Recent content by KimW

Saltin, Thanks for your input. We had thought about that route, but had problems getting it to work in our test lab. After seeing your post we went back and removed everything and rebuilt the policies. This seems to be working fine now, though I have no idea what we had done wrong before!

Right now it's in Mixed mode, but that shouldn't be the case for much longer. I understand how to use Domain local groups to restrict access to resources like shares or printers, but I'm not sure how it helps me here. Is there some easy way to restrict/allow logon to a computer?

If you're just mentiong that the Enterprise admins can always access the systems or make changes, that's not a problem. They realize that these systems aren't supposed to be accessed by just anyone, so they wouldn't undo the restrictions. Also, I'm not trying to keep them from being about to...

SR, Could you explain a bit about these two suggestions? I'm not sure I understand what you mean. Thanks!

It seems that the powers that be would prefer I give up being an individual Win2000 domain and change to either being a child domain or an OU of their primary domain. They keep pushing the idea that this will be good for my users because it will allow them quick and easy access to resources on...