Monday I attended the pre-con session, "Step-By-Step Guide to Hack-Proofing Your Microsoft Network" by Marcus Murray. Marcus is a security rock star! Very funny and engaging.
Last year he scared the hell out of me when he demonstrated how easy it is to compromise a system and domain. Since then, I've unplugged the network cables from all my servers as a security precaution, but I'm sure that would only slow him down a little.
The session was very good, but it was a little slower paced than I was expecting and hoping for. The basic security concept is "you can't fix stupid." If the users have elevated rights (by that, I mean running with more permissions than they need to have to do their work) it's very easy to compromise their machine and use it as a springboard to the rest of the network.
The takeaway is this: You must kill your users. Kill zem all.