Beruflich Dokumente
Kultur Dokumente
10748A
Deploying System Center 2012
Configuration Manager
MCT USE ONLY. STUDENT USE PROHIBITED
ii 10748A: Deploying System Center 2012 Configuration Manager
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
2012 Microsoft Corporation. All rights reserved.
Released: 06/2012
MCT USE ONLY. STUDENT USE PROHIBITED
MICROSOFT LICENSE TERMS
OFFICIAL MICROSOFT LEARNING PRODUCTS
MICROSOFT OFFICIAL COURSE Pre-Release and Final Release Versions
These license terms are an agreement between Microsoft Corporation and you. Please read them. They apply to
the Licensed Content named above, which includes the media on which you received it, if any. These license
terms also apply to any updates, supplements, internet based services and support services for the Licensed
Content, unless other terms accompany those items. If so, those terms apply.
BY DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS. IF YOU DO NOT ACCEPT
THEM, DO NOT DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below.
1. DEFINITIONS.
a. Authorized Learning Center means a Microsoft Learning Competency Member, Microsoft IT Academy
Program Member, or such other entity as Microsoft may designate from time to time.
b. Authorized Training Session means the Microsoft-authorized instructor-led training class using only
MOC Courses that are conducted by a MCT at or through an Authorized Learning Center.
c. Classroom Device means one (1) dedicated, secure computer that you own or control that meets or
exceeds the hardware level specified for the particular MOC Course located at your training facilities or
primary business location.
d. End User means an individual who is (i) duly enrolled for an Authorized Training Session or Private
Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. Licensed Content means the MOC Course and any other content accompanying this agreement.
Licensed Content may include (i) Trainer Content, (ii) software, and (iii) associated media.
f. Microsoft Certified Trainer or MCT means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program, and (iii) holds a Microsoft
Certification in the technology that is the subject of the training session.
g. Microsoft IT Academy Member means a current, active member of the Microsoft IT Academy
Program.
h. Microsoft Learning Competency Member means a Microsoft Partner Network Program Member in
good standing that currently holds the Learning Competency status.
i. Microsoft Official Course or MOC Course means the Official Microsoft Learning Product instructor-
led courseware that educates IT professionals or developers on Microsoft technologies.
MCT USE ONLY. STUDENT USE PROHIBITED
j. Microsoft Partner Network Member or MPN Member means a silver or gold-level Microsoft Partner
Network program member in good standing.
k. Personal Device means one (1) device, workstation or other digital electronic device that you
personally own or control that meets or exceeds the hardware level specified for the particular MOC
Course.
l. Private Training Session means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective. These classes are not advertised or
promoted to the general public and class attendance is restricted to individuals employed by or
contracted by the corporate customer.
m. Trainer Content means the trainer version of the MOC Course and additional content designated
solely for trainers to use to teach a training session using a MOC Course. Trainer Content may include
Microsoft PowerPoint presentations, instructor notes, lab setup guide, demonstration guides, beta
feedback form and trainer preparation guide for the MOC Course. To clarify, Trainer Content does not
include virtual hard disks or virtual machines.
2. INSTALLATION AND USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is
licensed on a one copy per user basis, such that you must acquire a license for each individual that
accesses or uses the Licensed Content.
2.1 Below are four separate sets of installation and use rights. Only one set of rights apply to you.
ii. Use of Instructional Components in Trainer Content. You may customize, in accordance with the
most recent version of the MCT Agreement, those portions of the Trainer Content that are logically
associated with instruction of a training session. If you elect to exercise the foregoing rights, you
agree: (a) that any of these customizations will only be used for providing a training session, (b) any
customizations will comply with the terms and conditions for Modified Training Sessions and
Supplemental Materials in the most recent version of the MCT agreement and with this agreement.
For clarity, any use of customize refers only to changing the order of slides and content, and/or
not using all the slides or content, it does not mean changing or modifying any slide or content.
2.2 Separation of Components. The Licensed Content components are licensed as a single unit and you
may not separate the components and install them on different devices.
2.4 Third Party Programs. The Licensed Content may contain third party programs or services. These
license terms will apply to your use of those third party programs or services, unless other terms accompany
those programs and services.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to that respective component and supplements the terms described in this Agreement.
3. PRE-RELEASE VERSIONS. If the Licensed Content is a pre-release (beta) version, in addition to the other
provisions in this agreement, then these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content is a pre-release version. It may not contain the
same information and/or work the way a final version of the Licensed Content will. We may change it
for the final version. We also may not release a final version. Microsoft is under no obligation to
provide you with any further content, including the final release version of the Licensed Content.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft software, Microsoft product, or service that includes the feedback. You
will not give feedback that is subject to a license that requires Microsoft to license its software,
technologies, or products to third parties because we include your feedback in them. These rights
MCT USE ONLY. STUDENT USE PROHIBITED
survive this agreement.
c. Term. If you are an Authorized Training Center, MCT or MPN, you agree to cease using all copies of the
beta version of the Licensed Content upon (i) the date which Microsoft informs you is the end date for
using the beta version, or (ii) sixty (60) days after the commercial release of the Licensed Content,
whichever is earliest (beta term). Upon expiration or termination of the beta term, you will
irretrievably delete and destroy all copies of same in the possession or under your control.
4. INTERNET-BASED SERVICES. Microsoft may provide Internet-based services with the Licensed Content,
which may change or be canceled at any time.
a. Consent for Internet-Based Services. The Licensed Content may connect to computer systems over an
Internet-based wireless network. In some cases, you will not receive a separate notice when they
connect. Using the Licensed Content operates as your consent to the transmission of standard device
information (including but not limited to technical information about your device, system and
application software, and peripherals) for internet-based services.
b. Misuse of Internet-based Services. You may not use any Internet-based service in any way that could
harm it or impair anyone elses use of it. You may not use the service to try to gain unauthorized access
to any service, data, account or network by any means.
5. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some rights
to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
install more copies of the Licensed Content on devices than the number of licenses you acquired;
allow more individuals to access the Licensed Content than the number of licenses you acquired;
publicly display, or make the Licensed Content available for others to access or use;
install, sell, publish, transmit, encumber, pledge, lend, copy, adapt, link to, post, rent, lease or lend,
make available or distribute the Licensed Content to any third party, except as expressly permitted
by this Agreement.
reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation;
access or use any Licensed Content for which you are not providing a training session to End Users
using the Licensed Content;
access or use any Licensed Content that you have not been authorized by Microsoft to access and
use; or
transfer the Licensed Content, in whole or in part, or assign this agreement to any third party.
6. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to you in
this agreement. The Licensed Content is protected by copyright and other intellectual property laws and
treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content. You may not remove or obscure any copyright, trademark or patent notices that
appear on the Licensed Content or any components thereof, as delivered to you.
MCT USE ONLY. STUDENT USE PROHIBITED
7. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations. You
must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, End Users and end use. For additional
information, see www.microsoft.com/exporting.
8. LIMITATIONS ON SALE, RENTAL, ETC. AND CERTAIN ASSIGNMENTS. You may not sell, rent, lease, lend or
sublicense the Licensed Content or any portion thereof, or transfer or assign this agreement.
9. SUPPORT SERVICES. Because the Licensed Content is as is, we may not provide support services for it.
10. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon any termination of this agreement, you
agree to immediately stop all use of and to irretrievable delete and destroy all copies of the Licensed
Content in your possession or under your control.
11. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed Content.
The third party sites are not under the control of Microsoft, and Microsoft is not responsible for the
contents of any third party sites, any links contained in third party sites, or any changes or updates to third
party sites. Microsoft is not responsible for webcasting or any other form of transmission received from
any third party sites. Microsoft is providing these links to third party sites to you only as a convenience,
and the inclusion of any link does not imply an endorsement by Microsoft of the third party site.
12. ENTIRE AGREEMENT. This agreement, and the terms for supplements, updates and support services are
the entire agreement for the Licensed Content.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that
country apply.
14. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws of
your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.
15. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS," "WITH ALL FAULTS," AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT CORPORATION AND ITS RESPECTIVE
AFFILIATES GIVE NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS UNDER OR IN RELATION TO
THE LICENSED CONTENT. YOU MAY HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS
WHICH THIS AGREEMENT CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS,
MICROSOFT CORPORATION AND ITS RESPECTIVE AFFILIATES EXCLUDE ANY IMPLIED WARRANTIES OR
CONDITIONS, INCLUDING THOSE OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NON-INFRINGEMENT.
MCT USE ONLY. STUDENT USE PROHIBITED
16. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. TO THE EXTENT NOT PROHIBITED BY
LAW, YOU CAN RECOVER FROM MICROSOFT CORPORATION AND ITS SUPPLIERS ONLY DIRECT
DAMAGES UP TO USD$5.00. YOU AGREE NOT TO SEEK TO RECOVER ANY OTHER DAMAGES, INCLUDING
CONSEQUENTIAL, LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES FROM MICROSOFT
CORPORATION AND ITS RESPECTIVE SUPPLIERS.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this agreement
are provided below in French.
Remarque : Ce le contenu sous licence tant distribu au Qubec, Canada, certaines des clauses dans ce
contrat sont fournies ci-dessous en franais.
EXONRATION DE GARANTIE. Le contenu sous licence vis par une licence est offert tel quel . Toute
utilisation de ce contenu sous licence est votre seule risque et pril. Microsoft naccorde aucune autre garantie
expresse. Vous pouvez bnficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualit marchande, dadquation un usage particulier et dabsence de contrefaon sont exclues.
Elle sapplique galement, mme si Microsoft connaissait ou devrait connatre lventualit dun tel dommage.
Si votre pays nautorise pas lexclusion ou la limitation de responsabilit pour les dommages indirects,
accessoires ou de quelque nature que ce soit, il se peut que la limitation ou lexclusion ci-dessus ne sappliquera
pas votre gard.
EFFET JURIDIQUE. Le prsent contrat dcrit certains droits juridiques. Vous pourriez avoir dautres droits prvus
par les lois de votre pays. Le prsent contrat ne modifie pas les droits que vous confrent les lois de votre pays
si celles-ci ne le permettent pas.
Acknowledgments
Microsoft Learning would like to acknowledge and thank the following for their contribution towards
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.
Contents
Module 1: Overview of System Center 2012 Configuration Manager
Lesson 1: Introduction to System Center 2012 Configuration Manager 1-4
Lesson 2: Overview of the Configuration Manager 2012 Server Default
Site System Roles 1-16
Lesson 3: Overview of the Configuration Manager 2012 Server Optional
Site System Roles 1-29
Lesson 4: Overview of Configuration Manager 2012 Deployment
Scenarios 1-43
Lesson 5: Overview of the Configuration Manager 2012 Client 1-57
Course Description
This three-day course describes how to plan and deploy a Microsoft System Center 2012 Configuration
Manager hierarchy, including the central administration site, one or more primary sites and secondary
sites, and all associated site systems. This course also covers migration from Microsoft System Center
Configuration Manager 2007.
Audience
This course is intended for:
Systems Engineers who need to plan a System Center 2012 Configuration Manager deployment. They
have three to five years of experience in medium to large enterprise organizations supporting
multiple desktop and server computers that run Microsoft Windows.
Configuration Manager Administrators responsible for designing and deploying one or more System
Center 2012 Configuration Manager sites and all supporting systems. They have three to five years of
experience in medium to large enterprise organizations supporting multiple desktop and server
computers that run Microsoft Windows Server.
Individuals who are interested in taking exam 70-243 TS: Microsoft System Center 2012 Configuration
Manager, Configuring can also attend this course. Both Configuration Manager courses will be
necessary to prepare for the exam.
Student Prerequisites
This course requires that you meet the following prerequisites:
Windows Server management including Windows Server 2008 and Windows Server 2008 R2
Course Objectives
After completing this course, students will be able to:
Describe the Configuration Manager 2012 infrastructure and describe typical deployment scenarios.
Plan and deploy a multiple-site hierarchy including the central administration site, primary sites, and
secondary sites.
Describe replication and data types, and monitor the replication of data throughout the hierarchy.
Use various methods to plan and deploy Configuration Manager 2012 clients.
Course Outline
This section provides an outline of the course:
Module 6: Planning and Completing System Center 2012 Configuration Manager Client Deployment
Module 8: Migrating from System Center Configuration Manager 2007 to System Center 2012
Configuration Manager
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course xvii
Course Materials
The following materials are included with your kit:
Course Handbook A succinct classroom learning guide that provides all the critical technical
information in a crisp, tightly-focused format, which is just right for an effective in-class learning
experience.
Lessons: Guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.
Labs: Provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.
Module Reviews and Takeaways: Provide improved on-the-job reference material to boost
knowledge and skills retention.
Lab Answer Keys: Provide step-by-step lab solution guidance at your finger tips when its
needed.
Resources: Include well-categorized additional resources that give you immediate access to the most
up-to-date premium content on TechNet, MSDN, Microsoft Press.
Course evaluation: At the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.
To provide additional comments or feedback on the course, send e-mail to
support@mscourseware.com. To inquire about the Microsoft Certification Program, send e-mail
to mcphelp@microsoft.com.
MCT USE ONLY. STUDENT USE PROHIBITED
xviii About This Course
Important: At the end of each lab, you must revert the virtual machine back to the state the virtual
machine was in before the lab started. To revert a virtual machine, perform the following steps:
1. In Hyper-V Manager, right click the virtual machine name, and click Revert.
The following table shows the role of each virtual machine used in this course:
Software Configuration
The following software is installed in this course:
Classroom Setup
Each classroom computer will have the same virtual machine configured in the same way. All of the
aforementioned virtual machines are deployed in each student computer.
Dual 120 gigabyte (GB) hard disks 7200 revolutions per minute (RPM) SATA or better*
DVD drive
Network adapter
Super VGA (SVGA) 17-inch monitor
Module 1
Overview of System Center 2012 Configuration Manager
Contents:
Lesson 1: Introduction to System Center 2012 Configuration Manager 1-3
Module Overrview
Microsoft System
m Center 2012 Configuration
n Manager pro ovides a set of features that enable you to
perfform complex management tasks includinng the followin
ng:
Hardware and
d software inventory
Application management
m
Operating sysstem deployment
Settings management
Software upd
date managem
ment
Remote clientt troubleshootting
Protection fro
om malware
Kno
owledge of theese features he
elps you design
n and deploy a Configuratio 012 infrastructure.
on Manager 20
Oth
her topics which help you in your design an
nd deploymen nt tasks includee:
An understan
nding of Config
guration Mana mponents and functionality.
ager 2012 com
The knowledg
ge of site syste
em roles.
An understan t Configurattion Manager 2012 client.
nding of the arrchitecture of the
Commpared with previous version ns, System Cen nter 2012 Connfiguration Manager introduces a number of
changes to the sitte architecture
e model which may affect ho ow you plan a Configuration n Manager
hierrarchy. This mo
odule providess an overview of the technollogies that willl be discussed throughout thhe
rest of the course. In this module, you will expplore these chaanges by exam
mining several typical deployyment
scennarios, which use
u a variety off site architecttures.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 1-3
Lesson 1
Introduction to
t Syste
em Center 201
12 Confiiguratio
on
Manag ger
Systtem Center 2012 Configuration Manager is a feature-ricch managemen nt solution. In this lesson, yo
ou
will discover how to design a Co onfiguration Manager
M hierarrchy that helpss you use thesse features mo ore
efficciently. You will examine the
e role of Config
guration Manaager in the Sysstem Center 20 012 family of
prod ducts and deteermine whethe er Configuratio
on Manager iss the appropriaate product to o use in your
orga anization.
You
u will also exam
mine how the changes
c introd
duced in Confiiguration Man
nager 2012 as ccompared with
h
prevvious versions affect your ovverall site hiera
archy design.
In Configuration
C Manager
M 20077, data is transfferred betwee n sites using fiile-based replication. Althou
ugh
Connfiguration Ma anager 2012 sttill uses file-based replication
n for content, database repliication is used to
repllicate operatio
onal data. In th
his lesson, you will examine w what global daata and site daata are, and hoow
dataa is replicated throughout thhe hierarchy.
Afte
er completing this lesson, yo
ou will be able to:
Overview
O of
o Configuration Manager 201
12
Th
he following ta
able outlines the features of System Centeer 2012 Config
guration Manager.
Hardware and
d Software You can usse the tools an
nd resources p
provided in thee Hardware an
nd
Inventory Software Inventory featuure to maintain a record of h
hardware and
software in
n your organizzation.
Asset Intellige
ence You can usse the Asset In ntelligence feature to obtainn more insight from
the inventory data recorrded by the Haardware and SSoftware Inventory
feature. Assset Intelligencce uses a catalog that contains software an
nd
license info
ormation to id dentify the inveentoried softw
ware.
Software Mettering You can usse the Softwarre Metering feature to monitor and collectt
software usage
u data and
d generate repports to determ
mine how appllications
are used in
n your organizzation.
Remote Mana
agement You can usse the Remotee Management feature to re emotely access any
client com
mputer in the h
hierarchy to asssist a user. Youu can use the rremote
control to troubleshoot hardware and d software conffiguration problems
on client computers
c d to provide heelp-desk support when acce
and ess to a
users com
mputer is necesssary.
MCT USE ONLY. STUDENT USE PROHIBITED
1-6 Overview of System Center 2012 Configuration Manager
(continued)
Application management You can use the tools and resources in the Application Management
feature to create, manage, deploy, and monitor applications in the
organization.
Software Updates You can use the tools and resources in the Software Updates
Management Management feature to manage, deploy, and monitor software updates
in the organization.
Operating System You can use the Operating System Deployment feature to plan and
Deployment deploy operating systems by using images.
Content Management You can use the tools and resources in the Content Management feature
to manage content files for applications, packages, software updates, and
operating system deployment.
Compliance management
Compliance Settings You can use the tools and resources of the Compliance Settings feature
to help you assess, track, and remediate the configuration compliance of
client computers in the organization.
Power Management You can use the tools and resources provided by the Power Management
feature to manage and monitor the power consumption of client
computers in the organization.
Client Health You can use the tools and resources provided by the Client Health
feature to manage and monitor the health of the Configuration Manager
client software.
Security
Role-based Administration You can use role-based administration to assign roles and permissions
for the administrators to allow them to access and use the features of
Configuration Manager.
Network Access Protection You can use the Network Access Protection feature as a health validator.
This feature works in conjunction with Network Access Protection in
Microsoft Windows Server 2008.
Endpoint Protection You can use this new functionality in Configuration Manager 2012 to
protect clients against malware. This functionality was available
previously in Forefront Endpoint Protection (FEP).
Common features
Reporting You can use the SQL Reporting Services in Configuration Manager 2012
for report generation. Administrators can create subscriptions so that
reports are generated on a schedule and distributed in various formats
by email.
Monitoring You can use the Monitoring feature to supervise site systems and client
health. It also provides automatic remediation for specific client errors.
Overview
O of
o the System Centerr 2012 Fam
mily of Pro
oducts
Product Details
System Cente
er 2012 App You can use the
t System Cen nter 2012 App p Controller to provide self-sservice
Controller access for app
plication admi nistrators, to eenable them too create and mmanage
nes and servicees on the basiss of templatess, and manage private
virtual machin
cloud resourcces and public cloud Window ws Azure subscriptions fromma
single web intterface.
(continued)
Product Details
System Center 2012 You can use System Center Endpoint Protection to provide malware
Endpoint Protection protection for your client systems. System Center Endpoint Protection is
built on Configuration Manager, creating a single infrastructure for
deploying and managing endpoint protection.
System Center 2012 You can use System Center 2012 Operations Manager to monitor services,
Operations Manager devices, and applications on multiple computers in a single console.
Operations Manager 2012 enables you to view the state of the Information
Technology (IT) environment and services running across different systems
using views that show state, health, and performance information in
addition to real-time alerts generated for availability, performance,
configuration, and security incidents.
System Center 2012 You can use the System Center 2012 Orchestrator to orchestrate, integrate,
Orchestrator and automate the IT processes in an organization. Orchestrator enables you
to define and automate processes from a central point and integrate with
existing management solutions, both from the System Center family and
third-party management platforms.
System Center 2012 You can use the System Center 2012 Service Manager for automating and
Service Manager adapting the organization processes to IT service management best
practices, such as those found in Microsoft Operations Framework (MOF)
and Information Technology Infrastructure Library (ITIL). System Center 2012
Service Manager also provides built-in processes for incident and problem
management, change management, release management, and risk and
compliance management.
System Center 2012 You can use the System Center 2012 Virtual Machine Manager to configure
Virtual Machine and manage virtualization hosts, networking, and storage resources. This
Manager management solution for the virtualized datacenter also helps you create
and deploy virtual machines and services to private clouds.
Note For System Center 2012 licensing information, please visit Microsoft Server and
Cloud Platform Pricing and Licensing at http://go.microsoft.com/fwlink/?LinkId=253177.
Question: Which of the System Center family of products, including the previous versions,
are you using in your organization?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 2012 Configuration Mannager 1-9
Yo
ou can implem
ment the Configuration Manager 2012 as:
Changes
C to Site
S Types
Configuration Manager
M 2012 introduces ch
hanges to site ttypes including
g:
Central admministration sitte. In Configurration Manageer 2007 and prrevious version ns, the top-leve
el
primary site
e was called a central site. In n Manager 2012, a new site type called the
n Configuration
ministration sitee has been introduced. The ccentral admin istration site:
central adm
Provide
es centralized management of the other p
primary sites in
n the hierarchyy.
If you decid
de to use a cenntral administrration site, you
u must install itt first, and the
en install otherr
primary site
es that will be part of the hie
erarchy under the central ad dministration site.
MCT USE ONLY. STUDENT USE PROHIBITED
1-10 Overview of System Center 2012 Configuration Manager
Primary sites. In Configuration Manager 2007, primary sites could be tiered below other primary sites,
and were often used to enable decentralized administration, define custom configurations for client
agents, or serve as a security scope. In Configuration Manager 2012, primary sites are no longer used
to provide those functions. Configuration Manager 2012 primary sites:
Are used to increase scalability by supporting a larger number of clients when you add another
primary site.
Manage the clients assigned to them and perform client data processing.
Cannot be linked to another primary site in a parent-child relationship. Only secondary sites can
be a child site of a primary site.
Are installed either as a stand-alone site or as the child to an existing central administration site
when you install it in a hierarchy. Once installed, the parent-child association can be changed
only by uninstalling and reinstalling the primary site.
Do not limit the administrative scope. Configurations performed by administrative users at any of
the sites are replicated throughout the hierarchy. You can restrict administrative access using
security roles.
Secondary sites. In Configuration Manager 2007, secondary sites were used to manage the network
bandwidth for sending client data and content to remote locations. In Configuration Manager 2012,
secondary sites are used mainly to control the upward flow of client data in the hierarchy.
Secondary sites:
Use a SQL Server database. Typically, this is located on a SQL Server Express instance and installed
locally on the secondary site server.
Question: If you have an existing Configuration Manager 2007 implementation, what is your
current architecture?
Question: If a company has a primary site that reports to another primary site, what needs to
happen when the primary site is moved to Configuration Manager 2012?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 1-11
Configurat
C ion Manag
ger 2012 Client
C
Th
he Configuratiion Manager 2012
2 Client is the
t software innstalled on thee computers or mobile devicces you
want
w to manage nstall Configurration Manageer 2012 client software on a device such as a
e. When you in
workstation,
w po
ortable computter, server, or mobile
m device,, that device iss referred to ass a client.
Yo
ou can use Configuration Manager client software
s to au
utomate client managementt tasks such as::
Collecting hardware
h and software inven
ntory informattion and sendiing the data to
o the Configurration
Manager site.
Running deeployments of applications, applying
a softw
ware updates, rrunning scripts, and installin
ng
operating systems.
s The deployments ca an take place o
on a specific d
date and time, or when userss
request the
e installation of software usin
ng the Applicaation Catalog.
Monitoring g application usages by recording the appllication start aand stop times. This data is sent to
the site and
d made availabble for reports.
Defining cliient configurattion settings that will be evaaluated on all cclients and rem
mediating the client
configuratioon if they are out of complia ance.
Wh
hat Are Glo
obal and Site
S Data Types?
T
In Configuration
C Manager
M 20122, data is repliccated between n the sites in th
he hierarchy. D
Depending on the
typee of data being
g replicated, itt can be classiffied as either g
global data or site data. A thhird data type, called
loca
al data, does not replicate to
o other sites. Lo ocal data incluudes informatio on that is not required by otther
sitess.
Glo
obal Data
Globbal data consissts of administtrator-created objects that reeplicate to all primary sites, in addition to the
centtral administra
ation site, acro hy. Administra tors can createe global data using the conssole
oss the hierarch
connected at the central administration site or o at primary siites. Examples of global dataa include the
follo
owing:
Collection rulles
Software dep
ployment defin
nitions
Package meta
adata
Program mettadata
Software upd
dates deployment definitionss
Configuration
n item metada
ata
Software upd
date metadata
Alert rules
Site Data
Site data is operational information created by Configuration Manager primary sites, and by the clients
assigned to primary sites. Site data only replicates to the central administration site and is not replicated
to other primary sites. Examples of site data include:
Wake On LAN
Quarantine client restriction history
You can only view the site data from all sites at the central administration site. This enables you to
perform administration and reporting for the entire hierarchy. A primary site only contains site data
originated from that site. You can modify site data only at the primary site where it was created.
Content
The actual content of the packages which is used to deploy software applications, updates, and operating
system images is not replicated using database replication, but with file-based replication, for example,
the Server Message Block (SMB) protocol.
In the same primary site, the content is transferred from the site server to distribution point using file-
based replication. Administrators can configure bandwidth throttling and scheduling for the file transfer.
File-based replication mechanisms are also used to transfer the content to distribution points in other sites
in the hierarchy. Administrators can control the distribution points to which content is replicated by using
distribution point groups.
Ho
ow Data Re
eplicates Throughou
T ut the Hierrarchy
Commmunications in Configuration Manager 2012 2 has signifficantly changeed compared tto earlier versiions
of Configuration
C Manager.
M In th
he earlier versions of Configu uration Manag ger, inter-site ccommunicatio
ons
are completed using file transfeers. Most inter--site communiications in Con nfiguration Maanager 2012 are
noww completed with
w database replication.
r File
e-based replic ation is still ussed for data suuch as package
e files
usedd by deploymeents and disco overy data reco ords.
File
e-Based Rep
plication
File--based replication in Configuration Manag ger 2012 uses senders and aaddresses to trransfer data
betwween sites in the hierarchy. Unlike
U earlier versions,
v Confiiguration Man nager supportss only the standard
sendder. Communiication betwee en sites uses th
he Server Messsage Block (SM by using TCP port
MB) protocol b
445. File-based reeplication is automatically coonfigured for cchild sites, but you must con
nfigure it for
addditional routes.
Addresses. Adddresses are used by senders to establish a network con nnection to the
e site server off a
destination site. Addresses for child sites are automaticcally configured when the sitte is installed.
Dattabase Repllication
Connfiguration Ma anager 2012 usses database replication to ttransfer data a nd merge chaanges it receive es so
thatt all sites share
e the same info ormation. Whe en you install a site, databas e replication iss automaticallyy
configured betwe een the new sitte and its desig
gnated parentt site. The defaault instance off SQL Server uuses
TCP
P ports 1433 an nd 4022 for da atabase replica
ation. Other SQ QL Server instaances may use e different portts.
Whe en the site insttallation finishes, database re
eplication autoomatically starrts.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 1-15
As part of the setup, Configuration Manager uses publication groups to establish and synchronize
database replication between sites. After setup, the database replication service synchronizes data in the
publication groups between SQL Servers using the SQL Server Service Broker. The database replication
service uses SQL Server change tracking to monitor the local site database for changes and then replicates
the changes to other sites.
Data transferred through database replication is classified into two categories:
Global Data. Administrator-created objects that replicate to all sites throughout the hierarchy.
However, secondary sites receive only a subset of global data.
Site Data. Operational information created by a Configuration Manager primary site. Site data
replicates to the central administration site but not to other primary sites.
All site data replicates to the central administration site. This enables the central administration site to
perform administration and reporting for the entire hierarchy.
Client Communications
In Configuration Manager 2012, site systems that communicate with clients can be independently
configured to support intranet clients through the use of Hypertext Transfer Protocol (HTTP) or Hypertext
Transfer Protocol Secure (HTTPS) or Internet-based clients through the use of HTTPS. This is different than
Configuration Manager 2007, where sites are either configured to be mixed-mode, using HTTP only, or
native-mode using HTTPS only.
MCT USE ONLY. STUDENT USE PROHIBITED
1-16 Overview of System Center 20012 Configuration Maanager
Lesson 2
Overviiew of the
t Con nfiguration Man
nager 2
2012 Server
Defaullt Site System Roles
R
Con
nfiguration Maanager 2012 ha as multiple sitee roles that yo
ou can install eeither on the saame computerr or
on multiple
m servers for scalabilitty. Default site
e roles are instaalled in every C
Configuration Manager
imp
plementation. Optional
O site roles provide additional
a funcctionality and yyou can installl them as need
ded.
By understanding
u the functiona
ality of the site
e roles, you can
n make design
n decisions reg
garding the
configuration and
d placement off each role in your
y Configuraation Manager implementattion.
Afte
er completing this lesson, yo
ou will be able to:
Describe plan
nning and desiign considerations for the deefault site systeem roles.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 1-17
Overview
O of
o the Conffiguration Manager 2012 Site
e System R
Roles
When
W you instaall a Configurattion Manager 2012 site, seveeral site system
m roles are insttalled by defau ult. The
oles installed are required for the core ope
ro eration of each
h site. Some off these roles caan be moved tto other
se
ervers but cann not be remove ed from the sitte. When you iinstall addition
nal site serverss for optional rroles,
so
ome default sitte system roless are also insta
alled.
In
n Configuration n Manager 2012, the concep pt of site modee is discontinu
ued, and each appropriate
in
ndividual site ro
ole is configurred to use either HTTP or HTTTPS.
Default
D Site System Role
es
When
W you insta
all a site server,, the default syystem roles aree automaticallly installed. The SMS Provide
er role is
th
he only role that does not ha ave an object exposed
e in thee Configuratio n Manager co onsole. Two op
ptional
ro
oles, the management point,, and distribution point roless are also auto omatically instaalled when you u install
a primary or seccondary site se erver.
MCT USE ONLY. STUDENT USE PROHIBITED
1-18 Overview of System Center 2012 Configuration Manager
Site server A site server is the computer on which you run Configuration Manager 2012
Setup. The site server provides the core functionality for the site.
Component server A component server runs the Configuration Manager services and is
automatically installed with all site systems except the distribution point.
SMS Provider A SMS Provider is the interface between the Configuration Manager
console and the site database. This role is installed automatically when you
install a central administration site or primary site. Secondary sites do not
install the SMS Provider. You can install the SMS Provider on the site server,
the site database server (unless the site database is hosted on a clustered
instance of SQL Server), or on another computer. You can also move the
SMS Provider to another computer after the site is installed, or install
multiple SMS Providers on additional computers.
Site system A site system is any computer that hosts one or more site system roles for a
Configuration Manager site.
Site database server A site database server hosts the SQL Server database to store information
about assets and site data.
Management point A management point provides policy and content location information to
clients. It also receives data from clients. You cannot install a management
point on a central administration site.
Distribution point A distribution point contains source files for clients to download, such as
application content, software packages, software updates, operating system
images, and boot images. You can control content distribution by using
bandwidth, throttling, and scheduling options. You cannot install a
distribution point on a central administration site.
Application Catalog An Application Catalog web service point provides software information to the
web service point Application Catalog website from the Software Library. This is a new role
introduced in Configuration Manager 2012.
Application Catalog An Application Catalog website point provides users with a list of available
website point software. This is a new role introduced in Configuration Manager 2012.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 1-19
(continued)
Asset Intelligence An Asset Intelligence synchronization point connects to System Center Online to
synchronization point download Asset Intelligence catalog information. It can also upload
uncategorized titles that the administrator selected previously for inclusion in
the catalog.
Endpoint Protection An Endpoint Protection point provides the ability to manage malware and
point Windows Firewall remediation for System Center 2012 Endpoint Protection.
Enrollment point An enrollment point uses PKI certificates to complete mobile device enrollment
and provision AMT-based computers. This is a new role introduced in
Configuration Manager 2012.
Enrollment proxy An enrollment proxy point manages enrollment requests from mobile devices so
point that Configuration Manager can manage them. This is a new role introduced in
Configuration Manager 2012.
Fallback status point A fallback status point helps you monitor client installation and identify the
clients that are unmanaged because they cannot communicate with their
management point.
Out of band service An out of band service point provisions and configures AMT-based computers
point for out of band management.
Reporting services A reporting services point integrates with SQL Server Reporting Services to
point create and run reports for Configuration Manager.
Software update point A software update point manages Windows Server Update Services (WSUS) to
synchronize the software update metadata from a configured source, such as
Microsoft Update and make the data available to Configuration Manager.
State migration point A state migration point stores user state data when a computer is migrated to a
new operating system.
System Health A System Health Validator point validates Configuration Manager Network
Validator point Access Protection (NAP) policies. You must install this site system role on a NAP
health policy server.
MCT USE ONLY. STUDENT USE PROHIBITED
1-20 Overview of System Center 2012 Configuration Manager
The following table summarizes the Configuration Manager 2012 site system role integration.
Branch distribution point Branch distribution points have been retired. Configuration Manager 2012
supports only a single type of distribution point role, which can be installed
on servers or workstations running supported operating systems. Bandwidth
throttling settings are available on the distribution point properties.
PXE service point The PXE service point functionality has been integrated into the distribution
point role.
Reporting point The reporting point role has been retired. Configuration Manager leverages
SQL Server Reporting Services for running reports.
Server locator point The functionality of the server locator point has been integrated with the
management point role.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 1-21
Site Server
When
W you instaall a Configurattion Manager site several ro
oles are installeed by default. T
These roles provide
th onality for the site.
he core functio
Th
he Configuratiion Manager roles
r installed on
o a server du
uring the Confiiguration Man
nager Setup are
e:
Site Server. The site serverr role providess core function
nality for a Connfiguration Maanager site. WWhen
you install Configuration
C Manager on the
t first server in a site, the ssite server role is automaticaally
installed. Th
here are no coonfigurable pro operties for thee site server ro
ole.
Componentt server. The coomponent servver role is instaalled on any sitte system thatt runs the SMSS
Executive se
ervice. All Con
nfiguration manager compon nents, except tthe distributio
on point role, u
use the
SME Executtive service. Th
here are no configurable pro operties for thee component sserver role.
Site System Installation Account. This setting allows you to configure the account used by site
server to install this site system role. By default, the site server computer account is used.
Active Directory membership. This setting allows you to configure the Active Directory forest and
domain FQDNS that the site system is a member of.
Design Considerations
The site server role is automatically installed when you install a central administration site or primary site.
It is installed on the server from which you run Configuration Manager Setup. When you install a
secondary site by using the Configuration Manager console, the site server role is installed on the server
that you specify as the secondary site server. The site server role cannot be moved to another server
without reinstalling the site.
Because the site server is a critical component in a Configuration Manager implementation, you must
ensure that you can recover your site server configuration in the event of a server loss or malfunction. You
achieve this by configuring the site backup task to back up the site server. More details on how to
configure site maintenance tasks, including the backup task, are found in Module 7, Maintaining and
Monitoring System Center 2012 Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 1-23
Site Databa
ase
Th
here are two ro
oles associated
d with the dataabase used byy Configuration n Manager, the site database role
an
nd the SMS Provider role. Thhe site databasse role hosts th
he Configuratiion Manager 2
2012 database e and
th
he SMS Provider role providees the interface between Co nfiguration Manager and th he site databasse.
Thhe SMS Provid der is a Windowws Manageme ent Instrumenttation (WMI) p provider that pprovides and coontrols
acccess to the Co
onfiguration Manager
M site database. The SSMS Admins lo ocal group is p
provided full co
ontrol
acccess by defauult and Configu
uration Manag up on the site server
ger automaticaally creates thi s security grou
an
nd on each SM MS Provider co omputer. You mustm have at leeast one SMS Provider in each central
ad
dministration site
s and prima ary site. Second dary sites do n
not install the SSMS Provider.
Planning
P Con
nsiderations for the Sitte Database
e
So
ome planning considerations for the site database
d role i nclude:
If you use a remote database server computer, ensure the network connection between the site server and
site database is a high-availability, high-bandwidth network connection. This is because the site server and
some site system roles must constantly communicate with the SQL Server that is hosting the site database.
Consider the following when you plan to install the site database on a remote server:
The amount of bandwidth required for communications to the database server depends upon a
combination of many different site and client configurations; therefore, the actual bandwidth
required cannot be adequately predicted.
Each computer that runs the SMS Provider and that connects to the site database increases network
bandwidth requirements.
The computer that runs SQL Server must be located in a domain that has a two-way trust with the site
server and all computers running the SMS Provider.
You cannot use a clustered SQL Server for the site database server when the site database is co-
located with the site server.
The Configuration Manager 2012 console and any site systems that interact with the site database are
accessing the database through the SMS Provider.
The SMS Provider is specified during site installation. By default the SMS provider is located on the
Configuration Manager site server.
You can relocate both the site database and the SMS provider by using the Configuration
Manager 2012 site maintenance action from the Configuration Manager 2012 Setup program.
To be able to host the SMS Provider role a computer system must be a member of a domain that has
two-way trust with the site server and site database systems.
To be able to host the SMS Provider role a computer must be running an operating system that is
supported as a site server.
A server hosting the SMS Provider role cannot host any Configuration Manager roles from any other
sites.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 1-25
When all servers that hold a SMS Provider for a site are offline, Configuration Manager consoles cannot
connect to that sites database. You can install multiple SMS Providers in a central administration site or
primary site to provide high availability for the administrative users connecting with the Configuration
Manager consoles.
When you install a site, the installation automatically installs the first SMS Provider for the site. You can
specify any of the following supported locations for the SMS Provider:
Ma
anagemen
nt Point
Dessign Consid
derations
Whe
en planning fo
or managemen
nt point(s), con
nsider the follo
owing:
To ensure hig
gh availability of
o the manage
ement point, yyou can install multiple manaagement poin
nts in
the same prim
mary site.
anagement point to use eith er HTTP or HTTTPS for client communicatio
You can configure each ma ons.
To use HTTPS
S, you need to request and in
nstall PKI-baseed certificates.
Distributio
D n Point
Th
he distribution
n point role is used
u to provid
de the contentt used by featu
ures like appliccation deploym
ment,
so
oftware updatees deploymentt or operating system deplo yment to the C Configuration Manager 201 12
clients.
Th
he distributionn point is imple
emented as a web
w service an nd hosted in In nternet Inform
mation Servicess. The
clients access th
he distribution point to down
nload packagee files, operatin
ng system imaages, or updatees.
Configuratio
C on Managerr 2012 Featu
ures
Configuration Manager
M 2012 introduces ne
ew features wh
hen implementting the distrib
bution point,
in
ncluding the fo
ollowing:
Distribution
n points can be e configured individually to use HTTP or H HTTPS depend ding on the
anaging clientss over the Inteernet, you will need at least o
capabilities of the clients.. If you are ma one
distribution
n point configu ured to use HT TTPS.
Distribution
n points now include the fun nctionality of tthe Pre-Boot EExecution Envirronment (PXE)) service
nable this funcctionality, you need to installl Windows Deeployment Servvices (WDS) on
point. To en n the
same comp puter that hostts the distributtion point.
To control the
t content diistribution, you
u can create d istribution poiint groups whiich enable you
u to
manage content on multtiple distributio
on points as a single entity.
Distribution
n points now include the opttion to perform
m content valiidation to veriffy the status o
of the
content repplicated from the
t site server or from otherr distribution p
points. This opttion is not enaabled by
default.
Distribution
n points can be
e associated with
w one or mo ore boundary g
groups, so you e which
u can configure
clients can access content from the disttribution pointt.
MCT USE ONLY. STUDENT USE PROHIBITED
1-28 Overview of System Center 2012 Configuration Manager
Distribution points have settings for bandwidth throttling and scheduling the transfer of content so
you can control network traffic.
Distribution points now use a single instance store and implement the concept of content library.
Design Considerations
When planning for the distribution point(s), consider the following:
Place a distribution point closer to the clients it will serve, for example on the same high-speed
network subnet.
Use protected site systems for servers hosting the distribution point role so that the servers accept
connections only from clients in the same boundary group.
Deploy multiple distribution points if you frequently use features like software distribution, software
update management and operating system deployment.
Distribution points can be installed on desktop operating systems and also can be installed on 32-bit
systems.
Lesson
n3
Overv
view of the Configuration Maanager 2012 Se
erver
Optio
onal Site
e System
m Roless
Configuration Manager
M 2012 optional site roles
r provide aadditional funcctionality to th
he site and you
u can
in
nstall them as needed.
n
During the plannning and design phase of yo our Configura tion Manager 2012 impleme entation, you need to
id
dentify the role
es needed, fun
nctionality, and
d capacity requ
uirements. Thiss lesson descriibes the basic
fu
unctionality of the optional site
s system role es in addition to planning an
nd design con nsiderations.
Applica
ation Catalog
Asset In
ntelligence syn
nchronization point
Endpoiint Protection point
Enrollm
ment point
Enrollm
ment proxy point
Fallbacck status point
Out of band service point
p
Reporting services po
oint
Software update point
State migration
m point
System
m Health Valida
ator point
Determine the number and placement of each site ro
ole.
MCT USE ONLY. STUDENT USE PROHIBITED
1-30 Overview of System Center 20012 Configuration Maanager
Ap
pplication Catalog
C
Dessign Consid
derations
Whe
en planning fo
or the Applicattion catalog, co
onsider the fo
ollowing:
Asset
A Intelligence Synchronizattion Pointt
Thhe Asset Intelliigence synchroonization poinnt site role lets you schedule automatic syn
nchronization with
Syystem Center online,
o equests can bee performed o n demand. In addition to
or syncchronization re
doownloading ne ew asset intelligence catalogg information, the Asset inteelligence Synch
hronization po
oint can
uppload custom software title information to o System Cent er Online for ccategorization.
Asset intelligencce software reports provide information a bout softwaree families, categ gories, and specific
so
oftware titles that are installe
ed on compute ers in the orgaanization. The software repo orts present
in
nformation abo out browser he elper objects, software
s that sstarts automattically, and mo
ore. These repoorts can
be e used to iden
ntify adware, sppyware, and otther malware, and identify ssoftware redun ndancy to helpp
sttreamline softw
ware purchasin ng and supporrt.
Design
D Considerations
When
W planning for the Asset intelligence Syynchronization
n point, consid
der the following:
The asset in
ntelligence synnchronization point
p can onlyy be installed aat the top-leve
el site in the hierarchy
in the centrral administrattion site, or sta
and-alone prim
mary site.
The asset in
ntelligence syn
nchronization point
p must be able to make an Internet co
onnection over HTTPS
to System Center
C online.
End
dpoint Pro
otection Point
Dessign Consid
derations
Whe
en planning fo
or the endpoin
nt protection point,
p considerr the following
g:
Non-partticipating --
- noo information sent
s to Microssoft. Users will only be alerte
ed about
unclassifiied software.
