Securing IT with Systems Management Server
|
On This Page
 | Using SMS to Get Secure, Stay Secure |
| Comparing Microsoft Software Update Services |
The Microsoft Strategic Technology Protection Program (STPP) is a comprehensive program designed to assist organizations in making their Microsoft Windows®-based environments secure, and keeping them secure. As part of this program, Microsoft Systems Management Server—the enterprise standard for asset inventory and software distribution—can play a key role in the security of your IT infrastructure.
Using SMS to Get Secure, Stay Secure
With its hardware and software inventory capabilities, together with its features for software distribution, Systems Management Server gives you the means to know what hardware and software assets are in your enterprise IT environment and enables you to react to sudden changes. For this reason, it can be a valuable tool in protecting your Windows-based desktops and servers from outside security and virus attacks.
In the scope of the Strategic Technology Protection Program, Systems Management Server plays an even more important role in IT security, in particular in terms of security update management. Now, you can take better advantage of the scale and control of Systems Management Server to send critical security updates to the right machines at the right time, with complete status and inventory to verify they have installed correctly.
Distributing the Microsoft Security Tool Kit
Microsoft's first release as part of the STPP program was the Microsoft Security Tool Kit. This kit is a collection of tools and system updates designed to help you protect your systems from common dangerous threats that you are likely to encounter on the Internet. Also included in this kit are all the documents and scripts to automate the deployment of the Security Tool Kit with Systems Management Server. Systems Management Server when used with the utilities of the Security Tool Kit, returns detailed status information to confirm successful deployment of the fixes. This is one of the fastest and easiest ways you can use Systems Management Server to get your systems to a base level of security.
Extending Security Update Management with the SMS 2.0 Software Update Services Feature Pack
Systems Management Server is also widely used today for distributing critical security updates for Windows-based desktops and servers. Enterprise customers around the world have used Systems Management Server 2.0 to avoid system downtime and loss to virus attacks like Code Red and Nimda. The current process of using SMS inventory technology to determine the presence of necessary patches—and get these patches from Microsoft for deployment—is not as efficient or cost-effective as it could be. The Systems Management Server 2.0 Software Update Services Feature Pack addresses these important areas.
Systems Management Server is integrated with supported Microsoft scanning tools for Windows and Office security patches, so that entire enterprises can be scanned regularly, and the results stored by SMS as inventory. With standard reports, enterprise IT administrators can now see how compliant their Windows systems are for Windows and Office security updates.
Another key challenge is to gather the appropriate updates from Microsoft into a format that can be easily distributed in enterprise IT environments. The Systems Management Server 2.0 Software Update Services Feature Pack will be automating the acquisition of all necessary security updates with a simple wizard. This will allow the administrator to use Systems Management Server to automatically download all applicable critical updates and create a single, easy to distribute package. Not only will you know what vulnerabilities there are, but you will also have a simple way to respond to them quickly.
Comparing Microsoft Software Update Services
For medium-sized enterprises, Microsoft is providing a version of Windows Update for installation inside corporate firewalls. Microsoft Software Update Services (SUS) works through a service installed on an internal Windows 2000-based server that can download all critical updates as they are posted to Windows Update. The main purpose of SUS is to get critical updates for Windows 2000 and Windows XP inside your corporate firewall as quickly as possible.
For more information on Microsoft Software Update Services, please see Software Update Services on the Windows 2000 site. For more help in choosing which updating solution is right for you, please see Choosing a Security Update Management Solution.