Configuration Manager 2012 SP1Overview

Nico Sienaertnico.sienaert@getronics.comSystem Center Program Lead

b-nicos@microsoft.comv-Technical Solutions Professional

@nsienaert

Configuration Manager Pilars

Empower Users

Empower people to be more productive from anywhere on

any device.

Simplify Administration

Improve IT effectiveness and efficiency.

Unify Infrastructure

Reduce costs by unifying IT management infrastructure.

Empower Users

Empower people to be more productive from anywhere on

any device.

Windows 8 devices

Windows 8 deployment

Unify Infrastructure

Reduce costs by unifying IT management infrastructure.

Simplify Administration

Improve IT effectiveness and efficiency.

Windows 8 apps

Windows Embedded and WTG

Heterogeneous devices

USE LITE TOUCH - LTI(MDT)

USE ZERO TOUCH - ZTI (SCCM & MDT)

DO YOU REQUIRE USER INPUT?

NO

USE ConfigMgr AND MDT WITH UDIYES

DO YOU HAVE ConfigMgr 2007?

Multiple Windows 8 Deployment Flavours

USE LITE TOUCH - LTI(MDT)

DO YOU HAVE ConfigMgr? YES

NO YES

NO

ConfigMgr & MDT better together!Before you start to script\create something on top of

ConfigMgr. Just have a look at MDT and there

is a big chance that the functionality is already in there!

OSD Specifics

• Windows PE 4.0

WinPE Components are listed

Only supported with SP1

• Task Sequence Deployment Types

Make Task Sequences visible (ex. Only via Windows PE)

• Skip Silverlight during Task Sequences

/SKIPPREREQ

• BitLocker ehancements

TPM and PIN

Used Space BitLocker

• Prestage Media

BEFORE only WIM; NOW Applications, Packages,...

Many types of devices

Windows 8

Heterogeneous Devices

Client Management: 2 solutions

Devices

Administrative Experience

Management Infrastructure

Windows PCs iOS, Android

EAS EAS

Client Management: Single Pane of Glass

Service Pack 1

Devices

Administrative Experience

Management Infrastructure

Windows RT, Windows Phone 8, iOS, Android

Windows 8(x86/64, Intel

SoC)

Mac OS X, Unix/Linux

Single pane of glass

Mobile Device Management in a glance

Feature iOS Windows RT Windows Phone 8

Android

Inventory Y Y Y Y

Settings Management

Y Y Y Y

Software Distribution

Y Y Y Y

Remote Wipe Y y Y y

Inventory and Remote Wipe specifics

• Hardware properties for mobile devices are collected through the Device Management Authority as well as Exchange ActiveSync (for Android)

• No software inventory for mobile devices to respect the Information Worker’s privacy on their own device

Wipe option depends on the platform and management type (EAS or native)

• Complete wipe and reset to factory defaults – iOS and WP8• EAS mailbox removal only - Android• Only EAS mailbox removal if managed through EAS - Windows RT or Pro (x86)• No wipe - Windows 7 and below (no change from wave C)

Inventory

Remote Wipe

App Delivery in the enterprise

Distribute applications to new platforms

• Support for Windows 8 , Windows RT and Windows Phone 8

• iOS devices managed through iOS MDM and can install LOB, Apple app store or web apps

• Android and WP7 devices are still managed by EAS, but can install LOB, Google play or web apps

TM

TM

Windows 8 App Delivery in the Enterprise

Self-Service Portal (SSP)

Side Load from Your Infrastructure

Windows 8

Download from Windows Store

Public Apps

Management Infrastructure Cloud

Custom LOB AppsApp Delivery

Windows RT

Troubleshoot Windows 8 App Deployment• Is side-loading enabled?

Make sure registry is enabled to allow trusted application installationHKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Appx\AllowAllTrustedApps = 1Right SKU, domain joined, or is it “activated”?

• Make sure code signing root certificate is installed on client“Trusted Root Certification Authorities” store

• Manually install signed application add-appxpackage \\fileserver\Contoso_Expense.appx [-DependencyPath <string[]>]

• Application management client side log files

About Side-Loading

• Can be enabled by joining machine to the domain

AllowAllTrustedApps = 1

• To enable sideloading on a Windows 8 Enterprise device that is not domain-joined, you must use a sideloading product activation key

Windows 8 Deep Link Deployment Type Goal: Enable ConfigMgr “enterprise application catalog” to help

discovery of business apps in Windows Store

Supports native application model features Targeting Recommendation: Users as available. Install/uninstall actions Dependency/Supersedence relationships User can browse the ConfigMgr application catalog and launch app installation from Windows

