I tried to use request.servervariables("logon_user") to get the nt username so i could attempt to check wether a user has the rights to edit there personal details on a phone list online. However i found out that the string is empty unless you check off the allow anon users check box in IIS. The problem with this is that it now asks for the challenge response password which i dont want. i want the user to be able to search the phone list, pick up there own details and to edit them. i.e. i want the page to pick up the nt username compare it with the e-mail address and if it matches allow it. I can do all the latter but how do i get the nt username without having to check of allow anonymous access in IIS<BR><BR>Does anyone have any different idaes on this one <BR><BR>thansk for your time