NT domain WAN

[hermit1 <hermits () mac com>]

A high mucky-muck of my company wants to set up an NT domain with machines 
scattered around the USA.  (Why is a little unclear to me, but he wants 
it.....)  When this was proposed last year I screamed and they gave up, for 
a while.  Now I want advice on whether putting a Cisco VPN router at each 
office would be considered to offer enough security.  This is not for a lot 
of traffic or for really important stuff.  They mostly claim to want to 
share files and printers - even though no one can explain to me why someone 
in Denver should want to print to a printer in Boston.

I pointed out that the security risk is additive (actually x to the nth 
power, but keep it simple) since compromise of one machine gives access to 
all the others, and anyone who has access to any machine behind the router 
probably can access all the NT machines in the domain.  This is acceptible 
to them, since they already have NT domains scattered through a couple of 
buildings (all behind the same firewall, though).

Is this considered safe?
Any suggestions for making this a safer project?
Any reasons or examples that indicate why this is a bad idea?

Thanks,
hermit1