Immediately after we pushed the patch for the Windows Metafile vulnerability to all desktops, our Systems Management Server reported 60 percent completion. But a workstation isn't considered patched until it's rebooted, and a lot of users are slow to do that. We've forced reboots in the past, but when users lost unsaved source code or other critical work, we got complaints that IT was affecting revenue generation.

Now, after two weeks, we're still at only 80 percent compliance; my goal is 97 percent. It creeps up one or two percentage points per day now, which is pitiful.

I've decided that we'll e-mail users who haven't rebooted their desktops and follow up with e-mails to their managers. At some point, I will order a forced reboot and take the heat for any repercussions. There's no reason why a user can't save his work and reboot.

More Frustration

Besides getting patch management off the ground, I'm still frustrated by the digital rights management project. DRM involves encrypting a document and wrapping it in technology that controls access per an established policy.