Hi guys, I'm just about to shoot on my foot so I wanted to check if there is something else to blow my full leg actually ;-)) I have setup a working Samba 3 PDC controller with user authentication and roaming profiles. I want to lock down [*] the desktop on client machines (win xp) as I did with poledit (NTConfig.POL) on Win9x/WinNT4 machines. [*] Lock downs suck as : disabling msn messenger, disabling some IE cappabilities, disabling some harmful programs (outlook.exe premium-rate-dialer.exe ...), hiding access to disk drives... Since the only possible way to do this (according to what I have read) is using some Active Directory group policies, and taking into account that samba 3 isn't capable (yet) of acting as a AD server, I have to find another solution :-) <scary_solution> I've thought of building a specially crafted .reg file (actually a set of them) which will be imported in each logon on the machine; that way, I can control the way the desktop acts for each user. I will have a "general.reg" file for common lockdowns, some specific "group-A.reg", "group-B.reg" files for each group and finally some "user-A.reg" with specific lockdowns (or not) for special users. </scary_solution> I know this isn't great security since any user would be able to craft a .reg file themselves and revert the lockdown... but for average user this could be ok... :-) Comments? ;-) -- Window$ Macht Frei!