More than just a handy suite of tools to help harassed systems administrators get to grips with managing thousands of desktops and servers, Microsoft's System Management Server 2003 has evolved into a product that can test endpoints on the infrastructure for vulnerabilities and offer remediation as well as offering the more standard Network Management utilities.
As you would expect from a Microsoft product, it is fully integrated with Active Directory and uses SQL Server as its back-end database. But the installation process is not something to be undertaken lightly and you need to put a fair amount of effort into the planning the installation before setting out. You need to set your site server as the default Management Point, for instance, as without it you won't be able to communicate with the Advanced Clients installed on your desktop machines. And if you simply choose the default 'Express' installation, it doesn't do this for you.
Once the Advanced Client software has been installed on all of your desktop machines, however, the strengths of the product shine through. It's desktop management features are particularly strong, for instance. From the console you can immediately see inventories of hardware and software on the network, and in not inconsiderable detail. It also offers software distribution and remote control of desktops throughout the network.
The product takes advantage of BITS (Background Intelligent Transfer Service), the service used by Windows Update, to both patch PCs against the latest threats. This takes advantage of leftover or unused bandwidth to install patches and other software across the network without affecting the overall speed of the network. On our test network it was true to its word and didn't appear to affect performance unduly.
And, as you would expect of Microsoft's new found enthusiasm for security, the product now uses the Microsoft Baseline Security Inventory Analyzer as well as the Office Update inventory tool to make sure machines are up to date with patches.
When we tested the product's ability to find out exactly what was on our test network, it did a reasonable job of collecting data, correctly identifying the hardware and software we had on our systems. We found a good level of detail, with the software cataloguing just about every program file across the network.
It works with SQL Server, so anyone who has knowledge of queries can interrogate the database to find out who has what version of Office or Internet Explorer. But you can also generate reports using the report viewer, which can be accessed using a web browser.
Creating packages for installation to remote desktops is very easy to do, if that product is another Microsoft product. But as is the way with so many Microsoft products it becomes much more of a challenge when you start to factor in non-Microsoft applications. If you really need to do this, you'll have to rely on a third party install such as InstallShield's Wise - which not ideal.
That said, Management Server 2003 is a quality product that effortlessly combines desktop and security patch management. If you're a large enterprise happy to stick with the Microsoft way of doing things it should definitely be on your shortlist.
Verdict
Fine for large enterprises who are happy to stick to with the Microsoft way, but it isn't the most flexible of solutions
