Incidents Question, part 2

Speaking of incidents, who out there is doing incident response on Windows systems? Seriously...from some of the lists I read (ie, SecurityFocus), I get the impression that the default behaviour of most admins is to grab a minimal amount of info, post to the lists, and then reinstall the system. Is this really the case?