The NTLM challenge between machines is a little more complex @Quassnoi indicates but it is similar. The machines may well be in the same domain or trusted domains, but the accounts you are using are local machine accounts, scoped only to the local machine’s security access management.

Local SAM accounts patterned as machinename\userid are non-propagatable. You’d experience a series of negotiated fallbacks when you tried to authenticate against external resources using that account as follows:

1. Pass current domain/username/password hash token – it’ll fail, the account is untrusted
2. Fallback – revert passing hash of UserID + Password
3. Fallback – revert to connecting as anonymous credentials.

The fallbacks can also be disabled through configuration, it is very common for anonymous authentication to be prevented.

As @Quassnoi indicates in this instance you managed to login using the #2 fallback.

To enable account credentials to propagate, you’d need the following to be true:

1. machines would need to be members of domains with at least one-way trust between each other (they don’t necessarily have to be members of the same domain).
2. use domain accounts – not local machine accounts – would look something like domainname\userid. A special case is the Network Service account which has a proxy account in the domain scenario – domainname\machinename$.

How do you tell if your machine is a member of the domain? It’s pretty easy if you’ve got interactive login to the machines. There are a few strategies

1. interactively the System control panel will show workgroup or domain membership. (Right-click properties on Computer in the start menu)
2. at the command-line, IPCONFIG /ALL will also show the default DNS prefix which is typically the same as your domain name.

I suspect your ISP would create a domain just to make it easy to manage and monitor their machines. Whether they’d let you create domain accounts is a different question.