Paul
Thu Aug 07 05:42:02 PDT 2008
Grayed out is providing read only rights, which is what they should have.
--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
http://www.pbbergs.com
Please no e-mails, any questions should be posted in the NewsGroup
This posting is provided "AS IS" with no warranties, and confers no rights.
"Cyborg" <apollo13@btinternet.com> wrote in message
news:32AB8F40-739B-4337-A5D2-DE6708A12998@microsoft.com...
> What is interesting on the 2-way trust they can access our AD but
> everything is "greyed-out" as if I need to delegate their control is this
> right?
>
>
> "Tomasz Onyszko" <t.onyszko_spam_@w2k.pl> wrote in message
> news:%23zLlvHA%23IHA.1420@TK2MSFTNGP06.phx.gbl...
>> Gonzo wrote:
>>> Hi,
>>>
>>> I have created a 2-way trust between 2 windows 2003 domains (2 forests,
>>> one doman in each), on this other domain I don't want them to be able to
>>> access our ADUC to see our users etc, how do I stop this?
>>>
>>> Do I need a 2-way trust, I only want this other domain to access
>>> resources on our domain.
>>
>> You need only one way trust to achieve this goal but it will be your
>> forest who will have to trust the other forest. If you want to limit
>> access to resources from their side You might think about enabling
>> selective authentication on this trust relationship however this will
>> add some overhead for managing this trust and might not satisfy your
>> requirements.
>>
>>
>> --
>> Tomasz Onyszko
>>
http://www.w2k.pl/ - (PL)
>>
http://blogs.dirteam.com/blogs/tomek/ - (EN)
>