Desktop Authority

Features and Benefits

Features and Benefits

Spyware Removal

Desktop Authority - Spyware Removal Option

One of today’s fastest-growing threats to enterprise security is “spyware”.  From simple annoying ad pop-ups, to identity-stealing key loggers and all the different types of software that snoops-on and threatens your network in between, spyware is potentially more dangerous and destructive to your business than any computer virus.  Desktop Authority’s enterprise-class Spyware Detection and Removal (SDR) feature gives administrators the ability to centrally secure and protect desktops across the enterprise against spyware, together with centralised control and reporting.

Out of the box, Desktop Authority offers the ability to download spyware definition updates and detect spyware on desktops.  In other words, without purchasing the Spyware Removal option, administrators can find out exactly how much spyware is currently residing on desktops across the network.  Once the Spyware Removal option is enabled, quarantining and removal options are available to rid client machines of unwanted spyware.  In the event that SDR reports that an application is classified as spyware even though it is known to be benign or an acceptable risk, SDR can be configured to exclude that application from detection.

When used in combination with all of Desktop Authority’s other capabilities, administrators can secure their desktops against a wide range of attacks.  Desktop Authority can implement desktop Security Policies, configure the Windows Firewall, lock down file and registry security and more, and the Patch Management option gives enterprise-class protection against known OS and application threats.

CLICK TO ENLARGE [+]

Features and Benefits

Integrated into DA Manager

Familiar navigation environment means there is no learning curve for configuring Spyware Detection and Removal.

Automated Spyware Updates

Administrators do not need to search for the latest spyware definitions.

Multiple Scanning Options

Flexible options allow administrators to select what will be scanned (memory, disks, registry), what action should be taken (Log Only, Quarantine, Remove), and the minimum threat level to take action against.  Scans can take place at either logon or logoff.   Exclusive Validation Logic As with all other configuration elements in Desktop Authority, Validation Logic allows a high level of granularity over which clients receive the Anti-Spyware client and how to scan and treat spyware on them according to OS, machine class, connection type, OUs, Group memberships, and over 20 other criteria.  

Patch Management

Patch Management Option

The time taken for attackers to develop an exploit when a patch is released from Microsoft is decreasing.  In the case of Blaster it was only 25 days from the release of the MS03-026 patch until attackers were able to take advantage of unpatched desktop computers.  Administrators cannot simply rely on network perimeter security, since desktop users download files directly from the Internet and use their laptops on unsecured networks when traveling or at home.

Desktop Authority’s Patch Management option builds on the Desktop Authority platform to dramatically simplify the task of installing Microsoft Operating System and application patches onto desktops across the enterprise, and shut the door on attacks that exploit unpatched systems.

The Patch Management Option takes the tasks of downloading patches from Microsoft, distributing them to deployment servers, selecting appropriate patches, selecting clients and deploying patches, and wraps them all up into the easy-to-use Desktop Authority Manager console, minimising the amount of time required by administrators to manage patch deployment, while maximising control over the patch management process.

When used in combination with all of Desktop Authority’s other capabilities, administrators can secure their desktops against a wide range of attacks.  Desktop Authority can implement desktop Security Policies, configure the Windows Firewall, lock down file and registry security and more, and the Spyware Removal option gives enterprise-class protection against spyware.

CLICK TO ENLARGE [+]

Features and Benefits

Integrated into DA Manager

Familiar navigation environment means there is no learning curve for configuring Patch Distribution and Deployment.  

Automated Patch Updates

Administrators do not need to search for the latest patches (nor older ones).

Patch Classification

Patches can be selected for download and deployed based on five severity levels (as defined by Microsoft) as well as by product or OS.  Administrators only need to manage those patches that are applicable to their network.  

Multiple Distribution Servers

Patch Management servers can be easily be deployed from within the DA Manager.  Clients can be configured to use either the closest PM server (as defined by AD sites) or a specific PM server.  Exclusive Validation Logic

As with all other configuration elements in Desktop Authority, Validation Logic allows a high level of granular control over which clients receive the selected patch(es) according to OS, machine class, connection type, OUs, Group memberships, and over 20 other criteria.  

