Microsoft System Center Configuration Manager 2007 Desired Configuration Management

Assess, Deploy and Update from Desktops to Datacenters and Beyond

Proactively manage systems configurations to enhance availability, security features and performance while streamlining your systems compliance efforts Monitoring configuration changes across the network is a growing IT challenge. Configuration errors account for the vast majority of unplanned downtime for servers and workstations alike. Whats more, organizations face intense pressure to comply with increasingly rigorous regulatory requirements. With the constantly changing nature of technology, many organizations must dedicate vast amounts of IT time and resources to ensure their systems remain compliant. Desired configuration management in System Center Configuration Manager 2007 reduces the complexities of monitoring configuration changes in even the most complex IT infrastructures. Administrators can easily monitor and capture configuration information of servers, desktops, laptops and mobile devices across their network and evaluate the compliance of those devices against regulatory and corporate requirements. They can use Configuration Manager 2007 to remediate non-compliant systems with software distribution that automatically targets computers reporting noncompliance. By helping businesses ensure that systems remain in compliance with a defined desired state, Configuration Manager 2007 can enhance IT systems availability, security features and performance while streamlining systems compliance efforts.

Defining Corporate Configuration Standards Establishing and complying with corporate configuration standards is a critical business function that helps improve operational efficiencies and enhance IT security by providing guidelines and practices for configuring and managing IT environments. With Configuration Manager 2007, organizations can identify required and prohibited configurations for clients, servers and applications and report on compliance against those definitions. Configuration Manager 2007 allows IT departments to assess compliance with regard to a number of configurations, such as whether the correct Windows operating system versions are installed and configured appropriately, whether all required applications are installed and configured correctly, whether optional applications are configured

appropriately, and whether prohibited applications are installed. Additionally, administrators can check for compliance with software updates and security settings. With Configuration Manager, IT administrators define configuration baselines to establish the rules that describe what determines compliance for their particular IT environment. Building Configuration Knowledge Baseline configuration knowledge in Configuration Manager 2007 can come from several sources. Administrators can build their own configuration baselines or they can import Configuration Packs from Microsoft or third party software vendors. Configuration Packs are best practices that Microsoft and other software vendors create to identify common configuration errors for applications and operating systems that compromise system availability. Configuration Packs also help IT

departments identify security vulnerabilities, as defined by Microsoft and other software vendors, across their enterprise. Configuration baselines are built on common standards used throughout System Center, such as Service Modeling Language (SML), that enable standardization and reuse of operational knowledge. Whats more, SML allows hardware and application vendors to build standard models that IT administrators can manage with Configuration Manager 2007. Measuring Compliance With their configuration baselines established, IT administrators can apply the baselines to computers or collections of computers and define schedules by which the clients will evaluate and report their compliance against the baseline. If a computer is not connected to the network at the scheduled evaluation time, it will perform the evaluation and report its compliance status upon reconnecting to the network. Whats more, administrators can set noncompliance severity levels that allow them to rate the severity of a noncompliance status so that they can prioritize attention and remedial action. Reporting Compliance Reporting compliance with Configuration Manager 2007 is a streamlined effort through the desired configuration management dashboard and through the ability for IT administrators to create query-based collections. The desired configuration management dashboard provides

immediate visibility into the status of compliance with configuration baselines. Query-based collections make it easy to remediate the non-compliant computers. With Configuration Manager 2007, administrators can run a number of desired configuration management reports that let them review the overall compliance status across managed Windows systems. They can use the reports to drill down into details, such as which computers are compliant or noncompliant and which element of the configuration baseline is causing a computer to be non-compliant. By quickly identifying non-compliant configurations, Configuration Manager 2007 helps improve systems availability, security features and performance by reducing problems associated with configuration drift. It also improves Helpdesk troubleshooting and reduces the time required to resolve incidents by providing a means to detect probable causes for reported incidents and problems. IT administrators can also use the desired configuration management reports to verify the accuracy and effectiveness of planned configuration changes in their environment and to ensure that physical and virtual machines are configured properly to prevent performance bottlenecks and security vulnerabilities. Configuration Manager 2007 can further assist IT organizations in their compliance efforts with automated

vulnerability assessment that discovers the need for patches and updates and reports on recommended actions. Remediation Because the desired configuration management functionality tightly integrates with the other components of Configuration Manager 2007, remediation of non-compliant computers is efficient. Administrators can use desired configuration management compliance state messages to build query-based collections from which they can remediate the non-compliant computers by deploying software, updates, scripts or task sequences. IT administrators can schedule the actions to take on their IT systems through the use of Wake on LAN and Maintenance Windows, enabling organizational mandate compliance with minimal disruption to network operations. System Center Configuration Manager 2007 is a solution to comprehensively assess, deploy and update servers, clients, and devicesacross physical, virtual, distributed and mobile environmentsthat, optimized for Windows and extensible beyond, is the best choice for gaining enhanced insight into and control over IT systems. With desired configuration management, IT departments can retain control over their constantly changing IT environments, enhancing availability, security features and performance while streamlining their systems compliance efforts.

To learn more about System Center Configuration Manager visit http://www.microsoft.com/systemcenter/configmgr

2006 Microsoft Corporation. All rights reserved. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. The information represents the product at the time this document was printed and should be used for planning purposes only. Information subject to change at any time without prior notice. This data sheet is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, Windows, the Windows logo, and Windows Server System are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.