I was wondering if I could get some advice on something in patch management from the community.  We patch over 1200 workstations across 70 different companies.  As you can expect, we have a wide range of Windows OS, Exchange, and Office versions to manage.  

My question is regarding those products that Microsoft has deemed end of life (Windows 2000, Exchange 2003, Office 2000, etc..).  Even though there may not be any new patches coming out for these products we are leaving them as Pending Approval in our patch policy.  Does anyone else do this, or once a product goes end of life do those products approvals change from Pending to Denied?  I think we should change them to denied as if something goes wrong we will not get support from Microsoft.  I wanted to see what the rest of the community does so possibly change how we are approaching this.

Thank you in advance.