-We are a library and have as our main domain " acld.lib.fl.us "
-Staff pc's are on the domain
-Patron pc's are in workgroup
-We want to be able to deploy software to patron pc's utilizing group policy like we do with staff pc's
-so what would that require? a new domain, a subdomain, a new forest
-preferably we do not want the patron and staff domains (or whatever) to be able to access each other
ps. we already use wsus and lup to push some stuff, but would like to use gpo for the patron side also