P
Paul
Hello,
I have been advising people that should a company require separation in
terms of security that a Forest is the only true boundary. However, Im now
in a situation where a company who requires two of its business to be kept
separate from each other, while maintaining a single global address list and
calendar sharing...
My question is this, In one forest is it possible to secure it in such way
that administrators in one child domain cannot interfere or put at risk
other child domains with in the forest? taking into consideration removal of
enterprise admins from the child domains and in the root domain service
level administrators are trusted across the entire company.
Trusts between forests would not provide a solution in this due to the
security constraints with in the company, Total separation means total
separation. They have tasked me with pointing out what the exact security
risks are, and whether they are manageable through design with in a single
forest.
Any pointers / help on where to look for information or advise would be most
gratefully received.
Many thanks
Paul,
I have been advising people that should a company require separation in
terms of security that a Forest is the only true boundary. However, Im now
in a situation where a company who requires two of its business to be kept
separate from each other, while maintaining a single global address list and
calendar sharing...
My question is this, In one forest is it possible to secure it in such way
that administrators in one child domain cannot interfere or put at risk
other child domains with in the forest? taking into consideration removal of
enterprise admins from the child domains and in the root domain service
level administrators are trusted across the entire company.
Trusts between forests would not provide a solution in this due to the
security constraints with in the company, Total separation means total
separation. They have tasked me with pointing out what the exact security
risks are, and whether they are manageable through design with in a single
forest.
Any pointers / help on where to look for information or advise would be most
gratefully received.
Many thanks
Paul,