Listing the frequently asked questions on the features of configuration manager 2012 .This might be beneficial to you to know about its features and difference with its previous version of configuration manager 2007.
Yes. The Configuration Manager console is a 32-bit program that can run on a 32-bit version of Windows and on a 64-bit version of Windows.
Sites and Hierarchies :
No. The Active Directory schema extensions for System Center 2012 Configuration Manager are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for System Center 2012 Configuration Manager.
System Center 2012 Configuration Manager introduces changes to both primary and secondary sites while the central administration site is new site type. The central administration site replaces the primary site referred to as a central site as the top-level site of a multi-primary site hierarchy. This site does not directly manage clients but does coordinate a shared database across your hierarchy, and it is designed to provide centralized reporting and configurations for your entire hierarchy.
No. In System Center 2012 Configuration Manager you cannot change the parent relationship of an active site. You can only add a site as a child of another site at the time you install the new site. Because the database is shared between all sites, joining a site that has already created default objects or that has custom configurations can result in conflicts with similar objects that already exist in the hierarchy.
With System Center 2012 Configuration Manager, primary sites have changed to support only secondary sites as child sites, and the new central administration site as a parent site. Unlike Configuration Manager 2007, primary sites no longer provide a security or configuration boundary. Because of this, you should only need to install additional primary sites to increase the maximum number of clients your hierarchy can support, or to provide a local point of contact for administration.
In System Center 2012 Configuration Manager, secondary sites require either SQL Server, or SQL Server Express to support database replication with their parent primary site.
Database replication uses SQL Server to quickly transfer data for settings and configurations to other sites in the Configuration Manager hierarchy. Changes that are made at one site merge with the information stored in the database at other sites. Content for deployments, and other file-based data, still replicate by file-based replication between sites. Database replication configures automatically when you join a new site to an existing hierarchy.
Active Directory Forest discovery is a new discovery method in System Center 2012 Configuration Manager that allows you to discover network locations from multiple Active Directory forests. This discovery method can also create boundaries in Configuration Manager for the discovered network locations and you can publish site data to another Active Directory forest to help support clients, sites, and site system servers in those locations.
Yes. System Center 2012 Configuration Manager applies a hierarchy-wide set of default client settings (formerly called client agent settings) that you can then modify on clients by using custom client settings that you assign to collections. This creates a flexible method of delivering customized client settings to any client in your hierarchy, regardless of the site it is assigned to, or where it is located on your network. For more information, see How to Configure Client Settings in Configuration Manager.
Configuration Manager supports site-to-site (intersite) communication when a two-way forest trust exists between the forests. Within a site, Configuration Manager supports placement of site system roles on computers in an untrusted forest. Configuration Manager also supports clients that are in a different forest from their site’s site server when the site system role that they connect to is in the same forest as the client. For more information, see the Planning for Communications Across Forests in Configuration Manager section in the Planning for Communications in Configuration Manager topic.
System Center 2012 Configuration Manager has replaced the native mode site configuration in Configuration Manager 2007 with individual site system role configurations that accept client communication over HTTPS or HTTP. Because you can have site system roles that support HTTPS and HTTP in the same site, you have more flexibility in how you introduce PKI to secure the intranet client endpoints within the hierarchy. Clients over the Internet and mobile devices must use HTTPS connections.
For more information, see the Planning a Transition Strategy for PKI Certificates and Internet-Based Client Management section in the Planning for Security in Configuration Manager topic.
Use the following procedure to configure the Network Access Account:
1. In the Administration workspace, expand Site Operations, click Sites, and then select the site.
2. On the Settings group, click Configure Site Components, and then click Software Distribution.
3. Click the Network Access Account tab, configure the account, and then click OK.
Only Configuration Manager 2007 sites with SP2 are supported for migration.
