Tom,

I'm currently using BM 3.5 and the only way to
avoid this type of error is to have you (local admin)
log into each terminal server at the console with
client trust running and do a workstation lock at
the console after you're done.

Make sure you don't have the user's login script
calling for clntrust or in their windows startup folder.

This will allow users to browse the Internet during
their terminal sessions.

Christopher