System Center 2012 Configuration Manager (Sccm) Unleashed

Read more

The comprehensive reference and technical guide to Microsoft System Center Configuration Manager 2012.

Foreword by Wally Mead, Microsoft Corporation

Leading System Center experts offer step-by-step coverage of every feature area, organized to help you rapidly optimize ConfigMgr 2012 for your specific requirements, deploy and use it successfully, and gain even more value by integrating it with the rest of System Center.

Extensively revised to reflect major improvements in Configuration Manager 2012, this book fully addresses planning, design, and implementation, offering best practice processes for everything from software distribution to client security. Drawing on their unsurpassed “in-the-trenches” experience, the authors show how to use Configuration Manager 2012's user-centric capabilities to provide anytime/anywhere services and software, and to strengthen both control and compliance.

• Understand Configuration Manager 2012's key concepts and components
• Plan your architecture, and design supporting network infrastructure
• Install Configuration Manager 2012 and integrate it with existing systems
• Leverage Configuration Manager 2012's major improvements in security and scalability
• Manage operations and clients through the new Outlook-style console
• Efficiently create, manage, distribute, deploy, and update applications
• Centrally manage all your mobile devices
• Simplify client security management with new Endpoint Protection capabilities
• Query and report on configurations throughout your enterprise
• Implement reliable backup and recovery
• Establish security accounts, groups, and requirements, and safely delegate security rights

List of contents

Foreword by Wally Mead     xxix
Introduction     1

PART I:  Configuration Manager Overview and Concepts
Chapter 1  Configuration Management Basics     7
Ten Reasons to Use Configuration Manager     8
The Evolution of Systems Management     9
   Hurdles in the Distributed Enterprise     10
   The IT Automation Challenge     10
   Configuration “Shift and Drift”     11
   Lack of Security and Control     11
   Timeliness of Asset Data     12
   Lack of Automation and Enforcement     12
   Proliferation of Virtualization and Cloud Computing     12
   Lack of Process Consistency     13
   The Bottom Line     13
Systems Management Defined     14
Microsoft's Strategy for Service Management     15
   Microsoft's Dynamic Systems Initiative     16
   IT Infrastructure Library and Microsoft Operations Framework     19
   Total Quality Management: TQM     24
   Six Sigma     24
   Service Management Mastery: ISO 20000     24
   Optimizing Your Infrastructure     25
Overview of Microsoft System Center     29
   Reporting in System Center     30
   Operations Management     31
   Service Management     31
   Protecting Data     32
   Virtual Machine Management     32
   Deploy and Manage in the Cloud     33
   Orchestration and Automation     33
   Cloud-Based Configuration Monitoring     34
   Endpoint Protection     34
The Value Proposition of Configuration Manager     34
Summary     35
Chapter 2  Configuration Manager Overview     37
The History of Configuration Manager     37
   Systems Management Server 1.x     38
   Systems Management Server 2.0     38
   Systems Management Server 2003     39
   System Center Configuration Manager 2007     41
   System Center 2012 Configuration Manager     42
Terminology in Configuration Manager     42
   Site Hierarchy     43
   Site     44
   Site Systems     46
   Senders     48
   Addresses     49
   Configuration Manager Discovery Types     49
   Configuration Manager Agent     50
   Configuration Manager Console     51
   Collections     52
   Queries     52
   Alerts     53
   Status System     53
   Managing Applications     54
   Content Management     57
   Software Update Management     59
   Compliance Settings     59
   BITS     59
   Software Metering     60
   Network Access Protection     60
   BranchCache     61
   Reporting     61
What's New in This Version     62
   64-Bit Site System Requirements     62
   User-Centric Management     62
   Applications and Packages     63
   Hierarchy Changes     63
   New Configuration Manager Console     64
   Enhancements to BITS     64
   Application Catalog     64
   Extended Mobile Device Management     65
   Management Point Enhancements     65
   Boundary Changes     65
   Fallback Site     66
   Centrally Managed Client Settings     66
   Role-Based Administration     66
   Backup and Recovery     66
   Collection Changes     67
   Client Health Status Enhancements     68
   Compliance Settings Changes     68
   Remote Control Improvements     69
   Hardware Inventory Improvements     69
   Power Management Improvements     70
   Software Updates Improvements     72
   Improved End User Experience     73
   Content Library     73
   Operating System Deployment     73
   Distribution Point Changes     74
   System Center 2012 Endpoint Protection Integration     75
Feature Dependencies of System Center 2012 Configuration Manager     75
Summary     77
Chapter 3  Looking Inside Configuration Manager     79
Design Concepts     80
Active Directory Integration     81
   Schema Extensions     81
   Additional Active Directory Benefits     90
A WMI Primer     91
   WMI Feature Set and Architecture     91
   Inside the WMI Object Model     95
   Managing WMI      98
   Looking Inside the CIMV2 Namespace     103
WMI in ConfigMgr     111
   ConfigMgr Client Namespaces     111
   Hardware Inventory Through WMI     112
   Additional Client Operations Through WMI     116  
   WMI on ConfigMgr Servers     120
Components and Communications     124
Inside the ConfigMgr Database     133
   ConfigMgr Tables and Views     133
   Using SQL Server Management Studio     134
Viewing Detailed Process Activity     138
SQL Replication Crash Course     146
Configuration Manager Database Replication     148
File-Based Replication     154
Summary     157

