Hi, I created a media library called Manuals and added the folder and all the folders, html files, images files to the media library. Then on the security tab I selected "Nobody" for all the options. I created a link to one of the HTML files from the media library on a content page called "Details". I then started a browser sesseion by logging in as a different user. I logged in as person who was not a member of that role that was applied to the "Details" page.(the site uses windows auth) I then entered the URL that was used in that link directly in the address of the browser and was able to get to the html page. i.e. http://sitename.dev/sitename/media/Manuals/folder/folder/welcome_1.htm. I expected since "Nobody" was set in the security that I wouldn't be able to get to it if this in fact protects the files. Or am I doing something wrong?