2. Patch Management using SMS 2003 Technical Overview Tev Sanders Sr. Management TS Microsoft Corporation Tev Sanders Sr. Management TS Microsoft Corporation

3. Agenda Early adopters Architecture Review Security Patch Management The Investments Continue… Resources Questions and Answers

4. EAP Experiences “I don’t think I’ve seen SMS distribute packages so well in the 6-7 years I’ve worked with it” – NCR “You know NCC are really, really happy about SMS 2003. … we are having quite a few reference visits from other customers.” – NCC Denmark “I love this product!!” – Marathon Oil Production Deployment Status: “When SMS 2003 is released this fall, it will shake up the configuration management market” - Giga "eWeek Labs' test lead us to recommend that IT managers take a close look at this new, leaner Windows management platform. In fact, we think that any organization that is evaluating mobile management systems should immediately put SMS on its short list." - eWeek 1,750 NCC Denmark 2,484 US Gov’t Fin. Agency 5,920 Dept. of Education and Skills 108,212 Microsoft OTG 4,426 Motorola 9,271 NCR NCR 7,509 SAP 11,129 Marathon Oil 3,554 Towers Perrin 2,599 JetBlue 3,707 Aquila 4,127 TÜV NORD Gruppe Clients SMS EAPs Dell Dell 40,112 Boeing Boeing 40,110 40,110

5. Microsoft Internal OTG Success Over 108,000 Clients Deployed Over 5,500 Servers Managed around the world The tool used by Microsoft to ensure compliance of security patches across Microsoft Using SMS 2003 OTG can obtain:  Accuracy of patching  97% compliance within 4 hours  100% accountability  Scalability & Performance  5,500+ managed Windows servers  within 7 hours.  Software distributions since July 2003  350,000 installations/configurations

6. Dell Servers Patch Management Integration Seamless integration into Microsoft SMS 2003 Patch Management Consistent operations for both software patches and hardware updates using the same Microsoft application  Dell Compliance Reports using SMS Administrator Console  Dell Updates using SMS Software Distribution Wizard  Dell Website integration for latest update downloads

7. Site Systems Roles Management Point Server Locator Point Distribution Point Reporting Point Client Access Point Site Server SMS Site Database

8. Site Hierarchies Primary Site (Child and Parent Site) Secondary Site (Child Site) Primary (Central) Site (Parent Site) Primary or Secondary Site (Child Site) SQL

9. Delta Replication Distribution Point SMS 2003 Central Site Distribution Point SMS 2003 Secondary Site Distribution Point SMS 2003 Primary Site

10. Software Delivery Status (2)

11. Reporting Extensible web-based reporting tool  Based on automatically maintained, high performance SQL Views  Schema based on SMS Provider  Documented and supported,  Improvements from original web version  120 pre-built reports  Dashboard functionality makes it easier to customize reports  Multiple reports in a single view  Integrated security support  Internationalized versions Exporting Reports  Can export/import report properties into other SMS environments

12. Web Reporting

14. SMS 2003 Security Patch Management Improve security of the Windows environment through increased vulnerability awareness and reliable targeted delivery of updates.

15. Maintain integrity of IT environment  Identify critical patches  Determine vulnerable systems  Deliver patches reliably and quickly  Accurately report delivery status Systematic process  Need to control the patch process  Reduce patch management deployment costs  Need to increase patch management reliability and effectiveness Security Patch Management Demands

16. Security Patch Management SMS Delivers IT environment integrity preservation  Vulnerability assessment  Status and verification reporting Infrastructure, process, and control  SMS 2.0 SUS Feature Pack integrated into SMS 2003  Leverages SMS 2003 infrastructure  Bandwidth efficient and priority aware  Added administrator control  Flexible targeting  Improved end-user experience

17. Integrity Preservation Vulnerability Assessment  Leverages existing tools like MS Baseline Security Analyzer  Collects MBSA results for storage in a central repository  Rich reporting provides detailed vulnerability analysis and enables mitigation planning Status and Compliance Reporting  Deployment status as patches are delivered  Built-in reports, status messaging, and summarization  Determine actual baselines in the environment before changing the environment  Reference computer templates for baseline determination and compliance

