We would like to restrict Messenger to certain users within our
organization. The users are in multiple ou's, so I need the eDirectory
scope search list to be broad, but for them to be restricted from
authenticating to IM unless we have allowed their user to do it.

I was thinking about modifying the "default policy", so it denies access
to all users in edirectory to use IM and establish a second policy that
allows specified users access to messenger. This is how I was thinking
of achieving this. Does this look like it will work?

default policy (restricts everyone)

General Tab

X Uncheck Enable Novell Messenger Services
X Uncheck Archive Sessions
X Uncheck Allow Users to search eDirectory for other users

Used by Tab
X Includes no person specifically


Policy #2 will include specified users who have completed an internal
access form approved by management to use the GroupWise Messenger IM
utility.

General Tab
X Check Enable Novell Messenger Services
X Check Archive Sessions
X Check Allow Users to search eDirectory for other users

Used By Tab
X Includes approved users

Thanks for your input in advance.