I support a multi-master NT 4.0 domain network. Each of the domains has a full (two-way) trust relationship with each other. Our legal and security departments have recently instructed me to come up with a method to segregate a number of current active users (certain contractors) from most
of our resources (file, print, etc.) in every existing master domain. These users currently have valid existing NT accounts in the existing master domains. It would be very tedious and time consuming to research
all the ACL?s on all the resources in each domain to ensure they do not have access where they don?t need to.
I?m considering deleting their current accounts and setting up a new domain that each of the master domains would setup as a trusted domain and then create accounts for each of these users in the new domain. This would make the segregation fairly painless and then it would be fairly easy to modify
the ACL?s of the resources in the master domains granting the required accessto the users/groups from the new trusted domain. The total number of users isn?t very large (should be under 30) so overhead creating the new domain and accounts would not be that significant.
However, I?m not sure this would be the most efficient method. One of the criteria specified by legal/security is that these users not be included in the Everyone group. Does anyone have any ideas, suggestions that would enable me to isolate these contractors from all of our resources and then be able to add them to specific ACL’s while not including them in the Everyone group? Thanks in advance!!!