of course.. however, the help does not define if this change should be made on the server, the target computer or the remote machine making the web request. So I tried all 3 and it made no difference. BTW, IE8 barks up a storm if you make these security changes. Any way to avoid that?