Several important changes introduced with System Center 2012 Configuration Manager prevent an in-place upgrade; however, System Center 2012 Configuration Manager does support migration from Configuration Manager 2007 with a side-by-side deployment. For example, System Center 2012 Configuration Manager is native 64 bit application with a database that is optimized for Unicode and that is shared between all sites. Additionally, site types and site relationships have changed. These changes, and others, mean that many existing hierarchy structures cannot be upgraded. For more information, see Migrating from Configuration Manager 2007 to System Center 2012 Configuration Manager
Typically, you will migrate data from Configuration Manager 2007 over a period of time that you define. During the period of migration, you can continue to use your Configuration Manager 2007 hierarchy to manage clients that have not migrated to System Center 2012 Configuration Manager. Additionally if you update an object in the Configuration Manager 2007 hierarchy after you have migrated that object to System Center 2012 Configuration Manager, you can re-migrate that object again up until you decide to complete your migration.
When you migrate a Configuration Manager 2007 package to System Center 2012 Configuration Manager, it remains a package after migration. If you want to deploy the software from your Configuration Manager 2007 packages by using the new application model, you can use the Package Conversion Manager to convert package and programs into System Center 2012 Configuration Manager applications.
This type of information is easily recreated by an active client when it sends data to its System Center 2012 Configuration Manager site. Typically, it is only the current information from each client that provides useful information. To retain access to historical inventory information you can keep a Configuration Manager 2007 site active until the historical data is no longer required.
When you migrate content to System Center 2012 Configuration Manager, you are really migrating the metadata about that content. The content itself might remain hosted on a shared distribution point during migration, or on a distribution point that you will upgrade to System Center 2012 Configuration Manager. Because the site that owns the content is responsible for monitoring the source files for changes, plan to specify a site that is near to the source file location on the network.
Shared distribution points are Configuration Manager 2007 distribution points that can be used by System Center 2012 Configuration Manager clients during the migration period. A distribution point can be shared only when the Configuration Manager 2007 hierarchy that contains the distribution point remains the active source hierarchy and distribution point sharing is enabled for the source site that contains the distribution point. Sharing distribution points ends when you complete migration from the Configuration Manager 2007 hierarchy.
System Center 2012 Configuration Manager can upgrade supported Configuration Manager 2007 distribution points to System Center 2012 Configuration Manager distribution points. This upgrade allows you to maintain your existing distribution points with minimal effort or disruption to your network. You can also use the prestage option for System Center 2012 Configuration Manager distribution points to reduce the transfer of large files across low-bandwidth network connections.
You can perform an in-place upgrade of a Configuration Manager 2007 distribution point that preserves all content during the upgrade. This includes an upgrade of a distribution point on a server share, a branch distributing point, or standard distribution point.
You can perform an in-place upgrade of a Configuration Manager 2007 secondary site to a System Center 2012 Configuration Manager distribution point. During the upgrade, all migrated content is preserved.
During the upgrade to a System Center 2012 Configuration Manager distribution point, all migrated content is copied and then converted to the single instance store. The original Configuration Manager 2007 content remains on the server until it is manually removed.
You can migrate data from more than one Configuration Manager 2007 hierarchy however, you can only migrate one hierarchy at a time. You can migrate the hierarchies in any order. However, you cannot migrate data from multiple hierarchies that use the same site code. If you try to migrate data from a site that uses the same site code as a migrated site, this corrupts the data in the System Center 2012 Configuration Manager database.
System Center 2012 Configuration Manager supports migrating a Configuration Manager 2007 environment that is at a minimum of Service Pack 2.
You can migrate the following objects from Configuration Manager 2007 to System Center 2012 Configuration Manager:
- Configuration baselines and configuration items
- Operating system deployment boot images, driver packages, drivers, images, and packages
- Software distribution packages
- Software metering rules
- Software update deployment packages and templates
- Software update deployments
- Software update lists
- Task sequences
- Virtual application packages
For more information, see Objects That Can Migrate by Migration Job Type
No. Clients that you upgrade from Configuration Manager 2007 will not rerun advertisements that you migrate. System Center 2012 Configuration Manager retains the Configuration Manager 2007 Package ID for packages you migrate and clients that upgrade retain their advertisement history.
You can use a task sequence to deploy applications. However, when you configure an application deployment rather than use a task sequence, you benefit from the following:
- You have a richer monitoring and compliance experience.
