1) 90% of users don't have admin access
2) HD of machines are removed and placed in safe at night (can't run scripts during the night to delete temp dirs)
3) i need a way in which a normal user can take ownership and then delete some directories and files

reading all the posts has been very usefull and i think the route i'll take is as follows

write a batch file (called from the login script) that
uses SU to run XCACLS so that the user can claim permission to delete
delete the temp folder
create a new temp folder

this batch file will be converted to an encrypted exe file using bat2exe and secure21

this should mean that users won't even know they are running SU etc and as it's encrypted they will have a hard time finding any passwords

does this sound like a good method?

Pete