A few dozen? Try >10,000. Or 20,000. Or more. Believe me -- I am glad I'm a network plumber -- I don't envy the administrative job of managing an enterpise boat-load of MS desktops -- it's a nightmare.Bbut it would perhaps be more of a nightmare if they were not MS. I've seen the scope firsthand, and I repect those folks immensely. The problems here are many, and needless to say, we shouldn't be trying to re-hash the debate on the appropriate desktop enterprise OS, etc. -- that's a dead-end. What _is_ handy is that that there nice tools available to roll out patches to each end-system in a manageable fashion. Now -- if only the patch were available... :-) And keeping users' from surfing the web and _not_ clicking on exploit web pages is an exercise left for the reader (without being a network nazi)... - ferg -- Fred Heutte <aoxomoxoa@sunlightdata.com> wrote: I understand the frustration Valdis has with the Microsoft situation. I've done my share of patching and updating and crawling under desks and wrestling with Exchange Server and all the rest, and fortunately (for my sanity) I'm not managing a few dozen M$ desktops anymore. My observation had more to do with the posturing of the "security" vendors (anti-virus, firewall, IDS, etc.) and the broad range of highly important experts who are all clamoring for attention on this and on all the other everyday security issues out there. There is certainly a need for security services and products and activities, but I am just not enamored of the "security mindset." This is just a part of what our job is so let's get on with it. And if we can convince the PHBs that moving off of Windows is (1) feasible, which is obvious; (2) manageable for them, which is not so clear, so much the better. I've broken my hammer pounding this particular nail, so having failed at moving management away from Windows, I moved myself away from management. Fred -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg@netzero.net or fergdawg@sbcglobal.net ferg's tech blog: http://fergdawg.blogspot.com/