Full mem
mbership --- Enddpoint protectiion will alert u
users about un classified softw
ware. In additio
on to
the basicc information, more detailed information iss sent to the M
Microsoft Activve Protection
Service about software that is detected by the end point protection client.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 1-33
Yo
ou can use Configuration Manager to man nage mobile d
devices. There are two distincct methods yo
ou can
usse for managin nagement and depth manag
ng mobile devvices: light man gement:
Design Considerations
When planning for mobile device management, consider the following:
The enrollment point roles are site-wide roles; the enrollment proxy point is typically accessed from
the Internet and should be placed in a perimeter network, or published through a firewall.
Light management provides basic management functionality and uses the Exchange connector.
Fallback Sta
atus Pointt
Design
D Consideration
When
W planning for a fallback status point, consider
c the fo
ollowing:
You need to install a fallb
back status poiint if you wantt client compu
uters to report any failures,
particularlyy when they caannot commun nicate with a m
management p point.
Ou
ut of Band Service Po
oint
Outt of band mana agement lets ana administrattive user conneect to a compu uter's AMT maanagement
controller when thhe computer is turned off, in n hibernation, or otherwise u
unresponsive tthrough the
opeerating system.. In these situa
ations, adminisstrative users ccan manage th
hese computerrs without requ
uiring
loca
al access to the
e computer.
Dessign Consid
derations
Whe
en planning fo
or the out of band
b service po
oint, consider tthe following:
Reporting
R Services
S Po
oint
Re
eports can be run from the Configuration
C Manager conssole, or directlly from the repporting service
es point
website
w and savved in a varietyy of formats. In
n addition to m
manually runn ing reports, thhe reporting seervices
po
oint supports report subscrip ptions. A report subscriptionn in Reporting Services is a re
ecurring requeest to
eliver a report at a specific time or in respo
de onse to an eveent, and in an application file format that you
sp
pecify in the su
ubscription.
Th
he reporting point
p functiona
ality in Configu
uration Managger 2007 that w
was based on Active Server Pages
(A
ASP) reports is no longer avaailable in Confiiguration Man
nager 2012.
Design
D Considerations
When
W planning for the reportting services point(s), consid er the followin
ng:
The reporting services pooint must be in
nstalled on a co
omputer runn
ning SQL Serve
er Reporting Se
ervices
that is the same
s version as
a the site data
abase.
The SQL Se
erver Reporting
g Services are configured au tomatically byy Configuration Manager.
ng services point is installed in a primary ssite, the reportts show the data collected from that
If a reportin
site. Howevver, reports run
n in the centra al administratio
on site show d data collected ffrom the entire
hierarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
1-38 Overview of System Center 20012 Configuration Maanager
Softtware updates in System Cen nter 2012 Conffiguration Man nager provide a set of tools and resourcess that
can help you man nage the comp plex task of tracking and app plying softwaree updates to cclient compute ers in
your organization n. Software upddates synchron nize Configuraation Managerr with the softw ware updates
mettadata from Microsoft Updatte. The software updates meetadata is first synchronized with the WSU US
dataabase, and the en the data is synchronized
s with
w the Config guration Manaager site datab base. After the
e top-
leve
el site is synchrronized, the so
oftware update es metadata is replicated to all child sites aand stored in tthe
childd sites databa
ase.
The central admin a all primaryy child sites m ust have an acctive software update point for
nistration site and
you to deploy sofftware updatess to all clients. When plannin ng the softwarre update poin nt infrastructurre, you
need to determine which serverr should be the e active softwaare update po oint for the site
e. You also neeed to
decide if the softw
ware update point will be co ollocated with tthe site serverr or installed on a remote server.
Add
ditionally, you need to determine which sittes require an Internet-based d software upd date point. Fin
nally,
you need to decid de if you need an active software update p point at any seecondary sites..
Dessign Consid
derations
Whe
en planning th
he software up
pdate point inffrastructure, co
onsider the folllowing:
By default, th
he software update points insstalled in child
d sites synchro
onize with theirr parent site.
State Migra
ation Point
Th
he state migra
ation point req ernet Informatiion Services (IIIS) is installed.
quires that Inte
Design
D Considerations
When
W planning for the state migration
m poin
nt, consider th e following:
Whe en non-compliant clients aree configured for NAP enforccement and reemediation on the Network P Policy
Servver, the System
m Health Valida
ator point mig
ght send instru
uctions to the cclient, depend
ding on the ressults
of the failed healtth check.
Dessign Consid
derations
Whe
en planning fo
or the system health
h validato
or point, consid
der the follow
wing:
You can configure how ofte en the systems health validaator queries th
he network acccess protection
n
point for health state refere
ences.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 1-41
Planning
P fo
or Role Pla
acement
Fo
or example:
When insta
alling software update pointss in a multiple primary site h
hierarchy, instaall the software
e
update point in the centrral administrattion site first.
The following table shows the site system roles that you can install in the different site types.
Central Child
administration primary Secondary Site-specific or hierarchy-wide
Site system role site site site Functionality
Software update point Yes Yes Yes Site, one per site, multiple in
hierarchy
Lesson
n4
Overv
view of Configuration
n Manag
ger 2012 Deplo
oymentt
Scena
arios
One
O of the first questions you
u may ask yourrself when you
u design a Con nfiguration Maanager 2012
im
mplementation ou should use a single primaary site or use multiple sites in a hierarchy..
n is whether yo
Too help you learn how to answ wer this question, in this lessson you will exxamine differe
ent implementtation
sccenarios and compare the ad dvantages and d disadvantagees of each. You u also need to have a set of design
crriteria with which you can ch
hoose the mosst appropriate implementatio on model for yyour organizattion.
Inttroduction
n to Deploy
yment Sce
enarios
Determine the characteristics of your organization, for example, consider the following:
How is your AD DS forest structured? All sites in the hierarchy must be in the same forest or have
forest trusts in place.
How are the network connections that connect your organization together? The physical
characteristics of your organization need to be considered when planning your site boundaries.
Where is your IT staff located? Is there anyone in a particular location who could manage that
location?
How many clients work remotely?
MCT USE ONLY. STUDENT USE PROHIBITED
1-46 Overview of System Center 20012 Configuration Maanager
De
etermining
g When to Use a Prim
mary Site
Youu need to install at least one Configurationn Manager primmary site to bee able to manaage any clientss.
Prim
mary sites provvide core functtionality to you
ur Configuratio
on Manager im mplementation.
To reduce the ure of a single primary site. TThis prevents aall clients from
e effect of failu m being affecte
ed
while the site is recovered.
To provide a local point of connectivity fo
or administrattion. The Confiiguration Manager 2012 con
nsole
can connect only
o to a primary site or central administraation site.
A primary site
e can be either a stand-alone primary site or a member of a hierarchyy.
A primary site ministration sitte as a parent site. Primary ssites cannot haave
e only supportts a central adm
another primary site as a pa
arent, as it use
ed to be in Con
nfiguration Maanager 2007 aand previous
versions.
A primary site
e only supportts secondary siites as child sittes.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 1-47
A primary site cannot change its parent site relationship after installation. If you decide to move from
a single primary site scenario to a hierarchy, you must first decommission the primary site and then
reinstall it as a new site.
The client-originated data processing is performed only at the primary site to which the clients are
assigned. If the primary site is the child of a central administration site, the data will then be
replicated to the central administration site.
When a primary site is installed in a hierarchy, database replication is automatically configured with
its designated central administration site.
All site system roles can be installed in a stand-alone primary site, but not on all primary sites that are
part of a hierarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
1-48 Overview of System Center 20012 Configuration Maanager
De
etermining
g When to Use a Cen
ntral Admiinistration Site
A ce
entral administtration site is required
r if you
u need to instaall multiple primary sites and d perform
consolidated man nagement and reporting of data d from all s ites. You can u
use a central administration site
to configure
c hiera
archy-wide settings and to monitor
m all sitees and objects in the hierarch
hy. This site typ
pe
doees not manage clients directly but it can be e used to perfo orm hierarchy-wide manage ement, which
includes the confiiguration of sittes and clients settings throu ughout the hieerarchy.
Pla
anning a Cen
ntral Admin
nistration Siite
Use the following information to help you pla
an for a centraal administratio
on site:
The central addministration site is the top--level site in a hierarchy. Wh or a hierarchy that
hen you plan fo
has more than one primaryy site, you musst install a centtral administraation site and it must be the first
site that you install for the hierarchy.
When using a central administration site with SQL Servver Enterprise eedition, the hie
erarchy can co
ontain
up to 400,000
0 clients.
When you use SQL Server Standard
S editio
on for the site database at th ministration site, the
he central adm
shared database and hierarrchy supports up u to 50,000 cclients. This is d
due to the parrtitioning of th
he
database. After you install Configuration
C Manager, if yo ou upgrade th he edition of SQ
QL Server at th he
central adminnistration site from
f Standardd to Enterprise,, the databasee does not repaartition and thhis
limitation rem
mains.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 1-49
Is the only place where you can see site data from all sites. This data includes information such as
inventory data and status messages.
Enables you to connect with the Configuration Manager 2012 console to manage all clients in
the hierarchy and perform site management tasks for any primary site.
Enables you to configure discovery method options for each site in the hierarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
1-50 Overview of System Center 20012 Configuration Maanager
De
etermining
g When to Use a Secondary Sitte
Con
nsider using a secondary
s site
e:
To manage th
he transfer of deployment
d co
ontent across low-bandwidtth networks.
To manage th
he transfer of upward-flowin
u ng client data aacross low-ba ndwidth networks.
The following are some of the characteristics
c of secondary ssites:
Secondary sittes:
Use database replicatio obal data from the parent primary site.
on to receive a subset of glo
Use file-b
based replication to transfer client informaation to its parrent primary siite.
Installation au
utomatically deploys a mana
agement pointt and distributtion point thatt are located o
on the
secondary site server.
A primary site
e can support up to 250 seco
ondary sites ass child sites.
A secondary site
s can suppo 0 clients in the site.
ort up to 5,000
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 1-51
Im
mplementting Config
guration Manager
M 2012 for a SSmall-to-M
Medium
Organizatio
O on
Th
he single primary site implem
mentation scenario is most aappropriate fo
or organization
ns that:
Have less th
han 100,000 cllients.
Note A single
s Configu
uration Manager 2012 primaary site can acccommodate up p to 50,000
clients, or up to 100,0000 clients if the SQL
S Server and
d Configuratio
on Manager se
erver are not
collocated d. To reach thiss capacity, add
ditional managgement points or secondary sites must be
installed.
Primary
P Site Roles
A primary site usually
u has the following site
e system roles d deployed. Theese can be insttalled on a sing
gle
se
erver or distrib
buted across multiple
m serverss for scalabilityy. Mandatory rroles include:
Site server. The site server is the first server installed aand, in this sceenario, is the o
only server insttalled
using the Configuration
C Manager
M Setupp Wizard.
Site databa
ase. A site database is installe
ed on the samee server as thee site server orr is installed on
na
separate se
erver to increasse the site scalability.
Manageme ent point. The management point serves a s a point of co ommunication between the
Configuratiion Manager 2012
2 nd the site servver. Primary sittes must have at least one
clients an
manageme ent point deplo
oyed to manag ge clients.
Distribution
n point. Distrib
bution points distribute
d conttent needed fo
or deploymentts.
MCT USE ONLY. STUDENT USE PROHIBITED
1-52 Overview of System Center 2012 Configuration Manager
Other roles may be deployed depending on the features needed. Typical roles may include:
Reporting Services point. This role, based on SQL Server 2008 Reporting Services, provides you with
the ability to generate reports and export them in various formats.
Software update point. This role provides you with the ability to synchronize the software update
metadata from Microsoft Update and make it available to the Configuration Manager.
Fallback status point. This role allows clients to send state messages to the site server; for example, if
they cannot connect to a management point.
Other roles commonly installed in a single primary site may include the following:
Application Catalog
Im
mplementting Config
guration Manager
M 2012 for a Medium-tto-Large
Organizatio
O on
In
n larger organizations with multiple
m remote locations an d a large num
mber of users sp
pread through
hout the
orrganization yo
ou may need to o scale put the
e Configuratio n Manager deeployment withhout necessariily
ad
dding additionnal primary site
es.
As the clien
nt count growss, you must facctor in that eacch managemeent point can ssupport
approximattely 25,000 clie
ents. You can use
u multiple m management ppoints in a sing
gle site for scalability.
If you needd to manage th he bandwidth between the p primary site location and rem
mote location you can
install secondary sites or remote distrib
bution points.
Secondary Siite
A secondary site
e includes by default
d a mana
agement pointt and distributtion point, and
d can be used to:
Offload the
e client commuunication from
m the primary ssite when clien mote location and
nts are in a rem
network coonnections are slow.
Provide tierred content ro
outing for deep
p network top ologies.
MCT USE ONLY. STUDENT USE PROHIBITED
1-54 Overview of System Center 2012 Configuration Manager
Distribution Point
You can choose to install only a distribution point instead of a secondary site when:
You do not have a server available in the remote location. A computer running 64-bit version of
Windows Server is required to run the secondary site, while a distribution point can be also installed
on 32-bit servers and workstations that can support the IIS role.
You do not need to control the upward client data from the remote location to the primary site.
Question: What is the minimum number of remote clients for which you would install a
secondary site?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 1-55
Im
mplementting Config
guration Manager
M 2012 for a G
Global Org
ganization
n
Multiple
M Site
es in a Hiera
archy
Multiple
M sites in plex model to iimplement and requires add
n a hierarchy iss a more comp ditional serverss to
ho efore deciding to use multip le sites in a hieerarchy, you need to analyze
ost the site sysstems roles. Be e your
en
nvironment an nd determine if a single prim
mary site can m
meet your requ uirements.
Note Yo ou cannot switcch easily between the singlee primary site aand multiple sites in a
hierarchy model. If you implement a single
s primary site and then later decide too use a
multiple siite model, you
u must reinstall the primary ssite and then m
migrate all the
e clients. The
same is tru
ue if you start with a comple
ex hierarchy annd later decidee to use a single primary
site.
Question: What
W type of organizations
o would use thee multiple sitess in a hierarchyy model?
MCT USE ONLY. STUDENT USE PROHIBITED
1-56 Overview of System Center 20012 Configuration Maanager
Disscussion: Determinin
D ng When to
t Use a Siingle Prim
mary Site orr a Comple
ex
Hieerarchy
Disscussion Questions
1. How will the existing netwo
ork infrastructu
ure influence yyour Configuraation Managerr 2012 design??
Lesson
n5
Overv
view of the Configuration Maanager 2012 C
Client
To
o perform the management tasks on the client
c computeers, the Config guration Manager 2012 clien nt
ap
pplication is in
nstalled on clie
ent computers.. The term clien
nt is often useed to refer to e
either of the fo
ollowing:
The compu
uter managed by Configuration Manager
Understanding Configuration
n Manager 201
12 client archittecture and preerequisites helps you design
n your
Configuration Manager
M 2012 implementation.
Describe th
he Configuratio
on Manager 20
012 client funcctionality.
Describe th
he Configuratio
on Manager 20
012 client arch
hitecture.
MCT USE ONLY. STUDENT USE PROHIBITED
1-58 Overview of System Center 20012 Configuration Maanager
The Configuration
n Manager clie
ent:
Connects to the
t managemeent point acco
ording to a sch
heduled intervaal (the default is 60 minutes)), and
on demand, and
a then down
nloads and proocesses any poolicies applicab
ble to the clien
nt.
Performs harddware and sofftware inventory according tto a scheduledd interval and oon demand, an
nd
then sends th ata through the managemen
he collected da nt point to thee site server.
Downloads th
he content of the
t packages from
f the distriibution point, and then instaalls software an
nd
updates.
es assigned by the administraator to that co
Executes the task sequence omputer by using the Operating
System Deplooyment featuree.
Configurat
C ion Manag
ger 2012 Client
C Arch
hitecture
Th
he Configuratiion Manager client
c uses som
me built-in win dows componnents in additio
on to some ad
dditional
ru
un-time compo onents. In add dition to the sp
pecific Configu
uration Manager componentts, the Configu
uration
Manager
M client will also use th
he componentts in the followwing table.
Windows
W com
mponent or
run-time mod
dule Use
Windows Upd
date Agent Supportts Update deteection and dep
ployment.
Microsoft Rem
mote Differenttial Used to optimize dataa transmission over the netw
work.
Compression (RDC)
MCT USE ONLY. STUDENT USE PROHIBITED
1-60 Overview of System Center 2012 Configuration Manager
(continued)
Windows component or
run-time module Use
Microsoft Visual C++ 2005 Supports Microsoft SQL Server Compact operations.
Redistributable
Windows Imaging APIs Allows Configuration Manager to manage Windows image (.wim)
files.
Microsoft Background Allows throttled data transfers between the client computer and the
Intelligent Transfer Service Configuration Manager site systems.
(BITS) version 2.5
The client components and their status can be viewed on the Components tab in the Configuration
Manager client. The components that are installed when the client is installed are in the following table.
Component Overview
Base Configuration Manager Several different components that are used for core functionality
Components and only show a status of installed or not installed:
CCM Framework, CCM Policy Agent, CCM Status and Eventing
Agent, Core Components, Maintenance Task Coordinator,
Operating System Deployment Components, Shared Components
and Task Sequence Components.
Hardware Inventory Agent Uses WMI to collect inventory information as configured in the
client settings.
Power Management Agent Applies power management settings configured for collections in
Configuration Manager.
Remote Tools Agent Manages the remote control and remote assistance settings for the
client computers.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 1-61
(continued)
Component Overview
Software Distribution Agent Manages the deployment of packages and applications to client
devices.
Software Inventory Agent Performs the software inventory as configured in the client settings.
Software Updates Agent Interacts with the software update point to install appropriate
software updates to the client computer.
Source List Update Agent Responsible for contacting a management point and retrieving the
location for downloading deployed content.
MCT USE ONLY. STUDENT USE PROHIBITED
1-62 Overview of System Center 20012 Configuration Maanager
Module Revie
ew and
d Takeaw
ways
Rev
view Questiions
1. What are the major feature
es of Configura
ation Managerr 2012?
2. What are the three types off sites in Configuration Man ager 2012?
Module 2
Planning and Deploying a Stand-Alone Primary Site
Contents:
Lesson 1: Planning a System Center 2012 Configuration Manager
Stand-Alone Primary Site Deployment 2-3
Module Overrview
Network topo
ology
Number of managed
m clientts
Desired featu
ures
Capacity requ
uirements
In th
his module, yo
ou will review the
t planning process,
p planning activities for deployying a
inputss, and typical p
stan
nd-alone prima ary site. You will
w also review prerequisites for installing a site server annd related
commponents, perfform and valid date the installa nd-alone primaary site, and perform the inittial
ation of a stan
site configuration. Finally, you will
w review the requirements for managing g Internet-base
ed clients.
Lesson
n1
Plann
ning a System Center
C 2012
2 Co
onfigurration M
Manager
Stand
d-Alonee Primarry Site Deploym
D ment
Th
he design of a System Cente er 2012 Config guration Mana ger stand-alon ne primary site
e deployment can
va
ary from a stannd-alone serveer with all requ
uired site roless to more complex deployme ents with site rroles
diistributed on multiple
m serverrs.
Additionally, yo
ou will review Configuration
C Manager Setuup options, exaamine site cod
de and naming
g
co
onventions, annd examine the e requirements for configuri ng client com munication modes.
Ov
verview of Planning Tasks for a Configurration Man
nager 2012 Primary Site
De
eploymentt
Identifying bu
usiness requireements. You ca an choose the features to usse in your enviironment and
identify administrative, user, and securityy requirementss.
Designing site
e architecture.. First, determine whether a stand-alone p
primary site sattisfies your
requirementss. If not, you must
m deploy a more
m complex hierarchy and
d then determiine the site rolles
and their con k factor to consider when determining tthe number off sites to config
nfiguration. A key gure
is the number of clients youu need to man nage.
Question: What is the most important crriteria for dete rmining the n umber of sitess to
implement?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 2012 Configuration Mannager 2-5
Planning
P a Configura
ation Mana
ager 2012 Stand-Alo
one Primaary Site
Deploymen
D nt
Site System
m. This includess any server that hosts one o
or more Config
guration Manaager roles.
Manageme
ent point. This is the main po unication for cllients.
oint of commu
Distribution
n point. This sttores software for deploymeent to clients.
Additional roless are installed as needed; however, before deploying clieents, you shou uld install the FFallback
sttatus point to help
h monitor client
c deploymment issues. Yoou should also install the Rep
porting service es point
so
o that you can review reportts about the sitte and client in
nstallation pro
ogress.
Th
he number of clients that yo ou can manage d-alone prima ry site depend
e using a stand ds on the follow
wing
sitte configuratio
on and role pla
acement:
erver and site database roless are co-locateed on the sam e server, you ccan manage up to
If the site se
50,000 Con nfiguration Manager clients.
erver and site database roless are installed on different seervers, you can
If the site se n manage up tto
100,000 Co onfiguration Manager
M clientss.
MCT USE ONLY. STUDENT USE PROHIBITED
2-6 Planning and Deploying a Stand-Alone Environment
Install distribution points in locations that have a larger number of clients to reduce wide area
network (WAN) traffic and increase the efficiency for features like software distribution, software
update management, or operating system deployment.
Use role-based administration and security scopes to implement your desired security model rather
than deploying multiple primary sites to define administrative roles and permissions.
Place site system roles on separate servers for additional scalability in the number of managed clients.
Site Namin
ng Conventtions
Yo
ou use site coddes and site na
ames to identify sites in a Syystem Center 2
2012 Configuraation Manager
hiierarchy. Both the site code and site name
e are configureed at the time of installation and cannot b
be
ch
hanged after innstallation.
Must be a three-letter
t alp
phanumeric co
ode comprising
g letters A thro bers 0 through 9, or
ough Z, numb
combinatio
ons of the two..
Must be un
nique in a Conffiguration Man
nager hierarch
hy.
A site name:
If you perform a migration froom Configurattion Manager 2007 to Confi guration Manaager 2012, you u
ca use they must be unique in b
annot reuse sitte codes becau both the sourcce and destinaation hierarchie
es. For
more
m details, please review th
he migration to
opics in Modu le 8: Migrating
g from System
m Center
Configuration Manager
M 2007 to System Cennter 2012 Con
nfiguration Maanager.
MCT USE ONLY. STUDENT USE PROHIBITED
2-8 Planning annd Deploying a Standd-Alone Environmentt
Client Comm
munication
n Modes
One e of the most important changes in Config guration Manaager 2012 is th hat communicaation for
site system roles are
a configured d independently of the site. SSite system rolles that use IISS, such as
man nagement poin nt or distributiion point, can be configuredd to use either HTTP or HTTP PS individuallyy. Site
system roles that are configured d for HTTP can n be used onlyy with client coomputers that are located on n the
intra
anet. To suppoort clients on the
t Internet, th he site system roles exposed to the Interne et are requiredd to
use HTTPS. To use e HTTPS, a servver requires ann X.509 server certificate issu
ued by a PKI th hat is trusted b
by
both the servers and
a the clients.
Whe en the Configu uration Manag ger client is insstalled on a cli ent computer,, a self-signed certificate is
crea o communicate using HTTPss, they must haave an X.509 client certificate
ated. For clientt computers to e
issued by a PKI truusted by both the client and d servers. This ccertificate is ussed to authentticate the
Connfiguration Ma anager client with
w the site system role. By d default, Config guration Manaager clients
commmunicate usin ng the most seecure protocoll available. If th hey are config gured with a X..509 certificate
e
and can find a sitee system role using
u HTTPS, they
t connect wwith that site syystem using HHTTPS; if not, th
hey
connect with HTT TP.
Question: Do
o you need to implement a PKI
P to use HTTTPS for client ccommunications?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 2012 Configuration Mannager 2-9
Discussion:
D Planning a Configu
uration Maanager 201
12 Stand-A
Alone Prim
mary
Site Deploy
yment
Yo
ou can use the
e following questions as a gu
uideline to dettermine the co
onfiguration off your System Center
012 Configuration Manager deployment.
20
Question: How can you use one primary siite to manage clients in multiple network
u a stand-alo
locations?
Question: How can you implement
i diffferent adminisstrative requireements for mu
ultiple
administrattive teams in a stand-alone primary
p site?
Question: What
W site syste
em roles would
d you deploy in a stand-alo ne primary site
e?
Question: What
W methodss can you use to deploy a st and-alone prim
mary site?
MCT USE ONLY. STUDENT USE PROHIBITED
2-10 Planning and Deploying a Stannd-Alone Environmeent
Lesson 2
Preparring to Deploy a Configuratio
on Man
nager 20
012
Primarry Site
As part
p of your prreparation, you u can also exte
end the Activee Directory schema to enable e the site serve
er to
pubblish informatio D Clients can use this inform
on in the AD DS. mation to deteermine their assigned site annd
loca
ate the management point.
Describe exte
ending the Acttive Directory schema.
s
Describe site server and site quirements forr a Configurati on Manager p
e database req primary site
deployment.
Extending the
t Active
e Directory
y Schema
<installatio
on source>\sm
mssetup\bin\x
x64\extadsch.
.exe
MCT USE ONLY. STUDENT USE PROHIBITED
2-12 Planning and Deploying a Stand-Alone Environment
Optionally, you can extend the schema by using the LDIFDE utility to import the installation source
\smssetup\bin\x64\ConfigMgr_ad_schema.ldf file. You need to edit the .ldf file to include the forest
name before you can use it.
For example, the following command line imports the schema extensions into AD DS, turns on verbose
logging, and creates a log file during the import process:
You can manually create the System Management container using the ADSIEdit.msc utility. When
manually creating the System Management container, you have to assign the Configuration Manager site
server full control permissions for the System Management container and all descendant objects.
Optionally, you can grant the Configuration Manager site server full control permissions to the System
container in AD DS, and the System Management container is created automatically when the
Configuration Manager site server first publishes information to AD DS.
If you have additional AD DS forests that contain clients, and allow your site to publish site data to
additional forests, you also need to extend the Active Directory schema and grant the site server rights to
publish to the remote forests.
Workarounds
If you decide not to extend the Active Directory schema, you have to use workarounds for the client
installation and maintenance settings that the client receives from AD DS.
Client computer installation and site assignment. The following workarounds can be used:
Use Client Push installation and configure installation properties for the site in the Client Push
Installation Properties window.
Manually install clients and provide client installation properties by using CCMSetup installation
command-line options.
Port configuration for client-to-server communication. The following workarounds can be used:
Reinstall clients and configure them to use the new port information.
Deploy a script to clients to update the port information through an external method such as
Group Policy.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 2-13
Demonstra
D ation: Exten
nding the Active Dirrectory Schema
In
n this demonsttration, you will see how to extend
e the Acttive Directory sschema, verifyy that the schema was
su
uccessfully exte
ended, create the System Management co ontainer in AD D DS, and confiigure permissions on
th
he System Man nagement container.
Demonstrati
D ion Steps
Use EXTADSCH
H to extend th
he Active Dire
ectory schem
ma
1.. On NYC-DC
C1, start Windo a browse to \\NYC-CFG\E
ows Explorer and E$\ConfigMg
gr2012
\SMSSETUP\BIN\X64. Locate and then run the ExtA
ADSch.exe filee.
Assign Full Control permissions for the site server to the System Management container
1. In the Active Directory Users and Computers console, from the View menu enable Advanced
Features.
3. On the Security tab assign Full Control permission to the NYC-CFG computer, and then click
Advanced.
4. In the Advanced Security Settings for System Management dialog box edit the entry for the
NYC-CFG computer so Full Control permission will apply to This object and all descendant
objects, and then click OK.
Note After the installation, the Configuration Manager 2012 site server will publish
information in the System Management container to enable clients to determine the
assigned site and locate the management point.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 2-15
Hardware
H Re
equirements
To
o install a stand-alone Configuration Manager 2012 prim mary site in an
n environmentt that has up to
o 100
clients, and thatt supports all of
o the featuress of Configurattion Manager 2012, you neeed to ensure thhat the
minimum
m hardw
ware requirem ments listed in the
t following ttable are met.
Hardware com
mponent Minimum
Processor AMD Opterron, AMD Athllon 64, Intel Xeeon with Intel EM64T suppo
ort, Intel
Pentium IV with EM64T ssupport. Minim
mum: 1.4 GHz
Network adap
pter Site system computers m
must have netw work connectivvity to other
Configuration Manager ssite systems, an
nd they must hhave clients to
o
manage the em.
Th
his hardware configuration
c is only suitable
e for testing en
nvironments. Iff you want to install Configu
uration
Manager
M 2012 in a production environmen nt, the minimu m hardware reequirements are not sufficient.
MCT USE ONLY. STUDENT USE PROHIBITED
2-16 Planning and Deploying a Stand-Alone Environment
The recommended hardware requirements for a stand-alone System Center 2012 Configuration Manager
primary site server that has SQL Server installed on the site server computer are listed in the following
table.
RAM 32 GB of RAM
Free disk space 550-GB hard disk space for the operating system, SQL Server, and all
database files
Network adapter Site system computers must have network connectivity to other
Configuration Manager site systems, and they must have clients to
manage them.
When you use an instance of SQL Server that is installed on the same computer as the site server, the
primary site can support up to 50,000 clients. When you use an instance of SQL Server that is installed on
a computer that is remote from the site server, the primary site can support up to 100,000 clients.
Secondary sites and site database servers are not supported on a computer running Windows Server 2008
or Windows Server 2008 R2 that uses a read-only domain controller (RODC).
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-17
Central
SQL Server administration Primary Secondary
version Edition site (CAS) site site Notes
SQL Server 2008 Standard, Supported Supported Supported Using Standard Edition at
with SP2 and Enterprise the central administration
Cumulative site limits the total number
Update 9 of clients to 50,000.
SQL Server 2008 Standard, Supported Supported Supported Using Standard Edition at
with SP3 and Enterprise the central administration
Cumulative site limits the total number
Update 4 of clients to 50,000.
SQL Server 2008 Standard, Supported Supported Supported Using Standard Edition at
R2 with SP1 and Enterprise the central administration
Cumulative site limits the total number
Update 6 of clients to 50,000.
Twoo common site e system roles are the manag gement point and the distrib bution point. T These roles can
n be
installed during thhe Configuration Manager Setup.
S Additionnal instances o
of these site syystem roles can
n be
installed in a prim
mary site or seccondary site fo
or scalability.
Ma
anagement Point Requiirements
Each
h primary site management point can sup pport up to 25,,000 computerr clients. For exxample, to sup
pport
100,000 clients yo
ou would need
d at least four management
m points.
Ha
ardware comp
ponent Recommende
ed
RA
AM 8 GB of RAM
Man
nagement point performancce is influenced
d primarily by memory and processor capacity.
You can also install a secondary site to increase scalability. By default, a secondary site includes a
management point and a distribution point, both of which are installed on the secondary site server. Each
secondary site supports up to 250 distribution points. Each distribution point can support up to the same
number of clients as supported by the hardware configuration of the secondary site server, to a maximum
of 4,000 clients.
Each primary site supports a combined total of up to 5,000 distribution points. This total includes:
All distribution points that belong to the primary sites child secondary sites
If you install additional distribution points, note the hardware requirements listed in the following table.
RAM 8 GB of RAM
Free disk space Disk space as required for the operating system and content you deploy
to the distribution point.
Distribution point performance is influenced primarily by network I/O and disk I/O.
In addition to Windows Server 2008 and Windows Server 2008 R2, distribution points can be deployed to
the operating systems in the following table.
Windows 7 x86 or x64 Professional (no service pack or SP1) Can only host
Enterprise Edition (no service pack or the standard
SP1) distribution
point
Ultimate Edition (no service pack or
SP1)
Windows Server 2003 x86 or x64 Standard Edition (SP2) Does not
Enterprise Edition (SP2) support
multicast
Datacenter Edition (SP2)
Unlike other site system roles, distribution points are supported on some 32-bit operating systems.
Additional distribution point features, such as PXE and multicast, are only supported on specific operating
systems.
MCT USE ONLY. STUDENT USE PROHIBITED
2-20 Planning and Deploying a Stannd-Alone Environmeent
Microsoft
M .NET ased roles
All web ba Install both .NET 3.5.1 and WCF Activattion
Frramework 3.5.1 A windows feature that iss installed with h the Windowss
Fe
eatures Server Man nager. When in nstalling the .N
NET Frameworkk
3.5.1 Featurres, you are prrompted to ad dd required rolles
and servicees. IIS is then in equired features.
nstalled with re
In
nternet All web-ba
ased roles Commo on HTTP Featuures
In
nformation Staatic Content
Se
erver
Deefault Documeent
Dirrectory Browsiing
HTTTP Errors
HTTTP Redirection
Applicaation Developmment
ASSP.NET
.NEET Extensibilityy
ISA API Extensions
ISA API Filters
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-21
(continued)
.Net Framework Application Catalog Download .NET Framework 4.0 from Microsofts website
4.0 web service point and then install it.
Application Catalog
website point
Software update point
Asset Intelligence
synchronization point
Reporting Services point
Enrollment point
Enrollment proxy point
WSUS Software update point You can download Windows Software Update Services
(WSUS) from Microsofts website. WSUS is a prerequisite
to install the software update point.
MCT USE ONLY. STUDENT USE PROHIBITED
2-22 Planning and Deploying a Stand-Alone Environment
Depending on the site system role you want to implement, you must configure one or more of the
following prerequisites:
IIS with ASP.NET and .NET Framework 3.5.1. Because most site system roles use HTTP or HTTPS to
communicate with clients, the Web Server (IIS) server role should be installed on the majority of
servers hosting site system roles.
BITS. Site system roles such as management point and distribution point use BITS for bandwidth
throttling.
.NET Framework 4.0. This is required when you install any of the following:
Application Catalog
Enrollment point
WDS. Windows Deployment Services (WDS) is required when you use PXE-initiated deployments of
operating systems or if you wish to use multicast deployment of operating system images.
If the site server does not have a direct connection to the Internet, you can use the Configuration
Manager Setup Downloader (SetupDL.exe), which can be found on the Configuration Manager installation
media in the \\SMSSETUP\BIN\X64 folder, to download the prerequisites on another computer which
has Internet connectivity. Then you can copy the prerequisites on the server where you plan to install
Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-23
Database collation The instance of SQL Server in use at each site must use the following
collation: SQL_Latin1_General_CP1_CI_AS.
SQL Server features Only the Database Engine Services feature is required for each site server.
You can also install SQL Server Reporting Services to support the Reporting
Services point role.
SQL Server instance You must use a dedicated instance of SQL Server for each site.
SQL Server memory When you use a database server that is co-located with the site server, limit
the memory for SQL Server to 50 to 80 percent of the available addressable
system memory.
When you use a dedicated SQL Server, limit the memory reserved for SQL
Server to 80 to 90 percent of the available addressable system memory.
Configuration Manager requires SQL Server to reserve a minimum of 8 GB
of memory in the buffer pool used by an instance of SQL Server for the
central administration site and primary site.
MCT USE ONLY. STUDENT USE PROHIBITED
2-24 Planning and Deploying a Stannd-Alone Environmeent
Wh
hat Is Prerequisite Checker?
Verifying
g that BITS is enabled
Checking
g the SQL Server configuratio
on
Checking
g the Windowss Firewall settin
ngs
Checking
g the IIS config
guration
Checking
g publishing to
o AD DS permiissions
Checking
g for the installation of the re
equired Config
guration Manaager prerequissites
You can manually run Prerequisite Checker when preparing a server for Configuration Manager, but it is
not required. If you choose to manually run Prerequisite Checker, you can remediate any issues that you
find before you run the Configuration Manager Setup program. Regardless of your choice to manually
run Prerequisite Checker, the Configuration Manager Setup program runs it as the last step in the Setup
Wizard because installation cannot begin until all prerequisites for the chosen roles are met.
When you manually run Prerequisite Checker, you run it from a command prompt and specify specific
command-line options. Prerequisite Checker checks the specified servers for checks associated with the
site server or site systems specified in the command-line. You can also specify a remote server for
Prerequisite Checker to validate whether you have administrative rights on the remote system.
Prerequisite Checker notifies you of any warnings or errors encountered. Tests that result in a warning do
not prevent you from successfully installing System Center 2012 Configuration Manager; however, you
should resolve the condition that generated the warning before running the Configuration Manager 2012
Setup Wizard. Tests that result in an error prevent you from completing the Configuration Manager Setup
process. Additionally, you can avoid interrupting the setup process by remediating any prerequisite errors
before running Configuration Manager 2012 Setup Wizard.
The following options are available to use with Prerequisite Checker when run from a command line.
/NOUI Use this option to start Prerequisite Checker without displaying the user
interface. You must specify this option before any other option in the
command-line.
/PRI or /CAS Verifies that the local computer meets the requirements for the primary
site or central administration site. You can specify only one option, and
it cannot be combined with the SEC option.
/SEC FQDN of secondary site Verifies that the specified computer meets the requirements for the
secondary site. This option cannot be combined with the /PRI or /CAS
option.
[/INSTALLSQLEXPRESS] Verifies SQL Express on the specified computer. This option can only be
used after the /SEC option.
/SQL FQDN of SQL Server Verifies that the specified computer meets the requirements for SQL
Server to host the Configuration Manager site database. This option is
required when you use the /PRI or /CAS option.
/SDK FQDN of SMS Provider Verifies that the specified computer meets the requirements for the SMS
Provider. This option is required when you use the /PRI or /CAS option.
/JOIN FQDN of central Verifies that the local computer meets the requirements for connecting
administration site to the central administration server. This option is only valid when you
use the /PRI option.
MCT USE ONLY. STUDENT USE PROHIBITED
2-26 Planning and Deploying a Stand-Alone Environment
(continued)
Command-line
option Description
/MP FQDN of Verifies that the specified computer meets the requirements for the
management point management point site system role. This option is only supported when you
use the /PRI option.
/DP FQDN of Verifies that the specified computer meets the requirements for the distribution
distribution point point site system role. This option is only supported when you use the /PRI
option.
/ADMINUI Verifies that the local computer meets the prerequisites for the Configuration
Manager console. This option cannot be combined with any other option.
Prerequisite Checker verifies that the site server computer account has permissions to write in AD DS, but
it does not check permissions for any groups of which the site server is a member.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 2-27
Demonstra
D ation: Insta
alling and Configurin
ng Operatting System
m Prerequisites
In
n this demonsttration, you will see what Windows Server 2008 R2 roles and features aare required to
o
su
upport the Connfiguration Ma anager installa
ation.
Demonstrati
D ion Steps
Use Server Manager to review the prereq
quisites for in
nstalling Syste
em Center 20
012 Configura
ation
Manager
M
Windows Authentica
ation
IIS 6 Metabase
M Comp
patibility
IIS 6 WMI
W Compatibiility
4.. In the Conttrol Panel at Prrograms and Features, veriify that Microsoft .NET Framework 4 Ex
xtended
and Microssoft SQL Serv 64-bit) are insttalled.
ver 2008 R2 (6
MCT USE ONLY. STUDENT USE PROHIBITED
2-28 Planning and Deploying a Stannd-Alone Environmeent
Lesson 3
Installiing a Co
onfiguration Manager
M r 2012 SSite Serrver
Afte
er preparing th
he environmennt, your next sttep is to instal l the Configurration Manage
er 2012 site serrver.
You
u can use the System
S Center 2012 Configuration Manageer Setup Wizard to:
Recover a site
e server.
Perform site maintenance.
m
Add
ditional configuration option
ns for the site systems
s can bee selected during setup.
You
u will review th nd determine tthe most appr opriate setting
he available settup options an gs for your
imp
plementation.
Afte
er completing this lesson, yo
ou will be able to:
The
T Configuration Manager
M 20
012 Setup Process
Thhe following ta
able lists the stteps of the Sysstem Center 20012 Configuraation Managerr Setup Wizard
d, and
in
nformation thaat you input fo or each step.
Wizard
W step Input require
ed
Getting Starte
ed Choose: Instaall a Configurration Managger primary siite server.
Optionally, yo
ou can check: Use typical in
nstallation op
ptions for a sttand-
alone primary site.
Prerequisite Licenses
L In this step yo
ou must acceppt the licenses for Microsoft SQL Server 20
008 R2
Express, Micrrosoft SQL Servver 2008 Nativve Client and M
Microsoft
Silverlight 4 to continue w
with the setup.
Prerequisite Downloads
D In this step, you
y can downlload the Confi guration Manager prerequissites or
specify a foldder where you have previoussly downloade
ed them.
Server Langua
age With this opttion you can sp
pecify addition
nal language p
packs to be
Selection downloaded and installed for the admin console and rreports.
Client Langua
age With this opttion you can sp
pecify addition
nal language p
packs to be
Selection downloaded and installed for the Config guration Manager client.
MCT USE ONLY. STUDENT USE PROHIBITED
2-30 Planning and Deploying a Stand-Alone Environment
(continued)
Primary Site Installation If you selected Install a Configuration Manager primary site in the first
step, you can indicate whether the site is stand-alone or is part of a
hierarchy.
Database Information Input the fully qualified domain name (FQDN) of the SQL server, the name
of the Configuration Manager database, and the port to use for the SQL
Server Service Broker.
SMS Provider Settings Input the FQDN name of the server that hosts the SMS Provider. By default,
this is installed on the site server.
Client Computer In this step, you can configure choose either of the following:
Communication Settings All site systems roles accept only HTTPS communication from clients
Configure the communication method on each site system role
If you choose to configure site system roles separately, you can check the:
Clients will use HTTPS when they have a valid PKI certificate and
HTTPS-enabled site roles are available check box.
Site System Roles In this step, you can choose to install a management point and/or a
distribution point and specify the FQDNs for the roles. By default both
roles are installed using the FQDN of the server.
If you chose:
All site systems roles accept only HTTPS communication from
clients, both roles are configured for HTTPS and cannot be modified
during setup.
Configure the communication method on each site system role,
both roles are configured for HTTP and cannot be modified during
setup.
Configure the communication method on each site system role,
and you checked Clients will use HTTPS when they have a valid PKI
certificate and HTTPS-enabled site roles are available, both roles
are configured for HTTPs and can be modified during setup.
Customer Experience In this step, you can optionally choose to participate in the Customer
Improvement Program Experience Improvement Program.
Configuration
Settings Summary Review your selections to determine whether you need to go back to make
changes.
Prerequisite Check The Setup Wizard launches Prerequisite Checker to evaluate the server
readiness for hosting the selected roles.
Begin install Select the option to start the installation. Alternatively, you can go back and
make additional changes or install missing prerequisites.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-31
If you want to install the console on an administrative users workstation, you can use the
ConsoleSetup.exe in SMSSETUP/BIN/i386. The Configuration Manager console is a 32-bit application and
can be installed on both 32-bit and 64-bit operating systems.
Question: Why should you run Prerequisite Checker before running the Setup Wizard?
