Getting Started: UWWI Trust Relationships
Requesting a trust with the UW Windows Infrastructure (UWWI) is a common way of
making use of the automatically-provisioned Windows user accounts that correspond
to UW NetIDs (hereafter referred to as UWWI user accounts).
After successfully
obtaining a trust and configuring your resources with the appropriate access controls,
you will be able to tell your clients to login with UW Windows user accounts to
obtain access to your Windows domain-based resources.
Preparing to Make a Decision
-
Determine what
type of trust you'd like to obtain.
-
Understand the
implications
of using a trust, and plan accordingly.
- Ensure you have a working DNS configuration for your Windows domain.
If you need more information about what it means to have working DNS for
a Windows domain, please read:
-
If you have a firewall, ensure that the
firewall does not restrict access to UWWI.
- Understand the landscape of UWWI. You'll want to read about
UWWI
users,
UWWI
groups,
UWWI
Policy, and you may want to read the
UWWI Architecture Guide.
Requesting a Trust
-
Request your trust
- When directed, follow the online instructions to setup the trust:
Domain Trust Directions
Forest Trust Directions
Using Your Trust
- Review
common ways you might use UWWI across a trust.
- Implement access controls (ACLs) and
group policy settings
as needed.
- Consider
leveraging loopback group policy to apply group policy settings to
any UWWI users logging into your departmental domain computers.
- Consider bulk importing your existing domain's groups
via GroupSync so you can apply access controls to any UWWI users
logging into your departmental domain computers.
- Consider using domain local groups in your departmental domain to
contain UWWI users and groups so you can grant access to computers and
resources in your departmental domain. See
http://www.netid.washington.edu/documentation/images/groups.jpg for
a diagram which shows the group membership and ACLing possibilities of
different AD group types.
- Tell your users.