

Dynamic Desktop Solutions for the Enterprise Microsoft Desktop Optimization Pack

We live in an always-on world where technology is crucial to success. End-users must be able to work productively and securely from any PC, any time—without draining IT resources. The way you manage enterprise desktops can make the difference between a thriving organization, and one that just tows the line.

If you want to transform your desktop management, subscribe to the Microsoft® Desktop Optimization Pack for Software Assurance. It delivers a dynamic, highly cost-effective IT infrastructure that gives you greater control over enterprise desktops, accelerates and simplifies administration, and makes IT highly responsive to all users, everywhere.

 Dynamic IT Infrastructure INTRODUCTION : 1

Innovative Technologies

The Microsoft Desktop Optimization Pack extends the value of Windows Vista. It lets you reduce application management costs, instantly deliver applications as services, and better control enterprise desktop environments. When combined with Windows Vista Enterprise, it delivers the Optimized Desktop—the most cost-effective and flexible means for managing Windows desktops. Subscribing to the Microsoft Desktop Optimization Pack, an additional subscription available only to Microsoft Software Assurance for Volume Licensing customers, gives you these innovative technologies:

Deploy virtualized software applications that are never installed and do not require application to application regression testing. Turn Windows applications into centrally managed services that won’t conflict with other applications and are delivered instantly to any desktop or laptop.

Advanced software inventory scanning technology analyzes all applications installed on the desktop and translates inventory data for many titles into admin-friendly information, available instantly.

Proactively manage problems with applications and system components that crash or cause your live PCs to hang.

Quickly repair unbootable or locked-out systems, recover lost data, prevent future downtime, remove malware, and pinpoint the cause of PC problems.

Increase control over Group Policy Objects (GPOs) through better GPO change management, versioning and roll-backs, and robust role-based administration and delegation.

Enhance deployment and management of Virtual PC images on a Windows Desktop while also providing a seamless user experience on a Virtual PC environment independent of the local desktop configuration and operating system. BENEFITS : 2

Benefits and Results

Together, the Microsoft Desktop Optimization Pack technologies change the way you manage desktops by:

Ü Improving PC manageability and driving down TCO by eliminating time-consuming processes, centralizing desktop management, and better managing software assets.

Ü Quickly deploying and benefiting from the latest Microsoft software applications.

Ü Improving end-user uptime by ensuring that productivity impact is reduced during deployments, upgrades or patching, and minimize downtime from PC problems.

Ü Reducing IT burden by enabling end-users to automatically get approved applications and the newest software versions without local desktop intervention, and by quickly monitoring, diagnosing, fixing and preventing PC problems.

Ü Accelerating OS migrations by minimizing application-to-OS compatibility issues and regression testing.

Ü Effectively managing software asset inventory to ensure compliance and optimize IT budgets.

Ü Enhancing desktop control and stability through centralized control of application permissions and simple change management and rollback of Group Policy.

Ü Transforming static environments into a dynamic, services-oriented infrastructure that more easily accommodates future changes. case studies : 3

 Case Studies CASE STUDIES : 4

Forsyth County, North Carolina Microsoft Advanced Group Policy Management

“Advanced Group Policy Management has been like a magic The Results: bullet for us. Its automated change management and work- flow-enabled delegation capabilities are impressive. I wouldn’t • Easily and safely build Group Policy Objects: Wilcox’s be able to manage GPOs without it.” team can now easily build GPOs, optimize and test them by linking them to a test organizational unit (OU), and then Michael Wilcox MIS Client Services Supervisor, Forsyth send them to the server group for linking to production OUs. Forsyth no longer has to wait for PCs to be replaced or implement wide-scale changes manually in order to The Challenges: manage PC settings; they can roll-out changes as needed with Group Policy. In Forsyth County’s IT department, which supports approxi- mately 1,400 users and 1,650 PCs and laptops, PCs and serv- • Simplify delegations and permissions: With Microsoft ers are managed by two separate divisions. Wilcox’s group Advanced Group Policy Management’s workflow-enabled handles PCs. They needed Group Policy, however the tools review process and offline editing features, Wilcox’s team to do so were managed by the server group. Because the can develop and manage PC group policies while being server and PC groups share a single domain, granting Wil- assured that deployed GPs will not negatively impact pro- cox’s team the permissions needed to manage GPs would duction PCs or Forsyth’s server team’s environment. mean that any changes the PC team made could affect the servers as well. Also, because Wilcox’s team couldn’t change • Streamline change management: Microsoft Advanced configurations on the fly, they only made systemic changes Group Policy Management provides automated, self-doc- when it was time for PC replacements. In extreme situations, umenting capabilities, so Forsyth admins don’t have to they would have to spend time re-imaging entire groups of document any changes to group policies themselves. “The PCs to get them configured correctly. Finally, Wilcox’s team change management capabilities are compelling. By not had resorted to pushing out changes, such as registry settings, having to change information in two places and put pro- by using scripts. cesses in place to keep the information synched, we elimi- nate a lot of time-consuming tasks. Knowing that we can always trace a GPO back to its beginning is a great benefit,” The Solution: Wilcox noted.

Wilcox needed to manage PC configurations with Group Pol- icy, but without the necessary Active Directory permissions they were unable to create or edit GPOs. Then he learned about Microsoft Advanced Group Policy Management. “It’s amazing. Managing our desktop configurations is so much easier. We’d be floundering without it,” Wilcox said.

The Forsyth team can now easily build GPOs, optimize and GPOs Easily and test them before deployment. safely built CASE STUDIES : 5

Expedia Inc. Microsoft Asset Inventory Service

“This technology enables Expedia to quickly and efficiently The Results: discover software installations in all remote, mobile, and corporate locations, as well as provide a facility to compare Discovering rogue software: Expedia found that 25 percent these findings with our license entitlement information from of the software on its employee workstations and other PCs an Independent Software Vendor. The rapid set up time, ease wasn’t supposed to be there. This included software down- of use, and effectiveness positioned us to recover our invest- loaded by employees without the IT staff’s permission. Many ment eight times within 90 days of initiating the deployment.” of these rogue programs performed the same tasks as ap- plications the company already licensed and supported. In Terry Blake director of IT procurement, Expedia addition to increasing the strain on the company’s servers, these applications create compatibility problems and expose the company to potential legal risks if they aren’t properly The Challenges: licensed. “For the first time, we had solid proof. Before we just had to guess,” Blake said. Now, Expedia can take the neces- Expedia Inc., the parent company of Expedia.com online travel sary steps to control what software resides on its employees’ company and more than a dozen other online services and computers. companies, is challenged with managing software assets on the company’s 5,700 desktops and other PCs. It was extremely Financial savings: Expedia’s first inventory recouped the cost difficult to get an accurate handle on what software resides of the Microsoft service eight times over. The company had on which workstations. thought it was running many more versions of a vendor’s software than it actually was. “If you don’t perform accurate inventories, you are either spending money on software you The Solution: aren’t using or don’t possess—or you are increasing your unfunded liabilities,” according to Blake. To help Expedia reduce its IT management and support headaches, as well as gain insight into the software on the company’s client devices, they turned to Microsoft Asset Inventory Service. Microsoft Asset Inventory Service sends a single “pulse” across a company’s IT network to identify all installed software by name, ISV, family and category. The tool reconciles the data against a knowledge base of many software titles. This information is then used to decipher the data and create detailed, browser-based reports for Expedia that provide views by organization, individual workstations or employees.

Expedia recovered its investment eight times over within just 90 days 8 Investment of initiating the deployment. recovery CASE STUDIES : 6

Swedish Medical Center Microsoft Application Virtualization

“Application Virtualization resulted in huge benefits right off • Constrained access for roaming users: Swedish has mul- the bat, including the ease and speed of deploying applica- tiple campuses and many applications were localized on tions, true roaming experiences, and the ability to easily swap servers for each campus. As a result, when users went to out desktops. It’s been a fantastic solution for us.” another campus, their applications wouldn’t be available. “We had a broken environment for roaming users. It was a MIKE CRISS MANAGER OF INFRASTRUCTURE ENGINEERING, SMC common complaint,” Criss noted.

The Challenges: The Solution:

Swedish Medical Center’s IT department supports more To upgrade its environment, Swedish worked with Kennedy than 500 applications on 4,500 desktop and laptop PCs and Consulting, who developed a strategic plan for improving 150 thin terminals. Its clinicians and administrative staff are their overall efficiency and effectiveness. With Kennedy’s as- spread across multiple hospital campuses and clinics. Deploy- sistance, Swedish decided to migrate from Novell Netware ing and supporting applications for users who need to work and the older versions of Windows OS to Windows XP SP2 from many different locations was incredibly challenging: and Microsoft SMS for patching, upgrades and other func- tions. Swedish knew that migrating 400+ applications to XP • Time-consuming deployments: It typically took Swedish would be incredibly resource-intensive because of all the re- weeks, if not months, to deploy applications. Applications gression testing they would have to do. They considered were deployed in one of two ways: 1) Enterprise applica- outsourcing the migration and got a bid for $500,000 for this tions were delivered using Novell Zenworks. “These things one-time project. Swedish would then have to spend even exploded into incredibly long engagements just to deploy a more resources anytime they wanted to roll out a new appli- single application,” said Mike Criss, manager of infrastructure cation following the migration. engineering for Swedish. “Before rolling out an application, we’d do some testing and then wait until it went into pro- During the planning process, Criss and his team came across duction to see what broke. It was a brutal way to test. It articles about Microsoft Application Virtualization. They wasn’t uncommon for new deployments and the resulting thought it might solve their anytime/anywhere roaming and conflicts to shut down functionality, such as key features in regression testing issues. Criss noted, “We worked with Ken- Word or Excel macros.” 2) For applications that were only nedy Consulting to do a proof-of-concept with four of our going to be used by a small group of people, IT would send toughest applications—McKesson STAR, ESI, IDX Lastword and a staffer to install them on-site on each desktop because Kronos timekeeping—and Microsoft Application Virtualization packaging for Zenworks would have taken too long. This worked exactly as promised.” Also important, it eliminated the resulted in many manhours spent in the field, diverting re- need for the expensive outsourcing of regression testing. sources that could have been used more strategically.

• Limited patching and updates: Although Swedish wanted The Results: to deploy patches and updates on a continual basis, they didn’t because “doing so was so painful,” according to Criss. Microsoft Application Virtualization has transformed the way Rather than deploy point releases, for instance, Swedish Swedish manages applications and supports its diverse user base: would wait for the full upgrade of the next major version of an application before initiating deployment processes. CASE STUDIES : 7

• Fast deployments and continual updates: Microsoft Ap- • Instant desktop replacement: Prior to using Microsoft plication Virtualization, which Swedish used to virtualize Application Virtualization, Swedish IT had 20 images that approximately 500 applications, eliminates the need for they had to support and manage. They have since trimmed extensive compatibility testing, enables applications to be that to just three images. Now when a desktop must be assigned centrally through Active Directory, and automati- replaced, IT sends it out with a base image and when the cally provides the newest version of authorized applications user logs onto the network he automatically gets all his every time a user logs onto a PC. Now, instead of taking applications. Before, it often took 3-8 hours, if not days, to several months to deploy an application enterprise-wide, get a desktop up and running, and it wasn’t even always it takes less than three days: “One day for sequencing, one fully functional. “With Microsoft Application Virtualization, day for testing, and then we just turn on the AD group and desktops become agnostic devices that, when attached to let it go. It’s truly that fast,” according to Criss. “We go from the network, get everything the user needs instantly,” Criss packaging to virtually instant roll-out.” In addition, where- explained. as in the past Swedish wouldn’t roll-out updates or patches on a regular basis, now IT handles about five deployments • Cost savings: In addition to saving the $500,000 that every week. “We’re so much more agile and flexible with Swedish would have spent on outsourcing the XP migra- our roll-outs and upgrades.” Swedish also doesn’t have tion, Microsoft Application Virtualization helps save money to send IT staff on-site to install applications for smaller on licensing and on personnel-related tasks such as test- groups. Everything is handled centrally. ing, deployment and associated helpdesk support. In all, Swedish saved more than $1 million in the first year alone. • Anywhere access for roaming users: Because Microsoft Application Virtualization follows the user, not the ma- • Improved Citrix management: Microsoft Application Vir- chine, nurses, physicians and staff can now roam from tualization has enabled Swedish to reduce the headache campus to campus and access their applications without associated with managing silos on its Citrix server farm and worry. “We interviewed users after the deployment to ask has given them more flexibility in the way they manage whether their experience had changed. They consistently terminal services. Whereas in the past they could only run cited the ability to get their desktops no matter where they a few applications on a single Citrix server, today they can were working. They had no idea what we did to fix it, but run any of the 500 Microsoft Application Virtualization- were very happy with the results,” Criss said. based applications. “If an application works on XP it will work on Win2003 via Citrix. There are no conflicts, and we • Accurate application licensing and tracking: With Mi- don’t have to silo the way we did in the past,” Criss noted. crosoft Application Virtualization, Swedish knows every version of software that’s deployed on its clients and ex- actly how people are using each one. As a result, Swedish ended up eliminating a few applications because nobody was using them. With other applications, they adjusted the licensing to reflect actual use. For instance, Swedish had 150 licenses for a clinical application but found out Swedish Medical Center saved $1 through Microsoft Application Virtualization that only 25 million-plus in deployment and support- people used it concurrently. Not only did they save money 1 related activities, and cut deployment Million -plus on the license reduction, they saved on ongoing mainte- time from 2-3 months to 3 days. savings nance fees as well.  The Technologies TECHNOLOGIES : 9

Transform applications into virtualized services that are available instantly, anywhere

Today’s business desktop is awash in applications. Each in- stalled application requires lengthy application to application regression testing and deployment processes before it reach- es production. Because applications are only available where they are installed, users are tied to their computers. All of this makes complex yet critical business projects such as OS and application migrations, security refreshes, and disaster recov- ery plans even harder to complete.

Microsoft Application Virtualization changes that. It renders the many time-consuming steps that drain resources obso- lete. With Application Virtualization, desktop administration is a simpler, automated process for deploying, patching, up- dating, and terminating applications. And it requires much fewer IT resources than you’ve ever had to use.

Microsoft Application Virtualization works by transforming applications into virtualized, network-available services that are never installed, which minimizes conflict and costly ap- plication to application compatibility testing. Your users and their application environments are no longer machine-specif- ic. The machines themselves are no longer user-specific. All of this helps you be much more flexible and responsive to busi- ness needs, while slashing the cost of PC management.

Application Virtualization: Advantages

Minimize application conflicts and regression testing By reducing the requirement to install applications on desk- tops or terminal services, and shielding the OS and applications from changes created when applications are installed, Micro- soft Application Virtualization minimizes problems that hinder application deployments. This also reduces lengthy applica- tion to application regression testing. Now applications that would traditionally conflict with each other can easily co-exist on a single desktop or Terminal Services session. TECHNOLOGIES : 10

Simplify OS migrations and patching Dynamic streaming delivery Turn time-consuming, tedious migration and patching projects Rather than “pushing” down and installing entire applications, into largely automated, conflict-free processes. Most applica- the first time an application is requested, the client rapidly tions do not have to be repackaged for OS migrations, and this “pulls” only the code necessary to start the program from eliminates regression testing. Not only does Microsoft Applica- a central server—typically 20–40% of the total code. When the tion Virtualization accelerate migration to Windows Vista®, it session terminates, application settings and profiles are saved sets the foundation for easier future operating system migra- in a non-volatile cache, providing instant access for subsequent tions as well. use. The cached code enables applications to run locally with full functionality, even without a network connection. Build business continuity for applications Replicate your virtualized applications like any other en- Flexible, centrally managed deployment options terprise data to maintain a rapid failover plan for your Customers have a number of choices to deliver virtualized applications, significantly cutting end-user downtime. If you applications including a scalable management and deliv- configure Application Virtualization user profiles to persist on ery infrastructure that comes with the platform. Application the network, all user-specific virtual application preferences management tasks—including mobile, branch office, and can also easily be replicated to a back-up site. disconnected users—are more easily administered. Active Di- rectory® services integration reduces application assignment and change management to a few clicks. Streaming delivery Application Virtualization: Components may also be integrated with existing SMS, SCCM or third par- ty electronic software distribution systems. These capabilities Application virtualization are further extended to rarely connected, remote field users Microsoft Application Virtualization’s patented ability to vir- using the MSI based standalone deployment option. tualize applications—without changing source code—means applications can execute without installation, with appropri- ate levels of operating system and inter-virtual application Application Virtualization: Customer Impact interaction, while minimizing conflicts, or changes to the host computer. Microsoft Application Virtualization decouples ap- Customers have lowered application management costs by plications from the OS and enables them to run as network reducing—and sometimes eliminating—many of the tradi- services. This simplifies image management of the desktop tional steps needed to deploy and maintain applications. and reduces degradation of the host operating system or Customers have also been able to cut help desk costs by up other applications. to 30% by reducing call volume for application-related prob- lems, and reduce downtime by up to 80% by ensuring business continuity of applications. TECHNOLOGIES : 11

Translating software inventory into business intelligence Application Knowledgebase with many titles representing the vast majority of commercially available software (i.e., Getting an accurate, real-time handle on all the software purchased version of Adobe Reader vs. Free Adobe Reader), installed on enterprise desktops is incredibly difficult. Yet, to produce meaningful application information. This infor- doing so is critical for everything from license compliance mation can be transformed into actionable, browser-based and policy management to migration and true-up planning. reports that you can securely view online, anytime. You can see reports from an organization-wide perspective or drill Microsoft Asset Inventory Service changes this multi-faceted, down to view individual workstations/users. time-consuming endeavor into a streamlined, manageable task. It delivers an intelligent and comprehensive view of your Software license management enterprise’s desktop software environment through advanced By getting the most complete view of the software installed software inventory scanning and by translating inventory on your PCs, you can ensure that licenses you’ve paid for have data into useful, actionable information. been deployed and are being used—and that all software within your enterprise is compliant with your license agree- ments. You can even compare software licenses discovered Asset Inventory Service: Advantages within your enterprise with tables of software purchased. Microsoft Asset Inventory Service analyzes how you have • Effectively manage your software asset inventory to ensure deployed your Microsoft volume license agreements to help compliance and optimize IT budgets. you manage true-ups, renewals, and license reallocation. • Identify unapproved applications and installations. • Analyze usage to forecast organizational needs. Easily administered service • Enhance productivity in your IT infrastructure and staff. Microsoft Asset Inventory Service was designed for your ease of use. As a service, which can be enabled in just a few hours, inventory data is securely hosted by Microsoft, so there are Asset Inventory Service: Components no servers for you to maintain.

Advanced inventory scanning Security and privacy Gather data on all of your software assets in a single “pulse” Microsoft ensures that the data gathered in this hosted ser- that takes just seconds per system—and is transparent to vice is secure and remains confidential to your organization. your users. It identifies all installed software by name, ISV, In addition to equipping our data center redundant systems, family, and category. It efficiently scans systems for software we protect web sessions with secure socket layer (SSL), use through Add/Remove Programs, chases referral links, PIDs, Windows Live ID to authenticate users, and secure data trans- MSI history, and much more. The agent that enables all of this fer via Indigo-based protocols. has a small footprint on the client. To minimize the impact on bandwidth, scanning is automatically randomized—at inter- vals you can adjust—so that clients run at different times. Asset Inventory Service: Customer Impact

Comprehensive inventory reports Microsoft Asset Inventory Service reduces application man- We help you make sense of your data. The inventory data agement lifecycle TCO through advanced software inventory is reconciled against the Microsoft Asset Inventory Service scanning and inventory tracking. TECHNOLOGIES : 12

Increase end-user productivity while lowering the total cost of desktops. Windows Error Reporting causes the pop-up that Windows client ownership appears on clients when applications hang, asking users if they want to send an error report about the problem to One of the most severe, and difficult to resolve, desktop Microsoft. Desktop Error Monitoring leverages this technology problems is when an operating system or application stops to capture and forward errors without your IT department responding. End-users typically deal with this by rebooting ever having to deploy an agent to the client. Using Group their systems. They rarely tell IT about the problem. Because Policy, an administrator can redirect these sources to a central of this, IT has limited visibility into these issues and, as a result, server in your department. If desired, you can also configure no way to proactively resolve them. the system so that your server passes crash data on to Micro- soft’s Error Reporting servers, to help Microsoft learn from Microsoft System Center Desktop Error Monitoring helps IT and prevent these types of problems from occurring. proactively manage these problems. It is an enterprise-ready, scalable, and low-cost deployment solution for granular error Rich SQL database filtering and alerting. Through agentless crash monitoring All client crash and hang data that is redirected to your IT technology, it identifies the impact, probable cause and reso- department’s server is stored in a relational SQL database. lution for failures—making desktops more stable and reliable. Robust SQL reporting enables you to gather and analyze data in actionable, IT-ready form for internal and custom client applications. System Center Desktop Error Monitoring: Advantages Troubleshooting/Resolution Knowledgebase Enhances IT help desk effectiveness, reducing cost of Windows Use Microsoft and third-party solutions to resolve issues that ownership: cause clients and applications to fail. System Center Desktop • Identifies the highest-occurring crashes. Error Monitoring can automatically download the latest trou- • Reduces resolution time via crash details and responses. bleshooting and resolution knowledge about Microsoft and • Assists in triaging patch deployments and updates. third-party software from Microsoft. This feature can help you • Provides metric for monitoring post-deployment effects. manage, or even avoid, these types of problems. Customers can collect additional diagnostic information from the Windows Improves desktop stability, increasing end-user productivity desktop to help them with quicker resolution of problems by and satisfaction: configuring custom diagnostic data collection rules. • Reduces downtime throughout organization. • Reactive: real-time awareness of critical errors. Customers using Microsoft System Center Desktop Error • Proactive: address errors in pre-production. Monitoring have the option of upgrading to System Center • Enables IT-controlled custom error responses to end-users. Operations Manager 2007. Doing so adds collective and busi- ness-critical monitoring capabilities to the agentless crash monitoring solution, enabling complete application, desktop, System Center Desktop Error Monitoring: Components and server application monitoring.

Microsoft System Center Desktop Error Monitoring makes it easy to collect, aggregate, report, and manage application System Center Desktop Error Monitoring: Customer Impact and operating system failures that cause PCs to crash. By enhancing IT effectiveness and improving desktop stability, Easy, fast deployment System Center Desktop Error Monitoring reduces the cost of The core technology needed for Desktop Error Monitoring— Windows desktop ownership. called Windows Error Reporting—is already on Windows Flexible recovery options The boot time GUI environment presents multiple tools for IT professionals to use in diagnosing system issues. These tools can perform offline or online repair of the problem(s) that may be causing a system to behave incorrectly.

Unique tools Using a bootable diagnostic environment with a Windows Explorer-like GUI, the toolset enables disk partitions to be re- paired or regenerated, hard disk drives to be securely wiped, Powerful tools that accelerate desktop repair local account passwords recovered, and much more.

Protecting corporate and employee data is one of IT’s most Cost savings important, and daunting, functions. While many IT depart- The tools also reduce IT personnel costs through the use of ments proactively back up network data, they tend to be a unified tool suite. They reduce downtime as the flexibility of reactive in planning for desktop system failures. Unfortu- the toolset results in systems returning to normal function in nately, not having an effective diagnostics and recovery plan a shorter amount of time. in place can be devastating.

Microsoft Diagnostics and Recovery Toolset can save signifi- Diagnostics and Recovery Toolset: Components cant time and reduce the headaches associated with repairing and troubleshooting common system failures. System admin- The Diagnostics and Recovery Toolset 5.0 supports Microsoft istrators may now run powerful recovery tools on unbootable Windows 2000, XP, and Windows Server 2003. The 6.0 ver- systems, and can quickly restore failed systems in much less sion will support Windows Vista (32 and 64-bit) and Windows time than is required when restoring PCs from backup or re- Server 2008 (32 and 64 bit). The Standalone System Sweeper installing operating systems. This also helps keep the users’ feature of DaRT 6.0 will also support Windows XP. states and personalizations intact. IT managers can ensure they will recover failed systems whenever the need arises, and At the heart of both versions is ERD Commander, which en- end users will realize faster, more accurate resolutions with ables you to boot into a Windows Recovery Environment on minimized downtime. a down PC while working offline. ERD Commander contains these powerful tools:

Diagnostics and Recovery Toolset: Advantages Admin Tools System Tools Network Tools Service & Driver Manager Disk Wipe Map Network Rapid recovery unbootable system Drive The suite of tools provides many options for recovery, rather Event Log Hotfix Uninstall File Sharing than simply subjecting IT to “reinstall Windows,” even when System Info Locksmith Windows Safe Mode or normal boot will not function. An Disk Management FileRestore easy-to-use, offline boot environment allows rapid recovery of a problem computer, including recovery of deleted files, Search Crash Analyze and manipulation of services, devices, local passwords, auto- Computer Management Disk Commander matically started software, and more. Bitlocker unlock support Anti-malware (Stand- alone System Sweeper)

Robust anti-malware Autorun / startup Extended Diagnostics Diagnostics and Recovery Toolset provides a comprehensive • Windows Complete PC Restore on-demand antivirus and antispyware scanning capability. • Windows Memory Diagnostics Tool Recover an infected machine back to full health by utiliz- System Boot File Repair ing Standalone System Sweeper, an offline malware removal Read from USB drives tool that provides comprehensive on-demand antivirus and antispyware scanning capability that is especially effective at removing malware that tries to avoid detection by utiliz- ing rootkits. By scanning the infected OS while it is inactive, Diagnostics and Recovery Toolset: Customer Impact Standalone System Sweeper ensures that malware is not loaded into the computer’s memory and, therefore, cannot The toolset improves continuity and productivity for end- remain hidden. users, and significantly reduces costly downtime.

TECHNOLOGIES : 14

Enhance Group Policy through change management Advanced Group Policy Management: Components

Changes to Group Policy can affect every user and computer Change control on your network. However, without a change control system, Microsoft Advanced Group Policy Management provides a changes are made against live Group Policy Objects (GPOs) secure archive for controlling changes to GPOs. To change a and start affecting computers even before they can be tested. GPO, an administrator “checks out” the GPO from the vault. If changes have an unexpected adverse impact, there is no When changes are complete, the GPO is “checked in” to the way to quickly revert them to a known good state. Although vault. Differences between archived versions and live versions Group Policy provides a granular delegation model, the edi- are reviewed using Group Policy Management Console tor role has full permissions to deploy changes to the live (GPMC)-style reports. When a GPO is ready for deployment, environment, and must do so to edit settings. With the pos- it can be transferred to the live environment. At any time, one sibility of multiple editors per GPO, there is no way to detect or more live GPOs can be “rolled back” to an archived version. who has made what changes, or to accept or reject changes before they are put into effect. Offline editing Group Policy is the centerpiece of security and configuration Microsoft Advanced Group Policy Management makes it easy management on Active Directory-based networks and, as for you to manage Group Policy enterprise-wide. Through such, configuration changes can affect a large number of added change management of GPOs and role-based delega- computers. Offline editing enables you to configure and test tion, you can more easily control the desktop and ensure less changes without impacting live operations, and to deploy downtime from conflicting or improperly configured GPOs. those changes with the knowledge that they can be quickly reverted if there are unexpected consequences.

Advanced Group Policy Management: Advantages Role-based delegation Microsoft Advanced Group Policy Management provides an • Granular administrative control through robust delegation, optional workflow process that includes role-based delega- role-based administration, and change request approval. tion, review, and approval before deployment to a live environment. At the same time, it preserves the granular del- • Reduced risk of widespread failures through offline GPO egation inherent in native Group Policy. editing, difference reporting, audit logging, deleted GPO recovery, and live GPO repair. GPMC integration Group Policy Management Console (GPMC) is the central • Effective Group Policy change management through the management interface for Group Policy. Advanced Group Pol- creation of template libraries, subscription-based policy icy Management provides smooth integration within GPMC. change notifications, version tracking, history capture, and rollback or deployed changes. Advanced Group Policy Management: Customer Impact

Advanced Group Policy Management increases GPO control and reduces downtime previously associated with conflicting and improperly configured GPOs, facilitating lower total cost of ownership. TECHNOLOGIES : 15

• Apply corporate policies and usage permissions to Virtual PCs, centrally enforced per user/group. • Centrally manage corporate data residing on the Virtual PC by granting permissions for inbound/outbound copy-paste and file transfers, and blocking Virtual PC access to physical devices such as USBs and CDs.

Increase helpdesk effectiveness Dramatically simplifying deployment and management • Ease IT support and troubleshooting for Virtual PCs on desk- of Virtual PCs tops by centrally monitoring client activity, and remotely watching for malfunctions and errors. IT is challenged with meeting a series of seemingly opposing • Revert Virtual PCs back to base image for immediate resolu- desktop needs: increasing IT control over laptops while provid- tion of severe desktop malfunctions. ing users with greater flexibility; migrating to the latest OS while still supporting legacy applications that run on older OS ver- Quickly integrate new technology sions; giving users multiple desktop options without needing to • Minimize training for deploying virtual PCs by making vir- train them on new technologies. tualization “invisible” for end-users. Users can launch virtual applications from Start Menu or shortcuts, appearing side- Microsoft Enterprise Desktop Virtualization can help you meet by-side with native desktop applications. Administrators can all of these needs, while simplifying desktop deployments and define Web sites, (i.e., corporate intranet) to automatically management, and enhancing user productivity. It transforms launch with a virtual browser. operating systems into centrally-managed services that are • Simplify deployment of Virtual PCs across diverse desktop available whenever and wherever needed. Microsoft Enterprise setups by adjusting the amount of RAM allocated for the Vir- Desktop Virtualization enables applications to run in a seamless tual PC according to available RAM on the endpoint. UI on a Virtual PC environment independent of the local desktop configuration and operating system, and enhances deployment Simplify virtual desktop management and management of Virtual PC images on any device. • Enterprise desktops are packaged in a Virtual PC and delivered on a DVD, USB key, or over the Web. • Virtual images are retrieved by the client using a standard web Enterprise Desktop Virtualization: Advantages infrastructure. This automated process keeps users updated with the most recent corporate build without interrupting users. • Easily deploy managed Virtual PCs to any desktop device, • De-duplication technology speeds downloads of initial and up- even in less controlled environments such as subsidiaries, dated Virtual PC images over LAN or WAN. branch offices, and offshore operations. • Centralize virtual PC image management in a single repository. • Drive business continuity by rapid reconstitution of corporate • Automate common, time-consuming IT tasks for deploying or desktops. rebuilding PCs. • Accelerate OS migrations by minimizing application-to-OS compatibility issues. Enable a Dynamic Enterprise • Eliminate historic trade off between IT control and user flex- • Accelerate OS Deployments. Provision virtual OS environ- ibility by applying policies in locked down corporate Virtual ments on demand to end-users according to user role, PCs, while allowing users to run personal applications on their affiliation, or business needs. desktops and laptops. • Run corporate Virtual PC images in heterogeneous desktop • Speed user adoption of desktop virtualization by making Vir- environments. tual PCs “invisible” to users. • Easily replace hardware, assign new computers, and assign • Reduce IT investment in desktop image management by new users to existing computers. delivering virtual images independent of hardware or local desktop configuration. Enterprise Desktop Virtualization: Customer Impact Enterprise Desktop Virtualization: Features Lower desktop deployment, management, and change costs by Control access to virtual PCs adopting desktop virtualization, and reduce many of the steps need- • Require users to authenticate using valid Active Directory ed to incorporate virtual desktops in an enterprise environment. account prior to accessing the virtual desktop. The Optimized Desktop— Extending the Value of Windows Vista

Microsoft offers a range of technologies that help extend the • Subsystem for UNIX-Based Applications: Provides platform value of Windows Vista Enterprise and Software Assurance. services for UNIX-based applications, simplifying integra- Organizations that are considering the Microsoft Desktop tion between Windows and UNIX/Linux environments. Optimization Pack should also evaluate Windows Vista Enter- • Multi-lingual User Interface (MUI): Enhances support for prise and Windows Vista Enterprise Centralized Desktop. global workforces by enabling you to configure a single worldwide image by including any user interface language your global business operations may need. With multiple Windows Vista Enterprise language configurations on their desktops, Windows Vista Enterprise end users can toggle between languages. Windows Vista Enterprise is a premium desktop operating sys- tem available to Software Assurance customers. It is designed to meet critical challenges facing medium-sized and large Windows Vista Enterprise Centralized Desktop (VECD) organizations, from protecting sensitive data and improving legacy application compatibility, to simplifying IT deployment VECD enables enterprise early adopter customers to deploy and management, and supporting mobile workforces. When Windows Vista Enterprise on centralized desktops. It lets you combined with the Microsoft Desktop Optimization Pack, it run Windows Vista in VMs using the same base image that is delivers the Optimized Desktop—the most cost-effective and already deployed on the desktop. Equally important, VECD flexible means for managing Windows desktops. isolates users from each other through VMs, making it easier to enable scenarios such as outsourced development. Windows Vista Enterprise includes: VECD can be deployed for PCs and/or thin clients in static • Windows BitLocker™ Drive Encryption: Locks out unau- or dynamic modes. PC licenses require an annual VECD sub- thorized users, keeping them from accessing sensitive data scription purchase in addition to SA. The annual subscription and intellectual property. Real-time encryption and de- license for thin clients has SA built in. cryption of all data stored on the hard drive reduces the risk associated with lost or stolen PCs, and reduces costs • Static Mode: Each user has his/her own dedicated VM incurred by stolen data on recycled or refurbished old PCs. on the server that essentially houses the user’s hard drive • Diskless PCs and Remote Boot: Enables centralized man- that is executed on the server. This results in a one-to-one agement of the operating system. Booting is handled mapping of VMs to users. centrally; the OS is stored in an image file on the server but • Dynamic Mode: Instead of having to manage many dedi- is delivered on-demand at boot time and executes locally. cated images, you support one image that is automatically This provides the ability to instantly upgrade or roll back replicated as needed for users. This makes it easier to the version of Windows on a system, which makes it par- manage the VMs and dynamically provision your desktop ticularly useful during OS migrations. environments, and helps reduce maintenance and support • Four Virtual Operating Systems: Gives Software Assur- costs. VECD dynamic mode works by having a master VM ance customers the rights to four additional copies of the image on the SAN or NAS along with application images OS, enabling them to leverage up to four VMs in Virtual and individual user settings using Microsoft Application PC. This simplifies many functions, including running help Virtualization, available with MDOP. When a user calls for a desks, conducting training classes, and performing soft- VM, the master OS image is replicated and executed on ware application testing. the server. Frequently Asked Questions

