Shavlik Patch 2.2 available in early access!


The Shavlik Team is proud to announce the availability of Shavlik Patch 2.2 in an early access delivery.  Check out what’s new!

  • Edit packages (watch the video) – Change the command line switches, return codes expected, etc for a given package.
  • IAVA Support – For our Federal customers we have extended our IAVA coverage into our Shavlik Patch offering making it much easier to automatically cross-reference DOD IAVAs.
  • Republish and resigning of packages – The manual steps for doing this are long and painful and going down that rabbit hole is not recommended.  It is also no longer necessary!  We are going to do all the heavy lifting on this one.
  • Manage vendor and product categories (watch the video) – We have a new interface that lets you monitor and manage the categories in use so, again, you do not have to go down a significantly long, manual process to reclaim a category that is no longer in use.

We have a webinar scheduled for April 6th, 2016 to walk through the Shavlik Patch 2.2 features and show you whats new! You can also download Shavlik Patch 2.2 here.

Mobile Data Security + User Freedom = Shavlik’s Newest Product: Secure Mobile Email by LetMobile

Shavlik is happy to announce that we have added a new product, Secure Mobile Email by LetMobile, to our product line. LetMobile is a secure email solution that brings the same effectiveness and ease of management that you have come to expect from Shavlik to the challenge of protecting corporate information on mobile devices.

Today, I sat down with product manager Eran Livne to learn more about Secure Mobile Email by LetMobile. Eran has led this product from its inception and has spent years studying the mobile device management space.


Anne: Why LetMobile? What problem does it solve for our friends in IT?

Eran:  There’s a new challenge with all of these smart devices.  Users buy devices and want to use them for work; however, they don’t want IT to control them and have less concern about security. IT is used to managing and controlling, owns security, and is held responsible if a data breach occurs. There is a huge gap between the interests of these two sides.


Anne:  How do we bridge this gap?

Eran:  LetMobile was built to find this balance and to bridge this gap. We provide the best of both worlds; IT gets security compliance management and data protection, and users get a native email experience on the device of their choosing. They don’t have to use subpar email clients to consume corporate emails or separate the process of reading work email from reading personal email.

With LetMobile security policies apply only to corporate data, so the solution has no knowledge or control over personal data or app’s. This means users are free to use their devices how they wish, do not need to fear corporate “big brother,” and don’t have to comply with annoying policies like being forced to lock their devices or granting the company access to wipe their devices.


LetMobile diagramAnne:  Wow, that sounds almost too good to be true. How does LetMobile work?

Eran:  LetMobile is a gateway solution. We offer on-premise and SaaS offerings that act as an intermediary between Exchange (or your email service) and user devices. The LetMobile gateway streams email to the device, so email and email attachments are never stored on the device. Additionally, corporate credentials are never stored on the mobile device, so if the device is lost, the user’s corporate creds cannot be compromised.


Anne:  Beyond basic email security what are some of the other cool capabilities of LetMobile?

Eran:  LetMobile includes data loss prevention (DLP) capabilities that look into the “body” of emails and attachments and can take action based on the presence of keywords or regular expressions. This coupled with LetMobile’s geo-fencing capabilities means say a financial institution could enforce a policy where customer account numbers are masked in emails unless the device is in a trusted location. LetMobile can keep confidential information from leaving the four walls of your corporate headquarters and even your country’s borders.


Anne:  If readers want to learn more about LetMobile or see a demo, what should they do?

Eran:  We have a wealth of information out there on our website. Check out…

Also, Shavlik will be hosting a number of live LetMobile webinars in the coming weeks, so stay tuned to our webinars page for more information.

The 12 Beers of Christmas


Happy Holidays from the Shavlik Team! Many offices have secret Santa or cookie exchanges. We at Shavlik started a different tradition about seven years ago. We call it the “Not another cookie exchange”. Each person in the exchange brings 12 beers, either the same or different. There are certain rules to the exchange, but the most important is if you bring mediocre beer, you leave with mediocre beer. We end up with a variety of craft beer, imports, and limited edition brews from a variety of breweries. This year, I asked the team to share their favorite beer. Below is our list of 12 beers for Christmas. Enjoy the holidays!

