Assessing Microsoft Software Management Solutions

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

Microsoft offers several software solutions for your networked users. Your organization might already have objectives and requirements for a software installation and management product. Before you plan your deployment, you must verify those objectives to be certain that you use the appropriate technologies for software deployment.

Group Policy, which is built-in to Microsoft® Windows® 2000 and later operating systems, offers a convenient method for distributing software in your Active Directory® directory service environment, especially if you are already using Group Policy for other purposes, such as securing your client and server computers. However, a Group Policy-based software installation has some basic limitations, including difficulties with scheduling installation, consistently managing network bandwidth, and providing feedback on the status of the installation. If you need to carefully schedule installations, manage network use, perform hardware and software inventory, or monitor installation status, consider using Microsoft® Systems Management Server (SMS). For more information about SMS, see the Microsoft Systems Management Server link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources/.

Using the right solutions can benefit your organization by giving you a centralized, efficient means to perform routine tasks such as updating software. Table 8.1 compares the various software management technologies.

Software installation extension of Group Policy   You can use the software installation extension of Group Policy to deploy and manage software if your organization is small or medium in size, and the following conditions exist:

• You have deployed Active Directory.

• You have determined that Group Policy provides the management features your organization requires.

• You have a solid base of client computers running Microsoft® Windows® 2000 Professional or Windows® XP Professional and member servers running Microsoft® Windows® 2000 Server and Windows Server 2003.

Note

• Your servers do not have to run Windows Server 2003 for you to use Group Policy.

Group Policy can also serve the needs of large enterprises that use other software installation solutions, such as SMS, from the top level across the organization. Consider using Group Policy for distributing software within various groups, such as individual divisions, where you might not need the advanced capabilities of SMS.

Software Update Services   You can use Microsoft® Software Update Services (SUS) to quickly acquire and distribute critical Windows patches to computers in your organization. By using SUS, you can choose which of the latest critical or security patches to download, test them in a company-standard operating environment, and then efficiently deploy the patches to the appropriate computers running the Automatic Updates client.

Systems Management Server   You can use Systems Management Server (SMS) if any of the following conditions exist:

• Your organization is medium or large in size.

• Your users are running operating systems earlier than Windows 2000 Professional.

• You require more advanced capabilities for planning, scheduling, distributing, and tracking software.

The advanced capabilities of SMS include such features as inventory-based targeting, status reporting, server-side and client-side scheduling, multisite facilities, centralized hardware and software inventory, remote diagnostic tools, software metering, software distribution-point population and maintenance, support for Microsoft® Windows® 95, Windows® 98, Windows NT® 4.0, Windows 2000, and Windows® XP clients, and enhanced software deployment features. Additionally, SMS does not require Active Directory. For more information about SMS, see the Microsoft Systems Management Server link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.

Terminal Services   You can use Microsoft® Terminal Services if you have Windows-based desktop applications that require frequent updates, and the users who require those applications are in remote locations and have low bandwidth. When used as a terminal server, a server becomes a Windows application server. This allows the user to run Windows-based applications remotely on the server while only the mouse, keyboard, and display data are transmitted to the local computer. By using Terminal Services, you can offer your users software as a remote service instead of as a local installation package. For more information about using Microsoft® Terminal Services, see "Hosting Applications with Terminal Server" in Planning Server Deployments in this kit.

Table 8.1   Comparing Software Management Technologies

Although all these Microsoft management technologies provide important software distribution capabilities, SMS is the preferred Microsoft software distribution solution for medium-sized, and especially for enterprise-sized, organizations. SMS provides advanced features for deploying and managing software, Windows patches, and critical updates. If you use SMS as your software management solution, use the SMS Feature Pack, instead of SUS, to distribute patches and critical updates to your clients. However, SUS, used with the Automatic Updates client, is the recommended solution for distributing Windows patches in conjunction with Group Policy–based software distribution.

Although there are certain instances where you would choose one software deployment method over another, you can also use many of these Microsoft technologies together, depending on your needs. For more information about using these Microsoft software deployment methods to provide a combined solution, see the Application Deployment link on the Web Resources page at https://www.microsoft.com/windows/reskits/webresources.