Professional Documents
Culture Documents
Your Name
Microsoft
Conditions and Terms of Use
Microsoft Confidential
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software
is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content
and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether
express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-
infringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft
must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies,
organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association
with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.
4
Objective
This module will introduce new Configuration Manager
features and major changes from the previous version
(Configuration Manager 2007)
After completing this module you will be able to:
Identify the main features of Configuration Manager and their
functionality
Identify which workshops are focused on the topics not covered by
this delivery
5
What is Configuration Manager?
Part of the System Center 2012 suite
Enterprise class system configuration and management
tool
Increases IT productivity by reducing manual tasks
Provides effective management of your assets
Utilizes your existing Microsoft technologies and solutions
6
Pillars of Configuration Manager
Embrace user-centric management
• Allow the administrator to think users first
• Give the end user a fitting user experience to find/install software
• Allow the user to define their relationship to applications
8
Configuration Manager Console
The System Center UI
Workspaces and Ribbon
Search
Provider
10
System Center UI
No more Microsoft Management Console
Uses the System Center UI Framework for common look and feel
across all System Center 2012 products
Main point of administration
Used to configure sites, clients, and to run/monitor
management tasks
Launch secondary consoles
(Resource Explorer, Remote control, Out of Band Management)
Can be installed on additional servers and workstations
Access can be restricted
Administrators see only the objects they are allowed to see
Temporary nodes for easier navigation
11
Workspaces and Ribbon
Everything is placed under one of four workspaces:
Administration
Software Library
Monitoring
Assets and Compliance
12
Search
A special search tab is present on the ribbon
13
Search
Use of temporary nodes in the navigation pane
These are automatically created and selected as a result of actions
that you take and that do not display after you close the console
14
Provider
Maps Classes and Instances to Tables and Rows in the
database
Multiple providers for a single site for either load balancing
or redundancy
Not intended for high availability scenarios
Implements role based security
Provider can be installed by running setup
15
Sites and Hierarchy
Central Administration site (CAS)
One per
Must be installed first in a hierarchy hierarchy
Only supports one level of child Primary sites
Primary site
Standalone for smaller deployments Max. 25
Requires CAS to join a hierarchy
Secondary site
Extends a Primary site
Mainly used to compensate
for slow network connections Max. 250 per Primary site
16
Sites and Hierarchy
Standalone single Primary site for smaller deployments
Install Primary site first
Cannot be added to a hierarchy later
Supports Secondary sites
17
Comparison of Configuration Manager 2007 and
Configuration Manager hierarchy
Configuration Manager 2007 hierarchy
Primary sites can be moved around the hierarchy
Primary sites can be nested
A Primary site is needed to facilitate different client agent settings
or as a security boundary
Configuration Manager hierarchy
A CAS is needed for a hierarchy
Flat hierarchy with only one level of Primary sites
Client agent settings are managed through custom settings applied
to Collections
18
Site System servers and Site System roles
Configuration Manager uses Site System roles to support
different management operations at each site
Each Site Server can host different Site System roles
Site System role can be installed on the Site Server or on another
server to manage performance
19 Microsoft Confidential
Site System Servers and Site System Roles
One Site Server or System can host roles for one site
Some site system roles are automatically installed and
assigned to the server on which Configuration Manager
Setup has run
An example of these site system roles is the Site Server role
Cannot transfer these roles to another server or remove without
uninstalling the site
Some roles no longer exist but have been added to other
roles to make them more capable
e.g. PXE Service Point is now a function of a PXE-Enabled DP
20
Site System roles
Site server
A site server is the computer on which you run Configuration Manager Setup and
it provides the core functionality for the site
Site database server
A site database server hosts the SQL Server database to store information about
assets and site data
Component server
A component server runs Configuration Manager services and is automatically
installed with all site systems except the Distribution Point
Management point (MP)
A Management Point provides policy and content location information to clients.
It also receives configuration data from clients
Distribution Point (DP)
Contains source files for clients to download, such as application content, software
packages, software updates, OS and boot images.
