You probably spend as much if not more time administering users as you do applications. IntelliMirror allows you to better control those users via two features: User Data Management and User Settings Management. Each of these features is complex and requires other Windows 2000 features to implement, such as group policies and Active Directory (AD). So before you implement either, you should determine whether or not it would be a cost-effective solution to your user-management problems. In this Daily Feature, I will explain these two IntelliMirror features and how you can figure out the ROI for implementing each in your organization.
Need to know more about IntelliMirror?
For the basics on IntelliMirror and how it works, read "IntelliMirror: What it is and what it isn't."
Planning for User Data Management through IntelliMirror
One of the primary benefits of IntelliMirror is that user data is available from any logon location, which enables users to roam the network and still have access to their data. For example, a user can log on to any computer, open My Documents from the desktop, and find the same set of files. You can achieve the same results with a simple roaming profile, but when using IntelliMirror's folder redirection, files are not copied across the network to the local computer during logon. This reduces network traffic and helps manage disk utilization at the workstation level. An added benefit is decreased logon time—users can access the desktop much more quickly when Windows isn’t copying a large amount of data across the network.
Folder redirection also improves data availability and recovery. Placing the files on the server allows you to back up files easily and consistently and recover them, if needed. However, folder redirection provides the same type of recoverability for workstations as IntelliMirror provides for application recovery. If a user’s computer goes down and the user’s documents are hosted locally, it’s often very difficult to retrieve those documents. With folder redirection, however, the user simply logs on to another computer. IntelliMirror not only takes care of providing the required applications—assuming you’ve set it up to do so—but the user’s documents are instantly available because group policy allows for the user's folders to be redirected, and they will appear no matter which computer the user logs on to on the network. You consequently spend no time dealing with recovery, beyond providing another computer to the user.
The planning and implementation stage is considerably shorter with folder redirection; however, some of the requirements for providing this redirection in IntelliMirror are the same as for deploying applications. Although you can redirect folders without them, group policies still offer the best method for redirecting user data on a wide basis. For that reason, users whose folders will be redirected need their user accounts hosted on a Windows 2000 Server domain (implying that you need AD to make it work) and will use Windows 2000 as their host operating system. You might also need to restructure the domain to provide the appropriate levels at which to apply the group policies that will accomplish the redirection.
To evaluate how much it will cost to implement folder redirection in your organization, start by deciding which users will benefit. Plan out how the AD must be restructured, if at all, and how you will apply the group policies to control redirection. Both of these steps are probably minimal, so there should be relatively little cost associated with them.
Figuring an ROI for folder redirection can be much more difficult than actually implementing it. You must determine how the distributed availability of user data will effect users and apply a cost benefit to it. Also, conclude how frequently you are tasked with restoring user data and apply a cost to that task. Factor in the savings afforded by reduced user downtime and intangibles such as potential lost business caused by lost data. Finally, determine the cost savings of improved backup and recoverability for user data.
Planning for User Settings Management through IntelliMirror
For IntelliMirror, group policies target two intertwined issues: change control and security. Change control refers to your ability as an administrator to control changes to the operating system—both major and minor—that can affect system stability, functionality, and security. For example, group policies enable you to extend change control over the following:
- Hardware configuration
- Client environment configuration such as desktop settings, working environment, logon settings, etc.
- Operating system options such as optional applications and features
- Security settings and policies
- Connectivity and access to network resources
Change control and the application of security restrictions through group policy falls under the IntelliMirror umbrella. Both of these aspects of IntelliMirror reduce administrative overhead, improve security, and reduce user downtime. Change control decreases user downtime by reducing the number of support incidents and the corresponding cost in support time. For example, restricting access to configuration tools such as the Control Panel can stop users from making changes that can prevent their applications from working properly or that can prevent their systems from booting. Change control reduces administrative overhead for the same reason; if users can’t get into trouble, you have nothing to fix.
To understand how you can benefit from change control, you need to understand the types of users in your organization and the tasks they perform on a regular basis. With this information in hand, you can begin to develop change control policies based on users' job function, skill level, security levels, and applications required. Then, you can translate those user classifications into domain security groups and/or organizational units by which you can apply group policies. As you examine how each user performs his or her job, also consider the type of system he or she uses. Fixed workstations running Terminal Services and no Internet connectivity pose little risk for virus infection or introduction of unauthorized applications onto the network. Notebook computers fit at the other end of the spectrum, posing a much greater security threat. You generally have little control over what users do with their notebooks outside the office, so you need to take additional steps to guard against that risk.
You also need to examine and understand your users’ applications and how they work with them. This will enable you to build policies and restrictions that enable users to continue to work with and modify their applications as needed but still prevent the potential problems that can arise when users make system and software configuration changes.
Putting a cost on change control and determining an ROI is much the same as with the other features of IntelliMirror. Identify the changes you need to make, such as restructuring the AD, building group policy objects, and so on, and apply a cost to each one based on the amount of time required to accomplish it. To determine the ROI, explore each potential problem that change control will overcome in your organization and then, based on projected savings or historical data, determine the value of the reduced downtime and reduced administrative overhead you’ll achieve through improved control.
Although you spend a lot of time managing applications on your network, if it weren’t for the users, you’d have no reason to be managing applications in the first place. As such, managing users can take as much time, if not more, than managing the applications they use. IntelliMirror can help save time in some organizations. Once you know the features of IntelliMirror, you can decide whether the amount of time necessary to deploy them make sense for your network.