You are on page 1of 54

2012 Microsoft Corporation. All rights reserved.

System Center 2012 Configuration Manager


Concepts & Administration Workshop
Module 1: Introduction to System Center 2012
Configuration Manager

Your Name
Premier Field Engineer
Microsoft

Conditions and Terms of Use


Microsoft Confidential
This training package is proprietary and confidential, and is intended only for uses described in the training materials.
Content and software is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or
disclosing all or any portion of the content and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of
any kind, whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a
particular purpose, and non-infringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice.
Because Microsoft must respond to changing market conditions, the content should not be interpreted to be a commitment
on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of
publication. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos,
people, places, and events depicted herein are fictitious, and no association with any real company, organization, product,
domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

Copyright and Trademarks


2012 Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering
subject matter in this document. Except as expressly provided in written license agreement from Microsoft, the furnishing
of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no
part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by
any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written
permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft, Internet Explorer, and Windows are either registered trademarks or trademarks of Microsoft Corporation in
the United States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks
or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of
their respective owners.

Overview
Introduction to main features of Configuration
Manager
Provide a general understanding of the product
This workshop focuses on a subset of the available
Configuration Manager features
Remaining features are covered by other workshops

Objective
This module will introduce new Configuration
Manager features and major changes from the
previous version (Configuration Manager 2007)
After completing this module you will be able to:
Identify the main features of Configuration Manager and
their functionality
Identify which workshops are focused on the topics not
covered by this delivery

What is Configuration Manager?


Part of the System Center 2012 suite
Enterprise class system configuration and
management tool
Increases IT productivity by reducing manual tasks
Provides effective management of your assets
Utilizes your existing Microsoft technologies and
solutions

Pillars of Configuration Manager


Embrace user-centric management
Allow the administrator to think users first
Give the end user a fitting user experience to find/install
software
Allow the user to define their relationship to applications

Modernize infrastructure and core components

Redesigned hierarchy and data replication


Automated content distribution
Client Health improvements and auto-remediation
Redesigned admin experience and role-based security model
Native 64-bit and full Unicode support

Continue to improve throughout the product


Software Updates auto-deployment (including Forefront
definitions)
Automated settings remediation
Consolidated and expanded mobile device management
Improvements to OS Deployment and Remote Control

Configuration Manager Console


The System Center UI
Workspaces and Ribbon
Search
Provider

10

System Center UI
No more Microsoft Management Console
Uses the System Center UI Framework for common look
and feel across all System Center 2012 products

Main point of administration


Used to configure sites, clients, and to run/monitor
management tasks
Launch secondary consoles
(Resource Explorer, Remote control, Out of Band
Management)

Can be installed on additional servers and


workstations
Access can be restricted
Administrators see only the objects they are allowed to see

Temporary nodes for easier navigation


11

Workspaces and Ribbon


Everything is placed under one of four workspaces:
Administration
Software Library
Monitoring
Assets and Compliance

The ribbon provides context sensitive access to


settings and features

12

Search
A special search tab is present on the ribbon

13

Search
Use of temporary nodes in the navigation pane
These are automatically created and selected as a result of
actions that you take and that do not display after you
close the console

14

Sites and Hierarchy


Central Administration site (CAS)
Must be installed first in a hierarchy
Only supports one level of child Primary sites

One per
hierarchy

Primary site
Standalone for smaller deployments
Requires CAS to join a hierarchy

Max. 25

Secondary site
Extends a Primary site
Mainly used to compensate
for slow network connections

16

Max. 250 per Primary site

Sites and Hierarchy


Standalone single Primary site for smaller
deployments
Install Primary site first
Cannot be added to a hierarchy later
Supports Secondary sites

17

Comparison of Configuration Manager 2007 and


Configuration Manager hierarchy
Configuration Manager 2007 hierarchy
Primary sites can be moved around the hierarchy
Primary sites can be nested
A Primary site is needed to facilitate different client agent
settings or as a security boundary