USB and Port Security

Desktop Authority - USB and Port Security Option

Today more than ever, the portability of data is an ever growing reality.  Beyond the obvious USB drives and burnable CDs that can be used to carry information in and out of the organisation, devices like cell phones, and MP3 players both potentially bringing malicious code into the organisation as well as sensitive data leaving the organisation are now a concern.

Desktop Authority’s USB and Port Security option builds on the comprehensive desktop management platform to increase desktop security, reduce data theft, increase compliance with regulatory standards protecting sensitive data, and reduce the threat of the viruses and Spyware.

CLICK TO ENLARGE [+]

The USB and Port Security option provides policy-based lockdown of USB, storage and communication devices.   It provides multiple levels of security allowing complete access or denial to certain device types, such as MP3 players, while allowing more granular levels of security, such as Read Only access to a CD-R drive.

Managed Devices

• Bluetooth Devices
• PCMCIA/Cardbus Controllers
• CD/DVD Readers/Writers
• Palm OS Devices
• Firewire Controllers
• Parallel Ports
• Firewire Storage
• PocketPC Devices
• Floppy Disks
• Removable Storage
• Hard Disk Drives
• Serial Ports
• Infrared Ports
• USB Ports
• IoMega Storage (Jaz/Zip)
• USB Storage
• MP3 Players
• WiFi Devices
• Modems

Features and Benefits

Integrated in the Desktop Authority Manager

Familiar navigation environment means there is no learning curve for configuring USB and Port Security.

Patented Validation Logic

As with all other configuration elements in Desktop Authority, Validation Logic allows a high level of granular control over which clients are restricted access according to OS, machine class, connection type, OUs, Group memberships, and over 20 other criteria.  

Detailed List of Managed Devices

Rather than disallow every device that plugs into a given port on a desktop, the USB and Port Security option manages over 20 different device types.   Granular Control Devices can be restricted to be read-only (which would allow a CD-R drive to remain usable as a CD-ROM drive), read-write, full control or complete denial of access.  

Centralised Reporting

Turnkey and custom reports on device usage and denials of access by device class, computer or user can be generated and scheduled for delivery via email, increasing security while simplifying management.  

FAQ

General

Q: Why is it so much quicker than writing logon scripts?  
A: Desktop Authority’s easy to use graphical interface replaces the work accomplished by even the most complicated of scripts by presenting the administrator with a GUI representation of all of all the key areas involved in desktop configuration.  In addition, Desktop Authority’s exclusive Validation Logic makes it infinitely easier to select when and where those configuration are applied, at an extremely granular level.  Lastly, testing scripts for different OS versions, debugging code, and beta testing in a sandbox environment are eliminated with Desktop Authority.  

Q: What desktop platforms does it support?  I still have too many Windows 9x boxes on my network.  What about server versions?  I am still running a Windows NT domain!  
A: Almost all of Desktop Authority’s desktop configuration abilities cover from Windows 95 through Windows XP.  Desktop Authority can be installed on a Windows domain running on servers from Windows NT through Windows 2003.  While Active Directory is not a requirement, some of the Validation Logic options will not work without it.  

Q: How much of my logon script will it replace?  How long will it take?  
A: Desktop Authority covers every aspect of desktop configuration: from drive mappings to registry changes to application rollouts.  And whatever Desktop Authority cannot do natively can be accomplished using a small amount of custom script applied with the control of Validation Logic to determine exactly for whom and when it is run.  Configuring all your desktops is quick and easy, with huge time savings over the ordeal of writing and maintaining traditional scripts.  

Q: How long does it take to set up?  Does it require me to install software on my desktops?  
A: Setup takes only a few minutes using our Installation Wizard.  Clients do not need to install any software to utilise Desktop Authority; the user only needs to have SLogic.bat specified as their Logon Script - a task automated by Desktop Authority.  

