© 2012 Microsoft Corporation. All rights reserved.

Microsoft Confidential
System Center 2012 Configuration Manager
Concepts & Administration Workshop
Module 3: Configuring System Center 2012 Configuration
Manager Discovery and Deploying Clients

Microsoft Confidential
Conditions and Terms of Use
Microsoft Confidential
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software
is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content
and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether
express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-
infringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft
must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies,
organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association
with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Copyright and Trademarks

© 2012 Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States
and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
 Overview
Discovery overview
Differences in Discovery methods
Delta Discovery
Boundaries and Active Directory Forest Discovery
Boundary Groups in Configuration Manager
Deploying clients

4 Microsoft Confidential
 Objective
In this lesson you will
Learn what System Center 2012 Configuration Manager Discovery
Method is.
Be introduced to the 6 discovery methods.
Gain an understanding of Delta Discovery and it’s uses.
Understand how to use Boundaries and Active Directory Forest
Discovery.
Learn about Boundary Groups.
Understand the different ways you can Deploy Clients.

5 Microsoft Confidential
 Discovery in System Center 2012 Configuration
Manager
What is a Discovery Method?
Configuration Manager uses discovery to add new resources (users
or computers) or information about existing resources (Group or
OU membership) to the Configuration Manager database
There are 6 discovery methods in Configuration Manager:
Active Directory System Discovery
Active Directory User Discovery
Active Directory Group Discovery
Network Discovery
Heartbeat Discovery
Active Directory Forest Discovery

6 Microsoft Confidential
 Active Directory System Discovery
Active Directory System Discovery now supports filtering objects
based upon Active Directory activity, using the following
attributes:
Lastlogontimestamp: Record the last logon timestamp of the computer. It
requires Domain function level >= Windows Server 2003
Pwdlastset: Record the last time when the computer changes its password.
By default Active Directory policy enforces each computer changing
password every 30 days
Can be configured at Primary sites only
Should be tuned to only discover the computers that will be
managed at a primary site
An account can be specified to discover resources. If no account is
specified, the Configuration Manager server account will be used.
This account is required to discover resources in untrusted forests
Delta Discovery is available

7 Microsoft Confidential
 Active Directory User Discovery
Adds Domain user account information to Configuration Manager
By default, Active Directory User Discovery collects:
User name
Unique user name
Active Directory domain
Active Directory container name
Can be configured at Primary sites only
Should be tuned to only discover the users that will be managed
at a Primary site
An account can be specified to discover resources. If no account is
specified the Configuration Manager server account will be used.
This account is required to discover resources in untrusted forests
Delta Discovery is available

8 Microsoft Confidential
 Active Directory Group Discovery
Updates existing client information only. It will not add new
clients to the database
Adds Organizational Unit and Domain information about
Security Groups
Discovers User/Security Group relationships
Discovers System/Security Group relationships
Can be configured at Primary sites only
An account can be specified to discover resources. If no
account is specified the Configuration Manager Server
account will be used. This account is required to discover
resources in untrusted forests
Delta Discovery is available

9 Microsoft Confidential
 Delta Discovery
Enhances the discovery capabilities by discovering only new or
changed resources in Active Directory instead of performing a full
discovery cycle
Discovery can detect changes on Active Directory objects for the
following most common changes:
New computers or users added to AD or to a group
Changes to basic computer and user information
Computers or users that are removed from a group
Changes to System group objects
It is only available with:
Active Directory System Discovery
Active Directory User Discovery
Active Directory Group Discovery
Works with the “Use incremental updates for this collection” option to
add resources to collections faster
No longer need to update collections faster than 1 day in most cases
11 Microsoft Confidential
 Network Discovery
Discovers the following:
NetBIOS name
IP addresses
Resource domain
System roles
SNMP community name
MAC addresses
Can discover resources not joined to the domain but on the network
(workgroup clients). However client push installation may not work
Network Discovery searches your network for IP-enabled resources
by querying Microsoft DHCP servers, Address Resolution Protocol
(ARP) caches in routers, and/or SNMP-enabled devices
Can generate a lot of network traffic
Can generate unmanageable devices (printers and routers) in the
Configuration Manager console

