ECM Gains Mandate Power

By Cameron Sturdevant  |  Posted 2003-08-04 Print this article Print

ConfigureSoft's upgrade rules configuration.

Enterprise Configuration Manager 4.5
Configuresofts ECM upgrade goes beyond monitoring Windows-only server and desktop parameter settings by adding a capable enforcement tool that can automatically reset machines to approved settings. IT managers should carefully orchestrate the use of ECM 4.5 so that legitimate changes arent undone, thus diminishing the value of installing ECM 4.5 in the first place. ECM is priced at $995 per server and $30 per desktop. Configuresoft is at
  • PRO: Enforces configuration rules; granular operator access.

  • CON: Windows-only; constructing configuration rules is a time-consuming process.

    BindViews Policy Center Symantec Corp.s Symantec Enterprise Security Manager NetIQ Corp.s VigilEnt Security Manager
    ConfigureSoft Inc.s Enterprise Configuration Manager 4.5 has gained the ability to mandate Windows server and desktop configuration parameters.

    eWEEK Labs believes ECM 4.5, which shipped in June, is worth a look for IT managers who want a handle on their Windows-based machines and thus fewer service calls. In our tests, any deviation from the settings specified in ECM 4.5 resulted in our test machines being reset to the approved configuration. At $995 per server and $30 per desktop, ECM 4.5s price is comparable to that of rival offerings, such as BindView Corp.s Policy Center tool.

    Of course, IT managers should carefully consider how they use the new capabilities in ECM 4.5. We recommend using configuration rules, which Configuresoft calls templates, to report noncompliant machines. ECM 4.5 can use its installed agent to ensure registry settings are present when starting or stopping Windows services.

    In tests, ECM 4.5 performed well—almost too well. We modeled several exemplary machine configurations and set up ECM 4.5 to keep our machines in perfect running order. Then we used Windows Update and installed the latest Windows 2000 hot fix from Microsoft Corp.

    Windows worked fine, and ECM 4.5 wasnt bothered, but IT managers in large shops with fast-changing environments might not be so lucky.

    At its base, ECM is a capable configuration management tool, but it is limited to Windows-only systems. BindViews Policy Development, by comparison, supports Novell Inc.s NetWare, along with several varieties of Unix, in addition to Windows.

    ECMs deft ability to restore Windows systems to an approved configuration is the main reason why IT managers should consider it, even for heterogeneous operating system environments.

    Not surprisingly, ECM 4.5 relies on Microsofts SQL Server database. After a couple of false starts, we realized that ECM 4.5 queries the database, not the agents that it installs on each managed machine. As a result, we strongly advise IT managers to run data collections about machine configurations on a regular basis. In tests, it was easy enough to keep the database up-to-date with regularly scheduled collections.

    Because this version of ECM has far greater power to change systems, Configuresoft has commensurately beefed up security controls for console operators. We used a combination of access rules and ECM roles to provide granular access control privileges. For example, we created users who could access information about all the machines in our test network. We limited these users to a small group of machines in developing configuration policies.

    ECM 4.5 has joined the security hype parade. Although the product ably monitors servers and desktops for compliance with approved configurations that are known to resist tampering and hacking, we think that forward-looking IT managers should also consider how ECM 4.5 can cut overall operating costs. Keeping machine parameters updated with tested and approved settings can be as valuable as assuring that workers disable anti-virus tools.

    ECM 4.5 could cut help desk calls on nonsecurity configuration problems by making sure missing registry keys or stopped services are addressed automatically without human aid from the help desk.

    Senior Analyst Cameron Sturdevant is available at

    Cameron Sturdevant Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at

    Submit a Comment

    Loading Comments...
    Manage your Newsletters: Login   Register My Newsletters

    Rocket Fuel