Microsoft KB Archive/315053

= HOW TO: Configure One-Way Non-Transitive Trusts in Windows 2000 =

PSS ID Number: 315053

Article Last Modified on 10/30/2003

-

The information in this article applies to:


 * Microsoft Windows 2000 Server
 * Microsoft Windows 2000 Advanced Server

-



This article was previously published under Q315053





IN THIS TASK

 * SUMMARY
 * ** Set Up a One-Way Trust



SUMMARY
This step-by-step article describes how to configure one-way non-transitive trusts in Windows 2000.

You can establish a one-way non-transitive trust between a trusting and trusted domain. Users in the trusted domain can obtain access to resources in the trusting domain. Users in the trusting domain cannot obtain access to resources in the trusted domain. Because of this, you must determine the roles of the trusting and trusted domain in advance. Creating non-transitive trusts exposes the user accounts in the trusted domain to the trusting domain.

One-way transitive trusts are helpful when resource domains need access to user accounts for access control. For example, you may have an array of ISA Server computers that resides at the edge of the corporate network. You can place all of the array members in their own domain, and then create a one-way non-transitive trust so that the ISA Server domain trusts the user domain on the internal network. In this way, if the Active Directory is compromised on the ISA Server array, the attacker does not have access to accounts on the user network.

back to the top

Set Up a One-Way Trust
To create a one-way trust:
 * 1) Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Domains and Trusts.
 * 2) Right-click the trusted domain, and then click Properties.
 * 3) Click the Trusts tab in the Properties dialog box.
 * 4) Click the Add button to the right of the Domains that trust this domain box.
 * 5) In the Add Domain dialog box, type the name of the domain that is to be trusted by this domain. Type a password, and then confirm the password. Click OK, and then click OK again.
 * 6) Let the administrator of the trusted domain know that password.

After the trusting domain is configured, the administrator of the trusted domain must configure the one-way trust to the trusting domain. The procedure varies with the operating system that is used on the trusted domain.

back to the top

Keywords: kbhowto kbHOWTOmaster kbnetwork KB315053

Technology: kbwin2000AdvServ kbwin2000AdvServSearch kbwin2000Search kbwin2000Serv kbwin2000ServSearch kbWinAdvServSearch

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© 2004 Microsoft Corporation. All rights reserved.