Thanks for getting back to us with additional details on your domain situation. Having managed a domain network just a bit larger than yours (680 PCs), I'm very aware of the challenges you are facing. Hoping that neemo's commands can be used in a script or batch file that would work with your computer. You have some challenges, and so does your IT department. Here's a short list:
1.) From the Business Continuity standpoint (what we used to call Disaster Recovery), how will your system be affected by electronic or mechanical failures such as a failed Hard Drive in your company-owned PC? If they repair it, how will they replace the disk image that's currently working once you apply neemo's commands to a script or batch file to your computer and you get it all working? If they don't have a disk imaging software that they've tested and in place or a roaming profile deployment setup as I previously mentioned, how are they going to put Humpty-Dumpty back together again? I'm talking about your Computer which is likely to be a "one-off" PC in your Company, since you are going to be the guinea pig for this new domain user configuration. Sounds like you are an app developer for Windows or a programmer of some sort based on the Cygwin Redhat-Posix software.
2.) If you and your IT department do have a backup plan in place using either enterprise image backup software or the use of the SDK and roaming profile deployment to re-image your machine, the question is it will need to be tested on your machine, or a nearly identical one to the one you have now. If they (IT dept.) decides to use this for other developers in your domain network, they'll have to run the script file and image restore on more domain user PCs or test the Roaming Profile's ability to restore operational login for other users on the domain besides you and test the security as you mention. The issue will be here, that if those other users are on other subnets at your Company's HQ location (where your Domain servers live), there will be changes that need to be made to the routers in those other subnets that let that kind of traffic through from the domain server to those User's PCs. This is only part of it, as if you have remote offices, say you are based in Chicago, but you have offices throughout the US; and you or other users are located in satellite offices; again network changes will need to be applied to the routers in those other physical locates via reprogramming of those routers as well. In most cases, that can be done remotely; but it's still time consuming. Other issues will be let's say you have a User in the Portland OR office, and he get's transferred to the LA office. When he moves the routers in the LA office have to be reprogrammed to accommodate the network permissions that were in place in the Portland office router over to LA. As you can imagine this has lots of repercussions from the network management standpoint. Such as who in IT will do this, how long will it take to do etc.? In larger companies, they use a Ticket for a Move/Add/Change (MAC) request to get this done. If often involves signing off on cost-centers between departments as I said earlier; but you're company hasn't implemented that yet.
You personally may not be responsible for handling these types of situations, but surely someone in your IT department will be, or the IT Directory or CIO ultimately if you have one. They are responsible for assigning Manpower to a project such as this, and someone has to pay for that, and it's unlikely that your IT management has carte blanche on hours, manpower, or resources.
My point is that this could turn in to a much larger project than you think it is, if it does get replicated to other Users on your company network. This takes time, money, and manpower. Having been a Project Manager in IT I'm aware of these challenges even if you or your IT department is not. If you turn out to be the only one who ever uses this custom configuration in your company due to the difficulty of incorporating support for your PC, they can probably live with it. If it needs to get duplicated to 3, 10, 50, 100 or more users, across multiple subnets, in multiple time-zones, then it becomes much more difficult and expensive. And if your company has multiple domain servers that are being logged into that further complicates things too. Most companies, especially if they are involved in a merger/acquisition by a larger company or a smaller company face integrating multiple domains into one global domain server. If that's not the case and you only have 1 domain server currently that makes the task less challenging than otherwise.
Just some thoughts to let you know the can of worms you may have opened up. Your goal of increased security is worthy, but unless you have physical locations outside the HQ office where the domain server(s) live, I don't believe this whole thing will fly in terms of getting deployed to other users in your network. That's just my opinion from having done it of course.
Let us know how it goes.