BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The five key processes of inventory management, monitoring, software deployment, patching and security management may be implemented in different ways. Small organizations have different needs than large enterprises, and the range of desktop management tools reflect these differences.
Many businesses simply don't require enterprise-scale management tools such as Microsoft System Center. One desktop management option for small and medium-sized businesses (SMBs) is Microsoft Intune. The Intune client can only run on Windows 8.1, but the tool itself manages other Windows operating systems and even Apple's Mac OS X, Linux and Unix.
Perhaps one of the biggest benefits for small operations is the lack of hardware infrastructure requirements; Intune runs entirely in the cloud. Administrators use the central console to apply data security policies by device or individual user license. Policies also include controls for software updates and Windows firewall settings. There are additional controls for Microsoft Office, such as an automatic approval setting for critical updates.
Desktop Central is a jack-of-all-trades when it comes to desktop management. It is available in four editions that range from targeting SMBs to enterprises. The free edition, for example, provides full functionality for up to 25 desktops and five mobile devices.
There are controls for software patching, distribution, licensing and even device power usage via the Web-based control panel. Desktop Central includes USB device control (an important security inclusion), in addition to CD-ROM, Bluetooth and printer restrictions. The management console allows you to set USB restrictions to both individual users and machines.
The Dell Desktop Authority Management Suite includes a healthy selection of user-based controls. User restrictions are set without the use of logon scripts. Instead, each user environment can be tailored to a particular user's needs.
Administrators can set the different configurations by identity, role, operating system, device or connection type. Each configuration can then set controls for registry edits, proxy settings and driver configurations. In addition to controlling the accessible apps, admins may set USB, printer and general port access based on identity. There are more than 30 management settings that can be changed while a device is being used, streamlining the management process.
Client Management Suite is part of Symantec's larger Endpoint Management family of products and services. They are all licensed separately but complement one another well; in fact, the IT Management Suite is offered as an add-on to the Client Management Suite.
The Client Management Suite automates functions such as software deployment and patch management. It provides a custom reporting tool with drag-and-drop functionality for creating your own report template. Client Management Suite is supported for use on Windows, OS X, Linux and Unix. The suite always uses an encrypted connection when communicating with devices, via a demilitarized zone gateway, even when not communicating with a device through a virtual private network.
Desktop management best practices
A successful desktop management initiative should begin with policy, informed by user roles and responsibilities. For example, employees in similar roles and with similar responsibilities will likely require similar applications and access controls.
Employ the discovery features of desktop management tools to inventory desktop assets. Use monitoring tools to understand the demand load and performance profiles of these devices. This information is especially useful for planning and budgeting.
Desktop administrators should coordinate monitoring activities with security administrators. Desktops may provide useful information for some security operations. For example, if there were a security breach, a desktop log may contain useful information for forensic analysis. Security professionals may also depend on some desktop management features to enforce security policies, such as disabling the use of USB ports among employees with access to highly sensitive data.
Assume desktops may be relatively dynamic resources. No matter how well desktop administrators might anticipate the needs of users, those needs can change. Vulnerabilities will be detected. Users will want new versions of applications. Employees will join and leave the company. A centralized management platform can provide a single point of reference and data collection to enable a rationalized, efficient management scheme.
Desktop management may not get the press coverage of mobile device management or look like a silver bullet for inefficiencies in IT infrastructures, but it is an important and fundamental process of a more secure and successful operation.
Virtual desktop management tools
New tools make unified endpoint management a reality