HAPPY BOOKSGIVING
Use code BOOKSGIVING during checkout to save 40%-55% on books and eBooks. Shop now.
Register your product to gain access to bonus material or receive a coupon.
This PDF will be accessible from your Account page after purchase and requires PDF reading software, such as Acrobat® Reader®.
The eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
This is the comprehensive reference and technical guide to Microsoft System Center Configuration Manager 2012. A team of expert authors offers step-by-step coverage of related topics in every feature area, organized to help IT professionals rapidly optimize Configuration Manager 2012 for their requirements, and then deploy and use it successfully. The authors begin by introducing Configuration Manager 2012 and its goals, and explaining how it fits into the broader System Center product suite. Next, they fully address planning, design, and implementation. Finally, they systematically cover each of Configuration Manager 2012's most important feature sets, addressing issues ranging from configuration management to software distribution. Readers will learn how to use Configuration Manager 2012's user-centric capabilities to provide anytime/anywhere services and software, and to strengthen both control and compliance. The first book on Configuration Manager 2012, System Center Configuration Manager 2012 Unleashed joins Sams' market-leading series of books on Microsoft's System Center product suite: books that have achieved go-to status amongst IT implementers and administrators worldwide.
Foreword by Wally Mead xxix
Introduction 1
PART I: Configuration Manager Overview and Concepts
Chapter 1 Configuration Management Basics 7
Ten Reasons to Use Configuration Manager 8
The Evolution of Systems Management 9
Hurdles in the Distributed Enterprise 10
The IT Automation Challenge 10
Configuration “Shift and Drift” 11
Lack of Security and Control 11
Timeliness of Asset Data 12
Lack of Automation and Enforcement 12
Proliferation of Virtualization and Cloud Computing 12
Lack of Process Consistency 13
The Bottom Line 13
Systems Management Defined 14
Microsoft’s Strategy for Service Management 15
Microsoft’s Dynamic Systems Initiative 16
IT Infrastructure Library and Microsoft Operations Framework 19
Total Quality Management: TQM 24
Six Sigma 24
Service Management Mastery: ISO 20000 24
Optimizing Your Infrastructure 25
Overview of Microsoft System Center 29
Reporting in System Center 30
Operations Management 31
Service Management 31
Protecting Data 32
Virtual Machine Management 32
Deploy and Manage in the Cloud 33
Orchestration and Automation 33
Cloud-Based Configuration Monitoring 34
Endpoint Protection 34
The Value Proposition of Configuration Manager 34
Summary 35
Chapter 2 Configuration Manager Overview 37
The History of Configuration Manager 37
Systems Management Server 1.x 38
Systems Management Server 2.0 38
Systems Management Server 2003 39
System Center Configuration Manager 2007 41
System Center 2012 Configuration Manager 42
Terminology in Configuration Manager 42
Site Hierarchy 43
Site 44
Site Systems 46
Senders 48
Addresses 49
Configuration Manager Discovery Types 49
Configuration Manager Agent 50
Configuration Manager Console 51
Collections 52
Queries 52
Alerts 53
Status System 53
Managing Applications 54
Content Management 57
Software Update Management 59
Compliance Settings 59
BITS 59
Software Metering 60
Network Access Protection 60
BranchCache 61
Reporting 61
What’s New in This Version 62
64-Bit Site System Requirements 62
User-Centric Management 62
Applications and Packages 63
Hierarchy Changes 63
New Configuration Manager Console 64
Enhancements to BITS 64
Application Catalog 64
Extended Mobile Device Management 65
Management Point Enhancements 65
Boundary Changes 65
Fallback Site 66
Centrally Managed Client Settings 66
Role-Based Administration 66
Backup and Recovery 66
Collection Changes 67
Client Health Status Enhancements 68
Compliance Settings Changes 68
Remote Control Improvements 69
Hardware Inventory Improvements 69
Power Management Improvements 70
Software Updates Improvements 72
Improved End User Experience 73
Content Library 73
Operating System Deployment 73
