Scripting Without Really Scripting

Desktop Authority helps you automate desktop management, even if you don't know the finer points of scripting.

When it comes to automating desktop management and standardization tasks, there's a "holy grail" that many seek, but few find. Exquisitely crafted arrays of batch scripts can help get you over some hurdles, but how many companies can afford dedicated scripters who can write, test and update these scripts? And how do administrators provide accurate automation rules for a constantly changing sea of computers and environments?

There's a pressing need to standardize the user experience so you can better mitigate problems. You have much more centralized control over servers these days, but centralizing control of the user experience can be a daunting prospect. Often, the only answer is to wing it and try to force users into submission and pray to the powers that be for the blessing of standardization. Or you can turn to a tool like Desktop Authority to help resolve your desktop management woes.

Point, Click and Script
Desktop Authority helps you simplify and standardize desktop management tasks through an intuitive and feature-rich interface. You're essentially building an intense array of batch and shell scripts, but instead of using WSH, Perl or KiXtart, you just point, click and build. You don't have to master the scripting language to do the job. Desktop Authority does all the heavy lifting.

Desktop Authority does its magic by taking over the login script. It then loads its client and processes the complex array of scripts it has previously built under your direction. Under the hood, Desktop Authority runs the KiXtart scripting language. So if you're familiar with that language, you can further customize your scripts.

Installing Desktop Authority is simple, although you should install it on a machine with which you can build profiles. Then target a Domain Controller for a place to access NETLOGON. Configure the accounts for which you want to use Desktop Authority, and that's it.

Desktop Authority is designed to take advantage of Windows replication, so you get a single master approach to script management. If you want to use the Remote Control features, you can initiate a push install to set up a service quite easily.

REDMOND RATING
Documentation 30%
7
Installation 10%
9
Feature Set 40%
8
Performance 10%
8
Management 10%
8
Overall Rating:
7.8

——————————————
Key:
1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional

Control with Confidence
As some of you have no doubt experienced, dealing with the Windows firewall in conjunction with Windows XP SP2 can be a painful experience. Group Policy gives you control of the Windows firewall, but it's somewhat of an all-or-nothing venture.

Desktop Authority helps you control what the firewall does by opening and closing ports based on connection type, operating system and machine class. This flexibility is particularly helpful when dealing with mobile users. Because Desktop Authority runs as a login script, its settings come in as a pull operation. This is important because the firewall can stand in the way and block external "push" configuration tools from working.

One of the things I particularly liked about Desktop Authority was the Validation Logic. You can essentially set up a series of Boolean logic operators that specify whether or not to run a profile or configuration element. For example, you could set a rule that says, "Don't connect any of my network drives when I log in with my Windows XP Tablet PC across the VPN." By stacking individual profiles, you can create unique combinations limited only by your imagination.

Arguably, the two biggest time killers in any IT pro's day are setting up Outlook profiles and resolving configuration issues. Thankfully, Desktop Authority can configure Outlook settings on the fly (see Figure 1). That means no more having to run around configuring e-mail settings for individual computers.

Figure 1. Using Desktop Authority to configure Microsoft Outlook profiles can be a huge time-saver.
Figure 1. Using Desktop Authority to configure Microsoft Outlook profiles can be a huge time-saver. (Click image to view larger version.)

As far as resolving configuration issues, most help desks these days couldn't live without some sort of remote console tool, so you can "big-brother" your way into your users' environment and check in on them whenever they have a problem. If you don't have SMS or a tool like it in place, though, Desktop Authority can certainly fulfill that task. That's one of the best ways to use it to tangibly improve TCO.

Count the Cost
One of my biggest concerns about Desktop Authority was ROI. For a 500-to-1,000-node network, you can expect to pay about $20 to $22 per client (no cost for servers), or $10,000 to $20,000 for the entire, first-time Desktop Authority rollout.

To assess whether the product is worth the price, you first need to take a hard look at how your organization fields calls related to the user environment. According to research firms like Gartner and others, a help-desk call can cost about $20 to $30. For our sample 1,000-node network, that's about $65,000 per year if the help desk is taking 10 calls a day.

Up Next: Desktop Authority 6.5
Calling the latest version its "enterprise security release," ScriptLogic just released Desktop Authority 6.5 as this issue went to press. The new version includes:

Spyware Filtering: The new version will detect and remove spyware.

Patch Distribution: Patch deployment and management helps close security loopholes.

Permission Control: You can now proactively establish access policy for files, folders and registries.

Firewall Management: New firewall controls improve file and printer sharing, custom scopes and blocked program notifications.

Inactivity Timers: You can log users off, execute after-hours scripts or shut down after a set period of inactivity.

Secure File Shredding: You can permanently delete files (with no possibility of data recovery) in accordance with Department of Defense specifications.

Logoff Operations: Perform certain file operations at logoff like deleting temporary files or scanning for certain applications.

If the calls are centered around the user environment—as many help-desk calls are—Desktop Authority just might pay for itself in a year if you can drop your daily call rate from 10 to six or seven. By leveraging the Remote Control feature in Desktop Authority, you can help reduce both the number and length of individual calls.

Let's say you have a Level II Network Admin earning $60,000 per year, running around configuring all 1,000 of your workstations. If he can configure four workstations an hour, you'll be buying 250 man-hours at about $7,200, saving nearly $13,000. Based on this example and Desktop Authority's pricing scheme, the cost savings kicks in when you're buying 700 man-hours or more. That would be nearly four months configuring workstations.

Those numbers are in no way intended to provide a cost/benefit analysis for your network. They're just two fictitious scenarios. You need to take note of how much customization and automation you plan to introduce into your operating model. I'd strongly suggest you run some realistic TCO and ROI numbers before rolling out this product, also accounting for any staff changes or re-assignment you might anticipate as a result.

Desktop Authority is feature-rich, and will quickly give you the user experience control you'll need to cover your workstations—there's no doubt about that. It's powerful enough to be a standardization tool for your entire network, despite any level of configuration complexity you may require.

Keep the numbers in mind, though. Do your cost-benefit analysis and if the ROI shows positive for your organization, go for it. You'll love what Desktop Authority can do.

Featured

Most   Popular