Fitting Microsoft SMS into Your Environment

Microsoft's SMS , or Systems Management Server , is a component in the Windows Server System. Recently, SMS 2003 was released to manufacturing, and it is somewhat more robust under the hood than its older SMS 2 cousin. It costs an arm and a leg, has a thoroughly esoteric licensing scheme, and requires a client component on every Windows PC and server on your network. But, if you can get over these drawbacks, it houses a pretty amazing collection of core features: :

  • Software and Hardware Inventory

  • Remote Control

  • Software Metering

  • Software Deployment

  • Patch Management

Most of these features would be a welcome addition to any managed environment.

SMS versus GPOs: A Comparison Rundown

Each feature of SMS is meant to chip away at that that golden nugget of Total Cost of Ownership. I often get asked which has more power, SMS or GPSI. Let's take a look at how SMS stacks up against the stuff we get in the box, that is, all the stuff we've looked at thus far.

Hardware and Software Inventory

Hardware inventory and software inventory are two critical elements that administrators need to keep in touch with what's currently out there in their environment. With this information in hand, they can reign in rogue installations of software and hardware.

Without SMS, once software is added via GPSI (or by hand or otherwise ), there is no native way, using just Active Directory with GPSI, to really know who has installed what software. Although using GPSI to set up an OU, a package, and an Assignment is a "pretty good" yardstick for measuring what's out there, you're never certain until an actual inventory of the machine is performed.

No hardware or software inventory is built in to Windows. You could build your own WMI scripts to pull out the hardware and software inventory data you want, but, in doing so you'd go insane. So SMS wins in this category.

Remote Control

The Remote Control feature is Microsoft's version of Symantec's pcAnywhere, but it is extremely lightweight and takes up nearly no disk space. However, it could be argued that having a program such as SMS that specifically contains Remote Control is becoming less important. You can implement remote control "on the cheap" with various other options. In Windows 2000, you can use Netmeeting, which is workable , if not optimal. Or you can use the 100 percent free multiplatform VNC from www.realvnc.com .

Additionally, Windows XP has quite decent remote control built in via its Remote Assistance facilities. Oh, and Terminal Services has its own version of Remote Control called "shadowing."

So, although Remote Control is a great feature, it isn't as important as it used to be.

So, who wins in this category? SMS or "In the Box"? It's a tie.

Software Metering

The Software Metering component has two methods of operation: Lock Out and Log Only.

Lock Out This method (only available in SMS 2 and dropped from SMS 2003) is for strict license compliance. With this option, you can lock out users from applications if the number of licenses dries up across the environment. For example, if you purchased only 25 copies of DogFood Maker 4.5, the 26th person cannot run it.

Log Only This version doesn't lock users out of applications; rather, it simply logs the amount of copies in use. This is useful for gauging licensing compliance, but not quite as intensive as the Lock Out method.

Without SMS, there is no way to gauge who's using what or to force users into compliance. Winner: SMS (if you really need this feature at all).

Software Deployment

This feature does overlap with the Active Directory IntelliMirror feature of GPSI. As we explored in this chapter, Group Policy has a decent set of features when it comes to deploying software to clients .

In the first edition of this book, I said that "SMS's Software Deployment features trounce the built-in features of Active Directory." I don't know if I would still agree with that. SMS does have quite a robust deployment mechanism, and one reason is that it can leverage the WMI query data to target to machines' CPU speeds, amount of RAM, BIOS revision, and so on. But we just did the same thing several pages ago with our Windows XP clients, so GPSI is certainly catching up!

Several facets of SMS software deployment are better than the GPSI. Specifically, SMS can do the following that GPSI cannot:

  • Deploy software to users or computers any time of the day or nightnot just on logon or reboot.

  • Compress the application and send it to a distribution point close to the user . Even if we set up GPSI with Dfs, we cannot do this.

  • Target software to all Windows 32-bit platforms, including Windows 9x , Windows NT, and Windows 2000 clients and servers. GPSI works only with Active Directory and Windows 2000, Windows XP, and Windows 2003 clients.

  • Once a machine is targeted for a delivery and the package is received, the machine can send back detailed status messages describing success or failure of the transaction.

  • Dribble the applications to clients over slow links without slowing down the connection. Only when the software is fully downloaded is the install initiated.

So, SMS wins in this category by some margin if you have Windows XP clients and, by a larger degree, if you have anything else. However, with a little elbow grease you can really get an amazing amount of mileage out of GPSIeven in really big environments.

Patch Management

SMS also has decent patch management support, which is really just a customized extension of its Software Deployment feature. It's really, really good. You can target specific machines with specific patches. Once the patches are received, you can dictate how to react : wait for reboot, reboot now, and so on.

However, Microsoft has just released Windows Server Update Services (WSUS), found here: http://www.microsoft.com/windowsserversystem/updateservices/default.mspx . The old way was to use SUS to do the patch management, but it had some major drawbacks. That is, SUS can't target specific machines with specific patches; rather, all machines that use the SUS server get the same packages.

However, now that WSUS is available, the major drawbacks are basically gone. You can dictate specific patches for specific machinesall in a very slick interface.

Winner? As of this writing, SMS uses the old MBSA 1.0 engine to determine which patches are needed, and WSUS uses MBSA 2.0. So right now SMS has lost the patch wars to its free cousin, but I expect an update to SMS that will quickly rectify this, so stay tuned .

GPSI and SMS Coexistence

Okay, I'm forced to admit itSMS does have more raw power. However, I would argue that with a little finesse, you can squeeze quite a lot out of the IntelliMirror tools you have come to learn about with Group Policy. Some organizations use either GPSI or SMS, and some shops use both. Although no two organizations ever do anything exactly the same way, there does seem to be a general trend in those places where SMS and GPSI coexist.

First, SMS is generally used in heterogeneous environmentsthat is, where there's a mix of Windows 2000 and non-Windows 2000 workstations and servers. Because GPSI works only with Active Directory and Windows 2000, Windows XP, and Windows 2003 clients, SMS makes sense in these cases.

If whether to use GPSI or SMS is a toss-up, GPSI is generally used to deploy smaller applications that need to be rapidly fired off due to document invocation. For example, if a user is sent an Adobe Acrobat PDF file via e-mail but doesn't have the reader, double-clicking the document automatically installs the application on the machine.

SMS, on the other hand, is typically used to deploy larger applications, such as the Office suite, when you need definitive feedback about what went wrong (if anything). This philosophy provides a good balance between the "on demand" feel of GPSI and the "strategic targeted deployment" feel of SMS.

As you've seen, most of the features do not overlap, making SMS a terrific addition to any medium or large environment.



Group Policy, Profiles, and IntelliMirror for Windows 2003, Windows XP, and Windows 2000
Group Policy, Profiles, and IntelliMirror for Windows2003, WindowsXP, and Windows 2000 (Mark Minasi Windows Administrator Library)
ISBN: 0782144470
EAN: 2147483647
Year: 2005
Pages: 110

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net