18. Infrastructure, Process, And Control SMS 2.0 SUS Feature Pack integrated into SMS 2003 Leverages SMS 2003 infrastructure  Delta replication, bandwidth efficient and priority aware BITS client  Up to 99.9+% reliability in patch delivery Flexible targeting  Active Directory, non-Active Directory groups, WMI properties Improved administrative control and end-user experience  Dynamically acquires the desired patches from Microsoft and pre-assembles them into a ready-to-deliver package  Addresses reboots  Reboot-needed detection  Optimized graceful reboots with enforcement  Reminders, rescheduling and ad-hoc reboot  Easily run awaiting updates  Merge patches from testing into production

19. Patch Management Client Experience

20. Patch Management Client Experience (2)

21. Patch Compliance Reporting

22. Patch Compliance Reporting (2)

23. Management Point Distribution Point Local Client Cache Advanced Client Download And Execute Distribution Point Washington, DC SMS 2003 Primary Site Richmond SMS 2003 Primary Site SMS 2003 Advanced Client Managed by Redmond New Program Installed

24. Security SMS 2003 provides a new Advanced Security mode  Reduces number of service accounts  Less administrative overhead  Leverages Local System account  Domain Admin rights not required  Advanced client platform is recommended  Uses no accounts unlike legacy client SMS 2003 provides security rights delegation

25. The Investments Continue Mobile Device Management Feature Pack  Add-on to SMS 2003 to manage Windows CE/PPC based devices  Delivers an integrated solution for servers, desktops, and devices OS Deployment Feature Pack  Ability to deploy industry recognized images to existing desktops  Integrated process for planning, state, and data migration, OS deployment, and post deployment changes

26. How Microsoft Can Help You Today SERVERSCLIENTS

27. Introducing System Center

28. Dynamic Systems Initiative 2004-200520032006+ Products/ Solutions ManagementSolutions Server Apps and Dev Tools WindowsServer Visual Studio “Orcas” Automated Deployment Services (ADS) Microsoft Virtual Server Software Update Services (SUS) 3 rd Party Management Products and Solutions Visual Studio “Whidbey” 3 rd Party ISVs and Tool Vendors

29. Resources Attend MMS – Microsoft Management Summit – March 15-19 th – Las Vegas Join MSSMS Topica.com discussion list – 800+ SMS admins worldwide discussing SMS – link from myitforum.com Join MAWMUG – come to mtg inDC office on the 3 rd of December – 6:30 PM – check myitforum.com user groups for more info Get Product Docs on microsoft.com/sms 641 page Concepts and Planning Guide tevs@microsoft.com

30. Questions

31. “Help me deploy key applications reliably.” “Help me understand what I own and what I’m using.” “Help me protect my IT environment.” New vulnerability assessment tool Streamlined patch deployment Greater administrative control Standards-based inventory More granular discovery New metering solution New reporting tools New compliance checking Utilizes Windows Installer Service Enables targeted rollouts Detailed package status and reporting information SMS 2003 Delivers

32. “Help me realize my IT investments.” “Help me support my mobile workforce.” “I need an enterprise-ready solution.” Integration with Windows infrastructure Easier to deploy in existing environments Leverages Active Directory New advanced client Support infrequently connected users Supports roaming users “most impressive of the year” — eWeek “I love this product!!” —Marathon Oil SMS 2003 Delivers

33. Questions?

34. © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

35. © 2003-2004 Microsoft Corporation. All rights reserved. This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.

36. Appendix Supporting Materials

37. Mobile Client Behavior Detailed

38. SMS 2003 Client Interaction Primary Site Server Site Database Distribution Point CAP Legacy Client SMS 2003 Advanced Client Management Point SMS 2.0 compatibility

39. Advanced Client: At Home Primary Site Policy Content Location Content Primary Site Assigned Site

40. Advanced Client: Regional Roaming Roaming Site Policy Content Location Content Primary Site Assigned Site Roaming Site

41. Advanced Client: Global Roaming Management Point Location Content Location Content Active Directory Policy Primary Site Assigned Site Roaming Site

42. Systems Management Server 2003 Screen Shots (Reference)

43. Add/Remove Programs Integration

44. Software Delivery Status

45. Software Delivery Status (2)

46. Software Delivery Status (3)

47. Software Updates

48. Patch Deployment Wizard

49. Patch Deployment Wizard (2)

50. Patch Deployment Wizard (3)

51. Patch Deployment Wizard (4)

52. Patch Management Client Experience

53. Patch Management Client Experience (2)

54. Patch Compliance Reporting

55. Patch Compliance Reporting (2)

56. Web Reporting

57. Deployment Readiness Wizard

58. Deployment Readiness Wizard (2)