We do that here, we just make sure we use the "high" encryption setting on terminal services, this should be 128 bit. My mgmt was fine with it. Greg. Changed the subject... Anyone have any thoughts on terminal sessions coming in through ISA? And associated risks? Thanks.