But I think if you follow this logic, the basic features of Microsoft networking would be a problem. For instance, net use \\machinename\C$ Potentially I have just invisibly connected to my user's local disk, and can do whatever I want. Ok, I might have to fight some ACL's, but as admin they don't have much hope. (run a full backup to another machine, restore files there, take ownership -- just one way) Technically, I can see any file. But the SAU keeps me on the good side. I have the luxury of having worked here over twenty years. I think my users trust me. I know way too many of their passwords. (yes, I tell them they are weak and should change them...) I always try to inform them when on work on their computers, most of them don't seem to care - "just do whatever you need". I'm afraid Jesse is in a different situation. Maybe his office had a "bad work environment" several years ago, and he is suffering from that. I think it is more of a social or cultural problem, it might be hard to fix. He probably shouldn't mention that C$ thing to his users. :-) Personally, I don't see a problem with VNC and the SAU. Do you disable the built-in remote desktop feature in XP? Do you outlaw ssh and telnet for unix boxes? Possibilities of possible misuse there, too. Ok, maybe VNC is potentially worse, because you can see another user's screen real-time. Maybe you should have a departmental SAU that details how it is configured and explains to the users how they are protected (if the admin follows the rules). On Mar 29, 2005, at 5:57 PM, Linda Losik wrote: > I am concerned because I can see possibilities of possible misuse.