SMS 2003 Desired Configuration Management
Wow. Its been ages since I blogged about SMS. I went to a cool session on Desired Configuration Management. Its about understanding what youre expecting to have and how it actually compares to whats there. Imagine centralised and automated “best practises management”. Its quite easy to use though you’d need to understand a bit about how the WMI classes work in order to be able to query it well. Its gives you the ability to control the intended actions by writing an error to the event log etc and can interface nicely with MOM 2005.
The future version of this (in SMS v4) will be able to take the “best practises” configuration based on vendor guidance (Microsoft’s and others) and perform central analysis over how your network complies with the best practises. Yes some of these tools exist today, but its quite a manual process today, doesnt keep you up to date and doesnt give you the ability to modify/add to it.
SMS v4 Futures
Along the lines of SMS, I thought Id continue the SMS lovin’ and went to another one. I should add there was actually another session on Windows Vista Data Security (which covered EFS and whole system encryption using TPM chips) that I really wanted to go to but they moved the room and I was far too lazy at that time of the morning to walk that far to see it.
That said I Was very impressed with SMS v4. The goal is simplicity so they say and after seeing the presentation Im convinced. It has integration with future technologies such as Network Access Protection and can tell you when your machines are in compliance with NAP policies or out of compliance. You will be able to deploy Vista and Office 12 with it. Now youre probably going…”Yeah yeah you said that before and it was too hard”…Theres much better upgrade planning tools and theres now this great task sequence editor which provides a powerful graphical workflow style UI that gives you control over how you will rollout deployment of Vista and what apps will follow the install. Very, very nice for deployment!!
Theres also a remote management scenario where you can manage remote machines (like people working at home or onsite contractors) without a VPN.
For those of you that found our Software Updates Tools for SMS 2003 difficult to setup and use (I know I did) its much much better and completely integrated. This bit was fully redone and when beta 1 ships you might find the UI is a little slow but its being worked on to make it faster. Its looks so much better than SMS 2003’s experience.
The other bit I liked was the Vulnerability reporting. The ability to perform automated security auditing is so needed I think. Goes beyond patch scanning and can check ACL’s and infrastructure security etc.
Its a subtle thing but the SMS management UI now supports drag and drop and the hierarchy views are going to be simplified. That was so needed! makes things so much easier.
I also loved the fact that theres now Wake-on-LAN as thats always something people ask about!