Not sure if this can or can't be done and hope someone from this group might have some thoughts on it. We are running Citrix Metaframe XPa and it has been discovered that a user can make an ica connection to create a desktop session to a Citrix server. This is something I would like to prevent. Obviously I can't go in and block users from remote connections since they would then be unable to connect to a published session. Is there a way to prevent users from creating a desktop session yet allow them to connect via a published session? Thanks Paul