The document provides an overview and agenda for a presentation on System Center Configuration Manager 2012 and Forefront Endpoint Protection 2010. It discusses default migration scripts in the User State Migration Toolkit (USMT) 4.0 and how they are designed to precisely define migrations. It also summarizes what user data USMT migrates by default, including folders from user profiles and common file types. The rest of the document outlines topics that will be covered in the presentation, including Windows Update integration in SCCM, custom update publishers, and desired configuration management.
1. Nicolai Henriksen
Chief Infrastructure Architect
VELKOMMEN TIL TECHNET LIVE
SYSTEM CENTER OG FOREFRONT
Nicolai.Henriksen@ErgoGroup.no DEL2
2. Agenda
• Del 1
– Configuration Manager 2007 SP2 R3
– Forefront Endpoint Protection 2010
– OS Deployment Best Practise
• Del 2
– Windows Update Integrated in SCCM
– Custom Update Publisher
– Desired Configuration Management
3. • Default Migration Scripts
USMT
• User State Migration Toolkit (USMT) 4.0 is designed so that an IT engineer can precisely define
migrations using the USMT .xml scripting language. USMT provides the following sample
scripts:
• MigApp.XML. Rules to migrate application settings.
• MigDocs.XML. Rules that use the MigXmlHelper.GenerateDocPatterns helper function can
be used to automatically find user documents on a computer without the need to author
extensive custom migration .xml files.
• MigUser.XML. Rules to migrate user profiles and user data.
MigUser.xml gathers everything in a user’s profile and then does a file name extension- based
search of most of the system for other user data. If data does not match either of these
criteria, the data will not be migrated. For the most part, this file describes a “core” migration.
The following data does not migrate with MigUser.xml:
– Files outside the user profile that do not match one of the file name extensions in MigUser.xml.
– Access control lists (ACLs) for folders outside the user profile.
4. • User Data
• This section describes the user data that USMT migrates by default, using the
MigUser.xml file. It also defines how to migrate access control lists (ACLs).
• Folders from each user profile. When you specify the MigUser.xml file, USMT migrates
everything in a user’s profiles including the following:
My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick
Launch settings, and Favorites.
• Folders from the All Users and Public profiles. When you specify the MigUser.xml file,
USMT also migrates the following from the All Users profile in Windows® XP, or the
Public profile in Windows Vista® or Windows® 7:
Shared Documents, Shared Video, Shared Music, Shared desktop files, Shared Pictures,
Shared Start menu, and Shared Favorites.
• File types. When you specify the MigUser.xml file, the ScanState tool searches the fixed
drives, collects and migrates files that have any of the following file name extensions:
.accdb, .ch3, .csv, .dif, .doc*, .dot*, .dqy, .iqy, .mcw, .mdb*, .mpp, .one*, .oqy, .or6, .pot*,
.ppa, .pps*, .ppt*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl*, .vsd,
.wk*, .wpd, .wps, .wq1, .wri, .xl*, .xla, .xlb, .xls*.
• http://technet.microsoft.com/en-us/library/dd560792(WS.10).aspx
5. • Windows Update integrated
– Mer avansert, flere muligheter,
• Custom Update Publisher
– HP, Dell, Citrix, Adobe,
• Desired Configuration Management
– Gir en helt annen kontroll over maskiner.
7. Migrering
In the past the easiest way of migrating SMS 2003 to SCCM 2007
was a side by side migration. With SCCM 2012 things are going to
change for the best, the very best!
With the new Migration Feature in SCCM 2012 the CM Team wants to reach the following
goals:
• Assist with the migration of Objects
• Assist with the migration of Clients
• Minimize WAN impact
• Assist with flattening of the hierarchy
• Maximize reusability of x64 server hardware
• The migration process of SCCM 2007 to SCCM 2012 can be split up in three phases: Plan,
Deploy and Migrate.
Plan:
• Assess current environment
• Test/Proof of Concept
• Design
• Requires SCCM 2007 SP2
• SCCM 2012 requirements: Windows 2008 x64, SQL 2008 x64 (sp1 & cumulative update 10)
8. • Deploy:
• Setup initial SCCM 2012 site(s)
• Configure Software Update Point and Synchronize Updates
• Setup server roles
• Make sure the hierarchy is operating and software deployment works
• Migrate:
• Enable data gathering process to acquire information from the existing SCCM 2007
environment
• Migrate objects
• Migrate Clients
• Migrate DP
• Uninstall Configuration Manager 2007 sites
• Rinse & Repeat
Migration rules and prepare your environment:
• Never use the same Site Code in the SCCM 2007 and SCCM 2012 environments
• Always use UNC paths as packet sources for packages
• Avoid mixing user and devices in one collection, this is not supported anymore
• Don’t use collections with multiple query rules
9. Microsoft Mobile device Management
There are two sorts of mobile device management in SCCM, light mobile device
management and depth mobile device management.