MCT USE ONLY. STUDENT USE PROHIBITED
2-32 Planning and Deploying a Stannd-Alone Environmeent
Co
onfiguratio
on Manage
er 2012 Se
etup Optio
ons
Usin
ng the optionss provided in the first step off the System C
Center 2012 Co
onfiguration M
Manager Setup
p
Wizzard you can:
Install a Configuration Mannager primary site. Select thiss option to insstall a primary site. You have
e the
opportunity later to select if
i is stand-alon
ne site or part of a hierarchyy.
Recover a site
e. Use this option to performm the first step in recovering a failed site se
erver. Site servver
recovery is co
overed in detail later, in Mod
dule 7.
Note The option to insta all a secondaryy site is not avaailable in the SSetup Wizard. You can
econdary sites by using the Configuration
install the se C Manager conssole connected d to an
existing primmary site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-33
The Configuration Manager 2012 setup differs from the Configuration Manager 2007 setup in the
following ways:
With the exception of the management point and distribution point site roles, you cannot install any
of the optional roles during the setup process.
Setup Downloader (SetupDL.exe) and Prerequisite Checker (prereqchk.exe) are now separate
applications and can be launched without starting the Configuration Manager 2012 Setup Wizard.
MCT USE ONLY. STUDENT USE PROHIBITED
2-34 Planning and Deploying a Stannd-Alone Environmeent
De
emonstration: Installing a Conffiguration Manager 2012 Prim
mary Site
In th
his demonstration, you will see
s how to install a Configurration Manageer primary site
e.
Dem
monstration
n Steps
Run
n Prerequisite
e Checker and
d verify that the prerequisiites are met ffor the installa
ation
1. On NYC-CFG, navigate to the E:\ConfigM
Mgr2012\ fold
der.
2. Double-click splash.hta.
3. In the System
m Center 2012
2 Configuration Manager SSetup screen, click Assess sserver readine
ess.
4. In the Installa
ation Prerequissite Check window, verify thaat there are no
o errors, and then click OK.
1. In the System
m Center 2012
2 Configuration Manager SSetup screen, click Install.
2. The Microsofft System Cen nter 2012 Con nfiguration M Manager Setup
p Wizard startts. Use the
following setttings to install a stand-alone
e primary site.
On the Getting
G Starte
ed page, selectt Install a Con
nfiguration M
Manager prima
ary site.
On the Product
P Key page, select Insstall this prod
duct as an eva
aluation.
On the Microsoft
M e Terms page, accept the license terms.
Softtware License
On the Prerequisite
P Liicenses page, under Microssoft SQL Serve er 2008 R2 Ex xpress, select
I accept these License
e Terms, undeer Microsoft SSQL Server 20 008 Native Client, select I acccept
these Liccense Terms, and then undeer Microsoft SSilverlight 4, sselect I acceptt these Licensse
Terms an nd automaticc updates of Silverlight.
S
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-35
On the Prerequisite Downloads page, select Use previously downloaded updates from the
following location, and specify the E:\ConfigMgr2012\Redist as the location.
On the Server Language Selection and Client Language Selection pages, click Next.
On the Site and Installation Settings page, configure the following options.
On the Primary Site Installation page, select Install the primary site as a stand-alone site.
On the Client Computer Communication Settings page, select Configure the communication
method on each site system role.
On the Site System Roles page, verify that both Install a management point and Install a
distribution point check boxes are selected. Also verify that NYC-CFG.Contoso.com appears in
both FQDN text boxes.
3. On the Prerequisite Check page, wait for the prerequisite checking to finish, review the results, and
then click Begin Install.
MCT USE ONLY. STUDENT USE PROHIBITED
2-36 Planning and Deploying a Stannd-Alone Environmeent
Lab A: Installing a Co
onfigura
ation M
Managerr 2012
Primarry Site
Lab
b Setup
For this lab, you use
u the availabble virtual mach
hine environm
ment. Before yo
ou begin the laab, you must
com
mplete the folloowing steps:
1. On the host computer,
c click
k Start, point to
t Administraative Tools, an
nd then click H
Hyper-V Manager.
2. In Hyper-V Manager,
M click
k 10748A-NYC
C-DC1-A, and in the Actionss pane, click Sttart.
3. In the Actionss pane, click Connect. Wait until the virtuaal machine staarts.
4. Log on using the following credentials:
User nam
me: Administra
ator
Password
d: Pa$$w0rd
Domain: Contoso
5. or 10748A-NY
Repeat steps 2 through 4 fo YC-CFG-A.
Lab
b Scenario
Youu are the netwoork administra
ator for Contosso, Ltd. Contosso wants to deeploy System C Center 2012
Connfiguration Maanager, but the
ey need to evaaluate the funcctionality first. Thus, they havve decided to
perfform a Proof-oof-Concept deeployment in a lab environm ment. The Prooff-of-Concept d deployment iss
limited to a stand-alone primary site.
u need to test the
You t deploymen
nt by:
1. Configuring prerequisites
p fo
or the Configu
uration Manag
ger 2012 deplo
oyment.
2. Extending the
e Active Directtory schema.
3. Installing a Syystem Center 2012
2 Configuration Manageer stand-alone primary site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-37
You need to verify the configuration of prerequisites for the Configuration Manager deployment.
2. Verify the installation of Web Server (IIS) and related role services.
4. Verify that .NET Framework 4.0 and SQL Server 2008 are installed.
X Task 2: Verify the installation of Web Server (IIS) and related role services
In the Server Manager console, under the Roles node, scroll to the Web Server (IIS) section, and
verify that the following features are installed:
ASP.NET
Windows Authentication
X Task 4: Verify that .NET Framework 4.0 and SQL Server 2008 R2 are installed
In the Control Panel in the Programs and Features section, verify that Microsoft .NET Framework
4 Extended and Microsoft SQL Server 2008 R2 are installed.
Results: After this exercise, you should have validated the prerequisites for installing System Center 2012
Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
2-38 Planning and Deploying a Stand-Alone Environment
You need to prepare AD DS for Configuration Manager 2012 by extending the AD DS schema and
manually creating the System Management container where Configuration Manager 2012 server will
publish information.
2. Browse to drive C, open the ExtADSch.log file created in the root of drive C, and then verify the
success of the operation by observing the classes and attributes added to AD DS and the message
that confirms the successful extension of the schema.
3. In the ADSI Edit console, expand Default naming context, expand the DC=CONTOSO,DC=COM
container, and select the CN=System container.
4. Create an object under CN=System with the type container, and the name System Management.
5. In the ADSI Edit console, verify that CN=System Management container appears in the results pane,
and then close the console.
X Task 3: Assign Full Control permissions for the System Management container to the
site server
1. Open the Active Directory Users and Computers console, and then from the View menu verify that
Advanced Features is selected.
2. Under the System container, browse to the System Management container and access its
Properties.
3. On the Security tab assign Full Control permission to the NYC-CFG server, and then click
Advanced.
4. In the Advanced Security Settings for System Management dialog box edit the entry for the
NYC-CFG computer so Full Control permission will apply to This object and all descendant
objects, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-39
Note After the installation, the Configuration Manager 2012 site server will publish
information in the System Management container to enable clients to determine the
assigned site and locate the management point.
Results: At the end of this exercise, you should have extended the Active Directory schema, created the
System Management container, and assigned permissions to the Configuration Manager server.
MCT USE ONLY. STUDENT USE PROHIBITED
2-40 Planning and Deploying a Stand-Alone Environment
2. Run Installation Prerequisite Check and verify that the prerequisites are met for the installation.
3. Run the System Center 2012 Configuration Manager Setup Wizard and select the option to install a
Configuration Manager 2012 stand-alone primary site.
2. Double-click splash.hta.
X Task 2: Run Installation Prerequisite Check and verify that the prerequisites are met
for the installation
1. In the System Center 2012 Configuration Manager Setup screen, select Assess server readiness.
2. In the Installation Prerequisite Check window, verify that there are no errors, and then click OK.
X Task 3: Run the System Center 2012 Configuration Manager Setup Wizard and select
the option to install a Configuration Manager 2012 stand-alone primary site
1. In the System Center 2012 Configuration Manager Setup screen, click Install.
2. The Microsoft System Center 2012 Configuration Manager Setup Wizard starts. Use the
following settings to install a stand-alone primary site.
On the Getting Started page, select Install a Configuration Manager primary site.
On the Product Key page, select Install this product as an evaluation.
On the Microsoft Software License Terms page, accept the license terms.
On the Prerequisite Licenses page, under Microsoft SQL Server 2008 R2 Express, select
I accept these License Terms, under Microsoft SQL Server 2008 Native Client, select I accept
these License Terms, and then under Microsoft Silverlight 4, select I accept these License
Terms and automatic updates of Silverlight.
On the Prerequisite Downloads page, select Use previously downloaded updates from the
following location, and specify the E:\ConfigMgr2012\Redist as the location.
On the Server Language Selection and Client Language Selection pages, verify that English is
selected.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-41
On the Site and Installation Settings page, configure the following options.
On the Primary Site Installation page, select Install the primary site as a stand-alone site.
On the Client Computer Communication Settings page, select Configure the communication
method on each site system role.
On the Site System Roles page, verify that a management point and a distribution point will be
installed on NYC-CFG.Contoso.com.
On the Prerequisite Check page, wait for the prerequisite check to finish, and then click Begin
Install.
3. Wait for the installation to finish, and then close the wizard.
Results: At the end of this exercise, you should have installed System Center 2012 Configuration Manager
in a stand-alone primary site.
Lesson 4
Performing Post-Setup Configuratiion Tasks
You
u can verify tha
at the installatiion of System Center 2012 CConfiguration Manager is successful by staarting
the Configurationn Manager con nsole, reviewing the installatiion logs, and rreading the staatus messagess.
You
u also need to perform the in oundaries and boundary groups
nitial site configuration by deefining the bo
and optionally byy installing add
ditional site roles.
Describe insta
alling addition
nal site system roles.
Verifying
V th
he Configu
uration Ma
anager 20
012 Installaation
Yo
ou can perform
m the following actions to ve
erify the Confiiguration Man
nager 2012 insttallation:
ConfigMgrSetupWiza
ard.log. This lo
og is generated
d by the Setup
p Wizard.
Question: What
W is the prrimary log for the
t Configurattion Manager setup?
MCT USE ONLY. STUDENT USE PROHIBITED
2-44 Planning and Deploying a Stannd-Alone Environmeent
Vie
ewing Stattus Messag
ges
All major
m Configuration Manage
er componentts generate staatus messages..
One
e way to use sttatus messages is to validate nstallation and
e a Configuratiion Manager in d its core
mponent functionality. You can
com c find status messages in t he Monitoring g workspace att the following
g
nod
des:
Site Status
Component Status
S
Afte
er selecting a site
s system or a component, use the Statuss Messages Vieewer to view the associated status
his application by clicking the Show Mess ages button in
messsages. Start th n the ribbon.
Overview
O of
o Status Summarizers
Sttatus messages help you tracck the flow of data through the Configuraation Managerr components. State
messages
m represent a point in on on a client. While you usee the status message viewer read
n time conditio
sttatus messagess. There is no such
s equivalennt for state meessages. The reesult of state m
messages is larg
gely
on nly seen in rep
ports, various data
d in the con
nsole (such as number of sysstems needing g an update), o
or the
client logs them mselves.
Th
here are four status
s summarrizers:
Application
n Statistics Sum
mmarizer, whicch aggregates information about the application deployyment
state messa
ages.
marizer, which aggregates staatus messagess generated byy components on site
Component Status Summ
systems.
Site System
m Status Summ
marizer, which aggregates
a staatus messages generated by site systems.
Additional toolss for working with
w status me
essages are:
Co
onfiguring Boundarie
es and Bou
undary Gro
oups
Bou
undaries repressent network locations wherre Configuratio on Manager cl ients are manaaged. Boundary
groups are logical groups of bo oundaries that are used durinng client installlation to dete
ermine the
Con
nfiguration Ma anager site that manages a client.
c ndary group configured for site assignmen
If a boun nt
doe
es not exist, the
e client installa
ation process uses
u gured fallback site for site asssignment.
the config
You
u can define bo
oundaries by using:
u
Wheen used for sitte assignment, boundary gro oups should noot have overla pping boundaaries. If a clientt is
loca
ated in an overrlapping bounndary, the site assignment
a prrocess is non-d
deterministic, w
which means tthat
the client can be assigned
a to an
ny of the sites.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-47
When used to locate content, boundary groups can have overlapping boundaries. This means that a client
in a boundary that is part of multiple boundary groups can have access to multiple content locations.
As a best practice, you should use different boundary groups for site assignment and for content location.
Boundaries and boundary groups are discussed in more details in Module 6: Planning and Completing
System Center 2012 Configuration Manager Client Deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
2-48 Planning and Deploying a Stannd-Alone Environmeent
To provide
p flexibility when dete
ermining the siite role installaation, only management poiint and distribu
ution
poin
nt can be insta
alled during se
etup. You install other roles ffrom the Confiiguration Man
nager console aafter
perfforming Setupp.
You
u will need to determine
d whe
ether the roless are installed:
On a new site
e system using the Create Sitte System Servver Wizard.
The two wizards are a the same with w the excepttion that you n need to select an existing se
erver and desig
gnate
it ass a new site sysstem in the Co onfiguration Manager
M site in
n the Create Sitte System Servver Wizard, wh
hereas
the Add Site Syste em Roles Wiza ard informationn on the Geneeral page does not need to b be reconfigureed.
Add ady installed on the site systeems are not lissted in the Add Site System Roles
ditionally, roless that are alrea
Wizzard.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 2-49
Demonstra
D ation: Perfo
orming Po
ost-Configuration Taasks
In
n this demonsttration, you will see how to configure
c Activve Directory Foorest Discoverry to create
booundaries base ed on AD DS sites,
s create a boundary
b grouup, and assignn the new boun ndary. You also will
se nal roles, and how to configure a manage
ee how to conffigure site systtem roles and install addition ement
pooint and a disttribution pointt.
Demonstrati
D ion Steps
Create a new Active
A Directo
ory site
1.. C1, start the Active Directoryy Sites and Serrvices console.
On NYC-DC
3. In in the Configuration Manager console, in the Active Directory Forests node, access the
Properties of Contoso.com. Review the settings, and then close the dialog box.
4. Under the Boundaries node access the Properties of the created boundary. Review the settings, and
then close the dialog box.
1. In the Configuration Manager console, select the Boundary Groups node, and on the ribbon, click
Create Boundary Group.
On the References tab, select the option Use this boundary group for site assignment.
Install additional site system roles: Fallback Status Point and Reporting Services Point
1. In in the Configuration Manager console, under Site Configuration, select the Servers and Site
System Roles node.
2. Select \\NYC-CFG.Contoso.com, and on the ribbon select the Home tab, and then click Add Site
System Roles.
3. In the Add Site System Roles Wizard use the following settings to install the site system roles:
On the General page, verify that the Name for the site server is NYC-CFG.Contoso.com.
On the System Role Selection page, select Fallback status point and Reporting services
point.
On the Reporting Services Point page, use the Verify button to validate access to database.
Under User name click Set, New Account and specify the following credentials:
Password: Pa$$w0rd
Confirm password: Pa$$w0rd
2. In the preview pane, access the Properties for the Management point.
3. Select the option Generate alert when the management point is not healthy and then close the
dialog box.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-51
4. In the preview pane, access the Properties for the Distribution point.
5. On the Boundary Groups tab, verify that the New York Clients boundary group you have created
previously appears in the list, and then close the dialog box.
Note The association between the distribution point and the boundary group was created
when you added the site system to the boundary group in a previous task.
MCT USE ONLY. STUDENT USE PROHIBITED
2-52 Planning and Deploying a Stannd-Alone Environmeent
Lesson 5
Tools for
f Mon nitoring
g and Trroublesshootingga
Config
guration
n Managger 20112 Installation
In th
his lesson, you dditional features related to status messag
u will review ad ges such as status summarize
ers,
status filter rules, and status rep
ports.
Describe usin
ng the Configuration Manage
er 2012 logs fo
or troubleshoo
oting.
Describe usin
ng the monitorring features in
n the in the Co
onfiguration M
Manager 2012 console.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 2-53
Using
U Conffiguration Manager Logs for T
Troublesho
ooting Site
e Server
In
nstallation
n
Th
here are three types of logs:
Setup logs. The Setup Wizzard generatess setup logs in the root of th
he %SystemDrrive%.
Site server logs.
l Site systems and compo onents generaate site server llogs in the InsttallationPath\LOGS
folder. On computers
c tha
at serve as man
nagement poin nts or Fallbackk Status Pointss, some log file
es are
located in the
t %Program mFiles%\SMS__CCM\Logs fo older.
Several role es such as the management point and disttribution pointt use Internet Information Se ervices
(IIS). The IIS
S log file is loca
ated in the %W
Windir%\Systtem32\logfile
es\W3SVC1 fo older on the IISS server.
Yo
ou can use this tool to view and monitor log files includ ing:
Log files
Most processes and roles generate their own log files. The log files related to the installation and the
default roles including the management and distribution points are listed in the following table.
compmon.log Located in the InstallationPath\LOGS folder. This log file records the
status of the component threads.
ComRegSetup.log Located in the InstallationPath\LOGS folder. This log file records the
initial installation of COM registration results.
ConfigMgrAdminUISetup.log Located in the root of the %SystemDrive%. This log file records the
installation of the Configuration Manager console.
ConfigMgrPrereq.log Located in the root of the %SystemDrive%. This log file records the
results of the prerequisites checker.
ConfigMgrSetup.log Located in the root of the %SystemDrive%. This log file records the
installation of the Configuration Manager server.
ConfigMgrSetupWizard.log Located in the root of the %SystemDrive%. This log file records the
progress of the Configuration Manager Setup Wizard.
hman.log Located in the InstallationPath\LOGS folder. This log file records site
configuration changes and publishing of site information in AD DS.
mpcontrol.log Located in the InstallationPath\LOGS folder. This log file records the
availability of the management point every 10 minutes.
mpfdm.log Located in the InstallationPath\LOGS folder. This log file records the
activity of the management point component that moves client files
to the corresponding INBOXES folder on the site server.
MPSetup.log Located in the InstallationPath\LOGS folder. This log file records the
management point installation wrapper process.
PerfSetup.log Located in the InstallationPath\LOGS folder. This log file records the
results of the installation of performance counters.
sitecomp.log Located in the InstallationPath\LOGS folder. This log file records the
installation of site system roles, as well as maintenance of the
installed site components.
sitectrl.log Located in the InstallationPath\LOGS folder. This log file records site
setting changes made to site control objects in the database.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-55
(continued)
sitestat.log Located in the InstallationPath\LOGS folder. This log file records the
availability and disk space monitoring activity for all site systems.
smsexec.log Located in the InstallationPath\LOGS folder. This log file records the
processing of all site server component threads.
statesys.log Located in the InstallationPath\LOGS folder. This log file records the
processing of system state messages.
statmgr.log Located in the InstallationPath\LOGS folder. This log file records the
writing of all status messages to the database.
Note For a full list of logs generated by Configuration Manager site server and site system
roles, refer to the Additional Reading link provided in the Course Companion Content on
the http://www.microsoft.com/learning/companionmoc/ site.
MCT USE ONLY. STUDENT USE PROHIBITED
2-56 Planning and Deploying a Stannd-Alone Environmeent
Mo
onitoring Features
F in
n the Conffiguration Manager Console
You
u can use the Configuration
C Manager
M conssole to view ag
ggregated info ormation abou ut the health sttate of
your Configuratio
on Manager inffrastructure. This informatio n is available iin the Monitorring section off the
console.
You
u can use the Configuration
C Manager
M conssole to:
Configure the
e generation of
o alerts if site systems
s are no
ot functioning.
Lab B:
B Perforrming Post-Set
P tup Con
nfigurattion Tassks
Lab Setup
Fo
or this lab, you
u use the availa
able virtual maachine environ
nment. Before you begin the
e lab, you musst ensure
th
he following virtual machines are still runnning:
10748A-NY
YC-DC1-A
10748A-NY
YC-CFG-A
La
ab Scenario
o
Yo
ou have installled a System Center
C 2012 Co
onfiguration M
Manager stand
d-alone primarry site in the laab
en
nvironment.
Yo
ou need to vallidate the insta
allation and pe
erform the inittial site configu
uration.
MCT USE ONLY. STUDENT USE PROHIBITED
2-58 Planning and Deploying a Stand-Alone Environment
1. View the Site Status node and the Component Status node.
2. View the status messages for the Configuration Manager 2012 installation.
X Task 2: View the status messages related to the Configuration Manager 2012
installation
1. Select again the Site Status node and in the results pane select Site server.
2. On the ribbon, click the Show Messages button, and then click All.
3. In the Status Messages: Set Viewing Period dialog box accept the defaults, and then click OK.
4. In the Configuration Manager Status Message Viewer double-click on any message, and review
the details of the status message. Use the Next and Previous buttons to view additional status
messages, and then close the Status Message Details dialog box.
5. Close the Configuration Manager Status Message Viewer window.
2. Navigate to drive C and open the ConfigMgrPrereq.log file located in the root folder in Notepad.
Review the file and note any errors or warnings reported by Prerequisite Checker, and then close
Notepad.
3. Open the ConfigMgrSetup.log file in Notepad. Review the file and note any errors or warnings
reported by Setup, and then close Notepad.
Note Also in the root folder is ConfigMgrSetupWizard.log. If you installed the console
you should see ConfigMgrAdminUISetup.log.
Results: At the end of this exercise, you should have validated the installation of System Center 2012
Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-59
Next, you will install new site system roles, such as Fallback Status Point and Reporting Services Point, and
configure the management point and distribution point.
2. Configure Active Directory Forest Discovery to create a new boundary from the Active Directory site.
3. Configure a boundary group and include the new boundary.
4. Install additional site system roles: Fallback Status Point and Reporting Services Point.
2. In the Active Directory Sites and Services console, under the Sites node, rename the Default-First-
Site-Name site to NewYork (without a space).
3. Under the Subnets node, create a subnet for 10.10.0.0/24 and assign it to the NewYork site.
X Task 2: Configure Active Directory Forest Discovery to create a new boundary from
the Active Directory site
1. On NYC-CFG, in the Configuration Manager console, in the Administration workspace, expand
Hierarchy Configuration, and then select Discovery Methods.
2. In the results pane, access the properties for Active Directory Forest Discovery and select Enable
Active Directory Forest Discovery, and Automatically create Active Directory site boundaries
when they are discovered check boxes.
3. In in the Configuration Manager console, under the Active Directory Forests node, access the
Properties of Contoso.com. Review the settings, and then close the dialog box.
4. Under the Boundaries node access the Properties of the NewYork boundary. Review the settings,
and then close the dialog box.
On the References tab, select the option Use this boundary group for site assignment.
Add \\NYC-CFG.contoso.com as the site system server used for content location.
X Task 4: Install additional site system roles: Fallback Status Point and Reporting
Services Point
1. In in the Configuration Manager console, under Site Configuration, select the Servers and Site
System Roles node.
2. Select \\NYC-CFG.Contoso.com, and on the ribbon select the Home tab, and then click Add Site
System Roles.
3. In the Add Site System Roles Wizard use the following settings to install the site system roles:
On the General page, verify that the Name for the site server is NYC-CFG.Contoso.com.
On the System Role Selection page, select Fallback status point and Reporting services
point.
On the Reporting Services Point page, use the Verify button to validate access to database.
Under User name click Set, New Account and specify the following credentials:
Password: Pa$$w0rd
2. In the preview pane, access the Properties for the Management point.
3. Select the option Generate alert when the management point is not healthy and then close the
dialog box.
4. In the preview pane, access the Properties for the Distribution point.
5. On the Boundary Groups tab, verify that the New York Clients boundary group you have created
previously appears in the list, and then close the dialog box.
Note The association between the distribution point and the boundary group was created
when you added the site system to the boundary group in a previous task.
Results: At the end of this exercise, you should have performed the initial configuration of a System
Center 2012 Configuration Manager stand-alone primary site.
Lesson
n6
Mana
aging In
nternet--Based Clients
C
To
o be able to manage
m Interneet-based clientts, you need to
o configure sitte systems to ssupport Interne
et-
ba
ased clients an
nd publish those site systemss through the firewall.
Describe th
he site system roles
r involved in Internet-baased client ma nagement.
Describe ussing certificate based client m anagement.
es in Internet-b
Describe pu
ublishing site system
s roles th
hrough a firew
wall.
MCT USE ONLY. STUDENT USE PROHIBITED
2-62 Planning and Deploying a Stannd-Alone Environmeent
Managementt point
Distribution point
p
Software upd
date point
Fallback statu
us point
Application Catalog
C website point
Enrollment prroxy point
Unliike previous ve
ersions, Config
guration Mana ager 2012 sitess no longer relly on a single llogical default
mannagement poin nt. You can insstall multiple management
m ppoints in the saame site and tthe client
auto
omatically seleects one on thee basis of netwwork location aand capability (HTTPS or HT TTP).
You
u can configure e some manag gement points in a site to su pport HTTPS cclient connectiions and configure
som
me management points to su upport HTTP cllient connectio ons. Using thiss approach, yo ou can configure
sepa
arate managem ment points foor Internet-bassed client mannagement. You u must configu ure these
mannagement poin nts to use certificates from a PKI solution ttrusted by botth the client an
nd server and
HTTTPS. Additionally, your Intern
net-based Con nfiguration Maanager clients nneed a valid PKI certificate ffrom a
PKI solution truste
ed by both thee client and server for authe ntication with the site systemms.
The fallback status point alwayss uses HTTP beecause this rolee is used as an
n alternate metthod of
com
mmunication when
w the clientts cannot communicate with h site system rooles, including
g when the clie
ent
doe
es not have a PKI-issued
P certificate.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-63
All site systems must reside in an Active Directory domain; however, you can install site systems for
Internet-based client management in an untrusted forest. This scenario might be appropriate for a
perimeter network that requires high security.
You must decide whether the client computers that will be managed over the Internet will be configured
for management on the intranet and the Internet, or for Internet-only client management. You can only
configure the client management option during the installation of a client computer. If you change your
mind later, you must reinstall the client.
Client computers that are configured for Internet-only client management only communicate with
the site systems that are configured for client connections from the Internet. Mobile device clients are
automatically configured as Internet-only when they are configured to use an Internet-based
management point.
Client computers that are configured for Internet and intranet client management can automatically
switch between Internet-based client management and intranet client management when they detect
a change of network. If these clients can find and connect to a management point that is configured
for client connections on the intranet, these clients are managed as intranet clients that have full
Configuration Manager management functionality. If the clients cannot find or connect to a
management point that is configured for client connections on the intranet, they attempt to connect
to an Internet-based management point, and, if this is successful, these clients are then managed by
the Internet-based site systems in their assigned site.
Not all client management functionality is available when using Internet-based client management.
Features that rely on AD DS, or features that are not appropriate for a public network such as operating
system deployments, are not supported for Internet management. The following features are not
supported when clients are managed on the Internet:
Client deployment over the Internet is not possible, for example Client Push and software update-
based client deployment. You must use manual client installation to install the Configuration
Manager client on these computers.
Auto-site assignment will not work on the Internet. Clients need to be configured with an assigned
site at installation. Clients try to locate the site systems using DNS. The Internet FQDN of site systems
that support Internet-based client management must be registered as host entries on public DNS
servers. Clients non-deterministically select one of the Internet-based site systems, regardless of
bandwidth or physical location.
Network Access Protection (NAP). This feature relies on AD DS and cannot function on the Internet.
Wake-On-LAN magic packets cannot be sent on the Internet.
Operating system deployment cannot be performed on the Internet; however, you can deploy task
sequences that do not deploy an operating system, such as task sequences that run scripts and
maintenance tasks on clients.
The remote control feature is not available for Internet-based clients, since these computers cannot
be located using DNS.
Out of band management using Intel Active Management Technology (AMT) cannot be used for
Internet-based clients.
Software deployments to users, cannot be performed unless the Internet-based management point
can authenticate the user in AD DS by using Windows authentication (Kerberos or NTLM). This is
possible when the Internet-based management point trusts the forest where the user account resides.
MCT USE ONLY. STUDENT USE PROHIBITED
2-64 Planning and Deploying a Stannd-Alone Environmeent
Use of Certifficates in In
nternet-Ba
ased Clien t Management
Configuration n Manager site e system roles that commun icate by using HTTPS use ce ertificates to ve
erify
that their servver name is the same as the server the clieents are trying to connect to o. The Enhance ed Key
Usage field in
n this type of certificate
c inclu
udes Server Au uthentication ((1.3.6.1.5.5.7.3..1). When using a
Microsoft Acttive Directory Certificate
C Servvices Enterprisse CA, you sho
ould create a te emplate based d on
the existing Web
W Server tem mplate in the template
t storee. SHA-1 and SSHA-2 hash alg gorithms are
supported. Th here is no limitt for the maximmum supporteed key length ffor this certificcate.
If the site
e system accep
pts connection bject Name or Subject Altern
ns from the Inteernet, the Subj native
Name must contain the e Internet FQD
DN.
If the site
e system acceppts connection
ns from both th
he Internet and
d the intranet,, both the Inte
ernet
FQDN an nd the intranett FQDN (or com
mputer name)) must be speccified by using the ampersan nd (&)
symbol delimiter
d betweeen the two na
ames.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-65
Configuration Manager site systems that are hosting the distribution point role are using certificates
configured for client authentication. The Enhanced Key Usage field in this type of certificate includes
Client Authentication (1.3.6.1.5.5.7.3.2). When using a Microsoft Active Directory Certificate Services
Enterprise CA, you should create a template based on the existing Workstation Authentication
template in the template store. The private key must be exportable. SHA-1 and SHA-2 hash
algorithms are supported. The maximum supported key length is 2,048 bits.
The certificate:
Is used to authenticate the distribution point to an HTTPS-enabled management point before the
distribution point sends status messages.
Is sent to computers when the Enable PXE support for clients distribution point option is
selected. This ensures that the client computers can connect to a HTTPS-enabled management
point during the deployment of the operating system if task sequences in the operating system
deployment process include client actions such as client policy retrieval or sending inventory
information.
Note The private key must be exportable because you must import the certificate as a file
on the distribution point properties, rather than select it from the certificate store. You need
to export the issued certificate in the Public Key Certificate Standard (PKCS #12) format
(.PFX file).
Internet-based clients can only use certificates generated by the PKI solution for authentication when
connecting to a Configuration Manager site system. The Enhanced Key Usage field in this type of
certificate includes Client Authentication (1.3.6.1.5.5.7.3.2). When using a Microsoft Active Directory
Certificate Services Enterprise CA, you should create a template on the basis of the existing
Workstation Authentication template in the template store. Client computers must have a unique
value in the Subject Name field or in the Subject Alternative Name field. The maximum supported key
length is 2,048 bits.
Template-based certificates can be issued only by an enterprise certification authority running on the
Enterprise Edition or Datacenter Edition of the server operating system, such as Windows Server 2008
Enterprise and Windows Server 2008 Datacenter.
Note When you use an enterprise certification authority and certificate templates, do not
use the version 3 templates (Windows Server 2008, Enterprise Edition). These certificate
templates create certificates that are incompatible with Configuration Manager. When
prompted for the version of the template, select version 2 (Windows Server 2003).
If the client certificates are issued by a different CA hierarchy than the CA hierarchy that issued the
management point certificate, the root CA certificate must be provided for clients.
The configuration of server and client certificates required for Internet-based client management typically
involves the following steps:
Deploying the Web Server certificate for site systems that run IIS. This includes the following
procedures:
Creating and issuing the Web Server certificate template on the certification authority.
MCT USE ONLY. STUDENT USE PROHIBITED
2-66 Planning and Deploying a Stand-Alone Environment
Configuring IIS to use the Web Server certificate on each site system.
Deploying the distribution point certificate for site systems that are hosting the distribution point role.
This includes the following procedures:
Creating and issuing the distribution point certificate template on the certification authority.
Requesting a distribution point certificate from each distribution point and exporting the
certificate in a .PFX file.
Deploying the client certificate for computers. If the computers are also connecting to the intranet
and can authenticate to Active Directory, the certificate deployment has the following procedures:
Creating and issuing the Workstation Authentication certificate template on the certification
authority.
Automatically enrolling the Workstation Authentication certificate and verifying its installation on
computers.
If the computers are not connecting to Active Directory, you need to issue and install the client
certificates manually.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 2-67
Publishing
P Site System Roles Through a Firewall
Th
he site systemss configured to
o support Inte
ernet-based cliient managemment must be ppublished on the
In
nternet. You ca
an accomplish this by implemmenting one oof the following
g scenarios:
1.. Place the siite systems con nfigured to support Internett-based client management in a perimeterr
network. Thhis scenario is more secure but
b more difficcult to implem ent. To implem
ment this scenario,
configure your
y firewalls as
a follows:
Maanagement pooint. Communiicates with thee SQL Server th hrough the SM MS Provider to read
po
olicy and comm
municates directly with the ssite server to reeport state me
essages.
Disstribution poin
nt. Communica ates with the ssite server to reead configurattion informatio
on and
rep
plicate content using file-based replicationn.
So
oftware update municates with an upstream ssoftware updaate point or dirrectly
e point. Comm
witth Microsoft Update.
U
2. Configure the internal site systems to support Internet-based client management and publish them
through a firewall. This scenario is less secure but easier to implement.
To implement this scenario, configure your firewall to allow direct HTTPS access from the Internet to
the site systems (also known as tunneling, or pass-through). If you are using a proxy web server
without SSL termination (tunneling), no additional certificates are required on the proxy web server;
however, the clients are connecting directly to the site systems, and the firewall cannot inspect the
traffic, which can pose additional security risks.
3. If you are using a proxy web server with SSL termination (bridging) for incoming Internet connections,
the proxy web server has the following certificate requirements:
Certificates are installed on the proxy web server with Enhanced Key Usage configured for server
and client authentication. You can use the Web Server and Workstation Authentication
templates.
Internet FQDN is included in the Subject Name field or in the Subject Alternative Name field. If
you are using Microsoft certificate templates, the Subject Alternative Name is only available with
the workstation template.
Lab C:
C Config
guring PKI for Configuration
n Manag
ger
Lab Setup
Fo
or this lab, you
u use the availa
able virtual maachine environ
nment. Before you begin the
e lab, you musst ensure
th
he following virtual machines are still runnning:
10748A-NY
YC-DC1-A
10748A-NY
YC-CFG-A
La
ab Scenario
o
Yo
ou have installled a System Center
C 2012 Co
onfiguration M
Manager stand
d-alone primarry site in the laab
en
nvironment.
Yo
ou have been asked to confiigure a Microssoft PKI solutioon for use with
h Configuration Manager. To o do
th
his, you will cre
eate templatess for use by Co
onfiguration M
Manager, and tthen deploy th
he certificates tto your
Configuration Manager
M infrasstructure.
MCT USE ONLY. STUDENT USE PROHIBITED
2-70 Planning and Deploying a Stand-Alone Environment
2. In the Certification Authority console, right-click the Certificate Templates folder, and then click
Manage. The Certificate Templates Console opens.
3. Duplicate the Web Server template, and select the Windows Server 2003 Enterprise option.
On the General tab, name the template as Configuration Manager Web Server Certificate.
On Subject Name tab, ensure that the Supply in the request option is selected.
On the Security tab, remove the Enroll permission from the security groups: Domain Admins
and Enterprise Admins. Add the Configuration Manager IIS Servers group, and grant the
Configuration Manager IIS Servers group the Enroll permission.
On the General tab, name the template as Configuration Manager Client Certificate.
On the Security tab, select the Domain Computers group, and add the Read and Autoenroll
permissions.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-71
On the General tab, name the template as Configuration Manager Client Distribution Point
Certificate.
On the Security tab, remove the Enroll permission from the security groups: Domain Admins
and Enterprise Admins. Add the Configuration Manager IIS Servers group, and grant the
Configuration Manager IIS Servers group the Enroll permission.
On the General tab, name the template as Configuration Manager Mobile Device Certificate.
On the Subject Name tab, ensure the Build from this Active Directory information option is
selected, and in the Subject name format list, select Common name, and then clear the User
principal name (UPN) check box.
Results: After this exercise, you should have created a group for the Configuration Manager servers and
created the templates for Configuration Manager certificates.
MCT USE ONLY. STUDENT USE PROHIBITED
2-72 Planning and Deploying a Stand-Alone Environment
5. Configure the following values for the Certificate Services Client --- Auto-enrollment object:
Select the Renew expired certificates, update pending certificates, and remove revoked
certificates check box.
Select the Update certificates that use certificate templates check box.
2. In the Shut Down Windows dialog box, under Option select Operating System: Reconfiguration
(Planned).
3. Wait for the virtual machine to restart and then logon as domain Administrator.
4. Start a Microsoft Management Console (MMC), and then add the Certificates snap-in for the Local
computer: (the computer this console is running on).
5. In the MMC window, expand Certificates (Local Computer), and then click Personal. Right-click
Personal and select the option Request New Certificate.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 2-73
6. In the Certificate Enrollment Wizard, request a new certificate by using the following information:
On the Request Certificates page, select the Configuration Manager Web Server Certificate
check box, and then click More information is required to enroll for this certificate. Click
here to configure settings.
On the Subject tab, in the Alternative name area, in the Type list, select DNS, and in the Value
box, type NYC-CFG.Contoso.com, and then click Add.
On the General tab, in the Friendly name box, type Configuration Manager Web Services.
Complete the request, and wait until the certificate is installed, and then click Finish.
2. In the Certificate Enrollment Wizard, request a new certificate by using the following information:
On the Request Certificates page, select the Configuration Manager Client Distribution
Point Certificate check box and then click Enroll.
Complete the request, wait until the certificate is installed, and then click Finish.
3. In the Microsoft Management Console, expand Personal, and then select Certificates.
4. Select the certificate that has Configuration Manager Client Distribution Point Certificate on the
Certificate Template column, right click the certificate, and then select Export. The Certificate
Export Wizard opens.
5. In the Certificate Export Wizard page, use the following information to export the certificate:
On the Export Private Key page, select Yes, export the private key.
On the Export File Format page, ensure Personal Information Exchange --- PKCS #12 (.PFX)
option is selected.
On the Password page, type Pa$$w0rd in both Password and Type and confirm password
(mandatory) text boxes.
On the File to Export page, in the File name text box, type
C:\ConfigMgrClientDPCertificate.pfx.
2. Expand NYC-CFG (CONTOSO\Administrator), expand Sites, right-click Default Web Site, and then
click Edit Bindings.
3. In the Site Bindings dialog box, edit the https entry, in the SSL certificate list, select the
Configuration Manager Web Services certificate, click OK, and then close all open windows.
MCT USE ONLY. STUDENT USE PROHIBITED
2-74 Planning and Deploying a Stand-Alone Environment
2. In the Administration workspace, expand Site Configuration, and then click Servers and Site
System Roles.
3. In the results pane select \\NYC-CFG.contoso.com, then, in the preview pane, access the Properties
for the Site system.
Select Specify an FQDN for this site system for use on the Internet.
In the Internet FQDN text box, type NYC-CFG.contoso.com, and then close the dialog box.
On the General tab, select Import certificate, and then browse to select the
C:\ConfigMgrClientDPCertificate.pfx certificate file.
Select HTTPS, and then under Requires computers to have a valid PKI client certificate, select
Allow intranet and Internet connections, and then close the dialog box.
7. In the preview pane, access the Properties for the Management point.
On the General tab, click HTTPS, and then under This option requires client computers to
have a valid PKI client certificate for client authentication, select Allow intranet and
Internet connections.
Select the Allow mobile devices to use this management point check box, and then close the
dialog box.
Results: After this exercise, you should have issued the Configuration Manager certificates and configured
HTTPS communication for Configuration Manager roles.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-A, and then click Revert.
Modu
ule Reviiew and
d Takeaw
ways
Review
R Quesstions
1.. What site syystem roles ca
an you configu
ure during setu
up of a stand-aalone primary site?
Tools
Th
he tools in the
e following tab
ble are useful during
d the Con
nfiguration Maanager 2012 deployment pro
ocess.
Tool
T Use for Whe
ere to find it
Prerequisite Checker
C Validatinng the prerequ
uisites for the On the installation
n media
Configuration Manageer site server aand
roles insstallation
Setup Downlo
oader Downloa
ading the clien
nt prerequisitees On the installation
n media
Configuration
n Manager Tra
ace Viewing the logs in ann interactive m
mode, On the installation
n media
searchin
ng and filtering
g
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
3-1
Module 3
Planning and Configuring Role-Based Administration
Contents:
Lesson 1: Overview of Role-Based Administration 3-3
Module Overrview
Microsoft Systemm Center 2012 Configuration n Manager imp plements a mo odern security model based on
adm
ministrative roles. You can usse these roles to
t help define security perm ponding to your
missions corresp
anization-speccific roles and responsibilities.
orga
Thiss module prese ents role-based administration concepts aand how you can use securityy roles, securitty
scoppes, and collecctions to define access permissions for you
ur administratiive users.
Create new se
ecurity roles an
nd configure scopes
s in Conffiguration Man
nager 2012.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 2012 Configuration Mannager 3-3
Lesson
n1
Overv
view of Role-Based Ad
dministration
Different organizations IT departments havve various rolee and responsib bility structure
es. For this reasson, it is
diifficult to creatte a security model
m that wou
uld work for th
he majority of organizations.
In
nstead of impoosing a rigid seecurity model, Configuration n Manager 201 12 provides a fflexible securitty
framework base ed on roles, sco opes, and colleections, which can be custommized for orgaanizations nee eds.
Th uilt-in security roles that include permissio ns for executin
here are 14 bu ng typical taskks; however, yo
ou can
crreate custom security
s roles and
a limit the sccope of securitty role assignm
ments to tailorr how administtrative
peermissions are
e assigned with hin your Config guration Manaager 2012 imp plementation.
In
n this lesson, yo
ou will examin
ne security models and built--in security rolles.
After completin
ng this lesson, you
y will be able to:
ole-based administration.
Explain the benefits of ro
Describe th
he functionalityy of security ro
oles.
Describe Co
onfiguration Managers
M builtt-in roles.
Describe se
ecurity scopes.
Describe co
ollections.
Describe planning role-based administration.
MCT USE ONLY. STUDENT USE PROHIBITED
3-4 Planning annd Configuring Role--Based Administratioon
Benefits of Role-Based
R d Administtration
Sites in Configuration Manager 2012 are not security bound daries as they were in previo
ous versions.
Because administrative scopes area not limited
d by site, you ccan assign permmissions to ad
dministrative users
to manage
m objectts across the hierarchy.
Youu can easily implement securrity manageme ent concepts s uch as Segrega ation of Dutiess, which is inte
ended
to prevent
p a single person from
m executing a critical
c processs from beginni ng to end. Forr example, the e
persson who has th n Author role iss allowed to crreate the application and a d
he Application different perso on
whoo has the Application Deployyment Manage er role is allow
wed to perform
m the actual de eployment.
Admministrative use
ers do not obttain permissionns directly butt through theirr assigned secu urity roles and the
secu
urity scopes th
he user is assigned to. The prrocess of auditting administraative actions iss simplified be
ecause
you can track permissions throu ugh roles and scopes
s insteadd of tracking p
permissions thrrough each
individual user.
