"I Can Script That!"

Whenever I'm discussing the various configuration features of Desktop Authority, our Desktop Management solution for Windows-based desktops and laptops, I often am stopped by the "scripting guy" who states that he can do it all with scripting. While 100% true (As there are so many powerful scripting languages today out there - MS' PowerShell, WinBatch, KiXtart, and many, many more) - it CAN be done - the question is SHOULD it be done that way?

Let me put it a different way for those who are keen on scripting by asking a question - how did you get to work today? Most would say "I drove" to which I ask "Why didn't you walk?" Think about it:

• It is less expensive (no need to buy a car in the first place)
  
• There is no cost for maintenance, gas or insurance
  
• You have far more options on how to get to where you're going (through people's yards, jump over fences, etc.)
  
• You don't need to find a good parking spot when you arrive

The obvious answer is "it is too slow to walk" but that's not the root of the reason - it is really about productivity. You are far more productive at work and home if you spent only 30 mins driving each way instead of a good 8-10 hours walking to and from work.

Walking simply isn't a productive enough means of travel in this case.

The same stands true for scripting as your desktop management solution - while you CAN script just about anything a desktop management solution can conjur up, your time is far more precious and can be used on more strategic initiatives than mapping a drive letter for the Accounting Department.

Take a simple drive mapping, but only have it apply to users in the Accounting group, when they log on from a Windows XP machine, from the 10.1.1.0 subnet, and only when they have a specific app installed (assume as defined by presence of the .exe). How long would it take you to script that, sandbox it, test it and put it out into production? I'm going to guess at least (including the testing part) 30 minutes to a few hours (depending on your skill set). With a solution like Desktop Authority, it would be done in the time it took you to answer my question!

So we're back to the driving vs. walking discussion - yes, you CAN script anything, but purchasing and utilizing a desktop management solution does make sense if you are looking for a far more productive means to reach your goal.

And to boot, keep in mind you also drive because it is air conditioned, has music, a place to hold your drink, etc. - basically there are perks in using a car vs. walking. The same is true with Desktop Authority - you are not only purchasing a replacement solution for scripting, you are getting a full Desktop Management solution, complete with software deployment, inventory, reporting, remote management/control, patching, anti-spyware, USB/Port lockdown, role based administration and more.

Walk or drive... it's your choice.

The Need for a Vista Migration Plan

Just read another article on migrating to Vista that underpins the need for a strategy. This article, at Digit Online, speaks of why UK firms are wary to move to Vista.

"The lack of enthusiasm was reflected in the fact that few organizations had a Vista migration strategy in place. The survey found that 78 percent of respondents across all industrial sectors had no migration strategy, with the proportion rising to 80 percent among financial institutions and 96 percent in the retail, distribution and transport industries."

A Vista migration strategy is NOT "slap in the DVD and hit Setup". You need a plan. Read my last post on the DoT not moving to Vista for more on this and the link to our Vista Migration whitepaper.

Will Vista be Costly?

The Associated Press released an article today about how the Department of Transportation will not be migrating to Vista, citing upgrade costs and compatibility issues. I have to believe that most IT shops have these same two concerns: "How much is this going to cost?" and "Will my users be productive once we get there?"

Microsoft has resources available to address some of these concerns:

• An On-Demand Webcast on deployment tools and technologies
• A Hardware Assessment Tool

Microsoft has also provided quite a number of resources on Application Compatibility:

• Application Compatibility Toolkit 5.0 - one of the coolest tools in this kit is the Standard User Analyzer. Remember when W2K came out and you had issues running some of your apps becuase of permissions issues in the registry or file system? You probably (like most) gave the user either Local Admin or Power User rights (whichever worked) to get them running, but never addressed the issue. This was becuase there was no easy way to figure out which reg keys and NTFS permissions were keeping the app from running. Enter in the Standard User Analyzer (SUA) - this tool checks for and recommends which premissions in the registry and file system will need to be changed in order for an app to work. Killer!
• Guidance on "Getting Started" with App Compability

I recently completed writing a ScriptLogic whitepaper, "The Proactive Migration to Windows Vista" in which I not only cover how to migrate to Vista with ScriptLogic's Desktop Management solutions, but also discuss having a proactive mindset towards your migration so that the migration itself is nothing more than moving "Sally's" PC to Vista instead of you spending countless nights and weekends in front of "Sally's" machine post-migration trying to get her environment close to what it was on XP and getting her apps to function.

Even if you have no plans to use a ScriptLogic solution as part of your Vista Migration Strategy, give the whitepaper a read, as it truly gives the migration to Vista a VERY different twist - one where some of the migration actually occurs potentially MONTHS before Vista is ever rolled out.

IT are Gluttons for Service Account Punishment

I recently spoke at a conference about security, and like always, I ask for a show of hands to see how many companies have password policies (e.g. changing the password every X days, etc) and then ask (with the hands remaining raised) how many change the passwords on their service accounts - nearly all the hands drop!

I don't get it - the most powerful accounts (alot are members of the Domain Admins group) in the company and the passwords aren't changed on a regular basis. The reason is, of course, the fact that noone (including me when I was a consultant) wants to manually modify 20 services on each of 80 servers (replace with your own numbers, of course). That's a ton of work. It is far simpler to just assume your passwords are secure.

ScriptLogic recently released Security Explorer 6 which included the absorbing of Service Explorer (which BTW can still be licensed as a "Workstation" license of Security Explorer). The service management functionality in Security Explorer automates the entire service account password headache, reducing the amount of time to literally less than a minute of one's time.

So why am I calling IT a glutton for punishment? Because a solution exists that takes away this pain, and yet IT folks today STILL either ignore the problem or manually address it. 50 licenses of Security Explorer (limited to managing services and tasks on servers only) would only cost an IT shop $200!!!!

As a fellow techie (I've been an MCSE since 94) knowing the pains IT goes through - get a copy of Security Explorer and secure your service accounts.

There should be some "Power" in your Desktop Management

Microsoft put out an article today "Why PCs should get more sleep" which does a fantastic job at making the case for power management for desktop (and laptop) PCs. Microsoft had an independant UK firm - PC Pro Labs - do a study on how much would be saved by implementing power management - about 200 tons of carbon dioxide and about $92/year per desktop! Microsoft has had power scheme management all the way back to Windows 98 (can't remember if 95 had it or not), so the numbers would be as impressive, if not identical.

ScriptLogic has been on this bandwagon since Desktop Authority version 7 (we're releasing version 7.6 within weeks) with both management of Power Schemes for Windows 98-Vista, but also one other facet of power management - shutting down inactive users after business hours. It's one thing to put a monitor in sleep mode during the day, becuase it is easy to bring back to life without disrupting the PC user's productivity. But if you were to put the machine in Hibernation, it would take about as long as booting up the PC where the user's productivity is lowered (well, OK, the hibernation is a bit less than a boot up, but you get my point).

So it makes sense to have one group of settings that balance saving energy with user productivity throughout the business day (as the EPA estimates that a given PC is inactive about 58% of the work day), and a completely different strategy after hours - the EPA estimates that only 36% of all PCs are shut down at night! This is the real energy waster.

So we implemented an Inactivity Timer to monitor keyboard and mouse activity and allow IT to shut down the computer after a specified amount of time during a time range one would assume is after hours.

The result is a true balance of saving energy costs, the environment and users' productivity.

If you'd like to see how much you can save by implementing Power Management on your desktops, try ScriptLogic's Power Management Calculator.

You can also read our Power Management Whitepaper.