hi. i've got a few related questions in here so i'll try to lay them out as best i can. 1. what are some guidelines to go by when trying to determine if a webserver should be a part of a corporate domain or not? (we only have one domain, and one webserver, all are win2k based machines.) 2. if i have Anonymous Access turned off (using IIS5) and have an intranet site that is apart of the domain, will the clients automagically log in by passing their credentials to the server? i imagine that when the webserver is joined to the domain the clients will automatically pass their credentials to the server thus bypassing the log in box. the reason i want to do this is so i can access their username from within my .asp pages to do some simple security checking. we have a small number of users on our intranet and i'd like to restrict access to certain pages based on the user. i really don't want to force people to log in twice and possibly maintain two separate accounts (because they would have a domain user and a webserver user.) what sort of things security wise should i be aware of if i join the server to the domain? thanks, chris.