In th
he Configuratiion Manager console,
c adminnistrative userss can see only the objects they have
permmissions to ma
anage, thus reducing the risk
k of unauthoriized use.
Security Ro
oles
Fo
or example, the Application Administratorr role has a cum mulative set off permissions tthat define its security
ro
ole. This role co
onsists of a sett of individual permissions to
o manage a vaariety of objeccts, including thhe
fo
ollowing permissions for app plication objects:
Approve
Create
Delete
Modify
Modify Fold
der
Move Object
Read
port
Modify Rep
Set Securityy Scope
ou can use sco
Yo opes and collecctions to limit administrativee users access to individual object instancces
ecause the roles themselves do not specifyy user permisssions for individual objects.
be
Configuration Manager
M includ
des 14 built-in ons for executing typical tasks on
n roles that incclude permissio
diifferent types of
o objects.
Question: What
W are security roles?
MCT USE ONLY. STUDENT USE PROHIBITED
3-6 Planning annd Configuring Role--Based Administratioon
Built-in Role
es
Con
nfiguration Ma anager include
es the 14 built--in security rolees listed in thee following tab
ble. Each role g
gives
speccific permissions to an administrative user to perform acctions on certaain types of ob bjects.
Ro
ole Pe
ermissions
Application Thhe Application Administratorr role grants p ermissions to perform both the
Administrator Application Dep ployment Man nager role and the Applicatio on Author role e.
Ad dministrative users
u associateed with this ro le also can maanage queries, view
sitte settings, ma
anage collectio er device affiniity.
ons, and edit ssettings for use
Application Autthor Th
he Application Author role g rants permissions to create, modify, and rretire
ap
pplications. Ad
dministrative u
users associate d with this role also can man
nage
ap
pplications and
d packages.
Application Dep
ployment Th
he Application Deployment M Manager role g grants permisssions to deployy
Manager
M ap
pplications. Ad
dministrative u
users associate d with this role can:
View the lisst of applicatio
ons.
Manage de eployments forr applications, alerts, templates packages, and
programs.
(continued)
Role Permissions
Asset Manager The Asset Manager role grants permissions to manage the Asset Intelligence
Synchronization Point, Asset Intelligence reporting classes, software
inventory, hardware inventory, and metering rules.
Compliance Settings The Compliance Settings Manager role grants permissions to define and
Manager monitor Compliance Settings. Administrative users associated with this role
can create, modify, and delete configuration items and baselines. They also
can deploy configuration baselines to collections, initiate compliance
evaluation, and initiate remediation for non-compliant computers.
Endpoint Protection The Endpoint Protection Manager role grants permissions to define and
Manager monitor security policies. Administrative Users associated with this role can
create, modify and delete Endpoint Protection policies. They also can deploy
Endpoint Protection policies to collections, create and modify Alerts, and
monitor Endpoint Protection status.
Full Administrator The Full Administrator role grants all permissions in Configuration Manager
2012. The administrative user who creates a new Configuration Manager
installation is associated with this security role, all scopes, and all collections.
You must always have at least one Full Administrator. For this reason,
Configuration Manager 2012 does not allow you to delete the last Full
Administrator account.
Operating System The Operating System Deployment Manager role grants permissions to
Deployment Manager create operating system images and deploy them to computers.
Administrative users associated with this role can manage operating system
installation packages and images, task sequences, drivers, boot images, and
state migration settings.
Operations The Operations Administrator role grants permissions for all actions in
Administrator Configuration Manager except for the permissions required to manage
security, which includes managing administrative users, security roles, and
security scopes.
Read-only Analyst The Read-only Analyst role grants permissions to view all Configuration
Manager objects.
Remote Tools Operator The Remote Tools Operator role grants permissions to run and audit the
remote administration tools that help users resolve computer issues.
Administrative users associated with this role can run Remote Control,
Remote Assistance, and Remote Desktop from the Configuration Manager
console. In addition, they can run the Out Of Band Management console
and configure AMT power control options.
MCT USE ONLY. STUDENT USE PROHIBITED
3-8 Planning and Configuring Role-Based Administration
(continued)
Role Permissions
Security Administrator The Security Administrator role grants permissions to add and remove
administrative users and to associate administrative users with security roles,
collections, and security scopes. In addition, administrative users associated
with this role can create, modify, and delete security roles and their assigned
security scopes and collections.
Software Update The Software Update Manager role grants permissions to define and deploy
Manager software updates. Administrative users associated with this role can manage
software update groups, deployments, and deployment templates. They also
can enable software updates for Network Access Protection (NAP).
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 2012 Configuration Mannager 3-9
Security Scopes
A security scope
e does not pro ovide permissioons to the objeects that it con
ntains; it only g
groups the obbjects
to
ogether. Adminnistrative userss will receive permissions
p to the objects froom the associaated security rroles
when
w the securiity scope is asssigned to themm. The securityy scopes are ussed to limit thee instances of objects
on
n which the addministrative user
u he security roles.
can perforrm the actionss specified in th
To
o avoid circula
ar references, security
s scopess cannot be neested. In otherr words, a secu
urity scope can
nnot
co
ontain anotherr security scop
pe, just individu
ual objects. Ho
owever, you caan associate ann object with m
multiple
se
ecurity scopes.
Configuration Manager
M 2012 includes the following
f builtt-in security sc opes: All and D
Default.
All is a builtt-in security sccope that conttains all securaable objects. A Configuration
n Manager
administrattor associated with the All se ecurity scope w permissions of their role, or roles, for
will have the p
every objecct in the Config guration Mana ager environm ment. This security scope cannot be change ed or
deleted.
Desktop applications. This scope contains applications that can be installed on desktop computers.
Server applications. This scope contains applications that can be installed on servers.
Using these scopes, you can limit administrative access for desktop applications only to desktop
administrators and limit access for server applications only for server administrators, thus preventing the
installation of applications on wrong systems.
There are a few objects that cannot be assigned in any scopes and have their security defined by the
various roles.
Modifiable security scope Included with a site scope Only affected by roles
Note Computer and user objects are not assigned to scopes. Collections are used to limit
administrative permissions to sets of computer or user objects. However, collection objects
can be assigned to scopes.
Collections
C s
Se
ecurity for user and compute
er objects is im
mplemented seeparately from m other securab ble objects in
Configuration Manager
M 2012 by using colleections. Adminnistrative userss must have co ollections assigned to
th
hem to be ablee to manage th
he user or devvice objects inccluded in thosee collections.
Membership
M in each collectio
on is determine
ed by the colleection rules. Th
here are four ccollection rule types:
Direct. Mem
mbers are speccified directly.
Exclude. Me
embers are determined by specifying mem
mbers of otherr collections to
o exclude.
If an administra
ative user is asssigned to eithe
er of the followwing built-in reead-only root collections, th
hey have
addministrative rights
r to all use
ers and devicees in the hierarrchy:
All Users an
nd User Groupss. This collectio
on contains al l discovered users and user groups.
Fo
or example, co
onsider the folllowing scenariio:
You assign only the Toronto-based collections to a user. When the user opens the Configuration Manager
console, the following are visible:
Planning
P Role-Based Administrration
When
W planning security configuration, conssider the follow
wing factors:
Security sco
opes control th
he Configuration Manager o
objects the adm
ministrative usser is allowed tto
administer.
Collections control the ussers and device
es that an adm
ministrative useer is allowed to
o manage.
Scenario: Yo
ou are managing a remote location
l with l ocal administrrative users wh
ho:
Need to
t be able to deploy
d applicattions, create co
ollections for ttheir users and
d devices, and run
queriess and reports about
a their use
ers.
Should
d not be able to manage softtware updatess for their locattion.
Need to
t be limited to
o managing users and devicces in their locaation.
MCT USE ONLY. STUDENT USE PROHIBITED
3-14 Planning and Configuring Role-Based Administration
Disscussion: Planning
P Role-Based
R d Administtration
Con
nsider the follo
owing scenario
o: You are the administrator
a for Contoso Lttd. You need tto plan for
adm
ministrative permissions for application
a adm
ministrators baased in New Y
York and Toron nto.
New
w York application administrrators should be
b able to:
Toro
onto applicatio
on administrattors should be
e able to:
You
u need to plan for security ro
oles, security sccopes, and col lections. Assum
me that corressponding security
groups in AD DS are
a already cre eated.
Se
ecurity group Securitty role Security scop
pe(s) C
Collections
New
N York Admins
To
oronto Admins
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 3-15
Lesson
n2
Identifying IT Roles in Your Organ
nization
n
Organizations
O can
c have a variiety of IT depa artment structu
ures with diverrse sets of role
es and responssibilities.
Ro
ole-based admministration is designed
d to acccommodate vvarious securitty models used d by organizattions.
After completin
ng this lesson, you
y will be able to:
Describe a typical IT depa
artments struccture.
Identify IT roles
r and respo
onsibilities.
ministrative scopes.
Identify adm
Identify the
e need for custtom collection
ns.
Identify the
e need for add
ditional roles.
Discuss identifying roles, activities, and scopes.
MCT USE ONLY. STUDENT USE PROHIBITED
3-16 Planning and Configuring Role-Based Administration
Ide
entifying an
a IT Depa
artments Structure
S
For example, IT ro
oles might include (but are not
n limited to) the following::
Id
dentifying Job Roless and Resp
ponsibilitiees
Th
he primary question you sho ould answer when you are d etermining the roles and ressponsibilities in your
orrganization is: What tasks do
d you want yoour administraative users to p
perform?
After identifying
g the job roless in your IT org
ganization, you
u need to deteermine how th he built-in roles in
Configuration Manager
M map to the specificc tasks performmed by each jo ob role in yourr organization. These
ta
asks might relaate to one or more
m groups of
o managemen nt activities, inccluding the folllowing:
Configuring
g sites and seccurity
Auditing
Analyzing the
t inventory data
d and creatting reports
When
W designing
g your model of security role
es you must:
Discover an
ny internal pro
ocesses that miight affect actiions that each role needs. To
o do this, you can
adapt the security
s model to comply witth your processses or use thee Configuration Manager
implementa ation as an op
pportunity to re
e-engineer an d rationalize yyour internal p
processes.
Question: What
W is the ne
ext step after id
dentifying the roles in your o
organization?
MCT USE ONLY. STUDENT USE PROHIBITED
3-18 Planning and Configuring Role-Based Administration
Ide
entifying Administra
A ative Scope
es
The size of th
he organization
n.
How resource
es are manage
ed.
o administrative teams.
The number of
Som
me small-to-me edium organizzations may de pes. Administraative users then
ecide not to crreate any scop
have access to all objects, dependent only on the permissio ons included in
n the associate
ed roles. This iss
morre important inn single primary site implem
mentation scen arios than in m
multiple-site hierarchies.
To determine
d whe
ether you need
d to use securiity scopes in y our organizatiion, first determine whether you
need to:
Specify which
h administrativve users will ma
anage individu
ual instances o
of objects.
Id
dentifying the Need
d for Custo
om Collecttions
Yo
ou can use cusstom collection
ns to limit adm
ministrative acccess to specificc instances of user and devicce
ob
bjects. When you
y determine e which custom m collections to
o create, consiider which use er and computter
re
esources each administrative
e user should manage.
m
When
W determin ning the custom y need to crreate to limit aadministrative scope, you can
m collections you
id
dentify existing
g segmentationn criteria for your organizatiions users and
d devices, inclu
uding the follo
owing:
Your corpo
orations intern
nal structure su
uch as departm
ments
Users and devices
d in the same
s geograp
phic area as yo
our organizatio
on
Unique cha
aracteristics of managed devvices or users
Groups with special securrity requirements
If different adm
ministrative users need to manage users an d devices in eaach of these se
egments, then
n you
sh
hould create cuustom collections.
Ma
apping to Existing Built-in Rolles in Conffiguration Manager
To better
b adapt thhe Configuration Manager security model to your organ nization, comp pare the job ro
oles
and responsibilitie anization with the built-in Co
es in your orga onfiguration MManager securrity roles and tthen
t match the IT functions with the Configu
try to uration Manag ger security rolles as closely aas possible.
If so
ome administra ative users perrform tasks thaat are defined in multiple seecurity roles in Configuration n
Man nager, you shoould directly asssign these mu ultiple securityy roles to thesee administrativve users, ratherr than
creaate a new secuurity role that combines
c all th
he tasks. When n you create a new security role that comb bines
all the tasks, you run
r the risk of giving some administrative
a users addition nal permissions to perform ttasks
thatt they should not
n have.
Using one bu
uilt-in role for users
u and limitt users access to objects by using scopes o
or collections.
For example, you might try to map the typical IT department to the build in security roles in Configuration
Manager, as described in the following table.
Note In some organizations, tasks performed by the Endpoint Protection Manager role
might be performed by a Desktop Administrator, while in other organizations, they might
be performed by a Security Administrator.
Question: Which job role in your organization is performing the tasks specified by the
Endpoint Protection Manager role?
MCT USE ONLY. STUDENT USE PROHIBITED
3-22 Planning and Configuring Role-Based Administration
Ide
entifying the
t Need for
f Additio
onal Roles
In most
m cases, orgganizations security role nee
eds are satisfieed by the built--in security roles included in
n
Connfiguration Ma anager. You might need to create new sec urity roles wheen the tasks pe erformed by thhe
role
es you identifie
ed in your orgaanization do not
n map to thee actions includ ded in the built-in security roles.
Youu do not need to create new security roles if you need on nly to limit acccess for some administrative
e users
to specific resourcces. Instead, yo
ou can create custom
c scopess and custom collections to satisfy that neeed.
Discussion:
D Planning for Custom Roles, SScopes, and
d Collectio
ons
Consider the following scenarrio: You are the administrato or for Contoso
o Ltd. You need
d to plan for custom
ro nd collections for the administrative users based in New
oles, scopes, an w York and Toronto.
Th
he administrattive users base
ed in New York
k must be ablee to:
Manage an
nti-malware protection on se
ervers and deskktops in all loccations.
Manage co
ontent on the distribution
d po
oints in all locaations.
Th
he administrattive users base
ed in Toronto must
m be able tto:
Custom role(s):
Custom scope(s):
Custom collection(s):
Toronto Admins
Review Questions
Question: When would you need to create custom roles?
Question: When would you need to create custom scopes in a Configuration Manager implementation?
Question: When would you need to create custom collections in a Configuration Manager
implementation?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 3-25
Lesson
n3
Configuring Role-Based Ad
dministration
Th
his lesson exam
mines the proccess used to crreate custom ssecurity roles aand scopes. Ad
dditionally, thiss lesson
co
overs how to associate
a administrative userrs with roles, sccopes, and col lections.
After completin
ng this lesson, you
y will be able to:
Describe th
he process for creating
c om security rol es.
custo
Describe th
he process for creating
c custo
om security sco
opes.
Describe th
he process for adding
a administrative users to the securityy roles.
MCT USE ONLY. STUDENT USE PROHIBITED
3-26 Planning and Configuring Role-Based Administration
Cre
eating Cusstom Security Roles
To create
c a customm security rolee in System Ceenter 2012 Connfiguration Maanager, you must make a co opy of
an existing
e role th
hat is the close
est match to yo
our desired sett of actions an
nd then modifyy the copy to m
meet
your specific requuirements.
To create
c a custom
m security role
e, perform the following step
ps:
You
u can export yoour custom seccurity role connfigurations byy clicking the E
Export Securitty Role button
n on
the ribbon. The ro a an XML file tthat you can import into another Configuration
ole definition is then saved as
Mannager 2012 ennvironment or use to restore permissions aafter a site reco overy.
Question: Ho
ow can you cre
eate a custom security role?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 3-27
Creating
C Cu
ustom Seccurity Scop
pes
Create
C a Custom Securitty Scope
To
o create a custtom security sccope in Config
guration Manaager 2012, perfform the follow
wing steps:
2.. gation pane, expand the Seccurity node, a nd then click tthe Security R
In the navig Roles node.
Associate
A Ob
bjects with the
t Scope
After you create
e the custom security
s scope, you can assocciate objects w
with the scope by selecting tthe
ob
bjects and pre
essing the Set Security
S Scop
pe button on t he ribbon.
Ad
dding Adm
ministrative
e Users
To add
a an administrative user or
o group:
3. On the ribbon
n, click the Ad
dd User or Gro
oup button.
4. Next to the User
U he Browse bu tton to select the user or group from the
or group name, click th
Active Directo
ory Domain Seervices (AD DS).
5. To associate one
o or more Configuration
C Manager
M roless with the adm
ministrative use
er or group, un
nder
Assigned seccurity roles, click the Add button.
b
6. In the Assign
ned security scopes and co
ollections areaa, select one off the following
g options:
All instances of the objects that arre related to tthe assigned security roless. This option
associate
es the administtrative user witth:
The All
A security sco
ope.
Only the instances of objects that are assigned to the specified security scopes or
collections. You can use this option to associate individual scopes and collections with the
administrative user or group.
A good working procedure is to use groups when you need to assign the same security roles, scopes, and
collections to multiple administrative users rather than individually adding each administrative user to a
role.
All objects in Configuration Manager are associated by default with the All built-in security scope.
Administrative users that are associated with this scope are able to manage all objects in Configuration
Manager, limited only by the permissions assigned to the associated security roles.
You can limit administrative users access to specific instances of objects by removing the All scope and
adding more specific scopes.
Similarly, if you want to limit administrative users access to specific user and group resources, you must
remove the All Systems and All Users and User Groups collections from the list and add more restrictive
collections.
Question: How do administrative users obtain permissions to individual instances of objects
in Configuration Manager?
MCT USE ONLY. STUDENT USE PROHIBITED
3-30 Planning and Configuring Role-Based Administration
De
emonstration: Creating New Roles and SScopes
In th
his demonstration, you will see
s how to cre
eate a custom security role aand a custom ssecurity scope..
Dem
monstration
n Steps
Create a new cusstom security
y role
1. In the Configuration Manag
ger console, in
n the Administtration worksspace, under th
he Security no
ode,
select Securitty Roles.
In the Na
ame box, type
e a name for th
he new custom
m security role..
Under Peermissions, exxpand each no ode to display tthe existing peermission settiings, click the drop-
down listt next to the se
etting, and the
en select eithe r Yes or No.
3. In the Create
e Security Scope dialog boxx, type a name for the new seecurity scope.
Lab: Planning
P g and Configu
C ring Ro
ole-Base
ed Adm
ministrattion
Lab Setup
Fo
or this lab, you
u will use the available
a virtua
al machine envvironment. Beffore you begin
n the lab, you must
co
omplete the fo ollowing steps::
User na
ame: Adminisstrator
Passwo
ord: Pa$$w0rd
d
Domain: Contoso
Scenario
Yoou are the network administtrator for Conttoso, Ltd. Conttoso wants to deploy System m Center 2012
Configuration Manager.
M Theyy need to evalu
uate the functiionality firs, so
o they decide tto perform a P
Proof-of-
Concept in the lab environme ent. The Proof--of-Concept d deployment is limited to a staand-alone prim mary
sitte. You need to
t evaluate the
e role-based addministration features by peerforming the following taskks:
2. In the Configuration Manager console, in the Administration workspace, expand the Security node,
and then select the Security Roles node.
3. Review the list of roles available in the results pane. Note that there are 14 built-in roles.
4. Under the Security Scopes node, review the list of scopes available in the results pane. Note there
are two built-in scopes: All and Default.
5. Under the Administrative Users node, select CONTOSO\Administrator and review the information
presented in the preview pane. By default, the user who performed the Configuration Manager setup
is assigned the Full Administrator role, the All security scope, and the All Systems and All Users
and User Groups collections.
On the Permissions tab, examine the permissions associated with this role. Expand each category
and review the individual permissions. Note that you cannot modify the permissions for built-in
roles.
Results: By the end of this exercise, you should have reviewed the built-in roles, including their associated
permissions, and the built-in security scopes.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 3-33
1. Create a new user and group for application administrators, and add the user to the group.
5. Add the new group of administrative users, and assign a custom role and a custom scope.
X Task 1: Create a new user and group for application administrators and add the user
to the group
1. On NYC-DC1, start the Active Directory Users and Computers console.
2. In the Active Directory Users and Computers console, create a new user in the Users container, with
the following attributes:
First name and User logon name: NewYorkAdmin
3. In the Active Directory Users and Computers console, create a new group in the Users container,
named New York Application Admins.
4. Access the properties of the New York Application Admins group, and add the NewYorkAdmin
user account as a member.
X Task 2: Create a custom scope for the New York application administrators
1. On NYC-CFG, in the Configuration Manager console, in the Administration workspace, expand the
Security node, and then select Security Scopes node.
2. On the ribbon, click Create Security Scope, and then create a security scope named New York.
3. Under the Distribution Points node, select \\NYC-CFG.Contoso.com, and then on the ribbon, click
Set Security Scopes.
Note Do not remove the Default scope from the distribution point.
MCT USE ONLY. STUDENT USE PROHIBITED
3-34 Planning and Configuring Role-Based Administration
2. On the ribbon, click Create Device Collection. The Create Device Collection Wizard starts. Create a
device collection with the following attributes:
Name: New York Servers
Limiting collection: All Systems
Create a Direct Rule and search for System Resources with the name like NYC%.
Select NYC-CFG as a direct member.
3. In the Copy Security Role dialog box, use the following settings to create a new role:
In the Permissions box, configure the following permissions by expanding each permission
group and selecting Yes next to each individual permission:
X Task 5: Add a new group of administrative users, and assign a custom role and a
custom scope
1. In the Configuration Manager console, under the Security node, select the Administrative Users
node.
2. On the ribbon, click Add User or Group. Use the following information to configure the new
administrative group:
Verify that the Only the instances of objects that are assigned to the specified scopes or
collections option is selected.
3. In the Configuration Manager console, select the Contoso\New York Application Admins, and then
review the information from the preview pane.
Note The users added to the New York Application Admins group will have access to only
the Configuration Manager objects associated with the New York scope and resources in
the New York Servers collection.
Results: By the end of this exercise, you should have created a custom security scope, a custom collection,
and a custom security role.
MCT USE ONLY. STUDENT USE PROHIBITED
3-36 Planning and Configuring Role-Based Administration
1. Start the Configuration Manager console by using the application administrator account.
2. Use NewYorkAdmin with the password of Pa$$w0rd as credentials for the Configuration Manager
console.
2. Under the Devices node, verify that you can see only the resources associated to your collection.
3. In the Administration workspace, under the Distribution Points node, verify that you can see the
\\NYC-CFG.Contoso.com server.
4. Under the Security node, verify that you do not have access to Administrative Users, the Security
Roles, or the Security Scopes nodes.
5. Close the Configuration Manager console.
Results: By the end of this exercise, you should have tested the new role permissions.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-B, and then click Revert.
Modu
ule Reviiew and
d Takeaw
ways
Review
R Quesstions
1.. Which builtt-in role allowss administrativve users to perrform softwaree updates?
Module 4
Planning and Deploying a Multiple-Site Hierarchy
Contents:
Lesson 1: Planning a Configuration Manager 2012 Multiple-Site Hierarchy 4-3
Module Overrview
Youu can implement System Cen nter 2012 Conffiguration Man nager in a mulltiple-site hieraarchy to
accoommodate req quirements succh as larger nu
umbers of clien
nts, distributed
d administrativve teams, or re
egula
tion
ns on the distribution of conttent.
In th
his module, yoou will review the
t criteria forr installing a m
multiple-site hieerarchy as well as learn abou
ut the
t central administration site. You will alsso perform an installation off a multiple-sitte
characteristics of the
hierrarchy includin
ng the central administration
a n site, multiplee primary sites,, and a seconddary site.
Install a prima
ary site in an existing
e hierarcchy.
Install a secon
ndary site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 2012 Configuration Mannager 4-3
Lesson
n1
Plann
ning a Configu
C ration Manage
M er 2012 Multip
ple-Site
Hierarchy
In
n this lesson yo
ou will review the
t types of sittes that can bee implemented
d in Configuraation Managerr by
exxamining:
Yo
ou will examin
ne the criteria used
u to decide
e whether to im
mplement a m
multiple-site hie
erarchy.
After completin
ng this lesson, you
y will be able to:
Describe th
he new Configu
uration Manag
ger 2012 hieraarchy model.
Describe thhe functionalityy of Configuration Manager 2012 sites inccluding the cen
ntral administrration
site, primarry sites, and secondary sites.
Ov
verview of the Config
guration Manager
M 2
2012 Hieraarchy Model
Global organizatio
ons can have multiple
m adminnistrative team
ms, different ad dministrative re
equirements, aand a
larg
ge number of clients
c distributed across mu
ultiple location s worldwide. TTo accommodate these facto ors,
you can implement Configuration Manager 20122 in a multiiple-site hierarrchy.
The Configuration
n Manager 201
12 hierarchy model
m has onlyy three tiers:
You use the multiple-site hierarchy model to centralize administration. Administrators in the central
administration site can see and manage all the objects in the hierarchy and can configure hierarchy-wide
settings.
The administrators from each primary site can only see and manage only the site data from their primary
site and any secondary sites in their branch of the hierarchy. However, secondary sites do not allow local
connectivity for administrators. Secondary sites are managed through their parent primary site.
When you are implementing a multiple-site hierarchy, you must install the central administration site first.
Existing stand-alone primary sites cannot be joined to a hierarchy. You must decommission any existing
stand-alone primary sites and then reinstall them under the new hierarchy if you want to manage the
clients in the site as part of a hierarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
4-6 Planning annd Deploying a Multiple-Site Hierarchy
Ov
verview of Configura
ation Mana
ager Sites
Cen
ntral Admin
nistration Site
Install a central ad
dministration site
s if you need
d to:
Manage all sites and objectts in the hierarrchy but also liimit the permiissions of some
e administrativve
users by using
g security roles and scopes.
Primary Site
Install multiple primary sites in a hierarchy if you
y need to:
Increase the number
n of clie
ents that Configuration Manaager 2012 can
n manage.
Secondary Site
Install a secondary site if you need to:
Manage the transfer of client data up the hierarchy across low-bandwidth networks without the
overhead of a primary site.
Manage the transfer of content down the hierarchy across low-bandwidth networks without the
overhead of a primary site.
Installing a central administration site with multiple primary sites does not add fault tolerance to your
hierarchy design. When a primary site fails, the clients assigned to that primary site remain unmanaged
until you restore the primary site. The clients will not fail-over to a different primary site; they are still
assigned to their original primary site.
Similarly, if the central administration site fails, you will not be able to perform centralized administration
or change configuration settings throughout the hierarchy. You need to restore the central administration
site from the backup to resume functionality of the hierarchy.
In Configuration Manager 2012, there is no longer the notion of default management point for a primary
site, as it is the case in Configuration Manager 2007. You can install multiple management points in a
primary site. Also you cannot use Network Load Balancing (NLB) for management points, since clients will
fail-over automatically to any other management point available in the site.
Clients located in secondary sites will only communicate with the management point from that secondary
site, they will not fail-over to any management points located in the parent primary site. This preserves
the intent of using secondary sites to manage the transfer of client data up the hierarchy across low-
bandwidth networks.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 2012 Configuration Mannager 4-9
Alternative
A es to Using
g a Second
dary Site
When
W you have
e clients in rem
mote network locations, you might contem mplate installing a secondaryy site;
hoowever, there are several altternatives to using secondaryy sites that yo u might want to consider. You can
offten remove th
he requiremen nt for another site when you configure a d distribution point in the remoote
ocation or use Windows Bra
lo anchCache.
Secondary Siite
If you want to control
c upward d network trafffic from the cl ients in the re mote location to the primarry site,
yoou need to insstall a secondary site in the remote locatio n. When plann ning for installing a secondaary site,
yoou need to con nsider the follo
owing:
The site dattabase must be co-located on o the secondaary site server.. You can instaall any supportted
Microsoft SQL
S Server ve
ersion. If you do not install SQ
QL Server in a dvance, the Crreate Seconda ary Site
Wizard installs Microsoftt SQL Server Exxpress 2008 R R2.
When insta dary site, the Create Second ary Site Wiza
alling a second ard automaticaally installs a
manageme ent point and distribution
d po
oint on the sitee server.
You can insstall additionall site system ro
oles in a secon
ndary site. The following role
es are supporte
ed:
Distribution point. Yo
ou can install additional
a disttribution pointts in a secondaary site. Each
seconddary site suppoorts up to 250 distribution po oints and each
h distribution ppoint can supp port up
to the same number of clients as supported by t he hardware cconfiguration o of the secondaary site
server, up to a maximmum of 4,000 clients.
MCT USE ONLY. STUDENT USE PROHIBITED
4-10 Planning and Deploying a Multiple-Site Hierarchy
Management point. You can only have a single management point in a secondary site and it
must be installed on the secondary site server.
Software update point. You can install a software update point in a secondary site when you want
to perform patch management in the remote site and data transfer across the network is slow.
State migration point. You can install a state migration point in a secondary site when you want
to perform user state migration during operating system deployment in the remote site and data
transfer across the network is slow.
Distribution Point
Depending on the number of clients and the available bandwidth for the network connection to a remote
site, you may find it more efficient to use a distribution point to support clients instead of a secondary
site. There are several factors that can be used to help make this decision; if any of the following
conditions apply, you may want to consider using a local distribution point:
You want to use multicast to deploy operating systems to computers at the remote location. Multicast
functionality is built into the distribution point role. When planning to use multicast for deployment,
you only need to consider using a distribution point.
You want to stream virtual applications to computers at the remote location. When planning to
stream virtual applications to clients, these applications are streamed from a distribution point.
BranchCache
BranchCache is a feature included in Windows Server 2008 R2 and Windows 7 operating systems. With
BranchCache, you can distribute content using peer-to-peer technology. BranchCache settings are
configured on a deployment type for applications and on the deployment for a package.
At least one distribution point on a Windows Server 2008 R2 computer must be configured in
BranchCache distributed cache mode.
Clients must run one of the following compatible operating systems configured in BranchCache
distributed cache mode:
Windows 7
Considerat
C ions for Im
mplementiing Config
guration M
Manager Sites
When
W deciding what impleme entation scena ario is most ap
ppropriate to yyour organization, you have to take
in
nto account a variety
v of facto
ors. These factoors include thee number and locations of cclients, the plan
nned
addministration approach,
a availability of ban
ndwidth betweeen locations, aand server andd other infrastrructure
lim
mitations.
Sttand-Alone
e Primary Sitte
Th
he stand-alone
e primary site implementatio organization if::
on scenario is most appropriate for your o
Additional
A Secondary Siites
A secondary site
e includes, by default, a man
nagement poin
nt and distribu
ution point. Yo
ou can install
ad
dditional secon
ndary sites to:
Offload the
e client commuunication from m the primary ssite when clien mote location and you
nts are in a rem
need to con o and from thee remote locatiion; however, secondary site
ntrol network traffic both to es do
not increase the number of clients a prrimary site can support.
Provide tierred content ro n secondary si tes that have tthe same pare
outing between ent.
Alternative
A Content
C Management
Yo
ou can use a distribution
d point or BranchC
Cache configurration for a rem
mote site to:
Multiple-Site Hierarchy
Implementing a multiple-site hierarchy is a more complex model to implement due to the additional
servers and roles used. Before deciding to create a multiple-site hierarchy, you need to analyze your
environment and determine whether a stand-alone primary site can meet your requirements.
You have a larger number of clients than can be managed using a stand-alone primary site. A stand-
alone primary site can support up to 100,000 clients, while a multiple-site hierarchy can
accommodate up to 400,000 clients.
You have remote administrative teams that require local administration of their Configuration
Manager environment.
You have a large number of remote locations which you cannot accommodate using a stand-alone
primary site and secondary sites.
Discussion:
D Planning Multiple Configurat
C tion Manaager Sites
Scenario
Yo
ou are an infra
astructure arch
hitect working for Contoso LLtd., an internaational financiaal company wiith
he
eadquarters inn New York, whhich provides financial
f servicces for custom
mers in North AAmerica and Eu urope.
Headquarterss New
N York 550,000 Local Gigaabit
There are in
nternational offfices in Londo
on and Paris w
with a total of 3
30,000 clients.
Contoso wants to implement System Cente
er 2012 Config uration Manag
ger to adminisster its workstaations in
a centralized wa
ay.
MCT USE ONLY. STUDENT USE PROHIBITED
4-14 Planning and Deploying a Multiple-Site Hierarchy
The company datacenter is located in New York and is managed by a team of 40 full-time administrators.
The administrators in New York are providing support for all the locations in North America, including
Toronto. A small datacenter is located in Toronto and administered remotely from New York. The
datacenter for Europe is located in London and has a dedicated team of 15 administrators. They manage
all of the resources in the London and the Paris offices.
You need to choose what hierarchy model to implement. Use the following questions to help you choose
the most appropriate implementation model.
Lesson
n2
Deplo
oying a Configuration
n Manag
ger 201
12 Site
When
W planning for a Configuration Manage er deploymentt, you need to
o take into con
nsideration the
e
upported number of sites, sitte systems and
su d the maximum
m number of ssupported clients. You also nneed to
co
onsider the existing network
k environment and design yoour Configurattion Manager 2012 impleme entation
o accommodatte multiple domains or foressts.
to
When
W deploying g a multiple-site Configuration Manager 22012 hierarchyy, you need to install the site es in a
pecific order, starting with th
sp he central admministration sitee, and continu
uing with primaary sites and
se
econdary sites.. You can instaall additional site systems at any time afterr you install the site servers.
Yo
ou also need to ppropriate setup options wh
t select the ap hen installing tthe sites in an existing hierarrchy,
an
nd use approp
priate resource
es to validate the successful iinstallation.
Describe th
he Configuratio
on Manager se
etup options.
Explain how uccessfully-insttalled site systeem.
w to verify a su
MCT USE ONLY. STUDENT USE PROHIBITED
4-16 Planning and Deploying a Muultiple-Site Hierarchy
Pla
anning a Multiple-Si
M ite Hierarcchy
Cen
ntral Admin
nistration Site
The maximum number of suppo orted clients per
p hierarchy d depends on thee SQL Server e edition in the
centtral administra
ation site, and is independennt of the SQL SServer edition at primary or secondary sitees. A
centtral administra
ation site:
Supports up to
t 25 child primary sites.
Does not support any client management roles. Clientss cannot be as signed to the central
administration site, only to primary sites.
Supports up to ents in the hierrarchy when u sing SQL Serveer Enterprise ffor the site
t 400,000 clie
database.
Supports up to
t 50,000 clien archy when usiing SQL Serverr Standard for the site datab
nts in the hiera base.
The limitation is im
mposed by thee way the site database is paartitioned. If yo
ou install the ccentral
adm
ministration sitee using SQL Se
erver Standardd, and then uppgrade the edittion of SQL Se erver to Enterp
prise,
the database does not repartitioon and this lim
mitation remainns in effect.
Primary Sites
Prim
mary sites are used
u to manag ge clients. Eachh primary site can accommo odate up to 50 0.000 or 100,00 00
clien
nts, dependingg on whether the
t SQL Serverr is co-located d on the site seerver or is instaalled on a sepaarate
commputer. Howevver, the numbe er of clients supported in a pprimary site is still limited to 50,000 if the
ation site uses SQL Server Sta
centtral administra andard Editionn. A primary site:
Supports up to
t 250 secondary sites.
Supports up to
t 250 distribuution points. Ea
ach distributio
on point can su
upport up to 4
4,000 clients,
depending onn the type of content
c you arre distributing..
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-17
Supports a combined total of up to 5,000 distribution points. This total includes all the distribution
points at the primary site and all distribution points that belong to the primary sites child secondary
sites.
Supports up to 10 management points. Each primary site management point can support up to
25,000 computer clients. To support 100,000 clients you must have at least four management points.
When you have more than four management points in a primary site, the supported client count of
the primary site do not increase beyond 100,000. Instead, any additional management points provide
redundancy for communications from clients.
Supports up to 50,000 clients when SQL Server is co-located on the site server.
Supports up to 100,000 clients when SQL Server is installed on a separate computer from the site
server.
Secondary Site
Secondary sites can be used to manage the upward traffic from the clients in a remote location to the
primary site server. A secondary site can also be used to increase the total number of distribution points
that can be installed in a primary site. A secondary site:
Supports up to 250 distribution points. Each distribution point can support up to 4,000 clients,
depending on the type of content you are distributing.
Supports a single management point located on site server.
Supports SQL Server Express 2008 R2 in addition to the other supported SQL versions for the site
database. SQL Server must be installed on the same computer as the secondary site server.
A software update point that is installed on the site server can support up to 25,000 clients.
A software update point that is installed on a computer that is remote from the site server can
support up to 100,000 clients.
Application Catalog Website Point and Application Catalog Web Service Point
Each instance of this site system role supports up to 400,000 clients, providing service for the entire
hierarchy.
You can install multiple instances of the Application Catalog website point at primary sites.
Question: What is the total number of distribution points that can be installed in a primary
site and its child secondary sites?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 4-19
Planning
P fo
or Multiple
e Domainss and Foreests
To support domain comp puters in a trussted forest, yo u can install a child site in a remote forestt that
has a required two-way trust with the forest
f of the paarent site. For example: You can place a
secondary site
s in a differeent forest fromm its primary pparent site if a two-way foresst trust that supports
Kerberos auuthentication exists.
e If you do not have a ttwo-way forestt trust which supports Kerbe eros
authenticattion, then you cannot install a Configuratio on Manager child site in the e remote forestt.
When you publish site infformation to the t clients foreest, clients can
n retrieve site information, suuch as a
list of availa
able managem ment points, fro om their Activ e Directory fo rest rather thaan downloadin ng this
information n from their asssigned manag gement point. The out of ba nd service poiint and the
Application n Catalog web service point cannot
c be insttalled in an un
ntrusted forest;; they can onlyy be
installed in the same fore est as the site server.
s The samme restriction aapplies for the
e site databasee, which
must be insstalled in the same forest as the site serverr.
When you install a site system role in an untrusted forest, you must select the site system option
Require the site server to initiate connections to this site system. This configuration enables
the site server to establish connections to the site system server to transfer data. This prevents the
site system server that is in the untrusted location from initiating contact with the site server that
is inside your trusted network. The connection uses the Site System Installation Account that you
use to install the site system server.
The management point and enrollment point site system roles connect to the site database. By
default, when these site system roles are installed, Configuration Manager configures the
computer account of the new site system server as the connection account and adds the account
to the appropriate SQL Server database role. When you install these site system roles in an
untrusted forest, you must configure the site system role connection account to enable the site
system role to obtain information from the database. If you configure a domain user account for
these connection accounts, ensure that the account has appropriate access to the SQL Server
database at that site:
To support computers in a workgroup, you must manually approve these computers if they use HTTP
client connections to site system roles because Configuration Manager cannot authenticate these
computers by using Kerberos. In addition, you must configure the Network Access Account so that
these computers can retrieve content from distribution points. Because these clients cannot retrieve
site information from Active Directory Domain Services (AD DS), you must provide an alternative
mechanism for them to find management points. You can use DNS publishing, or WINS, or directly
assign a management point.
You can also use Internet-based client management (IBCM) and PKI-issued certificates to manage the
clients in an untrusted forest or clients in a workgroup.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 4-21
Deploying
D a Multiple
e-Site Hierrarchy
Th
he process for deploying a multiple-site
m hierarchy includ
des the followiing steps.
Deploying
D th
he Central Administrat
A ion Site
Extend the Active Directo
ory schema. Yo ou need to deccide whether yyou will extend
d the Active Directory
schema to enable site serrvers and site systems
s to pub
blish informatiion into AD DSS.
Install Conffiguration Man nager 2012 as a central adm inistration sitee. Install the ce
entral administtration
site first, be
efore installing
g any sites thatt are to join th e hierarchy.
Deploying
D Primary Sitess
Install Conffiguration Mannager 2012 as a primary site in the existing g hierarchy. Ruun Setup for in
nstalling
Configuratiion Manager 2012
2 and selecct the option to o Install a Co nfiguration MManager prim mary
e site is part off the hierarchyy, and then speecify the centrral administration site
site, indicatte whether the
to be used as a parent sitte.
Deploying
D Se
econdary Siites
Add the priimary site servver computer account
a to thee local Adminisstrators group on the target
secondary site
s server.
When part of a hierarchy, some roles cannot be installed in all sites. The available roles are
discussed later in this module.
For specific roles, only a single instance of the role may be installed. For example, the Asset
Intelligence synchronization point can only have a single instance of the role installed at the
central administration site or at a stand-alone primary site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 4-23
Configurat
C ion Manag
ger 2012 Setup
S Optiions
To
o install a centtral administration site or a primary
p site, yo
ou use the set up program frrom the installation
media.
m The setuup process runs Prerequisite Checker regarrdless of wheth her you have p previously run it. The
se
etup process prompts
p you too run Setup Do ownloader. If SSetup Downloaader was run p previously, youu can
po
oint the Setupp program to the location wh here you down nloaded the filles. After all off the prerequissite
ch
hecks complette and after all the updated components
c ddownload, the System Cente er 2012 Configuration
Manager
M Setup Wizard starts..
Install a Co
onfiguration Manager prim mary site serv ver. Select this option to insttall a primary ssite. You
have the op er to select if iss stand-alone or is part of a hierarchy.
pportunity late
Insstalls a Configu
uration Manag
ger primary sitte.
Usses default insttallation path.
Install a Co
onfiguration Manager central administ ration site. If you are installling a hierarch
hy, the
central admministration site needs to be installed first.
Upgrade an existing Co onfiguration Manager
M 20122 installation. This option aallows you to u
upgrade
the current Configuration
n Manager 201 wer version (s uch as SP1).
12 site to a new
MCT USE ONLY. STUDENT USE PROHIBITED
4-24 Planning and Deploying a Multiple-Site Hierarchy
Recover a site. Use this option to perform the first step in recovering a failed site server. Site server
recovery is covered in detail in Module 7.
Perform site maintenance or reset this site. Use this option to modify the SQL server configuration,
manage SMS Provider, or perform a site reset after restoring the site from a backup.
Uninstall a Configuration Manager site. This is the recommended approach to remove a site server
from a hierarchy.
Note The option to install a secondary site is not available in the Configuration Manager
Setup Wizard. You can install a secondary site by using the Configuration Manager console
that is connected to an existing primary site.
The Configuration Manager 2012 setup differs from the Configuration Manager 2007 setup in the
following ways:
Besides the management point and distribution point site roles, you cannot install any of the optional
roles during the setup process.
Setup Downloader (SetupDL.exe) and Prerequisite Checker (prereqchk.exe) are now separate
applications and can be launched without starting the Configuration Manager Setup Wizard.
Question: Why should you run Prerequisite Checker before running Setup?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 4-25
Verifying
V a Configura
ation Manager 2012
2 Site Instaallation
Yo
ou can perform
m the following actions to ve
erify the Confiiguration Man
nager 2012 insttallation:
2.. Verify that the SMS_EXEC CUTIVE, SMS_S SITE_COMPONNENT_MANAGER, and other Configuration n
Manager se SITE_BACKUP sservice, are staarted in the Se
ervices, exceptt for the SMS_S ervices console
e.
