MasteringSystem Center 2012 R2 Configuration Manager

MasteringSystem Center 2012 R2 Configuration Manager

Santos Martinez

Peter Daalmans

Brett Bennett

Acquisitions Editor: Mariann BarsoloDevelopment Editor: Kim WimpsettTechnical Editor: Don BrownProduction Editor: Dassi ZeidelCopy Editor: Linda RecktenwaldEditorial Manager: Pete GaughanVice President and Executive Group Publisher: Richard SwadleyAssociate Publisher: Chris WebbBook Designers: Maureen Forys, Happenstance Type-O-Rama; Judy FungProofreader: Rebecca RiderIndexer: Ted LauxProject Coordinator, Cover: Todd KlemmeCover Designer: WileyCover Image: ©Getty Images, Inc./Thomas Northcutt

Copyright © 2014 by John Wiley & Sons, Inc., Indianapolis, IndianaPublished simultaneously in Canada

ISBN: 978-1-118-82170-1ISBN: 978-1-118-82185-5 (ebk)ISBN: 978-1-118-82173-2 (ebk)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or Web site may provide or recommendations it may make. Further, readers should be aware that Internet Web sites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services or to obtain technical support, please contact our Customer Care Department within the U.S. at (877) 762-2974, outside the U.S. at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2013958294

TRADEMARKS: Wiley and the Sybex logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

10 9 8 7 6 5 4 3 2 1

Dear Reader,

Thank you for choosing Mastering System Center 2012 R2 Configuration Manager. This book is part of a family of premium-quality Sybex books, all of which are written by outstanding authors who combine practical experience with a gift for teaching.

Sybex was founded in 1976. More than 30 years later, we’re still committed to producing consis-tently exceptional books. With each of our titles, we’re working hard to set a new standard for the industry. From the paper we print on, to the authors we work with, our goal is to bring you the best books available.

I hope you see all that reflected in these pages. I’d be very interested to hear your comments and get your feedback on how we’re doing. Feel free to let me know what you think about this or any other Sybex book by sending me an email at contactus@sybex.com. If you think you’ve found a technical error in this book, please visit http://sybex.custhelp.com. Customer feedback is critical to our efforts at Sybex.

Best regards,

Chris WebbAssociate PublisherSybex, an Imprint of Wiley

I dedicate this book to my sister, Yolimar Martinez; it has been three years since you left the physical world, but I know you are in peace and have started a new journey. Also I want to dedicate this book to the following: my wife, Karla, you are my soul mate and I want to grow old with you; to my kids, Bryan and Naomy, I hope this gives you some inspiration one day of what you can possibly achieve, and finally to all my family and friends for their support in my craziness. —Santos Martinez

I dedicate this book to my father; after 15 years, you are still deeply missed. To my mother, for all of your love and support in my life. To my girlfriend, Samantha, and our son, Stef; thanks for putting up with me and for all of your love and support while writing this book.—Peter Daalmans

I dedicate this book to my family and friends, and I greatly appreciate the support you provide. —Brett Bennett

AcknowledgmentsThere are so many people I have to thank. I will start by giving a big thank-you to my wife for supporting me all the time on this special project. I love you for that and many other things. I want to thank my colleagues across Microsoft for their support on this book like crazy; to our technical editor, Don Brown, you have done a great job making this book better and taking it to the next step. To the contributing authors, Kevin Robinson, Carlos Santiago, and Ramon Martinez, thanks for leaving a piece of yourselves in the book.

To my peer authors, Brett Bennett and Peter Daalmans, thanks for staying on the project and giving it your best; I know the readers will enjoy learning from both of you, and I had an amazing experience.

To my friend, Elias Mereb, for always delivering a great elevator pitch on the previous edition of the book; I look forward to hearing your stories on this book, too.

Finally, I want thank the entire ConfigMgr community, who have always been so passionate about the technology and willing to help us improve our writing. Let’s keep the conversation going and going.

—Santos Martinez

Special thanks to my family and friends. I had to balance my time with you with my commitment to writing six chapters for this book. I couldn’t have done this without you guys!

I also want to thank Wiley/Sybex for giving me the opportunity to write this second book. It was again a great pleasure to work with the Wiley team; I’m looking forward to any new project! Also, many thanks to the writing and editorial teams, you all rock!

Furthermore, many thanks to the Configuration Manager product team, who created this great product, and Wally Mead especially, our great and dedicated MVP lead from within the product team. They all give us the opportunity to learn as much as we want about Configuration Manager.

Also special thanks to my employers, Marco and Koos from IT-Concern, for giving me the space to speak at conferences and to be of value to the community.

In 2013 I had the honor to speak at TechEd Australia and TechEd New Zealand; besides Microsoft Australia and Microsoft New Zealand, I would like to thank my fellow Enterprise Client Management MVPs Kent Agerlund and James Bannan for their support Down Under.

Finally, many thanks to the Configuration Manager community and in particular all my fel-low Enterprise Client Management MVPs; thanks for your support.

—Peter Daalmans

I would like to thank my wife, Rosalie, and my children, Brittany, Jamie, and Justin, for the support they have provided me in my career. I would also like to thank Microsoft Corporation, both as my employer for the past 7 years and for the amazing products they develop that have kept me gainfully employed for the past 25 years. I would like to thank the co-authors, review-ers, and the entire team at Sybex/Wiley who helped put this book together.

—Brett Bennett

About the AuthorsSantos Martinez was born in Caguas, Puerto Rico, in 1982, and grew up in Caguas. Santos has more than 12 years of experience in the IT industry. He has worked on major implementations and in support of ConfigMgr and SMS migrations for financial institutions in the United States and Puerto Rico. Santos was a senior Configuration Manager engineer for a Fortune 500 finan-cial institution and an IT consultant before joining Microsoft. For the Fortune 500 company, he helped with the implementation and support of more than 200 ConfigMgr servers and the support of more than 165 clients worldwide. After completing this project he did IT consulting work for many other corporations that were implementing ConfigMgr.

Santos was a SQL Server MVP from 2005 to 2009 and then a ConfigMgr MVP from 2009 to 2011. He is well-known in the Microsoft LATAM communities as a mentor for other MVPs and for helping other IT community members. He has also participated in Microsoft Tech Ed and Microsoft MMS as a technical expert for SMS/ConfigMgr. Santos is also a former Puerto Rican martial arts champion and currently holds a fourth-degree black belt in TaiFu Shoi Karate Do.

Santos and Karla, a pastry chef, have been married for 11 years and have two kids, Bryan Emir and Naomy Arwen.

Santos currently is a senior premier field engineer for Microsoft in the eastern region of the United States.

You can get in touch with Santos via his Twitter account @ConfigNinja or his blog http://aka.ms/ConfigNinja.

Peter Daalmans is a senior technical consultant at IT-Concern, a Gold Certified Microsoft Partner in the Netherlands. Peter was named an Enterprise Client MVP in 2012 and 2013 for his work in the community. Peter has worked with deployment tooling from Microsoft competitors since 1998; in 2005 Peter discovered BDD and SMS 2003 deployment tooling and has embraced them ever since. In recent years numerous international deployment projects have crossed Peter’s path.

Peter is one of the founders of the Windows Management User Group Netherlands and shares his Configuration Manager and Windows Intune experience with the community via his blog (http://ConfigMgrBlog.com).

Besides speaking at the Windows Management User Group Netherlands, a couple of times a year Peter speaks at conferences like TechDays Netherlands and Experts Live, and in 2013 Peter had the opportunity to speak at TechEd Australia and TechEd New Zealand.

Peter resides in Breda, in the south of the Netherlands, with his girlfriend, Samantha, and his son, Stef. In addition to his daily work, he is the chairman of the NAC Museum Foundation, which preserves the history of the soccer club NAC Breda. Australia is also a huge passion; he travels Down Under whenever he gets the chance to sniff the outback and the Aussie lifestyle.

You can reach Peter via @pdaalmans and peter@ConfigMgrBlog.com.

Brett Bennett is a senior premier field engineer at Microsoft and has been working with SMS/ConfigMgr since SMS 1.0. Brett lives in Texas with his wife, Rosalie, and has three children. His daughter, Brittany, and his two sons, Jamie and Justin, all attend Texas A&M University in College Station (GIG ’EM!). Rosalie recently graduated from Texas A&M University-Commerce with a bachelor of science in history, and will soon fulfill her dream of becoming a high school history teacher. The Bennetts have three dogs: two black labs (Yogi and Boo Boo) and a golden retriever (Reeses) and also a granddog (Rue). Brett’s hobbies include playing guitar, learning to play banjo, cycling, tinkering with his Dodge Challenger, and watching movies in his home theater.

About the Contributing AuthorsCarlos Santiago is a senior premier field engineer at Microsoft. He has been working with Systems Management Server/Configuration Manager since version 1.0. He moved from Puerto Rico to Texas in 1992 and lives with his two sons, Christian and Zachary. Christian is a sopho-more studying aerospace engineering at the University of Texas in Arlington, and Zachary can’t wait to be in high school next year. The family enjoys the company of Crystal, a miniature Schnauzer dog, and Maximus, an Egyptian Mau cat. Carlos volunteers part of his free time to the Boy Scouts of America. Carlos’s hobbies include electronics, shooting sports, photography, and camping.

Ramon Martinez is a premier field engineer at Microsoft and has been working with SMS/ConfigMgr since SMS 1.1. Ramon lives in Toronto, Ontario, Canada, with his abundant Latin family, including Sonia, Ramsoni, Natali, and Iris. All of his daughters have completed a higher education program. Natali graduated with honors and received a Canadian Broadcasting Corporation (CBC) Journalism award. Ramon’s family also includes a dog pet. Ramon’s hob-bies include dancing salsa, bachata, merengue, and reaggeaton as well as alpine skiing. And of course Ramon is highly passionate about Spanish League Soccer. Ramon follows La Liga de Futbol, especially Real Madrid Club de Futbol.

Kevin Robinson is a senior premier field engineer at Microsoft and was formerly an Exin-certified ITIL service manager. He has also served as a principle service engineer in Microsoft’s BPOS cloud service operations team. His lovely wife of 33 years, Patrice, and Kevin reside in Charlotte, North Carolina, where they enjoy travel, food, and entertaining friends and family. They are the proud parents of three sons, Myles, Dexter, and Jordan, who all attended North Carolina universities, along with their daughters-in-law Tiffany and Vanessa. Most recently Kevin and Patrice were blessed with their first grandchild, a precious little girl named Zoe Sanaa.

Contents at a Glance

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxiii

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

. . . . . . . . . . . . . . . . . . 21

. . . . . . . . . . . . . . . . . . . . . . . . . . 65

. . . . . . . . . . . . . . . . . . . . . . . . . . 121

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 827

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 861

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883

ContentsIntroduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxiii

. . . . . . . . . . . . . . . . . . . . . . . .1Understanding IT Service Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

Exploring the IT Infrastructure Library . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2Select ITIL Functions and Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Exploring the Microsoft Operations Framework. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9Select MOF Service Management Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10

Overview of System Center Configuration Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12Configuration Manager Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12

Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

. . . . . . . .21Gathering Deployment Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Determining What You Need to Accomplish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22Describing the Network. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23Describing Your Migration Needs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23

Planning the Configuration Manager Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24Extending the Active Directory Schema. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37Hierarchies and Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38Site Boundaries and Boundary Groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44Site System Roles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45Best Practices for Site System Design. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47SQL Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49Site Communications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50Site Security Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Discovery of Your Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51Client Settings and Client Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Content Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52Role-Based Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56

Designing Your Configuration Manager Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . 56Planning the Configuration Manager Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58Planning Configuration Manager Site Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Planning Configuration Manager Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59Determining How to Deploy Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . 60Building a Proof-of-Concept Environment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

| CONTENTS

. . . . . . . . . . . . . . .65Introducing Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66Migration Functionality in Configuration Manager 2012 . . . . . . . . . . . . . . . . . . . . . . . . . 67

Source Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67Data-Gathering Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Migration Job Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68Objects Not Supported for Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79Distribution Point Sharing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79

Planning a Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80Preparing Your Migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81Planning Your Migration Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81

Performing the Migration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Using the Side-by-Side Migration Strategy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83Using the Wipe-and-Load Strategy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Upgrading the Configuration Manager Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100Post-Migration or Installation Considerations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101

Migrating Packages to the New Application Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103What Is Package Conversion Manager? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103The Conversion Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104The Conversion Process Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109Package Conversion Manager Best Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110Monitoring Conversion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110

Migrating Branch Offices with the Physical-to-Virtual Migration Toolkit . . . . . . . . . . 111Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112P2V Migration Scenario . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112The Task Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113Steps for Using the Configuration Manager 2012 P2V Migration Toolkit . . . . . . . . 113

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120

. . . . . . . . . . . . . . . 121Understanding Configuration Manager 2012 R2 Site Types . . . . . . . . . . . . . . . . . . . . . . 122Implementing Site Servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125

Software Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125Implementing a Central Administration Site. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127Implementing a Primary Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136Implementing a Secondary Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 140Verifying Proper Site Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147Troubleshooting a Configuration Manager 2012 R2 Site Installation. . . . . . . . . . . . 154Unattended Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157

Installing Site System Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160Understanding Configuration Manager 2012 R2 Site System Roles . . . . . . . . . . . . . . . 163

Component Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165Distribution Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165Management Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178Site Database Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183Site Server. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184Site System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184System Health Validator Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184State Migration Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

CONTENTS |

Fallback Status Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189Out of Band Service Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191Reporting Services Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193Application Catalog Web Service Point and Application

Catalog Website Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195Enrollment Point and Enrollment Proxy Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199Software Update Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203Endpoint Protection Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209Asset Intelligence Synchronization Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213Windows Azure Integration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

Management Certificate for Site Server to Distribution Point Communication . . . 215Creating a Cloud Distribution Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215

Creating and Exporting the Management Certificate. . . . . . . . . . . . . . . . . . . . . . . . . 216Creating the Service Certificate Template. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219Requesting and Exporting the Service Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . 220Uploading the Management Certificate to Windows Azure . . . . . . . . . . . . . . . . . . . 222Creating the Cloud Distribution Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222Configure Name Resolution for Cloud-based Distribution Points. . . . . . . . . . . . . . 225

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227Creating Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227

Supported Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232Discovering Network Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234

Active Directory Discovery Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235Configuring Boundaries and Boundary Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244Client Installation Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247

Command-Line Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247Manually Installing the Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252Client Push. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Software Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257Software Distribution. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Logon Script Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258Installing Linux/Unix Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259Installing a Mac Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Verifying Client Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 265Troubleshooting a Client Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Ensuring Client Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266

Automatic Client Remediation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266Determining Client Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267Monitoring Client Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Configuring Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268Automatic Client Upgrade. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 270

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271

| CONTENTS

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273Understanding the Client Health Mechanism . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273

Scheduled Task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 274CCMEval Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279

Client Health Evaluation: Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 283Configuring Client Health. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284Monitoring: Client Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286Alert: Client Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291What’s New in Application Deployment? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291

Distribution Point Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293Applications: Application References . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 296

Dependencies for Application Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Management Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Distribution Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299Default Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300

Elements of Application Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308Deployment Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310

The Application Deployment Process. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310Create Application Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311Creating an Application with PowerShell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314Options for Application Deployment: the Ribbon . . . . . . . . . . . . . . . . . . . . . . . . . . . 314Exploring the Sample Application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319Exploring the Deployment Type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323Create Deployment Wizard. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333Application Deployment—Client Experience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339Application Deployment—Advanced Configurations . . . . . . . . . . . . . . . . . . . . . . . . 343User Device Affinity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355Troubleshooting Application Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 358

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 361

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363What’s New in Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364Prerequisites for Software Updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 366Elements of Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367

Software Update Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 367Software Updates Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368Software Updates Metadata . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368Software Update Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369Software Update Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 369Software Update Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371Deployment Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 371

CONTENTS |

Deployment Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 372Deployments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373Automatic Deployment Rules. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 374System Center Updates Publisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376

The Software Update Process in Configuration Manager. . . . . . . . . . . . . . . . . . . . . . . . 376Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 376Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378

Planning to Use Software Updates in Configuration Manager . . . . . . . . . . . . . . . . . . . 380Determining What Needs to Be Accomplished. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380Role-Based Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393System Center Updates Publisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394Testing in an Isolated Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395

Configuring Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396Configuring the Software Updates Client Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396Installing Windows Server Update Services 3.0 Server . . . . . . . . . . . . . . . . . . . . . . . 398Installing the Windows Server Update Services 3.0 SP2

Administrative Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402Setting Up the Software Update Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 402Configuring Software Updates Settings and Synchronization. . . . . . . . . . . . . . . . . 414Synchronizing Updates with Export and Import . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418

Preparing Software Updates for Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419Finding the Software Updates to Be Deployed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 420Downloading Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 424Creating a Software Update Group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 427

Deploying Software Updates with the Deploy Software Updates Wizard . . . . . . . . . 427Using System Center Updates Publisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436

Installing System Center Updates Publisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436Configuring System Center Updates Publisher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 436Using System Center Updates Publisher. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 438Third-Party Updates in Configuration Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443

Monitoring Software Update Deployments. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445In-Console Monitoring. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 448

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450

. . . . . . . . . . . . . . . . . . . . . . 451What’s New in Operating System Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451Planning for OSD with Configuration Manager 2012 . . . . . . . . . . . . . . . . . . . . . . . . . . . 452

Deployment Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452The Kind of Images to Deploy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452Operating System Deployment Components. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453User Device Affinity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459

Deployment Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460Prepare for Operating System Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460Build and Capture an Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460Deploy an Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460

| CONTENTS

Preparing Configuration Manager 2012 for Operating System Deployment. . . . . . . . 461Configuring the Network Access Account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 461Configuring the State Migration Point Role . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 462Configuring PXE on Distribution Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464Distributing the Boot Image Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466Enabling Boot Images for PXE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 467

Adding Operating System Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 468Developing a Task Sequence for Creating a Capture Image. . . . . . . . . . . . . . . . . . . . . . 471

Task Sequences Used with PXE Boot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 471Task Sequences Used with Media Boot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 475

Capturing an Operating System Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477Building and Capturing Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477Capturing a Reference Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 480

Deploying an Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482Adding a Captured Image. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 482Distributing and Deploying the Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483Developing a Task Sequence for Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 483Deploying the Task Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487

Deploying the Operating System on Bare Metal. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492Importing Computer Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 492Creating a Task Sequence for the Bare-Metal OSD . . . . . . . . . . . . . . . . . . . . . . . . . . . 493Deploying the Bare-Metal Task Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494

Installing Device Drivers into OSD. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 497Using User Device Affinity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 500

Manually Configure a Primary User for a Device. . . . . . . . . . . . . . . . . . . . . . . . . . . . 500Manually Configure a Primary Device for a User . . . . . . . . . . . . . . . . . . . . . . . . . . . 501Configure a Site to Automatically Create User Device Affinities . . . . . . . . . . . . . . . 501Import User Device Affinities. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502Enable Users to Configure Their Primary Device . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503Pre-deploy User Applications. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503

Deploying Windows To Go . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504Creating a Prestaged Media for the Task Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . 504Creating a Windows To Go Creator Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506Update the Task Sequence to Enable BitLocker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 507Running the Windows To Go Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509

Microsoft Deployment Toolkit 2013 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510Installing Microsoft Deployment Toolkit 2013. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 510Integrating the Deployment Toolkit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511Creating a New Boot Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512Creating a Deployment Toolkit Task Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513Using a Replace Scenario. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515

Deploying a Virtual Hard Drive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516Creating a VHD Task Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516Creating a Virtual Hard Disk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517Managing the Virtual Hard Disk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519

Servicing Your Operating System Images and VHDs Offline . . . . . . . . . . . . . . . . . . . . 520Support for Legacy Boot Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522Maintaining the User State. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525

CONTENTS |

. . . . . . . . . . . . . . . . . . . . 527Inventory in Configuration Manager 2012. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527

Collecting Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528Collecting Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533Using Resource Explorer to View Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535Scheduling Inventory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 536Configuring Inventory. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537Configuring Software Inventory for a Configuration Manager Site . . . . . . . . . . . . 542Troubleshooting Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550

Software Metering in Configuration Manager 2012. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553Overview of Software Metering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553Configuring Software Metering. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 553

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563Requirements for Asset Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563

Client Agent Prerequisites. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564Maintenance Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564Windows Ekvent Log Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565

Elements of Asset Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566Asset Intelligence Catalog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 566Asset Intelligence Validation States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 568Asset Intelligence Synchronization Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569The Asset Intelligence Home Page. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 569Asset Intelligence Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 571

Configuring Asset Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575Enabling Asset Intelligence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575

Import Software License into Asset Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 578Importing Software License Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 579Creating the Microsoft Volume License Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . 579Creating the General License Statement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583Installing SQL Server Reporting Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584

Considerations for Installing SQL Server Reporting Services . . . . . . . . . . . . . . . . . 585Installation of the Reporting Services Site System . . . . . . . . . . . . . . . . . . . . . . . . . . . 586Default Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590

Running a Report. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593Viewing Available Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593Running a Report from the Administrative Console . . . . . . . . . . . . . . . . . . . . . . . . . 593Running a Report from Report Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594

Working with Reporting Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596Permissions Required to Run Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 596

Managing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601Working with Subscriptions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 609

Creating Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 611Basic SQL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612

XX | CONTENTS

Report Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613Creating a Report Using Report Builder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 613Creating a Report Using Business Intelligence Development Studio . . . . . . . . . . . 616Moving Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619Linked Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619

Importing and Exporting Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620Importing Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620Exporting Reports. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623Overview of Compliance Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623

What’s New in Configuration Manager 2012 R2? . . . . . . . . . . . . . . . . . . . . . . . . . . . . 624What Can You Do with Compliance Settings?. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625Configuration Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625

Configuring Compliance Settings Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 627Creating Configuration Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 628

Name, Description, and Category . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 629Choosing a Detection Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 631Creating and Validating a Setting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632

Building a Configuration Baseline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639Creating the Initial Baseline . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639Baseline Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 640Assigning the Configuration Baseline to Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643Additional Configuration Baseline Options. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644Client Validation of Compliance Baseline Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644

Compliance Settings Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646Importing Configuration Packs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647User Data and Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650Remote Connection Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 654Company Resource Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 656

Certificate Profiles. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 656VPN Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660Wi-Fi Profiles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 668

