I have an application that I want to people outside the company to be able to access using MS 2000 terminal server. The application front ends an MS SQL DB, and uses NT integrated security to validate the client login to the DB.
I want to make sure that the people logging on do not have access to anything on the domain that is none of thier business. My first thought was to create a secondary domain, and then create a trust relationship to allow the users on domain 2 to access the sql on domain 1..
The main issue is that I simply don't know if it will work. Validation of the users into the app is based on roles defined on domain 1, and when logged in to the application, the login shows as DOMAIN\username. SO....
Is there anyway to set this up so that the logins from domain 2 can validate on the sql db on domain 1, but not have any other access to domain 1?