Config
gMgrSetupWiizard.log. Thiss log is genera ted by the Co nfiguration Manager Setup Wizard.
Lesson 3
Deploy
ying the
e Central Administration Site
e
In th
his lesson, you
u will review th
he role of the central
c adminisstration site in
n a multiple-sitte hierarchy.
Afte
er completing this lesson, yo
ou will be able to:
Determine wh
hen to install a central administration site..
Describe how
w to install a ce
entral administtration site.
Describe insta
alling site syste
em roles and configuring
c seccurity roles an
nd scopes in th
he central
administration site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 4-27
What
W Is the
e Central Administra
A ation Site?
Th
he central adm ministration sitee is the top-levvel site in a hieerarchy and is the first site that you install in the
hiierarchy. You can
c use the central administration site to m manage all objjects and perfo orm site manaagement
ta
asks for all sites in the hierarcchy. From the central admin nistration site, yyou can see gllobal data andd site
daata from all prrimary sites in the hierarchy. The central ad dministration ssite is the onlyy place where yyou can
ee this site in a consolidated data view.
se
Th
he central adm
ministration site
e:
Supports only primary sittes as child sitees. You need too specify the ccentral administration site co
ode and
site server during
d the insttallation of a primary
p site in a hierarchy.
gned to it. You need to installl at least one primary site under the centrral
Cannot havve clients assig
administrattion site to manage clients.
Question: What
W data can
n the administrrator see with the console co
onnected at th
he central
administrattion site?
MCT USE ONLY. STUDENT USE PROHIBITED
4-28 Planning and Deploying a Muultiple-Site Hierarchy
De
etermining
g When to Install a Central
C Ad ministratio
on Site
The central addministration site is the onlyy place where yyou can see site data from aall sites. This daata
includes inforrmation such as
a inventory da ata and status messages.
Manage clients. Only primary sites can have clients assigned to them; the central administration site
cannot. Additionally, primary sites support the site system roles related to client management, but the
central administration site does not.
Decentralize administration for a primary site. You can use security roles and scopes to limit
administrative permissions to a subset of objects. The central administration site does not limit the
administrative permissions but instead is used to centralize administration across multiple sites.
Perform content routing. If you are using a stand-alone primary site, you can implement distribution
points or secondary sites to perform content routing.
In the scenario of a merger or acquisition, installing a central administration site will not offer an
advantage over a stand-alone primary site:
If the second organization has Configuration Manager 2007 deployed, you can use the migration
feature to migrate objects to the Configuration manager 2012 hierarchy.
If the second organization has Configuration Manager 2007 deployed, you can use the Export and
Import functionality to copy objects between hierarchies.
Question: Do you need to install a multiple-site hierarchy to manage 150,000 clients?
MCT USE ONLY. STUDENT USE PROHIBITED
4-30 Planning and Deploying a Muultiple-Site Hierarchy
Insstalling the
e Central Administra
A ation Site
Afteer deciding to install a Configguration Mana ager central ad dministration ssite, you must run the setup p
proggram. Since a central administration site does
d not suppo ort clients, there are not man ny decisions too be
mad de during the installation proocess. When planning
p the ceentral adminisstration site, caarefully choosee the
site code and site name because you cannot them t after insttallation witho
out reinstalling
g the site, whicch in
this case would mean
m the reinsttalling the entiire hierarchy.
Wizard
W step In
nput required
Microsoft
M Softw
ware Enter
E the produ
uct key and acccept the license terms in this step to conttinue
License Terms with
w the setup.
Updated Prereq
quisite In
n this step, you
u can downloaad the Configu
uration Managger prerequisites, or
Components you
y can specifyy a folder wherre you have prreviously downnloaded them.
Se
erver Language This
T option allo
ows you to speecify additionaal language paacks to be
Se
election downloaded
d an
nd installed fo r the admin co
onsole and sitee servers.
Client Language
e This
T option allo
ows you to speecify additionaal language paacks to be
election
Se downloaded
d an
nd installed fo r the Configurration Manageer client.
(continued)
Database Information Input the fully qualified domain name (FQDN) of the SQL server, the name
of the Configuration Manager database, and the port to use for SQL Server
Service Broker.
SMS Provider Settings Input the FQDN name of the server that hosts SMS Provider. By default, this
is installed on the site server.
Customer Experience In this step, you can optionally choose to participate in the Customer
Improvement Program Experience Improvement Program.
Configuration
Settings Summary Review your selections to determine whether you need to go back to make
changes.
Prerequisite Check The Configuration Manager Setup Wizard launches Prerequisite Checker to
evaluate the server readiness for hosting the selected roles.
Begin install Select the option to start the installation. Alternatively, you can go back and
make additional changes or install missing prerequisites.
Question: There is no option in the Configuration Manager Setup Wizard to configure site
system roles when installing the central administration site. Why not?
MCT USE ONLY. STUDENT USE PROHIBITED
4-32 Planning and Deploying a Muultiple-Site Hierarchy
Co
onfiguring the Central Adminisstration Site
Afte
er you install th
he central adm
ministration site, you typicallyy perform seveeral configuration steps suchh as
nal site system roles and con
installing addition nfiguring securrity roles and sscopes. When installing site
system roles in the central administration site, you can instaall only the following subset of site system
m
role
es:
Asset Intellige
ence synchron
nization point
Software upd
date point
Note You can install only one Asset Intelligence syn chronization p
point and one Endpoint
Protection point
p in a hiera
archy.
Role
es involved in client manage nnot be installeed in the centrral administrattion site includ
ement that can de:
Application Catalog
C web se
ervice point
Application Catalog
C website point
Distribution point
p
Fallback statu
us point
Managementt point
Enrollment po
oint
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-33
Question: Why would you install the software update point at the central administration
site?
MCT USE ONLY. STUDENT USE PROHIBITED
4-34 Planning and Deploying a Muultiple-Site Hierarchy
Lab
b Setup
For this lab, you will
w use the avaailable virtual machine
m enviro
onment. Beforre you begin the lab, you mu
ust
com
mplete the folloowing steps:
2. In Hyper-V Manager,
M click
k 10748A-NYC
C-DC1-A, and in the Actionss pane, click Sttart.
3. In the Actionss pane, click Connect. Wait until the virtuaal machine staarts.
4. Log on using the following credentials:
User nam
me: Administra
ator
Password
d: Pa$$w0rd
Domain: Contoso
Lab
b Scenario
You
u are a network
k administratoor for Contoso,, Ltd. Contoso wants to deplloy System Cen nter 2012
Connfiguration Ma
anager in a com
mplex hierarch primary sites and a
hy with a centrral administrattion site, two p
seco
ondary site.
You
u need to perfo
orm the installation of the ce
entral administtration site byy:
1. Extending the
e Active Directtory schema.
3. Use Active Directory Users and Computers to create a group for the Configuration Manager servers.
4. Assign Full Control permissions for the System Management container to the group.
2. Browse to drive C, open the ExtADSch.log file created in the root of drive C, and then verify the
success of the operation by observing the classes and attributes added to AD DS and the message
that confirms the successful extension of the schema.
4. Create an object under CN=System with the type container and the value of System Management.
5. In the ADSI Edit console, verify that CN=System Management container appears in the results pane,
and then close the console.
X Task 3: Create a group for the Configuration Manager servers in Active Directory
Users and Computers
1. Start the Active Directory Users and Computers console.
NYC-CAS
NYC-CFG
LON-CFG
TOR-CFG.
MCT USE ONLY. STUDENT USE PROHIBITED
4-36 Planning and Deploying a Multiple-Site Hierarchy
X Task 4: Assign Full Control permissions for the System Management container to
the group
1. In the Active Directory Users and Computers console, from the View menu verify that Advanced
Features is selected.
2. Under the System container, browse to the System Management container and access its
Properties.
3. On the Security tab, assign Full control permission to the ConfigMgrServers group, and then click
Advanced.
4. In the Advanced Security Settings for System Management dialog box, edit the entry for the
ConfigMgrServers group so that the Full control permission applies to This object and all
descendant objects, and then click OK.
Note After the installation, Configuration Manager 2012 site servers publish information
in the System Management container that enables clients to determine the assigned site
and locate the management point.
Results: At the end of this exercise, you should have extended the Active Directory schema, created the
System Management container, and assigned permissions to the group of Configuration Manager servers.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-37
You then will run the Configuration Manager Setup Wizard and select the option to install a central
administration site with the site code CAS on the NYC-CAS.contoso.com server.
2. Run Installation Prerequisite Check and verify that the installation prerequisites are met.
X Task 2: Run Installation Prerequisite Check and verify that the installation
prerequisites are met
1. In the System Center 2012 Configuration Manager Setup screen, select Assess server readiness.
2. In the Installation Prerequisite Check window, verify that there are no errors (you may receive several
warnings), and then click OK.
X Task 3: Run Setup to install a Configuration Manager 2012 central administration site
1. In the System Center 2012 Configuration Manager Setup screen, click Install.
2. The Microsoft System Center 2012 Configuration Manager Setup Wizard starts. Use the
following settings to install a central administration site:
On the Getting Started page, select Install a Configuration Manager central administration
site.
On the Prerequisite Licenses page, under Microsoft SQL Server 2008 R2 Express, select
I accept these License Terms, under Microsoft SQL Server 2008 Native Client, select I accept
these License Terms, under Microsoft Silverlight 4, select I accept these License Terms and
automatic updates of Silverlight, and then click Next.
On the Prerequisite Downloads page, select Use previously downloaded files, and then
specify E:\ConfigMgr2012\Redist as the location.
On the Server Language Selection and Client Language Selection pages, click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
4-38 Planning and Deploying a Multiple-Site Hierarchy
On the Site and Installation Settings page, configure the following options:
On the Customer Experience Improvement Program Configuration page, select I dont want
to join the program at this time.
On the Prerequisite Check page, wait for the prerequisite checking to finish, and then click
Begin Install.
3. Wait for the installation to finish, and then close the Setup Wizard and the System Center 2012
Configuration Manager Setup screen.
Results: At the end of this exercise, you should have installed System Center 2012 Configuration Manager
in the central administration site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-39
2. View the status messages for the Configuration Manager 2012 installation.
2. In the Configuration Manager console, in the Monitoring workspace, under the Site Status node,
view the status of each site system role.
3. Under the Component Status node, view the status of each component.
X Task 2: View the status messages for the Configuration Manager 2012 installation
1. Select the Site Status node, and then, in the results pane, select Site server.
2. On the ribbon, click the Show Messages button, and then click All.
3. In the Status Messages: Set Viewing Period dialog box, accept the defaults, and then click OK.
4. In the Configuration Manager Status Message Viewer, double-click on any message, and then
review the details of the status message. Use the Next and Previous buttons to view additional status
messages, and then close the Status Message Details dialog box.
2. Open the ConfigMgrSetup.log file in Notepad. Review the file, note any errors or warnings reported
by Setup, and then close Notepad.
2. In the results pane, select NYC-CAS.contoso.com, and then review the roles installed on the server.
3. In the results pane, right-click on NYC-CAS.contoso.com, and then select Add Site System Roles.
The Add Site System Roles Wizard starts.
4. On the System Role Selection page, review the roles that can be installed on the site system.
Note The site system roles that are directly related to client management cannot be
installed in the central administration site.
Results: At the end of this exercise, you should have validated the installation of System Center 2012
Configuration Manager.
Lesson
n4
Deplo
oying Primary Sites in a Hieraarchy
After completin
ng this lesson, you
y will be able to:
Describe th
he installation of
o a primary siite in a hierarcchy.
Describe va
arious site insta
allation metho
ods.
Describe th
he configuratio
on of a primaryy site in a hieraarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
4-42 Planning and Deploying a Muultiple-Site Hierarchy
Wh
hat Is a Priimary Site?
A primary site is the middle tierr in a hierarchyy and is requireed to manage clients. You caan use a primaary
site to manage alll objects and perform
p site management
m taasks for the priimary site and any child
secoondary sites asssigned to the primary site. From
F a primaryy site, you can
n see global daata and the sitee data
m the local primary site and the informatio
from on about any cchild secondarry sites in the pprimary sites b
branch
of the hierarchy.
A primary site:
Can be a stan
nd-alone prima
ary site or a member of a hieerarchy.
Is responsible
e for processing all client datta from their aassigned clients.
Uses database replication to
o communicatte to its centraal administratio
on site.
Add
ditionally, when a primary sitte is installed in a hierarchy:
Replication with
w its designa
ated central ad
dministration ssite is configurred automaticaally.
ution point an d managemen
You have the option to insttall the distribu nt point roles d
during site
installation.
Determinin
D ng When to Install a Primary SSite
Yo
ou must install at least one primary
p site in your hierarch y to support cclients. Neitherr the central
ad
dministration site
s nor a seco ondary site cann have client syystems assigneed to them.
Consider adding
g a primary sitte to your hierarchy when yo
ou need to:
e number of clients to mana
Increase the age. Each prim
mary site can su
upport up to 1
100,000 clientss.
Reduce the
e effect of failu
ure from a stan
nd-alone primaary site.
If a prim
mary site fails, all clients assiigned to that ssite cannot be managed unttil the site is re
estored.
Activityy such as invenntory collection on the clientts continues and the results are stored loccally as
usual; however,
h repoorting of this acctivity is delayeed until the sitte is restored.
y have multtiple primary sites in a hierarrchy, a site failure only affectts the clients aassigned
When you
to that primary site.
Configure different client settings. Custom client settings can be configured individually by collection
and are replicated in the entire hierarchy.
Support a different site language. Multiple languages can be configured for the same site.
Perform content routing. You can configure content routing between two distribution points located
in two secondary sites that have the same parent. This reduces the network traffic associated with the
WAN links.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 4-45
In
nstalling a Primary Site
S in a Hiierarchy
In
nstalling a Configuration Manager primaryy site requires ssome addition nal pre-plannin ng before runn ning
Se
etup. Since the
e primary site is
i used to suppport clients, yo
ou should deciide how the clients will conn nect to
th
he primary site
e before perforrming the instaallation. Altho ugh client commmunication ssettings can be e
ch
hanged after innstallation, the
e following can
nnot be chang ged after insta llation withoutt reinstalling the site:
Th
he following taable lists the stteps of the Configuration M anager Setup Wizard when you use it to install a
primary site, and the informattion that you input
i for each step.
Wizard
W step Input require
ed
Getting Starte
ed Choose: Instaall a Configurration Managger primary siite server.
Optionally, yo
ou can check: Use typical in
nstallation op
ptions for a sttand-
alone primary site.
(continued)
Server Language This option allows you to specify additional language packs to be
Selection downloaded and installed for the admin console and site servers.
Client Language This option allows you to specify additional language packs to be
Selection downloaded and installed for the Configuration Manager client.
Site and Installation Configure the site code and site name. These settings cannot be changed
Settings later.
Primary Site Installation If you selected Install a Configuration Manager primary site in the first
step, you can indicate whether the site is stand-alone or a part of the
hierarchy.
Database Information Input the fully qualified domain name (FQDN) of the SQL server, the name
of the Configuration Manager database, and the port to use for the SQL
Server Service Broker.
SMS Provider Settings Input the FQDN name of the server that hosts the SMS Provider. By default,
this is installed on the site server.
Client Computer In this step, you can configure choose one of the following:
Communication Settings All site systems roles accept only HTTPS communication from
clients
Configure the communication method on each site system role
If you choose to separately configure site system roles, you can
check: Clients will use HTTPS when they have a valid PKI
certificate and HTTPS-enabled site roles are available.
Site System Roles In this step, you can choose to install a management point and/or a
distribution point and specify the FQDNs for the roles. By default, both roles
will be installed using the FQDN of the server.
If you choose All site systems roles accept only HTTPS
communication from clients, both roles will be configured for HTTPS
and cannot be modified during Setup.
If you choose Configure the communication method on each site
system role, both roles will be configured for HTTP and cannot be
modified during Setup.
If you choose Configure the communication method on each site
system role, and checked the Clients will use HTTPS when they have
a valid PKI certificate and HTTPS-enabled site roles are available
check boxes, both roles will be configured for HTTPs, and you can
modify them during Setup.
Customer Experience In this step, you can optionally choose to participate in the Customer
Improvement Program Experience Improvement Program.
Configuration
Settings Summary Review your selections to determine whether you need to go back to make
changes.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-47
(continued
Prerequisite Check The Configuration Manager Setup Wizard launches Prerequisite Checker to
evaluate the server readiness for hosting the selected roles.
Begin install Select the option to start the installation. Alternatively, you can go back and
make additional changes or install missing prerequisites.
Question: What is the step in the wizard where you can configure a primary site to become
part of a hierarchy?
MCT USE ONLY. STUDENT USE PROHIBITED
4-48 Planning and Deploying a Muultiple-Site Hierarchy
You
u can perform an unattended d installation for a new prim mary site using a setup comm mand
swittch and an una attended installation .ini file. You can man ually create thhe file or use th
he
%TE EMP%\Config gMgrAutoSav ve.ini file that was generated d during the in
nstallation of a primary site,
suchh as in a test environment.
e You
Y can also crreate the unatttended installaation .ini file b by running the
Con
nfiguration Ma anager 2012 Seetup Wizard until you reach the Prerequisite Check page e. The actual ffile
me does not matter, but it must have an .in
nam ni extension.
To perform
p the un
nattended insttallation, run the following ccommand:
Se
etup /script path\filenam
me.ini
For example, if yo
ou created an installation
i .inii file named In
nstPrimSite.ini and stored it in the root of d
drive
C:, the
t command would be:
Se
etup /script C:\InstPrimS
Site.ini
This example illustrates a typical script used for installing a primary site in a hierarchy:
[Identification]
Action=InstallPrimarySite
[Options]
ProductID=
SiteCode=LON
SiteName=London Primary Site
SMSInstallDir=C:\Program Files\Microsoft Configuration Manager
SDKServer=LON-CFG.CONTOSO.COM
RoleCommunicationProtocol=HTTPorHTTPS
ClientsUsePKICertificate=0
PrerequisiteComp=1
PrerequisitePath= E:\ConfigMgr2012\Redist
ServerLanguages=
ClientLanguages=
MobileDeviceLanguage=0
ManagementPoint=LON-CFG.CONTOSO.COM
ManagementPointProtocol=HTTP
DistributionPoint=LON-CFG.CONTOSO.COM
DistributionPointProtocol=HTTP
DistributionPointInstallIIS=1
AdminConsole=1
[SQLConfigOptions]
SQLServerName=LON-CFG.CONTOSO.COM
DatabaseName=CM_LON
SQLSSBPort=4022
[HierarchyExpansionOption]
CCARSiteServer=NYC-CAS.CONTOSO.COM
MCT USE ONLY. STUDENT USE PROHIBITED
4-50 Planning and Deploying a Muultiple-Site Hierarchy
Co
onfiguring a Primary
y Site
Asset Intellige
ence synchron
nization point. This role is insstalled at the ccentral adminisstration site an
nd
synchronizes the Asset Intelligence catalo
og for the enti re hierarchy.
nd provides the
Endpoint Protection point. This role is insstalled at the ccentral adminisstration site an
configuration
n for Endpoint Protection forr the entire hieerarchy.
A primary site in a hierarchy sup
pports all othe nfiguration Maanager roles available. The
er optional Con
distribution of roles throughoutt your hierarch
hy depends on n your businesss requirements and on the
funcctionality that you need to provide.
p
For example, altho ough you can install multiple reporting po oints in a hieraarchy, only a re
eporting pointt
installed in the central administration site can n provide repo
orts on all objects in the hieraarchy. You theen
migght decide to innstall only a single reporting g point and runn all reports th
hrough the cen ntral administrration
site,, or you mightt decide to insttall a reporting
g point in each
h site so local aadministratorss can locally
man nage reports, both
b for their own
o site and custom
c reportss.
An
A Application Catalog web sservice point p provides appliccation
in
nformation forr one or more Application Caatalog website e
Application Cattalog Site or
o points. Since thhis type of info
ormation is rep plicated as glob bal
web
w service point hierarchy data so all App lication Cataloog web service e points provid de the
ame informatio
sa on, you can innstall this role iin a single site or in
multiple
m sites fo
or load balanc ing.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-51
(continued)
Application Catalog Site or An Application Catalog website point displays global data
website point hierarchy retrieved from an Application Catalog web service point. Since
this is global data all Application Catalog website points
provide the same information, you can install this role in a
single site or in multiple sites for load balancing.
Question: Why would you install a reporting services point in several primary sites and not
just one in the central administration site?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 4-53
Lab B:
B Installling a Primary
P Site in aan Existting Hie
erarchy
La
ab Setup
Fo
or this lab, you
u will use the available
a virtua
al machine envvironment. Beffore you begin
n the lab, you must
co
omplete the fo ollowing steps::
1.. In Hyper-V Manager, verify that 10748
8A-NYC-DC1- A, and 10748A-NYC-CAS-A
A are still runn
ning.
User na
ame: Adminisstrator
Passwo
ord: Pa$$w0rd
d
Domain: Contoso
5.. Repeat step
ps 2 through 4 for 10748A-L
LON-CFG-A.
La
ab Scenario
o
ou are the network administtrator for Conttoso, Ltd. Conttoso wants to deploy System
Yo m Center 2012
Configuration Manager
M in a complex
c hierarrchy with a cen
ntral administrration site, two
o primary sitess, and a
econdary site.
se
Thhe central adm
ministration site
e has been already deployed d. You need to o perform the installation of a
Syystem Center 2012
2 Configurration Manage er primary site in the existing
g hierarchy by::
2. Run Installation Prerequisite Check, and verify that the prerequisites are met.
3. Run the Setup again, and select the option to install a Configuration Manager 2012 primary site in the
existing hierarchy.
2. Double-click splash.hta.
X Task 2: Run Installation Prerequisite Check, and verify that the prerequisites are met
1. In the System Center 2012 Configuration Manager Setup screen, select Assess server readiness.
2. In the Installation Prerequisite Check window, verify that there are no errors (you may receive several
warnings), and then click OK.
X Task 3: Run Setup to install a Configuration Manager 2012 primary site in the
existing hierarchy
1. In the System Center 2012 Configuration Manager Setup screen, click Install.
2. The Microsoft System Center 2012 Configuration Manager Setup Wizard starts. Use the
following settings to install a primary site in the existing hierarchy.
On the Getting Started page, select Install a Configuration Manager primary site.
On the Product Key page, select Install this product as an evaluation, and then click Next.
On the Microsoft Software License Terms page, accept the license terms.
On the Prerequisite Licenses page, under Microsoft SQL Server 2008 R2 Express select I
accept these License Terms, under Microsoft SQL Server 2008 Native Client select I accept
these License Terms, under Microsoft Silverlight 4 select I accept these License Terms and
automatic updates of Silverlight, and then click Next.
On the Prerequisite Downloads page, select Use previously downloaded files, and then
specify the E:\ConfigMgr2012\Redist as the location.
On the Server Language Selection and Client Language Selection pages, click Next.
On the Site and Installation Settings page, configure the following options.
On the Primary Site Installation page, select Join the primary site to an existing hierarchy,
and then type the name of the central administration site server NYC-CAS.Contoso.com.
On the Client Computer Communication Settings page, select Configure the communication
method on each site system role.
On the Site System Roles page, verify that both Install a management point and Install
a distribution point options are selected, and then verify that in both FQDN text boxes,
NYC-CFG.Contoso.com appears.
On the Customer Experience Improvement Program Configuration page, select I dont want
to join the program at this time.
On the Prerequisite Check page, wait for the prerequisite checking to finish, and then click
Begin Install.
3. Wait for the installation to finish, and then close the Setup Wizard and the System Center 2012
Configuration Manager Setup screen.
Results: At the end of this exercise, you should have installed a System Center 2012 Configuration
Manager primary site in an existing hierarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
4-56 Planning and Deploying a Multiple-Site Hierarchy
You need to validate the installation of the System Center 2012 Configuration Manager primary site
installation.
2. In the Configuration Manager console, in the Monitoring workspace, under Site Status node, view
the status of each site system role.
3. Under the Component Status node, view the status of each component.
X Task 2: View the status messages for the Configuration Manager 2012 installation
1. Select the Site Status node, and then, in the results pane, select Site server.
2. On the ribbon, click the Show Messages button, and then click All.
3. In the Status Messages: Set Viewing Period dialog box, accept the defaults, and then click OK.
4. In the Configuration Manager Status Message Viewer, double-click on any message, and then
review the details of the status message. Use the Next and Previous buttons to view additional status
messages, and then close the Status Message Details dialog box.
2. Open the ConfigMgrSetup.log file in Notepad. Review the file, note any errors or warnings reported
by Setup, and then close Notepad.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-57
2. In the results pane, select NYC-CFG.contoso.com, and then in the preview pane, review the roles
installed on the server.
3. In the results pane, right-click on NYC-CFG.contoso.com, and then select Add Site System Roles.
The Add Site System Roles Wizard starts.
4. On the System Role Selection page, review the roles available for install.
Note When you install certain site system roles, including Asset Intelligence
synchronization point, software update point, and Endpoint Protection point, as part of a
hierarchy, you cannot install them in a primary site but have to install them at the central
administration site.
Results: At the end of this exercise, you will have validated the installation of System Center 2012
Configuration Manager 2012.
MCT USE ONLY. STUDENT USE PROHIBITED
4-58 Planning and Deploying a Multiple-Site Hierarchy
2. Run the Setup for Configuration Manager 2012, and use the script option.
2. Review the content of the file, and then close the viewer:
[Identification]
Action=InstallPrimarySite
[Options]
ProductID=EVAL
SiteCode=LON
SiteName=London Primary Site
SMSInstallDir=C:\Program Files\Microsoft Configuration Manager
SDKServer=LON-CFG.CONTOSO.COM
RoleCommunicationProtocol=HTTPorHTTPS
ClientsUsePKICertificate=0
PrerequisiteComp=1
PrerequisitePath=E:\ConfigMgr2012\Redist
MobileDeviceLanguage=0
ManagementPoint=LON-CFG.CONTOSO.COM
ManagementPointProtocol=HTTP
DistributionPoint=LON-CFG.CONTOSO.COM
DistributionPointProtocol=HTTP
DistributionPointInstallIIS=0
AdminConsole=1
JoinCEIP=0
[SQLConfigOptions]
SQLServerName=LON-CFG.CONTOSO.COM
DatabaseName=CM_LON
SQLSSBPort=4022
[HierarchyExpansionOption]
CCARSiteServer=NYC-CAS.CONTOSO.COM
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-59
X Task 2: Run the Setup for Configuration Manager 2012 and use the script option
1. On LON-CFG, open a Command Prompt window.
2. At the command prompt, type the following commands, pressing Enter after each line:
e:
cd ConfigMgr2012\smssetup\bin\X64
setup /script E:\ConfigMgrSetup\ConfigMgrAutoSave_LON.ini
Note The Configuration Manager Setup will run in unattended mode. The installation
process may take up to 30 minutes. You can use Windows Task Manager to keep track of
the progress. When you see CcmExec.exe as a running process, the setup is complete.
Results: At the end of this exercise, you should have installed a System Center 2012 Configuration
Manager primary site in an existing hierarchy using the automated setup method.
Lesson 5
Deploy
ying Secondary
y Sites
If yo
ou have clientss in remote loccations that arre connected t o the primary site servers lo
ocation by loww-
banndwidth netwo m decide to install secondaary sites to maanage the tran
ork links, you may nsfer of client d
data
and deployments. In this lesson, you will revie ew the installattion process fo
or a secondaryy site.
Determine wh
hen you need to install a seccondary site.
What
W Is a Secondary
S Site?
When
W you have
e clients in rem
mote locations and you wantt to manage cl ient-to-server communicatio
on
accross slow netw
work links, you
u have the opttion to install a secondary sitte.
A secondary site
e:
Cannot perrform local adm
ministration ta
asks. A secondaary site does n
not provide connectivity for the
Configuratiion Manager console.
c
Receives a subset
s of glob
bal data from the
t primary sit e using SQL reeplication.
Replicates information
i to
o its primary sitte using file-baased replicatio
on.
Deploys a management
m point
p nt automaticallly that is manaaged from its parent
and a disstribution poin
primary site
e.
Ea
ach primary sitte can supportt up to 250 seccondary sites.
Ea
ach secondaryy site can support communiccations from up p to 2,500 clieents, however, the total number of
clients assigned
d to a primary site even with multiple child
d secondary sittes cannot be more than 100 0,000
clients.
MCT USE ONLY. STUDENT USE PROHIBITED
4-62 Planning and Deploying a Muultiple-Site Hierarchy
De
etermining
g When to Install a Secondary
S Site
You
u should installl a secondary site
s only if you u need to man age the transffer of client daata and
dep
ployments bi-d directionally accross low banddwidth networkks. Managing client data transfer includes
mannaging the dow wnload of policies from the management point to the cclient in additio on to managin ng the
uplo
oad of hardwa are and software inventory and other type s of client-gen nerated data frrom the client to
the management point. Managing the client data transfers for clients witthin the bound daries of a
seco
ondary site is possible
p becauuse the management point in nstalled in thee secondary sitte acts as a pro
oxy for
the management point in the parent
p primary site.
A se
econdary site does
d not proviide local conneectivity for thee Configuration Manage con nsoles. You nee
ed to
mannage the seconndary site by connecting
c witth the console to the parent primary site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 4-63
In
nstalling a Secondarry Site
Se
econdary sites are installed from
f the prima
ary site that w ill be the secondary sites parent. Once installed,
he parent for a secondary sitte cannot be changed witho ut reinstalling the secondaryy site. Before installing
th
th
he secondary site,
s there are a few preparattion steps thatt need to be co ompleted:
Prepare the
e intended seccondary site se
erver with the aappropriate prrerequisites.
The user do
oing the installation requiress:
Local Administrator
A rights
r on the intended secon
ndary site com
mputer.
Local Administrator
A rights
r on the remote
r site dattabase server ffor the primarry site, if it is re
emote.
Infrastrructure Admin
nistrator or Full Administrato
or security role on the parentt primary site.
t account ussed for site to site communiccations. The acccount used fo
Decide on the or site to site
communica ations must haave local admin nt site. By default, the parentt site
nistrator rightss on the paren
computer account
a is used
d.
The following table lists the steps of the Create Secondary Site Wizard, and the information that you input
for each step.
Welcome This page briefly describes the Create Secondary Site Wizard, and lists the
site that will be the parent for this secondary site. There is no input on this
page; however, you should verify the correct parent site is displayed before
continuing.
Site Identity Configure the site code, the FQDN of the intended secondary site server,
the site name, and the installation directory.
Installation Source Files You need to specify where the files will be installed from. You have the
option to copy the files from the parent site to the secondary site, use the
source files from a network location, or use source files that are already
available locally on the secondary site server.
Site to Site The default setting is Use this primary site server computer account. You
communication can specify a different user account.
Boundary Groups You should identify the boundary groups on which this distribution point
will be available.
Configuring
C g a Second
dary Site
A secondary sitee in a hierarchy can support a limited num mber of the opptional configu uration manager roles
th
hat are available. The following table showws the optionall roles that youu can install in
n a secondary ssite and
whether
w they prrovide site only functionalityy or hierarchy--wide function
nality.
A software u
update point ccan be installed
d in a secondaary site
Software update point Site
when data t ransfer across the network is slow.
Question: When
W would you
y install a sta
ate migration point in a seco
ondary site?
MCT USE ONLY. STUDENT USE PROHIBITED
4-66 Planning and Deploying a Muultiple-Site Hierarchy
Lab C: Installing a Se
econdary
y Site
Lab
b Setup
For this lab, you will
w use the avaailable virtual machine
m enviro
onment. Beforre you begin the lab, you mu
ust
com
mplete the folloowing steps:
1. In Hyper-V Manager,
M verifyy that 10748A-NYC-DC1-A, 10748A-NYC
C-CAS-A, and
10748A-NYC C-CFG-A are sttill running.
2. In Hyper-V Manager,
M click 10748A-TOR-
1 -CFG-A, and th
hen in the Acttions pane, clicck Start.
3. If you receive
e a message thhat not enough h memory is avvailable to starrt the virtual m
machine, shut d
down
10748A-LON N-CFG-A if it iss still running.
4. In the Actionss pane, click Connect. Wait until the virtuaal machine staarts.
User nam
me: Administra
ator
Password
d: Pa$$w0rd
Domain: Contoso
Lab
b Scenario
You
u are a network
k administratoor for Contoso,, Ltd. Contoso wants to deplloy System Cen nter 2012
Connfiguration Ma
anager in a com
mplex hierarchhy with a centrral administrattion site, two p
primary sites, aand a
seco
ondary site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-67
Previously, you installed the central administration site and two primary sites. You need to install a
secondary site under existing New York primary site by:
1. Configuring prerequisites.
2. Verify that Web Server (IIS) and related role services are installed.
3. Verify that the BITS and Remote Differential Compression features are installed.
4. Add the primary site server computer account to the local Administrators group.
X Task 2: Verify that Web Server (IIS) and related role services are installed
In the Server Manager console, under the Roles node, scroll to the Web Server (IIS) section, and
then verify that the following features are installed:
ASP.NET
Windows Authentication
X Task 3: Verify that the BITS and Remote Differential Compression features are
installed
In the Server Manager console, under the Features node, verify that the following features are
installed:
X Task 4: Add the primary site server computer account to the local Administrators
group
1. In the Server Manager console, expand Configuration, expand Local Users and Groups, and then
select the Groups node.
2. Add the computer account of the primary site server NYC-CFG to the local Administrators group.
Note During a secondary site installation, SQL Server Express can be installed as part of
the Create Secondary Site Wizard if a SQL instance is not already installed on the server.
Results: At the end of this exercise, you should have validated the prerequisites for installing a System
Center 2012 Configuration Manager secondary site.
MCT USE ONLY. STUDENT USE PROHIBITED
4-70 Planning and Deploying a Multiple-Site Hierarchy
2. In the Configuration Manager console, in the Administration workspace, under Site Configuration,
select the Sites node.
3. In the results pane, select NYC --- New York Primary Site, and then, on the ribbon, click Create
Secondary Site.
4. In the Create Secondary Site Wizard, use the following settings to install a secondary site.
On the General page, configure the following options:
Site code: TOR
Site server name: TOR-CFG.Contoso.com
Site Name: Toronto Secondary Site
On the Installation Source Files page, select the option Copy installation source files over the
network from the parent site server.
On the SQL Server Settings page, select the option Install and configure a local copy of SQL
Server Express on the secondary site computer, and then verify that the following information
is specified:
SQL Server service port: 1433
SQL Server Service Broker Port: 4022
On the Distribution Point page, accept the default settings.
On the Drive Settings page, accept the default settings.
On the Content Validation page, accept the default settings.
On the Boundary Groups page, accept the default settings.
Finalize and close the wizard.
Note When the Create Secondary Site Wizard completes, the installation will continue
in the background on the target server. To validate the installation, verify the installation
logs in the next exercise.
5. In the Configuration Manager console, select TOR --- Toronto Secondary Site, and then, on the
ribbon, click the Show Install Status button. Review the progress of installation actions, click Refresh
to monitor status, and then close the dialog box. It takes approximately 15-20 minutes for installation
to complete.
Results: At the end of this exercise, you should have installed System Center 2012 Configuration Manager
secondary site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 4-71
X Task 2: View the system status for the new secondary site
1. On NYC-CFG, in the Configuration Manager console, in the Monitoring workspace, under Site
Status node, view the status of the site systems for TOR-CFG.
2. Under the Component Status node, view the status of the components for TOR-CFG.
3. Under the Database Replication node, view the status of the replication link between NYC and TOR.
It should show that the link is active.
4. Under the Site Hierarchy node, view the site hierarchy diagram. On the NYC icon, click the plus sign
to view TOR.
Note The secondary site status can be viewed at the parent primary site and at the central
administration site. It may take some time until the installation finishes and the secondary
site status appears in the console.
Results: At the end of this exercise, you should have validated the installation of a System Center 2012
Configuration Manager 2012 secondary site.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-A, and then click Revert.
Modulle Revie
ew and Takeaw
ways
Rev
view Questiions
1. What roles ca
annot be installed in the cen
ntral administraation site?
Too
ols
The tools in the fo
ollowing table are useful durring the Config
guration Manaager deployme
ent process.
To
ool Use Where to find it
Ld
difde.exe As an altern
native method for extending
g Built in W
Windows tool
the Active Directory
D schem
ma
Se
etupDL.exe To pre-dow wnload updated componentss Configuraation Managerr installation m
media
required forr Configuration Manager in the \sm
mssetup\bin\x6
64\ folder
installation
Module 5
Data Replication and Content Management
Contents:
Lesson 1: Introduction to Data Types and Replication 5-3
Module Overrview
In a multiple-site Microsoft Sysstem Center 2012 Configuraation Managerr environment,, data is transfferred
betwween sites to allow
a w data transfer
for centrralized adminisstration and reeporting. Undeerstanding how
worrks helps you monitor
m the daata flow in you
ur Configuratio on Manager hiierarchy and trroubleshoot
repllication issues.
In th
his module, yo
ou will review the
t different tyypes of data trransferred betwween sites, inccluding global data,
site data, and con
ntent. You will also examine where
w data is ccreated and h ow it is replicaated to other ssites
in a Configuration
n Manager hie erarchy. Additio
onally, you willl use the featu
ures in the Con nfiguration
Man nager console to monitor an nd troubleshoo
ot replication.
Lesson
n1
Introd
duction
n to Datta Typess and Re
eplicatiion
Configuration Manager
M 2012 data that is trransferred betwween sites is caategorized in tthree data typpes:
global data, site
e data, and con ntent. Dependding on its typee, some data iss copied to all sites; other daata is
coopied to only some
s sites in the
t hierarchy. By B understand ding each dataa type, where itt is created, ho
ow it is
trransferred, and
d where it is ussed, you can effficiently moniitor and troub
bleshoot Config guration Manaager
in
nter-site comm munication.
In
n this lesson, yo
ou will review where each off these types o each is used in a
of data is creatted and how e
Configuration Manager
M hierarchy.
After completin
ng this lesson, you
y will be able to:
Describe th
he different typ
pes of data use
ed by Configu ration Manageer 2012.
Describe th
he concept of global
g data an
nd how is repliccated through
hout the hierarrchy.
Describe th
he concept of site
s data and how
h is replicateed throughout the hierarchyy.
Describe th
he content type
es and how co
ontent is transfferred between sites and in tthe same site.
MCT USE ONLY. STUDENT USE PROHIBITED
5-4 Data Repliccation and Content Management
M
Ov
verview of Data Type
es
The following table summarizess the three datta types, wheree they are creaated, and the rreplication me
ethods
used
d.
Da
ata type Where
W it is cre
eated Where it iss transferred Rep
plication meth
hod
Global data At the central administration To the cen ntral administrration Daatabase replicaation
site and at priimary sites site and a ll primary sitess. A
subset of global data is
transferreed to secondarry sites
Content At primary sites and at the Distributioon points in th he same File-based transffer
central adminnistration site site or chiild sites in a hi erarchy
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-5
Database Replication
Configuration Manager 2012 database replication is a custom replication method implemented in
Configuration Manager 2012. Traditional replication methods included in SQL Server, such as
transactional replication, are not used in Configuration Manager 2012. You do not need to install
SQL Server replication components.
Configuration Manager database replication uses SQL Server Service Broker to transfer data between
SQL Server databases installed in different sites in a hierarchy.
By default, the Configuration Manager database replication mechanism uses the following ports to
transfer data:
Port 1433 for the SQL Server
Port 4022 for the SQL Server Service Broker
These ports can be changed during site installation in the System Center 2012 Configuration Manager
Setup Wizard.
File-based Replication
File-based replication between Configuration Manager 2012 sites uses the same mechanism as
Configuration Manager 2007 replication, which is based on the Server Message Block (SMB) protocol and
based on senders.
Configuration Manager 2012 secondary sites use file-based replication to transfer site data to their parent
primary site. File-based replication is also used to transfer fallback status point state messages to the
assigned site when only a single fallback status point is in use in a hierarchy and for the initial transfer of
discovery data records to the assigned site.
The following table summarizes data types that are transferred using file-based replication between sites.
Data Destination
Package files used by Sent to distribution points located in primary and secondary sites.
deployments
Secondary site data Sent to the primary site (parent) of the secondary site.
Fallback status point state Forwarded to the assigned site when only a single fallback status
messages point is in use in a hierarchy.
Discovery data records Forwarded to the assigned site when clients are not assigned to the
site that discovered them. The discovery data record is processed
locally at the assigned site, and then the information is replicated
using database replication to other sites in the hierarchy.
Data collected from clients at Transferred via file-based replication to parent primary site.
secondary sites
MCT USE ONLY. STUDENT USE PROHIBITED
5-6 Data Repliccation and Content Management
M
Glo
obal Data
An example
e of glo ollection rules. Collection rulees contain thee membership rules defined by
obal data is co
the administrator for each colle
ection. Collectio
on rules definnitions are repllicated throughout the hieraarchy
and evaluated at each site to deetermine the liist of collection
n members.
In contrast, the lisst of collection members is site data. You ccan see an exp
planation of co
ollection memb
bers
in th
he next topic.
Global data is repplicated automatically from the central adm ministration sitte to all primary sites. A subsset of
globbal data is replicated to secoondary sites. Global data is reeplicated betw ween all primary sites in the
hierrarchy in addittion to the cen
ntral administra ation site. Becaause of this, it is seen in the same way by the
admministrator regardless of the site where an administrator connects with h the Configuration Manage er
console. Using the e example abo ove, a collectio
on definition crreated by an aadministrator aat one of the ssites is
repllicated to and is available in all primary sites in the hieraarchy as well a s the central administration site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-7
Alert rules Alert rules determine when the administrators will be notified for specific
events by specifying the events for which alerts will be raised and for the
recipients who will receive the alerts.
Collection rules Collection rules determine the membership of each collection. Four types
of collection rules exist: direct, query, include, or exclude. The collection
rules are evaluated independently at each primary site.
Package metadata Package metadata contains information about the software and the source
files used in a deployment, platforms on which the software can be
deployed, as well as other information necessary to perform the
deployment.
Program metadata Program metadata contains information about the command line and
parameters used by Configuration Manager to perform a deployment.
Software update Software update deployment definitions contain information about the
deployments objects used in a software update deployment, including the updates to be
deployed, and the collection to which they are deployed.
Software update Software update metadata contains information about the executable files
metadata included in software updates, platforms to which the updates apply, as well
as language and other information about software updates that is useful
for administrators, like the name, date released and sensitivity.
Configuration item Configuration item metadata contain the definition of configuration items
metadata used to determine the compliance of managed systems with configuration
settings defined by the administrator.
Task sequence metadata Task sequence metadata contains the definition of the task sequence as
individual steps that need to be executed.
Site control definition The site control definition in the database contains information about the
site configuration.
Site servers list Site servers list contains the list of servers and corresponding site system
roles installed in each site.
Question: How are collection rules used in a Configuration Manager hierarchy, and how are
they replicated?
