Wow guys, thanks a lot for your help. This is exactly what I was looking for. If anyone else has any insights, please help. I need all the info I can get. I dont want to make this too long, 30 pages seems a bit too much, they arent expecting anything big since this is a very small company with only 4 servers and 30 comps in two locations. All they need is pretty much what I have in place, i took it on myself that I may need to research this further and try to find any other security issues or holes that may exist in our system. I think that I am probably missing some things that could let people in our system and want to try to identify them if there are any. A while back I had a problem where some anonymous user was using our proxy server to access the internet at a higher speed. Well it was then that I realized that anonymous access was enabled on the proxy server. Once I disabled it, i never saw the guy again on there. Its little things like that that i never even knew about that jeopardized our security. Anyway, thanks again for any help, I really appreciate it.