microsoft nda confidential configuration manager 2012 how to video series compliance and settings...
TRANSCRIPT
Microsoft NDA Confidential
Microsoft NDA Confidential
Configuration Manager 2012 How To Video Series Compliance and Settings Management Overview(fka DCM)
Onur KocSnr. Program ManagerSystem Center Configuration Manager
Microsoft NDA Confidential
Vision
Provide a unified platform for customers and partners to define, monitor, enforce and report configuration compliance in the enterprise for users across all supported ConfigMgr devices.
Pillars: Simplify administrator experience Embrace “user centric” management Integrate architecture, infrastructure, administrator
experience for all user-centric management disciplines for policy evaluation and rule authoring.
Microsoft NDA Confidential
Investments• Simplify administrator experience
• Deployment of Baselines
• Monitoring Baseline deployment compliance status
• Automatic remediation (aka DCM “set”)
• CI revisioning and audit tracking
• Support for Mobile phones
• Integrated architecture, infra, experience for all user-centric disciplines.
• Migration
Microsoft NDA Confidential
Simplify administrator experience• Role-based administration built in “Compliance Settings Management Role”• Browse gold system when creating configuration items• Simplified Baseline creation experience • Re-use of settings across CI boundary
Microsoft NDA Confidential
Simplify administrator experience• Role-based administration built in “Compliance Settings
Management Role”• Browse gold system when creating configuration items• Simplified Baseline creation experience • Re-use of settings across CI boundaryScenario: Built in Compliance and Settings Management Role.
Microsoft NDA Confidential
Simplify administrator experience• Role-based administration built in “Compliance Settings Management Role”• Browse gold system when creating configuration items• Simplified Baseline creation experience • Re-use of settings across CI boundary
Scenario: Simplify configuration item creation.
Microsoft NDA Confidential
User or Device Targeting Scenario: Deploy configuration policy to users or devices, remediate and report compliance for user or device.Design principal: Did support device targeting in 2007, now with user targeting support aligning with user centric vision.
• New verb is “Deployment” no longer use Assignment term
• Deploy baselines to user or device collections• If deployed to users evaluation options
• Evaluate Baseline on all devices user logs on• Evaluate Baseline on only user’s primary machines
• CIs in Baseline can contain user and device setting• User settings:
• Registry settings stored under HKCU• Script setting: Run discovery and remediation scripts
under user context• CIs with user settings will be evaluated when user
logs on.
Microsoft NDA Confidential
Define compliance SLAs for Baseline deploymentsScenario: Alert admin when target compliance threshold is not met. Design principal: Provide clear alert description and condition not met for each Baseline deployment. Admin can manage alert properties for each BL deployment which is aligned with SWD and SUM.
• Admin can define Target Compliance SLA % at BL Deployment level• Alerts are generated if SLA is not met• Customize alerts properties• Reevaluate alert condition in time in future again.
Microsoft NDA Confidential
In Console Monitoring Scenario: Allow admin to view BL deployment compliance statistics within consoleDesign principal: Show the most important issues admin needs to worry about in priority order within console
• Most common Noncompliant/Errors sorted based on # of devices/users impacted• Deployed to Users vs Device
− If deployed to user collection, asset details is sorted by user− If deployed to device collection, asset detail is sorted by device
• Reports are also available and now includes remediation, conflict and error reporting
Microsoft NDA Confidential
Monitor vs Remediate Monitoring: We still support monitoring for all Configuration Manager
2007 setting providers (Registry Key, Registry Value, File, Folder, Script , WMI, XML…..etc)− Check existence of setting− Check value of setting
Remediation: Only supported for Registry-, wmi- and script-based settings and all mobile phone settings− Create setting if not exist− Set value if not compliant− Run remediation script− Remediate phone settings
Microsoft NDA Confidential
Support for Mobile phonesScenario: Support configuration and compliance management for mobile phonesDesign principal: Unified platform and user experience to define, monitor, enforce and report configuration compliance for users across all supported ConfigMgr devices. Fully integrated authoring, targeting and reporting experience Easily build a CI from built-in common settings or create your
own settings Compliance evaluation off-loaded to server to limit battery and
cpu impact on mobile Support for WM6.1 and WP 6.5.x
Microsoft NDA Confidential
Configuration Item revisioning and audit tracking Scenario: Support change management for configuration itemsDesign principal: Ability to see revisions of configuration item, view who changed what and chose to use specific or latest revision of CIs in Baselines.
Microsoft NDA Confidential
Migration Scenario: Migrate 2007 Config Packs Design principal: Migration and Import support for all 2007 Config Packs to 2012.
Ability to import 2007 CI and Baselines to 2012 environment Migration from 2007 hierarchy to 2012 using migration tool Migration or Import will automatically convert v4 schema to v5
schema