© 2012 Microsoft Corporation. All rights reserved.

System Center 2012 Configuration Manager

Concepts & Administration Workshop
Module 1: Introduction to System Center 2012
Configuration Manager

Your Name

Premier Field Engineer

Microsoft
Conditions and Terms of Use
Microsoft Confidential
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software
is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content
and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind, whether
express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and non-
infringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft
must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies,
organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association
with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Copyright and Trademarks

© 2012 Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United States
and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
 Overview
Introduction to main features of Configuration Manager
Provide a general understanding of the product
This workshop focuses on a subset of the available
Configuration Manager features
Remaining features are covered by other workshops

4
 Objective
This module will introduce new Configuration Manager
features and major changes from the previous version
(Configuration Manager 2007)
After completing this module you will be able to:
Identify the main features of Configuration Manager and their
functionality
Identify which workshops are focused on the topics not covered by
this delivery

5
 What is Configuration Manager?
Part of the System Center 2012 suite
Enterprise class system configuration and management
tool
Increases IT productivity by reducing manual tasks
Provides effective management of your assets
Utilizes your existing Microsoft technologies and solutions

6
 Pillars of Configuration Manager
Embrace user-centric management
• Allow the administrator to think users first
• Give the end user a fitting user experience to find/install software
• Allow the user to define their relationship to applications

Modernize infrastructure and core components

• Redesigned hierarchy and data replication
• Automated content distribution
• Client Health improvements and auto-remediation
• Redesigned admin experience and role-based security model
• Native 64-bit and full Unicode support

Continue to improve throughout the product

• Software Updates auto-deployment (including Forefront definitions)
• Automated settings remediation
• Consolidated and expanded mobile device management
• Improvements to OS Deployment and Remote Control

8
 Configuration Manager Console
The System Center UI
Workspaces and Ribbon
Search
Provider

10
 System Center UI
No more Microsoft Management Console
Uses the System Center UI Framework for common look and feel
across all System Center 2012 products
Main point of administration
Used to configure sites, clients, and to run/monitor
management tasks
Launch secondary consoles
(Resource Explorer, Remote control, Out of Band Management)
Can be installed on additional servers and workstations
Access can be restricted
Administrators see only the objects they are allowed to see
Temporary nodes for easier navigation

11
 Workspaces and Ribbon
Everything is placed under one of four workspaces:
Administration
Software Library
Monitoring
Assets and Compliance

The ribbon provides context sensitive access to settings

and features

12
 Search
A special search tab is present on the ribbon

13
 Search
Use of temporary nodes in the navigation pane
These are automatically created and selected as a result of actions
that you take and that do not display after you close the console

14
 Provider
Maps Classes and Instances to Tables and Rows in the
database
Multiple providers for a single site for either load balancing
or redundancy
Not intended for high availability scenarios
Implements role based security
Provider can be installed by running setup

15
 Sites and Hierarchy
Central Administration site (CAS)
One per
Must be installed first in a hierarchy hierarchy
Only supports one level of child Primary sites

Primary site
Standalone for smaller deployments Max. 25
Requires CAS to join a hierarchy

Secondary site
Extends a Primary site
Mainly used to compensate
for slow network connections Max. 250 per Primary site

16
 Sites and Hierarchy
Standalone single Primary site for smaller deployments
Install Primary site first
Cannot be added to a hierarchy later
Supports Secondary sites

17
 Comparison of Configuration Manager 2007 and
Configuration Manager hierarchy
Configuration Manager 2007 hierarchy
Primary sites can be moved around the hierarchy
Primary sites can be nested
A Primary site is needed to facilitate different client agent settings
or as a security boundary
Configuration Manager hierarchy
A CAS is needed for a hierarchy
Flat hierarchy with only one level of Primary sites
Client agent settings are managed through custom settings applied
to Collections

18
 Site System servers and Site System roles
Configuration Manager uses Site System roles to support
different management operations at each site
Each Site Server can host different Site System roles
Site System role can be installed on the Site Server or on another
server to manage performance

