The process of keeping applications up to date varies widely, depending on where the application came from. If you have Microsoft products such as Office, staying current is easy. The first thing that I'd recommend is to get a copy of the Microsoft Baseline Security Analyzer (MBSA). You can acquire this tool at Microsoft's TechNet Web site. The MBSA scans your computer for potential weaknesses. Although the MBSA doesn't focus specifically on Office, it does provide lots of useful information, as shown in Figure A.
| Figure A |
 |
As important as it is to keep your applications up to date, it's equally important to be aware of the applications running on your network. If you don't know what applications are on your workstations, then you can't expect to keep those applications up to date. Frequent software audits will help you keep track of the applications on your network. Another reason to perform frequent software audits is to spot unauthorised software, which could potentially expose your company to piracy-related litigation. Likewise, unauthorised software can interfere with your network's overall health. Unauthorised software can contain Trojan horses, viruses, or known weaknesses that can be exploited by a hacker. Furthermore, such applications consume system resources, such as memory, hard disk space, processing power, and bandwidth. These applications could even harm legitimate business applications. For example, how many times have you seen one application overwrite a DLL file or a driver that was implemented by another application? For reasons such as these, it's imperative that you create a software policy dictating which applications -- and which versions of those applications -- are allowed on your workstations. You must then hunt down and remove all other applications. Centralised application management
One of the best ways of enforcing your software usage policy is to control the distribution of applications. Active Directory lets you publish or assign applications to workstations. This allows you to automatically install applications or to require users to install authorised applications by going through the Control Panel's Add/Remove Programs applet. There are several advantages to controlling software through Active Directory. First, if a user somehow removes or destroys an application, you can set Windows to automatically reinstall the missing or damaged application. Another advantage is that by centralising and automating the process, you can be sure that all updates are rolled out to all users in a timely manner. There will be little need to wonder if your PCs are up to date, although random spot checks are never a bad idea. Terminal Services
For the ultimate in centralised application control, why not implement Terminal Services? Terminal Services works similarly to a mainframe/dumb terminal system. Your workstations run a small client program that allows them to attach to a terminal server. All applications are actually running on the terminal server, and only screen refreshes are sent to the clients. The cool thing about Terminal Services is that, because all of the applications are running on the terminal server, there's only one copy of each application. This means that the application should be much easier to maintain than if you had a thousand copies of the application spread across a thousand PCs.
For a weekly round-up of the enterprise IT news, sign up for the
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
Enterpise newsletter. Find out what's where in the new Tech Update with our
Guided Tour. Tell us what you think in the
Enterprise Mailroom.