Single “pane of glass” for managing desktops, servers, mobile devices;
Exchange connector
Depth management of WinCE 6.0, WM 6.0/6.1, WP 6.5 and Nokia Symbian based
devices
Secure over the air enrollment
Monitor and remediate non-compliant devices
Deploy applications and configuration policies to users or devices
Mobile VPN is not required anymore to connect to the Device Management
environment
Exchange Connector for SCCM 2012
Light Mobile device management via Exchange connector:
Provides a single pane of glass for all assets in the enterprise
Transfers mobile device administrator from exchange to SCCM
Rich inventory and reporting experience
Define organization level ActiveSync Policy
Device wipe
Supports Exchange 2010 and hosted Exchange
Supports all EAS capable devices including WP7, Symbian, IOS, Android, Palm, etc.
10. New Features for software distribution
Application Model
Incorporates all supported software types (MSI, Script, App-v, Mobile Cab)
Greatly improved dependency handling
Installation requirements rules
Installation detection methods
Application supersedence
Application uninstall
User devices affinity
Unified monitoring experience
Content Management
Distribution Points Groups
Content Library
Improved content monitoring experience
Application distribution/ deployment process for mobile devices:
Create Application with more deployment types.
Create / get policy for application required apps
Only required apps are supported
Get source from DP
Install
Report back to MP
11. Application Deployment
The way of deploying applications with System Center Configuration Manager 2012 is
different than all earlier versions of SCCM or SMS. In SMS or SCCM you could deploy
packages which were scripts, MSI’s or App-v applications. The package included normally
one deployment type per application. In the twenty twelve version of SCCM a single
application can include multiple deployment types that represent a deployment for a
different platform.
• Windows Installer (native MSI )
• Script Installer
• Microsoft Application Virtualization
• Windows Mobile Cabinet
• Nokia SIS/JAR
• RDP
• Terminal Services
• Citrix
When creating an application with more deployment types, you are able to see all the
deployment types, dependencies and requirements in one nice flowchart.
12. Updates
Configuration of Software Updates in SCCM 2012
Superseded update support
Superseded updates: publisher (MS) can expire update
Not automatically expire superseded updates
You can Change settings at Software Update Point (automatically
manage superseded updates or allow to deploy automatically
superseded updates (time limited)
Software Update Management (SUM) Admin role with RBA
SUM admin can do specific actions (role) on a specific set of objects
(scope)
You can assign a SUM admin rights to only just the server collection
or collection with only workstations to manage their updates.
Client agent settings
You can change Client Settings on Collections, so you can create
different client settings for for instance Software Update Settings. All
Client Agent Settings can be managed for groups of devices.
13. Migrating from CM07
Migrating all the work you put into CM SUM objects
Reuse templates or searches already built
Preserve existing update lists or deployments
Persist
Update List is Update groups without deployment
Deployments are migrated via Collection Migration and are migrated to Update
groups and deployments packages
Software Update Point (SUP) configurations for products and classifications must be the
same on CM07 and CM12
Deployment
Simplified update groups (aggregation of update list)
Improved search to find updates
Update groups replace lists and deployments
New updates added to groups automatically deployed
Groups can be used for compliance or deployed (you can create an update group that is
not being deployed but used for compliance)
Use criteria search
Every updates has statistics about the updates (installed/(not) required/unknown)
Same as WSUS
Create from Search a Software Update Group
Edit Memberships
Create Deployment package
The statistics are out of the box in console monitoring, nice feature!