PART II:  Planning, Design, and Installation
Chapter 4  Architecture Design Planning     161
Developing the Solution Architecture     161
   Establishing Business Requirements     162
   Assessing Your Environment     163
Planning for Licensing     165
Hierarchy Planning     167
   Configuration Manager Sites     167
   Planning Your Hierarchy Structure     169
   Planning Boundaries and Boundary Groups      170
   Choosing Client Discovery and Installation Methods     172
   Defining Your Client Architecture     174
   Planning for User-Centric Management     178
   Planning Content Management     178
Planning for Infrastructure Dependencies     180
   Active Directory Considerations     180
   Planning Certificate Services     183
Site Planning     186
   Site Servers and Site Systems Planning     186
   Capacity Planning     188
   Developing the Server Architecture     189
Planning for Solution Scenarios     190
   Software Update Planning     190
    Planning for Internet-Based Clients     193
   Out of Band Management Planning     195
Testing and Stabilizing Your Design     197
   The Proof of Concept     198
   The Pilot Deployment     204
Summary     204
Chapter 5  Network Design     205
Understanding Your Network     206
Configuration Manager Data Flow     . 206
Intrasite Server Communications     208
   Communications with SQL Server     208
   Communications Using RPC     209
   Communications Using SMB     209
   Replication of Deployment Content Refresh Data     213
   Site System Communications Using HTTP and HTTPS     214
   Other Server Communications     214
   Client to Server Communications     214
   Client Ports and Protocols     215
   Reasons for Changing Ports     215
   Initial Communication     221
   Identifying and Contacting the Client's Assigned Site     222
   Client Protocols     222
   Planning for Network Access Protection     224
Site-to-Site Communications     225
   Database Replication     225
   File-Based Replication     226
   Data Priorities     227
Fast Network and Slow Network Boundaries     227
Use of BITS     229
   BITS Versions for ConfigMgr Clients     230
   Modifying BITS Functionality Through Group Policy     231
   Modifying BITS Functionality Within ConfigMgr     232
   Comparative Advantages of Group Policy and ConfigMgr Settings for BITS     233
   Systems with Multiple Interfaces and File Integrity Checking     233
ConfigMgr and BranchCache     234
Server and Site Placement     236
Deploying Servers to Support Internet-Based Clients     237
   Using a Dedicated Site for Internet Clients     238
   Allowing Site-to-Site Communications Across an Inner Firewall     239
   Having a Site Span the Internal Network and Perimeter Network     240
   Using Web Proxies and Proxy Enrollment Points     240
Intermittently Connected Users     241
Network Discovery     241
   Discovering Network Topology     243
   Topology and Client Discovery     245
   Discovering Topology, Client, and Client Operating Systems     245
Troubleshooting ConfigMgr Network Issues     246
   Network Configuration Issues     247
   Basic Connectivity Problems     247
   Name Resolution Issues     248
   Blocked or Unresponsive Ports     249
   Timeout Issues     250
   Identifying Network Issues Affecting ConfigMgr     250
Summary     259
Chapter 6  Installing System Center 2012 Configuration Manager     261
Configuring Pre-Installation Requirements     261
   Windows Components     262
   Supported SQL Server Requirements     263
   Validating and Configuring Active Directory Requirements     265  
   Windows Server Update Services     265
   Prerequisite Checker     265
   Using the Prerequisite Files Downloader     269
Performing Site Installations     270
   Installing the Central Administration Site     271
   Installing Primary Sites     278
   Installing Secondary Sites     288
   Installation Validation     294
Site Properties     296
   Initial Configuration     296
   Installing Optional Site Systems     301
Uninstalling Sites     309
   Uninstalling Primary Sites     309
   Uninstalling Secondary Sites     312
   Uninstalling a Full Hierarchy     314
Troubleshooting Site Installation     315
Summary     316
Chapter 7  Migrating to System Center 2012 Configuration Manager     317
About Migration     318
   Migration Background and Introduction     318
   Migration, Not an Upgrade     319
Planning the Migration     320
   Central Site and Hierarchy Concepts in 2012     320
   About Site Mode     321  
   What Is Migrated     321  
   What Is Not Migrated     323
   Pre-Migration Activities     324
   Coexistence Considerations     327
   Migrating Your Configuration Manager Infrastructure     327
   Site Servers and Site Roles     328
   Security Considerations     332
   Boundaries and What's Changing     337
Performing the Migration     338
   Migrating Features and Objects     338
   Migrating by Feature and Dependencies     338
   Migration Dependencies Configuration     339
   Configuring the Active Source Site     343
   Configuring Child Sites for Data Gathering     345
   Migration Jobs     347
   Shared Distribution Points     366
   Migration Clean Up     367
Migrating Reports     369
   Legacy Reports     369
   SSRS Reports     369
   Custom Reports     369
Client Migration and Methods     370
   Background and Client Migration Concepts     370
   Client Migration Strategies for Your Network     371
Troubleshooting Migration Issues     371
Summary     372

