Sorry abouyt the crosspost, never even realized there was a separate forum for IIS. Anyway, the situation is this:<BR>I need to lock down a database file on a Windows NT4.0 server running IIS4. I only want to give certain people access to the site, and a small percentage of those people modify access to this database, the rest only read access. I tried changing the Security settings on the file, and enable NT Challenge/Response in IIS. When accessing the site with the mdb file, it does prompt for a username and password. However, if the person only has Read Access to the Database file, after logging on successfully to the site, he or she can actually modify the database, so that security is not working properly. The anonymous User account has No Access to the entire site, local admins have full control, 2 domain user defined, one with full access, the other (my account) with RX access to all files.<BR>How would I go about restricting access to this Database on a per-user basis?