Do you support desktops as part of your SBS offering?  Want to reduce the number of calls (and simultaneously increase your customer's satisfaction)?  How?  By locking down your desktops through the principle of least-priveleged user account (LUA).  The basic idea is simple - only give users the rights they need on their local desktop.  Rootkits, spyware, "add-ons" that crash or slow down other applications, unlicensed software...all of these problems go away or are significantly mitigated by not allowing users local administrative priveleges.  Realistically, very few small business customers need admin rights - those that do are usually are running applications that need significant tweaking to work properly - for instance, http://www.sbslinks.com/lua2.htm.  Implementing LUA can be a hard sell, until you explain to the business owner the benefits of not having to deal with all the above problems and the cost savings they will realize in gained productivity and lowered support costs.


The XP group has just published a very well written paper on the subject available at:  http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/luawinxp.mspx
To comment on the guide, go to http://blogs.technet.com/secguide