. . . . . . . . . . . . . . . . . . 669Differences between FEP and SCEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669Additional Benefits of SCEP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 670

Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 670Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 670Monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 672Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 672

Endpoint Protection Site System Role. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 672Endpoint Protection Client Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675Endpoint Protection Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679

Antimalware Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679

CONTENTS |

Windows Firewall Policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685Assigning Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687

Definition Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687Alerts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 690Reporting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 693

Client Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 694The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699

. . . . . . . . . . . . . . . . . . . . . . . . .What’s New in Mobile Device Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701Mobile Device Management Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 702

Lite Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705Depth Management via Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 715Depth Management via Windows Intune . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728

Managing Mobile Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742Device Settings Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742Wipe vs. Selective Wipe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769

Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 771The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772

. . . . . . . . . . . . . . . . . . . . . . . . . 773Overview of Role-Based Administration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773

Using Security Roles and Security Scopes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774Managing with Flat Hierarchies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774

Security Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774Security Scopes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778

Creating a Custom Security Scope. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 779Assigning Resources to a Security Scope . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 781Viewing Security Scope Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 783

Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784Using Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784Understanding the Default Collections. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785

Administrative Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785RBA Viewer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797Planning for Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 797

What Is Not Included in the Backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 798Backing Up Configuration Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801

Backup Considerations for the Central Administration Site . . . . . . . . . . . . . . . . . . . 801Copying Site Backups to Another Location . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 802Archiving the Backup Snapshot to Another Server with AfterBackup.bat . . . . . . . . 802Windows Application Log Entries Created by the Backup Process . . . . . . . . . . . . . 804Configuring the Backup ConfigMgr Site Server Maintenance Task. . . . . . . . . . . . . 805

Restoring Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807Understanding the Effects of a Site Failure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 808Recovering a Configuration Manager Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809

| CONTENTS

Recovering Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811How to Start a Recovery Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811Recovering a Central Administration Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811Recovering a Primary Child Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817Recovering a Primary Standalone Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 817Recovering a Secondary Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818Recovery Scenarios for Multisite Environments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818

Unattended Recovery of a Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818Other Site Maintenance Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819

The Hierarchy Maintenance Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819Post-Recovery Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 821

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 824

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 827Creating the Maintenance Plan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 827Using Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 832

Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 832Status Messages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 837

Troubleshooting Configuration Manager Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . 845Troubleshooting Configuration Manager Database Replication . . . . . . . . . . . . . . . . . . 845

Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847DRS Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 848

Additional Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852Server-Based Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852Client-Based Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 856

The Bottom Line . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 860

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 861Chapter 2: Planning a Configuration Manager Infrastructure. . . . . . . . . . . . . . . . . . . . 861Chapter 3: Migrating to Configuration Manager 2012 . . . . . . . . . . . . . . . . . . . . . . . . . . . 862Chapter 4: Installation and Site Role Configuration. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 865Chapter 5: Cloud Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867Chapter 6: Client Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 867Chapter 7: Client Health . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 869Chapter 8: Application Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 869Chapter 9: Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 870Chapter 10: Operating System Deployment. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 871Chapter 11: Inventory and Software Metering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 872Chapter 12: Asset Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873Chapter 13: Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 874Chapter 14: Compliance Settings. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875Chapter 15: System Center Endpoint Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877Chapter 16: Mobile Device Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 878Chapter 17: Role-Based Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 879Chapter 18: Disaster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 880Chapter 19: Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 881

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 883

Introduction

The Microsoft System Center product group has completed one of the most successful management products of all time. This group of people works very hard to ensure the product meets the highest standards and is always looking for feedback about it.

This book is written by a group of individuals who have endured the growing pains of this product, some even from day one, and who have even helped Microsoft improve Configuration Manager with countless hours of real-world use and testing.

Welcome to Mastering System Center 2012 R2 Configuration Manager. We have provided information for you to become a master in the System Center 2012 R2 Configuration Manager product; you will get the knowledge that is needed to unlock ConfigMgr 2012 R2 to its full potential.

The Mastering SeriesThe Mastering series from Sybex provides outstanding instruction for readers with intermediate and advanced skills in the form of top-notch training and development for those already working in their field and provides clear, serious education for those aspiring to become pros. Every Mastering book includes the following:

◆ Real-world scenarios, ranging from case studies to interviews that show how the tool, technique, or knowledge presented is applied in actual practice

◆ Skill-based instruction, with chapters organized around real tasks rather than abstract concepts or subjects

◆ Self-review questions, so you can be certain you’re equipped to do the job right

What This Book CoversMastering System Center 2012 R2 Configuration Manager covers Microsoft’s System Center 2012 R2 Configuration Manager. We detail the changes to Configuration Manager since 2007.

These new features include, but are not limited to, the following:

◆ A completely new mechanism for content distribution — focusing on the needs of the user while retaining the ability to distribute to systems as well

◆ A user self-service catalog for content deployment

◆ Updates to software update management and operating system deployment

XXIV | INTRODUCTION

◆ The ability to manage mobile devices, including Windows Phone, iPhones, iPads, Android, and more

◆ A robust alerting mechanism

◆ A redesigned infrastructure to increase scale and reduce complexity

◆ The ability to manage profiles with Compliance Settings

◆ Integration with the cloud, using Windows Azure and Intune

What You Need to Get the Most Out of This BookTo be able to follow the step-by-step instructions in this book, it is recommended that you have a minimum of Windows Server 2008 R2 x64 and SQL Server 2008 R2 with all the applicable updates installed; read more on this subject in Chapter 2. Also, make sure you have the media for Configuration Manager 2012 R2, because we will go through installing this software in the first few chapters. Your computer also needs an Internet connection so you can download updates in various parts of the installation process. Evaluation versions of any of this software are fine for our purposes.

How We Structured This BookTo help you understand the features of Configuration Manager, we have structured this book to match the names of features as they are listed in the Configuration Manager administrative console wherever possible, with a few exceptions.

Chapter 1, “Overview of Service Management,” covers general management concepts, such as ITIL and MOF, and how System Center 2012 R2 Configuration Manager supports those concepts.

Chapter 2, “Planning a Configuration Manager Infrastructure,” covers site roles, how they are lever-aged, and their application in your enterprise.

Chapter 3, “Migrating to Configuration Manager 2012,” covers the process of moving from ConfigMgr 2007 to ConfigMgr 2012 and from one ConfigMgr 2012 installation to another ConfigMgr 2012 installa-tion. Discussions include planning the migration, using the new migration tool, and more.

Chapter 4, “Installation and Site Role Configuration,” covers the details of site role installation, configu-ration, and troubleshooting.

Chapter 5, “Cloud Integration,” covers the integration of ConfigMgr 2012 R2 with Windows Azure and Intune to manage your devices or BYOD.

Chapter 6, “Client Installation,” covers client installation aspects in relation to Configuration Manager 2012, such as the various installation methods found within Configuration Manager 2012.

Chapter 7, “Client Health,” covers the new mechanism ConfigMgr 2012 uses to help ensure clients remain healthy.

Chapter 8, “Application Deployment,” provides a comprehensive look at planning, configuring, and using the new application deployment model in ConfigMgr 2012, including elements such as deploy-ments, deployment types, dependencies, rules, and relationships.

INTRODUCTION | XXV

Chapter 9, “Software Updates,” gives you a step-by-step guide of this completely redesigned feature that is now based on Windows Server Update Services.

Chapter 10, “Operating System Deployment,” gives you an in-depth look at how Configuration Manager 2012 allows an administrator to deploy a single operating system to multiple types of machines.

Chapter 11, “Inventory and Software Metering,” focuses on the heart of Configuration Management Server 2012, one of the core features that most other features tie into.

Chapter 12, “Asset Intelligence,” covers the mechanism ConfigMgr 2012 uses for tracking assets, including hardware, software, and licensing.

Chapter 13, “Reporting,” discusses probably the most used aspect of Configuration Manager by users outside the IT department. It gives other users the ability to report on various parts of Configuration Manager.

Chapter 14, “Compliance Settings,” offers an in-depth look at setting up a predefined level of standards for all your devices and how Configuration Manager 2012 will ensure your clients are maintained at that standard.

Chapter 15, “System Center Endpoint Protection,” details the use of ConfigMgr to manage malware protection throughout the computing environment.

Chapter 16, “Mobile Device Management,” gives you an inside look at mobile devices and how Configuration Manager 2012 can manage these types of devices.

Chapter 17, “Role-Based Administration,” covers the new approach to security in ConfigMgr 2012. Role-based security is used to assign the access needed for specific job functions.

Chapter 18, “Disaster Recovery,” provides the information necessary to protect your Configuration Manager databases by backing them up properly so that you can use those backups to recover from a disaster if it strikes.

Chapter 19, “Troubleshooting,” shows how to ensure your Configuration Manager 2012 environment stays healthy and gives you a baseline of where and what to look for if problems arise.

ErrataWe have done our best to make sure that the content in this book is as accurate as possible at the time it was written. If you discover any mistakes that we have missed in the editing process, please let us know at http://sybex.custhelp.com so we can address them in future versions of this book.