Configuration Manager hierarchy


A CAS is needed for a hierarchy
Flat hierarchy with only one level of Primary sites
Client agent settings are managed through custom
settings applied to Collections

18

Site System servers and Site System


roles
Configuration Manager uses Site System roles to support
different management operations at each site
Each Site Server can host different Site System roles
Site System role can be installed on the Site Server or on
another server to manage performance

19

Microsoft Confidential

Site System Servers and Site System


Roles
One Site Server or System can host roles for one
site
Some site system roles are automatically installed
and assigned to the server on which Configuration
Manager Setup has run
An example of these site system roles is the Site Server
role
Cannot transfer these roles to another server or remove
without uninstalling the site

Some roles no longer exist but have been added to


other roles to make them more capable
e.g. PXE Service Point is now a function of a PXE-Enabled
DP

20

Site System roles


Site server
A site server is the computer on which you run Configuration Manager
Setup and it provides the core functionality for the site

Site database server


A site database server hosts the SQLServer database to store
information about assets and site data

Component server
A component server runs ConfigurationManager services and is
automatically installed with all site systems except the Distribution Point

Management point (MP)


A Management Point provides policy and content location information to
clients. It also receives configuration data from clients

Distribution Point (DP)


Contains source files for clients to download, such as application
content, software packages, software updates, OS and boot images.
You can control content distribution by using bandwidth throttling and
scheduling options
21

Site System roles (continued)


Reporting Services Point (RSP)
Integrates with SQL Server Reporting Services to create and manage reports
for Configuration Manager

State Migration Point (SMP)


The SMP stores user state data when a computer is migrated to a new
operating system

Software Update Point (SUP)


A SUP integrates with Windows Server Update Services (WSUS) to provide
software updates to Configuration Manager clients

System Health Validator Point (SHV)


The SHV validates ConfigurationManager Network Access Protection (NAP)
policies. It must be installed on a NAP Health Policy server

Fallback Status Point (FSP)


FSP helps you monitor client installation and identify the clients that are
unmanaged because they cannot communicate with their management point

Out of Band Service Point (OOB)


OOB service point provisions and configures AMT-based computers for out of
band management
22

Site System roles


Asset Intelligence synchronization point
An AI synchronization point connects to System Center Online to
download Asset Intelligence catalog information and upload
uncategorized titles so that they can be considered for future inclusion
in the catalog

Application Catalog Web Service Point


An Application Catalog Web Service Point provides software information
to the Application Catalog website from the Software Library

Application Catalog Website Point


An Application Catalog website point provides users with a list of
available software

Enrollment Proxy Point


An Enrollment proxy point manages enrollment requests from mobile
devices so that they can be managed by Configuration Manager

Enrollment Point
An Enrollment Point uses PKI certificates to complete mobile device
enrollment and provision AMT-based computers
23

Site System role placement

24

Role

CAS

Child
Primary
site

Standalone
Primary
site

Secondary
site

Scope

Application Catalog web service point

No

Yes

Yes

No

Hierarchy

Application Catalog website point

No

Yes

Yes

No

Hierarchy

Asset Intelligence synchronization


point(1)

Yes

No

Yes

No

Hierarchy

Distribution point (2,3)

No

Yes

Yes

Yes

Site

Fallback status point

No

Yes

Yes

No

Hierarchy

Management point (2,3,5)

No

Yes

Yes

Yes

Site

Endpoint Protection point

Yes

No

Yes

No

Hierarchy

Enrollment point

No

Yes

Yes

No

Site

Enrollment proxy point

No

Yes

Yes

No

Site

Out of band service point

No

Yes

Yes

No

Site

Reporting services point (2)

Yes

Yes

Yes

No

Hierarchy

Software update point (4,6)

Yes

Yes

Yes

Yes

Site

State migration point (2)

No

Yes

Yes

Yes

Site

System Health Validator point (2)

