I been reading this as it develops, and I would just like to say that it is not the user who is at fault, neither is it the Admin's or the rest of the IT Dept. In fact it is a combination, of everyone, from my point of view as tech support, I found it in valuable just to spend time as oftern as possible with my users just to help EDUCATE them, the biggest threat to Security is the uneducated, yes I know that there are users out there who no matter what will not and quite possibly can not be educated, it falls on us all to do the best we can.

Like the age old argument which is the better OS, neither! its what ever does the job best, the more we can educated and get it to sink in, the more time we can spend of other issues that everyone one can benefit from.

Is this not true!!