That's not exactly a simple case. Like Jeff said, make sure you understand group policies and SRP before you go and implement this. Even if you think you fully understand group policies you should spend plenty of time playing around with SRP before deploying it. Since you can implement SRP on a local machine using local policies, do that first and get your SRP developed and tweaked. By doing that on your own machine you have further motivation to get everything working and tested. Once you are sure that your SRPs are working then you can look at rolling it out via group policies. Also, if you've never filtered a policy based on group membership, just put your different users into different OUs and apply the appropriate GPO to those OUs. Finally, it's best to make your SRP GPOs completely separate from everything else; create self-contained SRP GPOs so that if/when you screw up you can just disable them. On 5/9/05, Kevin R. Fjelsted <kfjelsted@xxxxxxxxxxxxxx> wrote: > I am trying to get a simple case working. > I have a hash rule set to in a GPO for software restriction. > Then I have a second GPO with scope of one security group. > I have the same hash rule set to allow. > I have also set the second GPO to precedence. > I am still getting deny with the security group. > However if I completely remove the deny rule from the first GPO and set the > rule in the second to deny then I get a deny within that security group. > What am I overlooking regarding precedence? > -Kevin Fjelsted > ******************************************************** This Weeks Sponsor: ThinPrint GmbH Now available: The new version .print Engine 6.2 with SSL encryption and certificate management. http://www.thinprint.com ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm ThinWiki community - Excellent SBC Search Capabilities! http://www.thinwiki.com *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm