Windows NT domains: in a one-way trust where RESEARCH trusts TESTING, a user in the TESTING\Testers global group needs access to a share on a Windows NT Advanced Server in RESEARCH. What action enables access?

Difficulty: Easy

No action is necessary, as access is already available
The Testers group must be assigned permissions to the shared directory on the Windows NT Advanced Server in the RESEARCH domain
The Testers group must be assigned permissions to the shared directory on the Windows NT Advanced Server in the RESEARCH domain, and the user must log on to the RESEARCH domain
None of the above
None of the above

Correct Answer: The Testers group must be assigned permissions to the shared directory on the Windows NT Advanced Server in the RESEARCH domain

Explanation:

Introduction / Context:
Classic Windows NT domain trusts distinguish between account domains (hold user and global groups) and resource domains (host servers and shares). A one-way trust of RESEARCH → TESTING (RESEARCH trusts TESTING) allows RESEARCH servers to authenticate users and groups from TESTING, but access still depends on explicit permissions granted on the resource.

Given Data / Assumptions:

Trust direction: RESEARCH trusts TESTING (RESEARCH accepts TESTING identities).
User is a member of TESTING\Testers global group.
Guest accounts are disabled in both domains.
Target: a shared directory on a RESEARCH server.

Concept / Approach:

With a one-way trust, the resource domain must assign access control entries (ACEs) to accounts or groups from the trusted domain. Global groups from the account domain (TESTING) are best practice for permission assignment in the resource domain (RESEARCH). The user does not need to log on to RESEARCH; logging on to TESTING provides credentials that RESEARCH can validate via the trust relationship.

Step-by-Step Solution:

Confirm trust direction allows RESEARCH to recognize TESTING identities.Add TESTING\Testers to the ACL of the shared directory on the RESEARCH server with the required permissions.User logs on to TESTING as usual; access is granted based on the ACL containing the TESTING group.No change to domain membership or Guest status is necessary.

Verification / Alternative check:

Windows NT domain design guidelines recommend “Global groups from account domain into local groups on resource domain, then assign permissions,” confirming the approach works without cross-domain logon changes.

Why Other Options Are Wrong:

No action: Wrong because permissions must be granted on the RESEARCH share.

Grant permissions and require logon to RESEARCH: Unnecessary; trust provides cross-domain authentication.

None of the above: Incorrect because assigning permissions to the Testers group in RESEARCH is sufficient.

Common Pitfalls:

Misreading trust direction; assuming users must log on to the resource domain; granting rights to individual users instead of using global groups.

Final Answer:

The Testers group must be assigned permissions to the shared directory on the Windows NT Advanced Server in the RESEARCH domain

Discussion & Comments

No comments yet. Be the first to comment!

Windows NT domains: in a one-way trust where RESEARCH trusts TESTING, a user in the TESTING\Testers global group needs access to a share on a Windows NT Advanced Server in RESEARCH. What action enables access?

More Questions from Windows NT

Discussion & Comments