Desktop Orbiter is a distributed desktop computer management package that allows you, from a central console, to remotely manage and control the security of a collection of PCs on your LAN. It’s officially compatible with Windows 2000 and XP, and WS2003.
Installation is as easy as it gets. Install the central console on the machine (or machines – you can have more than one) that you’ll be using to control the world, and deploy the Satellite (basically a remote agent) to the devices you want to manage. The system will auto-discover satellites in the local subnet, and you can add things living outside your subnet by hand via the GUI.
The GUI has three panes. On the left is a list of sections, and of the right-hand chunk of the screen the top section lists the satellites you have and the bottom shows an audit trail of activity. With the exception of the “Settings” (general odds and sods you can largely leave alone) and “Exit” items in the left-hand bar, the way you work is to select one or more satellites in the right-hand list and then click the section icon on the left.
Let’s worth through the sections in order. First is “Security”, which is basically desktop security. You can do things like disabling the taskbar, hide the My Computer icon, hide the clock, hide all icons, disable/freeze the Start menu, disable the Control Panel and prevent access to specified drive letters or to any USB-connected drives. Next is “Tasks”, which allows you to add and change scheduled tasks on the specified client(s). This feature doesn’t use Windows’ own Task Scheduler, the Satellite client does it for you – and editing a task is a little odd, because when you make a change it actually adds a new task and leaves you to remove the old one.
Next down the list is “Soft [Software] Filter” which, as you’d expect, lets you prevent users from running specified applications. Actually it’s a little nicer than this; as well as preventing access to give executables, you can also prevent users from opening windows containing a given name in the title bar.
Then we come to the “Web Filter”, which as it sounds is all about restricting access to web sites. Except it’s not actually a web filter – it’s a DNS client replacement. That is, it enforces the rules you define not by restricting network connections, but by restricting DNS lookups. So when you enable the filter on a client, it actually turns on a DNS client, and changes the DNS server of the active network connection to 127.0.0.1 (i.e. the local machine). When any application tries to do a DNS lookup, the local client decides whether the name being looked up is allowed as per the rules, and either responds with the answer or times out. Although cunning, this is a crap way of implementing a web filter: not only does it prevent any other service from accessing hosts whose names match the “Web Filter” block list, but it means that when a site is blocked, all the user gets is a DNS time-out and not a “This site is blocked by your administrator” message.
Next down is the “Network” item, which is actually a network monitor tool It lists the network adaptors installed in the machine, along with basic stats for each, and in a separate section it lists any applications that have open network connections (or are listening for incoming connections) and lets you drill down to see what application’s using what port. It’s actually really cool, since it lets you see what apps are using what ports and helps you figure out if (for example) your firewall is getting in the way of a user’s work. Next is the “Usage Log”, another useful item that lets you audit what your users have been doing (and, for that matter, what the system has been doing on its own – so you can see if, say, an auto-update ran overnight on a machine whose user’s suddenly started to have problems one morning). Finally there’s the “Printer” section which lets you see what’s been printed on each machine.
I have mixed feelings about Desktop Orbiter, but the more I think about it, the more I’m convinced that on balance it’s very good. I really like the “what application’s using what ports”, feature - even though it would be seldom used in real life, it would be dead handy on those few occasions I used it. I also like the Usage Log, and although the set of system lockdown features isn’t as extensive as, say, what a Windows group policy might provide you, what’s there is useful.
My main doubts are with the task scheduler (I’d rather the application worked with Windows’ own scheduler, rather than duplicating the functionality) and as far as the Web Filter is concerned: well, it’s not really a web filter, and it gets in the way of non-web activity. And one final niggle; I suspect this was a one-off event as I’ve not been able to replicate it, but when I closed and reopened the application, one of the satellites I’d dropped in a group had fallen out of the group and was appearing on its own.
Would I buy Desktop Orbiter? No. The reason’s simple: I just asked myself whether one of my clients, who has about 30 machines, would pay $1200 (about £600) for a 30-seat licence, and the answer is a resounding “no”, because it doesn’t give him much that he can’t already do on Windows Group Policies (for lockdowns) or the firewall (for web filtering). Chop the price in half and fix that blasted web filter, though, and the answer might well be different.
If the price comes down a bit and they sort out the web filter (or you decide you don’t need it), give Desktop Orbiter a look.