Desired Configuration for the Desktop

  • Article

Desired Configuration Monitoring 2.0 for SMS 2003 and System Center Configruation Manager 2007 (included as part of the product), provide a great way to ensure standards compliance of your systems.  Something that desktop administrators have been missing for many years is an easy way to identify systems that have drifted from their original configuration or developed standard.  Now there is a way to avoid configuration errors, track changes made without approval, and avoid unintended impact on the end-user.

From a process perspective, DCM falls under the "Change, Config, Release" framework of ITIL.

In a past life I was a desktop administrator responsible for the creation of a desktop standard build, automating the deployment of it, and managing it with SMS.  Without custom developed scripts/programs or a mirad of third-party solutions, you had no way to determine if the desktop was still configured matching the version of that standard build with respect to security settings, OS configuration settings, driver versions, and so forth.  Even though Group Policy, WMI scripting, SMS's extensive inventory capabilities, and other solutions from us and our partners were introduced to help aleviate the administrative overhead in some areas, it still didn't address a way to define what the standard policy was and how to identify those systems who did not comply with that policy.  DCM really moves us into that direction.

Now you have an integrated solution with SMS that can monitor a plethora of settings through different data sources (File system, WMI, Registry, etc.) and provide meaningful reports out of the box or allow you the administrator, to develop your own set of customized reports.  In addition, with a little bit of work you can configure SMS Collections with queries to capture those systems who are not compliant and have an advertisement ready to remediate them based on that specific CI (configuration item) and have it established as a standard change within your Change Management process.

While you are developing your standard desktop build, create the CI manifest in parallel.  Once the version is finalized, test, pilot and approve for deployment following a Change and Release Management process.  BDD 2007 Solution Accelerator has a specific guide to help you with this called "Desired Configuration Monitoring Feature Team Guide" which can be found here - https://www.microsoft.com/technet/desktopdeployment/bdd/2007/default.mspx. I strongly recommend you consider this in support of managing your desktop environment.