I've made a test setup with a NW6.5 box as cifs-server with pdc (we currently have no windows pdc). After some initial struggles i've managed to get most things to work properly. I've managed to add a win2k client machine to the domain and use my nds user to logon. Login script and file access is working fine.

My question is how to control access to the client machines? I know i can add users to either "domain admins" or "domain users" in C1, but there is no "power users" group. What would be the best (easiest) way to control client access with finer granularity? "Domain admins" have too much power and "domain users" too little... To add to my confusion I have a Citrix-server where i want the users to be fairly restricted, but also techincal users (on separate machines) who would go berserk if i restricted them to the "user"-group.

I know about group policys, and i was thinking of modifying the default user group, but how to apply (disrtibute) the changes to the clients? Should i move to a windows pdc with Nsure or is there some other way around this? I've heard about Zenworks, but know very little about it. Could someone point me to a possible solution? I don't know if i'm in the right group here, but as the starting point is as netware cifs-server i thought i'd try here first.

Kind regards

Andreas Wettergren