19 Microsoft Confidential
 Site System Servers and Site System Roles
One Site Server or System can host roles for one site
Some site system roles are automatically installed and
assigned to the server on which Configuration Manager
Setup has run
An example of these site system roles is the Site Server role
Cannot transfer these roles to another server or remove without
uninstalling the site
Some roles no longer exist but have been added to other
roles to make them more capable
e.g. PXE Service Point is now a function of a PXE-Enabled DP

20
 Site System roles
Site server
A site server is the computer on which you run Configuration Manager Setup and
it provides the core functionality for the site
Site database server
A site database server hosts the SQL Server database to store information about
assets and site data
Component server
A component server runs Configuration Manager services and is automatically
installed with all site systems except the Distribution Point
Management point (MP)
A Management Point provides policy and content location information to clients.
It also receives configuration data from clients
Distribution Point (DP)
Contains source files for clients to download, such as application content, software
packages, software updates, OS and boot images.
You can control content distribution by using bandwidth throttling and scheduling
options

21
 Site System roles (continued)
Reporting Services Point (RSP)
Integrates with SQL Server Reporting Services to create and manage reports for
Configuration Manager
State Migration Point (SMP)
The SMP stores user state data when a computer is migrated to a new operating system
Software Update Point (SUP)
A SUP integrates with Windows Server Update Services (WSUS) to provide software
updates to Configuration Manager clients
System Health Validator Point (SHV)
The SHV validates Configuration Manager Network Access Protection (NAP) policies. It
must be installed on a NAP Health Policy server
Fallback Status Point (FSP)
FSP helps you monitor client installation and identify the clients that are unmanaged
because they cannot communicate with their management point
Out of Band Service Point (OOB)
OOB service point provisions and configures AMT-based computers for out of band
management

22
 Site System roles
Asset Intelligence synchronization point
An AI synchronization point connects to System Center Online to download
Asset Intelligence catalog information and upload uncategorized titles so that
they can be considered for future inclusion in the catalog
Application Catalog Web Service Point
An Application Catalog Web Service Point provides software information to
the Application Catalog website from the Software Library
Application Catalog Website Point
An Application Catalog website point provides users with a list of available
software
 Enrollment Proxy Point
An Enrollment proxy point manages enrollment requests from mobile devices
so that they can be managed by Configuration Manager
Enrollment Point
An Enrollment Point uses PKI certificates to complete mobile device
enrollment and provision AMT-based computers

23
 Site System role placement
Role CAS Child Primary Standalone Secondary Scope
site Primary site site

Application Catalog web service point No Yes Yes No Hierarchy

Application Catalog website point No Yes Yes No Hierarchy

Asset Intelligence synchronization point(1) Yes No Yes No Hierarchy

Distribution point (2,3) No Yes Yes Yes Site

Fallback status point No Yes Yes No Hierarchy

Management point (2,3,5) No Yes Yes Yes Site

Endpoint Protection point Yes No Yes No Hierarchy

Enrollment point No Yes Yes No Site

Enrollment proxy point No Yes Yes No Site

Out of band service point No Yes Yes No Site

Reporting services point (2) Yes Yes Yes No Hierarchy

Software update point (4,6) Yes Yes Yes Yes Site

State migration point (2) No Yes Yes Yes Site

System Health Validator point (2) Yes Yes Yes No Hierarchy

24
 Site Boundaries
Boundary
Is a network location on intranet
Defined once per hierarchy
Needs to be part of a Boundary Group for site assignment

Boundary can be any of the following

IP range
IP subnet
AD site
IPv6 prefix

25
 Boundary Groups
Site Assignment
Clients join site based on boundary group containing client‘s
current network location
Overlapping is not supported for site assignment
Fallback Site –New feature added so clients that don’t belong to
any of the site boundaries/boundary groups will be assigned to
Fallback Site. This is completely different than Fallback Status Point
Content location
Associate DPs and SMPs with one or more boundary groups
Overlapping is permitted for content location (DP, SMP)
Network speed is defined for each DP in a boundary group

26
 Comparison of Configuration Manager 2007 and
Configuration Manager boundaries
Configuration Manager 2007 boundaries
Boundaries are site specific
Overlapping is not supported
Network speed is set per boundary

