Re: Access Denied with an external Trust

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 04/20/04 

Date: Tue, 20 Apr 2004 04:09:09 GMT

You will have to "unassign" the policy you assigned in the appropriate security
policy either domain/local/OU/domain controller, etc. You can run netdiag on a
computer as in "netdiag /test:ipsec " and it may help showing what policy is applied.
Gpresult also tells where you are receiving ipsec policy from I believe. Both those
tools are on the install cdrom in the tools/support folder where you will have to run
the setup program. --- Steve

"Dan" <dvalenti54@hotmail.com> wrote in message
news:eClP6knJEHA.3688@TK2MSFTNGP10.phx.gbl...
> I remember messing with IPsec is there a way to turn it off, I set the
> option Do not use IPSEC under the TCP/ip Properties but still the same.
> "Dan" <dvalenti54@hotmail.com> wrote in message
> news:e1tQJcnJEHA.1392@TK2MSFTNGP09.phx.gbl...
> > i did setup IPSEC i wonder if that is the issue.
> > "Steven L Umbach" <n9rou@nospam-comcast.net> wrote in message
> > news:8S_gc.29757$ru4.30191@attbi_s52...
> > > Assuming you have your dns set up correctly [and maybe wins if it is not
> a
> > small
> > > network], try adding that account to the domain users group in the other
> > domain. Also
> > > try accessing the share via IP address as in \\xxx.xxx.xxx.xxx\sharename
> > in case of a
> > > name resolution problem. Other things that can be causing lack of access
> > would be
> > > incompatible security options such as ipsec negotiation policies, lan
> > manager
> > > authentication level, smb signing [have client/server digitally sign
> > communications
> > > set to always when the other computer can not comply], and the option
> for
> > > "additional restrictions for anonymous access" being set to no access
> > without
> > > explicit anonymous permissions in certain situations. --- Steve
> > >
> > >
> > > "Dan" <dvalenti54@hotmail.com> wrote in message
> > > news:O0lNhumJEHA.1000@TK2MSFTNGP11.phx.gbl...
> > > > I have two windows 2000 DC. one called domain1.local and the other
> > called
> > > > domain2.com. I setup an external trust between the two domains. I
> > > > Authenticate to domain2.com and i created a share on domain1.local and
> > gave
> > > > my account admin@domain2.com full access to this share but when i try
> to
> > > > access it from a mapped drive it says access denied. Dont know what im
> > doing
> > > > wrong.
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: IPSec and Group Policy
    ... Ipsec is definitely machine policy and independent of who is logged onto ... User configuration applies to the users that are in the scope of influence ... > Using netdiag I can now see the IPSec policies applied from the AD GP. ...
    (microsoft.public.win2000.security)
  • Re: W2K domain IPsec implementation
    ... the user is not a local administrator. ... Try using netdiag also when logged on ... if the ipsec policy is active. ...
    (microsoft.public.windows.server.security)
  • Re: IPSEC
    ... security associations and statistics. ... Netdiag can also be used to view ipsec policy ... > I have secured one of my member servers to require IPSEC ... I used group policy to do this. ...
    (microsoft.public.win2000.security)
  • Re: Configured IPSec Policy is not working.
    ... As for the RRAS filters themselves, they're fairly basic, requiring ipsec ... and encryption will depend on the security settings of the connection. ... why exactly do you want to use l2tp without any ipsec protection rather ... > What is the default filter rule and filter policy ...
    (microsoft.public.win2000.ras_routing)
  • Re: Microsoft IPSec via group policy
    ... I have tried setting IPSec up in group policy however I'm running into some ... I go to the XP client and do ...
    (Security-Basics)