Information Technology Reference
In-Depth Information
6. In Windows Explorer, click to expand the
Q:
volume. Right-click
TestShare1
and click
Properties
. Click the
Sharing
tab, and then click the
Advanced Sharing
button. Click
Permissions
.
7. In the Permissions for TestShare1 dialog box, click
Add
. In the Select Users, Computers, or
Groups dialog box, click
Locations
. Click
w2k8ad1XX.com
, and click
OK
.
8. Type
Administrator
and click
Check Names
. Click
OK
. In the Share Permissions list box,
Administrator (w2k8ad1XX\Administrator) is added. Click the
Full Control
check box in
the Allow column of the Permissions for Administrator list box, and then click
OK
twice.
9. Click the
Security
tab, and then click
Edit
. Click
Add
. In the Select Users, Computers, or
Groups dialog box, click
Locations
. Click
w2k8ad1XX.com
, and then click
OK
.
10. Type
Administrator
and click
Check Names
. Click
OK
. Click the
Full Control
check box in
the Allow column of the Permissions for Administrator list box, click
OK
, and then click
Close
.
11. On Server1XX, try again to open
TestShare1
. You should be successful. When you try to
create a file, you should be successful.
12. On both servers, close all open windows and log off.
External trusts and realm trusts are configured in Active Directory Domains and Trusts. An external
trust is created between domains in different forests or between domains in a Windows Server
2003/2008 forest and a Windows 2000 Server forest or Windows NT domain. Recall that Windows
2000 Server and Windows NT don't support forest trusts, so an external trust is the only way to build
a trust relationship between forests in these OSs and Windows Server 2003/2008 forests. An exter-
nal trust involves Windows domains on both sides of the trust, but a realm trust is created between
a Windows domain and a non-Windows OS running the Kerberos v5 authentication protocol.
Unlike a forest trust, an external trust is not transitive and need not be created between the
forest root domains of two forests. In addition, SID filtering (discussed later in this chapter) is
enabled by default. Aside from these differences, creating an external trust is nearly identical to
creating a forest trust.
The only real consideration when creating a realm trust is whether it should be transitive. If
it's transitive, the trust extends to all child domains and child realms. Otherwise, the procedure
is much the same as configuring other trust types.
After creating a trust, you might need to view or change its settings. To do this, in Active Directory
Domains and Trusts, open the domain's Properties dialog box and click the Trusts tab. Select the
trust you want to configure and click the Properties button. The Properties dialog box of a forest
trust contains three tabs—General, Name Suffix Routing, and Authentication—discussed in the
following sections.
The General Tab
The General tab, shown in Figure 10-14, contains the following fields
and information:
•
The other domain supports Kerberos AES Encryption
—Kerberos AES encryption enhances
authentication security and is supported by Windows Server 2008 and Vista. If the forest
trust is between two Windows Server 2008 domains, you can select this option.
•
Direction of trust
—This field is for informational purposes only. You can't change the
trust direction without deleting and re-creating the trust.
•
Transitivity of trust
—This field is for informational purposes only. You can't change the
transitivity without re-creating the trust. Some trusts, such as forest and shortcut trusts,
are always transitive.
•
Validate
—Click this button to confirm the trust. It performs the same action as the confir-
mation process at the end of the New Trust Wizard. If you didn't create both sides of the
trust with the wizard, you should validate the trust with this option after both sides have
been created.
•
Save As
—Click this button to create a text file containing details of the trust.
Search WWH ::
Custom Search