14. Automated deployments
Automatic approval of selected updates
Scheduled or manually run
Useful for both Patch Tuesday and Forefront Endpoint
Protection
Updates created by rules are interactive (rules are
Deployments van be enabled/disabled
Deployment van be added / removed from groups
Updates van be added / removed from groups
15. Configuration Manager 2012
Users can connect from anywhere, on
any device they choose
Enables IT to provide a flexible work Allow remote access of managed
environment and always think user Integrates mobile device machine
first management to deliver unified
client management
Automatically detects system
conditions and configurations to Unified and partitioned view for
deliver the most appropriate services administrators reduces training
costs
17. Administrator Experience
• Common look
and feel across
System Center
products
• Improve
discoverability
• Only show what
is relevant
• Complete
scenarios within
the console
18. Role-Based Administration
• Simplified administration of security
permissions
– Security Role
• Group sets of permissions together that collectively define an
administrative span of control
• e.g. Read Program + Deploy Program + Read Collection +
Advertise to Collection = Software Distribution Administrator
• Supports assignment of Security Roles to Users, once in a
hierarchy
• Also supports instance level controls
– ConfigMgr provides out-of-the-box Security
Roles
– Supports custom Security Roles
• Removes clutter from the console
– Supports “Show me what’s relevant to me” based
on my Security Role and Scope
19. Infrastructure Changes
• ConfigMgr 2007 scenarios where unique primary site
needed:
– Create tiered primary sites so content distribution and client
inventory and status wouldn’t kill my WAN
– Create separate primary sites (or hierarchies!) because different
server and desktop client agent settings are needed
– Create a primary site so individual admins only see the data they
need to see
• ConfigMgr 2012 will allow admin’s to minimize and
consolidate ConfigMgr 2007 infrastructure
– Primaries are needed for scale out only
– Options for content distribution: Secondaries, DPs with
throttling/scheduling, BranchCache, Branch DP
– Client agent settings configurable by collection
– Data Segmentation via Role Based Access Control
20. Infrastructure Changes
• Improved Distribution Point Groups
– Manage content distribution to individual Distribution Points or
Groups
– Content automatically added or removed from Distribution Points
based on Group membership
– Associate Distribution Point Groups with a collections to automate
content staging for software targeted to the collection
• Enhanced investment in SQL technologies
– New replication methods for site to site communications
– Only supporting SQL Server Reporting Services
21. Client Health
• Server-side metrics covering policy requests,
HW & SW Inventory, Heartbeat DDRs and
Status Messages
• Customizable monitoring/remediation for:
– Client prerequisites
– ConfigMgr client reinstallation
– Dependent Windows Services
– WMI Repository, Namespace, Class, and Instance
health evaluation and repair
• In-console alerts when healthy/unhealthy
ratio drops below configurable threshold
22. Operating System Deployment
• Offline Servicing of Images
– Support for Component Based Servicing compatible updates
– Uses updates already approved
• Boot Media Updates
– Hierarchy wide boot media – no longer need one per site
– Unattended boot media mode – no longer need to press
“next”
– Use pre-execution hooks to automatically select a task
sequence – no longer see many optional task sequences
• USMT 4.0 - UI integration and support for hard-link, offline
and shadow copy features
24. ConfigMgr 2012 Readiness Tips
• Minimum System Requirements:
– Site servers and site roles require 64-bit OS (distribution points are an exception)
• Branch DPs can run on any 2012-supported client OS
• Standard DPs can run on Windows Server 32-bit but will not support advanced functionality
– Windows Server 2008 (64-bit)
• Distribution points can run on Windows Server 2003
– SQL Server 2008 SP1 with CU6 (64-bit)
– SQL Reporting Services is ONLY reporting solution
• Hierarchy Helpers
– Flatten your ConfigMgr 2007 hierarchy
– Start implementing BranchCache™ with ConfigMgr 2007 SP2
– Start learning about SQL replication
– Best practices - AD Sites for site boundaries, UNC paths for source content, Break up
collections that contain both users and devices
• App Model Helpers
– State based apps need detection methods
• Tip: Use App CI’s today for your apps to learn about this. SCUP is also a good tool for this
– Rules vs Queries
• Tip: Use DCM today to learn how to author settings and rules as experience will be the same
25. 2 X Kr per
Host OSE ML
Server Management Suite + 4 OSE ML
0 Kr
Server Management Suite
voksende
0 Kr Server Management
Server Management Suite
voksende Suite Enterprise (SMSE)
2 X Kr
0 Kr Per Host OSE ML
Server Management Suite
voksende + 4 OSE MLs
0 Kr
Server Management Suite
voksende Med SMSE: 2 X Kr
26. Server Management Suite Datacenter lisensering
spar kostnader for kunder med tung virtualisering
SMSD tillater kunder til å administrere og kontrollere tungt virtualiserte
workloads med full Systems Management evne uten voksende kostnader
Server Management 2.4 X NOK per 2-proc
Suite Datacenter (SMSD) Ubegrenset OSE MLs
$0 voksende
SMSD
$0 voksende
SMSD
$0 voksende Server Management
SMSD
Suite Datacenter (SMSD)
$0 voksende
SMSD
$0 voksende
2.4 X NOK per 2-proc
SMSD server
$0 voksende
SMSD Ubegrenset OSE MLs
$0 voksende
SMSD
$0 voksende
SMSD
$0 voksende
SMSD