Re: Assigning Security through W2k3 to W2k Trusted Domains
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Wed, 15 Mar 2006 20:21:53 -0700
Hmmm . . . while I do not see how the following could account
to the observed asymmetry I would still check the effective group
policy settings in the Security Options part of Computer policies.
Specifically I would be looking at policies understood by W2k3
but not by W2k, and in particular I would be looking at the Domain
Member policies regarding secure channel signing and encryption,
and also at the Network client and server policies for digital signing
and the Network security policies for minimum session security for
NTLM SSP
"DevGD" <DevGD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6F48EF3F-F4C1-49BE-8856-50CD2507AE88@xxxxxxxxxxxxxxxx
Each domain has a DNS zone for the other trusted domain. The trust can be
validated and I can assign security on any pc or server on DomainB from
DomainA. In DomainA(2003 domain), I can assign security on all pcs and
server
except for servers or pcs running windows 2000.
Example:
I have a windows 2003 file server and a windows 2000 file server in
DomainA.
On the windows 2003 file server, I can assign all the security I want
from
DomainB. But on the windows 2000 server I can not assign anything.
Does Windows 2000 browse or check authentication differently then W2K3 or
XP?
Thanks
DevGD
"Roger Abell [MVP]" wrote:
Make sure that the DNS zones for all involved domains are
available for name resolution, such as by conditional forwarders
or zone transfers between the DNS servers supporting the two
forests.
--
Roger Abell
Microsoft MVP (Windows Server : Security)
"DevGD" <DevGD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BA74DE88-7770-4844-BB2D-D390A986C1B8@xxxxxxxxxxxxxxxx
Situation:
I have created a trust between two domains in two different forests.
DomainA
is a mixed Windows 2003 domain. DomainB is native Windows 2000. The
trust
can
be validated and seems to be working in every way. I have validated on
both
ends of the trust. There is no firewall blocking the servers.
Problem:
When I try to add access for a user or security group from DomainB to a
folder on a server running w2K on DomainA, I get the following error:
"Could not display objects from this location because of the following
error:
No authority could be contacted for authentication. "
I can do the same steps on a windows 2003 server and it browses the
domain
and adds the security just fine.
Also, I can assign security on any server or PC on DomainB with groups
or
users from DomainA. OS does not seem to matter.
Process I am using to assign security
Right-click on folder, select security tab, click location and select
DomainB. This is when I get the error.
Please help.
Thanks
DevGD
.
- Follow-Ups:
- References:
- Re: Assigning Security through W2k3 to W2k Trusted Domains
- From: Roger Abell [MVP]
- Re: Assigning Security through W2k3 to W2k Trusted Domains
- Prev by Date: Re: Defacement on MSN?
- Next by Date: Re: Defacement on MSN?
- Previous by thread: Re: Assigning Security through W2k3 to W2k Trusted Domains
- Next by thread: Re: Assigning Security through W2k3 to W2k Trusted Domains
- Index(es):
Relevant Pages
|