Configuration Manager boundaries

Boundaries are no longer site specific
Boundary Groups must be used for site assignment
Overlapping is permitted for content location
Network speed is set per DP

27
 Clients and Client Health
Discovering clients
Installing clients
Monitoring clients

28
 Discovering Clients
What is a Discovery Method?
Configuration Manager uses Discovery to add new resources (users
or computers) or information about existing resources (group or
OU membership) to the Configuration Manager database
Currently there are 6 discovery methods in Configuration
Manager

29
 Discovering Clients (continued)
Delta Discovery
Enhances the discovery capabilities by discovering only new or
changed resources in AD instead of performing a full discovery
cycle
Discovery can detect the following new resource types:
Computer objects
User objects
Security group objects
It is only available for the following discovery methods:
Active Directory System Discovery
Active Directory User Discovery
Active Directory Group Discovery

30 Microsoft Confidential
 Comparison of Configuration Manager 2007 to
Configuration Manager Discovery
Configuration Manager 2007 Discovery
Discovery Data Records (DDRs) are processed at each site in
hierarchy (child -> parent -> central)
Discovery information is not shared

Configuration Manager Discovery

Each DDR is processed only once at CAS or a Primary Site
Discovery information is global data
New method: Active Directory Forest Discovery
No more System Group Discovery (replaced by AD Group
Discovery)
Stale computers can be filtered out
Delta Discovery is improved

31
 Client Installation
Client Installation Description
Method
Automatic Client Clients can now be automatically upgraded. Refer to the link under
Upgrade Notes.
Upgrade installation Uses Configuration Manager application management to upgrade clients
to a newer version. You can also use Configuration Manager 2007
software distribution to upgrade clients to Configuration Manager.
Client push Use this method to automatically install the client to assigned resources
installation and to manually install the client to resources that are not assigned.
Software update Used to install the client using the Configuration Manager software
point installation updates feature.
Group Policy Used to install the client using Windows Group Policy.
installation
Logon script Used to install the client by means of a logon script.
installation
Manual installation Used to manually install the client software.
Client Imaging Used to pre-stage the client installation in an operating system image.

32
 Client Assignment
Manual Site Assignment
Use a client installation property that specifies the site code
In Control Panel\Configuration Manager, specify the site code
  Automatic Site Assignment
Based on Boundaries
What’s New in Configuration Manager for Site Assignment?
For automatic site assignment a Boundary must be configured in a
Boundary Group that is configured for site assignment
You can specify a fallback site for the hierarchy if the client’s
network location is not in a Boundary Group
Clients can now download site settings from the Management
Point after they have been assigned to the site

33 Microsoft Confidential
 Client Status
Client Status is a built-in feature of Configuration Manager
Administrators can be alerted to potential client health
issues
Clients conduct
a daily self check
Auto-remediate
dependencies
Reports
and trending

34
 Inventory
Hardware Inventory
Queries WMI for hardware
data
Can be customized per site or
per collection
Customize HW Inventory
without manually editing
.MOF files as they no longer
exist.

Software Inventory
Scans hard drives for file
types
Can also collect copies of files
during inventory cycle
Can be customized per Site or
per Collection

35
 Asset Intelligence (AI)
Asset Intelligence lets you
inventory and manage
software license usage by
using the Asset Intelligence
catalog
Uses AI Synchronization
Point to download catalog
60+ reports
2 new Maintenance Tasks
Check Application title with
Inventory information
Summarize installed
software data

36
 Software Metering
Monitor and collect software usage data from
Configuration Manager clients
You can view the
data via Collections,
Queries or Reports
Metering rules can
be created manually
or automatically

37
 Remote Control
Use Remote Control to remotely administer, provide
assistance, or view any client computer in the hierarchy
Three ways to connect:
Remote Control
Remote Desktop
Remote Assistance
New Features
Pass CTRL+ALT+DEL to client
Disable client mouse and keyboard during Remote Control sessions
Remote Tools are configured in the Default Client Settings or in
Custom Device Settings linked to a Collection
Start Remote Control Viewer from a command line

