External trust question

Archived from groups: microsoft.public.win2000.security (More info?)

Hi, All
I have successfully established a two-way external trust (2) separate
forest. (Win2003 Forest and Win2000 forest).

In addition I have added my domain admin account from the Win2003 Forest to
the local builtin administrator group on the Win2000 Forest however when I
try to access resources on the Win2000 forest while I am logged in to the
Win2003 Forest using my using my Win2003 domain admin account I get access
denied. ..
I guess my question is how can I have doamin admin access to all servers
within the Win2000 forest while logged in to the win2003 forest using my
Win2003 domain account..

Please advise..
Thanks
Darren
1 answer Last reply
More about external trust question
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    While the administrators group in a domain is all powerful in the domain it
    does not automatically have access to all resources in the domain such as
    domain computers. The domain admins group is by default in the local
    administrators group of all domain computers but you can not add your
    account to that group because it is a global group. You could create an
    account in the other domain that is in the domain admins group in the other
    domain and then logon as that account when you need admin access to
    computers in the that domain or you can add you domain account to the local
    administrators group of computers in that domain that you want to manage.
    That could be automated with a Group Policy startup script using the net
    local group command in a batch file or with Group Policy Restricted Groups
    at the Organizational Unit level. --- Steve


    "Darren" <Darren@somewhere.com> wrote in message
    news:eHQyiwNqFHA.1024@TK2MSFTNGP09.phx.gbl...
    > Hi, All
    > I have successfully established a two-way external trust (2) separate
    > forest. (Win2003 Forest and Win2000 forest).
    >
    > In addition I have added my domain admin account from the Win2003 Forest
    > to the local builtin administrator group on the Win2000 Forest however
    > when I try to access resources on the Win2000 forest while I am logged in
    > to the Win2003 Forest using my using my Win2003 domain admin account I get
    > access denied. ..
    > I guess my question is how can I have doamin admin access to all servers
    > within the Win2000 forest while logged in to the win2003 forest using my
    > Win2003 domain account..
    >
    > Please advise..
    > Thanks
    > Darren
    >
Ask a new question

Read More

Domain Microsoft Windows