Hi, Simon-

>You might like to look at some of the tools from GFI Software (think that's the name). They have a thing called Lan Security Analyser. You give it an IP address and it scans that machine. Comes up with all sorts of stuff, including missing patches, unnecessary shares, general security stuff.

I'll have a look. I'm trying to step back out of the Network consultant's path...now that he's decided I'm not to blame after all, I guess I'm not quite so needed. ;-)

>One other thing that they might find useful: install a SUS server (Software Update Services) from Microsoft. It's free and makes the installation of approved updates to Windows a complete no-brainer. Also means that the patch only gets downloaded once then locally distributed = savings on web bills if billed on traffic.

A SUS. This is apart from the windows Automatice Updates, I gather? I'll have to look it up.

>I didn't notice, but what mode is their ISA Server running in?

Uh oh. Question I can't answer. ISA Server's have modes?

BTW, I did double check versions with the Network consultant, and they're running Exchange 2000, not 5.0 as I thought.