Microsoft System Management Server 2003

SMS 2003 focuses on improving security

The last time we looked at Microsoft's System Management Server, it was in the middle of a long beta-test cycle. While the basic features of the product haven't changed, there have been some minor improvements, including a heavy focus on security. We recently tested the latest version and found it a marked improvement over earlier ones. Of particular note is a new Web-based reporting feature that presents information in a simple-to-filter and easy-to-read way.

SMS has undergone something of a purpose change with a focus on features that help identify security vulnerabilities and distribute critical updates. Traditionally, SMS has been a true desktop management  tool, with features including hardware/software inventory, software distribution, software metering and remote control. Most of these features also help implement the security focus by detecting software that needs updating and distributing those updates to only those computers that need it.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

The last time we looked at Microsoft's System Management Server, it was in the middle of a long beta-test cycle. While the basic features of the product haven't changed, there have been some minor improvements, including a heavy focus on security. We recently tested the latest version and found it a marked improvement over earlier ones. Of particular note is a new Web-based reporting feature that presents information in a simple-to-filter and easy-to-read way.

SMS has undergone something of a purpose change with a focus on features that help identify security vulnerabilities and distribute critical updates. Traditionally, SMS has been a true desktop management  tool, with features including hardware/software inventory, software distribution, software metering and remote control. Most of these features also help implement the security focus by detecting software that needs updating and distributing those updates to only those computers that need it.

Security focus

The biggest security focus area for SMS 2003 deals with patch management. SMS 2003 uses the Microsoft Baseline Security Inventory Analyzer and Office Update Inventory tool to scan all clients for missing security patches. These scan results are made available to administrators in the SMS database for reporting or targeting. A patch installation wizard helps deploy critical patches and can be used by security information personnel and IT support staff. The advanced SMS client knows how to handle patch chaining, meaning it will properly sequence updates.

Microsoft's Software Update Service (SUS) provides automatic security updates for computers that are directly attached to the Internet. But this can be a problem for machines behind a corporate firewall. To help deal with this, Microsoft offers a free add-on for Windows Server 2000 or 2003 that will provide the same functionality as the Internet-based service. The SUS server must be able to synchronize with the Windows Update site and will function as the host server to all clients behind the firewall. SUS can be downloaded here.

Hardware and software inventory

SMS 2003 does a competent job of gathering detailed hardware and software inventory information. In our test configuration, it correctly identified all the client systems' hardware. On the software side, SMS 2003 by default returns a high level of detail about every executable file that it finds. That makes for lots of wading through rows of information when you only want to know what version of Internet Explorer is installed across your corporation. If you're looking for just one piece of information, this can be frustrating. Fortunately, you can build specific queries to help answer easy questions. However, building queries might require some basic knowledge of SQL and the syntax of a SQL command.

Viewing reports with the report viewer lets you display one of the many canned reports, or you can customize one for a specific result. The Web-based presentation delivers a quantum jump in ease of use. In addition to the Web browser display are options to copy, export, print,