A few dozen?
Try >10,000. Or 20,000. Or more.
Believe me -- I am glad I'm a network plumber -- I don't envy
the administrative job of managing an enterpise boat-load of MS
desktops -- it's a nightmare.Bbut it would perhaps be more of a
nightmare if they were not MS.
I've seen the scope firsthand, and I repect those folks immensely.
The problems here are many, and needless to say, we shouldn't
be trying to re-hash the debate on the appropriate desktop
enterprise OS, etc. -- that's a dead-end.
What _is_ handy is that that there nice tools available to roll
out patches to each end-system in a manageable fashion.
Now -- if only the patch were available... 
And keeping users' from surfing the web and _not_ clicking on
exploit web pages is an exercise left for the reader (without being
a network nazi)...
- ferg