Distribution Point Changes 74
System Center 2012 Endpoint Protection Integration 75
Feature Dependencies of System Center 2012 Configuration Manager 75
Summary 77
Chapter 3 Looking Inside Configuration Manager 79
Design Concepts 80
Active Directory Integration 81
Schema Extensions 81
Additional Active Directory Benefits 90
A WMI Primer 91
WMI Feature Set and Architecture 91
Inside the WMI Object Model 95
Managing WMI 98
Looking Inside the CIMV2 Namespace 103
WMI in ConfigMgr 111
ConfigMgr Client Namespaces 111
Hardware Inventory Through WMI 112
Additional Client Operations Through WMI 116
WMI on ConfigMgr Servers 120
Components and Communications 124
Inside the ConfigMgr Database 133
ConfigMgr Tables and Views 133
Using SQL Server Management Studio 134
Viewing Detailed Process Activity 138
SQL Replication Crash Course 146
Configuration Manager Database Replication 148
File-Based Replication 154
Summary 157
PART II: Planning, Design, and Installation
Chapter 4 Architecture Design Planning 161
Developing the Solution Architecture 161
Establishing Business Requirements 162
Assessing Your Environment 163
Planning for Licensing 165
Hierarchy Planning 167
Configuration Manager Sites 167
Planning Your Hierarchy Structure 169
Planning Boundaries and Boundary Groups 170
Choosing Client Discovery and Installation Methods 172
Defining Your Client Architecture 174
Planning for User-Centric Management 178
Planning Content Management 178
Planning for Infrastructure Dependencies 180
Active Directory Considerations 180
Planning Certificate Services 183
Site Planning 186
Site Servers and Site Systems Planning 186
Capacity Planning 188
Developing the Server Architecture 189
Planning for Solution Scenarios 190
Software Update Planning 190
Planning for Internet-Based Clients 193
Out of Band Management Planning 195
Testing and Stabilizing Your Design 197
The Proof of Concept 198
The Pilot Deployment 204
Summary 204
Chapter 5 Network Design 205
Understanding Your Network 206
Configuration Manager Data Flow . 206
Intrasite Server Communications 208
Communications with SQL Server 208
Communications Using RPC 209
Communications Using SMB 209
Replication of Deployment Content Refresh Data 213
Site System Communications Using HTTP and HTTPS 214
Other Server Communications 214
Client to Server Communications 214
Client Ports and Protocols 215
Reasons for Changing Ports 215
Initial Communication 221
Identifying and Contacting the Client’s Assigned Site 222
Client Protocols 222
Planning for Network Access Protection 224
Site-to-Site Communications 225
Database Replication 225
File-Based Replication 226
Data Priorities 227
Fast Network and Slow Network Boundaries 227
Use of BITS 229
BITS Versions for ConfigMgr Clients 230
Modifying BITS Functionality Through Group Policy 231
Modifying BITS Functionality Within ConfigMgr 232
Comparative Advantages of Group Policy and ConfigMgr Settings for BITS 233
Systems with Multiple Interfaces and File Integrity Checking 233
ConfigMgr and BranchCache 234
Server and Site Placement 236
Deploying Servers to Support Internet-Based Clients 237
Using a Dedicated Site for Internet Clients 238
Allowing Site-to-Site Communications Across an Inner Firewall 239
Having a Site Span the Internal Network and Perimeter Network 240
Using Web Proxies and Proxy Enrollment Points 240
Intermittently Connected Users 241
Network Discovery 241
Discovering Network Topology 243
Topology and Client Discovery 245
Discovering Topology, Client, and Client Operating Systems 245
Troubleshooting ConfigMgr Network Issues 246
Network Configuration Issues 247
Basic Connectivity Problems 247
Name Resolution Issues 248
Blocked or Unresponsive Ports 249
Timeout Issues 250
Identifying Network Issues Affecting ConfigMgr 250
Summary 259
Chapter 6 Installing System Center 2012 Configuration Manager 261
Configuring Pre-Installation Requirements 261
Windows Components 262
Supported SQL Server Requirements 263
Validating and Configuring Active Directory Requirements 265
Windows Server Update Services 265
Prerequisite Checker 265
Using the Prerequisite Files Downloader 269
Performing Site Installations 270
Installing the Central Administration Site 271
Installing Primary Sites 278
Installing Secondary Sites 288
Installation Validation 294
Site Properties 296
Initial Configuration 296
Installing Optional Site Systems 301
Uninstalling Sites 309
Uninstalling Primary Sites 309
Uninstalling Secondary Sites 312
Uninstalling a Full Hierarchy 314
Troubleshooting Site Installation 315
Summary 316
Chapter 7 Migrating to System Center 2012 Configuration Manager 317
About Migration 318
Migration Background and Introduction 318
Migration, Not an Upgrade 319
Planning the Migration 320
Central Site and Hierarchy Concepts in 2012 320
About Site Mode 321
What Is Migrated 321
What Is Not Migrated 323
Pre-Migration Activities 324
Coexistence Considerations 327
Migrating Your Configuration Manager Infrastructure 327
Site Servers and Site Roles 328
Security Considerations 332
Boundaries and What’s Changing 337
Performing the Migration 338
Migrating Features and Objects 338
Migrating by Feature and Dependencies 338
Migration Dependencies Configuration 339
Configuring the Active Source Site 343
Configuring Child Sites for Data Gathering 345
Migration Jobs 347
Shared Distribution Points 366
Migration Clean Up 367
Migrating Reports 369
Legacy Reports 369
SSRS Reports 369
Custom Reports 369
Client Migration and Methods 370
Background and Client Migration Concepts 370
Client Migration Strategies for Your Network 371
Troubleshooting Migration Issues 371
Summary 372
PART III: Configuration Manager Operations
Chapter 8 The Configuration Manager Console 375
Console Highlights 376
Touring the Console 376
Configuration Manager Console Panes 377
Configuration Manager Console Bars 378
Backstage 378
ConfigMgr Workspaces 379
Assets and Compliance Workspace 380
Software Library Workspace 380
Monitoring Workspace 381
Administration Workspace 383
Console Node Details 384
Console Deployment 388
Console Placement 389
Supported Platforms 389
ConfigMgr Console Prerequisites 390
Installation Using the ConfigMgr Setup Wizard 391
Unattended Console Installation 394
Role-Based Administration 395
Introducing the “Show Me” Behavior 395
Behind the Scenes 397
The Three States of Interaction 397
Connecting to a Site 398
Recent Connections 398
Clearing Recent Connections 398
Personalizing the Console 400
The In-Console Alert Experience 401
Viewing Alerts 401
Managing Alerts 402
Configuring Alerts 403
Subscribing to Alerts 404
Configuration Manager Service Manager 404
Initiating the Configuration Manager Service Manager Console 406
Operating the Configuration Manager Service Manager Console 407
Security Considerations 408
SMS Provider Permissions 409
DCOM Permissions 409
WMI Permissions 409
Troubleshooting Console Issues 411
Console Logging 411
Verify Security 412
Connectivity Issues 416
Common Problems with the ConfigMgr Console 416
Summary 417
Chapter 9 Configuration Manager Client Management 419
Discovery 419
Active Directory Forest Discovery 420
Active Directory Group Discovery 422
Active Directory User Discovery 424
Active Directory System Discovery 426
Heartbeat Discovery 427
Network Discovery 429
Manually Importing Clients into ConfigMgr 431
ConfigMgr Client Requirements 432
Hardware Dependencies 432
Software Dependencies 433
Supported Platforms 433
ConfigMgr Client Installation 435
Manual Installation 435
Installing with Logon Scripts 441
Client Push 442
Group Policy 447
Software Update Point 448
Client Approval 449
Blocking and Unblocking Clients 450
Automatically Upgrading the Client 450
Troubleshooting Client Installation 451
Client Assignment 453
Client Health 454
Client Settings 459
Defining Priority 461
Background Intelligent Transfer Device Settings 461
Client Policy Device Settings 463
Compliance Settings Device Settings 463
Computer Agent Device Settings 464
Computer Restart Device Settings 466
Endpoint Protection Device Settings 466
Hardware Inventory Device Settings 467
Network Access Protection (NAP) Device Settings 470
Power Management Device Settings 471
Remote Control Device Settings 471
Software Deployment Device Settings 476
Software Inventory Device Settings 477
Software Metering Device Settings 479
Software Updates Device Settings 481
State Messaging Device Settings 482
User and Device Affinity Settings 482
Using the Resource Explorer 483
Wake On LAN 484
WOL Prerequisites 484
Two Types of WOL 485
Configuring WOL 486
Using WOL 487
Summary 488
PART IV: Software and Configuration Management
Chapter 10 Managing Compliance 491
New and Improved in System Center 2012 Configuration Manager 493
Configuring Compliance Settings 493
Configuration Items and Baselines 495
Configuration Items 496
Configuration Baselines 512
Compliance Evaluation 517
Versioning 519
Configuration Packs 521
Exporting Configuration Items and Baselines 522
Compliance Authoring 523
Compliance Strategy 525
Reporting 526
On-Demand Results 527
Alerting 527
Remediation 528
Troubleshooting 529
Summary 531
Chapter 11 Packages and Programs 533
About Packages, Programs, Collections, Distribution Points, and Deployments 534
Packages 534
Programs 534
Collections 535
Distribution Points 535
Deployments 536
Combining the Use of Packages, Programs, Collections, and Deployments 536
Creating a Package 536
Creating a Package from the Package Definition Wizard 537
Package Properties 543
Creating a Package with the New Package Wizard 559
Custom Packages 562
Repackaging Software 562
Avoiding Common ConfigMgr Software Packaging Issues 563
Program and Package Properties 563
Testing, Testing, Testing 563
Summary 564
Chapter 12 Creating and Managing Applications 565
ConfigMgr Applications Overview 566
About Applications 566
About Deployment Types 567
About Detection Methods 569
About User Device Affinity 569
About Creating Applications 571
Creating a Windows Installer (MSI)-Based Application 571
Application Properties 576
Creating Deployment Types 591
Creating a Windows Installer-Based Deployment Type 592
Creating an Application Virtualization Deployment Type 595
Creating a Script-Based Deployment Type 599
Creating Detection Methods 602
Detection Methods for Windows Installer Applications 602
Other Detection Methods 604
Custom Script Detection Methods 607
Managing and Creating Global Conditions 610
Device Global Conditions 611
User Global Conditions 612
Custom Global Conditions 612
More About Managing Applications 617
Adding Dependencies 617
Managing Revision History 619
Exporting and Importing Applications 620
Superseding Applications 621
Retiring and Deleting Applications 622
Package Conversion Manager 623
Summary 626
Chapter 13 Distributing and Deploying Applications 627
Creating and Managing Collections 628
Direct Rule 630
Query Rule 631
Include Rule 634
Exclude Rule 634
About Incremental Updates 634
User Collections Versus Device Collections 635
About Distribution Points 635
Installing Distribution Points 637
Distribution Point Groups 640
Associating Collections with Distribution Point Groups 641
Sending Content to Distribution Points 642
Monitoring Distribution Point Status 642
Updating Content on Distribution Points 645
Refreshing Content on Distribution Points 646
Removing Content from Distribution Points 646
Validating Content 647
Using BranchCache 647
Preferred Distribution Points 648
Prestaging Content 648
Importing and Exporting Content 652
Troubleshooting Content Distribution 654
About the Content Library 654
Deploying Packages and Applications 654
End User Experience 660
Software Center 660
Application Catalog 662
Monitoring and Troubleshooting Deployments 665
Simulated Deployments 667
Summary 667
Chapter 14 Software Update Management 669
What’s New in 2012 670
Planning Your Update Strategy 670
Incorporated Tools 672
The Windows Update Agent 673
Windows Software Update Services 673
Preparing for Software Updates with ConfigMgr 674
Prerequisites for Software Updates 674
Software Update Points 676
Client Settings 687
Group Policy Settings 689
Software Update Building Blocks 692
All Software Updates 692
Software Update Groups 696
Update Deployments 698
Update Templates 703
Deployment Packages 704
Automatic Deployment Rules 706
Maintenance Windows 708
Superseded Updates 711
The Software Updates Process in Action 711
Software Update Decisions, Design, and Workflow 714
Compliance Scanning 716
End User Experience and Interaction 717
Notifications 717
Updates and Software Center 718
Update Installation 720
System Restarts and Restart Notifications 721
Monitoring Software Updates 723
Individual Update Status 723
Update Deployment Status 723
Reporting 724
A Super-Quick Walkthrough 724
Troubleshooting Software Updates 725
WSUS and SUP 725
Downloading Updates 726
Client Update Scanning and Deployment 727
Beyond the Built-In Update Process 727
System Center Update Publisher 728
SCUP Installation 728
SCUP Configuration 729
Catalogs 733
Publications 735
Updates 735
Custom Updates 737
Rules 741
Quick Walkthrough 742
Using NAP to Protect Your Network 742
NAP Prerequisites 742
Agent Settings 744
System Health 744
Client Compliance 747
Remediation 748
Summary 748
Chapter 15 Mobile Device Management 751
Planning for Mobile Device Management 752
Overview of Mobile Device Management 753
Light Management 753
Exchange Server Connector 754
Access Rules 762
Troubleshooting Light Management 764
Working with Devices 764
End User Experience 767
In-Depth Management 768
Public Key Infrastructure 771
Heartbeat Discovery 771
Mobile Device Management Site Roles 772
Client Settings 775
Enrolling Mobile Devices 779
Software Deployment 780
Compliance Settings 782
Reporting 782
Partner Extensibility 783
Summary 784
Chapter 16 Endpoint Protection 785
Prerequisites for Endpoint Protection 787
Planning and Considerations 788
Creating Custom Client Settings and Antimalware Policies 788
Deciding from Where to Update and When 789
Deploying to a Test Collection First 789
Categorizing Client Remediation Status 790
Targeting Collections with Custom Antimalware Policy and Client Settings 790
Installing the Endpoint Protection Role 792
Configuring the SUP for Endpoint Protection 797
Configuring the SUP to Synchronize Definition Updates 797
Creating Auto Deployment Rules for Definition Updates 799
Working with Antimalware Policies 804
Understanding the Default Antimalware Policy 804
Creating Custom Antimalware Policy 807
Importing and Merging Antimalware Policies 808
Configuring Alerts for Endpoint Protection 809
Configuring Email Notification 810
Configuring Alerts for Device Collections 812
Configuring Alert Subscriptions 813
Configuring Custom Client Device Settings for Endpoint Protection 814
Deploying Endpoint Protection Custom Client Agent Settings 815
Monitoring Status in Endpoint Protection 816
Configuring Collections to Appear in Collection View 816
Security State View for the Selected Collection 816
Operational State View for Clients and Computers in the Selected Collection 818
Performing On-Demand Actions for Malware 819
Reporting in Endpoint Protection 820
Creating and Deploying Windows Firewall Policies 823
Understanding the Endpoint Protection Client 824
Installing the Endpoint Protection Client 827
Understanding Endpoint Protection Client Settings 827
Communication Between the Client and the Server 829
Automatic Removal of Antimalware Software 829
Removing the Endpoint Protection Client 830
Delivery of Definition Updates 830
Summary 831
Chapter 17 Configuration Manager Queries 833
Introducing the Queries Node 834
Organizing the Query List Pane 835
Viewing Queries and Query Results 837
Creating Queries 838
WMI Query Language 838
Objects, Classes, and Attributes 839
ConfigMgr Query Builder 841
Criterion Types, Operators, and Values 846
Criterion Types 846
Operators 848
Values 850
Writing Advanced Queries 851
Limitations of Extended WQL in ConfigMgr 852
Utilizing the Date and Time Functions in WQL Queries 853
Examples of Advanced Queries 854
Converting WQL to SQL 857
Relationships, Operations, and Joins 858
Querying Discovery Data 860
Querying Inventory Data 861
Using Query Results 863
Exporting Query Results to a Text File 863
Importing and Exporting Queries Between Sites 863
Creating a Collection Based on Query Results 866
Status Message Queries 866
Viewing Status Messages 867
Creating Status Message Queries 868
Summary 870
Chapter 18 Reporting 871
SQL Server Reporting Services Overview 871
Implementing SSRS 872
SQL Server Version Selection 872
Server Placement Options 872
SSRS Installation 873
SSRS Configuration 876
Backing Up SSRS 882
Reporting Best Practices 884
Interacting with Reports from the Console 885
Search Capability 885
Running Reports 886
Creating Subscriptions 887
Managing SSRS Report Security 890
Creating a Report 890
Authoring Custom Reports 893
Development Tool Selection 893
Building a Custom Report 893
Interactive Features 902
Advanced Reporting Techniques 903
Advanced Custom Report Example 904
Authoring Best Practices 912
Built-in ConfigMgr Reports 912
Troubleshooting SSRS 945
SSRS Logs 945
Report Server Event Errors 946
Optimizing SSRS Performance 949
Subscriptions 950
Report Caching 950
Report Snapshots 950
Report Timeout Values 950
Performance Best Practices 951
Reporting on Reporting Services 951
System Center Data Warehouse 957
Summary 958
Chapter 19 Operating System Deployment 959
What OSD Does 960
What’s New in OSD 961
Deployment Scenarios 963
Tools Incorporated into OSD 965
Sysprep 965
Windows Auto mated Installation Kit 966
User State Migration Tool 968
OSD Phases 968
Planning 969
Preparation 969
Creation 970
Testing 970
Productionization 970
OSD Building Blocks 970
Drivers 971
Driver Packages 975
Operating System Images 976
Operating System Installers 976
Boot Images 977
Task Sequences 984
Site System Roles 1020
Distribution Points 1020
State Migration Point 1025
Driver Management 1030
Drivers in the Image 1031
Drivers After the Image 1031
User State 1032
USMT 1034
Computer Associations 1036
User State Without SMP 1038
Image Operations 1039
Image Creation 1039
Image Upkeep 1044
Offline Software Updates 1045
Image Deployment 1047
User Device Affinity 1049
Deployment Challenges 1050
Application Compatibility 1051
User Data 1052
Image Maintenance 1052
Hardware Considerations 1054
Monitoring Task Sequence Deployments 1057
Update Deployment Status 1057
Reporting 1058
Troubleshooting 1058
Command Line Support 1058
The Smsts.log File 1060
Windows Setup Log Files 1061
Troubleshooting USMT 1061
Summary 1061
PART V: Administering System Center Configuration Manager
Chapter 20 Security and Delegation in Configuration Manager 1065
Planning for Security and Delegation 1065
ConfigMgr Security Solutions 1067
Role-Based Administration 1068
Managing Administrative Users 1069
Security Roles 1070
Security Scopes 1074
Associating Security Scopes and Collections with Individual Roles 1077
Administrative Security Reports 1078
RBA Under the Hood 1079
Preventing Unauthorized Access to ConfigMgr 1084
Securing Access at the Active Directory Level 1084
Securing Access at the Database Level 1085
Auditing ConfigMgr Administrative Actions 1086
Securing the ConfigMgr Infrastructure 1089
Building Security into Your Hierarchy 1089
Securing Site Systems 1090
ConfigMgr Cryptographic Controls 1096
ConfigMgr Network Security 1097
ConfigMgr Content Security 1115
Securing ConfigMgr Accounts 1116
Summary 1123
Chapter 21 Backup, Recovery, and Maintenance 1125
Performing Site and SQL Server Backups 1125
Backing Up ConfigMgr 1126
Restoring ConfigMgr Backups 1129
Site Maintenance Options 1136
Using Backup and Restore to Migrate to New 1139
SQL Replication 1140
Monitoring SQL Replication 1140
Replication Link Analyzer 1143
Alerts for SQL Replication 1144
Site Maintenance 1145
Site Maintenance Tasks 1145
DDR Retention 1155
Obsolete Records 1162
How a Record Can Be Marked Obsolete 1163
Database Maintenance 1165
Making the Status Message System Work for You 1166
Maintaining Status Data 1167
Status Filter Rules 1169
Status Summarizers 1172
Monitoring Configuration Manager with Operations Manager 1174
Services and Descriptions 1175
Summary 1176
PART VI: Appendixes
Appendix A Configuration Manager Log Files 1179
Related Documentation 1180
Viewing Log Files 1180
Enabling Logging 1181
Client Logs 1183
Server Logs 1188
Functionality Logs 1194
Software and Application Installation Logs 1207
Log File Mining 1209
Appendix B Extending Hardware Inventory 1211
How to Extend Hardware Inventory 1212
Example of Extending Inventory 1213
Creating a Device Collection 1223
Appendix C Reference URLs 1225
General Resources 1225
Microsoft’s Configuration Manager Resources 1229
Other Configuration Manager Resources 1234
Blogs 1235
Microsoft System Center 1237
Public Forums 1237
Utilities 1238
Appendix D Available Online 1241
SQL Profiler Template 1241
Top 10 Most Executed Reports Query 1241
OSD Starter Scripts 1241
Live Links 1242
Index 1243