customer user accounts and internal user accounts on same domain

Hi, I'm trying to dissuade management from allowing user accounts to be created on the same domain as our company users for what I feel are obvious reasons, but when pressed for specific issues I'm at a bit of a loss. I cited reasons such as;
A clear demarc between customer accounts and our own accounts
Not giving any unnecessary rights due to inheritance, but rather having to apply the appropriate permissions rather than remove permissions to attain the desired result

They want to extend a service we offer to our internal employees to a partner. I suggested creating an extranet and using accounts from a separate domain rather than our own, but there is additional overhead imposed by such as design.duh.but I'm hoping to throw out an established standard or something to help my argument.

Thank you,

Bill Stegman MCSE 2003, CCNP, CCSP, CCIP, INFOSEC, MCTS:Vista
Network Engineer
Crump Life Insurance Services
4250 Crums Mill Rd
Harrisburg, PA  17112
Phone:  717.657.0789  Ext. 4202
Fax:     ; 717.703.4947


CONFIDENTIALITY NOTICE: This message is intended to be viewed only by the listed recipient(s).
It may contain information that is privileged, confidential and/or exempt from disclosure under
applicable law. Any dissemination, distribution or copying of this message is strictly prohibited
without our prior written permission. If you are not an intended recipient, or if you have
received this communication in error, please notify us immediately by return e-mail and
permanently remove the original message and any copies from your computer and all back-up systems.

Relevant Pages

  • Re: folders lost after creating restricted user acct. How to find?
    ... The files in your Administrator account are still there, but a Limited user account cannot see them, due to NTFS file permissions. ... Log on with the Administrator account and if needed, give access permissions to the other user accounts you created. ... Disable Simplified Sharing and Password-Protect a Shared Folder in Windows XP ...
    (microsoft.public.windowsxp.security_admin)
  • Re: FTP Login
    ... I have configured ftp servers in IIS many times and it does not behave ... consistently with regard to ntfs permissions with domain user accounts. ...
    (microsoft.public.windows.server.sbs)
  • Permissions not propagating in AD
    ... Current existing user accounts aren't inheriting the correct ... The OU permissions are properly set up, ... assigned to various accounts and groups on the user account security tab. ...
    (microsoft.public.win2000.security)
  • Re: Moving member Win 2003 and 2000 servers to new Win 2003 AD dom
    ... Establish new user accounts ... You omitted correct permissions and perhaps ownership on the files ... Your users will be "new" and so their old permissions, even ownership ...
    (microsoft.public.windows.server.general)
  • Re: UserAccountControl Attribute
    ... specific user objects (enabled user accounts) that appear to be missing those ... How can I view the attributes of the user objects in question? ... foreach (string parameter in Parameters) ...
    (microsoft.public.win2000.active_directory)