ADMIN
Management Desktop Authority Lead image: Wamsler, Fotolia
Wamsler, Fotolia
 

Client management and configuration

Control Center

Many commercial and free solutions exist to centralize the management of Windows clients. Desktop Authority by ScriptLogic has a number of features that set it apart from the crowd. By Björn Bürstinghaus

Centralized client management is possible in the enterprise with the use of group policy functionality included in Windows. However, administrators will soon find themselves encountering restrictions in configuration and deployment. Desktop Authority http://1 offers several options for automating computer and user profile provisioning on top of group policy management (Figure 1). Additionally, Desktop Authority includes remote management and hardware and software inventory functionality, along with the USB port security module and the password self-service for fast resetting of passwords by users.

The Desktop Authority Manager window in a typical Windows layout with the navigation tree on the left and the details in the main panel.
Figure 1: The Desktop Authority Manager window in a typical Windows layout with the navigation tree on the left and the details in the main panel.

Installation and Setup

To install Desktop Authority, you will need an Active Directory structure: The integration and assignment of various profiles uses the Netlogon share on the domain controllers.

Desktop Authority will install on Windows Server 2003 (R2) and Windows Server 2008 (R2). The configuration and inventory data for the reporting functions are store in a Microsoft SQL Server database.

During the Desktop Authority installation process, you can install the free SQL Server 2005 Express version automatically. Alternatively, Desktop Authority can use an existing SQL Server 2005 or 2008 for the Reporting and Configuration databases.

Desktop Authority uses its own client application to integrate clients; you can use group policies http://2 to distribute the client to 32- or 64-bit systems either globally or at an organizational unit level.

To integrate individual users, you need to assign individual login scripts. Which user receives which privilege assignments and settings is not controlled by the login script but by the individual profiles configured in Desktop Authority.

Creating Profiles

Automating the process of creating computer and user profiles can be done in the Desktop Authority Manager (Figure 1), which you can run on the installed server or on any XP, Vista, or Windows 7.

To do so, you create profiles in Desktop Authority, which then can be applied to various Active Directory users and groups, organizational units, or computers with the use of the built-in validation logic.

The choices that Desktop Authority offers administrators creating profiles are versatile and leave little to be desired, whether you need to assign network printers, map network shares, configure an Office Outlook profile for a standardized signature, or specify a default Exchange Server.

Validation Logic

ScriptLogic, the maker of Desktop Authority, has a patented and comprehensive validation logic for profile assignments that can be controlled by the administrator through registry entries, by MAC address, or even through the use of a time-driven approach (Figure 2).

Administrators can define the validation logic for profiles.
Figure 2: Administrators can define the validation logic for profiles.

Clicking the checkbox by the NOT operator allows you to exclude users or computers from a specific profile. Additionally, you can specify whether the assignment should apply to workstations, laptops, or servers or just to machines with specific versions of Windows.

Software Distribution

Desktop Authority can handle software installation package distribution to specific departments, users, or globally on the basis of validation logic. It also supports Microsoft Installer (MSI) files, which most software vendors provide to enterprise users today.

Administrators can decide for individual packages whether the installation should be visible or run in silent mode. Also, you can choose to execute the MSI file using the administrator account.

For users who want to create and edit their own MSI packages, ScriptLogic offers MSI Studio http://3, its own proprietary solution. If MSI Studio is installed on the same system as Desktop Authority Manager, it integrates directly with Desktop Authority.

Windows Updates via WakeOnLAN

The latest version of Desktop Authority allows the administrator to install and configure a WakeOnLAN server. For example, you can wake up your clients at a predefined time (e.g., to install Windows), perform updates in the middle of the night, or execute preconfigured tasks. The ability to set the power management options in profiles means that this function offers perfect control of how long the client systems will continue running after waking up.

Remote Support

The remote management solution in Desktop Authority for administrator or help desk support can also be installed and enabled on all the systems in the network with the use of validation logic.

Besides remote access and control of individual systems, Desktop Authority offers administrators options for managing remote workstations, laptops, or servers. Access to these systems can be initiated directly in the Desktop Authority Manager, or you can use the Java client in the web browser on any client.

Note that to allow access via the port used by the remote control solution, you will need to add an exception for Windows Firewall to the client policy.

Inventory and Reporting

A full-fledged client management suite naturally needs to include hardware and software inventory features, and Desktop Authority does. These features give the IT staff a large collection of predefined reports for various areas (see Figure 3). You can generate reports on the fly or schedule report generation. Additionally, reports can be stored in PDF documents or dispatched via email.

The reporting function in Desktop Authority.
Figure 3: The reporting function in Desktop Authority.

Besides using predefined reports, you can also modify reports to suit your own requirements or generate new report types. Desktop Authority includes its own reporting tool (Figure 4) for this purpose, which is extremely useful for customizing reports.

Custom reporting.
Figure 4: Custom reporting.

Avoiding Localization Problems

From many years of experience working with this product, I can advise administrators to use an English language Windows server system for the installation. Although ScriptLogic tries hard to support languages other than English, issues can occur in the inventory and reporting feature if you use anything but an English language version.

These issues occur not only for installations on domain controllers, but also when installing on member servers. However, they affect only the internal core components and do not affect communications with other domain controllers, which can use a non-English operating system configuration.

Conclusions

Many products exist for client system management on enterprise networks. Desktop Authority combines a variety of modules in a single solution and offers full-fledged management, inventorying, and provisioning of computer and user profiles – all of which can save administrators much time and expense in their daily work.