Store. Measure compliance on application with Windows app package DeepLink DT

Windows Store needs to be allowed and a Live ID is required

http://scug.be/nico/2012/10/31/configuration-manager-2012-sp1-windows-8-deep-link-issue/

Windows 8 AppsNico Sienaert

DEMO

Metered Connection Support

Block (default)• Treat a metered

network as disconnected

Limit• Allow policy polling • Uploads client state • User initiated

installations permitted (with warning)

• Deadline content downloads if deployment was set to allow

Allow• A metered network is

treated as if it were a non-metered network

• Still blocked while roaming

End User Experience

Windows To Go

Scenarios Contractors Bring Your Own Device Travel Light Shared PCs

Create Build a WTG image using

Configuration Manager

Provision Admin can push deploy WTG to a

removable device End User can pull provision WTG

Manage Updated and managed same as a

physical laptop/desktop Admin can determine if device is WTG

or not

Embedded Device Support in SP1

Natively extend to better support write filters

Embedded specific DCM extensions

OSD optimized for embedded devices

In short, WEDM 2012 is no more

User Data and Settings Management

• Consistent experience and access data on Windows

• New ConfigMgr feature to manage:• Client Side Caching• Roaming User Profiles• Folder Redirection

• ConfigMgr applies policies at user logon

• CcmUsrCse.log

Windows To Go &User Data Settings Mgmt

Nico Sienaert

DEMO

Unify Infrastructure

Reduce costs by unifying IT management infrastructure.

Reduced Infrastructure Requirements

Flexible hierarchy management

Content distribution changes

Real-time administrative actions

Endpoint Protection enhancements

Hierarchy Expansion

Primary Site

Current CorpPrimary Site10,000 Clients

Central Administration Site

Scenario 1: Hierarchy Expansion Must be a

new installation

Scenario 2:Merger

Primary Site

New Corp Primary Site5,000 Clients

Migration

Hierarchy Expansion

Primary Site

Current CorpPrimary Site10,000 Clients

Central Administration Site

Scenario 1: Hierarchy Expansion

Scenario 2:Merger

Primary Site

New CorpPrimary Site5,000 Clients

Migration

Primary Site

New Server

http://technet.microsoft.com/en-us/video/configuration-manager-2012-plan-deploy-and-migrate-from-configuration-manager-2007.aspx

Distribution Point in Windows Azure

• Provision from the admin console

• Most capabilities as on-prem. Except:• OSD and task sequences• Custom updates• App-V streaming

• Full BranchCache support• In console content monitoring• Ability to monitor storage and traffic out usage• Content is fully encrypted

http://blog.coretech.dk/kea/configmgr-cloud-distribution-points/

PR1

MP

MP DP

Windows Azure

Distribution Point

Microsoft Update

Policy

Content

FIREWALL

Corporate Network

Database Replication Control

• When: Schedule replication for a given link

• What: SQL Server distributed views• Hardware Inventory• Software Inventory and Metering• Status

• How much: Compression for SQL Server data

Software Update Point

• Multiple SUPs per site, also for non-trusted forests• Elimination of the requirement of NLB• Somewhat like MPs (SUP on scan failures <> MP randomized)• Client Features

• Redirection of clients to Windows Update• Intergration with Windows 8 Secure Boot • Streamlined Definition Updates (3x /day)• Merged Policies• Disable Client UI Completly• Real-time actions from the console

Fast Channel Client Notification

http://blogs.technet.com/b/configmgrteam/archive/2012/09/27/fast-channel-for-system-management.aspx

• The communication channel is push-based instead of dependent on the client policy polling interval. By using client notification, clients can establish a persistent connection with a management point.

• In SP1, all System Center Endpoint Protection operations and the “Download Computer Policy” client action are implemented by using this channel.

• If the connection is dropped (e.g. because of a network issue), notification agent will attempt to reconnect.

Real-Time ActionsNico Sienaert

DEMO

Simplify Administration

Improve IT effectiveness and efficiency.

End user client UI improvements

App-V 5.0

PowerShell

Alerts

Cross Platform Support

End User UI specifics

• Software Center multi-select support• Except for Task Sequences

• Firefox support

• Application Catalog• Complelty relies on Silverlight 5, no ActiveX

anymore

Application Virtualization

App-V 4.6 SP2 support:Needed for Windows 8Same feature functionality

App-V 5.0:New Deployment Type for App-V 5.0 applicationsIntegrated with App-V Connection

• Easy “Dynamic Suite Composition” with Connection Groups

• 2 supported versions

Powershell & Alerts

• ConfigMgr PowerShell provider• Can be launched from the Admin Console • Requires PowerShell 3.0 • Examples:

• Get-CMDeployment• New-CMDeviceCollection• Set-CMAlert• Remove-CMSoftwareUpdate

• All alert types support email notifications

• not only antivirus anymore• Admin can ignore specific alerts

Connection Groups, multi-select & Powershell

Nico Sienaert

DEMO

Cross Platform principles

• All configuration management from ConfigMgr console and workflows

• Focus on Linux and UNIX server configuration management scenarios

• Manage company owned Macs and allow for personal Macs

• Stay current - support most recent and relevant platforms

• Prioritize machine centric scenarios

• Do not require domain join for management

Supported Operating Systems

Mac Client Linux Server UNIX Server

OS X Red Hat SUSE AIX HP-UX Solaris

Configuration Manager2012 SP1

Endpoint Protection2012 No Plans

MAC OS X Specifics Configuration Manager native client

10.6 (Snow Leopard) 10.7 (Lion)

PKI Required Deploy machine certs HTTPS Enrollment points CMENROLL

No Client PushNo Pull method for MACCMAPPUTIL

This tool will help to put MAC files (dmg, mpkg, pkg & app) into a format that ConfigMgr understands (DT MAC OS X)

http://www.jamesbannanit.com/2012/10/enrol-mac-os-x-clients-in-configuration-manager-2012-sp1/

http://www.jamesbannanit.com/2012/11/deploy-os-x-applications-with-configuration-manager-2012-sp1/

MAC OS X FeaturesFeatures :• Discovery – Find Mac’s in Active Directory and the Network• Hardware Inventory – Inventory and audit Mac OS X machines• Software Inventory – Determine list of installed software • Settings Mgmt - Ensure Mac OS X machines comply with

company policies• Application Deployment- required/push software distribution

via app model• Software Updates Mgmt – via Software Distribution and

Settings mgmt.

Out of scope:• Self Service Software Portal – Ability for user to select what

software to install• Operating System Deployment • Remote Control -> achieved through Lync (desktop sharing), or

other 3rd party solutions

Supported Linux\Unix OS’s

Solaris

Version 9 (SPARC)

Version 10 (SPARC/x86)

Version 11 (SPARC/x86)

Red Hat Enterprise Linux

Version 4 (x86/x64)

Version 5 (x86/x64)

Version 6 (x86/x64)

<all>

HP-UX

Version 11iv2

(PA-RISC/IA64)

Version 11iv3

(PA-RISC/IA64)

AIX

Version 5.3 (Power)

Version 6.1 (Power)

Version 7.1 (Power)

SUSE Linux Enterprise Server

Version 9 (x86)

Version 10 SP1

(x86/x64)

Version 11 (x86/x64)

<all>

Linux \ Unix

• Newer versions of OS will be supported within 180 days of release

• Old versions supported as long as vendor provides support

• Broader Linux support being evaluated for future releases

• Hardware Inventory

• Software Deployment• Using the Package and Program model• Deploy/patch software, deploy OS patches and run

maintenance scripts that target a collection

• No Settings Management (yet)

• Consolidated reports

Linux \ Unix

• Client Push is not supported• Mount the CM Client Files on a folder local to the Linux• Install the Agent• Unmount

• Commands• Install command: ./install -mp <Server FDQN> -sitecode <XXX>

INSTALLER.tar• Pol policy: same defaults (1 hour) or run Ccmexec -rs policy

• Ccmexec -rs hinv

Linux Red Hat 6.3

Endpoint Protection for MAC\Linux

Features:• Anti-virus and Anti-malware support• Machines connect directly to internet service for security content• Client UI for user visibility and control• SCOM monitoring pack for Linux with management control

Platforms:• Apple Mac (10.6-10.7). • Linux Server: Redhat Enterprise 6, SuSE Linux 11

Download, Support and License:• Available now on Microsoft Volume License site• Licensed as part of core CAL

SCEP Linux Monitoring Pack

Summary of cross platform supportFeature UNIX/Linux Mac

Hardware Inventory

Inventory of Installed Software (OS Native - like ARP)

Software Deployment: Software, Updates, OS patches

Secure and Authenticated communications Integrated reporting Settings Management (aka DCM) Internet-Based Client Management (IBCM) Remote Control 3rd party Lync client

Push Install of Native Agent OS Deployment with OS native tools ConfigMgr integrated Update management

Supported Not Supported

MISC

• Recover Secondary Site from the Sites node

• Always On Always Connected

• Support of SQL Server 2012

• Package Conversion Manager 2.0

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Thank you!