We posted an interesting survey yesterday on myITforum to see if certain Administrators were the Single Point of Failure for Patch Management in their company. A surprising amount of people responded that they were, and an even more surprising amount sent me emails offline about it. Some responded to me saying that it has been 3-6 months since a patch had been deployed at their organization because they were taken from their SMS responsibilities and on to something else! At first I was astounded by this. In today’s day of the SUSFP and the native Software Updates features in SMS 2003 this should be easy right?
Well, maybe not. I got to thinking about this and while this may be the case for organizations with (and I’ll ballpark here) 5000 or more clients that are able to have multiple staff members for their SMS infrastructures its not always the case for smaller ones utilizing SMS with just a single Administrator. If I were the single SMS Admin at a smaller site I wouldn’t be that happy if my boss was calling me to create a patch package while I was on vacation because I was the only one, or even worse if I had to schedule my vacations around the Tuesday patch release schedule.
So what’s the answer to this? A couple of things. One is possibly product improvements for SMS Software Updates features. Yes the DSUW integration into the UI is a great feature but maybe a simple web page tied into the SMS Provider that can do the same thing for managers, etc, to use in an emergency with minimal training would suffice as well? This wouldn’t be the tool you use to manage your entire Software Updates management strategy but it would allow others to be able to secure systems while you are away. Along with this would be better status messages for non-SMS Admins to read when they used this tool set. Seeing “A non-zero Exit Code was returned” means nothing to a manager, or even a technical person not familiar with SMS. In a lot of ways SMS does a good job at making simple things difficult such as status messages.
Some things that are outside of the SMS product groups control could be improved upon as well to help this situation. One is standardization of hotfix installers. This process is already happening inside Microsoft but to the chagrin of us all it is happening much to slow. Once this happens it may lead to the other improvement which is standard silent hotfix command line parameters across the board so that the non-SMS Amin can easily distribute updates when they are OoO. The telling fact about this is that many new SMS Administrators have failed distributions because if incorrect command line switches. Yes they aren’t doing the correct thing by not testing switch functionality first but news flash: They are correct in thinking most, if not all, Microsoft generated hotfix installers should act the same.
Hopefully as the hotfix installer technology catches up with the rest of Microsoft products, SMS and other Software Update Management technologies like WUS can have even more robust tool sets.