The correct AD way is to have a group for each client. That group has the needed rights. I don't understand why VFP is needing to do this.
>Hi Craig.
>
>That is a very good idea but we still want to assign ReadWriteCreateDelete rights (to AD groups) automatically and in a data driven manner.
>
>The reason is that each of our clients has 1-3 users but we have hundreds of clients. (Our product is a payroll program specific to the laws of Panama.) Naturally, each client's data is in a different directory tree.
>
>Alex
>
Craig Berntson
MCSD, Microsoft .Net MVP, Grape City Community Influencer