Preventing users in a trusted Windows 2000 domain from logging in to computers in the Computers in a trusted Windows NT domain.

[batchel...@gmail.com]

I am restructuring a our infrastructure and pulling a windows nt
domain into a windows 2000 domain. We are moving about 500 computers
and 300 users. Right now we do not have trusts between domains. We
have had them before.

Here is the senario:
Windows NT domain with 500 computers and 300 users.

Windows 2000 domain with 2500 computers and 15,000 users.

We are migrating the windows nt domain into the windows 2000 domain.

I have a test environment setup with copies of domain controllers from
both domains, and setup bidirectional trusts between domains for
migration purposes. We have to have them bidirectional for the
migration process.

What I need to do is prevent users from the windows 2000 domain from
logging in on the computers that are in the Windows NT domain until
the migration is complete, because the policies that are on the
machines in the NT domain will get overwritten and security on the
machines will be compromised.

How do I go about preventing the users in the windows 2000 domain from
logging in on the computers that are in the Windows NT domain?

Any help would be appreciated.