DOCUMENT:Q102035  28-JUL-1993  [W_NT]
TITLE   :Accessing a Server in Another Trusted Domain
PRODUCT :Windows NT
PROD/VER:3.10
OPER/SYS:WINDOWS
KEYWORDS:

----------------------------------------------------------------------
The information in this article applies to:
 
 - Microsoft Windows NT operating system, version 3.1
 - Microsoft Windows NT Advanced Server, version 3.1
----------------------------------------------------------------------
 
To access a server in a domain for which you do not have any trust
relationship, you must have an account in that remote domain. The
account you have can be either a normal (global) user account or a
local user account. The type of account you should choose is discussed
below.
 
When you access the remote server, your user name and password on your
local domain must match that of the account in the remote domain. If
it doesn't, depending on what application you are using, you may be
prompted for a different password and/or user name. If an application
doesn't prompt for your user name or password, connect to the server
from the command line using:
 
   NET USE \\<server>\ipc$ /user:<domain>\<username> <password>
 
The account in the remote domain can be either a normal (global) user
account or a local user account. If the two domains will eventually
have a trust relationship, then the best choice is to temporarily
create a local account for the user in the remote domain. This is done
to limit the use of the account outside the domain in which it is
defined.
 
Local accounts are only recognized within the domain in which they are
defined. It is undesirable to have multiple accounts for one person,
so using a local account is one way to limit how widespread the
account is referenced. This prevents domains that trust the remote
domain from recognizing the account and using it in access control
lists [ACLs]).
 
Local accounts cannot be logged on to interactively; they are 
recognized only over the network, and therefore if the user needs
interactive access, this type of account should not be used. Use a
normal (global) user account to create a single account for use in
each cluster of trusting domains if the domains will never have a
trust relationship (that is, if several domains trust each other, the
account can be defined once in one of them and be recognized in each).
 
Additional reference words: 3.10
KBCategory:
KBSubCategory: WINNT

=============================================================================

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND.  MICROSOFT DISCLAIMS
ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES
OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  IN NO
EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR
ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL,
CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF
MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.  SOME STATES DO NOT ALLOW THE EXCLUSION
OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES
SO THE FOREGOING LIMITATION MAY NOT APPLY.

Copyright Microsoft Corporation 1993.