Proactive Desktop Management: Using Levels 1 through 3 for All Devices

White Mechdyne logo in black square

When we think of supporting individual desktops we tend to think of Level 1, service desk related tasks such as restoring access and connectivity, mapping network drives, or performing basic application instruction. Or we conjure up hands-on, Level 2 functions such as installs, moves, or image management. In a standard desktop context, we less frequently consider how Level 3 or network driven changes are monitored and delivered to the individual device. Nonetheless, server patches, updates, and anti-virus administration are just as essential to an end user’s desktop functionality as having the right password. And yet there is a solution where all three levels, all three roles, and three skill sets are combined. It’s called proactive desktop management. While the service desk agents are the eyes and ears who document virus issues or version incompatibility from a reactive standpoint, the infrastructure support team performs monthly maintenance including system updates for security patches at the desktop. This Level 3 team also provides monthly status reports and often engages Remote Level 2 technicians for remediation or the service is initiated once the ticket is created and escalated from Level 1. Here’s how Proactive Desktop Management works procedurally:

Patch Management Procedures

  • The Infrastructure team creates and assigns a change request to the Proactive Desktop Management (PDM) Group. The team then downloads and stages the monthly updates which are released by vendors such as Microsoft.
  • The new updates are first deployed to a single workstation for the initial validation cycle in order to conduct basic network connectivity testing post update installation. Once the validation cycle is completed and no negative impact is observed, the infrastructure team updates the incident appropriately and requests permission for pre-pilot testing.
  • The pre-pilot validation cycle includes several devices for an advanced level of validation using internal applications. Once this testing cycle has achieved 90% deployment status and has passed with no negative impact, the PDM group proceeds to full pilot validation cycle.
  • The pilot validation cycle involves a specified group of users to further test the impact of the new updates.  Once this testing cycle has achieved 90% deployment status and has passed with no negative impact, the infrastructure team proceeds to the full deployment cycle provided the client management team has granted approval documented in the incident.
  • The full deployment cycle is defined as the newly staged updates being released to all devices throughout the enterprise.
  • The infrastructure team also notifies client management of any out-of-band emergency patches. With their approval, the Remote Level 2 technician deploys the emergency out-of-band patches as required versus waiting for the next patch cycle.

 Anti-Virus Administration

  • The service desk creates weekly service requests to review virus definitions and ensure updates are downloaded and deployed to clients.
  • On a weekly basis, the PDM group reviews the laptop and desktop infection reports. For any infections discovered, the service desk will create an incident in the ticketing system and, as with patch management remediation, assign it to Remote Level 2
  • If no remedy is available, the RL2 technician will typically proceed with device reimaging.
  • The infrastructure team notifies clients of urgent virus incidents and makes recommendations to maintain a secure environment.

 What RMM Tools are Available?

Whether it’s included with your managed services provider’s solution or you’re leveraging yours, there are various industry standard RMM tools to consider. ABS Remote Level 2 Technician Rico Feliciano (pictured above) has had several years of experience delivering Remote Monitoring and Management (RMM) services to various clients and performing remediation tasks.   As an advocate for Continuum Feliciano states, “It’s very user-friendly and rolls in malware bytes, Java, and all third party application updates like Adobe Reader into this one MSI file. From there I can execute the packet on the client’s machine and install it in one rip.”

Once the tool is installed on machines throughout the network, it identifies which devices have out of date virus definitions or aren’t compliant and lets the person performing remediation know what versions are available for update. At that point, updates are typically deployed to each device via a console like SCCM. If the device is greenlit on the console, then it’s connected to the host so that the technician can push the update with a simple right click.

Other RMM tools include SolarWinds n-AbleNaverisk, and Kaseya so companies can compare the features and benefits of each with the service provider’s guidance should they not offer their own. Ideally, the resource performing the scans and remediation should be a Subject Matter Expert (SME); however, often the learning curve for any experienced RL2 technician is a question of becoming familiar with the layout while the essential functions are relatively intuitive with each tool.

How Often Should Proactive Desktop Management Scans be Run?

“With some organizations, I would initiate a scan twice a week on Mondays and Fridays,” continues Feliciano. “Once is generally sufficient for smaller organizations with fewer devices, but in addition to the self-generated reports, the tool includes real-time monitoring, scan, and queries every hour, so out of cycle notifications are automated. As far as the updates themselves, I’d deploy maybe one or two a week per device as needed.”

What Tasks Should be Automated?

The proactive approach means monitoring and identifying out of compliance devices and taking corrective action so those assets are up to date with vendor software and standardized within the IT environment. And the automation is in the detection, not scanning the log and performing remediation. When dealing with network infrastructure updates, more automation is not always a good thing. It may introduce risks to the environment without designated professionals testing and validating the change. The update may contain incompatible scripting with the current software and inadvertently fail. Or, considering more malicious scenarios, automation may introduce hacker deployed Remote Access Tools that compromise the network even further. To avoid this, maintaining a manual, human element to the process forces an extra instance of detection assuming the SME performing the deployment can distinguish the legitimacy of the packet itself.

No matter how the various tasks and degrees of responsibility are segregated between Levels 1 through 3, Proactive Desktop Management is best delivered as a team effort. Once the tools and processes (both manual and automated) are established, and remediation documented and coordinated, this ounce of prevention can only help to minimize service interruption at the desktop not to mention call volume at the service desk.