I understand that I will be able to "see" the domaim,
however I don't want the actual Servers viewed. As is is
now when you try to look at the shared drive of the
server in domain "A" from domain "B" it give message not
accessable. I don't want the servers visible. Is there a
way to make them invisible to the network? I was able to
use the registry editor and the hidden value, to hide
other computers on the network, but not the two w2k
servers, it doesn't seem to hide them.
Thanks
-----Original Message-----
If they are on the same physical network and in the same broadcast domain then you
will see both domains in My Network Places. The browser service is broadcast based
and does not care about domains. You can hide servers but AFAIK that will hide them
from the browse list to everybody. Just because a user can see the other domains
computers does not mean they can access them. If the
domains are in separate forests,
you can use ipsec require policy on servers/computers that will not allow access to
the computers in the other domain because they will fail kerberos authentication.
Only W2K/XP Pro/W2003 computers are ipsec aware however and you must exempt domain
controllers by their IP address from ipsec negotiation policies with domain members
otherwise domain users will not be able to logon the
domain. See the links below if
