This is fairly common feature. You can map any of your drives. Not sure why it would be a security risk, you still have to logon the citrix server and you still have to have access to map client drives. Strange as it seems, but I had a customer who wanted the ability to map to the client's network drives. (For a strangely written apps where data is processed across two different networks.) Joe _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Pedigo Michael-G17060 Sent: Friday, August 20, 2004 11:37 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] How widespread is the knowledge of this security loop-hole? Hi All, I was recently enlightened on what I consider a fairly major security loop-hole in Metaframe... Maybe the rest already know.... The wonderful feature of mapping your local hard drives.....you can also map the network drives of the client via hidden shares...this could be really bad...right??? I personally don't like security by obscurity. I raised the issue to Citrix....but they didn't say much. I suggested they modify the client and Management console to allow to allow/deny each drive separately to tighten up this security risk. Am I crazy or do you see where I am coming from? Perhaps you might want to let Citrix know too...