Redmond enlists security vendors to automate policy compliance
An interesting idea talked about over at Network world, is Microsoft working with A-V vendors on the idea of security policy compliance software. If I'm reading it correctly, the idea is that when an machine tries to log onto a Microsoft network it's agent software will transmit information about things like it's A-V pattern files and patch level and if these don't meet defined standards it will not be able to connect, until it was updated.
It's a good idea for things like laptop users, who perhaps aren't in the office often enough to get updates. That said I like the idea of this being tied into the network switch/router infrastructure more.
The reason being is that even if a PC can't log onto a windows domain it can still connect to other client-server applications, whereas if the switch the PC is connected to, won't let it communicate with anything other than the update server untill it is patched, it will be a more effective control.