We want to setup a Windows Server 2008 environment + Exchange 2007 and Terminal Services access.
We have several physically as well as logically divided departments. Most of them only have 2-5 users. They are like companies within the company.
Each department has their own email domain: department1.com, department2.com etc.
Each department will have their own set of shared folders and printers.
If we were to use OU´s (Organizational Units) how strictly would we be able to restrict the access between each OU?
It is important that one OU doesn´t even see another OU´s shared folders, exchange users etc.
We preferably want to limit access to certain applications across the OU´s. This might be the case with one OU´s internal book keeping software, that we don´t want users outside this OU to access.
And finally: what happens if a user in one OU plugs a USB memory drive into his/hers Thin Client - will other users within as well as outside the OU be able to see and access it?
Is OU´s the right way of accomplishing this? Or are the other suggestions?