Forest Wide Authentication Vs Selective Authentication
When creating a forest level trust, you have the option to select from two types of authentication, they are:
- Forest-Wide Authentication - Windows will automatically authenticate users from the specified forest for ALL resources in the local forest. This is the default option and is recommended if both forests belong to the same organisation.
- Selective Authentication -Windows will not automatically authenticate users from the specified forest for resources in the local forest. Individual access must be granted to each domain and server for the specified forest. This option is recommended if the forests belong to different organisations.