news / tech talk

In spite of the advances made in desktop operating systems (if you consider Vista an advancement), efficiently managing desktops can still be a tough job for businesses large and small. If a company is fortunate enough to have a well trained IT staff, there are several tools on the market that can simplify desktop management. Unfortunately, many businesses grow from just a few systems to 10 or more PCs and headaches begin with lost time, data, and productivity. A popular option is to simply outsource desktop management to a local IT company. If this can be done for a reasonable fee and the outsource company can react quickly when you have problems, it can save a lot of money over dedicated IT staff.

However, if a business wants to support its own desktops then there are some management rules and techniques that can ensure minimal maintenance time and good security. First, understand what you need your employees to do with the PCs you provide. Enable them to do what they need and not much more. Reserve administrative rights for administrators; most employees should not be downloading and installing software – the most common way to cause problems. Second, ensure a common or at least similar operating system and application baseline. Try to keep all of your operating system and applications at the same version and patch level so you always know what and how things should be operating. Nevertheless, apply critical OS patches quickly; the vulnerabilities patched have often been exposed for a while before the patch was even created. Also, ensure a good anti-virus program is enabled and up-to-date on all systems. Maintaining a common OS image is a good idea for quick deployment. Third, have a crystal clear company policy regarding computer usage and information storage; ideally have users sign employee or usage agreements stating they have read and understand the policy. The policy should state that company information will be stored on a central server (which you should backup nightly) and that any PC may be re-loaded to at any time to resolve issues. There should be other information regarding company policy on privacy and so on as well but this article concentrates on keeping operations simple.

If this basic structure can be established and maintained, it should greatly simply maintenance and operations and increase data safety in your business. By maintaining a restricted user access to administrative functions, you should reduce issues introduced by users accidently introducing Trojans, viruses, spyware, etc. You can further reduce these types of issues by employing a web proxy server or appliance, allowing only HTTP/HTTPS protocols from PCs to the Internet, and ensuring that all traffic flows through the proxy. This is in addition to network safeguards that I assume are already in place like a firewall. By maintaining a common baseline, the IT staff can spot system variances quickly and this speeds any troubleshooting necessary. Having a clear company policy ensures there are no misunderstandings or miscommunications to employees regarding acceptable use. Having a clear policy for centralized data storage simplifies data backup and management and increases the efficiency of desktop management. The increased efficiency is largely the product of IT staff having the ability to minimize time spent troubleshooting problems. If a system takes more than half an hour to troubleshoot, it should simply be reloaded with a clean image to a known baseline with all applications and data available within an hour.

These measures still require tools to implement and manage but the concepts are straightforward and can save a great deal of wasted time for IT staff and employees.

Lee Le Clair is the CTO at Ephibian. His Tech Talk column appears the third week of each month in Inside Tucson Business