Hello, I'm needing to secure as much as possible a standalone xp pro machine. First of all, currently it auto logs in as administrator, which I need to change. I need to give the admin a password. Would that be: net user administrator * and enter a password twice? If that admin user then logs out they're presented with a list of accounts on the box. One of them, while he was logged on as administrator, gave his account admin rights. This was bad enough, but he then proceeded to trash the box, it's performance frankly is abysmal right now. The first thing I need to do is clean said box, it needs both a software cleaning as well as an open the box and clean it out inside. Next, I'd like to prevent this from happening again, securing the admin account is the first step, having everyone else change their passwords is second, downgrading this user from admin in local users and groups is third. Which group do you recommend I place this user in? I want to limit his ability to do much to this box. Finally, and I don't know if this is doable, I'd like to lock just that user down with a GPO. For example, I don't want him to be able to even see certain icons in control panel, or on the desktop and I'd really like to put him in a box. I only want this to effect this one user, not the others, is this doable? I do not think it is but I'd love to be proven wrong. Thanks. Dave.