baeke.info :: No null session with a one-way trust?

About

You arrived at the weblog of Geert Baeke. I am a technology consultant for a company called Xylos (Belgium). I mostly work with Microsoft technologies such as Windows, Active Directory, Exchange, Sharepoint, MSCS, and more. I am also actively busy with VMware's products, focussing on VMware ESX.

Sections

Tutorials

Twitter

follow GeertBaeke at http://twitter.com

XBOX 360

RSS Newsfeeds

Main Page RSS

Windows RSS

Main Page » Technologies » Windows

Previous:	Namescape rDirectory: web-based AD application
Next:	Several issues when you add a Windows 2003 SP1 domain controllers to an existing domain

No null session with a one-way trust?

by rastix on Mon 23 Jan 2006 10:46 PM CET | Permanent Link | Cosmos

When you create a one-way trust between two Windows domains, you would expect that null sessions are used to make browsing for users and groups possible. Of course, as you might have guessed, this is not the case. I never actually paid attention to this, until someone asked me why they got an authentication dialog box to verify accounts in a trusted domain.

Take the following scenario:

Domain A (Windows 2003)
Domain B (Windows 2000)
Domain A trusts domain B (so we can add accounts from domain B to ACLs of resources in domain A)

When you are on a Windows 2000 (or higher) system in domain A, and you want to add a user from domain B to an ACL, you will get a prompt that asks you for credentials in domain B. This is because a Windows 2000 and higher system does not use a null session to connect to a domain controller in domain B. Apparently, this cannot be changed because it is by design.

It does not actually matter if domain A or B are Windows 2000 and higher domains (native, mixed, whatever). If the machine that has the resource (share, printer, ….) is Windows 2000 or higher, you will get the authentication prompt. Annoying!

Posted to:

Windows

Comments

Post a comment

No comments found.

Trackbacks

TrackBack URL:
http://blog.baeke.info/blog/_trackback/1720071

No trackbacks found.

Post comment:

	Receive comment notifications for this article
Subject:
Comment:

Comment verification:

Please enter the text you see inside the graphic to post your comment:

You are not currently logged in. If you would like your user information to be displayed with your comment, please enter your login information below.