(Responding, I think, to Peter Da Silva)
| >Why would you put your firewall into the same authentication domain as
| >your users?
| >Maybe I'm missing something, but that seems like you're putting an awful
| >lot of trust in the NT security model.
| Actually, its possible to establish a trust relationship between two
| seperate NT domains such that attempts to log onto the Firewall Domain
| would be validated against an internal Administrative Domain, but accounts
| on the Firewall Domain would not be permitted to log into the
| Administrative Domain.
Could you expand on this? How is the trust maintained? How
is information moved between the two systems?
"It is seldom that liberty of any kind is lost all at once."