Transcript Document

© 2012 Microsoft Corporation. All rights reserved.
Microsoft Confidential
System Center 2012 Configuration Manager
Concepts & Administration
Module 3: Configuring System Center 2012 Configuration
Manager Discovery and Deploying Clients
Microsoft Confidential
Conditions and Terms of Use
Microsoft Confidential
This training package is proprietary and confidential, and is intended only for uses described in the training materials. Content and software
is provided to you under a Non-Disclosure Agreement and cannot be distributed. Copying or disclosing all or any portion of the content
and/or software included in such packages is strictly prohibited.
The contents of this package are for informational and training purposes only and are provided "as is" without warranty of any kind,
whether express or implied, including but not limited to the implied warranties of merchantability, fitness for a particular purpose, and noninfringement.
Training package content, including URLs and other Internet Web site references, is subject to change without notice. Because Microsoft
must respond to changing market conditions, the content should not be interpreted to be a commitment on the part of Microsoft, and
Microsoft cannot guarantee the accuracy of any information presented after the date of publication. Unless otherwise noted, the companies,
organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no
association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should
be inferred.
Copyright and Trademarks
© 2012 Microsoft Corporation. All rights reserved.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in written license agreement from Microsoft, the furnishing of this document does not give you any
license to these patents, trademarks, copyrights, or other intellectual property.
Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this
document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic,
mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
For more information, see Use of Microsoft Copyrighted Content at
http://www.microsoft.com/about/legal/permissions/
Microsoft®, Internet Explorer®, and Windows® are either registered trademarks or trademarks of Microsoft Corporation in the United
States and/or other countries. Other Microsoft products mentioned herein may be either registered trademarks or trademarks of Microsoft
Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Overview
Discovery overview
Differences in Discovery methods
Delta Discovery
Boundaries and Active Directory Forest Discovery
Boundary Groups in Configuration Manager
Deploying clients
3
Microsoft Confidential
Objective
In this lesson you will
Learn what System Center 2012 Configuration Manager Discovery
Method is.
Be introduced to the 6 discovery methods.
Gain an understanding of Delta Discovery and it’s uses.
Understand how to use Boundaries and Active Directory Forest
Discovery.
Learn about Boundary Groups.
Understand the different ways you can Deploy Clients.
4
Microsoft Confidential
Discovery in System Center 2012 Configuration
Manager
What is a Discovery Method?
Configuration Manager uses discovery to add new resources (users
or computers) or information about existing resources (Group or
OU membership) to the Configuration Manager database
There are 6 discovery methods in Configuration Manager:
Active Directory System Discovery
Active Directory User Discovery
Active Directory Group Discovery
Network Discovery
Heartbeat Discovery
Active Directory Forest Discovery
5
Microsoft Confidential
Active Directory System Discovery
Active Directory System Discovery now supports filtering objects
based upon Active Directory activity, using the following
attributes:
Lastlogontimestamp: Record the last logon timestamp of the
computer. It requires Domain function level >= Windows Server 2003
Pwdlastset: Record the last time when the computer changes its
password. By default Active Directory policy enforces each computer
changing password every 30 days
Can be configured at Primary sites only
Should be tuned to only discover the computers that will be
managed at a primary site
An account can be specified to discover resources. If no account
is specified, the Configuration Manager server account will be
used. This account is required to discover resources in untrusted
forests
Delta Discovery is available
6
Microsoft Confidential
Active Directory User Discovery
Adds Domain user account information to Configuration
Manager
By default, Active Directory User Discovery collects:
User name
Unique user name
Active Directory domain
Active Directory container name
Can be configured at Primary sites only
Should be tuned to only discover the users that will be managed
at a Primary site
An account can be specified to discover resources. If no account
is specified the Configuration Manager server account will be
used. This account is required to discover resources in untrusted
forests
Delta Discovery is available
7
Microsoft Confidential
Active Directory Group Discovery
