In many organizations, a great deal of time is invested in the installation, maintenance, and upgrade of PCs. This investment of time has caused the total cost of ownership (TCO) for PCs to become a dreaded concept among IT managers. Everyone knows that there are tools available to help manage desktops, but with shrinking budgets, it is difficult to find ways to change a reactive desktop management strategy into a proactive one.

Sometimes a simple change of approach, coupled with the right tools, can make an impossible task tolerable. In the case of desktop management, Microsoft has already given you all the basic tools that you need to succeed. In this article, you will learn about tools you probably already have but were unaware of that can help you move away from the resource-intensive PC management practices that you have been living with for the last few years.

Deliver desktop images
Symantec’s Ghost product is the accepted tool for putting an image down on new systems. It can substantially reduce the amount of time needed to build a new system. Unfortunately, for some organizations, the cost of Ghost can be prohibitive. If that is the situation in your case, there is a good solution. If you are running Active Directory in your organization, you can use the built-in Remote Installation Services (RIS), as well as the automated installation tools built into Windows NT, Windows 2000, and Windows XP, to push basic installations down to desktops quickly and painlessly. Of course, there are some very nice features found only in Ghost; however, the free RIS tools are a good first step for organizations that need to improve their imaging processes.

Deliver software and service packs
Installing software in an organization can be a full-time job because of the updates that must be applied to every workstation throughout the entire organization. In many organizations, perhaps yours, updates often do not happen until a user complains. The fact is that in many organizations there just isn’t enough time to get this job done. But there is a workaround for this problem as well.

Built into Active Directory is the ability to force software packages down to users or to allow them to install software from a central repository that you maintain. Assigning the software, as the process is called, forces the computer to receive the software. This is a great way to deliver operating system service packs to all of your organization’s computers.

Although assigned packages must be Microsoft Installer (MSI) files, almost every Microsoft application and service pack, including Windows service packs, is delivered with an MSI file. For those applications that are not delivered as an MSI file, you can purchase an inexpensive program such as Wise Package Studio that can repackage your updates into MSI files.

If you are willing to allow your customers to choose from a menu of applications, you will not need to create an MSI file but rather a small text file called a ZAP file. The file contains enough information to get the EXE-based installation program started. Unlike the tool used to create MSI packages, these are already in your environment and can substantially reduce the amount of time it takes to manage the deployment of new software.

Deliver critical updates
It seems that not a week goes by that I don’t hear about the latest virus or exploit for Windows desktops. Managing the deployment of updates to address those exploits can sometimes be overwhelming. Of course, you can have your staff run around to each PC, running Windows updates on each machine and following the prompts until the updates are complete.

Another approach is to use the Automatic Updates feature that is included with Windows 2000 Service Pack 3 or Windows XP. By setting the Automatic Updates feature on all client machines, they will receive critical updates but not Windows updates or driver updates. If bandwidth becomes a problem, or you are concerned about controlling the updates yourself, you can use Microsoft’s Software Update Services to deliver updates from a local server. With Software Update Services, you still use Automatic Updates, but it installs from the local server and you can control which updates can be installed.

Manage in groups
Windows 2000 with Active Directory allows you to control virtually every aspect of the user experience through group policies. In addition to being able to control the settings, you can prevent users from changing settings that could create potential support issues. Once an option is set with a group policy, the options are grayed out, even if the user attempts to change the options.

Controlling basic settings, such as Internet Explorer connection settings, can prevent your users from accidentally changing options that will prevent Internet Explorer from working for them, thereby generating calls to your help desk. By using administrative templates, you can create your own group policy objects that can control any item in the registry, including registry settings for your internally developed applications.

Tips from the field
There are many tips out there to help with desktop management issues. What have you come across in desktop management solutions that works wonders for your organization? Just click the link below to start a discussion.