With Windows XP we were able toconnect to remote domains on the same lan segment without providing credentials as long as the currently logged in username and password were the same as a user in that domain. We are attempting to use the Windows 7 RSAT ADUC to connect to a remote domain on the same lan segament but it is failing as i am sure that it is providing the upn or domain\username. For example: Domain1\User1 has the same SamAccountName as Domain2\User1 In Windows XP we were able to open aduc on a Workstation in Domain1 as Domain1\User1 and remotely connect to Domain2. In Windows 7 this does not work, There are no failed login attempts stating that domain1\user1 failed access on the DC's in Domain2. The same Behavior is exhibited in AD Sites and Services, ADSIEDIT. NTLMv2 responses refusing LM on the DC's NTLMv2 responses refusing LM and NTLM on the Clients What security settings would control this behavior in general. I am not suggesting we lessen the posture of the systems to allow this behavior, more just interested in the differences in How Windows 7 and XP communicate. Oddly enough i can connect to \\domain2dc\c$ without prompting on win xp or win 7. What settings would allow this. Thanks in advance.

No one knows?

Hello, please see: http://support.microsoft.com/kb/102716Best regards Meinolf Weber Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

I am not sure that explains the differences.

I believe that is may be kerberos related not NTLM. Please advise.

Any ideas?

What are the servers? Is the Windows Firewall running? Is UAC disabled? Windows 7 and Windows 2008 server definitely increased security as far as cross domain was concerned. If the domains weren't in a trust relationship or in the same Forest then regardless of the username and password being identical the GUID was not. I have run into this with Windows 7 in a workgroup as well. It used to be if you had the same logon and password on all your computers you could automatically map drives. Now you have to create a home group for some odd reason. I even run into this issue IN a domain with local admin on the local machine and still asking for Admin credentials to run anything but that is directly related to UAC.lforbes

This is consistent in 11 separate forests without trusts. Servers are 2008 R2, Clients are Windows 7 and XP. Things are fine from XP, but not Windows 7. UAC is disabled throughout.