IIS 4, SQL Server 7 SP2<BR>We're using NT security on SQL Server, controlled by membership of local groups on the database machine. Using NT challenge/response on the intranet web server (separate machine). When a user tries to access data from SQL Server via the intranet I want the data they are allowed to see to be restricted by the right granted to them on the database server. I've tried setting up a system DSN on the web server and telling it to use NT security but this doesn't work. Any ideas?<BR>Thanks for any help.