Chapter 1

Overview of Service ManagementSystem Center 2012 R2 Configuration Manager (SCCM), like the previous versions of the product, plays an important role in service management in the information technology (IT) world. As IT professionals, we are not responsible for every task required to accomplish a key business activity in our environments. However, we are an important piece of the IT service management process. IT is in the business of providing key capabilities, called services, to enable the business functions to achieve the goals of the business. This is one of the many reasons to leverage the Microsoft Operations Framework (MOF) or the IT Infrastructure Library (ITIL) to optimize your IT investment and realize business value.

The idea behind MOF and ITIL is to align IT with the business goals by breaking down silos between IT departments with the ultimate goal of service excellence. Numerous groups fall under the IT department tag, but we often see many of them acting as separate departments rather than as one cohesive unit. Desktop support, application developers, server support, storage administrators, and so on are all members of IT, but they are not always as unified as they should be when delivering quality IT services. Often they lack clarity about who owns each component in the ultimate delivery of the IT service.

System Center 2012 R2 Configuration Manager was built with MOF and ITIL in mind, so we will start the book by describing these two frameworks and how they are central to the mission of the Microsoft System Center family of products. System Center Configuration Manager, or ConfigMgr, is much more than just a mechanism to deploy software. In this chapter, you will learn how we define IT service management and how MOF and ITIL can be the foundation for defining service management in your organization’s services throughout the entire lifecycle of those services. You will also learn about how all of the Microsoft System Center products map to service management and the new features of ConfigMgr.

Understanding IT Service ManagementThe IT Infrastructure Library and the Microsoft Operations Framework were introduced as a way to deliver consistent IT service management (ITSM). Some of the key objectives of ITSM are as follows:

◆ To align IT services with current and future needs of the business and its customers

◆ To improve the quality of IT services delivered

◆ To reduce the long-term cost of service provisioning

2 | CHAPTER 1 OVERVIEW OF SERVICE MANAGEMENT

Think of ITSM as a conduit between the business and the technology that helps run the business. Without a proper conduit in place, one cannot function properly without the other. ITSM is about people, process, and technology, not solely about software products. Although the goals of MOF and ITIL are primarily the same, there are many differences in their implementation. We will discuss both approaches. For a direct cross reference between the two frameworks, download Microsoft’s white paper (“Cross-Reference ITIL® V3 and MOF 4.0”) for free at http://www.best-management-practice.com/gempdf/cross_ref_itilv3_mof4.pdf.

Exploring the IT Infrastructure LibraryITIL at its core is a collection of IT industry best practices organized around a model called the Service Lifecycle. ITIL was first authored in the 1980s and 1990s under the direction of the Central Computer and Telecommunications Agency (CCTA), which became the Office of Government Commerce (OGC) of the United Kingdom. In its current version, ITIL V3 is owned and administered by a joint venture between the UK’s Cabinet Office and Capita, plc. If you’re interested in these IT best practices, as well as how the Microsoft System Center family of products fits into these processes, you will find the rest of this chapter very interesting. There is also a great blog on the subject by Andrew Fryer (http://blogs.technet.com/b/andrew/archive/2012/01/09/itil-and-system-center-2012.aspx). Our focus is on the processes and functions central to ConfigMgr’s solutions.

If you start researching ITIL, you will find that it is a series of books describing an approach to IT service management. If you really want to get cozy with ITIL, be prepared to spend a lot of time reading. The Service Lifecycle consists of five components, each a volume of the ITIL V3 core books:

◆ ITIL Service Strategy

◆ ITIL Service Design

◆ ITIL Service Transition

◆ ITIL Service Operation

◆ ITIL Continual Service Improvement

There is much more to ITIL than just the books, however. ITIL as a whole includes the books, certification-accredited trainers and examination institutes, ITIL consultants, white papers, and ITIL-based training and user groups (like itSMF, the IT Service Management Forum). The scope of ITIL is far beyond what will be described in this chapter, so what you will want to take away is where the features provided by ConfigMgr intersect with ITIL. Table 1.1 maps ITIL V3 against Microsoft’s System Center 2012 product line. Note the designations of SCCM fall into two phases: Service Transition and Service Operation. More specifically, the processes of Change Management, Service Asset, Configuration Management, and Release and Deployment Management fall under Service Transition, and the functions of IT Operations Management and Application Management fall under Service Operation.

The interrelations of all of these processes and functions will become more and more evident the more deeply we discuss the features of ConfigMgr and how it supports these processes and functions within ITIL.