Chris, Product Manager
Favorite Beer: St Bernardus ABT 12
Style: Belgian Quad
ABV: 10%
Description: The closest thing you will find to a Westvleteren 12 (yes I have had it and it would be my favorite, if only it were more accessible). ABT 12 is a lot easier and cheaper to come by. A well balanced Belgian Quad with subtle hints of fruit.

Brent, Staff Engineer
Favorite Beer: Zombie Dust by Three Floyds Brewing Co.
Style: American Pale Ale
ABV: 6.4%
Description: Highly hopped and tastes like grapefruit and other fruits when fresh. An ode to Citra.

Jason, Content Team
Favorite Beer: Surly Wet
Style: West Coast Style India Pale Ale
ABV: 7.50%
Description: To get hops any fresher, you would have to walk out into a field and pick them yourself. Surly has freshly-picked Cascade, Centennial, Citra and Simcoe hops shipped in and brewed wet within a few days. This results in an incredibly fresh multi-faceted hop-forward beer.

Bob, Territory Sales Manager
Favorite Beer: Founders Breakfast Stout (Da baby!!)
Style: American Double Imperial Stout (Fall seasonal)
ABV: 8.3%
Description: Brewed with flaked oats, bitter and sweetened imported chocolates, Sumatra and Kona coffee. This beer is as dark as they come, but don’t be afraid, looks can be deceiving. There is a hint of Kona bean when pouring. However, the taste starts with a deep coffee flavor and ends with a chocolate Stout finish. This beer rocks and is released in the fall, and is only sold through the holidays, or until supplies give out. This way you can look forward to having it again the next season.

Steve, Senior Director of Sales
Favorite Beer: Chimay Blue
Style: Belgian Strong Ale
ABV: 9%
Description: Made by Trappist monks in a monastery in Belgium. The beer is brewed with water pulled from a 500 year old well in the monastery. Dark, malty with hints of caramel and clove and has a smoky, chocolaty finish. This is not a beer to throw back at a party. This Belgium masterpiece is best enjoyed in an isolation chamber so no other sense can sully the experience.

Andy, Senior Principal Engineer
Favorite Beer: Bad Axe from Big Wood Brewery
Style: Imperial / Double IPA
ABV: 9.8%
Description: 2013 Rochester Craft Beer Expo winner for Best Beer! This one might take a few trees down without trying. It’s the one all the lady axes think they can change. He might be a tough guy in the flannel shirt who tears off bottle caps with his teeth, but don’t worry he’s easy to get along with. Brewed with a mix of Columbus and Centennial hops, it pours pale amber and goes down surprisingly easy. Well, maybe not so surprising, considering it’s from Big Wood Brewery.

Travis, Director of Quality Assurance
Favorite Beer: Russian River’s Pliney the Elder
Style: Double IPA
ABV: 8%
Description: Best tasting beer I have ever had. I think the secret is the Simcoe hops.

Rob, VP of R&D (and living evidence that not all of us at Shavlik are beer snobs)
Favorite Beer: Coors Light (rated 0 on ratebeer, just saying… Author bias showing a bit here)
Style: Light Lager (who drinks a light lager???)
ABV: 4.20% (At least it wasn’t a 3.2 beer, although I suppose it comes in 3.2% so they can sell in stores on Sunday)
Description: The Silver Bullet of beers won’t slow you down! This tried and true beer is about good taste balanced with low-calories. For Ice Hockey players worldwide, this is the official beer of the rink. While it’s nothing fancy, you can count on it, especially in those instances where you are going for volume over flavor. With a crisp taste and a coldness indicator that lets you know if your beer is cold enough, there is no going wrong. (*sigh* our fearless leader. Crappy taste, but he sells it doesn’t he? FYI no correlation to our products. Only true awesomeness there!)

Anne, Product Manager
Favorite Beer: Surly Cynic
Style: Saison
Description: It’s overrated. Beer snobs don’t really know anything. All beer is the same. That guy who recommended Coors Light probably really gets it. If you feel this way, Surly Cynic is just the beer for you. This sharp Belgian will make even the most extreme cynics feel warm and fuzzy after one or two. Enjoy.

Mike, Staff Engineer
Favorite Beer: Surly Furious
Style: India Pale Ale
ABV: 6.2%
Description: I usually search out beers I have not had before, but I would say Surly Furious is a beer I could always fall back on. If you like hops, this is the beer (IBU:99).

Mark, Staff Engineer
Favorite Beer: New Holland Dragon’s Milk
Style: Imperial Stout
ABV: 10%
Description: A great Bourbon Stout. Big malty, sweet chocolate flavor with espresso and vanilla aroma, and a nice bourbon whiskey finish. Keeps you warm on a cold Minnesota winter night.

Matt, Principle Engineer
Favorite Beer: Lift Bridge Brewery Harvestor Fresh Hop Pale
Style: American Pale Ale
ABV: 6%
Description: Beer Advocate has it all wrong for this year’s batch. This was way better than any 85 I’ve tried. I had the pleasure of drinking it in the Lift Bridge tap room. It was near perfect this year. The Hop farm is 7 miles from my house, this was as fresh and local as it gets!

What We Learned from Microsoft System Center Configuration Manager Users

I’ve worked in the systems management arena for some time now.  Working with disgruntled Microsoft System Center Configuration Manager (SCCM) customers for most of my career, we had some assumptions going Customer Serviceinto this research.  Fortunately, the data proved us wrong.  After doing a survey of 150 IT professionals, we found some surprising (or maybe not surprising to you) finds about ConfigMgr.

1)    Configuration Manager customers actually like Configuration Manager.  Weird.  We were under the impression that many people picked SCCM because of politics or it was included in their Enterprise Agreement.  This is not the case.  In Shavlik’s study 72% of SCCM customers chose SCCM because it was the best fit.

2)    SCCM customers would like Configuration Manager to be the central hub of IT activity.  But surprisingly, 27% of SCCM customers currently use add-ins to solve problems not solved by Microsoft.  This means that either they are unaware of some of the gaps or they are solving these problems by using additional tools not integrated in SCCM.

3)    Third-party patch management was reported surprisingly high as a missing feature of SCCM – 38% of respondents selected third-party patching as a high priority. This is a great case for Shavlik Patch for Microsoft System Center an add-in solution that takes care of the third-party patching problem.  Even though Microsoft is the master of OS patching, they fall short on third-party patching and tend to leave these “treadmill”-type activities to the other vendors

Respondents expectations for a Microsoft System Center Configuration Manager add-in

Respondents expectations for a Microsoft System Center Configuration Manager add-in

4)    SCCM admins don’t want additional crap in their infrastructure.  Setting up SCCM was difficult enough.  Adding more databases, interfaces, and potentially servers and infrastructure does not constitute an “add-in” product.  Add-ins should use the native functionality of SCCM with either no additional or light additional components that are leverage the existing infrastructure and software.

If you are an SCCM admin or have experience with SCCM in your IT career, please respond to this Blog and tell me what you like/dislike about SCCM.

Windows IT Pro Weighs in on Shavlik Patch

You’ve heard a lot of talk from us about the new Shavlik Patch for Microsoft System Center, but you may be wondering, “What are people who don’t have the word ‘Shavlik’ on their business cards saying about this new product?”

Windows IT Pro Community Manager Rod Trent answered just that in his article Shavlik Patch for System Center Simplifies Securing the Other 86 Percent of Windows Vulnerabilities. Trent is a leading expert on Microsoft System Center technologies and has more than 25 years of IT experience.

Here are some of his insights.

  • “…86% of reported vulnerabilities come from third-party applications, 10% comes from the operating system itself, and 4% is attributed to the hardware.”
  • “Shavlik Patch for System Center takes a normally manual process for third party application patches and automates it such that administrators can have the confidence that the ‘other 86%’ of known vulnerabilities are covered.”
  • “Shavlik was one of the first vendors to understand the need to patch products other than those provided by Microsoft. …the company knows patching.”
  • “Configuration is easy and scheduling is provided to automate the download of deployable .cab files and publishing of updates.”
  • “In addition to the console integration, the product also takes full advantage of the capabilities built into ConfigMgr for targeted deployments of software patches.”

Learn more about Shavlik Patch for Microsoft System Center or download a free trial here.


Keeping off-network machines up-to-date…is it an impossible problem for IT?

One question that often comes up when we are out talking to IT administrators and IT executives is “Is patch management a solved problem?” On the surface it seems like this is the case, but as computing evolves, we have seen the challenges of patch management evolve right along with it.

Shavlik Systems Engineer John Rush and I sat down last week to discuss one of these newer challenges in patch management – how do we keep off-network machines up-to-date?

“For customers I talk to the biggest issue they have for patch management is that most of the tools out there require you to be connected to the network to get your patching done. That’s just not realistic,” Rush said.

Is this a new problem brought on by the proliferation of cloud-based applications and BYOD?

“It’s been a problem for a number of years now. Take the Shavlik Team for example, we exclusively use SaaS-based tools in our sales team like Concur, Salesforce, etc., so employees in the field never have to connect to our network,” Rush explained.

“In the old days, we had to VPN in to get email. Everyone had to be connected, but today, they never have to connect to the VPN. They are doing everything from their own laptops, and some are doing it from their iPads. The world has changed with respect to connectivity.”

With that change, IT is left with lots of questions about these off-network machines.

  • What’s being installed?
  • What versions are out there?
  • Is it time for a hardware refresh?
  • Are these machines lacking patches that make them vulnerable?

Rush added, “Today’s world no longer conforms to a Visio diagram. We are connected to the internet, but we are not connected to the corporate network.”


How can we solve it?

As an industry we need to build tools for managing machines in the wild, let those machines/users become self-sufficient when it comes to things like patch management and asset inventory, and then provide a mechanism to give that data back to corporate.

Shavlik addresses this problem with the Protect Cloud. The Protect Cloud is a cloud-enabled patch services that aggregates, analyzes, and distributes patch data and associated deployment policies over the Internet. This services is used to send patch data to your Protect console, but that is just the beginning.

The Protect Agent can be installed on off-network machines and be configured for use with the Protect Cloud. So long as the machine connects to the internet (off network or on network), the Protect Agent communicates with the Protect Cloud to receive patch and policy updates and to return update status to the Protect console. This means that without additional infrastructure IT can ensure that off-network machines are patched and monitored in the same manner as those PC’s that sit inside the firewall.

Protect Cloud Diagram

“Before The Protect Cloud we had to have a box outside in the DMZ, and we had to open up ports. Now, with this technology, we have business as usual for everybody; the only difference is the Protect Cloud,” Rush said.



How does the Protect Cloud work with the Protect Agent?

Protect Agents that are configured to use the Protect Cloud can receive updates via the console if they are on-network or via the cloud if they are off-network.

Here’s how it works.

  • The Protect Console uses a secure connection to push agent policy information to the Protect Cloud.
  • At its next scheduled check in time, remote agents first attempt to check in directly with the console.
  • If they do not have access to the console, they perform the check in using the cloud.
  • The agents use a secure connection to the cloud service to report the same information they would have reported to the console (e.g. scan results, threat information, etc.)
  • The cloud stores the uploaded agent results until the console retrieves that data.
  • Agents download and apply any new policy updates that were pushed to the cloud from the console.
  • The console retrieves the agent data from the cloud. This happens several times every hour.

Scan engines and XML data are not a part of the cloud synchronization process. Agents receive updated engines and XML data from either the console or the vendor websites.

Agent Check In Via the Cloud

Check out the video, “Introduction to Protect Cloud” at, to learn more about how the Protect Cloud works and how to configure agents to use the cloud service.


How can I get this?

This capability was introduced in Shavlik Protect 9.0 as part of the Standard, Advanced, and Government editions. All customers running 9.0 have access to it, and those who are on earlier versions of Protect can upgrade to 9.0 at no cost. Learn more about upgrading Protect here.


Reflecting on 2013: A Transitional Year

Shavlik Vice President of R&D Rob Juncker reflects on 2013 and the transitions that have occurred within our industry and within the Shavlik business this past year.


For Shavlik, probably more than any other product line, 2013 was a year of transition for us.  We came into this year as part of VMware focused on delivering patch management solutions to the Small-to-Medium Sized Businesses with a keen eye for virtualization.  We exit this year as a new product line at LANDesk, focused on delivering patch management solutions to anyone of any-size with a focus on virtualization, hybrid cloud, and enabling Microsoft SCCM to achieve this mission.  That’s quite a change from where we started.

With this kind of volatility, I had to sit back and think about the two major shifts that I witnessed this year.  One for our business, and one for our industry.

Our Industry in Transition

I really do sometimes feel bad for all of us in security.  If there was a switch on the wall that we could flip to turn off the darkness, we really would.  This is especially true when you consider the magnitude of attacks, breaches and exploits that occurred in 2013 and with that came an extraordinary volume of patches to accompany those exploits.

Back in 2011, there were some Patch Tuesdays where I remember seeing 10 security bulletins on a patch Tuesday and thought, “Wow, this is going to be fun.”  Those thoughts were clearly just setting the stage of what was to come as in 2013 we saw record numbers of patches due to the wide variety and versions of platforms all of us were supporting.  Each month, the numbers grew as the impacted products created a seemingly endless matrix of applications and targets.  As we here at Shavlik look at a list of bulletins, we quickly know to get our game faces on when we see a .NET, Internet Explorer or cumulative update bulletin.

On top of the volume of patches that were coming down the pipe, the severity of these patches also began to set new standards.  No longer did we have a single-focus on an isolated breech, in 2013 we saw continual and repetitive zero-day vulnerabilities and when one arose, it sometimes was quickly followed up with multiple zero-days for the same product.  (While many of us would like to forget about it, early this year we seemed to coin a new term called “Java Friday” during a nearly weekly release of Java for critical security exploits.

Finally, the security threats themselves took a turn.  I was searching my email last night to see how many notices I received from software providers like Adobe, and retailers that were hacked this year.  At a quick glance, I had more than 11 of these notices.  Suddenly it wasn’t the software itself that was being exploited, it was weaknesses in the provider.
In 2013, our challenge to manage a plurality of platforms with a growing number of attack vectors kept us all on our toes.

Our Growth in Greatness

We made news again this year as we departed VMware in April for LANDesk.  It was a bitter-sweet move for many of us.  We had enjoyed our time at VMware, but knew it was time for us to depart.  In so doing, we found a great home at LANDesk.  This organization has been a pioneer in endpoint protection and they welcomed the Shavlik Product Line with open arms.  We’ve increased our investment in Protect, SCUPdates (which… soon will have a major release) and our OEM work.

We recognize that this has been a transition for many of our customers and we want to thank you for sticking with us during this time.  We are committed as ever to our customer-first culture and with advancements we’ve made in the last two years, our world-class patch testing infrastructure truly will safeguard the quality of content we will provide to you in years to come.

As we close out this quarter though, there has been plenty of great news to celebrate.  First, we’re excited to be re-aligned with Microsoft.  At Shavlik they were a great partner of ours and we’re happy to be part of the Microsoft System Center Alliance program again.  On top of achieving this status with them, we’ve worked hard alongside their team to bring exciting and innovative technologies alongside SCCM which you will see early next year.


Once again, we’re excited to end the year with great success.  The journey this year was not the one that we necessarily had in mind, but all is well that ends well, and for us it ended great.  Next year, we have exciting plans to push into new spaces and grow our product breadth.  All of this would not be possible though without our customers and your support, investment and time.  For that reason, on behalf of the entire Shavlik R&D team, we wish you and your family a safe and Happy Holidays.

Did you know about all these great resources?

One thing that is always hard to keep up with is all the different resources available from a vendor regarding their products.  I started to make a list of all the training and support resources, media feeds, and other sources of information that a Shavlik customer would find valuable and decided to share them in this post.

Support and Training:

  • – Your one stop shop for most everything you will need on the support side.  Has a complete set of links to online video training, online documentation, self help offline activation portal, knowledge base, submit support tickets etc.
  • – Knowledge base with a wealth of self help information.

Content Announcements:

  • Shavlik Content Announcements – The same feed that shows up in the Shavlik Protect home page showing what new updates are available in each content release.  You can subscribe to this feed by email, by RSS
    (, or by following @ShavlikRSS on Twitter.
  • Shavlik Patch Tuesday Webinar – Get more in depth on what comes out on Patch Tuesday.  This webinar discuss all the Microsoft Security Bulletins release with recommendations on what to prioritize.  We also discuss the 3rd Party release around Patch Tuesday, other Security Threats and Advisories, and summarize the release between Patch Tuesdays. Sign up on our webinars page for this and other webinars.

Social Media: To keep up to date on product, security, and other related topics.

Have a great weekend everyone!


A day in the life of a Shavlik Administrator

We recently caught up with Randy Bowman to learn more about how Shavlik helps him in his role as network engineer for the Presbyterian Church of the USA in Louisville, Kentucky.

The Details:

The System: The Presbyterian Church of USA licenses Shavlik for 50 servers with 450 endpoints disbursed in Louisville and Stone Point, New York.

The Team:  Consists of a two member networking team that takes care of the servers and server patching on a monthly basis as well as a team member that administers desktop support.  The desktop team member also takes care of patching the individual computers, which frees up network staff.

Q: Shavlik: What motivated you to look for a security solution?

A: Randy Bowman: About 8 years ago I came on board after some significant staffing changes.  For practical reasons we did not have very much available in the way of documentation.   We had to make up for lost time in our patching and we ended up getting a virus.  The result was that we were down for three days.

Q: Shavlik: How did you come to use Shavlik?

A: Randy Bowman: One thing I took on as legacy software was UpdateEXPERT (Shavlik acquired UpdateEXPERT in 2007). From there it was an easy transition to Shavlik Protect.  We find it makes things a lot simpler for us.  It allows us to patch several servers at one time and patch them in the evening when they are free of traffic.  We have the flexibility to reboot the servers or do them manually. If the server is open we can throw on the patching right then and there and have it reboot.

Q: Shavlik: What made Shavlik so appealing?

A: Randy Bowman: Time savings. Being able to quickly implement the patches and download them when they come on Patch Tuesday is a huge benefit. We usually wait until Friday or wait for a notification from Shavlik saying it’s okay for the patches to be installed. Here we’ve got 50 plus servers.   I can patch half one night and half the next night, and that would be the first patch. Even if it takes two passes to go through and get a server completely patched, it still saves us time. We are patched in less than a week, where before we would have to do some even manually. Patching is a piece of cake really. In comparison to what we’ve had before, it saves us so much time. Another thing is, if there’s an agent that needs to be on the server like if you brought a new server out, even if it’s just a test server, you can open Shavlik and tell it to push the new agent and BOOM it’s done. 

Q: Shavlik: Once you chose to use Shavlik, how long did it take you to get up and running?

A: Randy Bowman: In 2 days we had it going. It actually would have taken 1 day but we were having some separate technical issues with the servers that caused delays.

Q: Shavlik: For this installation, did you have people helping you or was it just plug-and-play?

A: Randy Bowman: It was plug-and-play, more or less. A fellow network engineer did the last upgrade to 9.0. He was on the phone with support and got it done in an hour.

Q: Shavlik: What is your favorite Shavlik feature?

A: Randy Bowman: I like how you can go through and scan the machines in a machine group and it will tell you how many patches are missing. You can run the report and in 5 minutes you’ve got results emailed to you about what patches are missing. When it comes to critical security patches, we sat down years ago and decided this is what we need. It’s easy for Shavlik to go through and look for these and let us know what’s patched and what’s not, and if it’s critical or not.

Shavlik Joins Microsoft System Center Alliance

Shavlik is happy to announce we have joined the Microsoft System Center Alliance Program. By joining the Alliance Program, Shavlik is reaffirming its commitment to customers who use System Center Configuration Manager.

“Shavlik is thrilled to be part of the Microsoft System Center Alliance Program,” said Marshall Smith, Vice President of Partnering and Operations for Shavlik. “We have patched Microsoft and third-party applications since the beginnings of Shavlik, and we plan to continue empowering our customers with our popular SCUPdates, Management Intelligence, and additional Shavlik products that add value for System Center customers.”

“Our membership in the Alliance will help us continue to foster the communication required to shape and refine our products and to meet the needs of our mutual customers.”

Shavlik SCUPdates eliminates the time-consuming task of researching and creating the updates required to patch third-party products via SCCM. After downloading the SCUPdates catalog and importing desired patches into Configuration Manager using System Center Updates Publisher (SCUP), users can manage and deploy third-party updates from within SCCM in the same manner in which they manage Microsoft updates.

“System Center 2012 R2, with its trailblazing functionality, provides a solid foundation for third parties such as Shavlik to build on and add value for customers,” said Brian Hillger, Director, Product Marketing, Microsoft Corporation.

“With SCUPdates, Shavlik is helping customers keep third-party applications patched and secure with consistent accuracy and ease-of-use. Microsoft is pleased to welcome Shavlik into the System Center Alliance.”

Shavlik Management Intelligence extends SCCM data for effective asset management.

Read the full article here to learn more about the Alliance Program as well as how Shavlik can help you extend the capabilities of Configuration Manager.