Over the past 12 years, I've written about nearly every server product that Microsoft makes. But one product I've
rarely written about is Microsoft's SMS Server. I've always found SMS Server to be overly complicated for what it does, and thought there were better third-party products available for systems management.
I recently had the chance to spend some time working with Microsoft's System Center Configuration Manager 2007 (SCCM). SCCM 2007 is slated to be the replacement product for SMS Server 2003. Although SCCM 2007 is still in beta, it shows a lot of promise, and is far easier to use than some of the earlier versions of SMS Server.
But what makes this product worth taking a look at is the way it's designed to work with other Microsoft products. One of SMS Server's primary jobs has always been deploying software to network workstations. SCCM 2007 offers full deployment capabilities, but it's also designed to work alongside WSUS 3.0. You can browse the available updates directly through SCCM 2007, as well as seeing statistics such as how many clients have installed a particular update, how many clients still require the update and how many clients have not yet reported their status in regard to the update.
Just as SCCM is capable of installing applications and software updates, it looks like it will probably become the preferred method for installing Windows Vista. One of SCCM's new features is that it supports manual machine import for bare metal systems. This makes it simple for administrators to use SCCM to deploy Windows Vista to workstations that do not currently have an operating system installed.
Desired Configuration Management
Another feature I like is the Desired Configuration Management feature. The idea behind this feature is that most companies have a standard configuration that they use for network workstations. This configuration might include security settings, display settings, drivers, applications and anything else that the company deems important.
SCCM 2007 allows administrators to perform an analysis on a properly configured workstation, and create a configuration baseline. This baseline defines what it means for a workstation to be configured in "the right way." SCCM allows administrators to periodically compare network workstations against the configuration baseline to see if any workstations are configured incorrectly. This allows administrators to easily spot incorrect security settings or any other anomalies that could become problems.
I've also been told that SCCM 2007 has been designed to support new features in Windows Server 2008. For instance, SCCM will be able to receive system health validator information (system health validators are a part of Windows Server 2008's Network Access Protection feature. The idea is that you can create a template that defines what it means for a workstation to be healthy. For example, you might require the Windows firewall to be turned on, or antivirus software to be installed. If a workstation is out of compliance with this policy, Windows can automatically take corrective action or can isolate the workstation from the rest of the network.
What I've been told is that Windows Server 2008 will provide the foundation for Network Access Protection, but that SCCM 2007 will be the primary mechanism for managing Network Access Protection policies. I've worked with the Windows Server 2008 beta enough to be able to tell you that you can manage Network Access Protection policies directly through Windows, but I suspect that SCCM will greatly simplify the process.
About the author: Brien M. Posey, MCSE, is a Microsoft Most Valuable Professional for his work with Windows 2000 Server, Exchange Server and IIS. He has served as CIO for a nationwide chain of hospitals and was once in charge of IT security for Fort Knox. He writes regularly for SearchWinComputing.com and other TechTarget sites.
More information on this topic:
- Tip: Microsoft rebrands SMS
- Topics: Systems Management Server
- RSS: Sign up for our RSS feed to receive expert advice every day.