PART III:  Configuration Manager Operations
Chapter 8  The Configuration Manager Console     375
Console Highlights     376
Touring the Console     376
   Configuration Manager Console Panes     377
   Configuration Manager Console Bars     378
   Backstage     378
ConfigMgr Workspaces     379
   Assets and Compliance Workspace     380
   Software Library Workspace     380
   Monitoring Workspace     381
   Administration Workspace     383
   Console Node Details     384
Console Deployment     388
   Console Placement     389
   Supported Platforms     389
   ConfigMgr Console Prerequisites     390
   Installation Using the ConfigMgr Setup Wizard     391
   Unattended Console Installation     394
Role-Based Administration     395
   Introducing the “Show Me” Behavior     395
   Behind the Scenes     397
   The Three States of Interaction     397
Connecting to a Site     398
   Recent Connections     398
   Clearing Recent Connections     398
Personalizing the Console     400
The In-Console Alert Experience     401
   Viewing Alerts     401
   Managing Alerts     402
   Configuring Alerts     403
   Subscribing to Alerts     404
Configuration Manager Service Manager     404
   Initiating the Configuration Manager Service Manager Console     406
   Operating the Configuration Manager Service Manager Console     407
Security Considerations     408
   SMS Provider Permissions     409
   DCOM Permissions     409  
   WMI Permissions     409
Troubleshooting Console Issues     411
   Console Logging     411
   Verify Security     412
   Connectivity Issues     416
   Common Problems with the ConfigMgr Console     416
Summary     417
Chapter 9  Configuration Manager Client Management     419
Discovery     419
   Active Directory Forest Discovery     420
   Active Directory Group Discovery     422
   Active Directory User Discovery     424
   Active Directory System Discovery     426
   Heartbeat Discovery     427
   Network Discovery     429
   Manually Importing Clients into ConfigMgr     431
ConfigMgr Client Requirements     432
   Hardware Dependencies     432
   Software Dependencies     433
   Supported Platforms     433
ConfigMgr Client Installation     435
   Manual Installation     435
   Installing with Logon Scripts     441
   Client Push     442
   Group Policy     447
   Software Update Point     448
   Client Approval     449
   Blocking and Unblocking Clients     450
   Automatically Upgrading the Client     450
   Troubleshooting Client Installation     451
Client Assignment     453
Client Health     454
Client Settings     459
   Defining Priority     461
   Background Intelligent Transfer Device Settings     461
   Client Policy Device Settings     463
   Compliance Settings Device Settings     463
   Computer Agent Device Settings     464
   Computer Restart Device Settings     466
   Endpoint Protection Device Settings     466
   Hardware Inventory Device Settings     467
   Network Access Protection (NAP) Device Settings     470
   Power Management Device Settings     471
   Remote Control Device Settings     471
   Software Deployment Device Settings     476
   Software Inventory Device Settings     477
   Software Metering Device Settings     479
   Software Updates Device Settings     481
   State Messaging Device Settings     482
   User and Device Affinity Settings     482
Using the Resource Explorer     483
Wake On LAN     484
   WOL Prerequisites     484
   Two Types of WOL     485
   Configuring WOL     486
   Using WOL     487
Summary     488

