FYI I've been patching our department's computers (~75) manually. I know there are packages available to automate this, but it didn't seem worth the time and effort to deploy another application. The last two months have changed my feelings, here are some of my findings: (1) Microsoft SUS. This runs on top of IIS, so I rejected it as making the problem bigger. (yes, I'm an anti-Microsoft bigot) (2) Shavlik HFNetchk. They have a free download (LT version) that will patch up to 11 computers. The Pro version seems to cost $1458 for 75 clients. I haven't checked on educational discounts yet. A nice feature of the LT version is that it will scan unlimited computers for patch status. http://www.shavlik.com/ (3) GFI Languard Network Security Scanner. http://www.gfi.com/lannetscan/ I haven't tried this one yet, since they strongly suggest reading the 127 page manual before installing. Cost is $495 for 100 IP addresses, but they have a clause about "free for non-commercial use". (4) Hacking up something with utility programs... I found a program called soon.exe at Microsoft. It lets you schedule a job on a remote computer. It turned out to be buggy, but I found a similar freeware utility called atnow.com. I ended up running a batch file like this: atnow \\belmanda "\\maytag\apps\w2k-kb824146.exe" -u -f -n -q atnow \\holbrookeli "\\maytag\apps\w2k-kb824146.exe" -u -f -n -q atnow \\kossekoffice "\\maytag\apps\w2k-kb824146.exe" -u -f -n -q I'm moderately happy with this. I ended up with a few computers that didn't take the patch, but I can use HFNetchk to find those pretty easily. Some questions for the list: (1) What methods have you come up with for automated patching? (2) Is there an open source program to do "WakeOnLan"? (3) Most of the patches need a reboot. Have you worked out an agreement with faculty about remotely rebooting their computers? -John