Welcome to OUR GLOBAL IT COMMUNITY.

I have to agree with Lawrence. The only real way you can do anything close to what you want to do would be to implement group policies on each of the machines, and really lock them down to stop each user from doing whatever they want.
You can also implement something like WSUS (the Windows Software Update Service) to ensure that all the machines get the latest updates and patches.
You should also consider standardising on one operating system rather than having two different ones - in the long run it will make your support life easier and updating the software easier.

The bottom line is that you want it to be easy without being too restrictive - well heres the problem! In order to do what you want and to make sure it stays that way it has to be restrictive.

And as Lawrence suggested, there are many programs out there that do disk encryption. BitLocker is a good example if you are running the correct version of Vista, otherwise something I really like is TryeCrypt.

Sorry I couldnt give you a more easy solution!

Andrew Edney
UsingWindowsHomeServer.com

I hate to say it, but there is no definitive way to force your users to patch their laptops, stop opening attachments, update their virus definitions, etc without being very restrictive or making severe policy changes on how abusers are handled. The only way to make sure these problems are addressed would be to make your Windows users be in the Standard user group, configure and restrict the Automatic Update settings to automatically install updates, make sure UAC is not turned off in Vista, and to make sure your users do not bypass these restrictions.

If it is not worth the headaches of putting such restrictions in place, then your best bet is to educate your users. At BleepingComputer.com, I have found that the vast majority of infections that a user receives is because they are not educated on how to properly use their computer, open attachments, and browse the web. For those who do know how to properly and safely perform these tasks, then the risk of infections plummets. When we help users clean their computers of malware, we suggest they read our guide on simple ways to keep your computer safe. What we have found is that those people who practice these steps typically do not get infected again due to their actions.

As for what to do for stolen or misplaced laptops, your best bet is hard disk encryption for your laptop's drives. By encrypting your hard drives, if someone turns on the laptop without the proper password, they would not be able to boot the computer or access the data. There are numerous products available that offer hard drive encryption, including BitLocker from Microsoft.