Single Forest = Security Boundary Advise Pls!!!!

[Paul]

Hello,

I have been advising people that should a company require separation in
terms of security that a Forest is the only true boundary. However, Im now
in a situation where a company who requires two of its business to be kept
separate from each other, while maintaining a single global address list and
calendar sharing...

My question is this, In one forest is it possible to secure it in such way
that administrators in one child domain cannot interfere or put at risk
other child domains with in the forest? taking into consideration removal of
enterprise admins from the child domains and in the root domain service
level administrators are trusted across the entire company.

Trusts between forests would not provide a solution in this due to the
security constraints with in the company, Total separation means total
separation. They have tasked me with pointing out what the exact security
risks are, and whether they are manageable through design with in a single
forest.

Any pointers / help on where to look for information or advise would be most
gratefully received.

Many thanks

Paul,

 

[Tim Hines [MSFT]]

That topic was discussed in
http://www.microsoft.com/technet/tr...curity/prodtech/win2000/secwin2k/05secdom.asp.
I believe that there is another resource about this that has more
information but I can't seem to locate it at this time.


--
Tim Hines, MCSE, MCSA
Windows 2000 Directory Services

=====================================================
When responding to posts, please "Reply to Group" via
your newsreader so that others may learn and benefit
from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.