I have a ISA standalone server configured between 2 routers in a NT domain. The HTTP Redirector filter is set to discard any SecureNat or Firewall clients, and all browser settings in the domain are configured correctly. Recently, I have had a need to give certain users access to POP3 accounts (the default was no POP3 for anyone). I created a rule to allow access to POP3 and SMTP and assigned it to the group in question. It did not work. If I configured the rule to allow all users access, it works just fine. Somehow, ISA is not authenticating the group properly. I considered trying Client Sets but control is not granular enough that way. Anyone have any ideas? Regards, Ron