MMS 2011–Settings management (AKA DCM)

  • Key concepts
    • Baseline – group of CI’s
    • CI’s – definition of the settings and rules
  • User and Device targeting of baselines
    • if the baseline is deployed to a ‘User’ there is an option to evaluate the baseline on every device the user logs on OR the user’s primary device
  • Automatic remediation!!!
    • only for the following
      • Registry – create the key or modify value
      • WMI and script based settings
        • If the above comes back non-compliant an administrator can define a ‘fix’ script
      • mobile settings
    • * have to select the remediation in the CI and the baseline *
  • Can easily create CI’s by browsing to a “Gold System” and generating them
    • can only browse file and registry system types from local or remote machine
  • CI’s can be created for Windows system or Mobile Systems

MMS 2011–Software Update Management

  • can now control how long before an update is expired after it has been superseded.
    • example:  Do not expire a superseded update until after ‘X’ many months
  • Security scopes and rules are now definable!

MMS 2011– Converting Existing Software Packages into the ConfigMgr 2012 Application Model

  • 2012 App Model
    • Virtual containers that contain end user metadata and administrator properties
    • Deployment Types
      • App-V
      • Scripts
      • MSI
      • Mobile Cab
    • Requirement rules
      • platform
      • hardware requirements
      • Utilizes DCM to determine applicability
    • Dependencies
      • What other applications are required in order to install
    • detection method
      • How to identify if the application is present
      • can be product code, file version, registry location
    • Content
      • source files
      • installation options
  • Application Feature Mapping from SCCM 2007 to SCCM 2012
    • Package and Programs = Application and Deployment Type
    • Advertisement = Deployment
    • Collection Rules = Requirement Rules and Global Conditions
    • Run Advertised Programs = Software Center
    • New feature – User Device Affinity (UDA)
    • New feature – Software Catalog
  • Best Practices BEFORE migration
    • In SCCM 2007
      • start using platform requirements
      • User UNC patch for Source Location
      • Use only MSI’s with one unique PID
  • Migration Options
    • Do nothing – keep packages and programs
    • Manually Convert
    • Convert using Package Conversion Manager

MMS 2011–Migrating from SCCM 2007 to SCCM 2012

  • Side by Side upgrade only. 
    • great opportunity for a hardware refresh and start with a clean environment
  • SCCM 2012 has a built in migration tool with reporting
    • migration of object
    • migration of client
    • minimize WAN impact
    • assist with flattening hierarchy Plan
    • look at current design.  Flatten hierarchy if necessary
    • Ensure that SCCM 2007 SP2 is installed on all site servers and clients
    • SCCM 2012 requires Sever 2008 (x64) and SQL 2008 SP1 (x64) (cumulative update 10)
  • Deploy
    • Install SCCM 2012 site
    • configure Software update point and sync
  • migrate
    • Using the migration feature, specify top level site of the SCCM 2007 hierarchy
      • once the connection is configured, SCCM 2012 will check SCCM 2007 every four hours to keep data accurate for migration jobs and retrieve package status from DP’s
      • create one migration for each SCCM 2007 Primary site in your hierarchy
    • Object Migration by type / instance
      • cherry pick what object to migrate
      • can migrate objects that where modified (on SCCM 2007) after they were migrated to SCCM 2012
    • Collection Migration
      • include all related objects for a collection and all object targeted to the members of the selected collection
      • can exclude collections
    • object supported for migration
      • Collections (NOT empty ones)
      • advertisements
      • boundaries
      • packages and virtual application placates
      • software updates
      • OSD
      • settings
    • Distribution Point sharing
      • utilize existing SCCM 2007 DP’s in SCCM 2012 (only for objects that you have migrated)
    • Can now (with SCCM 2012 Beta 2) upgrade 2007 DPs
      • content of migrated packages converted to SCCM 2012
      • can’t have any other site system roles on the DP.  This will be addressed in the future
      • need double the amount of disk space used to convert
      • BDP’s can’t be upgraded
    • Secondary Sites need to be uninstalled and re-installed to SCCM 2012
      • consider replacing Secondary Sites with DPs
    • All other site system roles need to be uninstalled and reinstalled to SCCM 2012
  • Client Migration
    • Clients retain execution history (so that advertisements don’t rerun!)
    • minimum supported clients:  XP SP2, Server 2003 SP2, Windows 7 and Server 2008 RTM
    • Inventory does not get migrated
  • Migration Reports are available through SSRS
  • Packages can only be migrated as long as they are using a UNC for their source location
  • OSD migration
    • OS image / package
    • task sequences
    • drivers and packages
    • Boot images are NOT migrated
    • SCCM Client installation package is NOT migrated
  • DCM migration
    • CI’s and Baselines are migrated as a new version in SCCM 2012
    • ability to import Config Packs
  • Other object that can be migrated
    • Software metering rules
    • Search and Admin folders
  • Reports
    • Reports must be manually exported to RDL files.
    • SSRS is the only reporting mechanism

