Just when you think you've followed all the rules to safeguard your business assets against viruses and hackers and burglars, along comes an employee with a "better" idea. Only it's not, and it could unravel all of the smart security moves you have implemented so far.

As you know, it takes a major commitment to properly safeguard your business from external threats. If you've started that process by updating your software and virus protection and installing a firewall, you've already made a significant investment of time, effort and money.

Unfortunately, a lack of stringent administrative procedures can unwittingly sabotage that security investment, reversing the changes you've made or inadvertently introducing new risks. Users may not stay current on updates and patches, they may download unauthorized and potentially harmful software and they may not be vigilant about unauthorized access to data on their computers.

Basic Steps You Can Take
One solution is to manage desktop PCs and laptops from your server. Not only will this approach reduce the risk that your security measures can be sabotaged, but it can also represent a significant savings of time and money due to the efficiencies you gain. Among them:

Proper installation. You can make sure the correct version of the operating system and applications are installed on all of the PCs and laptops from the outset. That ensures compliance with licensing issues and consistency across your organization for file sharing and other purposes.

Timely updates. Patches and bug fixes, along with new versions of software, can be deployed from the server to users' PCs and laptops. That way you know it has been done properly and in a timely manner and you don't have to rely on users remembering to do it themselves.

Special configurations. If your organization has preferred settings for the operating system or the applications everyone uses, these can be managed, updated and enforced organization-wide from your server. In addition, you can prevent users from installing unauthorized programs by restricting their ability to run programs from CD-ROMS and other removable drives, or to download programs from the internet.

Monitoring. If there is unauthorized access on a PC, or if there is a system failure of some sort on an individual machine, this can be detected immediately through the monitoring capabilities available in a managed PC/laptop environment.

If you're considering a first server or a server upgrade for your business, it's worth noting that improvements in the management capabilities of Windows Server 2003, together with the enhanced security features in Windows XP Professional with Service Pack 2, offer a powerful defense against internal and external threats.