support for write filter enabled devices in configmgr 2012 sp1 why maintenance windows matter...
Post on 16-Dec-2015
220 Views
Preview:
TRANSCRIPT
Managing Embedded Devices with Microsoft System Center 2012 SP1Hema Rajalakshmi
WCA-B326
AgendaSupport for write filter enabled devices in ConfigMgr 2012 SP1 Why Maintenance Windows MatterPersistence Other Improvements in SP1 and SP1+Questions and Feedback
GROWTH OF EMBEDDED DEVICES
PCs/SLATES PHONES EMBEDDED DEVICES
100’s MillionsIDC, Gartner
BillionsIDC, Consumer
Electronics Association
10’s BillionsVDC market reach, IDC
Updating the OEM embedded device/image
Write Filters are used to help maintain embedded devices
Embedded devices are widely varied vs. PCs/Servers
CHALLENGES MANAGING EMBEDDED DEVICES
Identifying Windows Embedded devices in ConfigMgr
Embedded devices OS are customized vs. the homogeneous OS in PCs/Servers
WINDOWS EMBEDDED DEVICE MANAGERWhat’s in the box?
Server installer Client installer
FunctionalityDevice Manager 2011
SP1 (For ConfigMgr 2007)
ConfigMgr 2012 SP1
Software Distribution
Software Updates
Compliance
Collections
Device Imaging
Legend
Full support
Partial support
Not available
What is supported in SP1?CM 2012 SP1 capabilities extended
Thin ClientsPOSDigital SignageKiosksThin PCs
Manage additional devicesAdditional software not required
Supported Embedded Operating Systems
Thin Clients
POS / Kiosk
Digital Signage
Repurposed PC
Windows XP
Embedded
Windows Embedde
d Standard
2009
Windows Embedde
dStandard
7
Windows XP
Embedded
Windows Embedde
d Standard
2009
Windows Embedde
dStandard
7
POS Ready 2009
POS Ready 7
Windows Embedde
d Standard
2009
Windows Embedde
dStandard
7
Windows Thin PC
System Center 2012 SP1 Embedded Management Capability OverviewOperating System Deployment
Software Update ManagementApplication Management
Settings/Configuration Management
Monitoring/Reporting
Uses Windows ADK
Endpoint Protection On-Premise- x86/64- Intel SoC
Cloud- Windows Phone- Windows RT
Single Pane of Glass
OS Servicing
Win32 / Windows 8
Baselines
Health/Compliance
Antimalware
Native Support for Key Embedded Scenarios in SP1Write filter orchestrationMaintenance windowsOpportunistic and forced persistenceSCEP client installationSCEP updatesNo additional software/license
Write Filters and Overlays
Why Maintenance Windows Matter
ASAP
Without a Maintenance Window
Get deployment noticeDownload contentReboot immediately to disable WFContent gone; re-downloadInstall contentReboot to enable WF
With a Maintenance Window
Get deployment noticeWaits for maintenance windowMaintenance window arrivesDisables WF; rebootsDownloads contentInstall contents; reboots
With Persistence
Translation: I want to commit this change ASAP, so do the write filter thing at the deadline, or, better yet, at the maintenance window
Without Persistence
Translation: Just put it in the overlay. When another deployment comes along with persistence, we’ll commit the change then.
What can be forced to persist?These have a forced persistence optionApplicationsPackages & programsSoftware UpdatesTask sequences
These are persisted opportunisticallyClient agent settingsSettings management (aka DCM set)Power management
One More Persistence Issue
? ! ? ! ?
First inventory dataDelta data
With File Based Write Filters
First inventory dataDelta data
Windows Embedded 8 - Write FiltersWindows Embedded 8 StandardWindows Embedded 8 Industry
Functionality UWF EWF FBWFFile/folder exclusions Yes No YesRegistry key exclusions Yes No* No*Sector-based filtering Yes Yes NoSupports HORM Yes No NoRAM-based overlay Yes Yes YesProviders for Windows Management Instrumentation (WMI) version 2 Yes No NoDisk-backed overlay Yes No NoCommit volume No Yes NoCommit file Yes No Yes
*You can use Registry Filter to make registry entries on volumes protected with EWF or FBWF persistent
Supported Write FiltersFile Based Write Filters (FBWF)Redirects all writes targeted for protected volumes to overlayFolder/file exclusions can be used
Enhanced Write Filters (EWF) RAMStores overlay information in RAMInformation on overlay discarded on reboot
Unified Write Filters (UWF)Sector-based write filter to protect storage mediaUse Hibernate Once/Resume Many (HORM) or file and registry filtering exclusionsServicing mode via the UWF WMI providerELM outside of Configuration Manager
Management Capabilities OverviewWindows Embedded 8 Standard with Write Filter enabled
Management Capability Write Filter Awareness Maintenance Windows + Policy
OS Deployment X
Software Update Management X
Application Management X
Setting Configuration Management X
Monitoring / Reporting X X
Endpoint Protection X
Example – Software Update (with FBWF)Admin selects the updates to installAdmin selects the option to force persist the changesAdmin selects target devices and pushes updatesWrite filter orchestration happensUpdate applied
Example – Software Update (with UWF)Admin creates task sequenceAdmin selects task sequence and deploysDevices are updated
ELM to manage UWF deviceSnap-in to MMCELM detects the type(s) of write filter installedUses WMI to detect and change config settings
ImprovementsOperating System Deployment Improvements
“Apply operating system” “SMSTSPostAction”
Discovery ImprovementsWrite filter capable now identified in
Discovery Data Record
Client Side ImprovementsNon-admins cannot log on while device is being serviced
Software Center blocks installation if write filters are enabledUsers cannot change their business hoursUsers cannot postpone deployments to non-business hours
Write Filter considerationsSettings management not write filter awareManual write filter handlingOpportunistic persistence during maintenance window
Windows 8 applications registered during user loginFor fewer applications, re-registerAdmin to login to finalize app registration
Endpoint ProtectionSCEP installs will persist through the supported write filtersUpdates come frequently Write filter exceptions allow definition updates to persistCan be manually set or defined in a module
New setting for Endpoint Protection client installation
Best PracticesUse maintenance windowsMake sure your max run time fits inside the maintenance window
Plan for persistenceMake deployments “required” instead of “available”Use File Based Write FiltersConfigure these exceptions to persist state and inventory data CCMINSTALLDIR\*.sdfCCMINSTALLDIR\ServiceDataHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\StateSystem
Use WMI provider to manage other filters
Appendix - Exclusions for SCEPRegistry:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Microsoft Antimalware
Folders:%ProgramData%\Microsoft\Microsoft Antimalware\Definition Updates\%ProgramData%\Microsoft\Microsoft Antimalware\Scans\%ProgramData%\Microsoft\Microsoft Antimalware\Support\%ProgramFiles%\Microsoft Security Client\
Files:%Windir%\Windowsupdate.log%Windir%\Temp\MpCmdRun.log%SystemRoot%\ServiceProfiles\LocalService\AppData\Local\Temp\MpCmdRun*.log%SystemRoot%\ServiceProfiles\NetworkService\AppData\Local\Temp\MpCmdRun*.log
Thank you!
Q&A
Windows Track ResourcesWindows Enterprise: windows.com/enterprise
Windows Springboard: windows.com/ITpro
Microsoft Desktop Optimization Package (MDOP): microsoft.com/mdop
Desktop Virtualization (DV): microsoft.com/dv
Windows To Go: microsoft.com/windows/wtg
Outlook.com: tryoutlook.com
msdn
Resources for Developers
http://microsoft.com/msdn
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
TechNet
Resources
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Resources for IT Professionals
http://microsoft.com/technet
System Center 2012 Configuration Managerhttp://technet.microsoft.com/en-us/evalcenter/hh667640.aspx?wt.mc_id=TEC_105_1_33
Windows Intunehttp://www.microsoft.com/en-us/windows/windowsintune/try-and-buy
Windows Server 2012 http://www.microsoft.com/en-us/server-cloud/windows-server
Windows Server 2012 VDI and Remote Desktop Serviceshttp://technet.microsoft.com/en-us/evalcenter/hh670538.aspx?ocid=&wt.mc_id=TEC_108_1_33
http://www.microsoft.com/en-us/server-cloud/windows-server/virtual-desktop-infrastructure.aspx
More Resources:microsoft.com/workstylemicrosoft.com/server-cloud/user-device-management
For More Information
Complete an evaluation on CommNet and enter to win!
Evaluate this session
Scan this QR code to evaluate this session and be automatically entered in a drawing to win a prize
© 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
top related