We are using IIS Windows NT Challenge/Response and have set up security at the directory level. It works just fine on directories that have special security set up (if the user has permission, it lets them in; if not, it brings up a dialog box, asking for name/password). On those folders that Everyone has access to, the moment we turn off Allow Anonymous Access, they get into the folder fine, but everyone (except administrators) get the logon dialog box when they try to access a file within the folder. We have discovered this is happening because I have include files referenced in the file (the include file is in a different directory from the one the file is in). If we put the include file in the same directory it works fine. I do have "enable parent paths" turned on. I need to turn off Anonymous Access because I am trying to trap the LOGON_USER server variable. Any ideas on why this could be happening??? I know this is long and confusing and I&#039m sorry!