PART IV:  Software and Configuration Management
Chapter 10  Managing Compliance     491
New and Improved in System Center 2012 Configuration Manager     493
Configuring Compliance Settings     493
Configuration Items and Baselines     495
   Configuration Items     496
   Configuration Baselines     512
   Compliance Evaluation     517
   Versioning     519
   Configuration Packs     521
   Exporting Configuration Items and Baselines     522
   Compliance Authoring     523
Compliance Strategy     525
   Reporting     526
   On-Demand Results     527
   Alerting     527
   Remediation     528
Troubleshooting     529
Summary     531
Chapter 11  Packages and Programs     533
About Packages, Programs, Collections, Distribution Points, and Deployments     534
   Packages     534
   Programs     534
   Collections     535
   Distribution Points     535
   Deployments     536
   Combining the Use of Packages, Programs, Collections, and Deployments     536
Creating a Package     536
   Creating a Package from the Package Definition Wizard     537
   Package Properties     543
   Creating a Package with the New Package Wizard     559
   Custom Packages     562
   Repackaging Software     562
Avoiding Common ConfigMgr Software Packaging Issues     563
   Program and Package Properties     563
   Testing, Testing, Testing     563
Summary     564
Chapter 12  Creating and Managing Applications     565
ConfigMgr Applications Overview     566
   About Applications     566
   About Deployment Types     567
   About Detection Methods     569
   About User Device Affinity     569
About Creating Applications     571
   Creating a Windows Installer (MSI)-Based Application     571
   Application Properties     576
Creating Deployment Types     591
   Creating a Windows Installer-Based Deployment Type     592
   Creating an Application Virtualization Deployment Type     595
   Creating a Script-Based Deployment Type     599
Creating Detection Methods     602
   Detection Methods for Windows Installer Applications     602
   Other Detection Methods     604
   Custom Script Detection Methods     607
Managing and Creating Global Conditions     610
   Device Global Conditions     611
   User Global Conditions     612
   Custom Global Conditions     612
More About Managing Applications     617
   Adding Dependencies     617
   Managing Revision History     619
   Exporting and Importing Applications     620
   Superseding Applications     621
   Retiring and Deleting Applications     622
Package Conversion Manager     623
Summary     626
Chapter 13  Distributing and Deploying Applications     627
Creating and Managing Collections     628
   Direct Rule     630
   Query Rule     631
   Include Rule     634
   Exclude Rule     634
   About Incremental Updates     634
   User Collections Versus Device Collections     635
About Distribution Points     635
   Installing Distribution Points     637
   Distribution Point Groups     640
   Associating Collections with Distribution Point Groups     641
   Sending Content to Distribution Points     642
   Monitoring Distribution Point Status     642
   Updating Content on Distribution Points     645
   Refreshing Content on Distribution Points     646
   Removing Content from Distribution Points     646
   Validating Content     647
   Using BranchCache     647
    Preferred Distribution Points     648
   Prestaging Content     648
   Importing and Ex...

