One thing I was not understand, you are saying that Right-click and choose properties when viewing your list of applications in your GPO. I don't think so this options is not available in GPO. please clearly mention where it is available. In windows 2000 Snap -in dialog box these are the option available. Which option I have to take. 1. Active Directory Domains and Trusts 2. Active Directory Domains sites and Services 3. Active Directory Domains users and computers 4. Active X control 5. Certificates 6. Component Services 7. Device Manager 8. Computer Management 9. Disk Defragment 10.Disk Management 11.Distributed File System 12.Event Viewer 13.Folder 14.Frontpage Server Extensions 15.Group Policy 16.Indexing Services 17.Internet Authentication Services(IAS) 18.Internet Information Services 19.IP Security Policy Management 20.Link to Web Address 21.Local Users and Group 22.Performance Logs and Alerts 23.QoS Admission Control 24.Removable Storage Management 25.Routing and Remote Access 26.Security Configuration and Analysis 27.Security templates 28.Services 29.Share folders 30.System information 31.Telephony 32.WMI control -----Original Message----- From: Lane, Mark [mailto:MDL@xxxxxxxxxxxxxxxxx] Sent: Tuesday, July 06, 2004 6:53 PM To: 'windows2000@xxxxxxxxxxxxx' Subject: [windows2000] Re: Group Policy If I am understanding you correctly, you can set security on individual applications set through group policy. Right-click and choose properties when viewing your list of applications in your GPO. Use your A and B security groups to control deployment. Another effective option is to modify NTFS permissions on the installation files. Even if an app is assigned through GPO, the app is only deployed if NTFS permissions exist on the .msi files. -----Original Message----- From: Pratik Patel [mailto:pratik_patel@xxxxxxxxx] Sent: Saturday, July 03, 2004 8:27 AM To: windows2000@xxxxxxxxxxxxx Subject: [windows2000] Group Policy Importance: High Hi, I am planning to implement group policy (application wise) on windows 2000 server. I know only general group policy implementation i.e. desk top icon disable, logon permission, date and time settings and desktop editing etc., What I am trying to implement is, suppose two group are there (A&B), I want to give the full permission to A group (application wise) and limited permission to the B group (application wise). How to implement this kind of scenario. I know AD installation and user creation, OU and General Group Policy linking to AD. Thanks in advance pratik