Adds Organizational Unit and Domain information about
Security Groups
Discovers User/Security Group relationships
Discovers System/Security Group relationships
Can be configured at Primary sites only
An account can be specified to discover resources. If no
account is specified the Configuration Manager Server
account will be used. This account is required to discover
resources in untrusted forests
Delta Discovery is available
8
Microsoft Confidential
Delta Discovery
Enhances the discovery capabilities by discovering only new or
changed resources in Active Directory instead of performing a
full discovery cycle
Discovery can detect changes on Active Directory objects for the
following most common changes:
New computers or users added to AD or to a group
Changes to basic computer and user information
Computers or users that are removed from a group
Changes to System group objects
It is only available with:
Active Directory System Discovery
Active Directory User Discovery
Active Directory Group Discovery
Works with the “Use incremental updates for this collection”
option to add resources to collections faster
No longer need to update collections faster than 1 day in most
cases
9
Microsoft Confidential
Network Discovery
Discovers the following:
NetBIOS name
IP addresses
Resource domain
System roles
SNMP community name
MAC addresses
Can discover resources not joined to the domain but on the
network (workgroup clients). However client push installation
may not work
Network Discovery searches your network for IP-enabled
resources by querying Microsoft DHCP servers, Address
Resolution Protocol (ARP) caches in routers, and/or SNMPenabled devices
Can generate a lot of network traffic
Can generate unmanageable devices (printers and routers) in the
Configuration Manager console
10
Microsoft Confidential
Heartbeat Discovery
Initiated by an installed client
Keeps client records up to date in Configuration Manager
The only discovery method that returns a client GUID as
part of the discovery record
Is also the only one to dictate whether clients are seen as
installed in the Configuration Manager console
Heartbeat discovery data is used by the "Delete Inactive
Client Discovery Data" and “Clear Install Flag” maintenance
tasks to either delete records from the Configuration
Manager database, or change them to Client=No
12
Microsoft Confidential
Demonstration
Configuration of all discovery methods
13
Microsoft Confidential
Active Directory Forest Discovery
Active Directory Forest Discovery adds boundaries and not
computer information
Helps to ensure clients correctly assigned to Configuration
Manager sites
Use Active Directory Forest Discovery to do the following:
Discover IP subnets in an Active Directory forest
Discover Active Directory sites in an Active Directory forest
Add the IP subnets and Active Directory sites that are discovered as
boundaries in Configuration Manager
Publish to the Active Directory Domain Services of a forest when
publishing to that forest is enabled, and the specified Active
Directory Forest Account has permissions to that forest
14
Microsoft Confidential
Boundaries and Boundary Groups
Can be any of the following:
IP range
IP subnet
Active Directory site
IPv6 prefix
Boundary Group for site assignment and/or content
location
Overlapping site boundaries:
Supported for content location
Not supported for site assignments
15
Microsoft Confidential
Demonstration
Boundary Creation and Active Directory Forest discovery
16
Microsoft Confidential
Client installation in System Center 2012
Configuration Manager
Client installation Methods
What’s new in Configuration Manager for client
deployment
Planning for and configuring client deployment in
Configuration Manager
Dependencies external to Configuration Manager
17
Microsoft Confidential
Client Installation
19
Client Installation Method
Description
Automatically Upgrade
(new)
Use this method to automatically upgrade client when it identifies that a
client that is assigned to the site is below a version that you specify.
Client push installation
Use this method to automatically install the client to assigned resources
and to manually install the client to resources that are not assigned
Software update point
installation
Used to install the client using the Configuration Manager software
updates feature
Group Policy installation
Used to install the client using Windows Group Policy
Logon script installation
Used to install the client by means of a logon script
Manual installation
Used to manually install the client software
Upgrade installation
Uses Configuration Manager application management to upgrade
Configuration Manager clients to a newer version. You can also use
Configuration Manager 2007 software distribution to upgrade clients to
Configuration Manager and assign it to the new site
Client Imaging
Used to pre-stage the client installation in an operating system image
Microsoft Confidential
Automatically Upgrade
Client Installation
Method
Advantage
Automatically Upgrade


