djhawthorn
Technical User
Our current setup
I am part of a small team that manages ~750 machines (almost all IBMs; desktops, servers, laptops) across around 90 sites.
About 60% of the sites run their own seperate Active Directory domain (with upto 35 machines per site), the remaining 40% are smaller sites running only a workgroup scenario (with upto 5 machines per site). There are no trusts between any of the domains. Each site is a seperate entitiy, and this is a major consideration when reviewing potential products.
All the sites are linked via a secure WAN; with a central, single-point-of-entry gateway to the internet (firewalled, monitored, controlled).
We try and maintain an SOE across all machines; their configuration is basically the same, and so we use Norton Ghost heavily to clone images.
All machines are centrally managed for AV, and semi-centrally managed for patch management with SUS.
All the servers run a pcAnywhere host, all the client machines run NetMeeting for remote control support.
There are no local IT staff at any of the sites - all support is done remotely, with on-site visits where required (though this is not easy - some sites are inter-state or in country towns).
All users logging on have administrative access to the local machine, except for the domain controllers themselves, where the user has limited access.
All machines run a logon script, which in turn runs an 'AutoProcess' VBScript engine, which looks for and runs any scripts we deploy from time to time to aid in automation of administrative tasks.
What we are looking for
We are looking for software (free or at-cost) to provide one or more of the following items:
- Software Deployment
- Auditing (Hardware and Software)
- Remote Control (of all machines)
- Patch Management
At the moment we have the above items in limited fashion - for example I can audit the machines using a VBScript (as we have done) and get back their hardware stats - but we have no way of knowing about rogue PCs not running the logon script. SUS is great for deploying patches; but you wouldn't know if a machine wasn't picking up updates. So we are looking for better solutions.
Just looking at remote control packages, we are seeing at least 20 different capable products out there, which makes my job to report on viable vendors a living hell by the time I cover all four categories
.
Has anyone had any experience on packages that do any or all of the above, that would recommend their choice of product?
Basically we are looking for:
Software deployment
- The ability to build templates, and within that:
--- Report on discrepancies / machines that don't meet the template
--- Enforce templates (add/remove software that doesn't exist per the template)
- The ability to add/update or remote packages or products like Adobe Acrobot, MS Office etc, to select or all PCs/or on a per-template basis
Auditing
- The ability to scan a network and find all plugged in devices, interrogate them, find out what they are etc.
- Hardware auditing (machine specs, serial numbers etc)
- Software auditing (what's installed, license management etc.)
- The ability to centralise reporting of audited machines
Patch Management
- Centralised reporting on what machines need what patches
- Patching of only Windows security and MS Office patches
- Push-technology is preferrable, though not essential
Remote Control
- Ability to lock out the remote keyboard, mouse, and preferably blank the screen
- Scanning of subnets to find available hosts -- being able to scan remote subnets would be especially useful
- Being able to group hosts into different groups or categories
- File transfer ability is preferred
General
Given the large volume of PCs across so many sites - some of them interstate and all have no local IT staff - we have to take in to consideration the following:
- Deployment to client machines has to be relatively easy (batch/automated is the only solution for us - we can not affort the time to install software manually to 750 machines)
- Centralisation of administration is critical - to a central server back at the main office where possible; to their local server at absolute least.
- Ease of configuration (preferably command-line or registry hack) is important - anything scriptable with VBScript or the tools built-into the product is preferred.
I greatly appreciate any feedback people can give with products they could recommend, have used, or would consider a viable solution for the above setup.
![[auto]](/data/assets/smilies/auto.gif "[auto] [auto]")
MCSE NT4/W2K
I am part of a small team that manages ~750 machines (almost all IBMs; desktops, servers, laptops) across around 90 sites.
About 60% of the sites run their own seperate Active Directory domain (with upto 35 machines per site), the remaining 40% are smaller sites running only a workgroup scenario (with upto 5 machines per site). There are no trusts between any of the domains. Each site is a seperate entitiy, and this is a major consideration when reviewing potential products.
All the sites are linked via a secure WAN; with a central, single-point-of-entry gateway to the internet (firewalled, monitored, controlled).
We try and maintain an SOE across all machines; their configuration is basically the same, and so we use Norton Ghost heavily to clone images.
All machines are centrally managed for AV, and semi-centrally managed for patch management with SUS.
All the servers run a pcAnywhere host, all the client machines run NetMeeting for remote control support.
There are no local IT staff at any of the sites - all support is done remotely, with on-site visits where required (though this is not easy - some sites are inter-state or in country towns).
All users logging on have administrative access to the local machine, except for the domain controllers themselves, where the user has limited access.
All machines run a logon script, which in turn runs an 'AutoProcess' VBScript engine, which looks for and runs any scripts we deploy from time to time to aid in automation of administrative tasks.
What we are looking for
We are looking for software (free or at-cost) to provide one or more of the following items:
- Software Deployment
- Auditing (Hardware and Software)
- Remote Control (of all machines)
- Patch Management
At the moment we have the above items in limited fashion - for example I can audit the machines using a VBScript (as we have done) and get back their hardware stats - but we have no way of knowing about rogue PCs not running the logon script. SUS is great for deploying patches; but you wouldn't know if a machine wasn't picking up updates. So we are looking for better solutions.
Just looking at remote control packages, we are seeing at least 20 different capable products out there, which makes my job to report on viable vendors a living hell by the time I cover all four categories
.Has anyone had any experience on packages that do any or all of the above, that would recommend their choice of product?
Basically we are looking for:
Software deployment
- The ability to build templates, and within that:
--- Report on discrepancies / machines that don't meet the template
--- Enforce templates (add/remove software that doesn't exist per the template)
- The ability to add/update or remote packages or products like Adobe Acrobot, MS Office etc, to select or all PCs/or on a per-template basis
Auditing
- The ability to scan a network and find all plugged in devices, interrogate them, find out what they are etc.
- Hardware auditing (machine specs, serial numbers etc)
- Software auditing (what's installed, license management etc.)
- The ability to centralise reporting of audited machines
Patch Management
- Centralised reporting on what machines need what patches
- Patching of only Windows security and MS Office patches
- Push-technology is preferrable, though not essential
Remote Control
- Ability to lock out the remote keyboard, mouse, and preferably blank the screen
- Scanning of subnets to find available hosts -- being able to scan remote subnets would be especially useful
- Being able to group hosts into different groups or categories
- File transfer ability is preferred
General
Given the large volume of PCs across so many sites - some of them interstate and all have no local IT staff - we have to take in to consideration the following:
- Deployment to client machines has to be relatively easy (batch/automated is the only solution for us - we can not affort the time to install software manually to 750 machines)
- Centralisation of administration is critical - to a central server back at the main office where possible; to their local server at absolute least.
- Ease of configuration (preferably command-line or registry hack) is important - anything scriptable with VBScript or the tools built-into the product is preferred.
I greatly appreciate any feedback people can give with products they could recommend, have used, or would consider a viable solution for the above setup.
MCSE NT4/W2K