FR> Chris Holten wrote in a message to Frank Ramsey:
 FR> Chris Holten wrote in a message to Steve Quarrella:
CH> administrative shares. You don't have to be a part of a
CH> domain to have access to domain resources.
 FR> If the domain guest account is disabled (the default), 
 FR> you must be part of the domain to access domain 
 FR> resources.
CH> Hmm..I never noticed that. However I can log on remotely to
CH> a different domain than what I am in using an administrator
CH> account for that domain and have domain privals. If there is
CH> no guest account, then I can't do that? 
 FR> If the domain A trusts domain B and you're part of domain B, the admins 
 FR> of domain A can grant you privs to domain A resources. 
 FR> The default privs for a trusted domain to a trusting 
 FR> domain are access to domain resources would not be 
Naw, If log on from domain A to Domain B as either administrator or Chris 
from the Domain I'm logging onto (B in this case). Works every time and it is 
not between trusted domains. All you have to do is log with a user account in 
the domain you are logging onto. No doubt if the user account is not in the 
domain you can't log on. The Idea of trusted Domains would be that if I was 
from a trusted domain A, I could log onto trusted Domain B at the security 
level and password I was using in Domain A. If I am in the User base of 
Domain B and logon with the correct password, it doesn't matter at all that I 
log on from a trusted domain.
 FR> available to workstations not part of the domain by 
 FR> default. There was not a suggestion that the 
 FR> workstation belonged to a domain; quite the contrary, 
 FR> the workstation would be kept out of domains to protect 
 FR> the security of admin shares. I jumped in to point out 
 FR> your answer was correct, but to work as described would 
 FR> require the guest account in the domain to be changed 
 FR> from the default.
 FR> If there are no trust relationships between domains and 
 FR> the guest account is disabled, attempts to access 
 FR> domain resources will result in access denied.
I don't think so, but I haven't had a chance to check yet Frank. I think if 
you log on as a Domain User, you have access with whatever security level you 
logged onto the domain as. I do that all the time to maintain from remote 
other Domains. I think we've deleted the guest account on at least one domain 
that I log onto in this manner.
 FR> resources. Because the guest account is disabled by 
 FR> default, by default the workstation will not be able to 
 FR> access domain resources. To access domain resources, 
 FR> the guest account in the domain must be enabled. Or the 
 FR> workstation be made part of the domain, which means the 
 FR> admin shares on the workstation are available to domain 
 FR> admins.
I don't think so frank as I do this all the time. I don't log on as guest, I 
usually log on as Administrater from the Domain I'm logging onto. I'm pretty 
sure that at least one of the domains I do this with has guest accounts 
deleted...but now my curiousity it piqued...I'll have to check and get back 
to you.
--- Maximus/NT 3.01b1
---------------