I have a network with 500 users. They are all running windows pro xp in a windows 2003 domain env. About half of the laptop are out of the office 90% of the time. They connect to the office using citrix/terminal server. What I would like to do is get some ideas on how to protect these machines. Some ideas I have are to make sure they have complex passwords, firewalls enabled, EFS data on compueter. Can someone give me some more ideas on how to proceed.