A lot of interesting things have come through on this. Looks like I'll definately be doing some serious reading when the time comes to work on this more. However right now, it's a low priority according to mgt. Where for me, it's a slightly higher priority to which I'd like to get rolling. On the question about limiting/blocking users from certain machines, the netgroup will that have to be multiple netgroups for various machines blocked? Reason why I ask is we have 100+ servers of primarily HP, Sun, AIX, a few DEC and even fewer Linux (unknown distros at this point) and there are varying levels, sublevels and such of access control. While one may have access to a client support server, they cannot have access to a Development box. Yet, their manager may. If the netgroups part becomes too cumbersome it would scrap the entire project and we'll have to stick with the adduser scripts we have right now on each machine. -- --- Shawn "Knowing is not enough, we must apply. Willing is not enough, we must do." -Bruce Lee