Microsoft System Management Server 2003

The last time we looked at Microsoft’s System Management Server, it was in the middle of a long beta-test cycle. While the basic features of the product haven’t changed, there have been some minor improvements, including a heavy focus on security. We recently tested the latest version and found it a marked improvement over earlier ones. Of particular note is a new Web-based reporting feature that presents information in a simple-to-filter and easy-to-read way.

SMS has undergone something of a purpose change with a focus on features that help identify security vulnerabilities and distribute critical updates. Traditionally, SMS has been a true desktop management  tool, with features including hardware/software inventory, software distribution, software metering and remote control. Most of these features also help implement the security focus by detecting software that needs updating and distributing those updates to only those computers that need it.

How we did it

Review: NetSupport DNA

Archive of Network World reviews

Subscribe to the Product Review newsletter

Security focus

The biggest security focus area for SMS 2003 deals with patch management. SMS 2003 uses the Microsoft Baseline Security Inventory Analyzer and Office Update Inventory tool to scan all clients for missing security patches. These scan results are made available to administrators in the SMS database for reporting or targeting. A patch installation wizard helps deploy critical patches and can be used by security information personnel and IT support staff. The advanced SMS client knows how to handle patch chaining, meaning it will properly sequence updates.

Microsoft’s Software Update Service (SUS) provides automatic security updates for computers that are directly attached to the Internet. But this can be a problem for machines behind a corporate firewall. To help deal with this, Microsoft offers a free add-on for Windows Server 2000 or 2003 that will provide the same functionality as the Internet-based service. The SUS server must be able to synchronize with the Windows Update site and will function as the host server to all clients behind the firewall. SUS can be downloaded here.

Hardware and software inventory

SMS 2003 does a competent job of gathering detailed hardware and software inventory information. In our test configuration, it correctly identified all the client systems’ hardware. On the software side, SMS 2003 by default returns a high level of detail about every executable file that it finds. That makes for lots of wading through rows of information when you only want to know what version of Internet Explorer is installed across your corporation. If you’re looking for just one piece of information, this can be frustrating. Fortunately, you can build specific queries to help answer easy questions. However, building queries might require some basic knowledge of SQL and the syntax of a SQL command.

Viewing reports with the report viewer lets you display one of the many canned reports, or you can customize one for a specific result. The Web-based presentation delivers a quantum jump in ease of use. In addition to the Web browser display are options to copy, export, print,

e-mail or add the report to your favorites. For frequent report viewers there’s a dashboard feature that lets you define up to four different report views in the four quadrants of a Web screen.

Software distribution and app healing

SMS 2003 uses new features that help simplify and streamline software distribution. The SMS 2003 Advanced Client uses the same technology developed for Windows Update Service, called Background Intelligent Transfer Service (BITS), to perform all software distribution. BITS performs tasks such as resuming an interrupted file transfer, large transfers during non-peak hours and managing bandwidth usage.

Creating a package for distribution depends on the software. If the application is from Microsoft, you shouldn’t have a problem. After completing a network install to a distribution point, the software can be advertised for any client to download. For non-Microsoft applications, you’ll need to use a third-party vendor, such as InstallShield, NetInstall (see “Installation via NetInstall”) or Wise, which can help you create a Microsoft Systems Installer.

Documentation and installation

A quick read of the installation documentation paints a good picture of the product’s complexity. Completing a successful installation requires planning, patience and perseverance. If at first you don’t succeed, try a different option. Better yet, make sure you understand what the different options mean before you choose one. Don’t pick the Express option the first time you install SMS 2003, primarily because it doesn’t install a management point (see here) and without that you can’t communicate with any advanced clients.

Installing SMS 2003 is not a trivial task. Some installation tasks will vary depending on the platform. With Win 2000 Server, you must run a separate program to extend the Active Directory schema before you install SMS 2003 if you want the installation program to do all the Active Directory modifications for you. You could do it after the fact, but it’s better to let the installation program do it for you. Also make sure that things such as DNS are configured properly for your primary site server and network in general. While this might not be a big deal for a large corporate network already running in an Active Directory environment, it could be a problem for anyone migrating from Windows NT.

Microsoft has emphasized providing assistance for various SMS-related tasks with tools such as the Deployment Readiness Wizard that runs specific tests to determine if an upgrade from SMS 2.0 would fail. There’s also a client push installation wizard to help get the client software installed. One catch here: You need to have an SMS client push account in the domain with administrator privileges for the client installation.

There are a number of long documents that try to answer questions and provide information for the multiple scenarios. At 676 pages, the “Concepts, Planning, and Deployment Guide” goes into great detail. It covers a number of different scenarios from upgrades to new installations on different platforms. Overall it’s good, but don’t expect to absorb everything in one session.

The company has gone to great lengths with this release to beef up the documentation and online content it provides with the product. The SMS area on Microsoft’s Web site has expanded to provide several tools and articles to assist the novice and experienced system administrator. A good example of this is the SMS 2003 Tool Kit 1 (more info here), which has various templates and programs to configure the system and diagnose problems.

Bottom line

In the end, it’s all about features and requirements. SMS 2003 is a plus for large installations that need to get a grip on the security management problem. As an added plus, it handles the standard desktop management chores with ease.