MMS 2011–Config Manager 2012 Deployment and Infrastructure Technical Overview

Main reason for Secondary Sites

    • Manage upward flowing WAN traffic
    • Tiered secondary sites for deep network topologies
  • When do you need a DP?
  • When DON’T you need a DP
    • when BITS provides enough control for WAN
    • Brachcache is enabled
  • Only one type of DP.  No more BDP’s!
    • DP’s include Multicast and PXE options
    • Schedule throttling
    • IIS is required on all DP’s
    • can manually copy the content to DP’s
  • Forest Discovery (NEW)
    • Disocover domains, sites and subnets
    • new discovery process:  AD Forest Discovery
    • subnets and / or AD Sites are assigned to a Boundary Group.  The clients are assinged to boundary groups.
    • can assing DP’s to subnets and / or AD Sites (kind of like a protected system)
  • Why do you need a Central Administration Site
    • If there is more than one Primary site
    • If you want to offload administration and reporting from the Primary site
  • How data gets replicated
    • Content – software packages, updates, boot images
      • Replication Type – File based to primary, secondary and / or distribtuion points
    • Site Data – collection members, HINV, alerts, etc
      • Replcaiton type – SQL
    • Global Data – collection rules, package metadatea, software updates metadata
      • Repliation type – SQL
  • No more SMS_DEF.MOF (you can still import MOF files though)
    • You can select the default WMI Classes to inventory as well as select collection specific WMI Classes
    • You can add WMI classes from ANY WMI Namespace!
  • Security rights are now inheirited.  It’s about time!

MMS 2011–Configuration Manger 2012 Technical Overview

User Centric

  • Used to manage a user on a device.  Now it is a state based design, for aps, deployment and content. 
  • Full application lifecycle mode.  Install revisions, supersecdence and uninstall
  • build a relationship between user systems
  • application model
    • required applications – reinstall if missing
    • prohibited application – uninstall if detected
    • requirement rules – evaluated at install
    • dependencies  – relationship with other apps
    • supersedence
    • revision management
  • Web based ‘software catalog’
    • my business hours – used to control when to install software
    • presentation mode – do not install or notify while presenting
    • remote control – users can control their experience
  • Applications
    • will have both install and uninstall methods
    • Can now have custom return codes!
  • Role based administration
    • class rights = security roles
    • instance permissions = security scopes
    • site specific resource permissions = collection limiting
  • What’s new in collections
    • Device collections
    • User collections
    • can not mix the above into one collection
    • reduce complexity of collection rules.  Exclude and include rules. 
    • Folders!!!!
    • Um…no more sub collections.
  • Replication between sites will be done using SQL Replication.  File based replication will be reserved for Distribution objects (mostly)
  • Why do I need a SCCM 2012 Primary Site
    • More than 100,000 clients
    • politics!
    • local point of connectivity for administration (though, the Central Administration Site should be used instead)
  • No more branch DP’s!!!  DP’s can be installed on clients and servers now!
    • Also, have the ability to deploy content to a DP group.  Well, that’s not new.  OK, how about brining up a new DP and you want it to have the same content as other DP’s in a group.  Just add it to the group!