- You can supersede a previous version of the application and can uninstall or upgrade the previous version.
- You can deploy applications to users.
For more information about how to deploy applications, see Introduction to Application Management in Configuration Manager.
The following frequently asked questions relate to security in System Center 2012 Configuration Manager.
If you install System Center 2012 Configuration Manager, there is no additional configuration because the Active Directory user account used to install Configuration Manager is automatically assigned to the Full Administrator security role, assigned to All Scopes, and has access to the All Systems and All Users and User Groups collections. However, if you want to provide full administrative permissions for other Active Directory users to access System Center 2012 Configuration Manager, create new administrative users in Configuration Manager using their Windows accounts and then assign them to the Full Administrator security role.
Unlike Configuration Manager 2007, sites no longer provide a security boundary. Instead, use role-based administration security roles to configure the permissions different administrative users have, and security scopes and collections to define the set of objects they can view and manage. These settings can be configured at a central administration site or any primary site and are enforced at all sites throughout the hierarchy.
As a best practice, specify a security group rather than user accounts when you configure administrative users for role-based administration.
Role-based administration does not support an explicit deny action on security roles, security scopes, or collections assigned to an administrative user. Instead, configure security roles, security scopes, and collections to grant permissions to administrative users. If users do not have permissions to objects by use of these role-based administration elements, they might have only partial access to some objects, for example they might be able to view, but not modify specific objects. However, you can use collection membership to exclude collections from a collection that is assigned to an administrative user.
Run the report Security for a specific or multiple Configuration Manager objects to find the object types that can be assigned to security roles. Additionally you can view the list of objects for a security role by viewing the security roles Properties and selecting the Permissions tab.
The following frequently asked questions relate to deploying clients and client operations in System Center 2012 Configuration Manager.
Yes. System Center 2012 Configuration Manager supports the same client installation methods that Configuration Manager 2007 supports: client push, software update-based, group policy, manual, logon script, and image-based. For more information, see How to Install Clients on Computers in Configuration Manager.
Yes, client status is new in System Center 2012 Configuration Manager and allows you to monitor the activity of clients and check and remediate various problems that can occur.
You can view the client health rules in the %windir%\CCM\ccmeval.xml file that is installed on the client but Configuration Manager does not support changes to the file. Instead, use compliance settings in Configuration Manager to check for additional items that you consider required for the health of your clients. For example, you might check for specific registry key entries, files, and permissions.
Configuration Manager contains many improvements since Configuration Manager 2007 to help you manage clients when they are on the Internet:
- Configuration Manager supports a gradual transition to using PKI certificates, and not all clients and site systems have to use PKI certificates before you can manage clients on the Internet. For more information, see Planning a Transition Strategy for PKI Certificates and Internet-Based Client Management.
- The certificate selection process that Configuration Manager uses is improved by using a certificate issuers list. For more information, see Planning for the PKI Trusted Root Certificates and the Certificate Issuers List.
- Unless the Configuration Manager client is installed on the Internet or is configured as Internet-only, you no longer have to configure the client with an Internet-based management point. Instead, the client will automatically retrieve a list of Internet-based management points when it is on the intranet.
- Although deploying an operating system is still not supported over the Internet, you can deploy generic task sequences for clients that are on the Internet.
- If the Internet-based management point can authenticate the user, user polices are now supported when clients are on the Internet. This functionality supports user-centric management and user device affinity for when you deploy applications to users.
I want to move my Intel AMT-based computers that I provisioned with Configuration Manager 2007 to System Center 2012 Configuration Manager. Can I use the same Active Directory security group, OU, and web server certificate template?
AMT-based computers that were provisioned with Configuration Manager 2007 must have their provisioning data removed before you migrate them to System Center 2012 Configuration Manager, and then provisioned again by System Center 2012 Configuration Manager. Because of functional changes between the versions, the security group, OU, and web server certificate template have different requirements:
- If you used a security group in Configuration Manager 2007 for 802.1X authentication, you can continue to use this group if it is a universal security group. If it is not a universal group, you must convert it or create a new universal security group for System Center 2012 Configuration Manager. The security permissions of Read Members and Write Members for the site server computer account remain the same.
