Product Reviews

Take Control

Desktop Authority exerts the maximum level of control with a minimal amount of effort.

Desktop Authority 7.5
Documentation 25%
Installation 25%
Feature Set 25%
Management 25%
Overall Rating:

1: Virtually inoperable or nonexistent
5: Average, performs adequately
10: Exceptional

You don't have to be a master scripter, a Group Policy god or sport a black belt in registry manipulation to effectively lock down your desktop configuration. If you're a mere mortal like most of us, and the thought of scripting in VBScript makes you shudder, then ScriptLogic's flagship Desktop Authority will make an excellent addition to your quiver of admin tools.

Desktop Authority has been around for quite a while and has been repeatedly recognized as a top-quality tool for centralizing workstation configuration control. Whether or not your operating system supports Group Policy, Desktop Authority does its magic through the log-in script. It's typically installed on a Domain Controller and leverages the NETLOGON share of the Windows domain to replicate its configuration through your domain's log-in scripts.

Where Desktop Authority excels above and beyond simple Group Policy is its ability to handle multiple profiles for a user or computer based on a rich set of validation logic. Group Policy has a lot of functionality when it comes to configuring a particular computer or user, but that determination is usually based strictly on membership in an organizational unit (OU). Since an Active Directory object can only be present in one OU at a time, it's difficult to apply any form of conditional logic.

The logic in Desktop Authority's profiles means you can apply a policy configuration based on more parameters than mere OU membership. For example, need to apply a desktop-level lockdown to laptops, but only when they're connected to the wireless network? Create a profile based on the hardware chassis type and connected network. If the client configuration matches that profile at log-on, then it will process the lockdown.

With Desktop Authority 7.5, you can have as many as 24 possible tests connected with Boolean operators (think "or" and "and") to build the profile. Once you construct the validation logic, you can control 36 separate configuration classes through Desktop Authority. For example, you can enable reporting on workstation inventory, health, patch compliance and overall activity to run on-demand or be e-mailed to anyone who needs that information on a set schedule. Desktop Authority also has several remote assistance features to let technicians look over the shoulder of any of your users who may need a helping hand.

Figure 1
[Click on image for larger view.]
Figure 1. With USB/Port Security, you can selectively disable USB hard drives while continuing to allow other types of media.

That New Software Smell
ScriptLogic refers to this particular update as "the Desktop Lifecycle release." The company is positioning its extended product line as a cradle-to-grave solution for initial provisioning on new workstations, ongoing operational management and eventual decommissioning. It has added four specific features to the core product:

  • The ability to lock out USB and other removable storage devices
  • Improvements to software deployment
  • A new operating system imaging solution
  • The much-desired ability to refresh a workstation's configuration at times other than log-on and log-off.

While previous versions could pull inventory and only configure remote systems at log-in and log-off, this release lets you refresh a workstation's configuration at preset intervals. This is similar to the refresh interval for Group Policy, but is defaulted to a 60-minute interval.

Severing the product's exclusive tie to the log-in script significantly enhances its utility. You can now refresh configurations on systems that don't regularly log on to the network. If some of your users prefer to remain logged in with their workstations simply locked (you hope) rather than logged out every night, this feature will come in quite handy.

With the physical size of storage devices getting smaller, the risk of data theft as an inside job is greater. Heck, USB-connected drives are getting to the size now where a disgruntled employee can pocket a hard drive big enough to steal a company's entire intellectual property set.

What's Next

Desktop Authority version 7.6 is coming up within the next couple of months. The new version lets you:

• Manage Vista and non-Vista platforms from one console with common security and configuration policies

• Centralize IE and Office management to ensure a consistent user experience

• Manage Vista's User Access Control to mitigate compatibility issues and ensure a smoother rollout

In the face of these types of threats, having a cohesive policy to protect data against theft is critical. Desktop Authority incorporates policy-based lockdown that lets you identify and restrict specific types of removable storage per profile. If your desktop users need to use their CD burners but you want to lock out USB thumb drives, you can.

Desktop Authority has long touted its ability to install, uninstall and ultimately manage an environment's MSI-based software from the network administrator's lofty ivory tower. This version lets you package editing tools to customize and test MSI installations. With Desktop Authority MSI Studio, you can edit, customize and repackage vendor-supplied MSI installations to fit your environment. This process lets you add environment-specific configurations to your software and enable it for a fully silent installation.

What you gain here is the ability to simulate a package installation on a remote computer in order to validate the files and registry keys overwritten by the package. Also, the new simulation capabilities let you look for conflicts between the new package and any existing software on the computer. These new testing capabilities further ensure that any software deployment proceeds smoothly.

Finishing out the "Desktop Lifecycle" components are the new Image Center features. These features let you deploy operating system images with Desktop Authority. Functioning in a relatively similar fashion to other vendors' solutions for image deployment, Image Center lets you generate and deploy standardized core operating system images. You can then deploy these images to workstation hardware either directly through bootable media, over the network using Microsoft's RIS or via the supplied PXE server.

If you're already using Desktop Authority in your infrastructure, this additional image deployment feature coupled with the other software deployment components basically provides an end-to-end workstation provisioning solution. The only thing the image deployment components seem to lack is the ability to install device drivers other than those mass storage and hardware abstraction layer pieces you'd need to boot the workstation.

Fitting In
Where Desktop Authority truly elevates itself is in providing a centralized and easy-to-use interface for building, enabling and monitoring all these system configuration capabilities. You could use a mix of scripting and policies, but doing so requires some high-level mojo. That knowledge and experience takes time to develop and you would still have to manage it from a cumbersome list of interfaces. Using Desktop Authority, you can establish easy, auditable and repeatable administration with a minimum of strain on your brain.

About the Author

Greg Shields is Author Evangelist with PluralSight, and is a globally-recognized expert on systems management, virtualization, and cloud technologies. A multiple-year recipient of the Microsoft MVP, VMware vExpert, and Citrix CTP awards, Greg is a contributing editor for Redmond Magazine and Virtualization Review Magazine, and is a frequent speaker at IT conferences worldwide. Reach him on Twitter at @concentratedgreg.


comments powered by Disqus

Subscribe on YouTube