Microsoft® System Center

Configuration Manager 2007

Desired Configuration Management
Assess, Deploy and Update from Desktops to Datacenters and Beyond

Proactively manage systems

configurations to enhance availability,
security features and performance
while streamlining your systems
compliance efforts

Monitoring configuration changes

across the network is a growing IT
challenge. Configuration errors
account for the vast majority of
unplanned downtime for servers and
workstations alike. What’s more,
organizations face intense pressure to
comply with increasingly rigorous
regulatory requirements. With the
constantly changing nature of
technology, many organizations must
dedicate vast amounts of IT time and
resources to ensure their systems
remain compliant.

Desired configuration management in

System Center Configuration Manager
2007 reduces the complexities of
monitoring configuration changes in
even the most complex IT
infrastructures. Administrators can easily
monitor and capture configuration
information of servers, desktops, laptops
and mobile devices across their network
and evaluate the compliance of those
devices against regulatory and corporate
requirements. They can use
Configuration Manager 2007 to
remediate non-compliant systems with
software distribution that automatically
targets computers reporting non-
compliance. By helping businesses
ensure that systems remain in
compliance with a defined desired state,
Configuration Manager 2007 can
enhance IT systems availability, security
features and performance while
streamlining systems compliance efforts.
Defining Corporate Configuration
Standards
Establishing and complying with
corporate configuration standards is a
critical business function that helps
improve operational efficiencies and
enhance IT security by providing
guidelines and practices for configuring
and managing IT environments. With
Configuration Manager 2007,
organizations can identify required and
prohibited configurations for clients,
servers and applications and report on
compliance against those definitions.
Configuration Manager 2007 allows IT
departments to assess compliance with
regard to a number of configurations,
such as whether the correct Windows®
operating system versions are installed
and configured appropriately, whether
all required applications are installed
and configured correctly, whether
optional applications are configured
appropriately, and whether prohibited
applications are installed. Additionally,
administrators can check for compliance
with software updates and security
settings. With Configuration Manager, IT
administrators define configuration
baselines to establish the rules that
describe what determines compliance
for their particular IT environment.
Building Configuration Knowledge
Baseline configuration knowledge in
Configuration Manager 2007 can come
from several sources. Administrators can
build their own configuration baselines
or they can import Configuration Packs
from Microsoft or third party software
vendors. Configuration Packs are best
practices that Microsoft and other
software vendors create to identify
common configuration errors for
applications and operating systems that
compromise system availability.
Configuration Packs also help IT
departments identify security immediate visibility into the status of vulnerability assessment that discovers
vulnerabilities, as defined by Microsoft compliance with configuration baselines. the need for patches and updates and
and other software vendors, across their Query-based collections make it easy to reports on recommended actions.
enterprise. remediate the non-compliant
computers. Remediation
Configuration baselines are built on Because the desired configuration
common standards used throughout With Configuration Manager 2007, management functionality tightly
System Center, such as Service Modeling administrators can run a number of integrates with the other components of
Language (SML), that enable desired configuration management Configuration Manager 2007,
standardization and reuse of operational reports that let them review the overall remediation of non-compliant
knowledge. What’s more, SML allows compliance status across managed computers is efficient. Administrators
hardware and application vendors to Windows systems. They can use the can use desired configuration
build standard models that IT reports to drill down into details, such as management compliance state
administrators can manage with which computers are compliant or non- messages to build query-based
Configuration Manager 2007. compliant and which element of the collections from which they can
configuration baseline is causing a remediate the non-compliant computers
Measuring Compliance computer to be non-compliant. by deploying software, updates, scripts
With their configuration baselines or task sequences. IT administrators can
established, IT administrators can apply By quickly identifying non-compliant schedule the actions to take on their IT
the baselines to computers or collections configurations, Configuration Manager systems through the use of Wake on
of computers and define schedules by 2007 helps improve systems availability, LAN and Maintenance Windows,
which the clients will evaluate and report security features and performance by enabling organizational mandate
their compliance against the baseline. If reducing problems associated with compliance with minimal disruption to
a computer is not connected to the configuration drift. It also improves network operations.
network at the scheduled evaluation Helpdesk troubleshooting and reduces
time, it will perform the evaluation and the time required to resolve incidents by System Center Configuration Manager
report its compliance status upon providing a means to detect probable 2007 is a solution to comprehensively
reconnecting to the network. What’s causes for reported incidents and assess, deploy and update servers,
more, administrators can set non- problems. clients, and devices—across physical,
compliance severity levels that allow virtual, distributed and mobile
them to rate the severity of a non- IT administrators can also use the environments—that, optimized for
compliance status so that they can desired configuration management Windows and extensible beyond, is the
prioritize attention and remedial action. reports to verify the accuracy and best choice for gaining enhanced insight
effectiveness of planned configuration into and control over IT systems. With
Reporting Compliance changes in their environment and to desired configuration management, IT
Reporting compliance with ensure that physical and virtual departments can retain control over
Configuration Manager 2007 is a machines are configured properly to their constantly changing IT
streamlined effort through the desired prevent performance bottlenecks and environments, enhancing availability,
configuration management dashboard security vulnerabilities. security features and performance while
and through the ability for IT streamlining their systems compliance
administrators to create query-based Configuration Manager 2007 can further efforts.
collections. The desired configuration assist IT organizations in their
management dashboard provides compliance efforts with automated

To learn more about System Center Configuration Manager visit

http://www.microsoft.com/systemcenter/configmgr
© 2006 Microsoft Corporation. All rights reserved. The information contained in this document represents the current view of Microsoft
Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it
should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information
presented after the date of publication. The information represents the product at the time this document was printed and should be
used for planning purposes only. Information subject to change at any time without prior notice. This data sheet is for informational
purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.

Microsoft, Active Directory, Windows, the Windows logo, and Windows Server System are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.