Hi all, I have been tasked with locking down access to our Citrix Nfuse Portal from our employees. We have the following Citrix configuration.. 3 internal MetaFrame XP servers all running the Nfuse service, two load balanced external Nfuse servers and two load balanced external boxes running CSG. The problem is that we need full control over who can access the MetaFrame farm internally ONLY, externally ONLY, and over who can access both. So far, here's my solution: Locking down external access: External customers must receive instructions on how to request a certificate from our site that is required to access the external Nfuse servers, as well as a password to access the page to get to the request certificate script. This is working well for us. Locking down internal access: Since you cant specify NT group restrictions in IIS, I changed the NTFS permissions on the file level for the login.asp file in the Citrix iisweb directory on the internal Nfuse/MetaFrame boxes. This covers our need as only approved internal customers are in the NTFS permissions to access the file. Now my question is that ever since we locked down the NTFS file permissions on the IIS farm, it's been prompting users that DO have access for their login credentials (username, password, domain). This needs to be transparent and not prompt approved users for credentials to login. Any suggestions on how to accomplish this are greatly appreciated. -adamadz ******************************************************** This Week's Sponsor - Emergent Online EOL's Universal Printer new Features include: Network Printing, Pagestreaming, 2400 DPI. No Client Software Required! http://www.go-eol.com/ ********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm