Windows NT domains and trust: DESIGN trusts SALES. A color printer in DESIGN grants permissions to DESIGN\\Domain Users and DESIGN\\Domain Guests, and the Guest account is enabled in DESIGN. User JohnY logs on with an account from SALES. What must you do so JohnY can print?

Introduction:
In Windows NT-style domains, a trust allows authentication from one domain (SALES) to be recognized by another (DESIGN). However, authorization to resources in the trusting domain still depends on group membership in that domain. This question tests whether you can distinguish authentication from authorization and correctly place the user into a group that already has permissions.

Given Data / Assumptions:

• DESIGN trusts SALES (so SALES users can be authenticated).
• The printer's DACL grants access to DESIGN\\Domain Users and DESIGN\\Domain Guests.
• DESIGN's Guest account is enabled.
• JohnY is a SALES domain user and currently not a member of DESIGN groups.

Concept / Approach:
Trusts provide cross-domain authentication, but access is controlled by ACL entries that reference local domain groups or specific users. To grant access without redefining permissions, add the external user to one of the allowed groups in DESIGN. Since the printer already allows DESIGN\\Domain Guests and the Guest account is enabled, adding JohnY to DESIGN\\Domain Guests is the minimal and sufficient action (alternatively, adding to DESIGN\\Domain Users would also work, but the least privilege approach is Guest in this scenario).

Step-by-Step Solution:
1) Confirm trust: SALES → DESIGN (authentication is recognized).2) Review printer permissions: DESIGN groups only.3) Choose a DESIGN group that already has permissions (Domain Guests).4) Add JohnY (a SALES principal) to DESIGN\\Domain Guests to grant access.

Verification / Alternative check:
After group membership is established and replicated, JohnY should enumerate and use the printer from a SALES logon session, proving that authorization is granted across the trust via group inclusion.

Why Other Options Are Wrong:

• No action needed: Wrong—he is not yet in any permitted DESIGN group.
• Impossible with this configuration: Incorrect—trust enables cross-domain membership in DESIGN groups.
• Enable anonymous access: Not recommended and not necessary; it bypasses proper authorization.
• DESIGN Domain Users: Would work but is more privilege than necessary; the question asks what must you do—adding to Domain Guests satisfies existing permissions with least privilege.

Common Pitfalls:
Confusing authentication (trust) with authorization (permissions and group membership); assuming trusts alone confer access.

Final Answer:
Add JohnY to the DESIGN Domain Guests group