Re: Assigning Security through W2k3 to W2k Trusted Domains

I named the specific ones, about 2/3s of which are not understood by
W2k and would not affect them. If you know that you have not altered
the settings then these are not it. However, if someone has these could
be involved (again, difficult to think through the asymmetry however) as
these control the ability to communicate for authentication/control.

"DevGD" <DevGD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D7A318E3-201C-4FAF-97CC-1D87D7BD7FB9@xxxxxxxxxxxxxxxx
Could it really be a policy issue? One thing I failed to mention is that
the
trust was orginally in place before the upgrade to 2003 domain on domanA.
Assigning security worked before that upgrade and where the security is
assigned, before the upgrade, seems to still be working. I will double
check
that though. Is there something in particular in a security policy that
you
might this would be causing the issue? I am amazed that it works on the
w2k3
servers but not the w2k servers.

Thanks
DevGD

"Roger Abell [MVP]" wrote:

Hmmm . . . while I do not see how the following could account
to the observed asymmetry I would still check the effective group
policy settings in the Security Options part of Computer policies.
Specifically I would be looking at policies understood by W2k3
but not by W2k, and in particular I would be looking at the Domain
Member policies regarding secure channel signing and encryption,
and also at the Network client and server policies for digital signing
and the Network security policies for minimum session security for
NTLM SSP

"DevGD" <DevGD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:6F48EF3F-F4C1-49BE-8856-50CD2507AE88@xxxxxxxxxxxxxxxx
Each domain has a DNS zone for the other trusted domain. The trust can
be
validated and I can assign security on any pc or server on DomainB from
DomainA. In DomainA(2003 domain), I can assign security on all pcs and
server
except for servers or pcs running windows 2000.

Example:

I have a windows 2003 file server and a windows 2000 file server in
DomainA.
On the windows 2003 file server, I can assign all the security I want
from
DomainB. But on the windows 2000 server I can not assign anything.

Does Windows 2000 browse or check authentication differently then W2K3
or
XP?

Thanks

DevGD

"Roger Abell [MVP]" wrote:

Make sure that the DNS zones for all involved domains are
available for name resolution, such as by conditional forwarders
or zone transfers between the DNS servers supporting the two
forests.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"DevGD" <DevGD@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:BA74DE88-7770-4844-BB2D-D390A986C1B8@xxxxxxxxxxxxxxxx
Situation:
I have created a trust between two domains in two different forests.
DomainA
is a mixed Windows 2003 domain. DomainB is native Windows 2000. The
trust
can
be validated and seems to be working in every way. I have validated
on
both
ends of the trust. There is no firewall blocking the servers.

Problem:
When I try to add access for a user or security group from DomainB
to a
folder on a server running w2K on DomainA, I get the following
error:

"Could not display objects from this location because of the
following
error:
No authority could be contacted for authentication. "

I can do the same steps on a windows 2003 server and it browses the
domain
and adds the security just fine.

Also, I can assign security on any server or PC on DomainB with
groups
or
users from DomainA. OS does not seem to matter.

Process I am using to assign security
Right-click on folder, select security tab, click location and
select
DomainB. This is when I get the error.

Please help.

Thanks
DevGD











.

Relevant Pages

  • SecurityFocus Microsoft Newsletter #164
    ... Got Storage Security Risks? ... MICROSOFT VULNERABILITY SUMMARY ... Chat Client FTP Server Default Username Credential Weak... ... NetServe Web Server is a compact web server for Microsoft Windows ...
    (Focus-Microsoft)
  • Re: im being held in memory
    ... How can I harden my computer or server to secure it from hackers? ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ... Install all service packs and security fixes from Microsoft and otherwise ...
    (microsoft.public.security)
  • MS and security: good effort but no cigar
    ... build upon the progress it's already made in security. ... The low-hanging fruit of millions of insecure Windows machines ... Then there's the issue of poorly secured server applications. ... and execute external virus and filtering ...
    (microsoft.public.windowsxp.general)
  • SecurityFocus Microsoft Newsletter #167
    ... MICROSOFT VULNERABILITY SUMMARY ... Multiple Vendor XML Parser SOAP Server Denial Of Service Vul... ... Proactive Windows Security Explorer ...
    (Focus-Microsoft)
  • Re: Assigning Security through W2k3 to W2k Trusted Domains
    ... policy settings in the Security Options part of Computer policies. ... validated and I can assign security on any pc or server on DomainB from ... except for servers or pcs running windows 2000. ...
    (microsoft.public.security)