Any one else have any FUN with this. Here she is: Create two evaluators, Internal and External. If I make a rule and use the "Deny access from IP range" blah blah, it will deny, Of course its idea of Denying is to report an I/O error when the user runs the app, But if I make a rule that says Allow, Like 10.1.1.1 to 10.254.254.254... You would figure this would only allow addresses in that range. But it allows any address. Weird huh? Anyone else have fun with this? Or find a good way to work with this rule for keeping apps to certain subnets. Ron =================================== This weeks Sponsor: ThinPrint - High resolution, DRIVER FREE PRINTING with no loss of quality in color. - Removes print spooling and rendering tasks from your terminal server. http://www.thinprint.com =================================== For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm