Skip to main content

Mastering System Center 2012 R2 Configuration Manager

Mastering System Center 2012 R2 Configuration Manager

Santos Martinez, Peter Daalmans, Brett Bennett

ISBN: 978-1-118-82170-1

Mar 2014

936 pages

Description

Invaluable coverage on all aspects of System Center 2012 R2 Configuration Manager

Completely updated for System Center 2012 R2 Configuration Manager, this comprehensive book provides intermediate and advanced coverage of all aspects of the product, including planning and installation, migrating from previous versions of Configuration Manager, deploying software and operating systems, security, monitoring and troubleshooting, and automating and customizing.

  • Provides numerous real-world scenarios to show you how to use the tool in various contexts
  • Explores planning and installation and migrating from SCCM 2007
  • Walks you through deploying software and operating systems, security, monitoring, and troubleshooting
  • Demonstrates automating and customizing SCCM 2012 with scripts

This essential book provides you with all the information you need to get savvy with System Center 2012 R2 Configuration Manager.

Related Resources

Instructor

Request an Evaluation Copy for this title

Introduction  xxiii

Chapter 1 • Overview of Service Management  1

Understanding IT Service Management  1

Exploring the IT Infrastructure Library  2

Select ITIL Functions and Processes  5

Exploring the Microsoft Operations Framework 9

Select MOF Service Management Functions  10

Overview of System Center Configuration Manager 12

Configuration Manager Features 12

Summary 20

Chapter 2 • Planning a Configuration Manager Infrastructure  21

Gathering Deployment Intelligence  21

Determining What You Need to Accomplish  22

Describing the Network 23

Describing Your Migration Needs 23

Planning the Configuration Manager Environment  24

System Requirements 24

Extending the Active Directory Schema 37

Hierarchies and Sites  38

Site Boundaries and Boundary Groups 44

Site System Roles 45

Best Practices for Site System Design 47

SQL Considerations  49

Site Communications 50

Site Security Mode  51

Discovery of Your Resources  51

Client Settings and Client Deployment 52

Content Management 52

Role-Based Administration 53

Migration  54

Disaster Recovery 56

Designing Your Configuration Manager Environment 56

Planning the Configuration Manager Hierarchy  58

Planning Configuration Manager Site Systems 59

Planning Configuration Manager Clients  59

Determining How to Deploy Configuration Manager 60

Building a Proof-of-Concept Environment 60

The Bottom Line 64

Chapter 3 • Migrating to Configuration Manager 2012  65

Introducing Migration 66

Migration Functionality in Configuration Manager 2012 67

Source Hierarchy  67

Data-Gathering Process 68

Migration Job Types 68

Objects Not Supported for Migration  79

Distribution Point Sharing  79

Planning a Migration 80

Preparing Your Migration 81

Planning Your Migration Strategy 81

Performing the Migration 83

Using the Side-by-Side Migration Strategy 83

Using the Wipe-and-Load Strategy 100

Upgrading the Configuration Manager Console 100

Post-Migration or Installation Considerations 101

Migrating Packages to the New Application Model 103

What Is Package Conversion Manager?  103

The Conversion Process 104

The Conversion Process Steps 109

Package Conversion Manager Best Practices 110

Monitoring Conversion  110

Migrating Branch Offices with the Physical-to-Virtual Migration Toolkit 111

Requirements 112

P2V Migration Scenario 112

The Task Sequence  113

Steps for Using the Configuration Manager 2012 P2V Migration Toolkit 113

The Bottom Line 120

Chapter 4 • Installation and Site Role Configuration  121

Understanding Configuration Manager 2012 R2 Site Types 122

Implementing Site Servers  125

Software Requirements 125

Implementing a Central Administration Site 127

Implementing a Primary Site  136

Implementing a Secondary Site  140

Verifying Proper Site Installation 147

Troubleshooting a Configuration Manager 2012 R2 Site Installation 154

Unattended Installation 157

Installing Site System Roles  160

Understanding Configuration Manager 2012 R2 Site System Roles  163

Component Server  165

Distribution Point 165

Management Point  178

Site Database Server 183

Site Server 184

Site System 184

System Health Validator Point  184

State Migration Point  186

Fallback Status Point  189

Out of Band Service Point  191

Reporting Services Point 193

Application Catalog Web Service Point and Application Catalog Website Point  195

Enrollment Point and Enrollment Proxy Point 199

Software Update Point 203

Endpoint Protection Point 209

Asset Intelligence Synchronization Point 210

The Bottom Line 212

Chapter 5 • Cloud Integration 213

Windows Azure Integration 214

Management Certificate for Site Server to Distribution Point Communication 215

Creating a Cloud Distribution Point 215

Creating and Exporting the Management Certificate 216

Creating the Service Certificate Template 219

Requesting and Exporting the Service Certificate  220

Uploading the Management Certificate to Windows Azure 222

Creating the Cloud Distribution Point  222

Configure Name Resolution for Cloud-based Distribution Points 225

The Bottom Line 225

Chapter 6 • Client Installation  227

Creating Client Settings  227

Supported Operating Systems  232

Discovering Network Objects  234

Active Directory Discovery Methods  235

Configuring Boundaries and Boundary Groups  244

Client Installation Methods  247

Command-Line Properties  247

Manually Installing the Client     252

Client Push 253

Group Policy  257

Software Update 257

Software Distribution 258

Logon Script Installation 258

Imaging  258

Installing Linux/Unix Clients  259

Installing a Mac Client 262

Verifying Client Installation 265

Troubleshooting a Client Installation 266

Ensuring Client Health 266

Automatic Client Remediation 266

Determining Client Health 267

Monitoring Client Status 268

Configuring Alerts 268

Automatic Client Upgrade 270

The Bottom Line 271

Chapter 7 • Client Health 273

Understanding the Client Health Mechanism  273

Scheduled Task  274

CCMEval Process  279

Client Health Evaluation: Results  283

Configuring Client Health 284

Monitoring: Client Status  286

Alert: Client Health  287

The Bottom Line 289

Chapter 8 • Application Deployment  291

What’s New in Application Deployment?  291

Distribution Point Changes 293

Applications: Application References  296

Deployments  296

Dependencies for Application Deployment 299

Management Point  299

Distribution Point 299

Default Client Settings 300

Elements of Application Deployment 308

Applications 308

Deployment Types  308

Deployments  310

The Application Deployment Process 310

Create Application Wizard  311

Creating an Application with PowerShell  314

Options for Application Deployment: the Ribbon  314

Exploring the Sample Application 319

Exploring the Deployment Type  323

Create Deployment Wizard 333

Application Deployment—Client Experience  339

Application Deployment—Advanced Configurations 343

User Device Affinity 355

Troubleshooting Application Deployment 358

The Bottom Line 361

Chapter 9 • Software Updates 363

What’s New in Software Updates     364

Prerequisites for Software Updates 366

Elements of Software Updates 367

Software Update Point 367

Software Updates Agent  368

Software Updates Metadata  368

Software Update Files  369

Software Update Objects 369

Software Update Groups 371

Deployment Templates  371

Deployment Packages  372

Deployments  373

Automatic Deployment Rules 374

System Center Updates Publisher  376

The Software Update Process in Configuration Manager 376

Synchronization  376

Compliance  377

Deployment 378

Planning to Use Software Updates in Configuration Manager  380

Determining What Needs to Be Accomplished 380

Role-Based Administration 393

System Center Updates Publisher  394

Testing in an Isolated Lab  395

Configuring Software Updates  396

Configuring the Software Updates Client Agent  396

Installing Windows Server Update Services 30 Server  398

Installing the Windows Server Update Services 30 SP2 Administrative Console  402

Setting Up the Software Update Point  402

Configuring Software Updates Settings and Synchronization 414

Synchronizing Updates with Export and Import  418

Preparing Software Updates for Deployment 419

Finding the Software Updates to Be Deployed  420

Downloading Software Updates  424

Creating a Software Update Group 427

Deploying Software Updates with the Deploy Software Updates Wizard  427

Using System Center Updates Publisher  436

Installing System Center Updates Publisher  436

Configuring System Center Updates Publisher 436

Using System Center Updates Publisher 438

Third-Party Updates in Configuration Manager 443

Monitoring Software Update Deployments 445

In-Console Monitoring 445

Reporting 448

The Bottom Line 450

Chapter 10 • Operating System Deployment  451

What’s New in Operating System Deployment  451

Planning for OSD with Configuration Manager 2012  452

Deployment Scenarios 452

The Kind of Images to Deploy  452

Operating System Deployment Components 453

User Device Affinity 459

Deployment Process  460

Prepare for Operating System Deployment 460

Build and Capture an Operating System  460

Deploy an Operating System  460

Preparing Configuration Manager 2012 for Operating System Deployment 461

Configuring the Network Access Account 461

Configuring the State Migration Point Role 462

Configuring PXE on Distribution Points  464

Distributing the Boot Image Package  466

Enabling Boot Images for PXE  467

Adding Operating System Source 468

Developing a Task Sequence for Creating a Capture Image 471

Task Sequences Used with PXE Boot 471

Task Sequences Used with Media Boot 475

Capturing an Operating System Image  477

Building and Capturing Automatically  477

Capturing a Reference Computer  480

Deploying an Image 482

Adding a Captured Image 482

Distributing and Deploying the Image 483

Developing a Task Sequence for Deployment  483

Deploying the Task Sequence 487

Deploying the Operating System on Bare Metal 492

Importing Computer Information 492

Creating a Task Sequence for the Bare-Metal OSD 493

Deploying the Bare-Metal Task Sequence  494

Installing Device Drivers into OSD 497

Using User Device Affinity 500

Manually Configure a Primary User for a Device 500

Manually Configure a Primary Device for a User  501

Configure a Site to Automatically Create User Device Affinities 501

Import User Device Affinities 502

Enable Users to Configure Their Primary Device 503

Pre-deploy User Applications 503

Deploying Windows To Go  504

Creating a Prestaged Media for the Task Sequence  504

Creating a Windows To Go Creator Package 506

Update the Task Sequence to Enable BitLocker 507

Running the Windows To Go Package  509

Microsoft Deployment Toolkit 2013  510

Installing Microsoft Deployment Toolkit 2013 510

Integrating the Deployment Toolkit 511

Creating a New Boot Image  512

Creating a Deployment Toolkit Task Sequence  513

Using a Replace Scenario 515

Deploying a Virtual Hard Drive  516

Creating a VHD Task Sequence  516

Creating a Virtual Hard Disk 517

Managing the Virtual Hard Disk 519

Servicing Your Operating System Images and VHDs Offline  520

Support for Legacy Boot Images  522

Maintaining the User State 524

The Bottom Line 525

Chapter 11 • Inventory and Software Metering 527

Inventory in Configuration Manager 2012 527

Collecting Hardware Inventory 528

Collecting Software Inventory  533

Using Resource Explorer to View Inventory  535

Scheduling Inventory 536

Configuring Inventory 537

Configuring Software Inventory for a Configuration Manager Site  542

Troubleshooting Inventory  550

Software Metering in Configuration Manager 2012 553

Overview of Software Metering 553

Configuring Software Metering 553

The Bottom Line 562

Chapter 12 • Asset Intelligence  563

Requirements for Asset Intelligence 563

Client Agent Prerequisites 564

Maintenance Tasks 564

Windows Ekvent Log Settings  565

Elements of Asset Intelligence 566

Asset Intelligence Catalog 566

Asset Intelligence Validation States 568

Asset Intelligence Synchronization Point 569

The Asset Intelligence Home Page 569

Asset Intelligence Reports 571

Configuring Asset Intelligence  575

Enabling Asset Intelligence 575

Import Software License into Asset Intelligence  578

Importing Software License Information 579

Creating the Microsoft Volume License Statement 579

Creating the General License Statement 580

The Bottom Line 581

Chapter 13 • Reporting  583

Installing SQL Server Reporting Services  584

Considerations for Installing SQL Server Reporting Services  585

Installation of the Reporting Services Site System  586

Default Reports 590

Running a Report 593

Viewing Available Reports  593

Running a Report from the Administrative Console 593

Running a Report from Report Manager  594

Working with Reporting Security 596

Permissions Required to Run Reports  596

Managing Reports  601

Working with Subscriptions 609

Creating Reports  611

Basic SQL Commands  612

Report Models 613

Creating a Report Using Report Builder  613

Creating a Report Using Business Intelligence Development Studio  616

Moving Reports 619

Linked Reports  619

Importing and Exporting Reports 620

Importing Reports  620

Exporting Reports 621

The Bottom Line 621

Chapter 14 • Compliance Settings  623

Overview of Compliance Settings 623

What’s New in Configuration Manager 2012 R2?  624

What Can You Do with Compliance Settings? 625

Configuration Items  625

Configuring Compliance Settings Client Settings  627

Creating Configuration Items  628

Name, Description, and Category  629

Choosing a Detection Method  631

Creating and Validating a Setting  632

Building a Configuration Baseline  639

Creating the Initial Baseline  639

Baseline Rules  640

Assigning the Configuration Baseline to Clients  643

Additional Configuration Baseline Options 644

Client Validation of Compliance Baseline Rules  644

Compliance Settings Reporting 646

Importing Configuration Packs 647

User Data and Profiles 650

Remote Connection Profiles 654

Company Resource Access 656

Certificate Profiles 656

VPN Profiles  660

Wi-Fi Profiles 665

The Bottom Line 668

Chapter 15 • System Center Endpoint Protection  669

Differences between FEP and SCEP   669

Additional Benefits of SCEP 670

Deployment 670

Protection 670

Monitoring 672

Security 672

Endpoint Protection Site System Role 672

Endpoint Protection Client Agent 675

Endpoint Protection Policies  679

Antimalware Policy  679

Windows Firewall Policy 685

Assigning Policy 687

Definition Files 687

Alerts  690

Reporting 693

Client Notifications  694

The Bottom Line 699

Chapter 16 • Mobile Device Management  701

What’s New in Mobile Device Management 701

Mobile Device Management Options 702

Lite Management  705

Depth Management via Client  715

Depth Management via Windows Intune  728

Managing Mobile Devices  742

Device Settings Management 742

Wipe vs Selective Wipe 769

Troubleshooting 771

The Bottom Line 772

Chapter 17 • Role-Based Administration  773

Overview of Role-Based Administration 773

Using Security Roles and Security Scopes   774

Managing with Flat Hierarchies  774

Security Roles 774

Security Scopes 778

Creating a Custom Security Scope 779

Assigning Resources to a Security Scope 781

Viewing Security Scope Objects 783

Collections 784

Using Collections  784

Understanding the Default Collections 785

Administrative Users  785

RBA Viewer 793

The Bottom Line 795

Chapter 18 • Disaster Recovery  797

Planning for Disaster Recovery 797

What Is Not Included in the Backup 798

Backing Up Configuration Manager 801

Backup Considerations for the Central Administration Site 801

Copying Site Backups to Another Location  802

Archiving the Backup Snapshot to Another Server with AfterBackupbat 802

Windows Application Log Entries Created by the Backup Process 804

Configuring the Backup ConfigMgr Site Server Maintenance Task 805

Restoring Configuration Manager  807

Understanding the Effects of a Site Failure  808

Recovering a Configuration Manager Site  809

Recovering Configuration Manager  811

How to Start a Recovery Process  811

Recovering a Central Administration Site  811

Recovering a Primary Child Site  817

Recovering a Primary Standalone Site  817

Recovering a Secondary Site 818

Recovery Scenarios for Multisite Environments 818

Unattended Recovery of a Site 818

Other Site Maintenance Options 819

The Hierarchy Maintenance Tool  819

Post-Recovery Tasks 821

The Bottom Line 824

Chapter 19 • Troubleshooting 827

Creating the Maintenance Plan 827

Using Troubleshooting Tools         832

Log Files 832

Status Messages 837

Troubleshooting Configuration Manager Deployment 845

Troubleshooting Configuration Manager Database Replication  845

Data Types  847

DRS Initialization 848

Additional Tools 852

Server-Based Tools  852

Client-Based Tools  856

The Bottom Line 860

Appendix • The Bottom Line 861

Chapter 2: Planning a Configuration Manager Infrastructure 861

Chapter 3: Migrating to Configuration Manager 2012 862

Chapter 4: Installation and Site Role Configuration 865

Chapter 5: Cloud Integration  867

Chapter 6: Client Installation 867

Chapter 7: Client Health  869

Chapter 8: Application Deployment   869

Chapter 9: Software Updates  870

Chapter 10: Operating System Deployment 871

Chapter 11: Inventory and Software Metering  872

Chapter 12: Asset Intelligence  873

Chapter 13: Reporting  874

Chapter 14: Compliance Settings 875

Chapter 15: System Center Endpoint Protection 877

Chapter 16: Mobile Device Management  878

Chapter 17: Role-Based Administration 879

Chapter 18: Disaster Recovery 880

Chapter 19: Troubleshooting  881

Index 883