As a network administrator, you probably spend as much time administering users as you do administering the network itself. However, you can cut down on that user administration time with IntelliMirror. This integral set of management features in Windows 2000 allows you to manage applications from a central location and control user data and settings. But since it’s made up of several features in Windows 2000, IntelliMirror can be confusing to understand and use. To help you comprehend this perplexing topic, I will detail the features of IntelliMirror and how you can use them together to simplify user administration in your organization.

What is IntelliMirror?
It’s probably best to start by saying what IntelliMirror is not. Unlike Novell’s ZENworks, which performs functions similar to IntelliMirror, IntelliMirror is not an application, a utility, a discrete function, or an administration tool. You will not find IntelliMirror on any service pack, software library, or utilities CD. You also will not find it on any of Microsoft’s numerous Web sites.

IntelliMirror is a simply a term that encompasses a set of management features, which utilize a set of powerful technologies built into the Windows 2000 OS. It uses features in Microsoft Windows 2000 Server and Microsoft Windows 2000 Professional to allow users’ data, software, and settings to follow them. With it, users have constant access to all of their information and software. Whether or not they are connected to the network, they can rest assured that their data is safely maintained and available.

Of course, for this to work on a stand-alone computer, the computer must be capable of connecting to a network and must do so at some stage to synchronize with the server-side copies. Needless to say, if a user makes changes to a document on a stand-alone computer that isn’t connected to a network and then goes to another computer to access that document, the changes won’t show up because the first computer hasn’t connected to the network and synchronized its data with the server.

IntelliMirror is made up of three features:

  1. User Data Management manages files and other data that users create and use in association with their jobs. You can redirect a user’s data to specific data folders or to a network location and then make this folder or location available to the user for offline use. Users can then access data no matter where they are but still have the confidence that their data is centrally located for security and backup purposes.
  2. User Settings Management allows you to centrally define and control the computing environment for various groups of users and computers. If a computer dies, you can also use this feature to easily restore user settings, including personal preferences and centrally defined customizations of the OS desktop environment and applications.
  3. Software Installation And Maintenance allows you to install, configure, repair, or remove applications, service packs, and software upgrades on a user’s computer without actually having to visit the computer. You have two options to use with applications—assign and publish. Assigned applications appear to the user as if they’re already installed on the computer; however, the software doesn’t actually install until the first time the user selects it. Users install published applications through Add/Remove Programs in Control Panel. Both published and assigned applications follow users or computers, which means that the applications are available on any computer to which a user logs on.

Active Directory (AD) and Windows 2000’s group policy features provide the foundation for implementing IntelliMirror in Windows 2000. IntelliMirror provides enterprise-wide desktop Change And Configuration Management through policy-based management. Although most features of IntelliMirror can be applied through group policy and AD, these technologies are not necessary for every IntelliMirror feature. Most of the features can also be set on the local level or through local policies. Some IntelliMirror functions, such as offline folders, don’t even require local policies to be set. You need only for the Windows 2000 Professional client to have access to a server supporting the Server Message Block (SMB) protocol. These features allow you to use IntelliMirror based on the needs of your organization.

An additional feature of Windows 2000 called Remote Operating System Installation is commonly lumped into descriptions of IntelliMirror. Although this is not part of IntelliMirror, it uses many of the technologies employed by IntelliMirror and is part of the Change And Configuration Management functionality available with Windows 2000. Remote Operating System Installation and how it relates to IntelliMirror will be covered in upcoming Daily Drill Downs.

Group policy and IntelliMirror
IntelliMirror provides change and configuration management through policy-based management, which is the use of policies to define the settings and capabilities of a user or a computer. These policies can either be local policies or group policies. As you can probably guess by its name, a local policy is set on a local computer, whereas group policy is configured and affects groups of users or computers through the AD. Through group policy, IntelliMirror can help centralize and simplify change and configuration management.

Group policies allow you to centrally apply standards on groups of users and computers rather than individually configuring each computer and user object. A group is considered a collection of user and computer objects stored in AD. Once group policy is applied, the system maintains that state without further intervention. For more information about group policies, see the Daily Drill Down “Understanding Windows 2000 group policies.”

User Settings Management
Users can frequently transition between stand-alone computers and networked computers in the course of doing their jobs. Because IntelliMirror uses group policy and AD to store all important user settings, the user’s data and settings follow him or her without regard to the connectivity state. For example, laptop users can have the same environment when they’re connected to the network or traveling.

