you use deepfreeze for every employee? you have it installed on every workstation? at work we have 500 employees, most of them like 90% knows nothing from security or whatever. as for system admins and IT managers, SU and Vmware can be used off course .. It's an extra layer, just like having Norton Ghost (that's what we have at work) an important one just like an antivirus scanner. but Vmware is only for admins at work so is SU I guess...that's a different story Imho /edit: they have something like shadowserver .. I wonder how that works to be honest, I don't have any experience with that. is it centralised with one control panel for the system admin?