Q: We use Group Policies for all our desktop configurations – I don’t want to replace all that.  
A: Desktop Authority does not need to be used as a replacement for Group Policies; it can be used to compliment Group Policies in the critical areas which Group Policies do not address, such as Drives, Printers, Outlook Profiles, Inactivity and our newest options Patch Distribution & Deployment and Spyware Detection & Removal.  Desktop Authority can also rollout policy settings to a wider range of operating systems (from 95 to XP), and so can be used as an alternative to Group Policies in many situations.  For more information on Desktop Authority and Group Policies, see our Whitepaper, Desktop Authority And AD Group Policy Objects.  

Q: Does this mean I can’t use Group Policies any more?  
A: Absolutely not!  If you wish, you can continue to use Group Policies in conjunction with Desktop Authority.  See the comparison white paper for a comprehensive list of configuration abilities of each solution.  

Q: I have several administrators that need to manage the configuration of our desktops.  Can I limit what and where they can administer?  
A: Absolutely!  Desktop Authority's Role-Based Administration allows you to define the administrative roles (such as Profile Admin and Email-Only Admin) and then apply those roles to users and groups at the profile level.  

Q: Can I manage Power Settings with Desktop Authority?    
A: Yes.  Desktop Authority maintains two SQL databases (stored in either MSDE or SQL server) – one for the configurations and one for reporting.  The configuration database contains all of the profiles, elements, and settings.  The Reporting database contains collected hardware and software inventory, user activity, and data related to patch deployment and spyware removal.  Desktop Authority has built-in and custom reporting on all of the information found in both databases.  

Q: What about my Citrix or Terminal Server environment – will this help me with my roaming profile problems?  
A: Desktop Authority is the perfect answer for roaming profile issues, since it eliminates the need to store user configurations in a user profile and eases the task of redirecting all of the folders containing the user’s environment which are traditionally stored in the profile.  For example, Desktop Authority makes it easy to redirect the user’s desktop folder, My Documents, web cookies, favorites, etc.  to a central location such as the user’s home directory.  With this arrange, the user’s environment always “follows” them, without the need for a roaming profile.  For more details, please review our white paper.  

Q: I’m familiar with the benefits of using ScriptLogic Enterprise.  How is Desktop Authority different?  
A: Desktop Authority expands upon the proactive administration features found in ScriptLogic Enterprise Edition by adding browser-based interactive desktop management and real-time remote control of Microsoft Windows desktops.  Desktop Authority enables desktop administrators to detect, diagnose, and solve problems faster than using Windows’ built-in operating system functions used locally, and unlike other remote administration solutions which only offer remote control functionality, Desktop Authority lets the administrator fix many problems without disturbing the user.  Desktop Authority allows administrators to access desktops securely from any web browser, providing support even from a PDA or WAP-phone browser.  Additionally, the optional Patch Management and Anti-Spyware components are only available for Desktop Authority and not ScriptLogic Enterprise.  Download the product brochure PDF that describes the features and benefits of Desktop Authority in greater detail.  

Q: I currently use ScriptLogic Enterprise Edition.  How can I migrate to Desktop Authority?  
A: You can purchase a special upgrade that allows you to easily migrate to Desktop Authority.  Call your sales rep or authorised reseller for special upgrade pricing.  

Q: I want Desktop Authority, but our company has already made a substantial investment in a different vendor's remote control product.  Do you offer a competitive upgrade or should I buy ScriptLogic Enterprise instead?  
A: Purchasing ScriptLogic Enterprise and using that along with your existing remote control product is one solution, but keep in mind that Desktop Authority offers so much more than just remote control.  You'd probably be surprised to realise that the price delta between ScriptLogic and Desktop Authority is probably less than you'd pay just for the annual maintenance renewal of your existing product.  If it isn't, contact us and we will put you in touch with a partner that can work with you on a competitive upgrade.  