Q: Why did Microsoft release the Desktop Optimization Pack for Q: How does Microsoft Desktop Optimization Pack for Software Software Assurance? Assurance enhance other management solutions available from Microsoft? A: We wanted to make it easier for you to manage your deploy- ments. We polled many customers to better understand the key A: Microsoft delivers a robust set of management solutions through enterprise pain points associated with a successful deployment SMS, MOM, Remote Installation Services, Intellimirror, etc., that and they described challenges around application and OS com- enhance your ability to deploy the Windows desktop operating patibility, desktop manageability, help desk costs and software system, manage the application lifecycle, and provide a complete asset management. To mitigate these problems, we pulled togeth- inventory. The Microsoft Desktop Optimization Pack for Software er best-of-breed technologies that enable you to optimize your Assurance extends the manageability of the Microsoft desktop deployment. This offering ensures that customers are ready to ac- to enable more control, better asset tracking, and accelerate the celerate deployment of Microsoft Office and Windows Vista. This deployment of the operating systems and the applications within enables Microsoft to continue to deliver on our commitment to the environment. our customers that Software Assurance will provide the most cost- effective and flexible means of managing the Windows desktop. Q: Will using these tools help me improve my infrastructure maturity level? Q: What is the price of Microsoft Desktop Optimization Pack for Software Assurance? A: yes. The technologies in the Desktop Optimization Pack for Soft- ware Assurance will help you improve your desktop maturity A: Microsoft offers optional subscriptions that help extend the value level. The Optimized Desktop includes both Advanced Group of Windows Vista Enterprise and Software Assurance. The Optimi- Policy Management which enables group policy workflow and zation Pack is available for purchase at Select Level A ERP of $10/ versioning, and the Diagnostics and Recovery Toolset—both of Desktop/year. This pricing is in addition to the base Windows Vista which enable the processes necessary to move from basic to Enterprise/Software Assurance. Option to purchase as many sub- standardized. The third and fourth components are the Asset scription licenses not to exceed the number of desktops covered Inventory Service which enables you to collect business intelli- under Windows Client Software Assurance. Coverage co-terminates: gence on your software assets, and the System Center Desktop we strongly recommend you purchase the subscription on the same Error Monitoring—which both move you from standardized to enrollment as the covered Client Enterprise Agreement/Software rationalized environments. The final two components are Micro- Assurance desktops. Available in Enterprise Agreement and Open soft Application Virtualization and Microsoft Enterprise Desktop Value programs. There is an additional discount of 10-15% off of the Virtualization., which not only allow you to minimize application- annualized subscription price for company-wide coverage. to-application and application-to-OS compatibility issues and accelerate OS deployment, but will also transform your applica- Q: Does the Optimization Pack work with System Center tions and OS into centrally managed, on-demand services which Configuration Manager? could help move you from the standardized stage through the dynamic stage, depending on your implementation. A: yes. The Optimization Pack is complementary with System Center Configuration Manager. With the Application Virtualization con- Q: Is there any advantage having 100% of my desktops on the nector for Microsoft Systems Management Server (SMS), you get Microsoft Desktop Optimization Pack? all the benefits of the Application Virtualization Platform—includ- ing application virtualization and dynamic streaming—from within A: Yes. You may find that you can maximize the technology value by the SMS infrastructure. This combination allows you the flexibility deploying the technology on all of the desktops in your environ- to choose the best way to deploy and run applications while main- ment. In addition, customers can receive up to a 15% discount in taining OS level patches, updates, inventory, asset tracking and their Enterprise Agreement by choosing to purchase the Micro- much more from a single, integrated management point. soft Desktop Optimization Pack for 100% of the desktops in their environment under their agreement. Learn more about the Microsoft Desktop Optimization Pack for Software Assurance, Windows Vista Enterprise and Windows Vista Enterprise Centralized Desktop at www.windowsvista.com/optimizeddesktop.

Part. No. 098-109932