Menu
SMS 2003 focuses on improving security

SMS 2003 focuses on improving security

The last time we reviewed Microsoft’s System Management Server, it was in the middle of a long beta-test cycle. While the basic features of the product haven’t changed, there have been some minor improvements, including a heavy focus on security. We recently tested the latest version and found it a marked improvement over earlier ones. Of particular note is a new Web-based reporting feature that presents information in a simple-to-filter and easy-to-read way.

SMS has undergone something of a purpose change with a focus on features that help identify security vulnerabilities and distribute critical updates. Traditionally, SMS has been a true desktop management tool, with features including hardware/software inventory, software distribution, software metering and remote control. Most of these features also help implement the security focus by detecting software that needs updating and distributing those updates to only those computers that need it.

Security focus

The biggest security focus area for SMS 2003 deals with patch management. SMS 2003 uses the Microsoft Baseline Security Inventory Analyser and Office Update Inventory tool to scan all clients for missing security patches. These scan results are made available to administrators in the SMS database for reporting or targeting. A patch installation wizard helps deploy critical patches and can be used by security information personnel and IT support staff. The advanced SMS client knows how to handle patch chaining, meaning it will properly sequence updates.

Microsoft’s Software Update Service (SUS) provides automatic security updates for computers that are directly attached to the Internet. But this can be a problem for machines behind a corporate firewall. To help deal with this, Microsoft offers a free add-on for Windows Server 2000 or 2003 that will provide the same functionality as the Internet-based service. The SUS server must be able to synchronise with the Windows Update site and will function as the host server to all clients behind the firewall. SUS can be downloaded from www.nwfusion.com, (type DocFinder: 9622 in the search function on the homepage).

Hardware and software inventory

SMS 2003 does a competent job of gathering detailed hardware and software inventory information. In our test configuration, it correctly identified all the client systems’ hardware. On the software side, SMS 2003, by default, returns a high level of detail about every executable file that it finds. That makes for lots of wading through rows of information when you only want to know what version of Internet Explorer is installed across your corporation. If you’re looking for just one piece of information, this can be frustrating. Fortunately, you can build specific queries to help answer easy questions. However, building queries might require some basic knowledge of SQL and the syntax of a SQL command.

Viewing reports with the report viewer lets you display one of the many canned reports, or you can customise one for a specific result. The Web-based presentation delivers a quantum jump in ease of use. In addition to the Web browser display are options to copy, export, print, email or add the report to your favourites. For frequent report viewers there’s a dashboard feature that lets you define up to four different report views in the four quadrants of a Web screen.

Software distribution

SMS 2003 uses new features that help simplify and streamline software distribution. The SMS 2003 Advanced Client uses the same technology developed for Windows Update Service, called Background Intelligent Transfer Service (BITS), to perform all software distribution. BITS performs tasks such as resuming an interrupted file transfer, large transfers during non-peak hours and managing bandwidth usage.

Creating a package for distribution depends on the software. If the application is from Microsoft, you shouldn’t have a problem. After completing a network install to a distribution point, the software can be advertised for any client to download. For non-Microsoft applications, you’ll need to use a third-party vendor, such as InstallShield, NetInstall (see Installation via NetInstall, DocFinder: 9630) or Wise, which can help you create a Microsoft Systems Installer.

Documentation and installation

A quick read of the installation documentation paints a good picture of the product’s complexity. Completing a successful installation requires planning, patience and perseverance. If at first you don’t succeed, try a different option. Better yet, make sure you understand what the different options mean before you choose one. Don’t pick the Express option the first time you install SMS 2003, primarily because it doesn’t install a management point (see DocFinder: 9623) and without that you can’t communicate with any advanced clients.

Installing SMS 2003 is not a trivial matter. Some installation tasks will vary depending on the platform. With Win 2000 Server, you must run a separate program to extend the Active Directory schema before you install SMS 2003 if you want the installation program to do all the Active Directory modifications for you. Also make sure that things such as DNS are configured properly for your primary site server and network in general.

Microsoft has emphasised providing assistance for various SMS-related tasks with tools such as the Deployment Readiness Wizard that runs specific tests to determine if an upgrade from SMS 2.0 would fail. There’s also a client push installation wizard to help get the client software installed. One catch here: You need to have an SMS client push account in the domain with administrator privileges for the client installation.

There are a number of long documents that try to answer questions and provide information for the multiple scenarios. At 676 pages, the Concepts, Planning, and Deployment Guide goes into great detail. It covers a number of different scenarios from upgrades to new installations on different platforms. Don’t expect to absorb everything in one session.

Bottom line

In the end, it’s all about features and requirements. SMS 2003 is a plus for large installations that need to get a grip on the security management problem. As an added plus, it handles the standard desktop management chores with ease. n

Local information

Microsoft’s System Management Server 2003 is distributed in Australia by Express Data, Tech Pacific and Ingram Micro.

RRP: Server Enterprise Edition 2003 - $1019;

Per SMS 2003 Client Access Licence (CAL) - $72.

www.microsoft.com.au


Follow Us

Join the newsletter!

Error: Please check your email address.
Show Comments