On the image detection -- one thing I really find tedious is flipping pictures back to the right orientation when I've rotated the camera... be great if it included some detection algorithm to detect and auto-rotate..
Last time I checked.. the most up-to-date and current source for patches was windowsupdate.microsoft.com.. an internet site..
Don't get me wrong.. I think the security lockdown mode of IE on W2k3 server is a very necessary feature, but it is difficult to draw the line on what's "good" and "bad" in all possible scenarios..
continuing your line of thinking, why not deny access from the DC to any ip which is external to the domain? not allow installs of any application on the DC since any application could pose a security risk. Don't allow remoting or terminal services to a DC since it could be a untrusted user from inside the network..
there are any number of scenarios where doing these things would just complicate matters and not make things any more secure -- maybe even less..
it is still incumbent upon the admin to make sound decisions -- simply taking away IE doesn't solve much as it would just frustrate the admin and he/she would probably find a reg hack or download and install another browser..
the probably best way is to keep features intact, secure by default, and have the user be the determining factor on what should or shouldn't be done...