shared trust 2 domains? How?
Hi TechNet,Our company already has one domain (lets call this Company-Wide) which everyone uses and is a member of except my group. My group occasioinaly uses sensitive data and because of this my boss will not let us join our group's computers to the domain. Is it possible to create a domain of my own and join it with the Company-Wide domain so that the users have to be approved in my domain as well as the Company-Wide one to access my group's systems? This way we could let the group's users use their company username/password while restricting access to only them. This also allows me to create a test account or temporary accounts for newhires before all the company wide paperwork goes though.I've googled this quite a bit but I can't seem to find out what its called, something like shared trust domains or something like that, any links, keywords, tutorials, encouragement would be much appreciated.-Nick P
December 27th, 2007 9:20am
This should be handled by OUs, not domains.
You can restrict access to computers, accounts, etc. using an OU and GPOs + normal NTFS security.
I believe your boss is a little to paranoid. What is the difference? You either lock everyone out using local users/groups or using domain users/groups.
Free Windows Admin Tool Kit Click here and download it now
December 27th, 2007 6:41pm
Well, I am an OU admin of my group already (the domain has our groups broken up into units and each admin of their unit is the OU admin), does that mean I can assign what users can and can't access easily? All I've been able to find is the startup scripts through the Group Policy Editor. Any advice on another way to accomplish this or links to a tutorial? If not I'll google some more of that when I have a chance. Thanks everyone. As you can tell I'm very new to administrating a domain or part of it.
December 27th, 2007 7:27pm