MCT USE ONLY. STUDENT USE PROHIBITED
5-8 Data Repliccation and Content Management
M
Site Data
Site data is operattional information automaticcally generateed by Configurration Manage er primary sitess and
by Configuration
C Manager clien nts. After site data
d ginating primary site or secondary
is generatted at the orig
site,, it is replicated
d to the centra
al administration site, but noot replicated too other primarry or secondarry
sitess.
Hardware and sofftware invento ory is generated dded to each primary sites database, and then
d by clients, ad
repllicated to the central
c adminiistration site.
Hardware inven
ntory Harddware invento
ory data is colleected by hardw
ware inventoryy client agentss from
da
ata the Configuration Manager clie nts.
So
oftware inventtory Softtware inventorry and meterin
ng data is colleected by software inventory and
an
nd metering data
d softwware metering
g client agentss from the Con nfiguration Maanager clients.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-9
(continued)
Asset Intelligence data Asset Intelligence data, which contains additional classes and attributes as
compared with the hardware inventory, is collected by the hardware inventory
client agents from Configuration Manager clients.
Status messages and Status messages are generated by site systems and clients to report status
alerts information to the site server. Alerts are generated by the site server when
specific error conditions, configured by administrators, are encountered.
Software distribution Software distribution status details are generated by clients that report the
status details status of a particular deployment.
Component and site Component and site status summarizers aggregate status messages to
status summarizers determine the overall health status of the site systems and components.
Client health data Client health data is determined by Configuration Manager by using
information such as last connection time, hardware inventory, and software
inventory.
Client health history Client health history contains aggregated information about client health. You
can use client health history to obtain reports about client health over a
specific period of time.
Wake On LAN data Wake On LAN data contains the history of all Wake On LAN operations
performed.
Quarantine client Quarantine client restriction history contains the list of clients that are
restriction history restricted by Network Access Protection.
If the Configuration Manager console is connected to a primary site, you will see only the site data that
has originated from that site or any child secondary site. To see site data from all sites and to perform
administration and reporting for the entire hierarchy, use a Configuration Manager console at the central
administration site.
You can modify site data only at the primary site where it was created.
Question: To which site should an administrator connect the console in order to view
hardware inventory from all sites?
MCT USE ONLY. STUDENT USE PROHIBITED
5-10 Data Replication and Content Management
Co
ontent
Conntent is created
d by Configura ation Managerr administratorrs at the centrral administration site or at
prim
mary sites. Conntent is transfe
erred to site servers and distrribution pointss in the hierarcchy according to
distribution settin
ngs that are configured by ad dministrators.
The file-based rep
plication mech hanism that Coonfiguration M
Manager 2007 u
uses to transfe
er content such
h as
packages between n sites is also used
u in Configuration Managger 2012.
Co
ontent Description
So
oftware packages Software pacckages containn source files aand definitionss used to deploy
ng the classic software distriibution model.
software usin
So
oftware update packages Software update packagess contain softwware update m
metadata and
update files used to perforrm update maanagement.
Driver
D packagess Driver packaages contain d river metadataa and driver files and are use
ed for
operating syystem deploymments.
Operating
O syste
em images Operating syystem images contain preco onfigured operrating system
installations and are used for operating system deployyments.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-11
(continued)
Content Description
Operating System Installers Operation system installers contain installation files imported from the
installation media and are used for operating system deployments.
Boot Images Boot images contain the Windows PE environment used to boot
computers and initiate the operating system deployment process.
Replication of
o Global Data
D
Cre
eation of Global Data
Adm
ministrators can create globa al data by usin
ng the Configuuration Manager console con nnected at the
e
centtral administra
ation site or at any primary site.
s The types of global dataa that can be ccreated by anyy
speccific administra
ator depend ono the securityy roles and sco pes assigned tto that administrator:
The hierarchyy administrator can typically create global data in any sitte in the hierarchy.
Rep
plication of Global Datta
Global data is rep
plicated to the central administration site aand all primaryy sites in the hierarchy using
data
abase replication. A subset of
o global data is replicated too secondary siites using dataabase replicatioon.
Question: If an
a administrattor creates a se
ecurity baselin ns several configuration
ne that contain
items, how is this informatio
on replicated to
t other sites??
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-13
Replication
R n of Site Da
ata
Creation
C of Site
S Data
erated by site systems in eacch site or by C
Siite data is gene Manager clients. For example:
Configuration M
A site serve
er can generate
e an alert if the replication b
between sites iis not function
ning correctly.
Replication
R of
o Site Data
Siite data can be
e found at the originating prrimary site andd is replicated only to the ce
entral administtration
sitte using datab
base replication
n. Secondary sites
s use file-baased replicatio
on to transfer ssite data to the
eir
paarent primary site.
Accessing
A Sitte Data
Siite data is available in the Co
onfiguration Manager
M conso
ole and throug gh reports. The e administrator can
acccess site data from a primary site or from the entire hieerarchy, depennding on the lo ocation from wwhich
he reports are run. Hierarchyy administratorrs can access ssite data from all sites in the hierarchy by
th
co
onnecting with h the Configurration Manage er console or b
by running rep ports on a repo orting services point in
th
he central adm ministration site
e. Administrato
ors who conneect with the Co onfiguration M Manager conso ole, or
ru
un reports from m a reporting point in a prim hat contain sitte data from only the
mary site, geneerate reports th
lo
ocal site.
MCT USE ONLY. STUDENT USE PROHIBITED
5-14 Data Replication and Content Management
For example, consider a hierarchy that contains a central administration site, primary sites named Site A
and Site B, and a secondary site, Site C, which is a child of Site B. In this scenario, the administrator from
Site A can access only site data from Site A, and the administrator from Site B can access site data only
from primary Site B and its secondary Site C. The administrator from the central administration site can
see site data from all the sites in the hierarchy.
Question: If you need to generate reports that contain site data from all the sites in a
hierarchy, in which site in a Configuration Manager hierarchy do you need to install a
Reporting Services point?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-15
Replication
R n of Content
Content is creatted by Configu uration Managger administrattors and distributed using file-based repliccation
to
o site servers and distribution
n points according to distrib
bution settingss configured byy administrato
ors.
When
W planning for distributin
ng content in a Configuratio n Manager hieerarchy, you need to follow your
orrganization co
ontent lifecycle
e and be able to
t answer the following queestions:
Byy answering thhe questions above, you will be able to de sign your distrribution infrasttructure to best fit
yo
our organizatioon needs. Morre details abou
ut planning forr content man nagement are p presented in LLesson 3,
la
ater in this mod
dule.
Content
C Crea
ation
Configuration Manager
M administrators can create conten
nt at any primaary site or centtral administration
sitte.
ally placed in the content library located o n the site servver. Content lib
Content is initia brary is a new ffeature
in
ncluded in Con nfiguration Ma anager 2012, which
w implemeents single-insttance storage for content.
Content
C Disttribution
After creating content, the ad dministrator caan distribute th
he content to d distribution po
oints located in the
sa
ame site or othher primary sites and second dary sites. To d e distribution points
distribute conteent to multiple
att the same tim
me, administrators can use disstribution poin nt groups. Wh en a package is distributed to a
diistribution point group, the package will beb transferred to all distributtion points thaat are part of that
group. Using th his approach, administrators
a can make the content availaable in locations in the same e
neetwork locatioon as the clientts in which the
e content is de ployed.
MCT USE ONLY. STUDENT USE PROHIBITED
5-16 Data Replication and Content Management
Content is transferred between sites using the standard senders and uses the Server Message Block
protocol. Content is transferred in the same site between the site server and distribution points by using
Package Transfer Manager, which also uses file-based replication and the Server Message Block (SMB)
protocol. For this reason, any firewalls located between sites, and between the site servers and distribution
points, must allow SMB traffic.
The administrator can configure content routing between two secondary sites by configuring the content
to be copied from a secondary site to another secondary site instead of directly copying the content from
the primary site server. This process can reduce the network traffic on the link between a secondary site
and parent primary site if the secondary sites are directly connected using a high-speed network
connection.
Content Deployment
Because deployment definitions are global data and are replicated to all sites in the hierarchy, an
administrator from a primary site can reuse the deployments that an administrator creates in a different
primary site. However, to successfully perform the deployment, and so that the clients can locally access
the content, the content should first be distributed to distribution points in the local primary site.
Configuration Manager clients connect to the closest distribution point that has the content available
using HTTP or HTTPS protocol, download the content, and install it on the local system, according to the
deployment settings received in the policy. Because the transfer from the distribution point to the local
system is performed using HTTP or HTTPS, the traffic can usually pass through any firewalls.
Question: In what scenario is content routing used, and what type of connection between
secondary sites is required?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-17
Lesson
n2
Monitoring and
a Tro
oubleshooting Data Re
eplication
When
W you insta
all a primary sitte or a secondary site in an eexisting Config
guration Manaager hierarchyy,
da
atabase replicaation is configured automatically with the parent site. H owever, you ccan configure ssome
se
ettings for use by the new sitte, such as the
e SQL Server po orts and the SQL Server instance.
Yo
ou can monito or Configuratioon Manager da atabase replicaation in the Coonfiguration M
Manager conso
ole. You
ca
an use tools, su
uch as Replication Link Analyyzer, to troublleshoot the rep
plication proce
ess.
Describe re
eplication mon
nitoring feature
es.
Monitor an
nd troubleshoo
ot replication.
MCT USE ONLY. STUDENT USE PROHIBITED
5-18 Data Replication and Content Management
Co
onfiguring Replicatio
on
Because Configuration Manage er does not use QL Server repliication methods, such as
e traditional SQ
tran
nsactional replication, configuration setting
gs for Configu uration Manager database reeplication are n
not
acce
essible in the SQL
S Managem ment Studio console. Becausee of this, databbase administrators have no
ability to see and, therefore, ma
anage the replication of Con nfiguration Maanager data be
etween sites.
Connfiguration Ma anager databasse replication can be monito ored only in th
he Configuratio
on Manager
console.
Content is tra
ansferred from m the parent prrimary site to tthe distribution point in the secondary site
e
using file-bassed replication.
By default,
d databaase replication takes place over ports 14333 and 4022. Th hese ports need to be open in
firew
walls before in
nstalling the ne
ew Configuratiion Manager ssites to allow rreplication betw ween sites. Because
portts are configurrable, you can change their settings
s duringg or after instaallation of the new sites. You
u also
need to ensure th hat the site servver can communicate with tthe site databaase if the site ddatabase is hossted
on a separate servver.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-19
You also need to open ports for file-based replication taking place over SMB. In this case, you need to
configure firewalls to allow SMB traffic between site servers and distribution points.
Most database replication and file-based replication configuration is configured automatically. Unless you
decide to change the default ports for SQL Server and SQL Server Service Broker, you do not need to
perform any configuration for replication when you install a Configuration Manager hierarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
5-20 Data Replication and Content Management
Mo
onitoring Replicatio
R n
Link Active. No
N problems have been dete
ected and com
mmunication accross the link iis current.
Whe en a replicatio
on connection is selected in the
t results pan
ne, detailed infformation is avvailable in the
prevview pane, including:
The configura
ation of the pa
arent and child
d site.
The replicatio
on status and link statuses off all replication
n connections..
Add
ditional inform
mation can be obtained
o by saaving a diagno need to select the replication
ostic file. You n n
connection and thhen click the Save
S Diagnosttic File button
n on the ribbon n. The diagnosstic file is a texxt file
containing detaile
ed informationn about the rep
plication and llinks status.
For further troubleshooting, you plication Link Analyzer, whiich performs a series of testss for
u can use Rep
the replication link:
Checking connectivity at site between the local site server to the remote SQL Server
Checking connectivity between the local SQL Server and remote SQL Server
Checking for a valid SQL Server Service Broker certificate on site servers
Checking for a valid SQL Server Service Broker account on site servers
You can save the test results as an XML file by clicking the Replication Link Analyzer Report link on the
Troubleshooting Report page.
You also can configure alerts to be generated when the replication link is inactive for a specified interval
of time (by default is set to 30 minutes) from the Replication Status Properties dialog box.
Alerts are displayed in the console if the replication link is inactive for the specified period.
MCT USE ONLY. STUDENT USE PROHIBITED
5-22 Data Replication and Content Management
Tro
oubleshoo
oting Repliication
You
u can use troub
bleshooting to eplication Linkk Analyzer, to i dentify the isssue and then
ools, such as Re
perfform the appro
opriate actions to resolve the issue.
Isssue Trouble
eshooting metthod
SM
MSExec servicee stopped on If SMSExec
S stopss responding, restart it on th
he sending or
se
ending or target site tarrget site serverr.
Network
N comm
munication dow
wn Ve
erify network aadapter and drrivers.
Ca
all network suppport/external help.
Lab A:
A Monittoring and
a Tro
oublesho
ooting Data Re
eplicatio
on
La
ab Setup
Fo
or this lab, you
u will use the available
a virtua
al machine envvironment. Beffore you begin
n the lab, you must
co
omplete the fo ollowing steps::
User na
ame: Adminisstrator
Passwo
ord: Pa$$w0rd
d
Domain: Contoso
10748A
A-NYC-CAS-C
C
10748A
A-NYC-CFG-C
C
La
ab Scenario
o
Yoou are the network administtrator for Conttoso, Ltd. Conttoso has deplo oyed System CCenter 2012
Configuration Manager
M in a complex
c hierarrchy that inclu des the centraal administratio
on site, two prrimary
sittes, and a seco
ondary site. Yo
ou need to usee the Configuraation Manager console to m monitor data
re
eplication betw ween a primaryy site and the central admin istration site aand to troublesshoot the replication.
MCT USE ONLY. STUDENT USE PROHIBITED
5-24 Data Replication and Content Management
1. Review the replication information and configuration settings at the central administration site.
2. In the Database Replication node, select the CAS to NYC replication link. Verify that the Link State
shows Link Active. If it does not, refresh the results pane.
3. Review the information available in the preview pane, under Replication Status area. Verify that, in
the Site Replication Status section, both Parent Site State and Child Site State have the statuses
display Replication Active.
4. In the Global Data Replication Status section, verify that both Parent Site to Child Site Global
State and Child Site to Parent Site Global State display Link Active status and that the Last
Synchronization Time reflects todays date.
Note If the status of Parent Site to Child Site Global State and Child Site to Parent
Site Global State is Link Inactive, verify that both NYC-CAS and NYC-CFG have started.
To refresh the status, click the CAS to NYC replication link and then press F5.
5. In the preview pane, at the Parent Site tab, review the information available in the Replication
Status area. Note that SQL Server port is 1433 and SQL Server service broker port is 4022.
6. In the preview pane, at the Child Site tab, review the information available in the Replication Status
area.
2. On the ribbon, click Create Device Collection. The Create Device Collection Wizard starts. Create a
device collection with the following attributes:
2. In the Configuration Manager console, in the Assets and Compliance workspace, select the Device
Collections node.
3. Verify that the New York Computers collection appears in the list of device collections.
4. Right-click the New York Computers collection and then click Show Members. Notice that a new
node appears in the navigation pane under Devices. Notice also that the members of the collection
appear in the results pane.
Results: At the end of this exercise, you should have verified the replication between the central
administration site and a primary site in a Configuration Manager hierarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
5-26 Data Replication and Content Management
3. In the Replication Status Properties dialog box, verify that Generate an alert when this
replication link is not working for a specified period of time is selected.
3. In the Service Control window, wait for the service to stop. Wait at least 3 minutes before continuing
to the next task.
4. In the Assets and Compliance workspace, select the Device Collections node.
5. Access the Properties of the New York Computers collection, and change the name of the
collection to New York Servers.
6. In the Monitoring workspace, in the Database Replication node, select the CAS to NYC replication
connection.
7. Verify that the status of the replication link is either Link Degraded or Link Failed. Press F5 if
required to refresh the status.
8. Right-click the CAS to NYC replication link, and then click Save Diagnostics Files.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-27
10. In Windows Explorer, browse to drive C, and then open the file Replication Diagnostics in
Notepad.
11. Review the content of the file. Note that the Parent Site to Child Site Global State shows the status
of Link Failed or Link Degraded. Close Notepad.
X Task 4: Resolve the issue and verify that replication is functioning correctly
1. On NYC-CAS, right-click the CAS to NYC replication link, and then click Replication Link Analyzer.
3. In the Replication Link Analyzer window, on the Restart the SMS_EXECUTIVE service on
NYC-CFG.contoso.com page, click Restart the SMS_EXECUTIVE service. Wait for the operation to
finish.
4. In the Replication Link Analyzer window, on the Successfully restarted the SMS_EXECUTIVE service
on NYC-CFG.contoso.com page, click Continue.
5. Wait for the operation to finish, and then on the Troubleshooting Report page, click the link under
Replication Link Analysis Report. The content of ReplicationAnalysis.xml opens in Internet
Explorer. (Note: based upon timing you may still have issues detected, if issues are detected first click
the Check to see if the problem is fixed link).
6. Review the content of the file, and then close Internet Explorer.
7. In the Replication Link Analyzer window, click the link under Replication Link Analysis Log. The
content of ReplicationLinkAnalysis.log opens in Configuration Manager Trace Log Tool.
8. Review the content of the file, and then close Configuration Manager Trace Log Tool.
Results: At the end of this exercise, you should have performed troubleshooting replication.
Lesson 3
Planning for Content
C t Manag
gementt
Describe Con
nfiguration Manager 2012 co
ontent manageement featurees.
Configurat
C ion Manag
ger 2012 Content
C M
Managemen
nt Feature
es
Feature Use
Single Configuraation Managerr 2012 now haas a single distrribution point type, based o on
distribution Internet Information Se ervices (IIS).
point type on points can be installed o n supported o
Distributio operating syste ems including
workstatioons and serverrs.
Distributio
on points inclu ude new featu ures for schedu uling the file trransfer from sitte
server to distribution po oint and for baandwidth thro ottling.
on points inclu
Distributio ude the abilityy to prestage ccontent in remote locations
connected d by low-band dwidth networrk links.
Distributio
on points inclu ude the PXE seervice point features. Windo ows Deployment
Services (W
WDS) is a requ uired prerequi site.
The same e certificate is used
u for PXE aand distribution point, which h reduces the
configuraation effort.
(continued)
Feature Use
Content Distribution points have configuration settings that allow administrators to specify the
storage disk drive(s) to use for content storage.
placement
Content Configuration Manager 2012 distribution points include a content validation feature
validation that is used to verify the integrity of the packages located on the distribution point.
Content validation can be run on a schedule or can be initiated manually.
Pre-staging Content prestaging is used to transfer content form the site server to distribution
content point using an offline transport method to avoid the transfer of content over low-
bandwidth networks.
Administrators create prestaged content files that contain packages, operating system
images, or other types of content, all taken from the site server.
The prestaged content files are then transferred offline and imported on the remote
distribution points.
Content Configuration Manager 2012 includes new features for monitoring content.
monitoring When content is distributed to distribution points, the content status can be
monitored in the Configuration Manager console.
The status of distribution point groups and of distribution point configuration also can
be monitored in the Configuration Manager console.
Bandwidth Distribution points now have settings to control the bandwidth from the site server to
throttling and the distribution points.
scheduling Administrators have the ability to specify a transfer schedule for transferring content.
BranchCache BranchCache can be used as an alternative to distribution points for providing content
integration in remote locations with fewer clients.
Management of BranchCache is now integrated in the Configuration Manager 2012
console.
When distributing a package or an application, use of BranchCache can be configured
as an option on a deployment for the package or deployment type for the
application.
Distribution Distribution point groups are used to logically organize distribution points for
point groups performing content distribution.
When an administrator distributes content to a distribution point group, the content
is copied to all distribution points that are part of the group regardless the site where
they are located.
When an administrator adds a new distribution point to a distribution point group, all
content that is distributed to the group is copied to the new distribution point.
Management Content located on a distribution point is visible in the distribution point properties
of content files dialog box. An administrator can directly perform tasks on the content from
distribution point properties dialog box.
Question: What features can you use to distribute content in remote locations that contain
only workstations?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-31
Distributio
D n Point Fe
eatures
Configuration Manager
M 2012 uses a single distribution
d pooint type. Configuration Manager 2007 usses
sttandard distrib
bution point, which
w nstalled on serrver operating systems, and branch distribution
can be in
po oint, which can
n be installed on client operrating systems.. Branch distrib bution points are not availab
ble in
Configuration Manager
M 2012,, which simpliffies distributio n point installaation and man
nagement.
Distribution
D Point Confiiguration Options
O
Yo
ou can configuure distribution point settinggs in Configuraation Manager 2012, includiing configuring
ba g settings, and settings to sc hedule conten
andwidth settiings, throttling nt distribution between the ssite
se
erver and distribution point.
Th
he distributionn point role is installed
i by de
efault on all Co
onfiguration M Manager 2012 secondary site es,
which
w always include a manag gement point and distributio on point. You need to decid de whether to use a
diistribution point to manage the content distribution for a remote locaation or to insttall a secondarry site to
manage
m upwardd network trafffic from Configuration Manaager clients to o the site serve
er. Secondary ssites are
su
upported only on server ope erating systems. When you d do not have a ccomputer runn ning a server
op
perating system in the remo ote location, yo
ou can only insstall a distributtion point.
MCT USE ONLY. STUDENT USE PROHIBITED
5-32 Data Replication and Content Management
Internet Information Services (IIS) is a prerequisite for installing distribution points. IIS can be installed and
configured automatically during the installation process by using the Add Site System Role Wizard
when you install the distribution point role for Windows Vista, Windows 7, or Windows Server 2008. If
you are using Windows Server 2003, you need to configure IIS manually.
The need for managing network traffic used for content distribution
Whether you will use PXE for operating system deployments
Whether you will deploy distribution points or secondary sites in remote locations
These planning considerations are discussed in greater detail later in this module.
Question: You must decide whether to implement a distribution point or a secondary site in
a remote location. What are two important criteria to consider when making this decision?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-33
BranchCach
B he Integra
ation
BrranchCache is included in th
he Windows 7 and Windows Server 2008 R R2 operating syystems and en
nables
co
ontent from fille and Web servers on a wid
de area networrk (WAN) to bee cached on co
omputers at a local
branch office. BranchCache
B ca
an improve ap
pplication resp
ponse time and
d reduce WAN N traffic.
BrranchCache in Windows Servver 2008 R2 ca
an be configurred to work in two modes:
Distributed cache mode. Cached
C nt is distribute d across peer client computters.
conten
BranchCache
B e Support in
n Configuration Manag
ger
Configuration Manager
M suppo orts BranchCache with Wind dows Server 20 008 R2 and Wiindows 7 clients that
arre configured in BranchCach he distributed cache mode. C Clients runningg a supported version of Windows
Vista, Windows Server 2008 with w SP1, and Windows
W Serveer 2008 with S P2 by using th
he BITS 4.0 rele
ease
also can use Bra anchCache. Ho owever, on the ese operating ssystems, the B ranchCache client functionaality is
no ot supported for
f software diistribution thatt is configuredd to run from tthe network or for SMB file
trransfers. You caan install the BITS
B 4.0 release
e on Configuraation Manageer clients by using software uupdates
orr software disttribution.
BrranchCache management
m is integrated in the Configuraation Managerr console. You can configure
e the
BrranchCache se
ettings on a de
eployment type for applicati ons and softw
ware updates and on the
de
eployment forr a package.
Planning
P to Use BranchC
Cache
When
W you plan to use Branch
hCache for con
ntent distributiion, take into aaccount wheth
her:
Windows Server 2008 R2 is in a central location and is configured iin BranchCach mode.
he distributed m
Workstations situated in remote locatio
ons are runninng a supported d operating sysstem for
BranchCachhe, such as Windows 7, or Windows
W Vista w
with BITS 4.0.
MCT USE ONLY. STUDENT USE PROHIBITED
5-34 Data Replication and Content Management
Admministrators can choose how w content is disstributed whenn performing ccontent distribbution: whethe er to
distribute contentt to individual distribution points or wheth
her to distributte content to a distribution point
group. When you configure con ntent distribution, keep in m
mind the followwing:
n point group can contain diistribution poi nts from multiple sites as members, which
A distribution h can
simplify conte
ent distribution to multiple sites.
s
A distribution
n point can be member of on ne or more disstribution poin
nt groups, meaaning the grou ups
can overlap. In this scenario
o, different con
ntent can be taargeted to diffferent distribu
ution point gro
oups.
A distribution
n point receive
es content from m all the group
ps it is a membber of.
When addingg a new distribution point to
o an existing grroup, all conteent targeted to
o the group is
copied autom
matically to the
e new distributtion points.
A distribution point group can beb associated with collection ns. The contennt deployed to o that collection is
copied automatically to all distrribution pointss that are mem
mbers of the grroup. You can use this feature to
perfform automatiic content disttribution whenn content is tarrgeted to a speecific collectio
on.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-35
Distribution point groups can contain distribution points from multiple sites.
Distribution point groups cannot contain other distribution point groups, only individual distribution
points.
You can use security roles to configure permissions to control content distribution to distribution
point groups.
You should create distribution point groups based on the content you need to distribute and the
locations to which you need to deploy the content.
Question: If you have a distribution point that is a member of Desktop Applications DP and
Server Applications DP distribution point groups, what content does the distribution point
receive?
MCT USE ONLY. STUDENT USE PROHIBITED
5-36 Data Replication and Content Management
Co
ontent Librrary
Con
ntent library is a new file repository for con
ntent used on site servers an
nd distribution points.
Conntent library im gle-instance fille storage, wh ich means that a file include
mplements sing ed in two or m
more
packages is only stored
s once. When
W a new paackage contain ning the same file is added to the content
libra
ary, the corresponding package folder conntains referencces to the existting file.
Con
ntent library ha
as three components:
ary, which conttains informatiion stored in .IINI files about the packages-----including th
Package libra he
name and GU UID of the package-----and file
es contained in n the packagee.
Con
ntent library re MSPKGx$ folderr on the site seerver and distrribution pointss and reduces the
eplaces the SM
spacce used for file
e storage by:
Eliminating multiple
m instancces of files and
d older data sttored on the seerver.
Taking a snap
pshot each tim
me a package version
v is updaated.
Con
ntent library re
eplaces the SMMSPKGx$ folderr as the defaullt package store on distributtion points. Yo
ou still
use the SMSPKG folder
f for gene
erating compressed copy an nd for sending content from site to site, bu
ut it is
not enabled by de efault. You can
n use it for mo
ost types of con
ntent except aapplications an
nd software
upd
dates.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-37
Content
C Distribution
Content is distributed
d at a file level. Forr each file inclu
uded in a packkage, a hash iss generated an
nd
information
n about the filee is stored in the
t data libraryy in .INI files.
Drives receive a priority for
f distribution n. Each drive o n the site servver or distribution point rece
eives a
priority for storing contennt files. By default, the drive with the mostt available spaace at the timee when
distribution
n point was insstalled receivess the highest p priority.
Files are wrritten to the drrive with the highest priorityy that has free space. When a drive fills witth
es are written on the drive with
content, file w the next p priority.
Files within packages can T feature is useful for storring large files such as operaating
n span drives. This
system images.
Content is transsferred in a Co
onfiguration Manager 2012 eenvironment u
using the follow
wing methodss:
The content source location. It is recommended that you configure a centralized content source and
place all content that needs to be distributed in the entire hierarchy in this location. A network share
can be used for this purpose.
Whether you want to distribute content on all distribution points or on a subset of distribution points,
in which case you can use distribution point groups.
Whether the same content is included in multiple packages. Single-instance storage can reduce the
space required for storage when the same files are included in multiple packages.
Whether you need to use content prestaging to avoid transferring content on low-bandwidth
network links.
Whether you need to configure bandwidth throttling and content transfer schedules.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-39
Content
C Va
alidation and Conten
nt Prestaging
Configuration Manager
M 2012 includes two features
f for m
managing conteent that did noot exist in prevvious
ve
ersions: contennt validation and content pre estaging. You use content validation to vaalidate the inteegrity of
th
he content filess stored on disstribution poin
nts. You use co ging to avoid the transfer of content
ontent prestag
ovver low-bandwwidth network links.
Content
C Validation
Yo
ou can implem
ment content validation
v on any
a distribution
n point. Conteent validation:
Content
C Presstaging
ging is a method to transfer and preload ccontent using an offline metthod, such as sshipping
Content prestag
media,
m s server to a distribution point.
from a site p You can use this metho od instead of ffile-based repllication
to
o reduce netwoork traffic betw
ween site serve
er and distribu
ution point. Co
ontent prestagging:
Works with
h all content tyypes.
Works with
h content librarries and packa
age shares.
Registers co
ontent availability with the site
s server wheen you use it to
o extract conte
ent on a distrib
bution
point.
Uses a com
mpressed presta
aged content file
f with the exxtension .pkgxx.
MCT USE ONLY. STUDENT USE PROHIBITED
5-40 Data Replication and Content Management
Includes a conflict detection mechanism to prevent older versions of content from being prestaged
on a distribution point.
Periodically validate the integrity of content on a distribution point. You can configure content
validation for all content on a distribution point to occur on a schedule that you configured
previously in the distribution point properties dialog box.
Troubleshoot the deployment of a package. If you have reason to believe that the integrity of a
package is compromised, you can manually initiate the content validation for all files contained in the
package by selecting the package on the Content tab of the distribution point properties dialog box
and then clicking the Validate button.
You need to restore the content library on a site server. When a site server fails, information about
packages and applications contained in the content library is restored to the site database as part of
the restore process; however, the content library files are not included by default in the site backup. If
you do not have a file system backup to restore the content library, you can create a prestaged
content file from another site that contains the packages and applications that you need and then
extract the prestaged content file on the recovered site server.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-41
Planning
P fo
or Distribu
ution Pointts
Determine
D Distribution
D Point Place
ement
At least one distribution point is required att each primaryy or secondaryy site in a Conffiguration Man
nager
hiierarchy. By de
efault, a secondary site serve
er is configured
d as a distributtion point.
When
W you have
e a large numb ber of clients, we
w recommend d that you ass ign this role to
o a remote site
e system
nd then removve it from the site server. Thiis reduces the resource requ
an uirements and improves
pe
erformance on
n the site serve
er.
A distribution point
p site system role is autom
matically conffigured on a seecondary site sserver at installation.
When
W you decid
de on the placcement of distrribution pointss, consider thee physical locattion, the numb
ber of
clients, and the network connnection speed between the d distribution po oint and the sitte server.
Determine
D th
he Number of Distribution Points
Yo u to 250 distrribution pointss per site and up to 5,000 diistribution points per primarry site
ou can install up
with
w secondary sites. Consider the following g inputs to hellp you determine the approp
priate numberr of
diistribution points to install in
n your infrastru
ucture:
The numbe
er of clients tha
at might accesss the distributtion point
The configu
uration of the distribution po
oint, such as P
PXE and multiccast
Whether yo
ou enable Bran
nchCache
MCT USE ONLY. STUDENT USE PROHIBITED
5-42 Data Replication and Content Management
Preferred distribution point. You can assign boundary groups to distribution points to configure them
as preferred for clients that are within the boundary group for the distribution point. The clients use
preferred distribution points as the source location for content. When the content is not available on
a preferred distribution point, the clients use another distribution point for the content source
location. You also can configure a distribution point to allow clients not included in the boundary
groups assigned to that distribution point to use it as a fallback location for content.
Implementing PXE. You can enable the PXE option on a distribution point to enable operating system
deployment for Configuration Manager clients. You can enable PXE only on a server with Windows
Deployment Services installed. When you enable PXE on a distribution point located on a computer
running Windows Server 2008, Configuration Manager automatically installs Windows Deployment
Services if it is not already installed. You need to manually install Windows Deployment Services on
computers running Windows Server 2003.
Implementing multicast. You can enable the multicast option on a distribution point so that it uses
multicast when you distribute operating systems. You can enable multicast only on a Windows
Server 2008 server with Windows Deployment Services installed.
Support for mobile devices. You must configure the distribution point to accept HTTPS
communications to support mobile devices.
Support for Internet-based clients. You must configure the distribution point to accept HTTPS
communications to support Internet-based clients.
Managing
M Network Bandwidth
B h
When
W distributing content in a Configuratio
on Manager 20012 infrastructture, network traffic is generrated:
Package Transfer Manager distributes content from a site server to a distribution point installed on a
site system in the same site. The controls used for scheduling and throttling to the remote distribution
point are available on the distribution point properties dialog box and are similar to the settings for a
standard sender address.
General. You can configure source site, destination site, and access credentials. Configuration
Manager assigns the site servers computer account as the Site Address Account at the new site and
at its parent site. This account is added to the SMS_SiteToSiteConnection_<Sitecode> group on the
destination site server. You can change this account with a Windows user account to accommodate
multiple AD DS forest scenarios. If you change the account, ensure that you add the new account to
the SMS_SiteToSiteConnection_<Sitecode> group on the destination site server. Secondary sites always
use the computer account of the secondary site server as the Site Address Account.
Schedule. You can configure a schedule to restrict the time when data can transfer to the destination
site. You also can configure priorities for each type of data.
Rate limits. You can configure rate limits for an address to control the network bandwidth that is
being used when transferring data to the destination site. You can configure the bandwith settings to
either: unlimited, pulse mode, or limited to a maximum transfer rate.
Configuration Manager uses a sender to manage the network connection from one site to a destination
site and can be used to establish connections to multiple sites at the same time. Each site has one sender.
The sender can be configured in the Administration workspace under the Hierarchy Configuration,
Sites node. On the Properties for the site, click the Sender tab to change the sender configuration.
Configuring a schedule and bandwidth throttling settings on distribution points and senders.
Using content prestaging to transfer the content offline.
Both senders and Package Transfer Manager use file-based replication and the Server Message Block
(SMB) protocol. Any firewalls placed between sites or between the site server and distribution points must
allow SMB traffic.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-45
Prerequisit
P es for Con
ntent Mana
agement
To
o use content management in Configuratiion Manager 22012, you need
d to configure
e the following
g
prerequisites:
Distribution
n points. You need
n to install at least one d istribution poiint to perform
m content
manageme c install and configure a d
ent tasks. You can distribution pooint during thee installation off a
primary site
e, and one is in
nstalled autommatically when you install a ssecondary site..
Distribution
n point groupss. While it is no
ot required to use distributio
on point group
ps, they simplify the
manageme ent of content.
Windows Deployment
D ervices (WDS). When you insttall a distributtion point on a computer run
Se nning
Windows Server 2008, Windows Deployyment Servicees are installed configured au utomatically. Y
You
must manu
ually install WDDS on compute ers running W indows Serverr 2003 with Serrvice Pack 2. W Windows
Deploymen
nt Services are required onlyy if you plan to
o use PXE and multicast.
MCT USE ONLY. STUDENT USE PROHIBITED
5-46 Data Replication and Content Management
Certificate for authentication. When you add the distribution point site role to a server, you must
specify a certificate that authenticates the distribution point to management points. Computers use
the same certificate if they PXE boot from the distribution point. You can choose to have
Configuration Manager create a self-signed certificate, or you can import a PKI certificate that is
enabled for client authentication.
Distribution points can be installed on the following operating systems:
Windows Server 2008 SP2 x86 or x64 Supports distribution points and secondary
sites.
Windows Vista SP2 x86 or x64 Supports distribution points without PXE and
multicast. Secondary sites cannot be installed
on this operating system.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-47
Discussion:
D Planning for Distrib
bution Poiints
Scenario
Yo
ou are the admministrator for Contoso Ltd. Contoso has d deployed Systeem Center 201 12 Configuratioon
Manager
M in a coomplex hierarcchy that includ
des the centrall administratio
on site, two primary sites, and
da
se
econdary site.
Th
he current networking enviro des two dataceenters in New York and Lond
onment includ don and addittional
nd New Jersey, as described iin the followin
offfice locations in Toronto an ng table.
Location Sites N
Number of clie
ents Connection to NY
YC
Due to a change in communication provide ers, New Jerseyy is connected d to New York with a slow lin
nk. You
would
w like to offfload the conttent-related trraffic for this n etwork link.
Yo
ou will use you deploy applicaations and softtware updatess to
ur content management infrrastructure to d
ussers and compputers in all the
e locations.
You need to plan for distribution points placement and configuration. You also need to decide the type of
operating system you will need to install to support your distribution point role.
In the following table, describe the locations where you would install distribution points and the
corresponding configuration settings.
New York
New Jersey
Toronto
London
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-49
Lesson
n4
Configuring and Mo
onitorin
ng Conttent Maanagem
ment
Configuring con ntent management begins withw installing aand configurin ng the distribu
ution points. In
n this
le
esson, you will review the pro
ocess for installing a distribu
ution point and
d available con
nfiguration opptions.
Yo
ou can create distribution pooint groups an
nd add distribu
ution points to
o the groups to
o manage the
diistribution of content
c more easily.
e
ng the distribution point infrrastructure, yo u can distributte and manage content, perrform
After configurin
co
ontent validatiion, and use co
ontent prestagging to transfeer content to reemote distribu
ution points.
After completin
ng this lesson, you
y will be able to:
Configure distribution
d po
oints.
Create and use distributio
on point group
ps.
Distribute and
a update content.
Configure content
c presta
aging.
Perform content validatio
on.
Monitor co
ontent status.
MCT USE ONLY. STUDENT USE PROHIBITED
5-50 Data Replication and Content Management
An existing site system servver. You select an existing sitte system, run the Create Ro
oles Wizard, an
nd
then select th
he distribution point role.
With the exceptio
on of the first step
s in the wizard, configuraation options fo
or the distribu
ution point role
e are
the same regardle
ess of the wizaard you are using. The Createe Roles Wizard d has the followwing configuration
step
ps:
Configurre client communication and a certificate e. You specify whether clientts will commun nicate
with the distribution po oint using HTTTP or HTTPS. TTo use HTTPS, select the optiion so that
Configuration Manage er creates a selff-signed certifficate or select the option to
o import a PKI client
certificate
e from a file.
Drive Settings. On this page, specify the drive settings. These settings cannot be changed after
installation.
Drive space reserve (MB). Specify the amount of free space reserved for operating system.
Content Locations. Specify the drives to be used for content storage. By default, this setting is
configured to Automatic, which means the drive with the most available space is used.
PXE. On this page, enable and configure PXE for performing operating system deployment. Windows
Deployment Services must be installed as a prerequisite to configure this option.
Multicast. On this page, you enable and configure multicast for operating system deployment.
Content Validation. On this page, specify whether to validate the integrity of content files on the
distribution point on a schedule.
Boundary Group. On this page, associate boundary groups to this distribution point. Configuration
Manager clients located in the boundary groups will use the distribution point as the preferred
content location.
MCT USE ONLY. STUDENT USE PROHIBITED
5-52 Data Replication and Content Management
Co
onfiguring Distribution Points
Afte
er you install a distribution point,
p you can change the di stribution poin on by perform
nt configuratio ming
the following stepps:
3. On the ribbon
n, click Properrties.
In th n point properties dialog boxx, you can con
he distribution nfigure the setttings shown in
n the following
g
tablle.
Ta
ab Settings
General Configure e how client deevices commu nicate with thee distribution point. You can n
select eith
her HTTP or HT TTPS:
If you u select HTTP, by default, Coonfiguration M Manager create es a self-signed
d
certificate.
If you u select HTTPS, you must im port a PKI-issu ued server certtificate for
autheentication.
If you sele
ect the Enablee this distribu
ution point fo r prestaged ccontent option n,
content will
w not be tran nsferred to thiss distribution p
point using file
e-based replicaation
and will need
n to manuaally import preestaged conten nt on the distriibution point.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-53
(continued)
Tab Settings
PXE Select Enable PXE support for clients to configure the following settings:
Allow this distribution point to respond to incoming PXE requests.
Specifies whether the PXE service point responds to computer requests.
Enable unknown computer support. Specifies whether to enable support for
unknown computers.
Require a password when computers use PXE. Specifies whether a password
is required for clients to start the PXE boot.
User device affinity. Specifies the user device affinity behavior by selecting one
of the following options:
Allow user device affinity with auto-approval. Select this setting if you
want to automatically associate users with the destination computer.
Allow user device affinity pending administrator approval. Select this
setting if you want to associate users with the destination computer only
after approval is granted by the administrator.
Do not allow user device affinity. Select this setting if you do not want to
associate users with the destination computer.
Network interfaces. Specify whether the distribution point responds to PXE
requests on all network interfaces or only on specific network interfaces.
Specify the PXE server response delay (seconds). Specify how long the delay
is for the distribution point before it responds to computer requests when
multiple PXE-enabled distribution points are used.
Multicast Select the Enable multicast to simultaneously send data to multiple clients
check box, and then configure the following settings:
Multicast Connection Account. Specify the account to use when you
configure the Configuration Manager database connections for multicast.
Multicast address settings. Specify the IP addresses that are used to send data
to the destination computers. By default, the IP address is obtained from a
DHCP server that is enabled to distribute multicast addresses.
UDP port range for multicast. Specify the range of the user datagram
protocol (UDP) ports that are used to send data to the destination computers.
Client transfer rate. Select the transfer rate used to download data to the
destination computers.
Maximum clients. Specify the maximum number of destination computers that
can download the operating system from this distribution point.
Enable scheduled multicast. Specifies how Configuration Manager controls
when to start deploying operating systems to destination computers. When
selected, configure the following options:
Session start delay (minutes). The number of minutes that Configuration
Manager waits before it responds to the first deployment request.
Minimum session size (clients). The number of requests that must be
received before Configuration Manager starts the multicast.
MCT USE ONLY. STUDENT USE PROHIBITED
5-54 Data Replication and Content Management
(continued)
Tab Settings
Group On this tab, you can manage the distribution point membership in distribution point
Relationships groups by:
Clicking Add to add the distribution point to an existing distribution point
group.
Selecting a distribution point group and then clicking Remove to remove the
distribution point from the distribution point group.
Content On this tab, you can manage the content that has been distributed to the
distribution point. You can initiate the following actions:
Validate. Initiates the process to validate the integrity of the content files in the
package.
Redistribute. Copies the content files in the application or package to the
distribution point.
Remove. Removes the content files from the distribution point for the
application or package.
Content Enable content validation and set a schedule to validate the integrity of content files
Validation on the distribution point.
When you enable content validation on a schedule, Configuration Manager starts
the process at the scheduled time and all content on the distribution point is
verified.
You also can configure the content validation priority. By default, the priority is set
to Lowest.
Boundary Groups Manage the boundary groups for which this distribution point is assigned.
By default, the distribution point is considered protected and can be accessed only
by the clients that are within the boundaries associated with the boundary groups.
To allow clients that are outside of the boundaries associated with the boundary
group to access content, you can select the Allow a client outside these boundary
groups to fall back and use this site system as a source location for content
check box.
Security Specify the administrative users that have permissions to manage the distribution
point.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-55
For the distribution points located on a computer different than the site server, you also can configure the
settings in the following table.
Tab Settings
Schedule On this tab, you configure a schedule that restricts when Configuration Manager can
transfer data to the distribution point. To restrict data, select the time period and then
select one of the following Availability settings:
Open for all priorities. Specifies that Configuration Manager sends data to the
distribution point with no restrictions.
Allow medium and high priority. Specifies that Configuration Manager sends
only medium and high priority data to the distribution point.
Allow high priority only. Specifies that Configuration Manager sends only high-
priority data to the distribution point.
