What you can do Paul is open up Terminal Services Configuration click on connections then double click on the ICA or RDP connections. Click on permissions, add the group of users that you don't want to have access to ICA or RDP and place them in the Deny portion of the permissions. This will override the allow permissions.=20 -Linn -----Original Message----- From: Stansel, Paul [mailto:Paul.Stansel@xxxxxxxxxxxxx]=20 Sent: Monday, November 25, 2002 10:16 AM To: 'thin@xxxxxxxxxxxxx' Subject: [THIN] Need a fast way to deny users the right to log on to a server Win2K servers running in an NT4 domain. I need a fast and effective way to prevent users from logging in to some terminal servers and not others. I know I could set the security policy to remove the ability of Everyone to access the computer from the network, but there are a LOT of groups I would have to add back then. Is there an easier way to just deny 1 or 2 groups? Thanks, Paul ***********************************************=20 This Weeks Sponsor OneApp Total Control Control, Secure and Audit your Thin Client Systems http://www.oneapp.co.uk ***********************************************=20 For Archives, to Unsubscribe, Subscribe or=20 set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm *********************************************** This Weeks Sponsor OneApp Total Control Control, Secure and Audit your Thin Client Systems http://www.oneapp.co.uk *********************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm