External trust question

Toggle sidebar Toggle sidebar
D

darren

Distinguished
Jun 26, 2003
131
0
18,680
Archived from groups: microsoft.public.win2000.security (More info?)

Hi, All
I have successfully established a two-way external trust (2) separate
forest. (Win2003 Forest and Win2000 forest).

In addition I have added my domain admin account from the Win2003 Forest to
the local builtin administrator group on the Win2000 Forest however when I
try to access resources on the Win2000 forest while I am logged in to the
Win2003 Forest using my using my Win2003 domain admin account I get access
denied. ..
I guess my question is how can I have doamin admin access to all servers
within the Win2000 forest while logged in to the win2003 forest using my
Win2003 domain account..

Please advise..
Thanks
Darren
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

While the administrators group in a domain is all powerful in the domain it
does not automatically have access to all resources in the domain such as
domain computers. The domain admins group is by default in the local
administrators group of all domain computers but you can not add your
account to that group because it is a global group. You could create an
account in the other domain that is in the domain admins group in the other
domain and then logon as that account when you need admin access to
computers in the that domain or you can add you domain account to the local
administrators group of computers in that domain that you want to manage.
That could be automated with a Group Policy startup script using the net
local group command in a batch file or with Group Policy Restricted Groups
at the Organizational Unit level. --- Steve


"Darren" <Darren@somewhere.com> wrote in message
news:eHQyiwNqFHA.1024@TK2MSFTNGP09.phx.gbl...
> Hi, All
> I have successfully established a two-way external trust (2) separate
> forest. (Win2003 Forest and Win2000 forest).
>
> In addition I have added my domain admin account from the Win2003 Forest
> to the local builtin administrator group on the Win2000 Forest however
> when I try to access resources on the Win2000 forest while I am logged in
> to the Win2003 Forest using my using my Win2003 domain admin account I get
> access denied. ..
> I guess my question is how can I have doamin admin access to all servers
> within the Win2000 forest while logged in to the win2003 forest using my
> Win2003 domain account..
>
> Please advise..
> Thanks
> Darren
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom