© 2012 microsoft corporation. all rights reserved
TRANSCRIPT
© 2012 Microsoft Corporation. All rights reserved.
System Center 2012 Configuration Manager Concepts & Administration
Module 1: Introduction to System Center 2012 Configuration Manager
Premier Field Engineer
Microsoft
Your Name
Conditions and Terms of Use
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-infringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content athttp://www.microsoft.com/about/legal/permissions/
Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Copyright and Trademarks © 2012 Microsoft Corporation. All rights reserved.
Overview
Introduction to main features of Configuration ManagerProvide a general understanding of the productThis workshop focuses on a subset of the available Configuration Manager featuresRemaining features are covered by other workshops
4
Objective
This module will introduce new Configuration Manager features and major changes from the previous version (Configuration Manager 2007)After completing this module you will be able to:
Identify the main features of Configuration Manager and their functionalityIdentify which workshops are focused on the topics not covered by this delivery
5
What is Configuration Manager?
Part of the System Center 2012 suiteEnterprise class system configuration and management toolIncreases IT productivity by reducing manual tasksProvides effective management of your assetsUtilizes your existing Microsoft technologies and solutions
6
Configuration Manager Console
The System Center UIWorkspaces and Ribbon SearchProvider
8
System Center UI
No more Microsoft Management ConsoleUses the System Center UI Framework for common look and feel across all System Center 2012 products
Main point of administrationUsed to configure sites, clients, and to run/monitor management tasks
Launch secondary consoles (Resource Explorer, Remote control, Out of Band Management)
Can be installed on additional servers and workstationsAccess can be restricted
Administrators see only the objects they are allowed to see
Temporary nodes for easier navigation9
Workspaces and Ribbon
Everything is placed under one of four workspaces:AdministrationSoftware LibraryMonitoringAssets and Compliance
The ribbon provides context sensitive access to settings and features
10
Search
A special search tab is present on the ribbon
11
Search
Use of temporary nodes in the navigation pane These are automatically created and selected as a result of actions that you take and that do not display after you close the console
12
Provider
Maps Classes and Instances to Tables and Rows in the databaseMultiple providers for a single site for either load balancing or redundancy
Not intended for high availability scenarios
Implements role based securityProvider can be installed by running setup
13
Sites and Hierarchy
Central Administration site (CAS)Must be installed first in a hierarchy
Note : This is Pre-SP1 Requirement. With SP1, CAS can be added later if needed
Only supports one level of child Primary sites
Primary siteStandalone for smaller deploymentsRequires CAS to join a hierarchy
Secondary siteExtends a Primary siteMainly used to compensate for slow network connections
14
One per hierarchy
Max. 25
Max. 250 per Primary site
Sites and Hierarchy
Standalone single Primary site for smaller deployments
Install Primary site firstCannot be added to a hierarchy laterSupports Secondary sites
15
Comparison of Configuration Manager 2007 and Configuration Manager hierarchy
Configuration Manager 2007 hierarchyPrimary sites can be moved around the hierarchyPrimary sites can be nestedA Primary site is needed to facilitate different client agent settings or as a security boundary
Configuration Manager hierarchyA CAS is needed for a hierarchyFlat hierarchy with only one level of Primary sitesClient agent settings are managed through custom settings applied to Collections
16
Configuration Manager uses Site System roles to support different management operations at each site Each Site Server can host different Site System rolesSite System role can be installed on the Site Server or on another server to manage performance
Site System servers and Site System roles
1717
Site System Servers and Site System Roles
One Site Server or System can host roles for one siteSome site system roles are automatically installed and assigned to the server on which Configuration Manager Setup has run
An example of these site system roles is the Site Server roleCannot transfer these roles to another server or remove without uninstalling the site
Some roles no longer exist but have been added to other roles to make them more capable like for e.g.,
PXE Service Point is now a function of a PXE-Enabled DPSLP is now part of Management Point Site system Role
18
Site System rolesSite server
A site server is the computer on which you run Configuration Manager Setup and it provides the core functionality for the site
Site database serverA site database server hosts the SQL Server database to store information about assets and site data
Component server A component server runs Configuration Manager services and is automatically installed with all site systems except the Distribution Point
Management point (MP)A Management Point provides policy and content location information to clients. It also receives configuration data from clients
Distribution Point (DP)Contains source files for clients to download, such as application content, software packages, software updates, OS and boot images. You can control content distribution by using bandwidth throttling and scheduling options
Reporting Services Point (RSP)Integrates with SQL Server Reporting Services to create and manage reports for Configuration Manager
19
Site System roles (continued)State Migration Point (SMP)
The SMP stores user state data when a computer is migrated to a new operating system
Software Update Point (SUP)A SUP integrates with Windows Server Update Services (WSUS) to provide software updates to Configuration Manager clients
System Health Validator Point (SHV)The SHV validates Configuration Manager Network Access Protection (NAP) policies. It must be installed on a NAP Health Policy server
Fallback Status Point (FSP)FSP helps you monitor client installation and identify the clients that are unmanaged because they cannot communicate with their management point
Out of Band Service Point (OOB)OOB service point provisions and configures AMT-based computers for out of band management
Endpoint Protection PointAn Endpoint Protection Point accept the Endpoint Protection license terms and configures the default membership for Microsoft Active Protection Service.
20
Site System rolesAsset Intelligence synchronization point
An AI synchronization point connects to System Center Online to download Asset Intelligence catalog information and upload uncategorized titles so that they can be considered for future inclusion in the catalog
Application Catalog Web Service PointAn Application Catalog Web Service Point provides software information to the Application Catalog website from the Software Library
Application Catalog Website PointAn Application Catalog website point provides users with a list of available software
Enrollment Proxy PointAn Enrollment proxy point manages enrollment requests from mobile devices so that they can be managed by Configuration Manager
Enrollment PointAn Enrollment Point uses PKI certificates to complete mobile device enrollment and provision AMT-based computers
21
Site System role placement
22
Role CAS Child Primary site
Standalone Primary site
Secondary site
Scope
Application Catalog web service point No Yes Yes No Hierarchy
Application Catalog website point No Yes Yes No Hierarchy
Asset Intelligence synchronization point(1)
Yes No Yes No Hierarchy
Distribution point (2,3) No Yes Yes Yes Site
Fallback status point No Yes Yes No Hierarchy
Management point (2,3,5) No Yes Yes Yes Site
Endpoint Protection point Yes No Yes No Hierarchy
Enrollment point No Yes Yes No Site
Enrollment proxy point No Yes Yes No Site
Out of band service point No Yes Yes No Site
Reporting services point (2) Yes Yes Yes No Hierarchy
Software update point (4,6) Yes Yes Yes Yes Site
State migration point (2) No Yes Yes Yes Site
System Health Validator point (2) Yes Yes Yes No Hierarchy
Site Boundaries
Boundary Is a network location on intranetDefined once per hierarchyNeeds to be part of a Boundary Group for site assignment
Boundary can be any of the followingIP rangeIP subnetAD siteIPv6 prefix
23
Boundary Groups
Site AssignmentClients join site based on boundary group containing client‘s current network locationOverlapping is not supported for site assignmentFallback Site –New feature added so clients that don’t belong to any of the site boundaries/boundary groups will be assigned to Fallback Site. This is completely different than Fallback Status Point
Content locationAssociate DPs and SMPs with one or more boundary groupsOverlapping is permitted for content location (DP, SMP)Network speed is defined for each DP in a boundary group
24
Comparison of Configuration Manager 2007 and Configuration Manager boundaries
Configuration Manager 2007 boundariesBoundaries are site specificOverlapping is not supportedNetwork speed is set per boundary
Configuration Manager boundariesBoundaries are no longer site specificBoundary Groups must be used for site assignmentOverlapping is permitted for content locationNetwork speed is set per DP
25
Clients and Client Health
Discovering clientsInstalling clientsMonitoring clients
26
Discovering Clients
What is a Discovery Method?Configuration Manager uses Discovery to add new resources (users or computers) or information about existing resources (group or OU membership) to the Configuration Manager database
Currently there are 6 discovery methods in Configuration Manager
27
Discovering Clients (continued)
Delta DiscoveryEnhances the discovery capabilities by discovering only new or changed resources in AD instead of performing a full discovery cycleDiscovery can detect the following new resource types:
Computer objectsUser objectsSecurity group objects
It is only available for the following discovery methods:Active Directory System DiscoveryActive Directory User DiscoveryActive Directory Group Discovery
28
Comparison of Configuration Manager 2007 to Configuration Manager Discovery
Configuration Manager 2007 DiscoveryDiscovery Data Records (DDRs) are processed at each site in hierarchy (child -> parent -> central)Discovery information is not shared
Configuration Manager DiscoveryEach DDR is processed only once at CAS or a Primary SiteDiscovery information is global dataNew method: Active Directory Forest DiscoveryNo more System Group or Security Group Discovery(replaced by AD Group Discovery)Stale computers can be filtered outDelta Discovery is improved
29
Client Installation
30
Client Installation Method
Description
Automatic Client Upgrade
Clients can now be automatically upgraded. Refer to the link under Notes.
Upgrade installation
Uses Configuration Manager application management to upgrade clients to a newer version. You can also use Configuration Manager 2007 software distribution to upgrade clients to Configuration Manager.
Client push installation
Use this method to automatically install the client to assigned resources and to manually install the client to resources that are not assigned.
Software update point installation
Used to install the client using the Configuration Manager software updates feature.
Group Policy installation
Used to install the client using Windows Group Policy.
Logon script installation
Used to install the client by means of a logon script.
Manual installation
Used to manually install the client software.
Client Imaging Used to pre-stage the client installation in an operating system image.
Client AssignmentManual Site Assignment
Use a client installation property that specifies the site codeIn Control Panel\Configuration Manager, specify the site code
Automatic Site Assignment Based on Boundaries
What’s New in Configuration Manager for Site Assignment?
For automatic site assignment a Boundary must be configured in a Boundary Group that is configured for site assignmentYou can specify a fallback site for the hierarchy if the client’s network location is not in a Boundary GroupClients can now download site settings from the Management Point after they have been assigned to the site
31
Client Status
Client Status is a built-in feature of Configuration ManagerAdministrators can be alerted to potential client health issuesClients conduct a daily self checkAuto-remediate dependencies Reports and trending
32
InventoryHardware Inventory
Queries WMI for hardware dataCan be customized per site or per collectionCustomize HW Inventory without manually editing SMS_DEF.MOF files as it no longer exist.
Software InventoryScans hard drives for file typesCan also collect copies of files during inventory cycleCan be customized per Site or per Collection
33
Asset Intelligence (AI)
Asset Intelligence lets you inventory and manage software license usage by using the Asset Intelligence catalogUses AI Synchronization Point to download catalog60+ reports2 new Maintenance Tasks
Check Application title with Inventory informationSummarize installed software data
34
Software Metering
Monitor and collect software usage data from Configuration Manager clientsYou can view the data via Collections, Queries or ReportsMetering rules can be created manuallyor automatically
35
Remote Control
Use Remote Control to remotely administer, provide assistance, or view any client computer in the hierarchyThree ways to connect:
Remote ControlRemote DesktopRemote Assistance
New FeaturesPass CTRL+ALT+DEL to clientDisable client mouse and keyboard during Remote Control sessionsRemote Tools are configured in the Default Client Settings or in Custom Device Settings linked to a CollectionStart Remote Control Viewer from a command line
36
Role Based Administration
New security model that simplifies administrationSecurity RolesSecurity ScopesCollections
37
Collections
Collections represent logical groupings or resources either users or devices (not both in a single collection)Sub collections are no longer used and they are replaced with foldersAdded new functionality - Include and exclude collection rules Collection limiting – All collections must be limited to another collectionConfiguration Manager uses WMI query language to retrieve data from the database to populate Collections and QueriesContain resources from all sites in the hierarchyCan be restricted using RBA
38
Comparison of Collections in Configuration Manager 2007 to Configuration Manager
Configuration Manager 2007 Collections:Collections can hold User and Computer resourcesUse of subcollections
Configuration Manager Collections:Collections can hold user or computer resources, not bothSubcollections are no longer usedInclude and exclude rulesUse RBA scopes to limit accessCollection limitingImport to Collections
39
Application Management
Switch to user-centric from system-centric management
Manage Applications, not setup scriptsThink "User first"Define User Device Affinity (UDA)
Application CatalogA website that allows users to browse for and request softwareRequires Application Catalog role
Software CenterInstalled with the Configuration Manager clientUsers run this from the Start menu to request software
41
Software Updates Management
Auto Deployment Rules (i.e. similar to auto approval method in WSUS)Provides administrators with tools to track and apply software updates to client computersBuilds on WSUS 3.0 SP2Only the top site synchronizes with Windows Updates on the internetEach site can have one active SUP (With CM 2012 SP1, a site can have multiple active SUP’s)
42
Operating System Deployment (OSD)Provides administrators with the tools for creating OS images and deploy them to managed or unmanaged computersDeployment can be done using bootable media (USB, CD, DVD) or PXE network bootUses Windows Imaging Format (WIM) files that contain the OSOperating system deployment provides the following functionality:
Operating system image capture/deploymentUser state migration by using the User State Migration ToolOperating system image deploymentTask sequences provide the mechanism for performing multiple steps or tasks on a computer at the command-line level without requiring user intervention
44
Operating System Deployment (continued)
Apply Windows Update by using Component-Based Servicing (CBS) to update the WIM file rather than recreating itUse of same Task Sequence to deploy OS to computers anywhere in the hierarchyCapture/Restore User State supports new features from USMT 4.0CMTrace is now added to all boot imagesTS media wizard can be suppressed during OS installation when using media
45
Endpoint ProtectionEndpoint Protection in Configuration Manager
System Center 2012 Endpoint Protection is integrated with Configuration ManagerConfigured as a Configuration Manager Role
