Domain.com (contains all user accounts)
Windows Server 2003 forest/domain
Contains Universal security group "Resource App Users" containing user accounts in domain.com
Resource.com
Windows Server 2003 forest \ Windows Server 2008 R2 domain
Contains "AppUsers" OU
In this OU is a Domain local security group "AppGroup" containing "Domain\Resource App Users" and a few test accounts in the Resource domain
One-Way Trust: Resource.com trusts Domain.com
There is a GPO set on the "AppUsers" OU that restricts what programs can be run along with some IE browser settings, with security filtering set to apply the policy to Resource\AppGroup
The GPO applies to the test accounts in Resource but not to the members of the "Domain\Resource App Users" group
We want users in the "Domain\Resource App Users" group who log onto the Resource domain have this policy applied
Is this possible to set this up with only a one-way trust in place? If yes, what is needed to get this working?
Windows Server 2003 forest/domain
Contains Universal security group "Resource App Users" containing user accounts in domain.com
Resource.com
Windows Server 2003 forest \ Windows Server 2008 R2 domain
Contains "AppUsers" OU
In this OU is a Domain local security group "AppGroup" containing "Domain\Resource App Users" and a few test accounts in the Resource domain
One-Way Trust: Resource.com trusts Domain.com
There is a GPO set on the "AppUsers" OU that restricts what programs can be run along with some IE browser settings, with security filtering set to apply the policy to Resource\AppGroup
The GPO applies to the test accounts in Resource but not to the members of the "Domain\Resource App Users" group
We want users in the "Domain\Resource App Users" group who log onto the Resource domain have this policy applied
Is this possible to set this up with only a one-way trust in place? If yes, what is needed to get this working?