Closed. Specifies that Configuration Manager does not send any data to the
distribution point.
Rate Limits On this tab, you configure rate limits to control the network bandwidth that is used
when transferring content to the distribution point. You can choose from the following
options:
Unlimited when sending to this destination. When this option is chosen,
Configuration Manager sends content to the distribution point with no rate limit
restrictions.
Pulse mode. With this option, you can specify the size of the data blocks that are
sent to the distribution point. You also can specify a time delay between sending
each data block.
Limited to specified maximum transfer rates by hour. With this setting, a site
will send data to a distribution point by using only the percentage of bandwidth
that you configure.
Question: How can you manually initiate the validation of the content files for package
located on a distribution point?
MCT USE ONLY. STUDENT USE PROHIBITED
5-56 Data Replication and Content Management
Cre
eating and
d Using Distribution Point Gro
oups
You
u can perform the following management tasks on distri bution point g
groups:
Create and co
onfigure a new
w distribution point
p group.
d associate collections to an existing distrib
Add distribution points and bution point g
group.
Distributing
D g and Upd
dating Con
ntent
Yo
ou can use the e Distribute Content
C Wizarrd to configuree the distributtion of contentt to distributio
on
po
oints. The Disttribute Content Wizard has the
t following ssteps:
General. Ve
erify that the content you wa
ant to distributte is listed, and
d choose whetther to detect
associated content depen ndencies.
Content De
estination. Add
d collections, distribution
d po
oints, or distrib ution point grroups.
Summary. Review
R the setttings for the distribution.
d
Confirmatio
on. Verify that the content was
w successfullyy assigned to tthe points.
To
o update existing content on
n distribution points, you ca n perform thee following actions:
Co
onfiguring Content Prestaging
P
Applications
Packages
Driver packag
ges
Boot images
Operating sysstem installers
Images
By adjusting
a these
e settings, you can configure
e how contentt distribution iss managed on
n remote
distribution points identified as prestaged. Th
he options ava ilable are as fo
ollows:
Automatically download content when n packages arre assigned too distribution n points. Use tthis
option when you have smaller packages where
w the sch eduling and th
hrottling settin
ngs provide en
nough
control for co
ontent distribution.
Manually copy the content in this package to the distribution point. Use this option when you
have large packages with content such as an operating system image and you do not want to use the
network to distribute the content to the distribution point. When you select this option, you must
prestage the content on the distribution point.
These options are applicable on a per-package basis and are used only when a distribution point is
identified as prestaged. Distribution points that have not been configured as prestaged will ignore these
settings, and content will always be distributed over the network from the site server to the distribution
points.
To configure content prestaging, you need to perform the following steps:
Cd C:\SMS_dp$\sms\tools
ExtractContent /P:<PrestagedFileLocation>\<PrestagedFileName> /S
To import all prestaged files in the specified folder, type the following at a command prompt:
Cd C:\SMS_dp$\sms\tools
ExtractContent /P:<PrestagedFileLocation> /S.
MCT USE ONLY. STUDENT USE PROHIBITED
5-60 Data Replication and Content Management
Performing Content
C Validation
V
You
u have the follo
owing options for using content validation
n:
Monitoring
M g Content Status
Yo
ou can use the
e Configuration Manager console to perfo
orm monitoring
g for:
atus, which inccludes the status of individuaal packages in relation to their distribution
Content Sta n points.
To
o troubleshoott issues with co
ontent manag
gement, you caan use the follo
owing Configu
uration Manag
ger logs:
SMSProv.lo
og, to troublesh
hoot actions sttarted from UII or SDK (provider).
DistMgr.logg, to troubleshhoot content creation, updatte, deletion, an nd start of distribution. You ccan use
this log on the site serverr from the source site, to val idate that the content is proocessed by
Distribution
n Manager.
og, to see the current statuss of the senderr job. You can use this log on
Scheduler.lo n the site serve
er from
the source site to verify that the conten
nt was queued d for the sendeer.
Sender.log, to troublesho oot the copy of the compresssed content to o the destination site. You caan use
this log on the site serverr from the source site, to dettermine wheth
her the sender has transferreed the
content to a different site
e.
MCT USE ONLY. STUDENT USE PROHIBITED
5-62 Data Replication and Content Management
Despooler.log, to troubleshoot the extraction of the compressed copy to the content library on the
destination site. You can use this log on the site server from the destination site to verify that the
content was received and processed by the despooler.
PkgXferMgr.log, to troubleshoot the actual distribution of content from the site server to the
distribution point. You can use this log on the site server to determine whether the content was
processed by Package Transfer Manager and transferred to a distribution point located in the same
site with the site server.
SMSDPProv.log, to troubleshoot addition of content to the content library on the distribution point.
You can use this log on a distribution point to verify that content was added to content library.
SMSPXE.log, to troubleshoot the PXE provider. You can find this log on a distribution point that is
configured to use PXE.
The following Windows logs can be used to troubleshoot distribution point configuration:
u_exYYMMDD.log (where YYMMDD is the year, month, and day). You can use these IIS logs for
troubleshooting issues related to IIS. You can find the IIS logs on the distribution point in the
C:\Inetpub\Logs\LogFiles\W3SVC1\ folder.
WDS.log. You can use the Windows Deployment Services (WDS) log for troubleshooting issues related
to the WDS service.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-63
Demonstra
D ation: Perfo
orming Co
ontent Ma nagementt
In
n this demonsttration, you will see how to distribute
d conttent, monitor ccontent distrib
bution, and perform
co
ontent validatiion.
Demonstrati
D ion Steps
Distribute
D conttent
1. In the Configuration Manager console, select the Microsoft Office PowerPoint Viewer 2007
(English) application, and on the ribbon, click Properties.
2. In the Microsoft Office PowerPoint Viewer 2007 (English) Properties, at the Content Locations
tab, in the Distribution points or distribution point groups list, select \\NYC-CFG.Contoso.com,
and then click Validate. Accept all messages, and then close the properties window.
3. In the Configuration Manager console, in the Monitoring workspace, under Distribution Status,
select the Content Status node.
4. In the results pane, select Microsoft Office PowerPoint Viewer 2007 (English), and then review the
information in the preview pane.
5. In the preview pane, click the View Status link. A new node appears in the navigation pane, and in
the results pane, you should see the Content Status for the selected package.
6. In the Configuration Manager console, under the Distribution Point Configuration Status node,
select \\NYC-CFG.Contoso.com, and then in the preview pane, click the Details tab. Review the
status messages related to content distribution.
7. In the Configuration Manager console, in the Administration workspace, select the Distribution
Points node, and then access the Properties of \\NYC-CFG.Contoso.com.
8. In the \\NYC-CFG.Contoso.com Properties dialog box, at the Content tab, in the Deployment
packages list, click Microsoft Office PowerPoint Viewer 2007 (English), and then click Validate.
Accept all messages and close the properties window.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 5-65
Lab B:
B Config
guring Conten
nt Manaagement
La
ab Setup
Fo
or this lab, you
u will use the available
a virtua
al machine envvironment. Beffore you begin
n the lab, you must
co
omplete the fo ollowing steps::
1.. In Hyper-V Manager, verify that the folllowing virtual machines aree running:
10748A
A-NYC-DC1-C
10748A
A-NYC-CAS-C
10748A
A-NYC-CFG-C
10748A
A-NYC-SVR1-C
C
2.. Log on if ne
ecessary by ussing the follow
wing credential s:
User na
ame: Adminisstrator
Passwo
ord: Pa$$w0rd
d
Domain: Contoso
Scenario
Yoou are the network administtrator for Conttoso, Ltd. Conttoso has deplo oyed System C Center 2012
Configuration Manager
M in a complex
c hierarrchy that inclu des the centraal administratio
on site, two prrimary
sittes, and a seco
ondary site.
1. Add the primary site server computer account to the local Administrators group.
3. Create a distribution point group, and assign the distribution points to the distribution point group.
X Task 1: Add the primary site server computer account to the local Administrators
group
1. On NYC-SVR1, start Server Manager.
2. In the Server Manager console, under Configuration, Local Users and Groups, select Groups.
On the General page, browse to select NYC-SVR1 as the new site system server, and then in the
Site Code drop-down list, select NYC --- New York Primary Site.
On the Distribution Point page, select the options Install and configure IIS if required by
Configuration Manager and Enable this distribution point for prestaged content.
Use default settings for all other pages, and then complete the wizard.
4. In the Configuration Manager console, verify that \\NYC-SVR1.Contoso.com appears in the results
pane.
X Task 3: Create a distribution point group and assign the distribution points to the
distribution point group
1. In the Configuration Manager console, select the Distribution Point Groups node.
2. On the ribbon, click Create Group. In the Create New Distribution Point Group dialog box, use the
following settings:
4. A new node named New York DP appears in the navigation pane. In the results pane, verify that you
see the distribution points that you added to the group.
Results: At the end of this exercise, you should have created a distribution point, created a distribution
point group, and added distribution points to the group.
MCT USE ONLY. STUDENT USE PROHIBITED
5-68 Data Replication and Content Management
2. In the Configuration Manager console, in the Software Library workspace, expand Application
Management, and then select the Applications node.
3. On the ribbon, click Create Application. The Create Application Wizard starts. Use the following
settings to create an application:
On the General page, verify that in the Type box, Windows Installer (Native) is selected,
browse to \\NYC-CFG\E$\Software\PPTViewer\Source, and then select ppviewer.msi.
Accept the default settings for all other pages, and then complete the wizard.
4. In the Configuration Manager console, in the results pane, select the Microsoft Office PowerPoint
Viewer 2007 (English) application, on the ribbon, click Deployment, and then click Distribute
Content. The Distribute Content Wizard starts. Use the following settings to distribute content:
On the Content Destination page, add the New York DP distribution point group.
Accept the default settings for all other pages, and then complete the wizard.
2. In the Microsoft Office PowerPoint Viewer 2007 (English) Properties, at the Content Locations
tab, in the Distribution points or distribution point groups list, select \\NYC-CFG.Contoso.com,
and then click Validate. Accept all messages, and then close the properties window.
3. In the Configuration Manager console, in the Monitoring workspace, under Distribution Status,
select the Content Status node.
4. In the results pane, click Microsoft Office PowerPoint Viewer 2007 (English), and then review the
information in the preview pane. Observe that two distribution points were targeted, but Completion
Statistics show that 1 is reported as success and 1 is in progress.
5. In the preview pane, click the View Status link. A sticky node will appear in the navigation pane, and
in the results pane, you will see the Content Status for the selected package.
6. In the Configuration Manager console, under the Distribution Point Configuration Status node,
select \\NYC-CFG.Contoso.com, and then in the preview pane, click the Details tab. Review the
status messages related to content distribution.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-69
7. In the Configuration Manager console, in the Administration workspace, select the Distribution
Points node, and then access the Properties of \\NYC-CFG.Contoso.com.
8. In the \\NYC-CFG.Contoso.com Properties dialog box, at the Content tab, in the Deployment
packages list, click Microsoft Office PowerPoint Viewer 2007 (English), and then click Validate.
Accept all messages, and then close the properties window.
Results: At the end of this exercise, you should have distributed content and monitored the distribution
process.
MCT USE ONLY. STUDENT USE PROHIBITED
5-70 Data Replication and Content Management
On the General page, browse to drive C, and then save the file with the name
PowerPointViewer.
Accept the default settings for all other pages, and then complete the wizard.
2. At the command prompt, type the following, pressing Enter after each line:
CD C:\SMS_DP$\sms\Tools
extractcontent.exe /P:C:\PowerPointViewer.pkgx /S
2. In the results pane, click Microsoft Office PowerPoint Viewer 2007 (English), and then review the
information in the preview pane. Observe that two distribution points were targeted and Success is
now listed as 2.
Results: At the end of this exercise, you should have performed content prestaging.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 5-71
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-C and then click Revert.
10748A-NYC-CAS-C
10748A-NYC-CFG-C
10748A-NYC-SVR1-C
MCT USE ONLY. STUDENT USE PROHIBITED
5-72 Data Replication and Content Management
Modulle Revie
ew and Takeaw
ways
Rev
view Questiions
1. What are the two data replication metho ods used by Co onfiguration M
Manager 2012 tto replicate daata
between sitess, and what typ
pes of data are
e replicated byy each method
d?
2. How is hardw
ware inventory transferred fro
om a seconda ry site to the ccentral administration site?
4. How can you use Configura ation Managerr 2012 to transsfer content crreated in a prim
mary site from
m one
location to an
nother within the
t same site or
o between tw wo sites?
MCT USE ONLY. STUDENT USE PROHIBITED
6-1
Module 6
Planning and Completing System Center 2012 Configuration
Manager Client Deployment
Contents:
Lesson 1: Introduction to Discovery Methods 6-4
Module Overrview
Connfiguration Ma anager 2012 prrovides several methods for installing the Configuration n Manager 20112
clien
nt on compute er resources. This
T module co overs various c lient installatio
on methods, and then examines
the advantages an nd disadvantag ges of each method. You wi ll examine how w to choose th
he most appro
opriate
clien
nt installation methods to usse in your orga
anizations envvironment.
Lesson 1
Introduction to
t Disco
overy Methods
M s
To detect
d which innstalled clientss are still active ork, Configurattion Manager uses a special
e in the netwo
disccovery method d called Heartb
beat Discoveryy. This method does not disccover new com mputers; instead, it
ng clients that are active in the network.
rediiscovers existin
Overview
O of
o Resource Discoverry
In
n a multiple-sitte Configuratio
on Manager en nvironment, yoou can configu
ure discovery methods at different
le
evels in the hie
erarchy. The following table describes
d discovery met hods available
the d e in Configurattion
Manager
M 2012 and
a where you u can configurre them in a Co
onfiguration M
Manager hierarchy.
Active Directo
ory Forest Disccovery Central admministration sitte
Primary sitee
Active Directo
ory System Disscovery Primary sitee
Active Directo
ory Group Disccovery Primary sitee
Active Directo
ory User Discovery Primary sitee
When
W a discoveery method succcessfully disco
overs a resourrce, it creates a file that is refferred to as a
diiscovery data record
r mary site envirronment, DDRss are processed by the site server
(DDR). In a single prim
an
nd entered intto the Configuration Manage er database. Inn a multiple-sitte hierarchy, D DDRs created aat
primary and seccondary sites for
f the newly-d discovered ressources are forrwarded to the e central
ad
dministration site
s for processing. Then, the e information about the disccovered computers is replicaated by
daatabase replica
ation to primaary sites, makin
ng the discove ry data availabble at each site e in the hierarcchy,
re
egardless of whhere it was discovered or proocessed. Subseequent discoveeries for the exxisting resourcces, such
ass DDRs createdd by Heartbeat Discovery, arre processed a t the primary sites.
MCT USE ONLY. STUDENT USE PROHIBITED
6-6 Planning and Completing System Center 2012 Configuration Manager Client Deployment
A DDR is processed only once and then entered into the database at a primary site or central
administration site. After processing, the discovery data record file is deleted.
Discovery information entered into the database at one site is replicated to all primary sites in the
hierarchy by using the Configuration Manager database replication feature.
You can use Active Directory Forest Discovery to discover subnets and Active Directory sites, and then
add them as boundaries for the hierarchy.
When a primary site is in a different AD DS forest, you can enable and configure Active Directory
Forest Discovery at the central administration site, or at primary sites, to accommodate deployment
scenarios.
The Configuration Manager 2007 discovery method Active Directory Security Group Discovery is
called Active Directory Group Discovery in Configuration Manager 2012. It discovers groups and their
membership.
Active Directory System Discovery and Active Directory Group Discovery both support options to filter
out stale computer records based on the timestamp of the last logon or the last password change.
Active Directory System Discovery, Active Directory User Discovery, and Active Directory Group
Discovery all support delta discovery to detect changes performed in AD DS more frequently than by
using the default discovery schedule. Delta discovery differs from the Configuration Manager 2007 R3
version: it can detect when computers or users are added or removed from a group.
You will learn about each of these discovery methods and their available configuration settings in
upcoming topics, enabling you to choose the discovery methods most appropriate for your environment.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 2012 Configuration Mannager 6-7
Discovery
D Methods
M
Yo
ou can use a variety
v of resou
urce discovery methods withh Configuratio n Manager 20 012 to discoverr
re ur infrastructure, such as com
esources in you ps, user accou nts, and netwo
mputers, group ork infrastructure
to
opology.
Th
he following ta overy method s available and
able describes resource disco d how you use
e them.
Active Directo
ory Forest Disccovery Introduced in Con nfiguration Maanager 2012, tthis method diiscovers
Active Directory ssites and subneets, and can crreate Configurration
Man nager boundaaries for each ssite and IP subnet discovered d.
Active Directo
ory System Disscovery Disccovers computter systems froom AD DS. Add ditionally, it caan
disccover Active D irectory container names, likke the Configu uration
Man nager 2007 Acctive Directoryy System Group p Discovery do oes.
Active Directo
ory Group Disccovery Disccovers local, g lobal, and univversal groups and their
mem mbership from m AD DS.
Active Directo
ory User Discovery Disccovers users frrom the specifiied locations in AD DS.
When you choose which discovery methods to implement, consider what types of resources you need to
discover, such as computers, users, or groups. The following table lists various types of resources in a
typical corporate infrastructure, and the discovery methods that you can use to discover each type of
resource.
Users Active Directory User Discovery. User resources can be discovered using
Active Directory User Discovery. This method discovers users from AD DS and
includes basic information about users. You can use this information to build
queries and collections similar to those for computers.
Groups and their Active Directory Group Discovery. Groups and group memberships can be
membership discovered using Active Directory Group Discovery. This discovery method
creates resource records for security groups. Additionally, it identifies the
members of each group, and optionally any nested groups within that group.
Active Directory Group Discovery also discovers limited information about
group members. This does not replace Active Directory System or User
Discovery and is usually insufficient to build complex queries and collections
or serve as the base of a client push installation.
Infrastructure Active Directory Forest Discovery. You can use Active Directory Forest
Discovery to search an Active Directory forest for information about subnets
and Active Directory site configurations. These configurations can then be
automatically imported into Configuration Manager boundaries.
Network Discovery. To discover your network topology, you also can use
Network Discovery which can discover subnets and router topology of your
network in addition to computer resources.
Question: What discovery methods can you use to discover computer resources?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 2012 Configuration Mannager 6-9
Active
A Dire
ectory Disccovery Metthods for Systems, U
Users, and Groups
Yo
ou can use the
e following thrree Active Dire
ectory discoverry methods in Configuration
n Manager 201
12:
Thhese discoveryy methods are similar in conffiguration and d operation, thhe difference b
being the type of
in
nformation the ey retrieve. Youu can configurre each of thesse discovery m methods to search one or mo ore
Active Directoryy locations in the
t local forestt or in remote forests. If mulltiple instancess of these Activve
Directory discovvery methods are configured d on multiple primary sites i n a Configurattion Manager
hiierarchy, you should
s configuure the source location for eaach discovery method so that the same re esources
arre not discovered more than n once. In smalller environmeents you shoul d consider con nfiguring all A
Active
Directory discovvery methods from the same e location. You
u can configurre each method to perform a full
diiscovery and a delta discove ery, that is, disccover only cha nges, on a schhedule. The deefault schedule e for a
fu
ull discovery is once a week, and the defau ult schedule fo r a delta disco
overy is every ffive minutes. B
Because
deelta discovery only discoverss new resource es, the impact on AD DS and d network trafffic is reduced.
Active
A Directtory System
m Discovery
Active Directoryy System Disco overy searches for computerr resources in tthe administrator-specified A AD DS
lo
ocations. Active er records based on
e Directory Sysstem Discoveryy has the abilitty to filter obssolete compute
th
he lastLogonT TimeStamp an nd pwdLastSe et attributes in AD DS. To im prove the quaality of discove ery you
sh
hould identify old computer records in AD D DS by using a dsquery com mmand, and disable them be efore
coonfiguring disccovery. For a computer
c resource to be disccovered using Active Directo ory System Disscovery
it has to have th
he following:
A computer record in DNS. Active Directory System Discovery tries to resolve the name of each
computer resource to an IP address. If the DNS contains obsolete records, it might cause the
discovery of computers that are no longer active on the network. To avoid this, you should remove
obsolete records in DNS by activating DNS scavenging.
If the computer resource meets the preceding conditions, a DDR is generated for the computer and
populated with information that is used to identify the computer resource.
Active Directory System Discovery discovers basic information about the computer including the
following:
Computer name
In addition to the basic information, you can configure the discovery of extended attributes from AD DS
in the Active Directory System Discovery Properties dialog box on the Active Directory Attributes
tab.
Active Directory System Discovery includes functionality to discover Active Directory container names,
such as Organizational Units, which is available in Configuration Manager 2007 in Active Directory System
Group Discovery.
Active Directory User Discovery discovers basic information about the user account, including the
following:
User name
Domain
Groups
Groups membership
By default, Active Directory Group Discover only discovers security groups. To discover the membership of
distribution groups, you must select the checkbox for the option Discover the membership of
distribution groups in the Active Directory Group Discovery Properties dialog box on the Option
tab.
There are two options when configuring Active Directory Group Discovery searches:
Location. You can search one or more Active Directory containers, that is, a forest, domain, container
or OU. You can use a recursive search of the specified Active Directory container so that all child
containers under the container you specify are searched as well. This process continues until no more
child containers are found.
Groups. You can specify one or more Active Directory groups. When configuring this option you can
use the default domain and forest for the site, or limit the search to an individual domain controller. If
you do not specify at least one group, this method performs a location search of the location
specified.
You can use both of these options more than once and at the same time. For example, you might want to
find all the members of all groups in a particular location (forest, domain, container or OU) plus all the
members of one particular group in a different location.
Discovery Meethods. Here yo ou can enablee Active Directo hierarchy. You also
ory Forest Disccovery in the h
can configuree a simple scheedule to run discovery, and sspecify whetheer it should au
utomatically crreate
boundaries frrom the IP subbnets and Activve Directory sittes discovered
d in the Active Directory Foreest(s).
Active Directo
ory Forest Disccovery cannot be run at a seecondary site. YYou also can trigger a discovvery
cycle on dem
mand.
Active Directo
ory Forests. Heere you configure the additio onal Active Directory forestss that you wannt to
discover, speccify the accounnt to use as the Active Direcctory Forest Acccount for each h forest, and
configure pub blishing to eacch forest. Additionally, you ccan specify thee discovery of IP subnets andd
Active Directo
ory sites.
The following infoormation is published to AD DS when you enable publisshing for an Acctive Directoryy
fore
est if the schem
ma was previouusly extended and configureed for Configu
uration Manager publishing:
SMS-Site-<sitte code>
To publish data into AD DS, each site server must have full permissions on the System Management
container and all descendant objects. Secondary sites always use the secondary site server computer
account to publish to AD DS, so you must ensure that secondary site servers also have full permissions.
You can configure Active Directory Forest Discovery at the central administration site or any primary site
in the hierarchy. To avoid conflicts with discovery data you should not configure multiple sites to discover
the same Active Directory Forest.
Active Directory Forest Discovery actions are recorded in the following logs, found in the
<InstallationPath>\Logs folder on the site server:
All actions, with the exception of actions related to publishing, are recorded in the ADForestDisc.log.
Active Directory Forest Discovery publishing actions are recorded in the hman.log.
Question: How are IP subnets that are discovered by Active Directory Forest Discovery used
by Configuration Manager?
MCT USE ONLY. STUDENT USE PROHIBITED
6-14 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Wh
hat Is Netw
work Disco
overy?
r a Microsoft implementa
Servers that run ation of DHCP
P.
Address Reso
olution Protoco
ol (ARP) cachess in routers.
SNMP-enable
ed devices.
NetBIOS nam
me
IP addresses
Resource dom
main
System roles
SNMP community name
MAC addresses
To configure Network Discovery, you must specify the level of discovery, as outlined in the following
table.
Topology This level discovers routers and subnets but does not identify a subnet mask
for objects.
Topology and client In addition to topology, this level discovers potential clients such as
computers, and resources such as printers and routers. This level of discovery
attempts to identify the subnet mask of objects it finds.
Topology, client, and In addition to topology and potential clients, this level attempts to discover
client operating system the computer operating system name and version. This level uses Windows
Browser service and Windows Networking calls.
For Network Discovery to discover an object, it must identify the object IP address and then identify its
subnet mask or Active Directory site membership. It then creates a DDR for that object. If Network
Discovery cannot determine the subnet mask or Active Directory site membership of an object, it does not
create a DDR.
To discover computer resources, you must configure at least the Topology and client discovery level.
Domains. Network Discovery discovers any computer from the specified domain that is visible when
browsing the network. Network Discovery retrieves the IP address and then uses an Internet Control
Message Protocol echo request to ping each device that it finds to determine which computers are
currently active. It then initiates Windows networking API calls to the resource to discover its
operating system information.
SNMP. Network Discovery retrieves the ipNetToMediaTable value from any SNMP device that
responds to the query. The ipNetToMediaTable value returns arrays of IP addresses that are client
computers or other resources, such as printers, routers, or other IP-addressable devices.
DHCP. Network Discovery queries Microsoft DHCP servers for a list of devices that are registered with
each server. Network Discovery retrieves information by using remote procedure calls to the database
on the DHCP server. Network Discovery supports only DHCP servers that run the Microsoft
implementation of DHCP.
Subnets. You can configure the subnets that Network Discovery queries when it uses the SNMP and
DHCP options. Only the enabled subnets are searched by these two options.
SNMP community names. You can specify SNMP community names to be used by Network Discovery
to query SNMP devices.
Maximum hops. You limit the number of network segments and routers that Network Discovery can
query by using SNMP.
MCT USE ONLY. STUDENT USE PROHIBITED
6-16 Planning and Completing System Center 2012 Configuration Manager Client Deployment
To identify the subnet mask, Network Discovery uses the following methods:
Router ARP cache. Network Discovery queries the ARP cache of a router to find subnet information.
DHCP. Network Discovery queries each administrator-specified DHCP server to discover the devices
for which the DHCP server has provided a lease.
SNMP device. Network Discovery directly queries a SNMP device, and then makes an additional call
to obtain the subnet mask information.
Question: What level of Network Discovery must you configure to discover computers?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 6-17
What
W Is He
eartbeat Diiscovery?
Heartbeat Disco overy is a discoovery method included in Co onfiguration M Manager 2012 that rediscove ers
exxisting computters that have the Configura ation Managerr client installeed and are active in the netwwork. It is
ussed by Configu uration Manag ger to maintainn the records o
of active clientts in the datab
base, and to fo
orce
diiscovery of acttive clients that might have been
b removedd from the dataabase or that have been insttalled
an
nd not discove ered by anothe er discovery method.
m
Th
he following list describes th
he functions off Heartbeat Di scovery:
Heartbeat Discovery
D is en
nabled by defaault and runs o
on a schedule on each comp puter client to create a
DDR for He t Heartbeat Discovery reccord, the clientt computer mu
eartbeat Discovvery. To send the ust be
able to con
ntact a manageement point.
Heartbeat Discovery
D provvides details ab
bout the clientt installation sttatus by updatting a system
resource cliient attribute to
t active status.
Clear In
nstall Flag. This maintenancee task is not en nabled by defaault. If you enaable this task, tthe
defaultt schedule is 000:00 and 05:00
0 every Sundayy. Any client th hat has not submitted a Heaartbeat
DDR within
w the past 21 days has th g cleared. This forces a reinsttall of the clien
heir install flag nt if the
client push
p installatio
on method is enabled.
e
MCT USE ONLY. STUDENT USE PROHIBITED
6-18 Planning and Completing System Center 2012 Configuration Manager Client Deployment
Delete Aged Discovery Data. By default, this maintenance task is enabled and runs between 00:00
and 05:00 every Saturday. By default, any discovery data that is over 90 days old is removed. If a
DDR for the resource has not added in the past 90 days, everything relevant to that resource is
deleted from the Configuration Manager database.
This task affects all types of resources: systems, users and groups. This task removes from the
database records about discovered computers that have not had the Configuration Manager
client installed during the last 90 days.
Delete Inactive Client Discovery Data. By default, this maintenance task is not enabled. If you
enable this task, the default schedule is 00:00 to 05:00 every Saturday. The Delete Inactive Client
Discovery Data task is similar to the Delete Aged Discovery Data task; however, this task operates
only on resources that are Configuration Manager clients. When you enable this task, records for
inactive clients that have not sent a heartbeat during the last 90 days are removed from the
database.
You cannot configure Heartbeat Discovery on secondary sites, but secondary sites can receive the
Heartbeat DDR from a client and forward it to the primary site.
Question: If you change the default schedule for Heartbeat Discovery, you should ensure
that Heartbeat Discovery runs more frequently than what site maintenance tasks?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 6-19
Discussion:
D Planning Discovery
y
Only
O the Heartbbeat discovery method is enabled by defauult. You can m
modify this metthod, but you should
no
ot disable it. Depending
D n to manage, yyou can enablee any or all of the Heartbeatt
on what you plan
diiscovery metho ods.
Th
he following ta
able provides a summary of the discovery methods.
Discovery Me
ethod Defa
ault Schedule Desccription
Active Directo
ory Oncce a week fromm when Disccovers computers in AD DS from the speccified
System Discovvery it is enabled and delta
d Forrest(s), Domain
n(s) and contaiiner(s).
discovery every fivve Active Directoryy attributes for the
Disccovers basic A
minutes. com
mputers.
Active Directo
ory Oncce a week fromm when Disccovers users in
n AD DS from the specified
User Discoverry it is enabled and delta
d Forrest(s), Domainn(s), and contaainer(s).
discovery every fivve Disccovers basic A
Active Directoryy attributes for the
minutes. useers.
Active Directo
ory Oncce a week fromm when Disccovers groupss and group memberships in n AD DS
Group Discovvery it is enabled and delta
d from
m the specifiedd Forest(s), Do
omain(s), and
discovery every fivve conntainer(s).
minutes. Disccovers minimaal information about the gro oup
me mbers.
Active Directo
ory Oncce a week from
m when Disccovers the IP SSubnets and A
Active Directoryy Sites
Forest Discovery it is enabled. deffined in a specified Active Diirectory Forestt.
MCT USE ONLY. STUDENT USE PROHIBITED
6-20 Planning and Completing System Center 2012 Configuration Manager Client Deployment
(continued)
Network Discovery Once, running for two Discovers Network Devices that respond to the
hours when it is enabled. configured network discovery method.
Heartbeat Discovery Once a week from when Client systems generate a new DDR to keep their
the client is installed. data active in the Configuration Manager database.
Considering your environment, discuss the following questions with the rest of the class:
Question: For the Discovery methods you would enable, how do you think you would
schedule them?
Question: If you are going to enable Active Directory System Discovery or Active Directory
User Discovery, would you enable additional attributes as well?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 6-21
Lesson
n2
Introd
duction
n to Con
nfigurattion Maanager 2
2012 Client
Deplooymentt
Yo
ou can install Configuration
C Manager clien
nts by using a variety of metthods. Regardlless of the metthod
yo
ou choose, you u always start the
t installation
n of the Config
guration Manaager clients byy using either
CCMSetup.exe or o CCMSetup.msi, which is a bootstrap forr CCMSetup.exxe.
Th
his lesson cove
ers the client in
nstallation pro
ocess and the C
CCMSetup parrameters that yyou can use w
with
CCMSetup.exe tot control the deployment process.
p
Yoou will examinne typical Conffiguration Mannager client insstallation methhods and Configuration Manager
sitte systems involved in clientt deployment. This lesson alsso discusses th
he role of AD D
DS in client
deeployment.
After completin
ng this lesson, you
y will be able to:
Explain the importance and the role of AD DS in the client deploym
ment process.
Describe th
he site systems used during the
t client depl oyment proceess.
Describe th
he requirementts for client insstallation.
Describe th on Manager client installatio
he Configuratio on process.
The Role of AD
A DS in Client
C Dep
ployment
Alth
hough it is not mandatory, you can extend d AD DS to sim mplify the man agement of yo our Configurattion
Mannager site. Exte ending the AD D DS schema and publishing Configuration n Manager info ormation in AD DS
nt installation process by auttomatically pro
simplifies the clien oviding the installation paraameters you
configured. You canc use AD DS publishing with any installa tion method tto allow for au utomatic site
assignment. AD DS D publishing also
a enables yo h the name of the managem
ou to provide tthe client with ment
poin
nt it communicates with, and d provide additional informaation to the client.
The managem
ment point use ad content for the client instaallation.
ed to downloa
The HTTPS po
ort used for cliient communiccation.
Extending the Active Directory schema is an irreversible forest-wide action that you only need to perform
once per forest. When deploying Configuration Manager 2012 in a multiple-forest environment, you need
to extend the schema in each forest to which you want to publish information.
If the schema has already been extended for Configuration Manager 2007, you do not need to extend it
again. A future service pack might extend the schema further which would require you to extend the
schema again. Only a member of the Schema Admins group or an administrator that has sufficient
permissions to modify the schema can extend it.
If you extend the schema before installation, Configuration Manager automatically configures the site to
publish site information during installation, and publishes site information to AD DS at the completion of
installation. However, you can extend the schema after installation of Configuration Manager, and then
manually configure the site to publish to AD DS.
Note Extending the Active Directory schema for Configuration Manager 2012 was
discussed in Module 2, Planning and Deploying a Stand-Alone Environment.
Question: Are you planning on extending the Active Directory schema in your environment?
MCT USE ONLY. STUDENT USE PROHIBITED
6-24 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Ma
anagement point
A management
m point is required to completee the client insttallation proceess, although yyou can install the
clien
nt componentts successfully without one. The T installation n process is co
ompleted when n the client haas
regiistered with a primary site, iss assigned its initial policy, a nd the client rretrieves the policy. This initiial
policy sets the com mponents to their
t desired sttate. In most innstallation metthods, the clieent downloads the
necessary files fro om a managem ment point; othher installationn methods utilize a distributiion point. Afte er the
installation progra am completes the client con ntacts the man agement poin nt to register ittself and obtain its
site assignment; itt then reports the state of thhe installation. If the client caannot contact the managem ment
poinnt, all the clien
nt componentss show as insta alled instead o of enabled or d disabled.
1. Setup Parame
eters. As part of
o the installation command , you can speccify a managem
ment point.
4. Windows Inte
ernet Name Se ervice (WINS). A managemen
nt point autom
matically updates its WINS re
ecord
with appropriate informatio
on.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-25
Automatic client assignment is based on boundaries that are members of a boundary group that has
automatic assignment enabled. In previous versions of Configuration Manager, if clients were to fall
outside of all boundaries, automatic site assignment would fail and clients would not be managed. With
Configuration Manager 2012, you can configure a fallback site for client assignment at the hierarchy level.
If you install a client that is outside of any of the configured boundary groups, the automatic site
assignment process uses this site and the installation process completes successfully.
Additionally, Configuration Manager client deployment reports use data sent by clients through the
fallback status point.
Mobile devices enrolled by Configuration Manager and mobile devices managed by using the Exchange
Server connector do not use a fallback status point.
Distribution point
Most client installation methods copy the necessary installation files from a management point. In certain
circumstances, the installation process uses a distribution point instead. When you deploy an operating
system by using the Configuration Manager operating system deployment feature, the task sequence
action that installs the client software downloads it from a distribution point. Additionally, if you use a
pre-boot execution environment (PXE) boot in conjunction with operating system deployment, the PXE
server is installed on the distribution point.
When you upgrade the client using software distribution, the installation package is downloaded from a
distribution point. The installation of the Window CE client also uses a distribution point.
Bo
oundaries and
a Bound
dary Group
ps
Inte
ernet-based clients or clientss that are confiigured as Interrnet-only clien
nts do not use boundary
info
ormation. Because these clien nts cannot usee automatic sitte assignment, when the disttribution pointt is
configured to allo
ow client conne ections from the Internet th ey always dow wnload content from any
distribution point in their assign
ned site.
Bou
undaries
Each
h boundary re epresents a nettwork location located within n your hierarchy. A boundarry does not en nable
you to manage clients at the neetwork location d to identify aavailable netwo
n; it is just used ork locations. T
To
mannage a client, the
t boundary must be a mem mber of a bou undary group.
A bo
oundary can be
b defined usin
ng an:
IP subnet. You can specify an
a IP address and
a subnet maask and Config
guration Manaager calculatess the
subnet ID, or you can proviide the subnett ID.
ory site name. You can speciify any sites deefined in your AD DS environment.
Active Directo
IPv6 Prefix. Yo
ou can use an IPv6 prefix forr a boundary i f you are using
g IPv6 in your environment.
IP address ran
nge. You can specify
s a range
e of IP addressses if you wantt to limit your boundaries.
An administrator
a can manually create bounda aries, or Config
guration Manaager 2012 can automaticallyy
ate IP address range bounda
crea aries by using the
t Active Direectory Forest D Discovery method. Using IP
adddress ranges to
o define bound daries is recom
mmended insteead of using IP P subnets, becaause IP address
rangges do not relyy on the subne
et mask being configured co orrectly at the client.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-27
Boundary Groups
Boundary groups contain one or more boundaries. They allow clients on the intranet to find an assigned
site and locate content.
Boundary groups are functionally equivalent to Configuration Manager 2007 boundaries and are
associated with sites. Clients use them to identify the site to which they are assigned, and use them to
locate content.
Site Assignment
A client can use boundary groups for automatic site assignment by finding an appropriate site to join,
based on the clients current network location. You must enable the Use this boundary group for site
assignment setting to enable automatic site assignment to use a particular boundary. This setting is
located in the boundary groups Properties dialog box, on the References tab. At the same time you
enable a boundary group for automatic site assignment, you also configure the site the clients will be
assigned to. Boundary group information is published into AD DS and queried by the client after
installation. After a client is assigned to a site, the client does not automatically change that site
assignment. For example, if the client roams to a different network location that is represented by a
boundary in a boundary group for a site other than the clients assigned site, the clients assigned site
remains unchanged.
Content location
Clients also use boundary groups to identify available distribution points or state migration points, based
upon the clients current network location. When configuring a boundary group you specify the
distribution points, and state migration points that clients use within one of the boundaries of the
boundary group.
When a client requests content, it retrieves a list of all distribution points that contain the content from all
the boundary groups that the client is in. The client then downloads the content from the distribution
point that is determined to be the best choice, based on the boundary and the speed of the boundary.
Depending on the complexity of your environment, you might decide to create two sets of boundary
groups-----one for site assignment and one for content location-----so you can configure the boundary
groups used for content location to contain overlapping boundaries and not affect site assignment.
Ho
ow Clients Locate Sitte Systemss
Client systems com mmunicate to Configuration n Manager thro ough manageement points: e either Internett-
baseed manageme ent points or in
ntranet manag gement points.. If clients are unable to com
mmunicate with ha
man nagement poin nt they send a message to a fallback statu
us point, if conffigured; howevver, they cann
not
retrieve policy witthout commun nicating with a managementt point.
Because of this, it is imperative that clients loccate and comm municate with a management point for th he site
thatt they are assig
gned to. Clientts communicatte to the manaagement point through eith her HTTP or HT TTPS;
therrefore, any inte
ervening firew
walls must allow w the traffic. T here are severral methods fo or the client
to lo
ocate a manag gement point. It is preferablee to use AD DSS because, bessides providing g the location of
the management point, AD DS also can update the commu unication settinngs for the clie
ents. For instannce, if
the communicatio on ports were changed, the client can retr ieve this inform mation from A AD DS before
atte
empting to com mmunicate. Th he following methods
m are ussed, in the ordeer listed, by th
he clients to loccate
site systems:
AD
D DS
AD DS is the prefeerred method for clients to locate site systtems. To use th
his method, th
he following
prerrequisites musst be met:
DN
NS
DNS S can be used by clients to lo
ocate a manag gement point, however this method has so ome specific D
DNS
system requireme ally, if you use this as your prrimary method
ents. Additiona d for locating management
poin
nts, the client will
w not be auttomatically updated if you m make changes to the commu unication portss.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-29
Clients on the intranet are located in a forest that is not enabled for Configuration Manager
publishing.
Clients are on workgroup computers and are not configured for Internet-only client management.
To use this method, the following prerequisites must be met:
You must assign the clients to a specific site rather than use automatic site assignment.
You must configure a client property that specifies the domain suffix of the management point.
Your DNS servers must support service location resource records, by using a version of BIND that is at
least 8.1.2.
The intranet FQDNs for the Configuration Manager site systems have corresponding host entries in
DNS.
When your DNS servers support automatic updates, you can configure Configuration Manager 2012 to
automatically publish management points on the intranet to DNS.
WINS
When other service location mechanisms fail, clients can find an initial management point by checking
WINS:
The first management point in the primary site that is configured to accept HTTP client connections is
automatically published to WINS.
When the clients connect to this management point, they download a list of other management
points and can use them for subsequent connections.
If you do not want clients to locate a management point using WINS, configure clients with the
CCMSetup.exe Client.msi property SMSDIRECTORYLOOKUP=NOWINS.
Note In Configuration Manager 2007, clients also used the Server Locator Point to locate
site systems. This method is not available in Configuration Manager 2012.
Question: Under what circumstances can you use DNS for service location?
MCT USE ONLY. STUDENT USE PROHIBITED
6-30 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Pre
erequisitess for Installling Clients
You
u should be fam
miliar with the client softwarre prerequisitees necessary fo
or a successful Configuration
n
nager client installation.
Man
Pre
erequisites for
f Computter Clients
Connfiguration Maanager 2012 suupports client computers run nning the Win dows XP Serviice Pack 3 or n
newer
(or Windows
W XP SP2
S or newer iff they are 64-bbit systems) fo r desktop opeerating systemss, or Windows
Servver 2003 SP2 or newer for server
s operatin
ng systems.
The following table lists the softtware prerequisites that musst be installed on the compu uters on which
h you
plan
n to install the Configurationn Manager clie
ent. These softw ware prerequi sites are includ
ded by defaultt in
the operating systtem on all Win ndows versionss supported foor client installation, providin
ng that the
opeerating system is updated to the latest servvice pack versi on. Because thhey are not doownloaded or
installed by CCMS Setup, you must ensure that they are preseent before you u attempt to innstall the
Connfiguration Ma anager client.
So
oftware prereq
quisites extern
nal to
Co
onfiguration Manager
M Description
D
Microsoft
M Backgground Intelliggent Background I ntelligent Tran nsfer Service (B
BITS) is a
Trransfer Service
e (BITS) version
n 2.5 or prerequisite foor installing th
he Configuratioon Manager client.
neewer BITS is includeed by default o on all supported operating
system versio ns for client innstallation; you
u do not need to
download or install it. If BITTS is not presen
nt, you need to
verify the servvice pack version for the ope erating system
m.
Windows
W Installer version 3.1.4000.2435 Required to s upport the usee of Windows Installer update
or newer must be
b installed (.msp) files fo r packages an d software updates.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-31
The following table lists the software prerequisites that are downloaded and installed automatically by
CCMSetup before client installation if they are not already installed on the client computer.
Windows Update Agent version 7.0.6000.363 Required by Windows to support update detection
and deployment.