Yes

Yes

Yes

No

Hierarchy

Site Boundaries
Boundary
Is a network location on intranet
Defined once per hierarchy
Needs to be part of a Boundary Group for site assignment

Boundary can be any of the following


IP range
IP subnet
AD site
IPv6 prefix
25

Boundary Groups
Site Assignment
Clients join site based on boundary group containing
clients current network location
Overlapping is not supported for site assignment
Fallback Site New feature added so clients that dont
belong to any of the site boundaries/boundary groups will
be assigned to Fallback Site. This is completely different
than Fallback Status Point

Content location
Associate DPs and SMPs with one or more boundary groups
Overlapping is permitted for content location (DP, SMP)
Network speed is defined for each DP in a boundary group

26

Comparison of Configuration Manager 2007 and


Configuration Manager boundaries
Configuration Manager 2007 boundaries
Boundaries are site specific
Overlapping is not supported
Network speed is set per boundary

Configuration Manager boundaries


Boundaries are no longer site specific
Boundary Groups must be used for site assignment
Overlapping is permitted for content location
Network speed is set per DP

27

Clients and Client Health


Discovering clients
Installing clients
Monitoring clients

28

Discovering Clients
What is a Discovery Method?
Configuration Manager uses Discovery to add new
resources (users or computers) or information about
existing resources (group or OU membership) to the
Configuration Manager database

Currently there are 6 discovery methods in


Configuration Manager

29

Discovering Clients (continued)


Delta Discovery
Enhances the discovery capabilities by discovering only
new or changed resources in AD instead of performing a
full discovery cycle
Discovery can detect the following new resource types:
Computer objects
User objects
Security group objects

It is only available for the following discovery methods:


Active Directory System Discovery
Active Directory User Discovery
Active Directory Group Discovery

30

Microsoft Confidential

Comparison of Configuration Manager 2007 to


Configuration Manager Discovery
Configuration Manager 2007 Discovery
Discovery Data Records (DDRs) are processed at each site
in hierarchy (child -> parent -> central)
Discovery information is not shared

Configuration Manager Discovery


Each DDR is processed only once at CAS or a Primary Site
Discovery information is global data
New method: Active Directory Forest Discovery
No more System Group Discovery (replaced by AD Group
Discovery)
Stale computers can be filtered out
Delta Discovery is improved

31

Client Installation
Client
Installation
Method
Automatic Client
Upgrade
Upgrade
installation

Client push
installation
Software update
point
installation
Group Policy
installation
Logon script
installation
Manual
installation
Client Imaging
32

Description

Clients can now be automatically upgraded. Refer to the link


under Notes.
Uses Configuration Manager application management to
upgrade clients to a newer version. You can also use
Configuration Manager 2007 software distribution to upgrade
clients to Configuration Manager.
Use this method to automatically install the client to assigned
resources and to manually install the client to resources that
are not assigned.
Used to install the client using the Configuration Manager
software updates feature.
Used to install the client using Windows Group Policy.
Used to install the client by means of a logon script.
Used to manually install the client software.
Used to pre-stage the client installation in an operating system
image.

Client Assignment
Manual Site Assignment
Use a client installation property that specifies the site code
In Control Panel\Configuration Manager, specify the site code

Automatic Site Assignment


Based on Boundaries

Whats New in Configuration Manager for Site


Assignment?
For automatic site assignment a Boundary must be configured in
a Boundary Group that is configured for site assignment
You can specify a fallback site for the hierarchy if the clients
network location is not in a Boundary Group
Clients can now download site settings from the Management
Point after they have been assigned to the site

33

Microsoft Confidential

Client Status
Client Status is a built-in feature of Configuration
Manager
Administrators can be alerted to potential client
health issues
Clients conduct
a daily self check
Auto-remediate
dependencies
Reports
and trending

34

Inventory
Hardware Inventory
Queries WMI for hardware
data
Can be customized per site
or per collection
Customize HW Inventory
without manually
editing .MOF files as they
no longer exist.

