You'd absolutely bawlk at our servers then, it sounds like these are the absolute opposite of yours :) Is there any script you run to lock everything down, or some sort of process you run through? Andrew --o-- >>> Neil.Braebaum@xxxxxxxxxxxxxxxxx 16/12/03 09:39:40 >>> They (the users) can only install software locally to a terminal server, if they have the ability to modify HKLM (normally) and frequently HKCR. Also, if they have write access to the local filesystem(s). If they can't modify the server, they can't install software on the server. Personally, I've always used mandatory profiles, so my users can't permanently modify their profile. And as they have read-only access to the local filesystems and registry, they can't install software - even if I gave them the facility to be able to get software (well I suppose they could be emailed something, but their mailbox quotas aren't too huge, and they don't get internet access). Not all software installation follows the path that you can easily block via GPOs (ie MSI based installers). If you cannot secure the local server (ie filesystem(s) and registry), then there is the other option of tightly controlling the applications they are allowed to run. Neil ******************************************************** This Week's Sponsor - 99Point9.Com Emergent Online EOL Universal Printer 4.0 Has arrived! http://www.99point9.com/public/products/ ********************************************************* Useful Thin Client Computing Links are available at: http://thethin.net/links.cfm *********************************************************** For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: http://thethin.net/citrixlist.cfm