Adwait Joshi

November 2, 2011

Community Evaluation Program

System Center 2012 Configuration Manager Release Candidate-What’s New

cmcep@microsoft.com

Meeting Logistics

• Keep microphones on mute

• Use chat window in Lync for questions

• We will have time at end for any remaining questions

• This meeting will be recorded

Adwait Joshi

November 2, 2011

Community Evaluation Program

System Center 2012 Configuration Manager Release Candidate-What’s New

cmcep@microsoft.com

System Center 2012 Configuration Manager Release Candidate Availability

• ConfigMgr RC available for trial−

http://blogs.technet.com/b/server-cloud/archive/2011/10/27/system-center-2012-configuration-manager-release-candidate-is-here.aspx

• RC for additional tools− Download Package Conversion Manager RC− Download the Configuration Manager P2V Migration Toolkit

ConfigMgr RC Changes Overview

• Key Features− Endpoint Protection

Integration− Application

‘Deployment Simulation’ (Pre-Flight)

− Improved Discovery

• DCRs, Bug Fixes, More…

5

System Center 2012 Endpoint Protection Integration (formerly known as Forefront Endpoint Protection 2012)

• Fully integrated setup and management

• Key Features− Expedited malware events:

client to admin within 5 minutes

− Built-in security admin role− Network-friendly definition

deployments− Improved scalability and

reliability − Simpler to setup and operate− Email subscriptions for alerts

6

System Center 2012 Endpoint Protection Overview Demo

Application Simulated Deployment (“Preflight”)• Goal: Confidence in moving to state based

dynamic applications− Did I do detection method right? − Did I get rules/relationships right? − What will my deployment type mix be?

• What it does: Runs application as required in “rules only” mode− No content download, no execution of deployment type− Results – what would the system have done?

− Processes detection method, requirement rules, dependencies and supersedence

− Does NOT simulate the install!

DCR

Technet video on Simulated Deployment- http://technet.microsoft.com/en-us/edge/video/systemcenter-2012-configuration-manager-how-do-i-video-series-simulated-application-deployment

Feature AreasA quick overview

Hierarchy

• FQDN throughout the product• All ConfigMgr Replication through Data

Replication Service (DRS)(No more SQL transactional replication)

• Replication Link Analyzer (in RC)• Cross forest support - untrusted forests

for site system roles (not site servers)• Secondary site content routing (one

layer)• SQL Configuration Options: Ports,

Instances• MP replica support

DCR

DCR

10

Performance

• Scalability and performance improvements throughout the product:− General console operation− Replication− State and Status messages (alerting)− Discovery Data Processing− Application Catalog

11

UI and Admin Console

• Ability search via dates (e.g. last x days)• Added security scopes into the listview with

filter/sort/search• Only one admin console installer - 32 bit• Improved multi-lingual support, including

server setup• Reporting

− Reports are grouped by folders in the UI− Report Folder “Show-Me” - Folders are now

associated with security role permissions

DCR

DCR

DCR

DCR

12

Applications

• Application Catalog:− Ability to change application catalog color scheme− Updated Application Catalog appearance− Catalog tables update on a schedule, (3 minutes –

24 hours). "Run Now" action to force immediately

• Software Center− Ability to filter by type of deployment

(applications, operating systems, updates)− Ability to show or hide optional deployments

DCR

DCR

DCR

13

14

Software Center

15

Software Center

Software Center

16

Application Catalog

17

Monitoring and Discovery• Monitoring

− Alerts now have subscriptions with email− Added an "Endpoint Protection Status" node

• Discovery− Add Forest Discovery− Remove System Group Discovery− Rename Security Group Discovery to Group

Discovery− Change the responsibility of

− Group discovery: Discover groups and membership of these groups

− System Discovery: Discover basic information of computers and OU of these computers

− User Discovery: It is responsible for Discover basic information of users and OU of these users

DCR

18

Delta Discovery Group discovery

• Discover security groups and distribution groups.

• Discover membership of groups, including both user and computers

• Support specifying individual groups as the discovery scope. (Recommended)

• Detect any changes of group membership

DCR

DCR

19

Changes in Active Directory Beta 2 RCP

New ComputerNew User

Computer basic information changedUser basic information changed

Computer added to a group

User added to a group

Computer removed from a group

User removed from a group

Stale Computer Filtering

• Based on two Active Directory attributes:−Lastlogontimestamp: Record the last

logon timestamp of the computer. It requires Domain function level >= Windows Server 2003

−Pwdlastset: Record the last time when the computer changes its password. By default Active Directory policy enforces each computer changing password every 30 days.

20

Client Settings and DCM

• Compliance Settings Management (DCM):− Baseline remediation can now be limited

to maintenance windows (default)− Baseline deployments can now generate

Operations Manager alerts− Ability to create dynamic collections from

baseline compliance (RC)

• Client Settings− Custom Client Settings can now be

exported and imported (Not just for default)

DCR

21

Client Health

• Client health:− Rule checks expanded from 12 to 21 including:

− WMI service WMI Repository Integrity− BITS service ConfigMgr client,

prerequisites install− SMS Agent Host service ConfigMgr Remote Control service− Antimalware service (EP) Network Inspection (EP)− Windows Update Agent

− Client health state is now live data (versus summarized)

− Can disable automatic remediation of client health via Registry (e.g. Mission critical systems such as servers)

DCR

DCR

22

Other

• Remote Control:− Ability to have agent create required Windows

firewall exemptions− Remote Control Viewer shortcut in the

ConfigMgr program group− Agent is disabled by default

• Platform Support:− Added platform support for

− Windows Embedded 7 SP1− POSReady 7− Windows 7 Thin PC− Windows Embedded Compact 7

23

Other

• Embedded Device Management− Ability to use task sequences to manage write filter enabled systems

• Tools:− RBA modeling tool:

− Live modeling of security roles and assignments− Authoring and modeling of custom security roles

− Replication Link Analyzer (post RC)

24

Call to Action

• Download and evaluate ConfigMgr RC in test environment

• Refer to the latest technical documentation: http://technet.microsoft.com/en-us/library/gg682129.aspx

• Continue to participate in the Community activities and share your feedback and best practices

Thanks!

Community Evaluation Program

System Center 2012 Configuration Manager

cmcep@microsoft.com

NEXT MEETING: November 16, 2011

Endpoint Protection Deep Dive