Hi, I have some questions about this scenario --> When delegation is configured on a computer-based GPO [whereby only members of a specific security group can read and apply the policy], and the computer object is subsequently added to the necessary group: Does the computer require a reboot to pick up the fact that it is now a member of the new security group (similar to logoff/logon for a user to get new token when added to a group)? Or does the next policy refresh (or forced policy refresh) enable it to "realize" it is now a member of that group without a reboot? Also, does the enumeration of the computer's security groups get logged in USERENV.LOG? I don't see anything about it, but then again I have yet to enable the DEBUGGER flag (0x30002) - maybe it shows only with that flag? Thanks, DaveC This email was sent to you by Reuters, the global news and information company. To find out more about Reuters visit www.about.reuters.com Any views expressed in this message are those of the individual sender, except where the sender specifically states them to be the views of Reuters Ltd.