- The OU can be used without modification. However, System Center 2012 Configuration Manager no longer requires Full Control to this object and all child objects. You can reduce these permissions to Create Computer Objects and Delete Computer Objects on this object only.
- The web server certificate template from Configuration Manager 2007 cannot be used in System Center 2012 Configuration Manager without modification. This certificate template no longer uses Supply in the request and the site server computer account no longer requires Read and Enroll permissions.
For more information about the security group and OU, see Step 1 in How to Provision and Configure AMT-Based Computers in Configuration Manager.
For more information about the certificate requirements, see PKI Certificate Requirements for Configuration Manager and the example deployment, Deploying the Certificates for AMT.
When the certificate on the mobile device is due for renewal, users are automatically prompted to accept the new certificate. When they confirm the prompt, Configuration Manager automatically re-enrolls their mobile device.
You must wipe the mobile device if you no longer want it to be enrolled in System Center 2012 Configuration Manager. When you wipe a mobile device, this action deletes all data that is stored on the mobile device and on any attached memory cards. In addition, the certificate that was issued during enrollment is revoked with the following reason: Cease of Operation.
No. In this dual management scenario, Configuration Manager sends the wipe command in the client policy and by using the Exchange Server connector, and then monitors the wipe status for the mobile device. As soon as Configuration Manager receives a wipe confirmation from the mobile device, it cancels the second and pending wipe command so that the mobile device is not wiped twice.
Yes, if you only want to find mobile devices and retrieve inventory data from them as a read-only mode of operation, you can do this by granting a subset of the cmdlets that the account uses to connect to the Exchange Client Access server. The required cmdlets for a read-only mode of operation are as follows:
When the Exchange Server connector operates with these limited permissions, you cannot create access rules, or wipe mobile devices, and mobile devices will not be configured with the settings that you define. In addition, Configuration Manager will generate alerts and status messages to notify you that it could not complete operations that are related to the Exchange Server connector.
The following frequently asked questions relate to software updates, applications, scripts, task sequences, device drivers, configuration items, and configuration baselines.
System Center 2012 Configuration Manager applications contain the administrative details and Application Catalog information necessary to deploy a software package or software update to a computer or mobile device.
A deployment type is contained within an application and specifies the installation files and method that Configuration Manager will use to install the software. The deployment type contains rules and settings that control if and how the software is installed on client computers.
The deployment purpose defines what the deployment should do and represents the administrator’s intent. For example, an administrative user might require the installation of software on client computers or might just make the software available for users to install themselves. A global condition can be set to check regularly that required applications are installed and to reinstall them if they have been removed.
Global conditions are conditions used by requirement rules. Requirement rules set a value for a deployment type for a global condition. For example, “operating system =” is a global condition; a requirement rule is “operating system = Win7.”
To make a deployment optional, configure the deployment purpose as Available in the applications deployment type. Available applications display in the Application Catalog where users can install them.
Yes. Users can browse a list of available software in the Application Catalog. Users can then request an application which, if approved, will be installed on their computer. To make a deployment optional, configure the deployment purpose as Available in the applications deployment type.
Some scenarios, such as the deployment of a script that runs on a client computer but that does not install software, are more suited to using a package and program rather than an application.
Yes. You can configure multiple deployment types for an application. Rules that specify which deployment type is run allows you to specify how the application is made available to the user.
Yes. Configuration Manager collects usage statistics from client devices that can be used to automatically define user device affinities or to help you manually create affinities.
Yes. You can see migrated packages and programs in the Packages node in the Software Library workspace. You can also use the Import Package from Definition Wizard to import Configuration Manager 2007 package definition files into your site.
Yes. In System Center 2012 Configuration Manager, the term software includes software updates, applications, scripts, task sequences, device drivers, configuration items, and configuration baselines.
The term “device” in System Center 2012 Configuration Manager applies to a computer or a mobile device such as a Windows Mobile Phone.
