We are being hit again and again with Viruses. The latest being the new Nimda. I have 3 servers on my network; 2-NT and 1 W2K Server. Only one of my NT machines is open to the outside and is also a mail server. I have made sure to apply all the patches and service packs to the IIS etc. on that one machine that is open to the internet. Do I have to patch my others servers for which I use the IIS only for developement and on my local intranet? I also have workstations running PWS for development. Do these have to be patched? Do I have to upgrade from IE 5 to IE5.5 on on my workstations or is it just enough on my server that is running IIS as a real web server?