If you really want to use group policy, your best bet is a Windows 2003 AD server. If at all possible you'll want to have at least two AD servers for redundancy, fail over, etc. If you're looking into it at this point and you're going to do any sort of licensing with Microsoft you'll want to look into Software Assurance. Group Policy improves with every iteration of the Windows Server OS, and 2008 is looking really good. It sounds like you're looking at a new AD implementation? If so, you'll want to go with native mode. Native mode means that all domain controllers must be at the same version of Windows. Mixed mode should be used for transitioning versions. As for integrating Samba and Linux, the answer is Kerberos and Samba. Samba knows how to participate in an Active Directory domain as a Member Server. With winbind it can authenticate AD users. There's even a PAM winbind module. You can also setup authentication via Kerberos if you want to use Kerberos aware services on your Linux computers. I haven't tried this in earnest, but to get this all working I imaging you'll become familiar with the ADSI Edit and setspn Windows tools. Samba as a Domain controller emulates at NT4 style domain, so you won't have access to anything group policy. I'm not aware of any real alternatives to Windows Servers + AD. Novell + Zen maybe, I've got some Novell experience but it's on old versions. When you're looking at managing Windows clients, Active Directory is the right tool for the job. -- Andrew S. Zbikowski | http://andy.zibnet.us SELECT * FROM users WHERE clue >0; 0 rows returned