For all of you out there that wishes patch management could be easier on your home networks and don't have the $$ to get 2k or 2k3 server... you can install SUS on an XP Pro workstation with a couple of tweaks.

Follow the instructions @ http://www.neowin.net/forum/index.php?showtopic=231689 to modify the SUS10SP1 so it will install on a XP Pro workstation. NOTE: This goes against m$'s EULA... but who really reads those things anyway.

Then since you won't be pushing out your settings via group policy, I recommend you read the automating patch management 3 part paper @ security focus.

http://www.securityfocus.com/infocus/1760
http://www.securityfocus.com/infocus/1762
http://www.securityfocus.com/infocus/1778

You can create a simple reg file as indicated in part one and import that on each computer.

This has a couple of benefits. You don't have to download each update over and over wasting bandwidth. The updates can be approved and installed automatically so you don't have to run around finding out which machines are updated. The only "con" I can think of is that you actually need to keep up with the patches that are out and approve them so they can be pushed out to the clients.

To check the patch level of each machine, you can use the Microsoft Baseline Security Analyzer.
http://www.microsoft.com/technet/sec.../mbsahome.mspx