Search | Directories | Reference Tools
UW Windows Infrastructure Service banner image
Skip Navigation LinksUW Home > IT Connect > Services > UW Windows Infrastructure > Getting Started: UWWI Trusts

Getting Started: UWWI Trust Relationships

Requesting a trust with the UW Windows Infrastructure (UWWI) is a common way of making use of the automatically-provisioned Windows user accounts that correspond to UW NetIDs (hereafter referred to as UWWI user accounts).

After successfully obtaining a trust and configuring your resources with the appropriate access controls, you will be able to tell your clients to login with UW Windows user accounts to obtain access to your Windows domain-based resources.

Preparing to Make a Decision

  1. Determine what type of trust you'd like to obtain.
  2. Understand the implications of using a trust, and plan accordingly.
  3. Ensure you have a working DNS configuration for your Windows domain. If you need more information about what it means to have working DNS for a Windows domain, please read:
  4. If you have a firewall, ensure that the firewall does not restrict access to UWWI.
  5. Understand the landscape of UWWI. You'll want to read about UWWI users, UWWI groups, UWWI Policy, and you may want to read the UWWI Architecture Guide.

Requesting a Trust

  1. Request your trust
  2. When directed, follow the online instructions to setup the trust:
        Domain Trust Directions
        Forest Trust Directions

Using Your Trust

  1. Review common ways you might use UWWI across a trust.
  2. Implement access controls (ACLs) and group policy settings as needed.
  3. Consider leveraging loopback group policy to apply group policy settings to any UWWI users logging into your departmental domain computers.
  4. Consider bulk importing your existing domain's groups via GroupSync so you can apply access controls to any UWWI users logging into your departmental domain computers.
  5. Consider using domain local groups in your departmental domain to contain UWWI users and groups so you can grant access to computers and resources in your departmental domain. See http://www.netid.washington.edu/documentation/images/groups.jpg for a diagram which shows the group membership and ACLing possibilities of different AD group types.
  6. Tell your users.