Trust relationship

[thomas B]

Good morning everybody,

On my network windows 2000, I have 2 domains , A and B. So
I would like to create a one way trust relationship
between A and B, because I don't want for example that
users in domains B have access in ressources of Domain A.
But Windows 2000 integrate by default two ways . So how to
do that ?

Thanks a lot for yours reply

Thomas.

 

[Simon Geary]

You are correct that if the two domains are in the same forest a two-way
trust is automatically created between them. I'm not aware of any process
that would allow you to break this automatic trust but even if there was I
wouldn't advise it.

Can you not secure the resources with appropriate ACLs to deny access to
users from the other domain? This would be the common approach.

If the domain admins in the other domain are not trustworthy then the only
solution is to have the domains in two separate forests.

 

[Cary Shultz [A.D. MVP]]

Ditto!

Simply use groups to set both the NTFS and Share permissions on the shared
resources. You might even want to set an explicit DENY. If you created a
Security Group ( or one already exists ) of all users in DomainA and of all
users in DomainB you could set the explicit DENY to DomainB for any and all
shared resources in DomainA.

HTH,

Cary

PS...by 'shared resources' I mean user files/folders.....