Q: How does the new desktop configuration refresh differ from previous versions of Desktop Authority?  
A: Previous versions only configured desktops at logon and/or logoff.  The new desktop configuration refresh allows any configuration element to be refreshed on the desktop at a default interval of 60 minutes.  Mobile users can also benefit from this new feature – when logging on using cached credentials and then coming to the office, with Desktop Authority 7.5, clients will still receive an updated configuration at the next refresh interval.  

Q: What’s new with the software deployment?    
A: While you can launch installs of applications from the Application Launcher element, the software management and deployment works off of an MSI repository where you can centralise all apps to be installed.  Distribution servers allow MSIs to be automatically replicated to a local server for installation.  

Q: I have multiple locations.  Will I need to specify which server software needs to be deployed from?  
A: No.  By default, applications will be installed from the distribution server in the same Active Directory site as the client.  Alternately, a specific distribution server can be chosen if desired.  

USB and Port Security Option

Q: What devices can Desktop Authority lockdown?nbsp; 
A: Bluetooth Devices, PCMCIA/Cardbus Controllers,CD/DVD Readers/Writers, Palm OS Devices, Firewire Controllers, Parallel Ports, Firewire Storage, PocketPC Devices,Floppy Disks, Removable Storage, Hard Disk Drives, Serial Ports, Infrared Ports, USB Ports, IoMega Storage (Jaz/Zip), USB Storage, MP3 Players, WiFi Devices and Modems

Q: Does Desktop Authority make a device completely inaccessible?  I need to allow my users to read some devices.nbsp; 
A: Storage devices, such as a USB drive or a CD burner can be made Read-Only, allowing read access.   Other communication devices, such as Bluetooth or WiFi devices are either accessible or inaccessible.  

Q: Is there are reporting on users trying to access restricted devices?nbsp; 
A: Yes.  Desktop Authority centrally records user attempts to utilise secured devices.  Turnkey reports exist to provide detail on both the configuration of the device lockdown, as well as user access.  

Patch Management Option

Q: What patch management capabilities does Desktop Authority have?  
A: Desktop Authority downloads and distributes patches for Microsoft operating systems and applications, and provides an easy-to-use interface to choose which patches should be pushed out to clients based on the severity of the patch and/or the specific product it affects.  In addition, you can use our exclusive Validation Logic to determine exactly how, to whom, and when different patches and classes of patch will be deployed, giving maximum control over the patching of desktops.  

Q: Is this option fully functional with the purchase of Desktop Authority?  
A: No.  While the administrative functions exist within the Desktop Authority Manager, the PM option is disabled until you purchase a separate 12-month subscription.  Without the PM option enabled, you are still able to download patch database updates and see the available patches, but you will not be able to deploy or distribute them.  

Q: My network has multiple locations.  Can patches come from different servers for different locations?  
A: Yes.  With Desktop Authority, clients can either automatically select the closest Distribution Server (based on Active Directory sites) or a Distribution Server can be manually chosen by the administrator.  

Q: I already use WUS.  Why is your Patch Management solution better
A: WUS is best-suited to use for as an automated patch deployment solution covering only the most recent Microsoft platforms.  The Patch Management option for Desktop Authority gives administrators far more granular control over when and where patches are deployed, and allows administrators to create dynamic groupings of computers and/or users with different patch behaviors.  For example, the general user population might be set to automatically receive all patches at logoff time, whereas development team users might want to administer their own desktops and only receive automatic updates for high severity patches, and laptop users only receive low-severity updates when they’re connected to the LAN in the office.  

Q: Is this the same as Patch Authority Plus?  
A: No.  Patch Authority Plus is ScriptLogic’s comprehensive, enterprise-class patch management solution, which enhances security and simplifies the process of updating Windows desktops and servers from a central location.  Patch Authority Plus also includes ScriptLogic’s Service Explorer for managing the status, configuration, logon settings and passwords using by services and tasks on Windows servers and desktops.  See the comparison matrix for a list of differentiating features.  

