The Definitive Guide to Windows Desktop Administration

by Bob Kelly


Get the latest information about desktop administration and learn to lower TCO with this in-depth look at how to manage the Windows desktop. The Definitive Guide to Windows Desktop Administration will provide valuable guidance and real-world examples for creating an efficient desktop administration plan. Bob Kelly, one of the industry’s top Windows management experts, looks at Windows desktop administration from OS deployment to scripting custom solutions.


Chapter 1: Desktop Administration Overview

The latest computers, the fastest network, and the best-rated software can quickly turn from a good investment into a money pit without proper planning and implementation of desktop administration practices. So what is desktop administration? As you’ll discover in this book, desktop administration is the methods and technologies used to deploy, configure, maintain, and track client workstations. It encompasses system deployment, user settings and data management, application management, security, support, and asset management. How you handle these critical facets determines the success of your workstation support. From a small office of 10 machines to a worldwide network consisting of tens of thousands of systems, the desktop administrator must address the same issues.

GartnerGroup studies have found that 82 percent of implemented management systems fail to meet user expectations. The reason is that the expectations of the solutions on the market are often simply unrealistic. There are no point-and-click solutions to deploying new systems or applications. There is no way of automatically backing up and managing user settings and data. Access to reports showing just the asset management, software inventory, or usage metrics you want to see isn’t going to be displayed on your screen. You won’t meet any of these mission critical needs unless time is taken to identify, plan, evaluate, test, and implement the right desktop administration solutions for your organization. As if meeting these mission-critical needs isn’t motivation enough, let’s delve into additional benefits of desktop administration.

Chapter 2: OS Deployment

In the last chapter, we touched on each of the primary areas of desktop administration. In the remaining chapters, we will drill down into each of these topics in much more detail. This chapter covers the first of these subjects, operating system (OS) deployment. The deployment of new systems is the foundation on which the stability of the workstation will be set, no matter what the makeup of that new system—a new computer, a new version of Windows, or simply a new configuration. A poorly built image, a bad script, or poorly researched configuration options can result in wide-scale problems when you consider that all of your systems might reflect these same troubles. In this chapter, we will discuss some best practices and methods for handling the deployment of new systems, including the benefits and drawbacks of each.

Chapter 3: User Profile and Data Management

In the last chapter, we covered the deployment of new systems. With your baseline identified, tested, and deployed, the real challenge of desktop administration comes into play—satisfying your users. Your goal in this area is clear: provide your users with the software they need as well as helpful default settings to ease its use. If a user has to search for an application, configure the application, search for his or her data, then work to identify and install the nearest printer, they will not be productive (or happy) users. Even when users are fairly experienced in the use of Windows, searching for documents and printers can be a real headache. A well-implemented desktop can save users from these speed bumps, reduce Help desk calls, and increase user productivity. In this chapter, we will cover user profiles and various ways you can implement and control them (for an overview, see the sidebar “Group Policy, Scripting, and Third-Party Solutions”). We will also discuss what might be considered the most critical aspect of desktop administration—user data management.

Chapter 4: Application Management

In the last chapter, we covered the deployment of new systems. With your baseline identified, tested, and deployed, you must now work to keep that baseline up to date with the latest updates and new software requirements. Just keeping Windows itself up to date with service packs and a weekly release of hotfixes is enough to make some a little uneasy. Add to this task requests for new software and a constant barrage of updates, patches, and new releases for your existing software base and the need for a planned process and deployment mechanism becomes clear. In this chapter, we will discuss the creation of a process for deployment as well as the various methods available for the automated installation of software (and the benefits and drawbacks of each). Finally, we will cover a handful of the available software deployment systems with a summary of their capabilities.

Chapter 5: Desktop Security

In the last chapter, we covered the packaging and deployment of new software and updates. With your baseline established, user environment customized, and applications and updates rolling, we will address the security options available for maintaining the control and configuration of your network. However, it goes without saying that it is best to have your security policy and enforcement methods well established before the first user sits in front of a computer. In this chapter, we will discuss security policy, tools, things to watch out for, and the benefits and drawbacks of implementing a locked down environment.

Security is a topic that has been steadily moving into the spotlight for the past several years. Viruses, hackers, data theft, and piracy are on the minds of most organizations today. Security is also a very broad topic. As such, we will focus on those issues that cause the most concern to you, the desktop administrator. The first of which is the establishment of a security policy.

Chapter 6: Desktop Support

In the last chapter, we explored implementing security in an effort to help users from inadvertently damaging their systems, to enforce the saving of data to network shares, and to prevent the installation of unauthorized software. However, even with these restrictions in place, you will certainly have desktop problems to contend with. Some of these issues might simply involve a lack of user knowledge or understanding, other problems will be legitimate issues that will require investigation and troubleshooting.

Chapter 7: Scripting Custom Solutions

Even the most robust, all-encompassing off-the-shelf solution cannot provide an answer for every problem you are likely to face. The more complex the requirements of your organization, the quicker you will encounter a need to develop your own solutions—perhaps by extending the capabilities of a management system or utility that you already own. Acknowledging this need, many management solution vendors include in their tools an ability to facilitate custom scripting by providing integration through Common Object Model (COM) automation, application programming interfaces (APIs), and even their own scripting languages.

Scripting and automation are synonymous. If you need to perform the same actions every day, or hundreds of times at once, the need for a utility or script becomes clear. Many command-line tools offer functions designed for use in scripts. For example, suppose you want to reboot several computers; you can use the shutdown.exe utility that has been around for years, but it has a limitation—it accepts only a single computer name as a parameter. Although you no longer have to visit hundreds of machines to reboot them, you will still have to type each individual computer name hundreds of times as a parameter for this utility. However, you can write a script that can read your list of computers and execute the command line for each one. Doing so lets you spend your time writing a script instead of writing out a batch file or typing the shutdown command over and over again:

Shutdown.exe –r –m PC7463
Shutdown.exe –r –m PC3772
Shutdown.exe –r –m PC9283
Shutdown.exe –r –m PC0139

Chapter 8: Asset Management

Asset management is the tracking of technology assets including hardware and software: knowing where they are, who is using them, and how they are being maintained. Asset management is made up of a combination of policies and procedures that provide you with an invaluable view of your desktop systems. Depending upon your environment, asset management may include any or all of the following topics, which we will cover in this chapter:

  • Inventory—Managing and tracking the location and ownership of physical technology assets
  • Software licensing—Tracking and managing software licenses
  • Change control—Administering the changes to your managed configuration