Trusting
domain.
-
DomB is the
Trusted
domain (originates the trust account).
-
Users in DomB can access resources in DomA.
-
Users in DomA cannot access resources in DomB.
-
Global groups from DomB can be used in DomA.
-
Global groups from DomA cannot be used in DomB.
-
DomB does appear in the logon dialog box on client workstations in DomA.
-
DomA does not appear in the logon dialog box on client workstations in DomB.
-
Users and groups in a trusting domain cannot be granted rights, permissions, or access
to a trusted domain.
-
The trusting domain can access and use accounts (users/global groups) in the
trusted domain.
-
Administrators of the trusted domain can be granted administrative rights in the
trusting domain.
-
Users in a trusted domain can be given rights and privileges in the trusting
domain.
-
Trusted domain global groups can be given rights and permissions in the trusting
domain.
-
Global groups from the trusted domain can be made members in local groups on
MS Windows domain member machines.
|
|