Capabilities of Endpoint ProtectionConfigure antimalware policies and Windows Firewall settingsUse Software Updates to download the latest antimalware definition files to keep clients up-to-dateStay updated on client status via email notifications, in-console monitoring, and reports
Endpoint Protection clientInstalls in addition to Configuration Manager clientMalware and Spyware detection and remediationRootkit detection and remediationCritical vulnerability assessment and automatic definition and engine updatesNetwork vulnerability detection via Network Inspection SystemIntegration with Microsoft Active Protection Services
46
Reporting
Reporting helps you gather, organize and present information about users, hardware and software inventory, software updates, applications, site status, and other Configuration Manager operations in your organizationOver 400 predefined reportsRequires:
SQL Server Reporting Services (SSRS)Reporting Services Point installed on SSRS
The “classic” Reporting Point has been removed
47
Compliance Settings
DCM is now called Compliance SettingsCompliance settings contains tools to help you to assess the compliance of users and client devices with regard to a number of configurationsCompliance Settings objects:
Configuration ItemsConfiguration Baselines
Assign Configuration Baselines to CollectionsAutomatic remediation for some settingsUse Configuration Manager Monitoring features
48
Internet-Based Clients Management (IBCM)
Internet-based client management lets you manage Configuration Manager clients when they are not connected to your corporate network but have a standard Internet connectionClients and Site Servers used for IBCM must use PKISome features are not supportedInternet-based clients on the Internet first try to download any required software updates from Microsoft Update
49
Mobile Device ManagementYou can deploy Configuration Manager clients on supported mobile devicesClient installation requires PKI certificates on the mobile devicesWith installed Configuration Manager client you can manage:
Hardware inventorySoftware installationSettings
Supported OS:Windows Mobile 6.1, 6.5Nokia Symbian Belle (SR1)
Supported Legacy Client OS:Windows Mobile 6.0Windows CE 5.0, 6.0, 7.0
50
Mobile Device Management (continued)
For devices with no client you can use the Configuration Manager Exchange Connector for light managementExchange Connector :
Retrieve limited inventory informationDefine settings (limited to Exchange ActiveSync policies)Issue wipe commandsBlock the device from Exchange Server
Supported Exchange Server versions:• Exchange Server 2010 SP1• Exchange Online
51
Backup and Recovery
Backup TaskGenerally the same tasks from Configuration Manager 2007
Maintenance Task location differs in Configuration Manager
Scheduling, SmsBkup.ctl file and AfterBackup.bat remain the same
RecoveryRecovery from the install media / Setup WizardGranular level of recoveryLeverage SQL Server Replication
52
Migrating from Configuration Manager 2007
No upgrade to Configuration ManagerMigration functionality is built into the Configuration Manager Administration ConsoleUse migration jobs to configure the specific data that you want to migrate and manage the migration of this data
53
Other features
Network Access Protection (NAP)Application Virtualization (App-V)Power Management
54
What’s new in SP1?
Support Windows 8 and Windows To GoSupport Windows Server 2012 on Site Servers, Site Systems and clientsSupport SQL Server 2012 for the Configuration Manager database.Support for clients on Mac computers, and on Linux and UNIX serversSupport for User-owned mobile devices that run Windows Phone 8, Windows RT, iOS, and Android with Windows Intune organizational account.
55
What’s new in SP1? (Continued)
Supports Windows 8 features, such as metered Internet connections and Always On Always Connected Folder redirection, offline files, and roaming profiles. You can configure new deployment types for Windows 8 applications, which support stand-alone applications and links to the Windows Store Windows PowerShell cmdlets are available to automate Configuration Manager operations by using Windows PowerShell scripts
56
What’s new in SP1?
Support for cloud services, including a new distribution point for Windows Azure.Support for multiple software update points for a site to provide. Client notification to initiate some client operations from the Configuration Manager console, Support for virtual environments that allow share file system and registry information instead an isolated space.Email alert subscriptions are now supported for all features, not just Endpoint Protection
57
Configuration Manager Workshops
58
Title Modules
Configuration Manager Migration and Application Workshop
New features and changes
Design and roles
Preparing for migration
Migration
Application Management
Large migration scenario
Configuration Manager Workshops
59
Title Feature
Configuration Manager Operating System Deployment
Overview, Concepts, and Architecture
Windows PE
PXE and Multicast
OSD Boot Scenarios
Image Capture
PXE and Multicast
Task Sequences
Driver Management
USMT
Deployments
Offline Image Management
Troubleshooting and Advanced Customization
MDT Integration
Module Review
What are some of the benefits of using System Center 2012 in your business?
What are some of the new features of the Configuration Management Console?
How can Configuration Manager help you with employees who are using multiple devices in a variety of locations?
60
Module Summary
In this Lesson, you learned:About Configuration Manager featuresAbout additional Configuration Manager courses to broaden your knowledge
61