No announcement yet.

One-Way Trusts and user management.

  • Filter
  • Time
  • Show
Clear All
new posts

  • One-Way Trusts and user management.


    I have a web application "A" on it's own domain "" and the main coporate domain is "". The application needs it's own domain for process privileges and is vendor supported.

    Users in are added to to allow them to use the application on the workstations. There is a one way trust set up to do this.

    Recently we implemented a policy that required users to change their passwords every 90 days. The users are prompted by this policy from in application "A", however, when they follow the steps, then click "OK" to complete their password change, application "A" responds "there is an internal error" and to see their administrator.

    At this point I should add, these users mostly consist of physicians and simply instructing them to change thier password in another manner would be a last resort solution. It is also very frustrating for them to follow a process then be denied. The vendor is not willing to suppress this message, stating it is hard coded in their applicaiton, nor do they have a solution to allow password changes in the domain from application "A".

    I am sure that at one time, application "A" (of which I am the manager) requested I change my password and it worked with my domain login. I distinctly recall logging off the application after resetting my password from it and logging of my workstation, then logging back in to both using my new password. I was new at the time and so tested the functionality to understand how it was configured for end users. (Or, I'm on crack)

    Both the vendor and the IT group are stating a two-way trust must be implemented, to allow users to be allowed to changed their password for their accounts from application "A". Unfortunately, application "A" has confidential information that a two-way trust would compromise, and this would create a security and policy nightmare. Plus it is not vendor supported and this particular vendor likes to point fingers, so I would like to avoid providing that type of opportunity to them.

    Now finally my question:

    Is it possible to have a one-way trust, as is currently set up, that will allow users to change their account password from

    Thank you in advance for your assistance.

  • #2
    Re: One-Way Trusts and user management.


    I am not sure how your application A works but you can do a simple test in a lab or using test accounts and find out if you can change password of user's on corp from while logging on to domain
    Thanks & Regards

    MCTS 2008, MCTIP, MCSE 2003, MCSA+Messaging E2K3, MCP, E2K7
    Sr. Wintel Eng. (Investment Bank)
    Independent IT Consultant and Architect

    Show your appreciation for my help by giving reputation points