MMS 2011–SCCM State of the Union

The Past Year

  • Config Mgr 2007 R3
    • Supports 300,000 machines
    • Delta discovery for AD
    • Power Management
  • Asset Intelligence
    • over 20k new titles each month
  • Forefront Endpoint Protection
  • Security Compliance Manager (SCM)
    • Version 2.0 = RTM May 2011
    • Golden master – snapshot and import GPO’s
    • monitor drift and compliance
    • Uses DCM as its core
  • Opalis is now System Center Orchestrator
    • Orchestration and automation tool
    • workflows
    • integration with all System Center products and 30 3rd party apps
      • Integration in Config Manager includes 12 built-in actions
  • Citrix XenApp integration with Config Manager
  • Adobe support

The Upcoming Year

  • Beta 2 for Config Manager 2012
    • SUM – Auto deployment of updates on schedule
    • Power Management – exclude virtual machines, all end-user to “opt out”
    • Collections – new include/exclude rules, organizational folders (HOLY COW!) incremental evaluation
  • Role Based Administration
  • You can now run two SCCM consoles at once with different credentials
  • Hey, guess what?  CTRL-ALT-DEL is back!
    • The remote keyboard and mouse can now be locked
  • Global Search – search throughout the entire SCCM console!
    • can get information and edit straight from Global Search
  • New feature in Beta 2 has a ‘supersede ’ option for applications
  • New monitoring tool allows for a Site Hierarchy map.  You can even have a map of the world and show where the servers are!
  • Video on how Microsoft rolled out Config Manager 2012 clients http://technet.microsfot.com/en-us/systemcenter/gg696074
  • Go to http://connect.microsoft.com for how-to-videos. 
    • They should be on TechNet as well.
  • New DCM packs
    • SQL Server 2008 R2
    • Exchange e2010
    • SharePoint 2007
    • Server 2008 R2 IIS, DHCP, TS
    • RTM – May 2011
  • Install shield and AdminStudio will have full integration 90 Post RTM Config Manager 2012
  • SCCM 2012 console uses the RIBBON.  WHO, WHO DOESN’T WANT TO WEAR THE RIBBON?
  • Package conversion manager
    • Converts packages to the SCCM 2012 model
    • CTP available to TAP customers
    • Beta in 2nd quarter CY 2011
  • ConfigMgr 2012 SDK Beta – Q2 2011
  • Powershell support coming…..keep waiting…wait for it….
  • SCUP 2011 – more better.
  • Config Manger 2012 will support and mange UNIX and Linux servers.
    • will not be available until “some month”  after SCCM 2012 RTM

Advertising a 64 bit Powershell script

Did you know that you can not use Advertisements to run a 64 bit Powershell script?

Example:

  • You create a package with no source files
  • You create a PowerShell script and place it in a location on the target computers.  Let’s say C:\PleaseRun\PowershellScript.ps1
  • You create a program that Starts In “C:\WINDOWS\system32\windowspowershell\v1.0” and the command line “powershell.exe -file C:\PleaseRun\PowershellScript.ps1”
  • You advertise the above and notice that when the advertisement runs you see Powershell32.exe in the task manager

At this point you are pulling your hair out and wondering if you are WINNING DUH, or losing.  Well, you are losing.  But don’t fear because there is a solution.

Create a TASK SEQUENCE!

  • Run a command line
  • Command line would read (if using the above example) C:\WINDOWS\system32\windowspowershell\v1.0″ and the command line “powershell.exe -file C:\PleaseRun\PowershellScript.ps1
  • Start in:  %windir%\System32\WindowsPowerShell\v1.0\
  • DISABLE 64-BIT FILE SYSTEM REDIRECTION

As my good friend Lu would say “viola”  (however, she really means is voila)

You are now WINNING DUH!  Good job.