About the author

Kerrie Meyler, System Center MVP, is the lead author of numerous System Center books in the Unleashed series, including System Center Operations Manager 2007 Unleashed (2008), System Center Configuration Manager 2007 Unleashed (2009), System Center Operations Manager 2007 R2 Unleashed (2010), System Center Opalis Integration Server 6.3 Unleashed (2011), and System Center Service Manager 2010 Unleashed (2011). She is an independent consultant and trainer with more than 15 years of Information Technology experience. Kerrie was responsible for evangelizing SMS while a Sr. Technology Specialist at Microsoft, and has presented on System Center technologies at TechEd and MMS.

Byron Holt, CISSP and an IT professional for more than 15 years, has been a lead SMS and Configuration Manager engineer for several Global 5000 corporations and was part of the Active Directory and Enterprise Manageability support teams while working at Microsoft. Byron's experience includes software development, security architecture, and systems management. He currently works for McAfee managing internal deployment and validation. Byron coauthored System Center Configuration Manager 2007 Unleashed (Sams, 2009).

Marcus Oh, System Center MVP, is IT Manager of Directory and Systems Management for a large telecommunications provider, running directory services and management infrastructure for ~30,000 systems. He has been a MVP since 2004 in System Center, specializing in Configuration Manager and Operations Manager. Marcus has written numerous articles for technology websites as well as his own blog. He coauthored Professional SMS 2003, MOM 2005, and WSUS (Wrox, 2006), and was a contributing author to System Center Opalis Integration Server 6.3 Unleashed (Sams, 2011). Marcus is also a coauthor to the upcoming System Center 2012 Orchestrator Unleashed (Sams).

Jason Sandys, ConfigMgr MVP, is currently the Director for Solutions Engineering for Adaptiva (Adaptive Protocols, Inc.) where he is responsible for delivery of ConfigMgrcentric solutions. Jason was formerly a managing consultant for Catapult Systems Inc. and has more than 15 years of experience in a wide range of technologies, environments, and industries with extensive experience implementing and supporting SMS and Configuration Manager beginning with SMS 2.0. Jason is also active in the online support community, was a contributing author to System Center Configuration Manager 2007 Unleashed (Sams, 2009), and is a frequent presenter at Microsoft TechEd and MMS.

Greg Ramsey, ConfigMgr MVP, has worked with SMS and desktop deployment since 1998. He currently works for Dell, Inc., as a ConfigMgr administrator, and previously was a sergeant in the United States Marine Corps. Greg is a columnist for myITforum.com, cofounder of the Ohio SMS User Group and Central Texas Systems Management User Group, and creator of SMS View. Greg previously coauthored SMS 2003 Recipes: A Problem-Solution Approach (Apress, 2006) and System Center Configuration Manager 2007 Unleashed (Sams, 2009).
 
Contributing Authors:
Niall Brady, Samuel Erskine, Torsten Meringer, Stefan Schörling, Kenneth van Surksum, and Steve Thompson.