>you know individual Windows DOMAIN\usernames can be added to the local >Administrators group on a workstation? yeah, but like I said, I didn't want a logged in user (can't even enable a locked screen saver) to be accessible by "someone". I could create perms denying this user explicitly etc but why? It's easier to make it a local user and not *ever* worry about managing it. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos