There's always a risk, indeed. I've yet to design an AD infrastructure where there wasn't some sort of compromise involved!
M ----- Original Message ----- From: "Rick Kingslan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 24, 2003 10:28 PM Subject: RE: [ActiveDir] Different password policy Missy, Well said - and quite true. But, given the difficulty of implementing the compromise, the obvious decision point is going to be based on a risk analysis. Given that we're talking about password policy, I'm not sure how this is germane. But, nonetheless - you're right. If you want to guarantee true security autonomy, the forest is the model to use. Rick Kingslan MCSE, MCSA, MCT Microsoft MVP - Active Directory Associate Expert Expert Zone - www.microsoft.com/windowsxp/expertzone -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Missy Koslosky Sent: Monday, March 24, 2003 9:08 PM To: [EMAIL PROTECTED] If you need to make it super-secure, they really should have their own forest. There aren't a lot of details on this available, but the domain isn't a complete security boundary. ----- Original Message ----- From: "Rick Kingslan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 24, 2003 2:08 PM Subject: RE: [ActiveDir] Different password policy <snip> Nope - a child domain DOES have a separate security policy. <snip> BUT! The really sensitive stuff (the intellectual property) of the company is managed and created by the researchers. We need to make sure that the research information is very secure. <snip> List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
