IntelliMirror and Systems Management Server 2.0

At first glance, some elements of IntelliMirror will probably look and feel a lot like SMS 2.0. IntelliMirror technology represents a robust set of Windows 2000 operating system features designed to facilitate desktop change and configuration management within a localized network environment. Its management focus is on user data, software installation and maintenance, user settings, and remote operating system installation. IntelliMirror is itself part of the Active Directory implementation of Windows 2000 and makes use of many Windows 2000 technologies, including Group Policy, Offline Folders, and Windows Installer.

Active Directory is the fully extensible and scalable directory service used by Windows 2000 to identify all resources on a network and make them available to users and applications. It is designed to make the physical location of a resource transparent to the user or application, thus providing a single point of logon for users and a single point of object administration.

The idea behind these powerful IntelliMirror features is to provide the Windows 2000 user with a consistent desktop environment that can follow the user from computer to computer. In this respect, rather than being an alternative to SMS 2.0, IntelliMirror is the next generation of system policy management and Microsoft's Zero Administration initiative for Windows. In this section, we'll look quickly at how these features work.

Group Policy

A key technology in implementing IntelliMirror features is the use of Group Policy to define various settings. Group Policy is a collection of desktop and registry configuration settings that can be applied to users and computers. Group policies allow the administrator to configure not only user settings such as which programs appear on the desktop and whether a user can access the Run option on the Start menu, but also computer-specific settings such as startup scripts, account policies, and service settings. Figure 20-1 shows an example of the Group Policy Microsoft Management Console (MMC) snap-in, with computer and user configuration options displayed.

Group policies are generally configured at the Windows 2000 site level, domain level, or organizational unit level and typically apply to objects identified within those levels. Each of the IntelliMirror features can be implemented through a Group Policy setting.

Figure 20-1. An example configuration of Group Policy.

User Data Management

The idea behind the user data management feature is to ensure that a user's data files are always accessible to the user regardless of whether the user has moved from one computer to another or even whether the user is logged onto the network. This accessibility is accomplished by mirroring data files to a designated network location, caching copies locally, and keeping the two versions synchronized. The My Briefcase tool, which was introduced in Microsoft Windows 95, provided similar functionality.

The user data management feature uses the following Windows 2000 technologies: Active Directory, Group Policy, Offline Folders, Synchronization Manager, and Folder Redirection. A user folder, such as My Documents, is redirected to a network server and configured for offline use. Whenever a user saves a file to the folder, it is actually saved on the network server and synchronized back to the locally cached version of the file. If for some reason the user is not connected to the network, the file can still be accessed because a copy has been saved locally. When a network connection is reestablished, Synchronization Manager synchronizes the local version with its network counterpart. This process remains mostly transparent to the user.

Figure 20-2 shows the property settings that make the My Documents folder available on line and off line. You can set up any other folder in a similar way.

Figure 20-2. The Sharing tab of the My Documents Properties window.

In addition to the usual sharing permissions, you can also configure caching settings for offline access. To do so, click the Caching button on the Sharing tab of the My Documents Properties window to display the Caching Settings dialog box, shown in Figure 20-3.

Figure 20-3. The Caching Settings dialog box.

The Caching Settings dialog box contains three caching options: Automatic Caching For Documents, Automatic Caching For Programs, and Manual Caching For Documents. Automatic Caching For Documents provides offline access to any file that a user opens when accessing the shared folder. Automatic Caching For Programs provides offline access to files that are read, referenced, or run but not changed in any way. This option also requires that you set the permissions on files in the shared folder to Read-Only for those users that will require offline access to them. Manual Caching For Documents provides offline access to only those files that are specifically identified by a user accessing the shared folder. Manual Caching For Documents is the default setting when a folder is configured to be used off line.

Using Group Policy, you can define a folder location so that the folder will be accessed by a Windows 2000 site, domain, or organizational unit. Figure 20-4 demonstrates that every domain user's My Documents folder is redirected to the same network share point: \\cairn1\public.

Figure 20-4. Using the folder extension to Group Policy to redirect the My Documents folder.

Windows Installer

Another key technology in implementing the IntelliMirror feature is the Windows Installer service. A Microsoft Installer (.MSI) package file defines the rules that govern the installation of the application. This file contains a relational database that stores all the instructions, files, and data needed to successfully install, uninstall, or repair an application. In this respect, the Microsoft Installer package file is similar to a package created using SMS Installer.

Unlike SMS Installer, however, Windows Installer runs as a Windows 2000 service on client computers. In addition to installing applications, Windows Installer can perform the following tasks:

• Restore the computer to its original state if the installation fails
• Reduce conflicts over shared resources between existing applications
• Reliably remove applications it has installed
• Repair and replace application files that are corrupt or missing
• Support on-demand installation of application subcomponents
• Support unattended installation of applications

NOTE

---

In order to use the Windows Installer feature to support a software application, the Windows Installer package files for that application must be obtained from the application's developer or manufacturer. The package files can also be created using Seagate's Veritas WinInstall program, which provides functionality similar to SMS Installer 2.0. SMS Installer 2.0, unfortunately, does not support the creation of .MSI files in its current release. At this writing, WinInstall is included on the Windows 2000 source file CD. Microsoft is developing an SMS Installer Step-Up utility that will migrate packages from SMS Installer format to Windows Installer format.

