On Jul 18, 2011, at 3:22 PM, Atom Powers wrote: > On Mon, Jul 18, 2011 at 3:09 PM, Ski Kacoroski <[email protected]> wrote: >> 1. ad.nsd.org >> Single top level domain for staff and students. We are concerned because >> this will allow students to log into staff computers and see resources in >> the entire domain. If you have a setup like this, have you seen problems >> with students getting into machines/resources they should not? > > Although we use Samba (so take my comments with a bucket of NaCl), we > have something like this. Our biggest headache is the inability to set > domain policies specific for staff or students. Everybody is in the > same domain so they all get the same policies. I don't know you you > can set domain policies based on group membership in a real AD domain.
I am very much not an AD expert, but my impression was that one could segregate users into different OUs, and then assign group policies based on those OUs. http://technet.microsoft.com/en-us/library/cc783140%28WS.10%29.aspx Perhaps I am missing what you are trying to do, though. -- Robert Au [email protected] _______________________________________________ Tech mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
