I've spent some serious time cranking through the IEAK's (versions 4 and 5) and have found that some problems are inherent to the idea of packaging IE 4 or 5 for NT or 2000.
The idea behind distribution is to be able to reach many clients with no user end intervention. Now, the IEAK gives you two different possibilities for such and end:
1. Silent Install - Kind of creeps up and shuts the machine off, no matter what the user is doing.
2. "Hands-Free" Install - This is the method that I prefer, as the user can actually see that something is going on on there machine.
Both of these methods work fine (providing you made it through the wizard with no problems), but leave the machine at a critical juncture. The machine now rests at Logon awaiting someone's intervention. If that someone happens to be a user without total administrative rights to the machine, the installation will fail. There are files (the normal assortment of DLL's and OCX's) waiting to be registered, more settings to complete, etc.
The AutoLog feature, I have found, does not work through complex enterprise environments. Users also have a problem when their machines remain in a state where their keyboard and mouse are locked, which also happens about 5% of the time. In this instance, you will have to remotely shut the machine and the process down.
Another important feature to keep in mind is the security encryption. Many of the banks that I have worked for like to have 128 bit encryption, so naturally, you would want a package that would put this encryption down on the desktop. What happens with these IEAK packages is that they read what is on the machine and install that level of security. So, if you create a package that has 128 bit encryption, it will only load that level of security onto a clean machine (one that has never had IE) or onto a machine that currently has 128 bit on it. When you create a package and load it onto a machine and see that the security has not increased, keep this in mind. My advise is to create a package for distribution that upgrades your level of security prior to upgrading your IE.
The solution is that if you have a rather simple environment, where you can get your hands around everything, then packaging this for massive distribution might be the way to go for you. If you have a rather large environment that is layered and you don't have administrative rights over the whole thing, you might want to reconsider doing this, or be ready to put out some serious fires.
If you want more information about the IEAK, you can go to Microsoft's site and check it out. They will answer some of your FAQ's. Personally, I'm waiting for IEAK 6 so I can try to deploy across W2K and see what issues will arise. I'll keep you all up to date.
The link to Microsoft's IEAK information arena is: