ScriptLogic Desktop Authority 7.5

Managing and supporting large numbers of desktops is a serious challenge. To simplify the process, most companies have resorted to a standard desktop where they control what applications are deployed. This reduces the support overhead and keeps control of licensing.

IT Pro Verdict

DA is a very comprehensive package that goes a long way beyond what we expected. While this was exciting it did become very obvious that this is most definitely not a tool for the fainthearted. Any attempt to provide this to an inexperienced member of the support team could cause complete chaos.

If might seem simple to have a single desktop or server deployment package that can be used on demand. While there are some products that apply to the whole company, there are others that are limited to departments or even project teams. With virtual working and an increase in collaboration those teams may be spread across multiple sites and even continents.

This problem is ensuring that deployment standards are maintained across the entire range of computing devices. To make this work you need to create a set of master images, maintain and patch those images and ensure that they can be easily and reliably deployed, even when the underlying hardware is different.

Desktop Authority calls itself a "Desktop Lifecycle" product allowing administrators to control and deploy desktops across the organisation. It is more than simply a desktop imaging product as it allows you to micro manage any computer to apply policies across a huge range of options.

Desktop Authority (DA) comes on a single CD with an administrator's manual. Alternatively you can buy online and the download file is just 180MB with an extra 1kb for the licence file. We used the download option for the review.

Installation was relatively pain free although you do have to ensure you have prepared properly. DA requires two accounts just for its own use, one of which must be a member of the Domain Admins group. As these two accounts are required for DA to work, you will need to set the passwords to Never Expire providing this does not breach corporate password rules.

DA is installed onto a server which must be either Windows Server 2000 or Windows Server 2003 and ScriptLogic recommends you avoid installation on the domain controller. We would agree with this. DA starts by installing the 30-day trial licence rather than ask you for the location of your licence file. Once the installation is complete, it is an easy job to just point it at the licence file. There is no reason why ScriptLogic could not have provided a browse option so that you could point at the licence file during the installation.

DA is dependent on a number of components within the operating system such as Microsoft .NET Framework 1.1. Any server that has been recently patched may well be running .NET Framework 3.0 and all production servers should be on NET Framework 2.0. If ScriptLogic does not find .NET Framework 1.1 during the installation process it will add it as it doesn't work with later versions. DA will only install on 32-bit servers and this might restrict your deployment options.

To prevent any possible problem with other applications we strongly recommend that you either dedicate a server to DA or install it into a virtual server. This also gets around the problem with 64-bit servers as you can use a 32-bit virtual machine.

If you do not have a SQL Server instance available for DA to use, it will install the Microsoft SQL Server Desktop Engine (MSDE). ScriptLogic have yet to decide whether to replace this with SQL Server Express, a move that we are seeing from other vendors. A really annoying installation problem is that we told DA to install on the applications drive yet it still installed the Modules, OpsMaster directories and the default database on the boot drive without asking. This is just sloppy coding and ScriptLogic needs to sort this out, especially as the database directory can grow quite large. If you notice what is happening, you can redirect the database directory to where you want it.

In order to manage updates and distribution of desktops, DA requires full access to the NETLOGON system share. This should pose no problems. To support users who work from home or remote offices, DA does provide the option of entering a port number for managing traffic across the firewall. You can set this to any port you choose.

It took just over 12 minutes to go through the installation process. Apart from the issues raised above, it was easy, well explained in the documentation and the wizard worked.

Configuring and creating deployment packages was much more challenging. DA allows you to manage over 35 different categories of desktop settings. Without taking a lot of time to carefully plan this, it's very easy to get lost and create something that is almost unusable.

Each computer can have its own profile covering everything from drive mappings, security policies and group policy templates to mail settings for Outlook/Exchange and the location of applications. To ensure that you are deploying to the correct computer you can even specify the name of the computer or just work by computer class, organisational unit or operating system.

Your starting point is to create a new profile for deployment. A profile can be as simple as control of security of USB ports or it can encompass everything that you might want to configure on a particular computer. With DA you get a scripting language that you use to make choices and add conditional logic. Profiles can be chained together allowing you greater granularity of control. This is an extremely useful feature because it means that a single change can be pushed to all computers or just a group without having to modify a large number of profiles.

One huge problem was that we were unable to import a range of existing computers and see how they were configured. Few people are going to start with a blank environment and the ability to import a range of computers, compare profiles and then build a better set of working policies based on current deployments would have been very useful.

It took just under an hour to create an initial profile that seemed to do everything we wanted and then 90 minutes to tune it. If we had been able to import a stable computer and break it down into a series of small profiles dealing with specific things it would not have required the 90 minutes of tuning.

When you want to add things like the spyware removal and USB controls, you need to licence these separately and then download and add them into DA.

This was an exciting package to work with but one that left the desk covered with a lot of paper as we planned out the design of policies. The first couple of attempts changed things that we weren't expecting but that was due to rushing things. Undoing mistakes is easy but it is surely better to provide the ability to avoid the problems to begin with.

This can be achieved through the addition of a simulation tool that would allow you to see the impact of the new policy compared to the existing configuration. Users of DA would very quickly gain an understanding of the impact of what they were doing and be able to create an upgrade process that would then not only deal with the software but could be tied to training of users.

DA allows you to import distribution packages for software and then adjust them for your users. This is very useful and should help to reduce the deployment and support problems for new software. Over time you can adjust these packages to support patches issued by vendors to ensure that you are only deploying the latest fully patched versions. When combined with the ability to control virtually everything else on the desktop this makes for a serious support tool.

There is no question that DA does what ScriptLogic claim. However, ScriptLogic needs to simply some of the processes, add the ability for DA to import existing computers and provide a visual policy simulation tool.

Verdict

DA is a very comprehensive package that goes a long way beyond what we expected. While this was exciting it did become very obvious that this is most definitely not a tool for the fainthearted. Any attempt to provide this to an inexperienced member of the support team could cause complete chaos.

Installation Desktop Authority requires installation within an NT/2000/2003 Domain. Management Desktop Authority's management console is installed onto a Windows 2000 or 2003 Server and can then be run from any Windows workstation. Client Support Desktop Authority supports Windows 9x/ME/NT/2000/XP/2003. Remote Management Remote management can be accomplished using any Java-enabled browser supporting 128-bit encrypted SSL.