If I am understanding you correctly, you can set security on individual applications set through group policy. Right-click and choose properties when viewing your list of applications in your GPO. Use your A and B security groups to control deployment. Another effective option is to modify NTFS permissions on the installation files. Even if an app is assigned through GPO, the app is only deployed if NTFS permissions exist on the .msi files. -----Original Message----- From: Pratik Patel [mailto:pratik_patel@xxxxxxxxx] Sent: Saturday, July 03, 2004 8:27 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Group Policy Importance: High Hi, I am planning to implement group policy (application wise) on windows 2000 server. I know only general group policy implementation i.e. desk top icon disable, logon permission, date and time settings and desktop editing etc., What I am trying to implement is, suppose two group are there (A&B), I want to give the full permission to A group (application wise) and limited permission to the B group (application wise). How to implement this kind of scenario. I know AD installation and user creation, OU and General Group Policy linking to AD. Thanks in advance pratik