Microsoft’s Systems Management Server (SMS) has been around for years, but you don’t typically see a lot written about it. Perhaps the reason is that SMS has long had a reputation for being difficult to configure and work with. Whether or not this reputation is justified is, of course, debatable. Whatever the case may be, Microsoft has seen fit to create a toolkit designed to make SMS 2003 easier to use.

SMS 2003 Toolkit 1 contains tools designed to assist you with client deployment, software distribution management, health reporting, site maintenance, and general troubleshooting. I’ll introduce you to the 13 tools that come in this free download.

IIS Lockdown 2.1 and URLScan 2.5 templates
If you’re running an IIS in your organization, you’re probably already familiar with the IIS Lockdown tool and URLScan. The IIS Lockdown tool is designed to make IIS more secure by disabling unused services and by locking down various IIS features. URLScan, on the other hand, is designed to filter HTTP requests coming into an IIS. The idea is that a hacker could potentially crash an IIS by entering malicious HTTP requests. URLScan gets rid of such requests before they can do any damage.

SMS 2003 Toolkit 1 contains .ini files (template files) for both URLScan and IIS Lockdown. These files are designed to replace the .ini files that ship with the IIS Lockdown tool and URLScan. You can put the altered version of these tools in a shared location and then run them from anywhere on the network.

Policy Spy
Policy Spy is a utility designed to help you troubleshoot problems with SMS policies. Policy Spy is a GUI-based tool that can also be operated in limited capacity from the command prompt. Additionally, this tool can be run against the local server and against remote SMSs (although a few features do not work when used with a remote system).

The basic premise of this tool is that you can evaluate both the user and the computer SMS security policy. If a problem is found, you can correct it or reset the machine or user to a state that uses the default policy. Policy Spy also gives you the option of exporting policy files to an .xml file. You can then import these policies into another SMS.

SMS Trace
SMS Trace, a log file viewer, can display log files that are in SMS or CCM format, and can display text-based log files in ASCII or Unicode format. Although there’s usually nothing too exciting about a log file viewer, SMS Trace has two features that are definitely worth mentioning.

The Merge feature allows you to select multiple log files and then view them as though they were a single log file. This helps you get a comprehensive picture of what was going on with your server at a given time.

The Ignore Existing Lines feature lets you display a list of events. When you enable this feature and open a log file, the log file will appear to be empty. If any new events occur, those events will be displayed, but events occurring prior to opening the log file are not displayed (the hidden events are simply filtered—not erased from the log).

Advanced Client and Management Point Cleaner
As I said earlier, SMS has a reputation for being difficult to use, and this especially comes to light when you’re trying to uninstall an SMS advanced client or management point. The reason for the difficulty is because of the way these two features are integrated into the system. Manually removing an advanced client or a management point involves tinkering with the Windows installer, the registry, the file system, some services, and even WMI. Even if you know what you’re doing, it can sometimes be virtually impossible to cleanly uninstall these features.

This is where the Advanced Client and Management Point Cleaner comes in. This tool greatly simplifies these otherwise complex uninstallations. One of the nice things about this tool is that it can be run behind the scenes without the client’s knowledge. If you don’t mind the end user knowing what’s going on, you can display the uninstallation status on the user’s screen.

Advanced Client Spy
Advanced Client Spy is basically a tool for monitoring software license compliance, although it can also be used as a troubleshooting tool. It allows you to compile a software inventory of advanced clients. Other features include software distribution histories and software metering.

The inventory feature includes such things as the data compilation date, the date of the previous report, major and minor revisions to the software inventory, and even the IDMIF and data discovery records. This tool is so handy that I think it should have been included with the standard release of SMS 2003.

Policy Verifier
The Policy Verifier is a command-line tool used to troubleshoot advertisement targeting problems. This tool can also troubleshoot connectivity issues between the SQL Server hosting the SMS databases and the various SMS management points. The Policy Verifier is particularly useful when troubleshooting policy generation problems, multiple SMS GUIDs for a single client listed in the SMS database, advertisement targeting for computers, security groups, and users, management point connectivity issues, and SQL Server replication issues.

Send Schedule
The Send Schedule tool is actually nothing more than a VBS scheduler. Because the tool is VBS-based, you’ll need a command-line scripting host such as CSCRIPT.EXE in order to run it.

This tool’s purpose is to create a schedule on an advanced client. For example, suppose you notice that several advanced clients haven’t reported an inventory lately. You could create a schedule that forces the clients to report their inventory at a predetermined time. The script can run either locally or remotely.

Management Point Spy
As you probably know, SMS allows you to create various management points that store policies within a management point database on a SQL Server. The problem is that because of the complexity of management points, it can sometimes be difficult to determine whether a management point is working correctly. That’s when you need Management Point Spy.

Management Point Spy is a GUI tool whose sole purpose is to help you determine whether a management point is functional. The tool accomplishes this by sending HTTP requests to the management point and displaying the results for you.

Set Preferred Distribution Point and CAP
One of the challenges of using SMS 2003 is dealing with legacy clients. The Set Preferred Distribution Point and CAP utility allows legacy clients to interface with SMS 2003 more easily. If you have a legacy client that has trouble accessing distribution points, you can use this tool to add an SMS network abstraction layer to the registry. This registry entry points the legacy client in the right direction when it needs to access a distribution point or CAP.

Delete Certificate
In large organizations, it’s common to create an image of an entire system and use the image to rapidly set up new computers. However, if the computer that the image file is going to be made from contains an SMS client, it can cause problems. The problem is that SMS creates a local computer account certificate for each machine and then stores that certificate in the SMS logical store. If you mirror a fully configured system, you’re copying a system for which a certificate already exists, which can lead to trouble when a duplicate machine goes online. As the name implies, though, the Delete Certificate tool gets rid of a machine’s SMS 2003 Advanced Client certificate so that the machine can be imaged.

Patch Management Evaluation
One of the tasks associated with using SMS for patch management is testing the server and client’s configurations. Patches come in different sizes and perform a variety of actions against the client machines. Although one patch might work, another might fail because of a permissions problem, for example.

The Patch Management Evaluation tool is a simple testing utility that performs just about every conceivable action against a client. This allows you to determine if there’s a chance that the client machine could have problems receiving patches in the future. The utility also allows you to benchmark the patch deployment mechanism’s progress.

Delete Group Class
When you create an inventory group in SMS, the SQL database’s schema is permanently altered. If it later becomes necessary to delete a group that you created, the schema modifications are left within the database. You can now use the Delete Group Class utility to delete inventory groups. This tool performs a much better database cleanup than removing inventory groups the old-fashioned way. Furthermore, it prevents you from accidentally deleting a default inventory group that’s needed by SMS.

Transfer SMS ID
When you use SMS for asset management, it assumes that a computer’s identity will never change. If a computer’s identity does change, the computer will become unlinked from its corresponding database records. The records in the database still appear to SMS as a legitimate client (although the records will no longer be updated). This can lead to very inaccurate software metering results. The Transfer SMS ID utility lets you change a computer’s ID without separating the machine from its database records.

End sum
SMS 2003 Toolkit 1 contains a variety of tools that you can use to perform several tasks. Although you may not use these tools on a daily basis, they can be very handy for troubleshooting or preventing various SMS and SMS client-related problems.