Disadvantage
Can be used to automatically
upgrade client software
Do not have to worry about any
other manual steps once it’s
enabled and package is
distributed to all DPs.


20
Microsoft Confidential
Is intended to be used
alongside other client
installation methods and is not
intended to be the main
method to install or upgrade
the Configuration Manger client
software.
If you make changes to the
client software on CAS by
adding a hotfix or language
pack, you must redistribute the
program content to all DPs in
the hierarchy. The program for
the installation package is
hidden and you cannot modify
it.
Client Push Installation
Client Installation
Method
Advantage
Client push installation



Disadvantage
Can be used to install the client
on a single computer, a collection
of computers
Can be used to automatically
install the client on discovered
computers
Automatically uses client
installation properties defined on
the Client tab of the Client Push
Installation Properties dialog box





22
Microsoft Confidential
Can cause high network traffic
when pushing to large
collections.
Can only be used on computers
that have been discovered by
Configuration Manager
Not supported to install clients
in a workgroup
A client push installation
account should be specified
which has administrative rights
to the intended client computer
The Windows firewall must be
configured on client computers
with exceptions to allow client
push installation to complete
Client Push Installation (continued)
To exclude computers from automatic site-wide client push
• Open Regedit and locate
HKEY_LOCAL_MACHINE/Software/Microsoft/SMS/Components
/SMS_DISCOVERY_DATA_MANAGER
• Double-click the key ExcludeServers to open the Edit Multi-String
window
• In the Edit Multi-String window, specify the NetBIOS name of
each computer that you want to exclude
• Press the Enter key after you type each computer name to ensure
that each computer name appears on a separate line
23
Microsoft Confidential
Software Update Point Based Installation
Client Installation
Method
Advantage
Software update point
based installation






24
Disadvantage
Can use your existing
Configuration Manager software
updates infrastructure to manage
the client software
Can automatically install the client
software on new computers if
WSUS and Active Directory Group
Policy is configured correctly
Does not require computers to be
discovered before the client can
be installed
Computers can read client
installation properties that have
been published to Active
Directory Domain Services
Will reinstall the client software if
it is removed
No Local administrator account is
required
Microsoft Confidential





Requires a functioning software
updates infrastructure as a
prerequisite
Must use the same server for
client installation and software
updates, and this server must
reside in a primary site
To install new clients, you must
configure an Active Directory
Group Policy object with the
client's active software update
point and port
If the Active Directory schema is
not extended for Configuration
Manager, you must use Group
Policy to provision computers
with client installation
properties
Missing prerequisites can cause
client reboots
Group Policy Installation
Client Installation
Method
Advantage
Group Policy
installation




26
Disadvantage
Does not require
computers to be
discovered before the client
can be installed
Can be used for new client
installations or for
upgrades
Computers can read client
installation properties that
have been published to
Active Directory
No Admin account is
required
Microsoft Confidential


Can cause high network
traffic if a large number of
clients are being installed
If the Active Directory
schema is not extended
for Configuration
Manager 2012, you must
use Group Policy to add
client installation
properties to computers
in your site
Logon Script Installation
Client Installation
Method
Advantage
Logon script
installation


27
Disadvantage
Does not require computers to
be discovered before the client
can be installed
Supports using command line
properties for CCMSetup
Microsoft Confidential

Can cause high network traffic
if a large number of clients are
being installed over a short
time period
Manual Installation
Client Installation
Method
Advantage
Manual
installation



28
Disadvantage
Does not require
computers to be
discovered before the client
can be installed
Can be useful for testing
purposes
Supports using command
line properties for
CCMSetup
Microsoft Confidential

No automation, therefore
time consuming
Manual Installation (continued)
• CCMsetup is used with command line options to control site
assignment and other options
• For example, CCMSetup.exe /mp:SMSMP01 /logon
SMSSITECODE=S01 FSP=SMSFSP01 performs the following
actions:
• Specifies to download installation files from the Management
Point named SMSMP01
• Specifies that installation should stop if any version of the
Configuration Manager client already exists on the computer
• Instructs client.msi to assign the client to the site code S01
• Instructs client.msi to use the Fallback Status Point named
SMSFP01
29
Microsoft Confidential
Upgrading Client
Client Installation
Method
Advantage
Upgrade
installation