Software Installation and Maintenance

The software installation and maintenance feature is designed to make applications available to the user as a matter of policy, meaning that we can identify which applications need to be installed, upgraded, or removed from the user's desktop. This feature can be applied not only to users, but also to computers. It uses the following Windows 2000 technologies: Active Directory, Group Policy, and Windows Installer.

An application can be either assigned or published. When an application is assigned, a shortcut to the application is added to the Start menu on the user's desktop and the appropriate file associations are created in the registry. The application is fully installed the first time the user tries to open the application—or a file associated with the application. Through the Windows Installer service, all the files necessary to run the application are copied and installed from a source file location before the application is started. Similarly, if the application has already been installed but is missing some files, perhaps through user intervention, Windows Installer copies the missing files before starting the application, thus providing an automatic repair function for assigned applications.

When an application has been published, it is listed as an available program under Add/Remove Programs in Control Panel. Users can choose to install the application at their discretion. Also, if the user opens a document that requires a published application, the application will be installed at that time. Again, Windows Installer can perform an automatic repair if the application has been installed but has some files missing. Figure 20-5 shows an example of an application that has been published to all users in the domain through a group policy named publishapps.

Figure 20-5. Sample application published through a group policy.

This sounds a lot like what SMS 2.0 can do, doesn't it? In fact, you can think of an assigned application as an SMS 2.0 program that has been advertised to run at a specified time and a published application as an SMS 2.0 program that has been advertised with no specific assigned schedule.

However, using the software installation and maintenance feature to deploy an application is highly specific and policy oriented. It represents a "just in time" type of deployment; you cannot schedule when you want the application to be deployed. It is really designed to facilitate the deployment of applications to users and computers as defined by their position in the Active Directory tree or their organizational unit membership.

NOTE

---

All the IntelliMirror features discussed so far are specific to Windows 2000 systems and do not apply to computers running any other Windows operating system.

SMS 2.0, of course, supports not only Windows 2000 computers but also those running other Windows operating systems for the purpose of distributing packages. SMS 2.0 also provides you with more options for defining precisely how, when, and to whom an application is distributed.

NOTE

---

SMS 2.0 does not support Windows 2000 Active Directory or Group Policy. Only Windows 2000 servers without Active Directory installed can be site servers.

User Settings

Like user data files, we can also configure user settings to follow users as they move from computer to computer. These settings might include the user's personal preferences, such as Internet Explorer favorites. They might also include administrative settings designed to lock down the system, such as hiding the Run command on the Start menu and configuring what icons the user can see through Control Panel. This user settings feature functions much like the Microsoft Windows NT 4.0 system profiles. It uses the following Windows 2000 technologies: Active Directory, Group Policy, and Roaming User Profiles. Roaming user profiles are those Windows NT or Windows 2000 user profiles that are stored on network servers so that the users can access their personal desktop settings from any machine on the network.

Figure 20-6 shows the list of configurable settings relating just to the Start menu and the taskbar with the Remove Run Menu From Start Menu option enabled. Again, this configuration is accomplished through the use of Group Policy and set as part of the User Configuration options.

Figure 20-6. Start menu and taskbar configurable administrative settings.

Remote Operating System Installation

By loading and configuring DHCP and the Windows 2000 Remote Installation service, you can add the ability to install or rebuild Windows 2000 Professional on specified computers. During its initial boot sequence, the computer will request a service boot, allowing it to connect to a Windows 2000 Remote Installation server. The Remote Installation service checks Group Policy information to determine which configuration of Windows 2000 Professional should be installed on the client computer—for example, a laptop configuration or a desktop configuration.

As with the other IntelliMirror features, Active Directory and Group Policy are key technologies for the remote operating system installation feature. The client computer itself makes use of Preboot eXecution Environment (PXE) DHCP-based remote boot technology to initiate the service boot. Computers that conform to the PC98 hardware specification will support remote operating system installation. Computers whose hardware does not support remote operating system installation can still take advantage of this feature by using a remote boot disk that you can create.

Complementary Features in Systems Management Server 2.0

Whereas IntelliMirror technology is Windows 2000-based, relying specifically on Active Directory and the use of group policies to perform its tasks, SMS 2.0 is more enterprise-oriented, supporting a wider range of operating systems and providing the administrator with more flexibility and granularity in its configuration. As mentioned, IntelliMirror is designed to provide follow-me functionality for user or computer settings, including application deployment and repair. SMS 2.0 can also deploy applications—as well you know by now. As you also know, many more deployment options are available. For example, we can group users and computers into collections that can be dynamically updated, and we can specify when and where packages should be distributed and when and how programs should be run on the client computer.

SMS 2.0 also provides inventory collection and management tools, network monitoring tools, software metering functionality, and remote diagnostic utilities. Together, SMS 2.0 and IntelliMirror provide a complementary collection of system management features that neatly centralize user and computer resource management in the hands of the administrator.