We need to create a Windows domain/tree/forest that can/will utilize the following:
4 different secure rooms (Room A, Room B, Room C, Room D)
1 to 3 servers (2003 R2) that can be utilized (if needed or for redundancy) with separate drives/partitions for each room (S: Room A, S: Room B, etc.)
Scenario:
User 1 has access to three of the four rooms (B,C and D) and is given access to the respective shares. User 1 is working in Room B.
Is there a way to restrict user 1's access to S: Room C, and S: Room D while in Room B?
Maybe we can restrict access per UNC, OU or with a GPO??
I know you can enable a GPO to restrict multiple drives but if user 1 moves to Room C he will need access to S: Room C and must be restricted to the remaining S: drives in which he would normally have access to if he was in the corresponding room.
Can't use third party software or no virtualization (which would solve the issue).
Any suggestions would be greatly appreciated.