> how about using "LsaSamLogon" instead? indeed! Jeremy, is that the basis of your proposed security=domain code? Sorry for not paying attention earlier ...