A user’s personal environment is stored on network servers and can be synchronized to offline locations on the local hard drive. This is transparent to the user. A user can log on to any computer and have access to his or her own data and documents, preferences, and applications without having to understand what’s happening behind the scenes.

Users often customize the style and default settings of their computing environment to suit their needs, work habits, or artistic temperament. Of course, there are times when you might not want users to make changes to their environment, so you grant or deny them that ability. In such cases, you can establish settings to customize and control users’ computing environments, enforcing such things as a corporate background on all desktops. IntelliMirror gives you the power to apply settings to both users and computers, including:

  • Internet Explorer favorites.
  • Outlook Express address books and mailboxes.
  • The visibility of the Run command in the Start menu.
  • The visibility of items in Control Panel.
  • Temporary information such as the user’s personal Internet Explorer cache.
  • Which folders/files can be marked for offline use.

When IntelliMirror manages user settings, it uses group policy to ensure that only vital user and administrative settings information is retained. Temporary and local computer settings remain dynamic and regenerate as required. This minimizes the amount of information that must be stored and transferred across the network while still allowing users to have a similar experience on any computer they log on to.

User Data Management
Desktop backgrounds and themes are fun, but the actual data the user needs is more important. Because IntelliMirror stores the data in specified network locations while making it appear local to the user, user data can also follow the user whether the user is online and connected to the network or offline and in the stand-alone state.

User data can follow users manually, on a per-user basis, and through the use of group policies; however, the most popular method is to redirect specific user-data folders such as My Documents or Favorites to a network location and set the location to be available for offline use. Then, when a user saves a file to the My Documents folder, the save actually occurs on the network. The file is then transparently synchronized back to the local computer.

In this way, the user never sees what happens in the background. Whether online or offline, the user is unaffected by temporary network outages. When the user saves a file while working offline, the save is made to the copy of the file stored on the local machine. The user might be offline because of a network failure or because he’s running on a laptop in a remote location, but eventually, the computer will reconnect to the network, and the computer will automatically synchronize with the network copy. If for some reason both the network copy and the local copy have changed, a synchronization manager appears that prompts the user as to whether to save both copies or to synchronize against one or the other. Often, the synchronization manager will confuse users who aren’t aware that files are being replicated in the background. In such a case, you can attempt to allay any paranoia the manager causes and walk them through the steps of reconciling the differences.

Software Installation And Maintenance
Applications can follow users or computers in the same fashion as user data. No matter which computer the user logs on to, you can make all of the same familiar applications available to him or her. You can even save the user the time and hassle of running Setup by configuring applications to always be available and functional, using just-in-time installation. If for some reason an application becomes damaged, you can also repair the software. Applications made available in this way are either assigned or published by group policy.

Assigned applications appear on the user’s Start menu and create appropriate file associations in the computer’s registry. To the user, it looks and feels as if the application were already present. However, the application is not fully installed until the user actually runs the application.

When the user attempts to open the application or an associated file, a background Windows service called the Windows Installer makes sure everything an application needs to properly execute exists, including all the necessary files, registry changes, and parameters. If they are not present, the Windows Installer service retrieves and installs them from a predetermined distribution point. Once in place, the application opens.

Published applications appear in the Add/Remove Programs applet in Control Panel. The user then has the discretion to install published applications on an as-needed basis. Installation also occurs when a user or application attempts to open a file that requires a specific published application. This is known as document invocation.

Like assigned publications, published applications should be authored to install using the Windows Installer service. However, group policy-based publishing also supports applications written using the traditional Setup.exe installation method.

If you need to repair a damaged application, application repair works the same as with an assigned application. When you repair the application, the Windows Installer service checks to see if the appropriate files are available. This causes the repair of missing files and settings to automatically take place. For example, if a user deletes a necessary .dll file or even the associated .exe file, the Windows Installer automatically reinstalls these files from the predetermined distribution point so that rather than failing, the application functions properly.

Used together or individually, IntelliMirror features are closely integrated with both the OS and each other. IntelliMirror can provide ease of use and configuration for the administrator while extending better service to users. Using IntelliMirror’s features, you can control and reduce the overall state and cost of distributed computing. Of course, you should only use IntelliMirror if you’ve determined that its features will work right for your users and your network.