Howdy folks, I could've sworn I'd heard of this behavior before, but can't put my fingers on a resolution. Hmmm.. Well , here goes, I have a report from a fellow Admin (separate forest) that his RSoP and GPMC based reports on "only one DC" in a domain are missing the Account Policy settings sections (Account and Lockout settings are missing...apparently Kerberos is there). [Auditors go crazy on things like this....] Anyway, the other DCs in the domain report the data just fine. Before contacting me, he had DCPromo'd that DC back down to a member server and then back up to a DC to try and fix the problem (with no luck). It sounds as if a piece of a client extension is miss-registered or something. Does anyone remember this being reported before and have a resolution? Jerry Cruz | Group Policies Product Manager | Windows Infrastructure Architecture | CNO | Boeing IT