I installed IISLOCK on my STA server and promptly broke STA. I was not surprised since I broke OWA that way last year. I looked in the Thin Net archives and found the following from Drazen Vidokovic. Unchecking the 'Writing to Content Directories' in IISLOCK fixed the problem. SO thanks for the help. I was curious about the article referenced as being 'on Citrix user group'. What's that and where can I find it. -------------------------------------------------------- There is an article about that on Citrix user group from Edward R. Chu I followed what he wrote and I have it working. After much experimentation, I found the answer to my own question. Here it is for any readers. Assuming that you have a dedicated STA server and don't want to use the IIS for any other purpose, you need to run IISLockD and choose the following items: 1) Choose the "Other" template. This basically means custom. 2) Allow only the base web service. 3) Check ALL the script maps. STA doesn't appear to use ANY scripts at all. 4) In "Additional security" check everything except the Scripts virtual directory (STA puts a config file and a .DLL in this folder) and "writing to content directories" (I'm guessing STA needs to write its tickets to a folder). 5) You can install URLScan with all default settings. Like I said, STA doesn't use any scripts so you can lock this down severely if you want. Drazen ********************************************** This weeks sponsor 99Point9.com 99Point9 helps solve your unresolved technical server-based questions, issues and incidents. http://www.99point9.com *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm