Hi, i have a windows 2k server and i have an active directory running. i have most of my users in "users" however some of these users need a lot of the possible rights, some need only to run certain apps. i was wondering if it is possible to keep all the users in the "users" OU and then make separate OUs for "Applications," "Admin Staff" and so on. And then put a single group in each of these OUs. I would then apply policies to the OUs. I'm wondering if the policies on these OUs would go to those groups (inside the OUs) and then go to the users (in "users") who are a part of that group. Is there a way to make this work?