38
 Role Based Administration
New security model that simplifies administration
Security Roles
Security Scopes
Collections

39
 Collections
Collections represent logical groupings or resources either
users or devices (not both in a single collection)
Sub collections are no longer used and they are replaced
with folders
Added new functionality - Include and exclude collection
rules
Collection limiting – All collections must be limited to
another collection
Configuration Manager uses WMI query language to
retrieve data from the database to populate Collections and
Queries
Contain resources from all sites in the hierarchy
Can be restricted using RBA
40 Microsoft Confidential
 Comparison of Collections in Configuration Manager
2007 to Configuration Manager
Configuration Manager 2007 Collections:
Collections can hold User and Computer resources
Use of subcollections

Configuration Manager Collections:

Collections can hold user or computer resources, not both
Subcollections are no longer used
Include and exclude rules
Use RBA scopes to limit access
Collection limiting
Import to Collections

41
 System-centric Versus User-centric Management
Systems Management of Today
• Targeted at the device
• Explicit and action-based
• Software deployment
• Optimized for systems management
inside the firewall
• Optimized for tight IT control, minimal
end user involvement

User-Centric Client Mgmt of Tomorrow

• Targeted at the end user
• Implicit and intent-based
• Software deployment is about delivering
the right app in the right way to the right
user under the right condition
• Enable the user to be productive
anywhere and anytime
• Maintain IT control while balancing the
needs for end user empowerment

42
 Application Management
Switch to user-centric from system-centric management
Manage Applications, not setup scripts
Think "User first"
Define User Device Affinity (UDA)
Application Catalog
A website that allows users to browse for and request software
Requires Application Catalog role
Software Center
Installed with the Configuration Manager client
Users run this from the Start menu to request software

43
 Software Updates Management
Auto Deployment Rules (i.e. similar to auto
approval method in WSUS)
Provides administrators with tools to track and
apply software updates to client computers
Builds on WSUS 3.0 SP2
Only the top site synchronizes with Windows
Updates on the internet
Each site can have one active SUP

44 Microsoft Confidential
 Software Updates Management
Main features:
Superseded update support
SUM admin role (with RBA)
Client agent settings
Software update groups
Automated deployments
End user experience
Content library and cleanup
Migration from Configuration Manager 2007
Maintenance windows
Selective download of binaries
Wake On LAN
Internet-based client support

45 Microsoft Confidential
 Operating System Deployment (OSD)
Provides administrators with the tools for creating OS images
and deploy them to managed or unmanaged computers
Deployment can be done using bootable media (USB, CD,
DVD) or PXE network boot
Uses Windows Imaging Format (WIM) files that contain the OS
Operating system deployment provides the following
functionality:
Operating system image capture/deployment
User state migration by using the User State Migration Tool
Operating system image deployment
Task sequences provide the mechanism for performing multiple steps
or tasks on a computer at the command-line level without requiring
user intervention

47
 Operating System Deployment (continued)
Apply Windows Update by using Component-Based
Servicing (CBS) to update the WIM file rather than
recreating it
Use of same Task Sequence to deploy OS to computers
anywhere in the hierarchy
Capture/Restore User State supports new features from
USMT 4.0
CMTrace is now added to all boot images
TS media wizard can be suppressed during OS installation
when using media

48
 Endpoint Protection
Endpoint Protection in Configuration Manager
System Center 2012 Endpoint Protection is integrated with Configuration Manager
Configured as a Configuration Manager Role

Capabilities of Endpoint Protection

Configure antimalware policies and Windows Firewall settings
Use Software Updates to download the latest antimalware definition files to keep
clients up-to-date
Stay updated on client status via email notifications, in-console monitoring, and reports

Endpoint Protection client

Installs in addition to Configuration Manager client
Malware and Spyware detection and remediation
Rootkit detection and remediation
Critical vulnerability assessment and automatic definition and engine updates
Network vulnerability detection via Network Inspection System
Integration with Microsoft Active Protection Services

