Hey guys,
So I wanted to pose a mystery to everyone and see someone has an idea what is going on here.
I support a system that normally lives in its own little workgroup, with one PC acting as a "server" (think function, not hardware or OS, it is running WinXP Pro SP3) to other workstation PCs. This "server" PC has two NICs in it. One for the workgroup LAN and one that will allow it to connect to the domain without being a member of that domain (it has to be this way, domain policies will crush the application on the server that I am using).
Normally if someone needs one of their domain PCs to connect to this "server" we need to have the domain account information added as a local account on the "server". This will allow the shares to be used, etc.
As I understand it, this is pretty basic stuff and would be the normal expected setup for allowing domain systems to use the workgroup shares. (( If I am being ignorant here, I apologize )) I could easily link several dozen posts and articles that specify this EXACT requirement / solution, and I believe I understand why (workgroups use local authentication where domains do not).
Here is my question though... I have one of these setups at my desk, and it DOESN'T require my domain account information to be added to the workgroup server PC. Not a trace of it is over there, and despite have dealt with dozens and dozens of system that puke up access errors when the aforementioned configuration isn't as it should be, my test system is as happy as can be.
I don't understand why.
I checked to see if the "Everyone Permissions" were being applied to anonymous users, but that is not enabled. So I am a bit stuck. My domain permissions appear to be different than other peoples, but should that even matter? If I am logging into the domain as "bob" with a password of "cookies", there isn't some way for the workgroup to be told "go ahead and just ignore all that, this guy was given admin privs so let it slide", assuming again that I haven't gone and just thrown down a mess of "everyone" permissions that were then granted to anonymous users...
I was hoping someone here might have a "Oh, didn't you know that if..." sort of wisdom on this. I am staring at a major solution for a very grumpy problem if I can just figure out what the heck is going on.
So I wanted to pose a mystery to everyone and see someone has an idea what is going on here.
I support a system that normally lives in its own little workgroup, with one PC acting as a "server" (think function, not hardware or OS, it is running WinXP Pro SP3) to other workstation PCs. This "server" PC has two NICs in it. One for the workgroup LAN and one that will allow it to connect to the domain without being a member of that domain (it has to be this way, domain policies will crush the application on the server that I am using).
Normally if someone needs one of their domain PCs to connect to this "server" we need to have the domain account information added as a local account on the "server". This will allow the shares to be used, etc.
As I understand it, this is pretty basic stuff and would be the normal expected setup for allowing domain systems to use the workgroup shares. (( If I am being ignorant here, I apologize )) I could easily link several dozen posts and articles that specify this EXACT requirement / solution, and I believe I understand why (workgroups use local authentication where domains do not).
Here is my question though... I have one of these setups at my desk, and it DOESN'T require my domain account information to be added to the workgroup server PC. Not a trace of it is over there, and despite have dealt with dozens and dozens of system that puke up access errors when the aforementioned configuration isn't as it should be, my test system is as happy as can be.
I don't understand why.
I checked to see if the "Everyone Permissions" were being applied to anonymous users, but that is not enabled. So I am a bit stuck. My domain permissions appear to be different than other peoples, but should that even matter? If I am logging into the domain as "bob" with a password of "cookies", there isn't some way for the workgroup to be told "go ahead and just ignore all that, this guy was given admin privs so let it slide", assuming again that I haven't gone and just thrown down a mess of "everyone" permissions that were then granted to anonymous users...
I was hoping someone here might have a "Oh, didn't you know that if..." sort of wisdom on this. I am staring at a major solution for a very grumpy problem if I can just figure out what the heck is going on.