Microsoft KB Archive/102035

From BetaArchive Wiki
Knowledge Base


Accessing a Server in Another Trusted Domain

Article ID: 102035

Article Last Modified on 12/4/2003



APPLIES TO

  • Microsoft Windows NT Advanced Server 3.1
  • Microsoft Windows NT Workstation 3.1
  • Microsoft Windows NT Advanced Server 3.1
  • Microsoft Windows NT Workstation 3.5
  • Microsoft Windows NT Workstation 3.51
  • Microsoft Windows NT Workstation 4.0 Developer Edition
  • Microsoft Windows NT Server 3.5
  • Microsoft Windows NT Server 3.51
  • Microsoft Windows NT Server 4.0 Standard Edition



This article was previously published under Q102035

SUMMARY

To access a server in a domain for which you do not have any trust relationship, you must have an account in that remote domain. The account you have can be either a normal (global) user account or a local user account. The type of account you should choose is discussed below.

MORE INFORMATION

When you access the remote server, your user name and password on your local domain must match that of the account in the remote domain. If it doesn't, depending on what application you are using, you may be prompted for a different password and/or user name. If an application doesn't prompt for your user name or password, connect to the server from the command line using:

   NET USE \\<server>\ipc$ /user:<domain>\<username> <password>
                



The account in the remote domain can be either a normal (global) user account or a local user account. If the two domains will eventually have a trust relationship, then the best choice is to temporarily create a local account for the user in the remote domain. This is done to limit the use of the account outside the domain in which it is defined.

Local accounts are only recognized within the domain in which they are defined. It is undesirable to have multiple accounts for one person, so using a local account is one way to limit how widespread the account is referenced. This prevents domains that trust the remote domain from recognizing the account and using it in access control lists [ACLs]).

Local accounts cannot be logged on to interactively; they are recognized only over the network, and therefore if the user needs interactive access, this type of account should not be used. Use a normal (global) user account to create a single account for use in each cluster of trusting domains if the domains will never have a trust relationship (that is, if several domains trust each other, the account can be defined once in one of them and be recognized in each).


Additional query words: prodnt

Keywords: kbnetwork KB102035