Hi, I think that you've encountered a "feature" in NT security that allows: A user on a machine to act on another machine/domain if there is a identical match on userid and password in both places.
IOW if you have a local user MUSR_MQADMIN on machine A with password QWERTY and on machine B you also have user MUSR_MQADMIN with password QWERTY. When logged on to machine A as user MUSR_MQADMIN you can access resources on machine B as user MUSR_MQADMIN on machine B via the network. This is how NT Networking security works and the only way I know to get around it is to have different passwords. Regards, Peter Larsson Moish Carmon wrote -> Hello all. We have mqclients, v5.2 running on WinNT connecting to a queue manager, v5.2 on Win2K. According to the documentation, you can grant authority with setmqaut command, using the domain to which the user belongs, in the form [EMAIL PROTECTED] But what we see is that any client connecting with this userid, doesn't matter to which domain this user belongs, gets the authority of this userid as specified on the setmqaut. for example, local user id MUSR_MQADMIN on machine A, can connect as client to queue manager on machine B, and get mq administrator security to this queue manager. Ofcourse, this is not what we want. Any ideas how to avoid this problem ? TIA, Moish Carmon. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive