We have two-ways trust and I can only manage my OU. I am the administrator in my department and manage AD of my department only, not Enterprise Admin or Domain Admin of the entire forest.
My goal is to prevent other users from other domain to logon my domain computers in shared area. All others like access network resources stay the same.
I tried "Deny logon locally" but I could not browser objects on other domain (no permission), so I can't do it with GPO. Any work around? thanks.
Thang Mo