Actually, I was facing the same issue as you about a year ago. There is a neat little way to force the policy on ALL the workstations on the domain w/out going to each machine. Look for NTConfig.pol, open regedt32.exe, load hive, select ntconfig.pol, select any name for it, add the registry keys you want to enforce on your workstations, unload hive. Make sure ntconfig.pol is saved in the NETLOGON directory of the Domain controller. I used this method to enforce the policy on 500 workstations when first implementing SUS, Worked like a charm. BTW, google ntconfig.pol, there is an article on it somewhere from WindowsItPro Good luck, 626KLZE