We are running Small Business Server 2003, a few thin clients and 20 XP Pro SP2 PCs. We're trying to assign software to the PCs using the Active Directory and Group Policy so that when the users log in, the application/update installs automatically. However, the PCs only have "user" privileges and this error message comes up after login: You must be a member of the local administrators security group on this computer to install and configure applications. Contact your network administrator. We have Windows Installer set to always install with elevated privileges. We're trying to keep the system administering as remote as possible and keep the systems locked down without having to temporarily raise privileges and manually update each box. It is possible or are we dreaming? Thoughts and ideas are much appreciated! Thanks, Chris

perhaps this will help http://www.pluralsight.com/wiki/def... Imagine the power of knowing how to internet search http://www.lib.berkeley.edu/TeachingLib/Guides/Internet/FindInfo.html

Thank you for the link - it is a good breakdown of Group Policy deployment. Basically the last two days have been a crash coarse in Server 2003. Lots of reading. Even more running between workstation and server... I must admit, the problem had morphed from receiving the error mentioned in my first post, to not receiving anything. In my tinkering, the computer was removed from the user group that I outlined in the GPO. The rule I created was looking to install software on all machines named "programming" in user group \Users. But the server had the computer "programming" logging into the group \Domain_Admins. Probably because after receiving the administrator error, I changed the privileges to Admin for my user and logged in again - that didn't work either... Anyway - The solution to that problem: Under Server Management, Computers, "Programming" right-click -> Properties -> Member Of (tab). Add the computer to group "\user" instead of "\domain_admins" which it had by default. Deleted computer from group \domain_admins. Rebooted client and everything worked perfectly. Solution to the original problem was answered in response 5 here: http://computing.net/windows2003/ww... Thanks, Chris