well, I'll take Delegation as an answer for item one, I should be able to set permissions ok on 2k3 AD, jes will take some figuring out.
As for item 2, technically if you would enter the file path in the AD's user profile it should set permissions to it accordingly, however it doesnt, XCACLS and CACLS only sets 1 user as full access it doesn't have a feature to "ADD" a user IE admin and the user.
At any rate I would like to thank you both for helping me on this subject, to clarify it a bit more, we are a very small company that make networks for schools, the reset password proggy I am making (with kixforms) should enable headmasters to reset (dumb) teachers passwords to a standard password and when they login they can change it again cos windows will then prompt for them to change it.
The second lets the headmaster add a new teacher to the AD.
Anyway thx again for helping me on my way here 
_________________________
can not join #Real_Life (invite only)
