Altiris Symantec Management Platform – Part 2: Patch Management, PCAnywhere, and reporting

In the last part of this three part series over Altiris Symantec Management Platform I gave an overview of the Symantec Management Console, Computer Management, and Software Management. In this part we will be going over Patch Management, remote desktop with PCAnywhere, and the different types of reporting available in SMP

Andrew Jacops By Andrew Jacops - Fri, April 26, 2013 - 0 comments

Andrew Jacops is a system/network administrator with over ten years experience managing Windows environments and the network infrastructures they run on.

Patch Management

Patch Management is the Symantec equivalent of Microsoft’s Windows Server Update Services. Patch Management exceeds WSUS by offering:

  • Popular Software Updates and Microsoft Updates
  • Finer Deployment Control
  • Throttling via the Symantec Client
  • Package Pushing
  • Supreme Reporting

Patch Management is similar to Software Management in many ways. Packages for new patches are created and pushed out to the client machines via scheduled policies or tasks, and they can be reported on for compliance, saturation, and utilization. The major difference between the two is how the installations are obtained.

In Patch Management updates are downloaded to the server through the Vendors and Software area of the SMC. Shown below is a small list of the many software vendors that updates can be downloaded for.

Patch Management vendors

Patch Management vendors

When expanded, the different software titles from the vendors are shown. There are even different versions of the same titles that patches can be obtained for. Symantec has gone to great lengths to keep this list of software updated in order to make management much easier for the admin.

Patch Management vendors expanded

Patch Management vendors expanded

Once downloaded, tasks and policies can be created for the patch and then pushed to any machines that require it.

I’ll write more on reporting shortly, however, I think it’s pertinent to mention at this point of the article that finding what devices need a patch is as easy as running a report in the Reporting section of SMC. Symantec has a whole list of reports that can be run for updates.

Patch Management reporting

Patch Management reporting

This particular report conveys how many devices need an update, what the compliancy percentage is, what type of patch it is, and a slew of other important information. Creating a package to deploy may not even be worthwhile as only a few computers need it.

Patch Management reporting info

Patch Management reporting info

PCAnywhere

A must have in any admin’s tool belt is a way to remotely connect to and control a user’s computer to teach, fix, or just to get a clearer idea of the problem. Symantec Management Platform comes with one of the best remote desktop tools available: PCAnywhere.

PCAnywhere connection

PCAnywhere connection

As a quick side note, I would like to mention SMC also supports opening via RDP and VNC if they are installed and configured on both the client and administrator machines.

When the Symantec Client is deployed onto a device, as an option, PCAnywhere can be automatically installed with it. Permissions can then be given to certain groups or people to access these devices. Groups and users can include:

  • Any LDAP/AD Group or User
  • Any Group or User on the SMP Server
  • Manually Created Users

Permissions can include:

  • View Only
  • Full Control
  • Lock the Host Keyboard and Mouse
  • Completely Blank the Host Screen
  • Accepted by Client Only

PCAnywhere Permissions

PCAnywhere Permissions

Using these permissions, users can be set up to allow view only permissions so someone in the finance department can show someone in the credit department how they use an application; or full control can be given so that an admin can fix a nagging issue on the user’s machine.

Just as the Patch Management solution has reporting, so does PCAnywhere. Reports can be pulled to see who connected to what computer, when, and for how long. These are paramount when it comes to PCI or any other auditing.

Reporting

Reporting is one of the major selling points of this software platform in my opinion. Reports can be generated and created for just about anything in the database. Out of the box examples include:

  • Software and Update Compliancy
  • Server and Desktop OS’s
  • Primary Users for a Device
  • Power Scheme Settings

And the list goes on and on.

Reporting categories

Reporting categories

Custom reports can also be created and ran against specific groups of devices, users, or a hybrid of both. A quick example would be creating a report to find out which computers are needed for a motherboard recall by using the serial number field and who they belong to by the primary user field.

Custom reports can be as simple as selecting items that you want to report on or creating custom SQL queries to run inside the report.

Custom reports

Custom reports

 

Summary

This concludes the second part of this three part series over Altiris Symantec Management Platform. So far Computer Management, Software Management, Patch Management, PCAnywhere, and several aspects of reporting have been covered for various pieces of the SMP.

The next and final article in this series will cover computer imaging and what Symantec Management Platform brings to the table that Ghost and others don’t.

Until then, thanks for reading!

-1+1 - Rate this post
Loading ... Loading ...
Your question wasn't answered? Ask in the new 4sysops forum!
===Leave a Comment===

Login

Lost your password?