Your network contains two Active Directory forests named contoso.com and adatum.com. All of the domain
controllers in both of the forests run Windows Server 2012 R2. The adatum.com domain contains a file servernamed Servers.
Adatum.com has a one-way forest trust to contoso.com.
A contoso.com user name User10 attempts to access a shared folder on Servers and receives the error
message shown in the exhibit. (Click the Exhibit button.)
You verify that the Authenticated Users group has Read permissions to the Data folder.
You need to ensure that User10 can read the contents of the Data folder on Server5 in the adatum.com
domain.
What should you do?
A.
Grant the Other Organization group Read permissions to the Data folder.
B.
Modify the list of logon workstations of the contoso\\User10 user account.
C.
Enable the Netlogon Service (NP-In) firewall rule on Server5.
D.
Modify the permissions on the Server5 computer object in Active Directory.
Explanation:
* To resolve the issue, I had to open up AD Users and Computers –> enable Advanced Features –> Select the
Computer Object –> Properties –> Security –> Add the Group I want to allow access to the computer (in this
case, DomainA\\Domain users) and allow “Allowed to Authenticate”. Once I did that, everything worked:
* For users in a trusted Windows Server 2008 or Windows Server 2003 domain or forest to be able to access
resources in a trusting Windows Server 2008 or Windows Server 2003 domain or forest where the trust
authentication setting has been set to selective authentication, each user must be explicitly granted the Allowed
to Authenticate permission on the security descriptor of the computer objects (resource computers) that reside
in the trusting domain or forest.
Grant the Allowed to Authenticate Permission on Computers in the Trusting Domain or Forest.
http://technet.microsoft.com/en-us/library/cc816733(v=ws.10).aspx