Hi!
I'm domain admin in an enterprise domain structure where we have 7 different, but trusted, domains all in the same forest. I'm having some troubles with access rights, cross domain.
In our domain, A, we have the domain functional level set to 2008 and all servers, besides 1 is 2008 Standard SP2.
In domain B, domain funtional level 2003, we have users wanting to access shares on a 2008 server in domain A. They can see the shares but are getting access denied trying to open them.
I've struggled a bit with an admin in domain B and recently found out that adding his user to our server GP setting "Access this computer from the network" he can suddenly access it like intended.
They way the users is granted access is simply done by adding them to a universal group in domain B and in domain A I make that group a member to another universal group with NTFS rights to the data in question.
Problem would be fixed if I could add the domain B universal group to the GP setting, but I can't. The objects you could add to that policy is Users and security principals when fetching stuff from other domains.
( Well, actually, it is possible adding groups but it doesn't seem to work. )
Hope the text makes sense. Hope that someone can enlighten me as well ;)
Thanks
Bookmarks