Melvin Wrote: Would that not adversely affect the IE browser's internal workings as well? Cache? Temps? SwapFile? ----------------------------- Nope. It sure doesn't. For lack of any text book explanation, the GPO does not prevent the application from accessing the system on behalf of the user, whereas typing "C:\" in the address bar is the user attempting to access the file system with their own system rights. Therefore, you sometimes have to restrict the command line and/or .cmd/.bat. Else a really tricky fella could call a batch file from the address bar that executes "Start cmd" or some other silliness. In fact, I have yet to see this policy break any application, even scripts or batch files. ******************************************************** This Weeks Sponsor triCerat: Have you had your fill of printing support calls, unauthorized apps running on unsecured Terminal Servers, profile headaches, and application performance problems? Join us and learn how you can have a less demanding on-demand enterprise! http://www.tricerat.com/?page=events#register ********************************************************** Useful Thin Client Computing Links are available at: http://thin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thin.net/citrixlist.cfm