Scenario...
Server Software = Win 2000 Terminal Server
Sales Staff use thin clients
Head Office staff use PC's and some use thin clients
We have two domains ABC and DEF.
They are fully trusted both ways.
Sales Staff have their accounts managed on DEF domain and Head Office (HO) staff are managed on ABC domain.
The Sales team log on to DEF domain and use some files from ABC domain through mappings or links. The sales staff have been stripped of all icons and most rights through policies. All sales staff are in one room. They have no access to the internet (via proxy on ABC domain).
HO staff have all icons and rights as appropriate. The HO staff that use PC's are in another room.
We do not want sales staff from accessing internet or parts of ABC domain that are not relevant to them and the current setup works well. Now comes the problem.
We need to put a PC into the sales room. HO staff in that room (that previously used thin clients) will log on to this machine to pick up email or surf or whatever.
BUT
If I try to log on to this PC with a sales ID (using DEF domain), I get full icons and full access to internet.
SO
I want to restrict ONLY this 1 particular PC to only be able to log into ABC domain and (local machine).
Any thoughts? I can not seem to find it in policies. The default domain for this machine is ABC, but if you expand OPTIONS on the login screen, it is easy to type in DEF domain. Can the OPTIONS box on the login screen be disabled?
Thanks in advance for any help.
Garty
Server Software = Win 2000 Terminal Server
Sales Staff use thin clients
Head Office staff use PC's and some use thin clients
We have two domains ABC and DEF.
They are fully trusted both ways.
Sales Staff have their accounts managed on DEF domain and Head Office (HO) staff are managed on ABC domain.
The Sales team log on to DEF domain and use some files from ABC domain through mappings or links. The sales staff have been stripped of all icons and most rights through policies. All sales staff are in one room. They have no access to the internet (via proxy on ABC domain).
HO staff have all icons and rights as appropriate. The HO staff that use PC's are in another room.
We do not want sales staff from accessing internet or parts of ABC domain that are not relevant to them and the current setup works well. Now comes the problem.
We need to put a PC into the sales room. HO staff in that room (that previously used thin clients) will log on to this machine to pick up email or surf or whatever.
BUT
If I try to log on to this PC with a sales ID (using DEF domain), I get full icons and full access to internet.
SO
I want to restrict ONLY this 1 particular PC to only be able to log into ABC domain and (local machine).
Any thoughts? I can not seem to find it in policies. The default domain for this machine is ABC, but if you expand OPTIONS on the login screen, it is easy to type in DEF domain. Can the OPTIONS box on the login screen be disabled?
Thanks in advance for any help.
Garty