Hi, You can stop a policy apply to a user either IF the OU they're in is set to "block inheritance" from any OU upstream that's imposing that policy OR if they are explicitly denied access to the policy in the appropaite upstream OU. Merging is just that, policies are merged together in a defined order and you get the resultant. Eg if policy A denies something, and policy B allows it, the end result depends on whether policy A or B comes first. However in this particular case, the "Only one session per user" is a machine policy, not a user policy so unless you want to put the machine 'demo' is using into it's own OU, with block inheritance set, you've got a problem. Regards, Rick Ulrich Mack Volante Systems 18 Heussler Terrace, Milton 4064 Queensland, Australia tel +61 7 32467704 rmack@xxxxxxxxxxxxxx -----Original Message----- From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Nick Smith Sent: Friday, 2 July 2004 7:38 PM To: thin@xxxxxxxxxxxxx Subject: [THIN] Less stupid OK, same issue as the dumb one, but this is a problem of understanding rather than 'blindness'. I've never really got how GPOs 'merge'. I have a GPO, applied now to all servers, which states "Only on session per user". I want to disable that GPO for one user, 'demo' (Who, for convenicence, is also in his own OU, and his own security group). What I've tried; 1) Put permissions on the Allow_single_session_only GPO for the 'demo' security group. I can see this group, I can set permissions, I click 'OK' and the group doesn't show up in the permissions list. 2) Create a GPO applied to the 'demo' OU, which specifically disable the singel session value. No effect. I know I'm being stupid, and have a feeling it's something to do with loopback, or permissions, but can't get to it. Any help much appreciated, as we're mean to go public with this demo soemtime today! Nick ******************************************************** This weeks sponsor Emergent Online Thinssentials Utilities Using the latest software, hardware, networking technologies, proven technical expertise, proprietary software and best practices, EOL provides custom-tailored solutions for each client's mission and specific goals. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm ##################################################################################### This e-mail, including all attachments, may be confidential or privileged. Confidentiality or privilege is not waived or lost because this email has been sent to you in error. If you are not the intended recipient any use, disclosure or copying of this email is prohibited. If you have received it in error please notify the sender immediately by reply email and destroy all copies of this email and any attachments. All liability for direct and indirect loss arising from this email and any attachments is hereby disclaimed to the extent permitted by law. ##################################################################################### ******************************************************** This weeks sponsor Emergent Online Thinssentials Utilities Using the latest software, hardware, networking technologies, proven technical expertise, proprietary software and best practices, EOL provides custom-tailored solutions for each client?s mission and specific goals. http://www.go-eol.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm