Looking to determine what other's are doing to secure desktops. Issues to be considered:

Hardening end-user desktops on Windows 95b, Windows 98, Windows 2000 Pro, Windows XP.

Security and enforcement applies to: Desktop policies either 1) Novell Zenworks, 2) Windows NT4 based domain or 3) Active Directory GPO's, 4) 3rd party solution. In addition, it must include automation and pushing of patches (we've purchased Patchlink for this effort) and it must also consist of some form of notification (NIDS, SYSlog, etc) if any compromises (virus/worm, etc) appear.

Environment is dispersed. Main office has 500-600 desktops and we have over 350 remote sites with about 5-10 PC's each and 4 brand offices with 40-60 desktops. All told, we hover around 4000 devices.

Any suggestions appreciated.