Community

Getting your infrastructure secure and KEEPING your infrastructure secure are two separate things.

If you have a proper layered security model in place, then once a PC is in place it should stay safe.

Updates to servers and firmware on your appliances can be a full time job on larger networks. This doesn't even include moving to new equipment and replacing it as it breaks down.

A PC you can Ghost an image, drop it in the forest and away you go. The domain policies wouldn't change as often?

The answer to your question is, IT DEPENDS. (you will hear that a lot!)

Good luck.

Desktop support is complicated by power users, especially those that wish to use "cutting edge" (in my opinion "bleeding edge") technologies. For example, external use of collaboration tools such as IM, netmeeting, etc. are prohibitted at my site but these users continually place requests to the service desk and try to apply pressure through the CIO.
I agree that patching and upgrades, whether to desktop, servers or network hardware can be simple or complex.
In my case, the infrastructure supports ~5,000 users in active directory, multiple resource domains, VPN, etc.

Power users are a big issue (Mostly scientific Envoronment)

Add Patch, GPO's, Antivirus & advertised applications......well you get it.

Change Management? We have a change Management meeting once a week with about 120 change requests up for discussion.

Infrastructure? Well I thing we had to swap a supervisor (CISCO) module about a week ago LOL.

But security is only one component at the Desktop and Server Layer.

Very seldom does change management alter infrastructure. It is reasonably static by definition.