DOCUMENT:Q110347 24-JAN-1994 [W_NT] TITLE :Giving Dial-In Permissions to Users of a Trusted Domain PRODUCT :Windows NT PROD/VER:3.10 OPER/SYS:WINDOWS KEYWORDS: -------------------------------------------------------------------------- The information in this article applies to: - Microsoft Windows NT operating system version 3.1 - Microsoft Windows NT Advanced Server version 3.1 -------------------------------------------------------------------------- SUMMARY ======= In order to grant users of Remote Access Service (RAS) for Windows NT 3.1 in "domain_B" dial-in permissions to a server in "domain_A," it is not necessary to add these users (individually or as a group) to the accounts database of domain_A. It is also not necessary to have a RAS Server running in domain_B as long as domain_A is configured to trust domain_B. Domain_B does NOT have to trust domain_A for this configuration to work. MORE INFORMATION ================ Make sure the following steps have been taken in order to grant dial-in permissions to users on the trusted domain_B for the RAS server in domain_A: 1. Either the administrator's account "\domain_A\administrator" has to be part of domain_B's Administrators group, or while logged on to domain_A, the administrator must NET USE * \\domain_B\netlogon /u:domain_B\administrator and enter the password for his account in domain_B when prompted. If either of these steps are not taken, an "Access denied" message appears when it attempts to administer users in domain_B while logged on to domain_A. This is because both accounts appear to be named "administrator," but are actually named "domain_A\administrator" and "domain_B\administrator;" therefore, access is denied. 2. After doing the above, do the following steps: a. Start up RASADMIN on the server in domain_A. b. From the Servers menu, choose Select Domain Or Server. c. In the Domain field, enter the domain name of the trusted "domain_B" and press ENTER. d. If there is no RAS server in domain_B, the first line of the RASADMIN program display area below the menu displays: "No Remote Access Servers were found in the selected domain." Otherwise, it displays a server name of a server that is currently running RAS. e. From the Users menu, choose Permissions. All users in domain_B should now appear in the Users box and it is possible to choose "Grant dial-in permission to user" per user from domain_B to dial in to domain_A's RAS Server. Additional reference words: 3.10 KBCategory: KBSubCategory: ntrmt ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 1994.