12 Microsoft Confidential
 Heartbeat Discovery
Initiated by an installed client
Keeps client records up to date in Configuration Manager
The only discovery method that returns a client GUID as
part of the discovery record
Is also the only one to dictate whether clients are seen as
installed in the Configuration Manager console
Heartbeat discovery data is used by the "Delete Inactive
Client Discovery Data" and “Clear Install Flag” maintenance
tasks to either delete records from the Configuration
Manager database, or change them to Client=No

14 Microsoft Confidential
Demonstration

15 Microsoft Confidential
 Active Directory Forest Discovery
Active Directory Forest Discovery adds boundaries and not
computer information
Helps to ensure clients correctly assigned to Configuration
Manager sites
Use Active Directory Forest Discovery to do the following:
Discover IP subnets in an Active Directory forest
Discover Active Directory sites in an Active Directory forest
Add the IP subnets and Active Directory sites that are discovered as
boundaries in Configuration Manager
Publish to the Active Directory Domain Services of a forest when
publishing to that forest is enabled, and the specified Active
Directory Forest Account has permissions to that forest

16 Microsoft Confidential
 Boundaries and Boundary Groups
Can be any of the following:
IP range
IP subnet
Active Directory site
IPv6 prefix
Boundary Group for site assignment and/or content
location
Overlapping site boundaries:
Supported for content location
Not supported for site assignments

17 Microsoft Confidential
Demonstration

18 Microsoft Confidential
 Client installation in System Center 2012
Configuration Manager
Client installation Methods
What’s new in Configuration Manager for client
deployment
Planning for and configuring client deployment in
Configuration Manager
Dependencies external to Configuration Manager

19 Microsoft Confidential
 Client Installation
Client Installation Description
Method
Automatically Use this method to automatically upgrade client when it
Upgrade (new) identifies that a client that is assigned to the site is below a
version that you specify.
Client push Use this method to automatically install the client to assigned
installation resources and to manually install the client to resources that are
not assigned
Software update point Used to install the client using the WSUS server configured as
installation the software update point for that site
Group Policy Used to install the client using Windows Group Policy
installation
Logon script Used to install the client by means of a logon script
installation
Manual installation Used to manually install the client software
Upgrade installation Uses Configuration Manager application management to
upgrade Configuration Manager clients to a newer version. You
can also use Configuration Manager 2007 software distribution
to upgrade clients to Configuration Manager and assign it to the
new site
22 Client Imaging Used to pre-stage the client installation in an operating system
Microsoft Confidential
 Automatically Upgrade
Client Installation Advantage
Method
Automatically Upgrade  Can be used to automatically
upgrade client software
 Do not have to worry about any
other manual steps once it’s
enabled and package is
distributed to all DPs.
23 Microsoft Confidential
Disadvantage
 Is intended to be used
alongside other client
installation methods and is not
intended to be the main
method to install or upgrade
the Configuration Manger client
software.
 If you make changes to the
client software on CAS by
adding a hotfix or language
pack, you must redistribute the
program content to all DPs in
the hierarchy. The program for
the installation package is
hidden and you cannot modify
it.
 Client Push Installation
Client Installation Advantage
Method
Client push installation  Can be used to install the client
on a single computer, a collection
of computers
 Can be used to automatically
install the client on discovered
computers
 Automatically uses client
installation properties defined on
the Client tab of the Client Push
Installation Properties dialog box
25 Microsoft Confidential
Disadvantage
 Can cause high network traffic
when pushing to large
collections.
 Can only be used on computers
that have been discovered by
Configuration Manager
 Not supported to install clients
in a workgroup
 A client push installation
account should be specified
which has administrative rights
to the intended client computer
 The Windows firewall must be
configured on client computers
with exceptions to allow client
push installation to complete
 Client Push Installation (continued)
To exclude computers from automatic site-wide client push
• Open Regedit and locate
HKEY_LOCAL_MACHINE/Software/Microsoft/SMS/Components
/SMS_DISCOVERY_DATA_MANAGER
• Double-click the key ExcludeServers to open the Edit Multi-String
window
• In the Edit Multi-String window, specify the NetBIOS name of
each computer that you want to exclude
• Press the Enter key after you type each computer name to ensure
that each computer name appears on a separate line

