I've got a client with 2 Windows Server 2003 R2 domains in one physical location. These 2 domains are totally separate, and the only thing they share presently is an internet connection and an ethernet switch. My clients want users in domain A to be able to access resources on servers and workstations in domain B. The main imperative is that users in domain B should not have any access to servers or workstations in domain A. The things I guess I need:
I'm guessing that I need a one-way trust but my experience is very single-domain so I'm looking for a quick walk-through here!
Is a one-way trust truly one-way, is there NO way for domain B users to access domain A?
How do I configure permissions etc on resources in domain B so that domain A users can access the requisite resources?
Can users from domain A be given permission to log onto computers belonging to domain B?