Hands-On With Small Business Advantage's Features
The first module we configured was Intel's USB Blocker. Prior to launching it, I was worried this would be an unintelligent feature that'd simply disable USB connectivity altogether. I was wrong, though; it contains USB device categories that grant or revoke access to certain types of hardware. Then, even more granularly, you can create exceptions to those rules.
Once the USB Blocker is configured, its status is pushed to the SBA dashboard.
Next up was the Software Monitor, which keeps tabs on running processes to make sure they aren't quietly circumvented by malicious code. I installed McAfee's anti-virus to test the applet's functionality. You typically want some form of virus protection running, so any application that shuts it off is very likely suspect.
After setting up Software Monitor, we can see its status from the same central dashboard.
When Software Monitor detects that a tracked process is deactivated, it takes a few steps to let you know. First, it records the issue in its event log. Second, you're prompted by a notification in the task bar of the app that shut down. Third, the dashboard is refreshed to alert you of a problem.
Maybe the editors will read it before they remove this post. It's not a terribly well-written article. That's where you can help, Tom's.
For laptops you may have to take a bit more time defining your typical usage area of course; you could even let the laptop track your typical usage location patterns so it can make recommendations for the best setup.
If the systems is outside the area either request a special password or some other form of identification to unlock the machine either for one time or for inclusions of the current location into the allowed area.
Damn, I should get that patented :-)
Customer has a blue screen? No problem, you can KVM right in and see the issue.
Workstation hung after remotely applying patches - calling the user and saying "Can you go over and hold the power button for me?" is no longer necessary. Simply shutdown the machine via vPro and power it back on. Even remotely re-imagine a machine from backup is possible.
However, my favorite use case is the instant back to work use case. End user hard drive fails - obviously a truck roll is needed, but the most important thing is to get the user productive again. Leverage vPro's ability to redirect IDE (IDEr) to a network Live Linux CD at least gets the user in to Web Outlook, if not 100% back in business.
How about power savings? Schedule machines to auto shutdown at night, and for your patch window, use vPro to power up the workstations, apply the patches, power down (from windows) and if a machine hangs on shutdown use the vPro power off command. Allows for nightly maintenance and keeps costs savings maximized.
Rolling out vPro can be a bit of work using native tools, but there are solutions available (shameless plug) like LabTech Software (http://www.labtechsoftware.com) which can remotely provision and manage vPro along with any other IT management function you can think of.
Full disclosure: Having ran an MSP and worked with many enterprises, out of band management tools were critical in every mature organization I worked with. As a co-founder of LabTech Software, I have engaged Intel and we are working closely to build out solutions that vPro truly solves for.