26 Microsoft Confidential
 Software Update Point Based Installation
Client Installation Advantage
Method
Software update point  Can use your existing
based installation Configuration Manager software
updates infrastructure to manage
the client software
 Can automatically install the client
software on new computers if
WSUS and Active Directory Group
Policy is configured correctly
 Does not require computers to be
discovered before the client can
be installed
 Computers can read client
installation properties that have
been published to Active
Directory Domain Services
 Will reinstall the client software if
it is removed
 No Local administrator account is
required
27 Microsoft Confidential
Disadvantage
 Requires a functioning software
updates infrastructure as a
prerequisite
 Must use the same server for
client installation and software
updates, and this server must
reside in a primary site
 To install new clients, you must
configure an Active Directory
Group Policy object with the
client's active software update
point and port
 If the Active Directory schema is
not extended for Configuration
Manager, you must use Group
Policy to provision computers
with client installation
properties
 Missing prerequisites can cause
client reboots
 Group Policy Installation

Client Installation Advantage Disadvantage

Method
Group Policy  Does not require
installation computers to be
discovered before the client
can be installed
 Can be used for new client
installations or for
upgrades
 Computers can read client
installation properties that
have been published to
Active Directory
 No Admin account is
required
 Can cause high network
traffic if a large number of
clients are being installed
 If the Active Directory
schema is not extended
for Configuration
Manager 2012, you must
use Group Policy to add
client installation
properties to computers
in your site

29 Microsoft Confidential
 Logon Script Installation

Client Installation Advantage Disadvantage

Method
Logon script  Does not require computers to  Can cause high network traffic
installation be discovered before the client if a large number of clients are
can be installed
being installed over a short
 Supports using command line
time period
properties for CCMSetup

30 Microsoft Confidential
 Manual Installation

Client Installation Advantage Disadvantage

Method
Manual  Does not require  No automation, therefore
installation computers to be time consuming
discovered before the client
can be installed
 Can be useful for testing
purposes
 Supports using command
line properties for
CCMSetup

31 Microsoft Confidential
 Manual Installation (continued)
• CCMsetup is used with command line options to control site
assignment and other options
• For example, CCMSetup.exe /mp:SMSMP01 /logon
SMSSITECODE=S01 FSP=SMSFSP01 performs the following
actions:
• Specifies to download installation files from the Management
Point named SMSMP01
• Specifies that installation should stop if any version of the
Configuration Manager client already exists on the computer
• Instructs client.msi to assign the client to the site code S01
• Instructs client.msi to use the Fallback Status Point named
SMSFP01

32 Microsoft Confidential
 Upgrading Client

Client Installation Advantage Disadvantage

Method
Upgrade  Can leverage the features  Can cause high network
installation of Configuration Manager traffic when distributing
to upgrade the client by the client to large
collection, or to a defined collections
timescale
 Supports using command
line properties for
CCMSetup

33 Microsoft Confidential
 Other Client Installation Considerations
OSD imaging
Easily done as part of Configuration Manager OSD
You must remove any computer-specific certificates that are installed on
the master image computer in order to avoid duplicate GUIDS
Configuration Manager clients on workgroup computers
Manual installation and site assignment is usually required
Workgroup clients cannot locate management points from Active
Directory Domain Services, and instead must use DNS or WINS
Clients on the Internet
PKI is required
No support installing a client directly from the Internet-based
management point or from the Internet-based software update point
If possible connect clients to the intranet in order to install the client and
certificates
Client installation binaries are approximately 100 MB
34 Microsoft Confidential
 Client Assignment

Using manual site assignment

Use a client installation property that specifies the site code
In Control Panel\Configuration Manager, specify the site code
  Using automatic site assignment
Based on Boundaries
What’s new in Configuration Manager for site assignment?
For automatic site assignment to succeed with Boundary
information, the Boundary must be configured in a Boundary
Group that is configured for site assignment
Fallback Site Assignment if the client is not in any boundaries
Clients can now download site settings from the Management
Point after they have assigned to the site if they cannot locate
these settings from Active Directory Domain Services

36 Microsoft Confidential
 Lab: Discovery and Client Installation
Scenario
This lab will show you how to set
up site boundaries, configure
discovery, and install clients

Goals
Add Boundaries
Configure Discovery methods
Install the Configuration
Manager client

39 Microsoft Confidential
 Lesson Review
Discovery overview
Differences in Discovery methods
Delta Discovery
Boundaries and Active Directory Forest Discovery
Boundary Groups in Configuration Manager
Deploying clients

40 Microsoft Confidential