Something I haven't checked in terms of security... can the .ghst files be deleted while the program is running ? can they be overwritten with a *new* set of defaults ? what happens if malware writes a pre-created .ghst file into the groups directory that gives it permission to do its nasty business ? if there is a collision between definitions in 2 different groups which one takes precedence - the allow or the deny ? - or it is based on the group load ordering ?