Depending on the deployment purpose you have specified in the deployment type of an application, System Center 2012 Configuration Manager periodically checks that the state of the application is the same as its purpose. For example, if an application’s deployment type is specified as Required, Configuration Manager reinstalls the application if it has been removed. Only one deployment type can be created per application and collection pair.
No, you can continue to deploy packages and programs that have been migrated from your Configuration Manager 2007 site. However, packages and programs cannot use some of the new features of System Center 2012 Configuration Manager such as requirement rules, dependencies and supersedence.
If you don’t require HTTPS connections (for example, users will not connect from the Internet), the quick guide instructions are as follows:
1. Make sure that you have all the prerequisites for the Application Catalog site roles. For more information, see Prerequisites for Application Management in Configuration Manager.
2. Install the following Application Catalog site system roles and select the default options:
· Application Catalog web service point
· Application Catalog website point
3. Configure the following Computer Agent device client settings by editing the default client settings, or by creating and assigning custom client settings:
· Default Application Catalog website point: Automatically detect
· Add default Application Catalog website to Internet Explorer trusted site zone: True
· Install Permissions: All users
For full instructions, see Configuring the Application Catalog and Software Center in Configuration Manager.
No. Software update groups are new in System Center 2012 Configuration Manager and replace update lists that were used in Configuration Manager 2007.
Software update groups provide a more effective method for you to organize software updates in your environment. You can manually add software updates to a software update group or software updates can be automatically added to a new or existing software update group by using an automatic deployment rule. You can also deploy a software update group manually or automatically by using an automatic deployment rule. After you deploy a software update group, you can add new software updates to the group and they will automatically be deployed.
Yes. You can create automatic deployment rules to automatically approve and deploy software updates that meet specified search criteria.
The following frequently asked questions relate to remote control.
By default, remote control is disabled on client computers. Enable remote control as a default client setting for the hierarchy, or by using custom client settings that you apply to selected collections.
TCP 2701 is the only port that System Center 2012 Configuration Manager uses for remote control. When you enable remote control as a client setting, you can select one of three firewall profiles that automatically configure this port on Configuration Manager clients; Domain, Private, or Public.
The Permitted Viewers List grants an administrative user the Remote Control permission for a computer, and the role-based administration security role of Remote Tools Operator grants an administrative user the ability to connect a Configuration Manager console to a site so that audit messages are sent when they manage computers by using remote control.
Yes. In the Configuration Manager remote control window, click Action, and then click Send Ctrl+Alt+Del.
You can find this out by using the remote control reports: Remote Control – All computers remote controlled by a specific user and Remote Control – All remote control information. For more information, see How to Audit Remote Control Usage in Configuration Manager.
The remote control settings for System Center 2012 Configuration Manager clients are now in Software Center, on the Remote Access tab.
The following frequently asked questions relate to collections.
In System Center 2012 Configuration Manager, all collections must be limited to the membership of another collection. When you create a collection, you must specify a limiting collection. A collection is always a subset of its limiting collection. For more information, see How to Create Collections in Configuration Manager.
Yes. System Center 2012 Configuration Manager includes two new collection rules, the Include Collections rule and the Exclude Collections rule that allow you to include or exclude the membership of specified collections. For more information, see How to Create Collections in Configuration Manager.
No. Collections configured by using query rules that use certain classes do not support incremental updates. For a list of these classes, see How to Create Collections in Configuration Manager.
The following frequently asked questions relate to power management.
There is no report in System Center 2012 Configuration Manager that displays which collections of computers have a power plan applied. However, in the Device Collections list, you can select the Power Configurations column to display whether a collection has a power plan applied.
The following frequently asked questions relate to Endpoint Protection.
Endpoint Protection is fully integrated with System Center 2012 Configuration Manager and no longer requires a separate installation. In addition, there are a number of new features and enhancements in Endpoint Protection. For more information, see the Endpoint Protection section in the What’s New in Configuration Manager topic.
Yes, you can deploy Endpoint Protection definitions by using Configuration Manager software updates. For more information, see Step 3: Configure Configuration Manager Software Updates to Deliver Definition Updates to Client Computers in the How to Configure Endpoint Protection in Configuration Manager topic.
More coming soon………