Hey, we're all consumers here and we pride ourselves upon defiant pursuit of
facts, ferreting out quirks, tweaks, and workarounds, and
particularly.....identifying hacks of the MS license technology. Did I
mention we all post under assumed names?
I think I follow what you are saying, and I accept that you are saying that
all you did was "click stuff in the interface and it happened". I
personally have no concerns for what you are suggesting, and if it does
that, I guess it does that, but I didn't think it would do that. However, I
have so little need for such a feature that I'm not particularly interested
in even testing it. I just didn't think that you could expose the Catalog
Server that way, though I do know that transient trust can allow a behavior
similar to what you are describing, but I didn't think that SBS would allow
that to happen.
I do want to make sure I understand what you are saying, though. You have an
SBS domain, you add a W2K server to the SBS domain and then promote it to be
a DC in the SBS domain? From there, you are able to establish a trust from
the DC to a different domain?
BTW, I would observe to you that "the server let me do it" isn't going to be
a valid defense if you were to be audited. As a comparison, you can use NT
Backup to restore an image of a workstation onto another drive, then
continue to run both as two machines instead of one, but that doesn't mean
the licensing has been violated. Please don't think I'm lecturing on this,
I'm just pointing out that 90% of licensing enforcement is based upon trust
and commitment to an agreement, and the balance of "mechanisms" are really
not the significant points. The intent to be license compliant is far more
important than anything else if it comes to an investigation.
> Let me explain this a bit further, the win2000 server is used as a
> server and properly licenced the same as the SBS. The fact that you can
> up trusts on a full version of win2000 server and this then replicates to
> the SBS is not realy a workround but a fact that MS software allows it and
> does it of its own accord. I have tried it and it works apart from the
> that you can only join the domain on the win2000 machine not the SBS.
> from that all permissions of users etc can be added to both machines (The
> replication process automaticaly put the trusts on the SBS and had nothing
> to do with me trying to add it).
> Forgive me if I have done something wrong in the eyes of MS but there
> software did it not me.
> > I don't mean to put my head in the sand, but I don't think this actual
> > work. I think that if the SBS is properly installed, its the host for
> > Catalog role and it's not going to share the Catalog with another
> > and it's not going to allow a foreign DC to gain access to a DC in it's
> > domain. I've not tried the break through this, but this is the
> > I have about how the domain trust mechanisms work.
> > > I can hear the M$ Police sirens in the distance... ; )
> > > > Okay? and how does this affect the SBS licensing?
> > > > --
> > > > Grey
> > > > MVP SBS
> > > > > I hope this may be of use to some of you.
> > > > > We have found out that by installing windows 2000 server (not the
> > > that
> > > > > comes with the sbs disc but an original version) you can make it a
> > > member
> > > > > domain controler of the sbs domain which then copies the active
> > > directory
> > > > > from the sbs to the win2000 server. After this has been done you
> > the
> > > > set
> > > > > up trusts on the win2000 server (not the sbs) for your domain,
> > then
> > > > > replicates to the SBS. And hey presto you have trusts on the SBS.
> > > > there
> > > > > security shows any domain that is trusted.