49 Microsoft Confidential
 Reporting
Reporting helps you gather, organize and present
information about users, hardware and software inventory,
software updates, applications, site status, and other
Configuration Manager operations in your organization
Over 400 predefined reports
Requires:
SQL Server Reporting Services (SSRS)
Reporting Services Point installed on SSRS
The “classic” Reporting Point has been removed

50
 Compliance Settings
DCM is now called Compliance Settings
Compliance settings contains tools to help you to assess
the compliance of users and client devices with regard to a
number of configurations
Compliance Settings objects:
Configuration Items
Configuration Baselines
Assign Configuration Baselines to Collections
Automatic remediation for some settings
Use Configuration Manager Monitoring features

51
 Internet-Based Clients Management (IBCM)
Internet-based client management lets you manage
Configuration Manager clients when they are not
connected to your corporate network but have a standard
Internet connection
Clients and Site Servers used for IBCM must use PKI
Some features are not supported
Internet-based clients on the Internet first try to download
any required software updates from Microsoft Update

52
 Mobile Device Management
You can deploy Configuration Manager clients on supported
mobile devices
Client installation requires PKI certificates on the mobile devices
With installed Configuration Manager client you can manage:
Hardware inventory
Software installation
Settings

Supported OS:
Windows Mobile 6.1, 6.5
Nokia Symbian Belle (SR1)
Supported Legacy Client OS:
Windows Mobile 6.0
Windows CE 5.0, 6.0, 7.0

53
 Mobile Device Management (continued)
For devices with no client you can use the Configuration
Manager Exchange Connector for light management
Exchange Connector :
Retrieve limited inventory information
Define settings (limited to Exchange ActiveSync policies)
Issue wipe commands
Block the device from Exchange Server
Supported Exchange Server versions:
• Exchange Server 2010 SP1
• Exchange Online

54
 Backup and Recovery
Backup Task
Generally the same tasks from Configuration Manager 2007
Maintenance Task location differs in Configuration Manager
Scheduling, SmsBkup.ctl file and AfterBackup.bat remain the same

Recovery
Recovery from the install media / Setup Wizard
Granular level of recovery
Leverage SQL Server Replication

55
 Migrating from Configuration Manager 2007
No upgrade to Configuration
Manager
Migration functionality is built into
the Configuration Manager
Administration Console
Use migration jobs to configure
the specific data that you want to
migrate and manage the
migration of this data

57
 Other features
Network Access Protection (NAP)
Application Virtualization (App-V)
Power Management

58
 Configuration Manager Workshops
Title Modules
Configuration Introduction to Configuration Manager
Manager Concepts Deploying Configuration Manager
& Admin workshop Configuring Discovery and Deploying Clients
Inventory, Asset Intelligence, Software Metering, and Remote
Control
Migrating from Configuration Manager 2007 to 2012 Overview
Configuration Manager Console Security

Collections and Queries

Deploying Applications
Deploying Software Updates

Client Status monitoring

Backup and Recovery (Optional)

59
 Configuration Manager Workshops
Title Modules
Configuration Configuration Manager Deployment and Architecture
Manager Compliance Settings
Advanced Advanced Scenarios for Deploying Applications
workshop
Customizing Software Updates
Monitoring Site and Client Health
Troubleshooting and Site Recovery

61
 Configuration Manager Workshops
Title Modules
Configuration New features and changes
Manager Design and roles
Migration and Preparing for migration
Application
Migration
Workshop
Application Management
Large migration scenario

63
 Configuration Manager Workshops
Title Feature
Configuration Overivew, Concepts, and Architecture
Manager Windows PE
Operating System PXE and Multicast
Deployment
OSD Boot Scenarios
Image Capture
PXE and Multicast
Task Sequences
Driver Management
USMT
Deployments
Offline Image Management
Troubleshooting and Advanced Customization
MDT Integration
65
 Module Review
What are some of the benefits of using System Center 2012
in your business?

What are some of the new features of the Configuration

Management Console?

How can Configuration Manager help you with employees

who are using multiple devices in a variety of locations?

66 Microsoft Confidential
 Module Summary
In this Lesson, you learned:
About Configuration Manager features
About additional Configuration Manager courses to broaden your
knowledge

68 Microsoft Confidential