You can control content distribution by using bandwidth throttling and scheduling
options
21
Site System roles (continued)
Reporting Services Point (RSP)
Integrates with SQL Server Reporting Services to create and manage reports for
Configuration Manager
State Migration Point (SMP)
The SMP stores user state data when a computer is migrated to a new operating system
Software Update Point (SUP)
A SUP integrates with Windows Server Update Services (WSUS) to provide software
updates to Configuration Manager clients
System Health Validator Point (SHV)
The SHV validates Configuration Manager Network Access Protection (NAP) policies. It
must be installed on a NAP Health Policy server
Fallback Status Point (FSP)
FSP helps you monitor client installation and identify the clients that are unmanaged
because they cannot communicate with their management point
Out of Band Service Point (OOB)
OOB service point provisions and configures AMT-based computers for out of band
management
22
Site System roles
Asset Intelligence synchronization point
An AI synchronization point connects to System Center Online to download
Asset Intelligence catalog information and upload uncategorized titles so that
they can be considered for future inclusion in the catalog
Application Catalog Web Service Point
An Application Catalog Web Service Point provides software information to
the Application Catalog website from the Software Library
Application Catalog Website Point
An Application Catalog website point provides users with a list of available
software
Enrollment Proxy Point
An Enrollment proxy point manages enrollment requests from mobile devices
so that they can be managed by Configuration Manager
Enrollment Point
An Enrollment Point uses PKI certificates to complete mobile device
enrollment and provision AMT-based computers
23
Site System role placement
Role CAS Child Primary Standalone Secondary Scope
site Primary site site
24
Site Boundaries
Boundary
Is a network location on intranet
Defined once per hierarchy
Needs to be part of a Boundary Group for site assignment
25
Boundary Groups
Site Assignment
Clients join site based on boundary group containing client‘s
current network location
Overlapping is not supported for site assignment
Fallback Site –New feature added so clients that don’t belong to
any of the site boundaries/boundary groups will be assigned to
Fallback Site. This is completely different than Fallback Status Point
Content location
Associate DPs and SMPs with one or more boundary groups
Overlapping is permitted for content location (DP, SMP)
Network speed is defined for each DP in a boundary group
26
Comparison of Configuration Manager 2007 and
Configuration Manager boundaries
Configuration Manager 2007 boundaries
Boundaries are site specific
Overlapping is not supported
Network speed is set per boundary
27
Clients and Client Health
Discovering clients
Installing clients
Monitoring clients
28
Discovering Clients
What is a Discovery Method?
Configuration Manager uses Discovery to add new resources (users
or computers) or information about existing resources (group or
OU membership) to the Configuration Manager database
Currently there are 6 discovery methods in Configuration
Manager
29
Discovering Clients (continued)
Delta Discovery
Enhances the discovery capabilities by discovering only new or
changed resources in AD instead of performing a full discovery
cycle
Discovery can detect the following new resource types:
Computer objects
User objects
Security group objects
It is only available for the following discovery methods:
Active Directory System Discovery
Active Directory User Discovery
Active Directory Group Discovery
30 Microsoft Confidential
Comparison of Configuration Manager 2007 to
Configuration Manager Discovery
Configuration Manager 2007 Discovery
Discovery Data Records (DDRs) are processed at each site in
hierarchy (child -> parent -> central)
Discovery information is not shared
31
Client Installation
Client Installation Description
Method
Automatic Client Clients can now be automatically upgraded. Refer to the link under
Upgrade Notes.
Upgrade installation Uses Configuration Manager application management to upgrade clients
to a newer version. You can also use Configuration Manager 2007
software distribution to upgrade clients to Configuration Manager.
Client push Use this method to automatically install the client to assigned resources
installation and to manually install the client to resources that are not assigned.
Software update Used to install the client using the Configuration Manager software
point installation updates feature.
Group Policy Used to install the client using Windows Group Policy.
installation
Logon script Used to install the client by means of a logon script.
installation
Manual installation Used to manually install the client software.
Client Imaging Used to pre-stage the client installation in an operating system image.
32
Client Assignment
Manual Site Assignment
Use a client installation property that specifies the site code
In Control Panel\Configuration Manager, specify the site code
Automatic Site Assignment
Based on Boundaries
What’s New in Configuration Manager for Site Assignment?
