Many thanks, Craig. It's been an interesting thread and I've a better grasp on security possibilities as a result. Hopefully others have benefited as well. I have a machine to rebuild soon so I will try the alternative-root scheme. If I mess it up I can easily reload things and start afresh :-) Cheers, Denis