Feeds

The challenges of desktop configuration

Firing at moving targets

SANS - Survey on application security programs

Desktop For businesses, many of the problems with PCs come from the 'personal' part of personal computer. If every system is set up differently, with different applications, updates, security settings, power management and interface options, the individual user might be happier.

They might even be more productive, although it’s equally possible that they end up slowing down their PC by customising it with the tools they find useful and the settings they like. And the life of the IT team is definitely harder; a badly configured desktop is more expensive to run, harder to fix or replace (and more likely to need fixing) and far less likely to be secure.

Downtime is the most obvious way a poorly-setup PC will cost you time and money, whether it’s someone who can’t get on with their job while you’re replacing a failed hard drive or the business opportunity they can’t reply to while you’re cleaning a virus off their system.

If you configure roaming profiles, user groups in Active Directory, network file storage and custom installation images that let you deploy the operating systems and standard apps together (ideally remotely), you can shift them onto a replacement PC far more quickly while you repair or reconfigure their machine.

It’s difficult to put hard numbers on the cost of the time it takes to deal with problems individually and manually; how do you factor in the hidden costs of employees trying to fix problems before they call the help desk, the time advanced users take away from their real job to give ‘shadow support’ to colleagues or the neighbouring user who asks for help as you’re on the way to sort out something else?

IT labour costs take the lion’s share of TCO costs (up to 70 per cent by some estimates, which Gartner breaks it down as nine per cent administration, 11 per cent technical support and 49 per cent end user management – and two per cent the ever-useful ‘other’). Resetting a PC to a standardised configuration can take around 20 minutes, reinstalling Windows 7 from a unified image takes around half an hour; a manual installation and setup is more like three to four hours.

But even if a PC is still running, that doesn’t mean it’s running efficiently. Old versions of applications, links to file shares that can be deleted by accidents, warning messages that users have to click through every time they run a tool that’s not set up properly, or PC settings that they change by accident, or while trying to fix another problem, can all waste plenty of time.

And pushing out updates to Windows and an increasing number of desktop apps is becoming a vital part of IT security, avoiding both the average £1.7 million cost of a data breach and user downtime while you deal with infections on their PC.

Again, doing configuration management and applying profiles through Group Policy or third party tools lets you push out fixes, credentials, drive mappings and or setup changes faster (and without writing complex scripts).

Pushing out a configuration change to all the users in a group after you get the first helpdesk call about a setting that’s confusing saves your time on the phone – and theirs. Gartner estimates that, in 2008, TCO costs for a locked and well-managed desktop were $3,413 – far lower than the $5,867 you’d be spending on a completely unmanaged PC.

Unless you’ve gone through a desktop refresh recently, there’s one way a PC that isn’t being actively managed is costing your business money: power management. Turning PCs off overnight and putting them to sleep over lunch can save you anything from £30 per PC per year up (depending on how much you pay for electricity, the wattage of the power supply in the PCs, what hours users work and how good they are at turning screens and desktops off).

Windows Vista and Windows 7 make it easier to configure power management remotely via Group Policy, given that visiting every PC individually to configure it would take a big chunk out of the money you’re saving. There are ways to get the same remote power configuration for XP too, including Group Policy preferences, if you run Windows Server 2008, and commercial third party tools that you can also use for reporting, asset management and waking PCs remotely to apply patches.

Invest in configuring desktops better and you can improve productivity and save money, although it’s important not to be too heavy-handed. Just as most internal security problems are caused by users having to work around systems that don’t allow them to get their job done, locking down desktops too rigidly will drive users to Web apps, smartphones and other options that you can’t manage or secure. ®

Top three mobile application threats

More from The Register

next story
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Half of Twitter's 'active users' are SILENT STALKERS
Nearly 50% have NEVER tweeted a word
Microsoft TIER SMEAR changes app prices whether devs ask or not
Some go up, some go down, Redmond goes silent
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Windows 8.1, which you probably haven't upgraded to yet, ALREADY OBSOLETE
Pre-Update versions of new Windows version will no longer support patches
Inside the Hekaton: SQL Server 2014's database engine deconstructed
Nadella's database sqares the circle of cheap memory vs speed
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.