30
Disadvantage
Can leverage the features
of Configuration Manager
to upgrade the client by
collection, or to a defined
timescale
Supports using command
line properties for
CCMSetup
Microsoft Confidential

Can cause high network
traffic when distributing
the client to large
collections
Other Client Installation Considerations
OSD imaging
Easily done as part of Configuration Manager OSD
You must remove any computer-specific certificates that are installed
on the master image computer in order to avoid duplicate GUIDS
Configuration Manager clients on workgroup computers
Manual installation and site assignment is usually required
Workgroup clients cannot locate management points from Active
Directory Domain Services, and instead must use DNS or WINS
Clients on the Internet
PKI is required
No support installing a client directly from the Internet-based
management point or from the Internet-based software update point
If possible connect clients to the intranet in order to install the client
and certificates
Client installation binaries are approximately 100 MB
31
Microsoft Confidential
Client Assignment
Using manual site assignment
Use a client installation property that specifies the site code
In Control Panel\Configuration Manager, specify the site code
Using automatic site assignment
Based on Boundaries
What’s new in Configuration Manager for site assignment?
For automatic site assignment to succeed with Boundary
information, the Boundary must be configured in a Boundary
Group that is configured for site assignment
Fallback Site Assignment if the client is not in any boundaries
Clients can now download site settings from the Management Point
after they have assigned to the site if they cannot locate these
settings from Active Directory Domain Services
33
Microsoft Confidential
Client Deployments changes in SP1
Configuration Manager clients now uses Microsoft
Silverlight 5 for the Application Catalog
Changes to automatic client upgrade discussed earlier
Configures the Computer Agent client setting Allow
Silverlight applications to run in elevated trust mode to
Yes by default
Configures the Computer Agent client setting, PowerShell
execution policy: All Signed by default
New Client installation switches can be add to client push
viz., /forcereboot , /skipprereq , /logon /BITSPriority ,
/Downloadtimeout and /forceinstall
35
Microsoft Confidential
Client Deployments changes in SP1 – (continued)
Added new Computer Agent client setting, Disable
deadline randomization and is to yes by default
Install the Configuration Manager client on computers that
run Mac OS X
Install the Configuration Manager client on servers that run
a supported version of Linux or UNIX
Added a new client notification communication TCP port
10123 if you don’t want to use default HTTP/HTTPS ports
36
Microsoft Confidential
Changes in Client Management –SP1
Configuration Manager client supports Windows 8 Always
On Always Connected can detect the following states on an
Always On Always Connected device
Whether networking is turned on or off
Whether the device is running on battery power or plugged in
The battery power remaining
Whether the device is in idle mode
Whether the device is in its Windows Automatic Maintenance
window
Whether the device is using a metered Internet connection
Added new client agent setting for Windows 8 client
computers transfer data over metered Internet connections
by using the Metered Internet Connections
37
Microsoft Confidential
Changes in Client Management –SP1
On Client agent running on Windows 7/8 and Windows
server 2008 R2/2012, We can supplement Wake on LAN
site setting for unicast packets by using the wake-up proxy
client settings. This combination helps to wake up
computers on subnets without the requirement to
reconfigure network switches
Added new Client Setting Cloud Services which will allow
clients to access cloud Distribution point using Windows
Azure services
38
Microsoft Confidential
Lesson Review
What is the new added Distribution point called and what
are the requirements?
What are some of the changes in Sp1 related to Client
Settings?
39
Microsoft Confidential
Lab: Discovery and Client Installation
Scenario
This lab will show you how to set
up site boundaries, configure
discovery, and install clients
Goals
Add Boundaries
Configure Discovery methods
Install the Configuration
Manager client
40
Microsoft Confidential
Lesson Summary
Discovery overview
Differences in Discovery methods
Delta Discovery
Boundaries and Active Directory Forest Discovery
Boundary Groups in Configuration Manager
Deploying clients
41
Microsoft Confidential