What I did was create a separate ICA listener on a different port and configure the Web Interface to talk to the MF servers on that port. You can then set the permissions on the secondary listener so that only a certain subset of users can access it. _____ From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jay Jukes Sent: Thursday, February 03, 2005 5:41 AM To: thin@xxxxxxxxxxxxx Subject: [THIN] Retricting access to Web Interface Hi, I am currently running Web Interface 3.0 with Secure Gateway 2.0 on IIS6. I am now have a need to only provide access via SG to a subset of users in a particular Active Directory group. I have had a look at Sam Jacob's RestrictGroups enhancement (http://www.citrix4ge.de/wim/wimrg.htm) but the code appears to have changed in Web Interface 3.0. Has anyone else developed a way to only allow users in a particular group to log into Web Interface 3.0? Cheers Jay.