Appropriate server security is a constantly evolving target. Just when you think you've got all of your servers appropriately locked down the world changes and there is a new threat to protect yourself from. In IST we change our security model, as well, with each version of the operating system and with each Service Pack. The Windows server operating system is released on a different schedule than the Windows workstation one. Sometime we can apply what we have learned what we have applied in one, to the other. Typically though, access requirements are significantly different, which is why we have a seperate server security link from the primary security link.