|
Home > Archive > 70-068 enterprise > October 2000 > Is this summary of trusts in my own words correct?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Is this summary of trusts in my own words correct?
|
|
|
| Okay i know its 4am pacific time on a saturday but i write my test in 8 hours and i want to make sure i have trusts down SOLID.
the scenario:
"A" trusts "B"
---------------
visually depicted:
A ---> B
About Domain "A":
1)Known as the trusting domain
2)"opens" its door to domain B, to allow global groups and user accounts from domain B to be allwed into its local groups on domain A
3) holds the resources that domain B wants
About Domain "B":
1)Known as the trusted domain.
2) in order for people on domain B to access resources on domain A, either their personal user account needs to be added to a local group on domain A or a global group must be created when more than 1 person wants access to the same resource.
3) when creating the trusts accounts you use USER MANAGER FOR DOMAINS, and the "TRUSTED" domain, domain "B" needs to be setup first. Then domain "A" admin can either accept or deny the trust request.
Only the administrator on Domain A can "pull/add" in users/global groups from domain B, but the administrator on Domain B has to create them first, Domain "A" admin cant create global groups on domain B. ?? is that right?
A local group on Domain B can not be added to the Domain A computer. A global group from Domain B can also not be allowed into a global group on domain A.
anything else that im missing? | |
|
| a follow up on the usage of DOMAIN GUEST and DOMAIN USER
lets take the example of Mary. Mary has a home account on Domain B, where all the rest of hte user accounts are stored. Mary's user account was added to the local group on Doamin A to access the printer, she has all the rights in the world to access the printer.
Now is Mary, on Domain A, a "GUEST" or a "USER"?
My understanding is that she is a guest. If she was accessing somthing on Doamin B, her "home" domain, then she would be a user. But once she is outside her home domain she is considered a GUEST? Correct? If that is true then wouldnt EVERYONE who access' a resource in a Master Domain Model be considered a guest when they access the resource domains?
Exam Cram says this:
"If any user logs onto a domain other htan his or her home domain, the user becomes a Domain Guest in the foreign domain.
<Is a foreign domain still considered a foreign domain if a trust is connected between them?>
The trick to remeber is that trusts work only when a user from a trusted domain <domain B>attempts to access resources in a trusting domain <domain A>. If users dont log onto a domain where they have true user accounts, they can only function as a Domain Guests in teh domains they do log onto."
<so that means if there WASNT a trust, and somehow mary was able to access domain A, then she would be called a GUEST because she is out of her home domain, however if a trust did get created she really isnt outside her home domain as the two are 'bridged' together and is in actuality a USER and not a GUEST?>
So in Mary's case, she would have to log onto Domain B, validate herself on that doamin because thats where her account lies, and then when she goes to use the printer she is then a guest of Domain A or a User of Domain A?
what happens if she tries to log directly onto domain A? With out going through Domain B? She cant can she, because there are ZERO user accounts on domain A, and no real sys admin allows normal "guests" to access their servers, for security reasons that is.
so mary is a guest right? They will ALWAYS be a guest regardless, unless they have their own user account on Doamin A, but why would you do that in a master domain model? all the accounts ARE ON domain B.
am i confusing anyone yet? or only myself hehe
[This message has been edited by THELAIR (edited 10-21-2000).] | |
|
| Okay I found the answer.
If you log on to your primary domain that holds your account, and then connect to a trusting domain to access a share, you are a USER.
Exam cram says:
the use of the master domain model implies that all user accounts are present in the Trusted (domain b) domain. Thus all user accounts are members of the DomainB\Domian Users group. Because Doamin B is trusted by the Resource domain (domain A) every user who logs on thorugh a sales domain worksation will be able to view all ojbects to which permissions have been granted to the DomainB\Domain Users group in either domain.
So obviously if you try to connect to a domain to which you have no account, you are logged in as a Guest, not a user, but a guest. Makes sense
|
|
|
|
|