To your users, applications are the most important aspect of your IT service. Sure, the infrastructure that supports them is essential, but users don’t want to fuss with all that. They just want the tools they need at the time and place that they need them. A typical organization provides hundreds of applications for their users, so what can you do to take the effort out of managing them? In this blog post, I’ve explored four things you can easily automate in your Application Management process, so you can get on with more interesting things. I’ll be exploring these in more detail with my colleague Gokul Raju in our upcoming webinar Application Management – this is how you do it on Wednesday 20th September.
Most organizations use some form of automation to install software, (although only last week I heard of a large UK organization where IT still install software over remote desktop sessions on the user’s PC). But a lot still haven’t gone the extra mile and made software available for user self-service. We’ve seen self-service eliminate hundreds of hours of help desk time and the associated costs, not to mention the “happy factor” that users experience when they can just ‘press a button’ and get the software they need. There are a few options we’ll be exploring in our webinar:
- Microsoft Store for Business – the Microsoft offering for organizations that have adopted Windows 10 and Azure AD. Build a Private Store of Universal Windows Platform (UWP) apps and your users can browse and install them from the Windows Store app in Windows
- Application Catalog and Software Center – two Microsoft Configuration Manager components that enable administrators to make applications available for users to install, either through the Application Catalog web portal or the Software Center client app.
- 1E Shopping – a fully-featured app store that integrates with Configuration Manager with cool features such as flexible, email-based approval workflow, application rental and delegated administration allowing managers to request software for their team.
Keeping applications current means that users get the benefit of new features and enhanced user experience and it tightens the security of your desktop environment as vendors patch security vulnerabilities through maintenance releases. A trend among vendors today is to implement automatic delivery of updates through the application itself, but these may require local admin rights and pull the updates directly from the Internet, which most enterprise IT admins will want to avoid. (Ironically, the Petya attack earlier this year was believed to have originated from a compromised auto-update to legitimate accounting software). So, what are the alternatives?
Most Microsoft applications can be managed using the built-in Software Updates feature in Configuration Manager, but what about all the other vendors? In the webinar, we’ll be taking a look at the System Center Updates Publisher (SCUP). First introduced with SCCM 2007 (the current version is SCUP 2011, although Technical Preview 2017 was released in July), it allows other vendors or in-house developers to build and publish update catalogs similar to the Microsoft Update Catalog. Updates can then be downloaded and published to your WSUS server and CM site, so they can be deployed through the Software Updates. There are only a handful of software vendors publishing catalogs that can be used with SCUP. You can build your own catalogs and update definitions, but there are companies like Patch My PC that create and publish catalogs for a large number of common applications and will add products on request.
Remove Unused Software
Giving users what they want when they want it, over time will inevitably result in unwanted software. Great that I could install that cool video editing tool three months back when I needed to edit some training videos, but now it’s just taking up space on my hard disk and it’s a license someone else could be using.
The Software Metering feature of Configuration Manager can provide very detailed analysis of application usage to help identify unused software, but only reports applications (actually, specific executable files) you have defined rules for. However, just enabling the Software Metering client agent (without any rules) will start populating the Recently Used Applications class in Hardware Inventory. This class will show the last time any executable was run on the client (so, for example, you can check the last time VLC video player was run).
You could then build a Collection of devices where the Last Used Time is older than, say three months ago and deploy an Uninstall VLC program to that Collection. But that’s messy, takes a lot of work (which you need to do for each Application you want to remove) and you’ll have to keep updating the Collection criteria (there are no ‘three months ago’ option, you have to specify a date).
In our webinar, we’ll be showing how to use 1E’s AppClarity to define application-based policies that perform actions (do not uninstall, optional uninstall or mandatory uninstall) based on whether the application is used, rarely used or unused. Clients periodically check in for policy and remove unused applications according to the rules you defined. You can get the user involved in the process (giving them the option to keep the software), or you can force removal – it’s up to you.
Rationalize as you deploy
Many organizations have automated Windows deployment to some extent. PCs get rebuilt to resolve software problems, PCs are replaced as they get old and of course there’s still Windows 10 migration looming for many organizations. Each OS deployment is an opportunity to rationalize the applications and versions in your environment, by ensuring the newly-built PC has the latest version of applications the user was previously using, but not reinstalling applications the user is no longer using, and by replacing diverse tools (such as FTP clients) with a single company standard.
For some years, the Microsoft Deployment Toolkit (MDT) has provided an ‘Application Mapping’ feature that enables an administrator to define which applications to reinstall during an OS Deployment Task Sequence based on the inventory of the device before it was rebuilt – so, for example, I can choose to install Office 2016 on a device that previously had Office 2013 installed. This particular solution requires individual mappings of specific inventoried application versions to a Configuration Manager Program or Application, which must be defined directly in the MDT database.
In our webinar, we’ll be showing Application Migration (part of our Windows Servicing Suite), which provides a much more flexible solution with a UI for creating rules, the ability to create wildcard rules (e.g. ‘Replace any version of Microsoft Office Professional with Microsoft Office Professional 2016) and rules based on usage, so you can choose not to reinstall an application if it wasn’t being used, or perhaps to replace it with something less expensive. You can also preview the effect of the rules on a device before you rebuild it. The custom Application Migration Task Sequence step, which calls the Application Migration web API, can be easily added into your existing Task Sequences to automate the process during OS deployment.
To learn more about the opportunities for automation covered in this blog, sign up for our webinar, Application Management – this is how you do it: Wednesday 20th September at 12pm EST, 5PM GMTU.