For automatic site assignment a Boundary must be configured in a
Boundary Group that is configured for site assignment
You can specify a fallback site for the hierarchy if the client’s
network location is not in a Boundary Group
Clients can now download site settings from the Management
Point after they have been assigned to the site
33 Microsoft Confidential
Client Status
Client Status is a built-in feature of Configuration Manager
Administrators can be alerted to potential client health
issues
Clients conduct
a daily self check
Auto-remediate
dependencies
Reports
and trending
34
Inventory
Hardware Inventory
Queries WMI for hardware
data
Can be customized per site or
per collection
Customize HW Inventory
without manually editing
.MOF files as they no longer
exist.
Software Inventory
Scans hard drives for file
types
Can also collect copies of files
during inventory cycle
Can be customized per Site or
per Collection
35
Asset Intelligence (AI)
Asset Intelligence lets you
inventory and manage
software license usage by
using the Asset Intelligence
catalog
Uses AI Synchronization
Point to download catalog
60+ reports
2 new Maintenance Tasks
Check Application title with
Inventory information
Summarize installed
software data
36
Software Metering
Monitor and collect software usage data from
Configuration Manager clients
You can view the
data via Collections,
Queries or Reports
Metering rules can
be created manually
or automatically
37
Remote Control
Use Remote Control to remotely administer, provide
assistance, or view any client computer in the hierarchy
Three ways to connect:
Remote Control
Remote Desktop
Remote Assistance
New Features
Pass CTRL+ALT+DEL to client
Disable client mouse and keyboard during Remote Control sessions
Remote Tools are configured in the Default Client Settings or in
Custom Device Settings linked to a Collection
Start Remote Control Viewer from a command line
38
Role Based Administration
New security model that simplifies administration
Security Roles
Security Scopes
Collections
39
Collections
Collections represent logical groupings or resources either
users or devices (not both in a single collection)
Sub collections are no longer used and they are replaced
with folders
Added new functionality - Include and exclude collection
rules
Collection limiting – All collections must be limited to
another collection
Configuration Manager uses WMI query language to
retrieve data from the database to populate Collections and
Queries
Contain resources from all sites in the hierarchy
Can be restricted using RBA
40 Microsoft Confidential
Comparison of Collections in Configuration Manager
2007 to Configuration Manager
Configuration Manager 2007 Collections:
Collections can hold User and Computer resources
Use of subcollections
41
System-centric Versus User-centric Management
Systems Management of Today
• Targeted at the device
• Explicit and action-based
• Software deployment
• Optimized for systems management
inside the firewall
• Optimized for tight IT control, minimal
end user involvement
42
Application Management
Switch to user-centric from system-centric management
Manage Applications, not setup scripts
Think "User first"
Define User Device Affinity (UDA)
Application Catalog
A website that allows users to browse for and request software
Requires Application Catalog role
Software Center
Installed with the Configuration Manager client
Users run this from the Start menu to request software
43
Software Updates Management
Auto Deployment Rules (i.e. similar to auto
approval method in WSUS)
Provides administrators with tools to track and
apply software updates to client computers
Builds on WSUS 3.0 SP2
Only the top site synchronizes with Windows
Updates on the internet
Each site can have one active SUP
44 Microsoft Confidential
Software Updates Management
Main features:
Superseded update support
SUM admin role (with RBA)
Client agent settings
Software update groups
Automated deployments
End user experience
Content library and cleanup
Migration from Configuration Manager 2007
Maintenance windows
Selective download of binaries
Wake On LAN
Internet-based client support
45 Microsoft Confidential
Operating System Deployment (OSD)
Provides administrators with the tools for creating OS images
and deploy them to managed or unmanaged computers
Deployment can be done using bootable media (USB, CD,
DVD) or PXE network boot
Uses Windows Imaging Format (WIM) files that contain the OS
Operating system deployment provides the following
functionality:
Operating system image capture/deployment
User state migration by using the User State Migration Tool
Operating system image deployment
Task sequences provide the mechanism for performing multiple steps
or tasks on a computer at the command-line level without requiring
user intervention
47
Operating System Deployment (continued)
Apply Windows Update by using Component-Based
Servicing (CBS) to update the WIM file rather than
recreating it
Use of same Task Sequence to deploy OS to computers
anywhere in the hierarchy
Capture/Restore User State supports new features from
USMT 4.0
CMTrace is now added to all boot images
TS media wizard can be suppressed during OS installation
when using media
48
Endpoint Protection
Endpoint Protection in Configuration Manager
System Center 2012 Endpoint Protection is integrated with Configuration Manager
Configured as a Configuration Manager Role
49 Microsoft Confidential
Reporting
Reporting helps you gather, organize and present
information about users, hardware and software inventory,
software updates, applications, site status, and other
Configuration Manager operations in your organization
Over 400 predefined reports
Requires:
SQL Server Reporting Services (SSRS)
Reporting Services Point installed on SSRS
The “classic” Reporting Point has been removed
50
Compliance Settings
DCM is now called Compliance Settings
Compliance settings contains tools to help you to assess
the compliance of users and client devices with regard to a
number of configurations
Compliance Settings objects:
Configuration Items
Configuration Baselines
Assign Configuration Baselines to Collections
Automatic remediation for some settings
Use Configuration Manager Monitoring features
51
Internet-Based Clients Management (IBCM)
Internet-based client management lets you manage
Configuration Manager clients when they are not
connected to your corporate network but have a standard
Internet connection
Clients and Site Servers used for IBCM must use PKI
Some features are not supported
Internet-based clients on the Internet first try to download
any required software updates from Microsoft Update
52
Mobile Device Management
You can deploy Configuration Manager clients on supported
mobile devices
Client installation requires PKI certificates on the mobile devices
With installed Configuration Manager client you can manage:
Hardware inventory
Software installation
Settings
Supported OS:
Windows Mobile 6.1, 6.5
Nokia Symbian Belle (SR1)
Supported Legacy Client OS:
Windows Mobile 6.0
Windows CE 5.0, 6.0, 7.0
53
Mobile Device Management (continued)
For devices with no client you can use the Configuration
Manager Exchange Connector for light management
Exchange Connector :
Retrieve limited inventory information
Define settings (limited to Exchange ActiveSync policies)
Issue wipe commands
Block the device from Exchange Server
Supported Exchange Server versions:
• Exchange Server 2010 SP1
• Exchange Online
54
Backup and Recovery
Backup Task
Generally the same tasks from Configuration Manager 2007
Maintenance Task location differs in Configuration Manager
Scheduling, SmsBkup.ctl file and AfterBackup.bat remain the same
Recovery
Recovery from the install media / Setup Wizard
Granular level of recovery
Leverage SQL Server Replication
55
Migrating from Configuration Manager 2007
No upgrade to Configuration
Manager
Migration functionality is built into
the Configuration Manager
Administration Console
Use migration jobs to configure
the specific data that you want to
migrate and manage the
migration of this data
57
Other features
Network Access Protection (NAP)
Application Virtualization (App-V)
Power Management
58
Configuration Manager Workshops
Title Modules
Configuration Introduction to Configuration Manager
Manager Concepts Deploying Configuration Manager
& Admin workshop Configuring Discovery and Deploying Clients
Inventory, Asset Intelligence, Software Metering, and Remote
Control
Migrating from Configuration Manager 2007 to 2012 Overview
Configuration Manager Console Security
59
Configuration Manager Workshops
Title Modules
Configuration Configuration Manager Deployment and Architecture
Manager Compliance Settings
Advanced Advanced Scenarios for Deploying Applications
workshop
Customizing Software Updates
Monitoring Site and Client Health
Troubleshooting and Site Recovery
61
Configuration Manager Workshops
Title Modules
Configuration New features and changes
Manager Design and roles
Migration and Preparing for migration
Application
Migration
Workshop
Application Management
Large migration scenario
63
Configuration Manager Workshops
Title Feature
Configuration Overivew, Concepts, and Architecture
Manager Windows PE
Operating System PXE and Multicast
Deployment
OSD Boot Scenarios
Image Capture
PXE and Multicast
Task Sequences
Driver Management
USMT
Deployments
Offline Image Management
Troubleshooting and Advanced Customization
MDT Integration
65
Module Review
What are some of the benefits of using System Center 2012
in your business?
66 Microsoft Confidential
Module Summary
In this Lesson, you learned:
About Configuration Manager features
About additional Configuration Manager courses to broaden your
knowledge
68 Microsoft Confidential