LAB10: TRUSTS AND LOCAL AND GLOBAL GROUPS

LAB10: TRUSTS AND LOCAL AND GLOBAL GROUPS
In this exercise, we will create local and global groups in preparation for a one way trust which we will establish after the creation of the groups.

In LAB6E, a local group called Sales was created. Currently, this local group has user1 as a member and access permissions to the SALES DOC share [mapped to the \TEMP directory in LAB 6F].

We will create a new global group, which we can export users to allow them access into another domain. The picture looks like,

Trust Diagram

In the above diagram, the trusted domain [where the new global group is] will be given access to the SALES DOC share in the trusting domain.

To accomplish this, you must work in pairs with another group, as two domains are required to perform this. Decide upon yourself which domain will be the trusted and trusting domains.

	Trusted Domain is	…………………………………………

	Name of PDC		…………………………………………


	Trusting Domain is 	…………………………………………

	Name of PDC		…………………………………………

The first step is to create a global group on the trusted domain which contains the users we want to export. Perform the following steps at the trusted domain.

Log on to the PDC as administrator
Open User manager for Domains and create a new Global Group called GlobalSales
Create a new user account called trusttest, uncheck the Must change password at next log on, do not specify a password, and also assign log on local rights to the domain controller. Add trusttest to the newly created global group GlobalSales
The next step is to create a one way trust between the two domains. Use User Manager for Domains to create the trust relationships.
You are already logged on the PDC of the trusted domain as administrator. Start User Manager for Domains
From the Policies Menu, select Trust Relationships
We are doing this on the trusted domain. We need to add permissions for the trusting domain. To do this, click add on the Trusting Domains box. This will pop up the following dialog box.
Add the name of the trusting domain and do not use a password [leave the Initial and Confirm Password entries blank].
Click on OK, and the name of the trusting domain will be added to the list of trusting domains.
Click Close.
This sets up the trust on the trusted domain. It is now necessary to complete the trust relationship by going to the trusting domain. Perform the following steps at the trusting domain.
Log on to the PDC as administrator.
Start User Manager for Domains, and from the Policies Menu, select Trust Relationships
We are doing this on the trusting domain. We need to add permissions for the trusted domain. To do this, click add on the Trusted Domains box. This will pop up the following dialog box.
Add the name of the trusted domain and do not use a password [leave the Password entry blank].
Click on OK.
What was the message displayed on the screen?
……………………………………………………………………………………………….

Was the trust relationship successfully established? YES NO
The name of the trusted domain will be added to the list of trusted domains. Click on Close.
DO NOT PROCEED TO THE FOLLOWING IF THE TRUST RELATIONSHIP WAS NOT ESTABLISHED CORRECTLY.

LAB11: LOGGING ON THROUGH THE TRUST AND ACCESSING RESOURCES VIA THE TRUST
In the previous exercise, a one way trust was created between two domains. This exercise illustrates the effect of that trust relationship. You created a global group called Global Sales in the trusted domain, and trusttest is a member of that global group.

Perform the following steps at the BDC of the trusted domain.

Log off the BDC and press CTRL+ALT+DEL to pop up the log on dialog box
In the FROM box, list the available domains
…………………………………………………………….

…………………………………………………………….

…………………………………………………………….
Log on as administrator.
Why do you think the list of available domains does not include the trusting domain?
…………………………………………………………….

…………………………………………………………….

…………………………………………………………….
Is it possible to log on to the trusting domain from a workstation or server in the trusted domain?
```
	YES		NO
```

Perform the following steps at the BDC of the trusting domain

Log off the BDC and press CTRL+ALT+DEL to pop up the log on dialog box
In the FROM box, list the available domains
…………………………………………………………….

…………&