Software Inventory
Scans hard drives for file
types
Can also collect copies of
files during inventory cycle
Can be customized per
Site or per Collection
35

Asset Intelligence (AI)


Asset Intelligence lets you
inventory and manage
software license usage by
using the Asset Intelligence
catalog
Uses AI Synchronization
Point to download catalog
60+ reports
2 new Maintenance Tasks
Check Application title with
Inventory information
Summarize installed
software data
36

Software Metering
Monitor and collect software usage data from
Configuration Manager clients
You can view the
data via Collections,
Queries or Reports
Metering rules can
be created manually
or automatically

37

Remote Control
Use Remote Control to remotely administer, provide
assistance, or view any client computer in the
hierarchy
Three ways to connect:
Remote Control
Remote Desktop
Remote Assistance

New Features
Pass CTRL+ALT+DEL to client
Disable client mouse and keyboard during Remote Control
sessions
Remote Tools are configured in the Default Client Settings
or in Custom Device Settings linked to a Collection
Start Remote Control Viewer from a command line
38

Role Based Administration


New security model that simplifies administration
Security Roles
Security Scopes
Collections

39

Collections
Collections represent logical groupings or resources
either users or devices (not both in a single collection)
Sub collections are no longer used and they are
replaced with folders
Added new functionality - Include and exclude
collection rules
Collection limiting All collections must be limited to
another collection
Configuration Manager uses WMI query language to
retrieve data from the database to populate
Collections and Queries
Contain resources from all sites in the hierarchy
Can be restricted using RBA
40

Microsoft Confidential

Comparison of Collections in Configuration


Manager 2007 to Configuration Manager
Configuration Manager 2007 Collections:
Collections can hold User and Computer resources
Use of subcollections

Configuration Manager Collections:


Collections can hold user or computer resources, not both
Subcollections are no longer used
Include and exclude rules
Use RBA scopes to limit access
Collection limiting
Import to Collections

41

System-centric Versus User-centric Management


Systems Management of Today

Targeted at the device

Explicit and action-based

Software deployment

Optimized for systems management


inside the firewall

Optimized for tight IT control,


minimal end user involvement

42

User-Centric Client Mgmt of


Tomorrow

Targeted at the end user

Implicit and intent-based

Software deployment is about


delivering the right app in the right
way to the right user under the right
condition

Enable the user to be productive


anywhere and anytime

Maintain IT control while balancing


the needs for end user
empowerment

Application Management
Switch to user-centric from system-centric
management
Manage Applications, not setup scripts
Think "User first"
Define User Device Affinity (UDA)

Application Catalog
A website that allows users to browse for and request
software
Requires Application Catalog role

Software Center
Installed with the Configuration Manager client
Users run this from the Start menu to request software

43

Software Updates Management


Auto Deployment Rules (i.e. similar to auto
approval method in WSUS)
Provides administrators with tools to track
and apply software updates to client
computers
Builds on WSUS 3.0 SP2
Only the top site synchronizes with Windows
Updates on the internet
Each site can have one active SUP

44

Microsoft Confidential

Software Updates Management


Main features:
Superseded update support
SUM admin role (with RBA)
Client agent settings
Software update groups
Automated deployments
End user experience
Content library and cleanup
Migration from Configuration Manager 2007
Maintenance windows
Selective download of binaries
Wake On LAN
Internet-based client support
45

Microsoft Confidential

Operating System Deployment (OSD)


Provides administrators with the tools for creating OS
images and deploy them to managed or unmanaged
computers
Deployment can be done using bootable media (USB,
CD, DVD) or PXE network boot
Uses Windows Imaging Format (WIM) files that contain
the OS
Operating system deployment provides the following
functionality:
Operating system image capture/deployment
User state migration by using the User State Migration Tool
Operating system image deployment
Task sequences provide the mechanism for performing multiple
steps or tasks on a computer at the command-line level without
requiring user intervention
47

