I am a helpdesk/feild tech and I want to solve a problem that has a band-aid fix. We have two workstations on our network (we will name it network A) that need to vpn to another network (network B). This was not an issue until we started rolling out our new AD 3003 domain (upgrading from NT 4.0) Now when they vpn to network B they lose all access to our network. I have created links to the main servers they need to connect to and they are then prompted for their AD credentials, but when they are prompted it has cached their credentials for network b in the username feild. If they authenticate to certain resources, they are able to use them fine, but I am wondering if we can avoid them authenticating to 3 different servers, or if there is a way to create a batch file that hides their password or encrypts it, or some how make it easy for them to be able to work in both networks.
2 networks and Active Directory
- Thread starter thenoelman
- Start date
RebateMonger
Elite Member
- Dec 24, 2005
- 11,586
- 0
- 0
Check out "Trusts".
There are one-way, two-way, transitive, and non-transitive Trusts that allow Users on one domain to be automatically trusted by other domains.
Trusts are vastly simpler to create and maintain with Active Directory, compared to NT.
There are one-way, two-way, transitive, and non-transitive Trusts that allow Users on one domain to be automatically trusted by other domains.
Trusts are vastly simpler to create and maintain with Active Directory, compared to NT.
I know a bit about trusts, but being that the network b is a government network, do you think they would allow us to add them as a trusted domain? Wouldn't that complicate things more and have them have to log out and back in to each domain?
RebateMonger
Elite Member
- Dec 24, 2005
- 11,586
- 0
- 0
The question isn't whether you can add THEM as a trusted domain. You choose to trust them and send them a Security Certificate, and they can log into your domain. The question is whether they will trust YOUR domain and let YOU log into their domain.
The ONLY, for sure, secure way to handle logins and passwords is to let Active Directory handle it. (Or an equivalent, high-security operating system that knows how to encrypt accounts/passwords and keep them safe). Windows Active Directory doesn't keep unencrypted passwords laying around for people to discover and steal. And all password transmissions are secured. If you care about your security, don't try to create your own "hidden" password storage system. And if you use somebody else's, make sure it is an industry-recognized-safe system.
The ONLY, for sure, secure way to handle logins and passwords is to let Active Directory handle it. (Or an equivalent, high-security operating system that knows how to encrypt accounts/passwords and keep them safe). Windows Active Directory doesn't keep unencrypted passwords laying around for people to discover and steal. And all password transmissions are secured. If you care about your security, don't try to create your own "hidden" password storage system. And if you use somebody else's, make sure it is an industry-recognized-safe system.
so in this situation, we only need to log in to their domain to hit their resources. They would then be the one who would need to trust our domain, correct? They have given us a username and password to log in to their domain currently. I need to learn more about Trusts - I will read.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter