Hi guys, We are using shadowuser to secure some of our company's laptops, so users cant install cr*p and then complain to IT that his/her laptop is messed up. I have excluded the "C:\Docs and Settings" folder so their files won't disappear at bootup. BUT, whenever they, as we periodically require them to, change their windows login password (whether its local logon or domain password), it always returns to the old password after reboot.....can anyone point me to which directory I should exclude or auto-commit so this will work? Thanks All. ps. Is it better to exclude c:\docs and settings or auto-commit? Which one is the better practice?