Determining Your Requirements for Configuration Management Technologies
Letzte Aktualisierung: März 2003
Betrifft: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To ensure that your design supports the administrative requirements of your organization, begin by determining your organization’s current administrative practices and the existence of any administrative boundaries, technical or political, that might impact the design. To determine your specific administrative requirements, you can ask a number of questions about the current configuration management tasks and methods, document the responses, and collect data. This will help you define the goals of your configuration management infrastructure.
Evaluate the administrative tasks you currently perform when installing operating systems, managing user settings and data, computers, and software distribution.
Operating System Installations
Assess how your organization manages operating system installations and upgrades, including the following:
Number of operating system installations that are performed per month
Frequency of operating system upgrades
Time to install or upgrade a client computer
Automation processes used to reduce the time required for installations or upgrades
User Settings and Data Management
Managing user settings requires that you assess the levels of control users need to have over their environment and how user profiles are stored. If a policy is currently in place, determine the business requirements it meets.
When you examine the organizational requirements for user data and settings management, determine whether a different strategy can improve user productivity and reduce the need for IT intervention.
Managing user data requires that you consider which configuration management technologies can be implemented to improve the process of managing user data. To do this, document your requirements for the following:
Backup procedures for user data
Types of users who regularly use more than one computer and ways that improved data access can enhance their job performance
Amount of time and money spent recovering and recreating data when hardware or software problems cause a computer failure
Potential amount of lost revenue to the organization if a catastrophic loss of user data occurs
Need for users to take server-based data with them off site. Mobile and remote users have different requirements due to the transient nature of their network connections and distance from support staff.
Computer Settings Management
Analyze the administrative tasks you currently perform to manage computer settings, such as security and network configuration settings. You need to ensure that you provide appropriate, secure computer configurations based on the business requirements of your organization. You should evaluate issues such as user authentication, access to resources, and network settings.
Authentication and access to resources Determine how users are currently authenticated to the network and their computers, what resources users are permitted to access, and to which groups they belong. By using Group Policy, you can define security settings to manage multiple computers. You can create a security policy by importing a security template to a Group Policy object. Security settings include options for administering the following: account policies, local policies, Event log settings, membership in restricted groups, startup and permissions for system services, and registry and file system access control list (ACLs) permissions.
You can also specify policy settings for IPSec, software restriction policies, public key policies, and wireless network (IEEE 802.11) configurations.
Administrative rights requirements Determine whether the users have to configure and support their own computers. For example, users who have to provide their own support (such as users who use portable computers) might require administrator rights on their computers. Other high-performance users, such as developers, might also need to use administrative rights.
Interoperability in mixed server environments Determine the type of systems with which the users’ workstations need to interoperate, such as Windows NT 4.0 servers, UNIX server message block servers, or other types of servers. To support interoperability with older systems means that some security settings you might use in a pure Windows 2000 environment must be relaxed.
Network settings Determine whether you need to set up specific network settings on a per-computer basis — DNS or proxy settings, for example.
Scripts Determine the types of scripts to use when a computer starts or shuts down. You can use both VBScript (.vbs) and JScript (.js) scripts.
Internet Explorer maintenance To manage Internet Explorer settings for computers, you can use Group Policy for the following: security zones, proxy settings, controlling the installation of Internet Explorer components by users, and displaying or hiding the Internet Explorer splash screen.
Users privileges on the local computer Establish whether a user, or set of users, should be a member of the Users, Power Users, or Administrators group.
Typically, for security purposes, it is not recommended that users log on to their computers with administrative credentials. If users need to perform administrative tasks on their computer, the users can use the Run as command to perform such tasks.
Evaluate the current methods your organization uses for deploying and managing software throughout the software lifecycle. Include the following considerations:
How applications are deployed, whether the methods used are adequate, and whether the software distribution is too wide in its scope.
How applications are used, and the common support issues that arise.
How often applications are upgraded, and how upgrades are performed.
How applications are removed, and whether full removal is achieved.
For more information about managing configurations by using IntelliMirror technologies, see the following chapters in this book:
"Designing a Group Policy Infrastructure" for information about deploying Group Policy to manage groups of users and computers.
"Implementing User State Management" for information about managing user data and user settings.
"Deploying Security Policy" for information about managing security settings.
"Deploying a Managed Software Environment" for information about using Group Policy to deploy software.
After you identify your business needs, you can determine which features are most useful for your organization.