Spyware Detection and Removal Option

Q: I already have a desktop spyware solution – what’s better about yours?  
A: Desktop Authority’s Spyware Removal Option allows administrators to centrally deploy and manage the scanning, reporting and removal of Spyware across your enterprise with greater control than available elsewhere.  Clients can be configured to quarantine or remove Spyware based on different threat levels, and even exclude specific software that might be considered Spyware if you choose to leave it on selected machines, all under the centralised control of ScriptLogic’s exclusive Validation Logic.  

Q: Is this option fully functional with the purchase of Desktop Authority?  
A: No.  While the administrative functions exist within the Desktop Authority Manager, the Spyware Removal function is disabled until you enable a separate 12-month subscription.  However, without the subscription, you can scan your client machines for Spyware and view centralised reports on the infections.  

Licensing

Desktop Authority™ Licensing

Q: How is Desktop Authority licensed?  
A: Desktop Authority is licensed on a per-desktop basis.  This means you must purchase 1 user license for every Windows desktop, laptop, Tablet PC or Thin Client device from which users will connect to domains where Desktop Authority is installed.  

Example 1:
Company A has 5000 users who use 4500 desktop PCs, 300 Tablet PCs, 1250 Laptops and 500 Thin Clients (connecting to Windows Terminal Server or Citrix MetaFrame).  They need 4500+300+1250+500 = 6550 licenses

Example 2:
College A has 10,000 users who have access to 2000 desktop PCs, and 1000 Thin Client (Windows Terminal) devices.  They need 2000+1000 = 3000 licenses

The Patch Distribution & Deployment and Spyware Detection & Removal optional components are licensed separately via 12-month subscriptions on a per-desktop basis.  

Q: What user license quantities are available?  
A: Licenses are available in any quantity above the minimum of 10.  

Q: What happens if I exceed my license count?
A: Using ScriptLogic products in excess of the licenses you have purchased and installed is a violation of the End User License Agreement (EULA).  To avoid disruption to the users’ productivity, Desktop Authority will not lock out unlicensed computers, but if your usage exceeds your license then warning messages will be displayed to users and administrators.  

Q: How do I find out how many licenses I have installed?  
A: In the Desktop Authority Manager, click on “ScriptLogic today” in the tree view.  This shows the System Dashboard which displays the number of user licenses installed.  

Q: How is the USB and Port Security Option licensed?  ?  
A: The USB and Port Security (UPS) option is licensed on a per-seat basis as an extra cost item.  You must purchase 1 UPS license for every base Desktop Authority license you own, except for computers running platforms which are not supported by UPS – at the time of writing UPS supports Windows 2000 SP4 with URP 1 and Windows XP SP2.  

Q: How is the Patch Management Option licensed?  
A: The Patch Deployment for Desktops (PDD) option is licensed on a per-desktop basis as a subscription for 12, 24 or 36 months.  You must purchase 1 PDD license for every base Desktop Authority license you own, with one exception – because Desktop Authority does not patch Windows 95, 98 or ME, you do not need to purchase PDD license for those computers.  

Q: How is the Spyware Removal Option licensed?  
A: The Spyware Removal Option is licensed on a per-desktop basis as a subscription for 12, 24 or 36 months.  You must purchase 1 PDD license for every base Desktop Authority license you own.  

General Licensing Information

Q: How are licenses delivered?
A: Once your order has been processed you will receive your license code or file by e-mail.

Q: How can I add more licenses?
A: The process is the same for all products – contact us to purchase more licenses.  When your order has been processed you will be provided with a new electronic license for the total quantity of licenses you now own.  

Q: Do you offer any types of discounts?
A: Discounts are available to establishments of Academic or Charitable status.

Q: What about shrink-wrap product?
A: ScriptLogic does not sell any of its products with shrink-wrap packaging.  All delivery of software and licenses is electronic.

Q: What’s the difference between Open and Retail/Conventional licensing?
A: Open License pricing bands begin at quantities between 5 and 500 units, depending on the product, and offers extra discounts.  Open Licensing also guarantees that, once you have purchased sufficient quantity of a product to reach an Open License band, you can buy additional licenses at that discounted price.