Operating System Deployment


(continued)
Apply Windows Update by using Component-Based
Servicing (CBS) to update the WIM file rather than
recreating it
Use of same Task Sequence to deploy OS to
computers anywhere in the hierarchy
Capture/Restore User State supports new features
from USMT 4.0
CMTrace is now added to all boot images
TS media wizard can be suppressed during OS
installation when using media

48

Endpoint Protection
Endpoint Protection in Configuration Manager
System Center 2012 Endpoint Protection is integrated with Configuration Manager
Configured as a Configuration Manager Role

Capabilities of Endpoint Protection


Configure antimalware policies and Windows Firewall settings
Use Software Updates to download the latest antimalware definition files to keep
clients up-to-date
Stay updated on client status via email notifications, in-console monitoring, and
reports

Endpoint Protection client


Installs in addition to Configuration Manager client
Malware and Spyware detection and remediation
Rootkit detection and remediation
Critical vulnerability assessment and automatic definition and engine updates
Network vulnerability detection via Network Inspection System
Integration with Microsoft Active Protection Services

49

Microsoft Confidential

Reporting
Reporting helps you gather, organize and present
information about users, hardware and software
inventory, software updates, applications, site
status, and other Configuration Manager operations
in your organization
Over 400 predefined reports
Requires:
SQL Server Reporting Services (SSRS)
Reporting Services Point installed on SSRS

The classic Reporting Point has been removed

50

Backup and Recovery


Backup Task
Generally the same tasks from Configuration Manager
2007
Maintenance Task location differs in Configuration Manager

Scheduling, SmsBkup.ctl file and AfterBackup.bat remain


the same

Recovery
Recovery from the install media / Setup Wizard
Granular level of recovery
Leverage SQL Server Replication

55

Migrating from Configuration Manager


2007
No upgrade to Configuration
Manager
Migration functionality is built
into
the Configuration Manager
Administration Console
Use migration jobs to
configure the specific data
that you want to
migrate and manage the
migration of this data

57

Configuration Manager Workshops


Title

Modules

Configuration
Manager
Concepts &
Admin workshop

Introduction to Configuration Manager


Deploying Configuration Manager
Configuring Discovery and Deploying Clients
Inventory, Asset Intelligence, Software Metering, and
Remote Control
Migrating from Configuration Manager 2007 to 2012
Overview
Configuration Manager Console Security
Collections and Queries
Deploying Applications
Deploying Software Updates
Client Status monitoring
Backup and Recovery (Optional)

59

Configuration Manager Workshops


Title

Modules

Configuration
Manager
Advanced
workshop

Configuration Manager Deployment and


Architecture
Compliance Settings
Advanced Scenarios for Deploying Applications
Customizing Software Updates
Monitoring Site and Client Health
Troubleshooting and Site Recovery

61

Configuration Manager Workshops


Title

Modules

Configuration
Manager
Migration and
Application
Workshop

New features and changes


Design and roles
Preparing for migration
Migration
Application Management
Large migration scenario

63

Configuration Manager Workshops


Title

Feature

Configuration
Manager
Operating
System
Deployment

Overivew, Concepts, and Architecture


Windows PE
PXE and Multicast
OSD Boot Scenarios
Image Capture
PXE and Multicast
Task Sequences
Driver Management
USMT
Deployments
Offline Image Management
Troubleshooting and Advanced Customization
MDT Integration

65

Module Review
What are some of the benefits of using System
Center 2012 in your business?
What are some of the new features of the
Configuration Management Console?
How can Configuration Manager help you with
employees who are using multiple devices in a
variety of locations?

66

Microsoft Confidential

Module Summary
In this Lesson, you learned:
About Configuration Manager features
About additional Configuration Manager courses to
broaden your knowledge

68

Microsoft Confidential

You might also like