Microsoft Core XML Services (MSXML) version Required to support the processing of XML
6.20.5002 or newer documents in Windows.
Microsoft Remote Differential Compression Required to optimize data transmission over the
network. This is a Windows feature.
Microsoft Visual C++ 2005 Redistributable Required to support Microsoft SQL Server Compact
version 8.0.50727.42 operations.
Microsoft SQL Server Compact 3.5 SP2 Required to store information related to client
components operations.
Microsoft Windows Imaging Components Required by Microsoft .NET Framework 4.0 for
Windows Server 2003 or Windows XP SP2 for 64-bit
computers.
To accelerate the Configuration Manager client deployment process, you can pre-deploy some of these
software prerequisites on the target computers before attempting to install the Configuration Manager
client. You can use alternate deployment methods, such as WSUS, or include the software prerequisites in
the images you use to deploy operating systems.
Question: If your environment contained computers that were running Windows XP SP1,
what do you need to be able to install the Configuration Manager client?
MCT USE ONLY. STUDENT USE PROHIBITED
6-32 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Ov
verview of the Clientt Installatio
on Processs
CCM
MSetup.exe
e
CCM
MSetup.exe ge
enerally beginss the client insttallation proceess and is run iin all client insstallation meth
hods.
CCM
MSetup performs the followiing actions:
Determine the location from m which to do ownload client prerequisites and installatioon files. If you start
CCMSetup wiithout command-line option ns, and if you h
have extended d the AD DS scchema for
Configuration n Manager, thee setup processs reads the cliient installation properties frrom AD DS to find
an appropriatte management point. If you u have not exttended the Acttive Directory schema, CCMSSetup
searches DNS S or Windows Internet Naming Service (W INS) for a man nagement poin nt to contact.
Alternatively, you can speciify a specific management
m p
point by provid ding the /mp:< <ComputerNa ame>
switch, or a sp
pecific UNC lo
ocation using the /source:paath switch.
Download the e client prereq es include the Client.msi fil e and any of tthe prerequisitte files
quisite files. File
previously disscussed that arre missing.
Client.msi
After CCMSetup installs the required prerequisites on the intended client, CCMSetup invokes Client.msi.
This Windows Installer file installs the client on the system.
You can modify the Client.msi installation behavior by providing specific properties on the CCMSetup.exe
command line. Alternatively, you can specify the properties on the Installation Properties tab of the
Client Push Installation Properties dialog box. These settings are then published to AD DS and used by
several installation methods.
CCMSetup.msi
The Configuration Manager installation process uses the CCMSetup.msi Windows installer file when using
an AD DS Group Policy to publish or assign the Configuration Manager client to computers. This file is
located in the <installation directory>\bin\i386 folder on the Configuration Manager site server.
Client Assignment
After client installation is complete, you must assign the client to a site so that the client can be managed.
You can assign client devices to any primary site; however, you cannot assign client devices to either a
secondary site or a central administration site.
Most clients reside within site assignment boundary groups and are automatically assigned based on the
boundary definition. You can configure a site in the hierarchy settings as a fallback site, so that when a site
is selected, the clients are assigned to it if they are outside the configured boundary groups of all defined
sites. You also can directly assign a client to a site through a client.msi option either directly or through
the Client tab of the Client Push Installation Properties dialog box.
If you have not extended AD DS then you have the following two options for site assignment:
You can specify a site code by using the client.msi property SMSSITECODE=<sitecode>.
You can manually assign a group of clients to a site by using Group Policy.
You also can choose to install a client offline and not immediately assign it to a site. The client cannot be
managed until it is assigned to a site.
After the client is assigned to a site, it remains assigned to that site, even if the client changes its IP
address and roams to another site. Only an administrator can manually assign the client to another site.
If the client auto-assignment fails, the client software remains installed, but it will not be managed by
Configuration Manager until Configuration Manager locates a site. If the client is unassigned, each time
the CCMExec process starts, it attempts to perform auto-assignment.
Question: How is the management point used during the client deployment process?
Question: Which executable determines the location of the source files and then downloads
them to start the Configuration Manager client installation process?
MCT USE ONLY. STUDENT USE PROHIBITED
6-34 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
If yo he Active Direcctory schema, you can publiish client installation propertties in AD DS. When
ou extended th
you run CCMSetu up.exe without parameters it will try to rea d these propeerties from AD DS.
CCM
MSetup.exe
e Switches
CCM MSetup.exe swwitches allow yoou to specify the n properties off the Configuraation Manager
t installation
clien
nt. These switcches can be supplied in a command line w when using thee manual installation or logo
on
installation methoods or read fro
om AD DS. CCM MSetup.exe alsso can be usedd to provide th
he properties ffor
clien
nt.msi when using these metthods.
CC
CMSetup.exe /[CCMSetup
/ sw
witch] [clien
nt.msi setup properties]
The following table lists a few ofo the switches supported byy ccmsetup.exee. For a comple ete list of the
avaiilable settings, refer to Abou
ut Configuratio
on Manager C on Properties at
Client Installatio
http
p://go.microso oft.com/fwlink//?LinkID=2477 706.
CC
CMSetup switcch Purposse
/ssource:<Path>
> Speciffies the location from which to download iinstallation filees. You can use
ea
local or
o UNC installa ation path. Filees are downloaaded by using the server
message block (SMB B) protocol. Thhe Windows usser account that is used for cclient
installa
ation must havve Read permiissions to the iinstallation loccation.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-35
(continued)
/mp:<Computer> Specifies the source management point for downloading installation files. Files
are downloaded over an HTTP or HTTPS connection, depending on the
management configuration for client connections. This download uses Microsoft
Background Intelligent Transfer Service (BITS) throttling, if BITS throttling is
configured. If the management point is configured for HTTPS client connections
only, you must verify that the client computer has a valid public key
infrastructure (PKI) client certificate.
/retry:<Minutes> Specifies the retry interval if CCMSetup.exe fails to download installation files.
The default value is 10 minutes. CCMSetup continues to retry until it reaches the
limit specified in the downloadtimeout installation property.
/forcereboot Specifies that CCMSetup.exe should force the client computer to restart if this is
necessary to complete the client installation. If this option is not specified,
CCMSetup.exe exits when a restart is necessary and then continues after the next
manual restart.
Client.msi Properties
The client.msi file supports options that control the installation behavior as well as the configuration of
the Configuration Manager client. You can specify the options on a command line or if you are using the
client push installation method, you specify the properties in the Client tab of the Client Push
Installation Properties dialog box.
The following table describes a few of the properties that can be used to modify the installation behavior
of client.msi. For a complete list of the available settings, refer to About Configuration Manager Client
Installation Properties at http://go.microsoft.com/fwlink/?LinkID=247706.
SMSSITECODE=<site code> Specifies the Configuration Manager site to assign the Configuration
Manager client to.
This can either be a three-character site code or the word AUTO. If
AUTO is specified, or if this property is not specified, the client
attempts to determine its Configuration Manager site assignment
from AD DS or from a specified management point. Unless you are
using a stand-alone design, you should refrain from using the AUTO
option.
FSP=<fallback status point> Specifies the fallback status point that receives and processes state
messages sent by Configuration Manager client computers.
Question: What should you type at a command prompt to install the Configuration
Manager client from a network share, and to specify that the client should use the NYC site
code and NYC-CFG.Contoso.com as the management point after installation?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 6-37
Overview
O of
o Client Deploymen
nt Method s
To
o efficiently de
eploy the Conffiguration Mannager client co
omponents to potential reso ources, you nee ed to
de
ecide which de eployment me ethod to use. You
Y should con nsider the detaails of each insstallation meth
hod,
an
nd decide whicch is best for your
y environm
ment.
Th
he client deplo
oyment metho
ods are:
Client push
h installation. This
T method pu ushes the Con figuration Manager client so oftware to clie
ent
computers. You can auto omate this deployment meth hod so that clieent installationn occurs on sysstems
that are asssigned to the site,
s or you can
n manually inittiate a client p
push installatio
on to any disco
overed
system thatt is supported for client insta
allation.
Software up pdate point installation. Youu can use this m method to pub blish the Confiiguration Man nager
client installlation program
m (CCMSetup.exe) as a softw ware update to o a software update point. T This is
useful if WSSUS is already in use in the environment
e a nd especially iif the Window
ws firewall is en
nabled
and not configured to support the othe er installation methods.
Upgrade installation (software distribution). This method allows you to upgrade existing client
software on computers to newer versions of Configuration Manager.
Operating System Deployment. When using operating system deployment to deploy a new operating
system, or upgrade an existing one, you include the Configuration Manager client as part of the
operating system deployment process.
Computer imaging. This method allows you to preinstall the Configuration Manager client software
on a master image computer that is used to build your enterprises computers.
The following table outlines the advantages and disadvantages for the various client deployment
methods.
Client deployment
method Advantages Disadvantages
Client push You can use this method to Can cause high network traffic
installation push to a single computer, a when pushing to large
collection, or to the results collections.
from a query. You can use this only on
You can use this method to computers that Configuration
install the client automatically Manager has discovered.
on discovered computers. You must specify a client push
Uses client-installation installation account, which has
properties defined on the administrative rights to the
Installation Properties tab of intended client computer. If you
the Client Push Installation do not configure an account,
Properties dialog box. Configuration Manager tries to
use the site system computer
account, which would then need
to have administrative rights on
the target client.
You must configure the Windows
firewall on client computers and
all firewalls between the clients
and site server with exceptions to
allow client push installation to
complete.
Group Policy Does not require you to Can cause high network traffic if
installation discover computers before a large number of clients are
you can install the client. being installed.
You can use this method for If the Active Directory schema is
new client installations, or for not extended for Configuration
upgrades. Manager, or the site is not
If the Active Directory schema published to AD DS, you must
has been extended, use Group Policy to add client-
computers can read installation properties to
installation properties computers in your site.
published to AD DS. Works only for systems that
Does not require belong to an Active Directory
administrative rights on client domain.
computers. Group Policies are applied to
Does not require firewall computers at reboot only, so
exceptions to be configured. installation might be delayed.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-39
(continued)
Client deployment
method Advantages Disadvantages
Logon script Does not require computers Can cause high network traffic if
installation to be discovered before the a large number of clients are
client can be installed. being installed over a short time
Supports using command-line period.
properties for CCMSetup. Requires the logged on user to
Does not require firewall be a local admin for the
exceptions to be configured. computer.
MCT USE ONLY. STUDENT USE PROHIBITED
6-40 Planning and Completing System Center 2012 Configuration Manager Client Deployment
(continued)
Client deployment
method Advantages Disadvantages
Upgrade installation Can leverage the Can cause high network traffic
(software distribution) Configuration Manager when distributing the client to
features to, at a defined time, large collections.
upgrade clients organized by Can only be used to upgrade the
collections. client software on computers
Supports using command-line that have been discovered and
properties for CCMSetup. assigned to the site.
Does not require
administrative rights on client
computers.
Does not require firewall
exceptions to be configured.
Discussion:
D Planning for Client Deployment
Question: Are
A you planning on extending the Activee Directory sch
hema?
Question: Do you plan too use a fallbacck status point in your enviro
onment? If so, are you
going to co
onfigure multip
ple fallback sta
atus points?
Question: What
W w you use to plan your bou
criteria will undaries?
Question: Will
W you use se
eparate bound
daries for site aassignment an
nd content locaation?
MCT USE ONLY. STUDENT USE PROHIBITED
6-42 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Lesson 3
Deploy
ying Co
onfigura
ation Managerr 2012 C
Clients
To install the Configuration Manager client, the target systeems must meeet certain prere equisites. Some of
the prerequisites are
a downloade ed and installeed automatica lly during clien
nt setup, but o
others must bee
installed on the ta
arget system before
b installing the Configu ration Manageer client.
Thiss lesson discusses how to deploy clients byy using the folllowing client d
deployment m
methods:
Client push
Software upd
date point
Group Policy
Login script
Manual installlation
Client upgrad
de
Describe usin
ng software update point to install Configu
uration Manag
ger clients.
In
nstalling Clients
C by Using
U Client Push
Yo
ou can use thee client push in
nstallation metthod to deployy the Configurration Manageer client to sup
pport
co
omputer systems that have been
b discovere
ed and that haave a discoveryy data record (DDR) registerred in
th
he site databasse.
Yo ent push to insstall the client on domain-baased computers discovered using Active
ou can use clie
Discovery methods, or on workgroup comp puters discoverred using Netw work Discoveryy. You must provide
lo
ocal administraator credentials by configurin ng the client p on method to use an accoun
push installatio nt that
haas local admin
nistrator permissions on the target
t computters.
Yo
ou can automa ate the client push
p installatio ng client push installation site
on for the entiire site by usin
se
ettings. You alsso can manuallly initiate this installation foor individual syystems or for e
entire collectio
ons by
ussing the Clientt Push Installattion Wizard. Th he primary diffference betweeen the autom matic and manu ual
methods
m occurss at the time th he installation is initiated:
Whether
W you usse only one of these method
ds or both, certtain client pussh installation properties mu
ust be
co
onfigured.
When
W you perfoorm a client puush installation
n, if the site seerver cannot co ontact the client computer o or start
th
he setup proce ess, it automatically repeats the
t installation n attempt everry hour for up to seven dayss, unless
it succeeds prioor to the seven-day period. To T help track th he client installlation processs, install a fallb
back
sttatus point site
e system before you install clients, which c lients automattically use whe en client push installs
th
hem.
MCT USE ONLY. STUDENT USE PROHIBITED
6-44 Planning and Completing System Center 2012 Configuration Manager Client Deployment
You configure automatic client push installation on the General tab of the Client Push Installation
Properties dialog box. After enabling the automatic client push installation, you can choose what types of
systems will be automatically installed. You can configure the following options:
Enable automatic site-wide client push installation. This check box allows you to enable or disable
automatic client push installation.
Servers. This check box allows you to enable or disable automatic push installation to server
systems.
Workstations. This check box allows you to enable or disable automatic push installation to
workstations systems.
Configuration Manager site system servers. This check box allows you to enable or disable
automatic push installation to Configuration Manager site system servers.
You can control automatic installation to domain controllers by using the following options:
Never install the Configuration Manager client on domain controllers unless specified in
the Client Push Installation Wizard
Accounts tab
You can use the Accounts tab to list the accounts that are used to attempt a client push installation. The
installation must use an account with Administrative rights on the client system that is targeted. If more
than one account is listed, installation is attempted by using each account starting at the top and working
down the list until the installation can be completed or until all accounts have been tried. If you do not
specify at least one client push installation account, Configuration Manager tries to use the site system
computer account.
Note The password for the client push installation account is limited to 38 characters
or less.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-45
After you have launched the Install Client Wizard, you have the following options:
Allow the Client software to be installed on domain controllers. This check box allows you to
enable of disable the push installation to domain controllers.
Always install the client software. Checking this check box causes the client software, if it is already
present, to be reinstalled, repaired, or upgraded.
Install the client software from a specified site. This check box allows you to specify an alternate
site to use for installing the client software. This does not change the client site assignment.
In addition to the ports listed in the following table, the client push installation method also uses Internet
Control Message Protocol (ICMP) echo request (PING) messages from the site server to the client
computer to confirm whether the client computer is available on the network.
Server Message Block (SMB) between the site server and client computer. not 445
applicable
RPC endpoint mapper between the site server and the client computer. 135 135
RPC dynamic ports between the site server and the client computer. not Dynamic
applicable
HTTPS from the client computer to an Internet-capable management point. not 443
applicable
MCT USE ONLY. STUDENT USE PROHIBITED
6-46 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
If yo
ou use WSUS tot deploy softw ware updates tot client comp puters, you cann then use the same procedu ures
for deploying
d the Configuration n Manager clie pdate. You can
ent as if it weree a software up n use software
e
upd date-based clie
ent installation
n to install new
w clients or to uupgrade existing Configurattion Manager cclients
to newer
n versions.
When you use this method of installation, the client is installed during the next software update cycle on
the targeted computer(s).
Hypertext Transfer Protocol (HTTP) from the client computer to the software not 80 or
update point. applicable 8530
Secure Hypertext Transfer Protocol (HTTPS) from the client computer to the not 443 or
software update point. applicable 8531
Question: What are some of the benefits of using the software update point installation
method?
MCT USE ONLY. STUDENT USE PROHIBITED
6-48 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
You
u can use Group Policy to de eploy the Configuration Man nager client wh
hen you want to use an
auto
omated metho nstallation, but still want to ccontrol when the deploymen
od for client in nt occurs. By using
Group Policy, youu can plan a client roll-out th
hat mirrors thee structure of yyour AD DS organizational u unit
(OU
U) structure. To
o use Group Po olicy for this pu
urpose, consid der the followi ng requiremen
nts:
You should exxtend the AD DS schema to support Confiiguration Man nager and ensu ure that the sitte is
publishing to AD DS. This ensures
e that alll Group Policyy-based clientss find installatio
on properties
published by the client push installation properties
p in AAD DS when th he Configuration Manager cclient
is installed. Additionally if settings such as ports are chaanged at a lateer time, clientss are updated when
they perform AD DS lookup ps for Configuration Manageer systems.
There are two Grooup Policy adm ministrative temmplates suppliied on the Connfiguration Maanager 2012
installation media
a located in TOOOLS\ConfigM MgrADMTempl ates: ConfigMgrInstallation.adm and
ConnfigMgrAssignment.adm. The e ConfigMgrIn nstallation.adm
m template is u
used to provid
de
installation properties to client computers
c if the AD DS scheema has not bbeen extended. The
ConnfigMgrAssignment.adm is used u to assign systems to a s pecific Configuration Manag ger site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-49
Group Policy provides the following two options for deploying software to network clients:
Assign. You can assign the CCMSetup.msi file, which means that the Configuration Manager client
installs when you start the computer after the policy has been applied.
Publish. If you publish the CCMSetup.msi file, the Configuration Manager client installation displays
when users click the Install a program from the network link in the Programs and Features
interface in Control Panel. Users can then install the client as needed.
To successfully use Group Policy to install the Configuration Manager client, you must add the following
exception to Windows Firewall:
Group Policy installation uses the ports listed in the following table.
HTTPS from the client computer to an Internet-capable management point. not 443
applicable
SMB between the source server and client computer if you specify an not 445
alternate source server with CCMSetup using /source:<Path>. applicable
Question: Why would you want to assign the Configuration Manager client to a computer
through a GPO?
Question: When do you need to provision the client installation properties in AD DS using
Group Policy?
MCT USE ONLY. STUDENT USE PROHIBITED
6-50 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
De
emonstration: Installing Clients by Using
g Group Po
olicy
In th
his demonstration, you will see
s how to pro ovision the clieent installation
n properties intto AD DS using
Group Policy, and
d how to assign n or publish th
he Configuratio on Manager client using sofftware installattion in
Group Policy.
Dem
monstration
n Steps
Con
nfigure client installation properties
p by using Group Policy
2. Start the Group Policy Management Co onsole and immport the ConffigMgrInstalla
ation.adm
administrative
e template into a new or exiisting GPO.
1. On the domain controller, start the Group Policy Management Console, and then open a new or
existing GPO.
2. In the navigation pane expand Computer Configuration, expand Policies, and then expand
Software Settings.
4. In the Open dialog box, type the full Universal Naming Convention (UNC) path of the installer
package, for example \\NYC-CFG\SMS_NYC\bin\i386\Ccmsetup.msi, and then click Open.
5. Click Assigned, and then click OK.
6. The package is listed in the details pane of the Group Policy Management Console window.
Note You must restart the target computers to initiate the installation.
MCT USE ONLY. STUDENT USE PROHIBITED
6-52 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Ad
dditional Client
C Insta
allation Me
ethods
Con anager supportts several addiitional installattion methods tthat you can u
nfiguration Ma use to deploy tthe
Con
nfiguration Ma
anager client components. The following ssections discusss considerations for each of these
add
ditional method
ds.
Ma
anual or Log
gon Script-B
Based Installlations
Even though the manual
m ation method has the most administrativee overhead of aall methods, itt is
installa
usedd frequently foor troubleshoo oting. To use th
his method, th
he logged on uuser must havee administrativve
righ
hts to the client computer. If the user running CCMSetup p.exe does nott have adminisstrative privileg
ges,
the installation wiill not start.
CCMMSetup.exe is located
l in the <Configuratioon Manager In stallation loca tion>\Client fo
older on the siite
servver, which is also shared as <site
< server nam
me>\SMS_<sitte code>\Clien nt.
Youu can specify coommand-line properties for both CCMSettup.exe and Client.msi to mo
odify the behavior
of the client installation. Consid
der the followin
ng command lline example:
CC
CMSetup.exe /mp:MP01.CONT
/ TOSO.COM SMSS
SITECODE=AUTO
O FSP=FP01.CO
ONTOSO.COM
In th
he previous exxample, the clie
ent installation
n uses the pro perties in the ffollowing table.
Property Description
D
/m
mp:MP01.CON
NTOSO.COM Specifies the management
m point MP01 to
o download th
he necessary client
installation files.
SM
MSSITECODE=
=AUTO Specifies that the client sho
ould determinee the Configurration Manage
er site
code to use by
b using AD DSS or the manag gement point..
FS
SP=FP01.CONTOSO.COM Specifies that the fallback sttatus point na med FP01 is u
used to receive
e state
messages sent from the clieent computer rrelated to clien nt deploymentt as
aily managemeent point check.
well as the da
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-53
Note For a full list of properties that you can use with CCMSetup.exe, go to About
Configuration Manager Client Installation Properties at
http://go.microsoft.com/fwlink/?LinkID=247706.
The logon script-based installation method is essentially a manual method that uses the /logon
command-line switch and is launched from a script. When you specify the /logon installation property for
CCMSetup.exe, client installation does not occur if any version of the client already exists on the
computer. This prevents the clients reinstallation each time the logon script runs.
Logon script installation uses the same methods as manual client installation and, therefore, you can use
the same command-line switches for logon script-based installations. It also means that the user running
the logon script requires administrative rights. For example, you could modify the preceding command-
line example as shown in the following example to use it in a logon script.
When CCMSetup.exe runs, it copies all necessary installation prerequisites to the client computer and calls
the Windows Installer package (Client.msi) to perform the client installation. You cannot perform the
installation by directly invoking the Client.msi installation file.
To prepare the reference computer for imaging, complete the following steps:
1. Manually install the Configuration Manager client software on the reference system computer in an
isolated network segment so that automatic site assignment does not occur. Do not specify the
clients site code in the CCMSetup.exe command-line properties.
2. Ensure that the SMS Agent Host service (CCMExec.exe) is not running on the reference computer, by
typing net stop ccmexec at a command prompt.
4. If you plan to install the clients in a Configuration Manager 2012 hierarchy different from the master
image computer, remove the Trusted Root Key from the master image computer.
5. Run sysprep.exe on the reference computer and use your imaging software to capture the reference
system computers image.
MCT USE ONLY. STUDENT USE PROHIBITED
6-54 Planning and Completing System Center 2012 Configuration Manager Client Deployment
Note Failure to follow this procedure results in duplicate clients in the Configuration
Manager database.
Question: How would you install the Configuration Manager client on computers for remote
workers?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 6-55
Discussion:
D Planning Client Deployment
When
W planning client deploymment in your organization
o yyou can choosee between anyy and all of the
e
de
eployment me ethods. You are not restricted to using a siingle deploym
ment method foor all your clients so
yo uation and determine the beest deploymen
ou should evalluate each situ nt method to u
use.
Considering you
ur environmen
nt, discuss the following queestions with thee class:
Question: Are
A you going g to deploy clie
ents to the serv
rvers in your daatacenter? If yyes, what
method willl you use?
Question: Are
A there syste
ems on which you do not waant to install t he client?
MCT USE ONLY. STUDENT USE PROHIBITED
6-56 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Lab
b Setup
For this lab, you will
w use the avaailable virtual machine
m enviro
onment. Beforre you begin the lab, you mu
ust
com
mplete the folloowing steps:
3. In the Actionss pane, click Connect. Wait until the virtuaal machine staarts.
Password
d: Pa$$w0rd
Domain: Contoso
5. Repeat steps 2 through 4 fo
or 10748A-NY
YC-CAS-C and
d 10748A-NYC
C-CFG-C.
Lab
b Scenario
Youu are the netwoork administra
ator for Contosso, Ltd. Contosso has deployeed Configuratiion Manager 2 2012
in a complex hieraarchy with a ce
entral administration site, tw ndary site. You need
wo primary sitees and a secon
to configure
c the discovery
d methhods and insta
all the Configu ration Manageer clients usingg the client pu
ush
installation methood.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-57
You need to configure the discovery methods and install the Configuration Manager clients by:
2. Configure Active Directory Forest Discovery to create a new boundary from the Active Directory site.
7. Verify that the discovered computers appear in the All Systems collection and are correctly assigned
to the site task.
2. In the Active Directory Sites and Services console, under the Sites node, create a new site named
NewYork (without a space), and then assign it to the DEFAULTIPSITELINK.
3. Under the Subnets node, create a subnet for 10.10.0.0/24, and then assign it to the NewYork site.
X Task 2: Configure Active Directory Forest Discovery to create a new boundary from
the Active Directory site
1. On NYC-CAS, open the Configuration Manager Console.
3. In the results pane, identify the Active Directory Forest Discovery methods. You should have three
entries available in the results pane: one for the CAS site, one for the NYC site, and one for the LON
site.
4. Access the properties for Active Directory Forest Discovery for the CAS site, select the Enable
Active Directory Forest Discovery and the Automatically create Active Directory site
boundaries when they are discovered check boxes.
5. In the Configuration Manager console, under the Active Directory Forests node, access the
Properties of Contoso.com. Review the settings, and then close the dialog box.
6. Select Contoso.com and then, on the ribbon, click Show IP Subnets. A new sticky node named IP
Subnets of contoso.com appears in the navigation pane, and in the results pane the IP subnets
discovered from AD DS appears.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-59
7. In the navigation pane, select Active Directory Forests, and in the results pane select Contoso.com
and then on the ribbon, click Show Active Directory Sites. A new node named Active Directory
Sites of Contoso.com appears in the navigation pane, and in the results pane you should see the
sites discovered from AD DS.
8. Under the Boundaries node access the Properties of the NewYork boundary.
On the Site Systems tab, note that you cannot add a site system using this dialog box.
On the Boundary Groups tab, note that the boundary is not yet assigned to a boundary group.
Boundaries: NewYork
On the References tab, select the option Use this boundary group for site assignment.
Assigned site: NYC-New York Primary Site
Note You created the New York Systems boundary group at the central administration
site; however, you configured the assigned site to be NYC --- New York Primary Site. All
clients in this boundary group are installed and managed by the NYC-CFG.contoso.com site
server.
3. In the results pane, access the properties for Active Directory System Discovery. In the Active
Directory System Discovery Properties dialog box, use the following settings to configure system
discovery, and then click OK:
At the General tab, select Enable Active Directory System Discovery, and then click the
New ( ) button.
In the Active Directory Container dialog box, browse to select the Contoso domain, and then
close the dialog box.
At the General tab, select Enable Active Directory User Discovery, and then click the
New ( ) button.
In the Active Directory Container dialog box, browse to select the Contoso domain, and then
close the dialog box.
At the General tab, select Enable Active Directory Group Discovery, click Add, and then click
Location.
In the Add Active Directory Location dialog box, in the Name box, type Contoso domain, and
then browse to select the Contoso domain. Close the dialog box.
X Task 7: Verify that the discovered computers appear in the All Systems collection and
are correctly assigned to the site
1. In the Configuration Manager console, click the Assets and Compliance workspace, and then select
the Device Collections node.
2. Select the All Systems collection, and on the ribbon, click the Show Members button.
3. A new node called All Systems appears in the navigation pane under the Devices node. In the results
pane, observe the systems that are members of the All Systems collection and their assigned site. On
the Site Code column, you should see NYC for most systems.
Results: At the end of this exercise, you should have configured the Active Directory Discovery methods.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-61
2. Select \\NYC-CFG.Contoso.com, and on the ribbon select the Home tab, and then click Add Site
System Roles. In the Add Site System Roles Wizard use the following settings to install the site
system roles:
On the General page, verify that the Name for the site server is NYC-CFG.Contoso.com.
On the System Role Selection page, select Fallback status point.
4. In the preview pane, access the Properties for the Management point.
5. Select the option Generate alert when the management point is not healthy, and then close the
dialog box.
6. In the navigation pane, under Site Configuration, select the Sites node, and then click the
Hierarchy Settings button on the ribbon.
7. In Site Settings Properties, select the Use a fallback site check box, and then in the Fallback site
list select NYC --- New York Primary Site.
2. In the Active Directory Users and Computers console, in the Users container, create a new user
account with the following settings:
In the First name and User logon name text boxes, type ConfigMgrClientPush.
Select the User cannot change password and Password never expires boxes.
MCT USE ONLY. STUDENT USE PROHIBITED
6-62 Planning and Completing System Center 2012 Configuration Manager Client Deployment
3. In the Active Directory Users and Computers console, access the Properties of the
ConfigMgrClientPush user account, and then add the user to the Domain Admins group.
2. Right-click NYC --- New York Primary Site, click Client Installation Settings, and then click Client
Push Installation.
3. In the Client Push Installation Properties dialog box, use the following settings to configure the
client push installation method
At the Accounts tab, click the New ( ) button, and then click New Account.
In the Windows User Account dialog box, click the Browse button.
In the Select User dialog box, type ConfigMgrClientPush, click the Check Names button, and
then close the dialog box.
In the Windows User Account dialog box, in both the Password and Confirm password boxes,
type Pa$$w0rd and then click Verify. The Windows User Account dialog box expands.
In the Windows User Account dialog box, in the Network Share box, type \\NYC-DC1\C$, and
then click Test connection. Close the dialog box.
In the Client Push Installation Properties dialog box, at the Installation Properties tab, in the
Installation properties box, after the text SMSSITECODE=NYC type a space, and then type
FSP=NYC-CFG.Contoso.com.
2. In the results pane, right-click NYC-CFG, and then click Install Client.
3. The Install Configuration Manager Client Wizard starts. Use the following settings to install the
client on NYC-CFG:
In the Installation Options page, check the Install the client software from a specified site
box, and then verify that in the Site list appears NYC --- New York Primary Site.
4. In the results pane, right-click NYC-DC1, and then click Install Client.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 6-63
5. The Install Configuration Manager Client Wizard starts. Use the following settings to install the
client on NYC-DC1:
In the Installation Options page, check the Allow the client software to be installed on
domain controllers box.
Results: At the end of this exercise, you should have started the installation of the Configuration Manager
client.
MCT USE ONLY. STUDENT USE PROHIBITED
6-64 Planning and Completing System Center 2012 Configuration Manager Client Deployment
2. On the Processes tab, verify that ccmsetup.exe appears in the list of processes.
Note If ccmsetup.exe does not appear in the list, repeat the installation ensuring that the
Allow the client software to be installed on domain controllers check box is selected.
After the client installation, CcmExec.exe should appear in the list of processes.
On the Actions tab, in the Actions list, select Machine Policy Retrieval & Evaluation Cycle and
then click Run Now, to initiate the connection of the Configuration Manager client to the
management point.
Note When running inside a virtual machine, the Configuration Manager client uses
randomization for the initial time interval of connection to the management point. Running
the Machine Policy Retrieval & Evaluation Cycle manually ensures that all components
are updated as needed.
2. In the results pane, the status on the Client Activity column for NYC-DC1 and NYC-CFG should be
Active.
Note If the status of the clients is not Active, on the ribbon, click the Update
Membership button and then refresh the console. It might take a minute or two for the
Client Activity to show as Active.
3. Select NYC-DC1, and then review the information in the preview pane.
Results: At the end of this exercise, you should have installed the Configuration Manager client using the
client push installation method.
Lesson 4
Manag
ging Co
onfigura
ation Manager 2012 C
Clients
Afteer installing thee Configuratioon Manager cliient, you can b begin managin ng the computter systems in the
site.. There are sevveral tasks thatt can be perforrmed for the cclient systems ffrom within th
he Configuratio
on
Man nager console..
Explain how to
t configure cllient settings.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 6-67
Managing
M Clients
When
W a system is discovered, it is displayed d in the Assetss and Complia ance workspacce in the Devicces
noode. The systems also can be e added to collections; the A All Systems an nd All Deskto op and Server
Clients collectioons in the Devvice Collection ns node are au populated. No significant clie
utomatically p ent
management
m caan take place until
u after the Configuration n Manager clieent is installed. When you sellect a
deevice or collecction that contains devices with
w the Config guration Mana ger client instaalled, you can select
va
arious manage ement operatio ons. Additiona management ttasks that involve other workkspaces
ally there are m
in f example client settings that are discusssed in the nextt topic. There are also some task
n the console, for
ta
asks that do no ot use the Connfiguration Manager consolee.
Managing
M Cllients from the Assets and
a Compliiance Worksspace
Management
M ta
asks for individ
dual clients are
e performed in
n the Devices node. The following table lissts the
client managem
ment tasks you can perform in i the Devicess node:
Action
A Desscription
Install Client Thiis action launcches the Install Configurationn Manager Clieent Wizard thaat
you
u use to installl or reinstall th
he Configuratio
on Manager client to repair it
or to reconfigure e it with new siite configuration options an
nd client
pro
operties.
MCT USE ONLY. STUDENT USE PROHIBITED
6-68 Planning and Completing System Center 2012 Configuration Manager Client Deployment
(continued)
Action Description
Approve Use this action to approve the clients that communicate through HTTP
and are using self-signed certificates. By default, the site configuration
automatically approves clients from the same Active Directory forest and
trusted forests. This setting is controlled in the Administration workspace
by selecting the Sites node and clicking the Hierarchy Settings button in
the ribbon.
Block Use this action to block a client that you no longer trust, to prevent it
from receiving client policy and communicating with Configuration
Manager site systems.
Unblock Use this menu option to unblock a client that was previously blocked.
Manage Out of Band This menu allows exposes all the AMT actions. These actions include:
Discover AMT Status
Enable Automatic AMT Provisioning
Power Control
Out of Band Management Console
Enable Audit Log
Disable Audit Log
Clear Audit Log
Update AMT Provisioning Data
Remove AMT Provisioning Data
Clear Required PXE Use this action to redeploy any required PXE deployments for the
Deployments selected computer.
Edit Primary Users Use this action to manage the associations between users and devices.
(continued)
Action Description
Delete Use this action to manually delete the client record from the
Configuration Manager database. This does not uninstall the
Configuration Manager client. If the Configuration Manager client is still
installed and communicating with a management point, Heartbeat
Discovery recreates the client record, which then reappears in the
Configuration Manager console.
Properties Use this action to view the discovery data and deployments targeted for
the client. You also can configure variables for use in task sequences to
deploy an operating system to the device.
Wipe Use this action to wipe mobile devices that have the Configuration
Manager client installed or mobile devices that are managed by using the
Exchange Server connector. This action permanently removes all data on
the mobile device, which includes personal settings and personal data.
Typically, wiping a mobile device resets the mobile device back to factory
defaults.
Management tasks for collections are performed in the Device Collections node. The following table lists
the client management tasks you can perform in the Device Collections node.
Action Description
Show Members This action opens a sticky node under the Devices node named the
same as the collection and containing the systems that are in the
collection.
Add Selected Items Use this action to add the devices in the collection to a new or
existing collection.
Install Client This action launches the Install Configuration Manager Client
Wizard that you use to install or reinstall the Configuration Manager
client to repair it or to reconfigure it with new site configuration
options and client properties.
Manage Affinity Requests Use this action to accept or reject affinity requests for client systems.
MCT USE ONLY. STUDENT USE PROHIBITED
6-70 Planning and Completing System Center 2012 Configuration Manager Client Deployment
(continued)
Action Description
Manage Out of Band This menu allows exposes all the AMT actions. These actions include
the following:
Discover AMT Status
Power Control
Clear Audit Log
Clear Required PXE Use this action is used to redeploy any required PXE deployments
Deployments for the selected collection.
Update Membership This action reruns the queries that control the collection
membership.
Copy This action allows you to copy a collection and create a new
collection with the same queries.
Refresh Use this action to manually refresh the collection membership when
a collection is overlaid with an hourglass to indicate that a refresh
might be necessary.
Delete Use this action to delete the collection. This does not delete the
clients by default.
Simulate Deployment This action allows you to simulate the deployment of an application
without sending the actual files. This allows you to test for issues
with the deployment.
Tasks Description
Change the client cache Applications, programs and software updates use the
configuration for Configuration Configuration Manager cache to temporarily store files. The
Manager clients cache is configured during installation; there are client.msi
properties that you can use to configure the client cache
properties. The default location for the Configuration
Manager client cache is %windir%\ccmcache, and the default
disk space is 5,120 megabytes (MB). If you need to change
the size of the Configuration Manager cache after installation
you can do one of the following:
Reinstall the client by using the appropriate installation
options to specify the desired configuration.
Use the Configuration Manager client to change the
settings for a particular client.
Uninstall the Configuration Use the Ccmsetup.exe /uninstall command at the client
Manager client system to uninstall the client from a system. You cannot
uninstall the client from a mobile device.
Manage conflicting records for A hardware ID and GUID are generated for a system when
Configuration Manager clients the Configuration Manager client is first installed.
The hardware ID is not reset when the client is reinstalled. For
example, if you reinstall a computer, the hardware ID would
be the same but the GUID used by Configuration Manager
might be changed.
When database updates are sent to the Configuration
Manager site, if the GUIDS are different but the data uses the
same hardware ID, a conflict occurs.
Configuration Manager attempts to resolve a conflict by
using Windows authentication of the computer account from
the site server or a PKI certificate from a trusted source. If this
is successful then the conflict is automatically resolved for
you.
When Configuration Manager cannot resolve the conflict, it
uses a hierarchy setting that either automatically merges the
records when it detects duplicate hardware IDs (the default
setting), or allows you to decide when to merge, block, or
create new client records. If you decide to manually manage
duplicate records, you must manually resolve the conflicting
records by using the Configuration Manager console.
Initiate policy retrieval for a You can use the Configuration Manager client to initiate
Configuration Manager client policy retrieval on a client computer.
MCT USE ONLY. STUDENT USE PROHIBITED
6-72 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Co
onfiguring Client Setttings
Con
nfiguration Ma anager client se ettings are ma
anaged in the C Configuration Manager con nsole, in the
Admministration workspace
w from
m the Client Settings
S node.. A default clieent settings obbject is created
d
wheen Configuratio on Manager iss installed. You
u can modify t he default clieent settings, bu ut you cannot
dele
ete them, beca ause these setttings are applieed to all clientts in the hierarrchy. You also can configure
custtom client setttings that overrride the defau
ult client settin gs when you aassign them to o collections.
You u can create multiple custom m clients settinggs that are appplied in an ord
der that is baseed on the priorities
assigned to the client settings. The
T default clie of 10,000 and are always applied
ent settings haave a priority o
firstt. Custom policcies have priorrities beginning
g at one and i ncreasing incrrementally as tthey are createed.
You u can change the priority of custom
c setting
gs to change t he order in wh hich they are aapplied. When
mulltiple custom settings
s adjust the same settting value, the last value app plied is the effe
ective value.
Background Limits the maximum network bandwidth for BITS background False
Intelligent transfers
Transfer
Throttling window start time 09:00
(continued)
Display a dialog box that the user cannot close, which displays 15
the countdown interval before the user is logged off or the
computer restarts (minutes)
(continued)
(continued)
Period of time for which all pending deployments with deadline 1 hour
in this time will also be installed
User and Device Allows users to define their primary devices False
Affinity
Question: How do you configure classes so that they are collected by hardware inventory?
MCT USE ONLY. STUDENT USE PROHIBITED
6-78 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Lesson 5
Monito
oring Configur
C ration Manage
M er 2012 Client S
Status
Client Health is a feature introduced in Config guration Manaager 2012. Adm ministrators caan use Client H Health
to determine
d the overall health status of clien
nts and to iden
ntify individuall client issues ssuch as missing
g
prerrequisites, WMMI issues, and non-functiona
n l clients.
Overview
O of
o Client Sttatus
In
n previous verssions of Config
guration Mana ager, assessing client health ccould present a challenge to o
ad
dministrators. However, iden ntifying and re
emediating unh healthy clientss is crucial to e
ensuring the su
uccess
off configuration
n managemen nt operations. Thus,
T administtrators often need to answerr the following g
quuestions:
The necessa
ary prerequisittes and dependencies are prresent.
The Configuration Manag
ger client is insstalled correcttly.
MCT USE ONLY. STUDENT USE PROHIBITED
6-80 Planning and Completing System Center 2012 Configuration Manager Client Deployment
The Configuration Manager 2012 client runs a scheduled task to evaluate its client health status, and then
sends the evaluation results to the site as a state message to the management point. If there is any
change in the evaluation result since the most recent state message, the health status is sent back by
using a state message. By default the task runs between midnight and 01:00.
Similar to the initial installation process, if the client fails to send its state message to a management
point, it then sends the state message to a fallback status point, if one exists in your hierarchy. If a fallback
status point is not installed in your hierarchy, some evaluation results might not be received by the site
server. The site server summarizes the client health evaluation results and activities, and then displays
these in the Configuration Manager console, in the Client Status folder located in the Monitoring
workspace.
The following items are new or have changed for client status reporting (now Client Status) since
Configuration Manager 2007 Client Status Reporting:
Client health and client activity information are integrated into the Configuration Manager console.
When you click the Client Status node, the results pane displays a dashboard showing a summary of the
Client Activity and Client Check nodes. The information available is organized differently than in either the
Client Activity or Client Check nodes because it displays results that are based on both monitors. The
following links are available in the Client Status dashboard:
Active clients that passed client check or no results
Additionally, there is a graph showing the Most Frequent Client Check Errors.
If you click the links available, a sticky node is created under the Devices node in the Assets and
Compliance workspace, and the console automatically changes to the newly created sticky node. Sticky
nodes remain in the Configuration Manager console until you manually remove them, or until the console
is closed. For example, when you click the Active clients that failed client check link, which denotes the
clients that failed the Client Health checks, a sticky node for these unhealthy clients is created and then is
automatically selected.
Note By default, client status information is updated once a day. You can modify this
interval in the Schedule Client Status Update dialog box or force summarization on
demand.
Question: What are some of the causes of an unhealthy and active client?
Question: How does Client Status improve client monitoring compared with previous
versions of Configuration Manager?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 6-81
Overview
O of
o the Conffiguration Manager Health Evvaluation T
Task
Client Status in the Configura ation manager console receivves its informaation from the Client Health
evvaluation engine running on T Client Hea lth evaluation engine is the executable file
n each client. The e
CCMEval.exe. CCMEval.exe is installed with the Configuraation Managerr client and run ns on compute ers. It is
noot part of the mobile device client. When the Configura tion Manager client is installed, the install process
crreates the sche
eduled task Co onfiguration Manager
M Heaalth Evaluatio n. This task runs CCMeval.exxe at a
time between midnight
m and 01:00.
0 The resuults are then reeported as a sttate message tto the clients
management
m point, or to a fa
allback status point
p if the maanagement po oint is unavailable. The
Configuration Manager
M Healtth Evaluation process
p can bee run on demaand as required d by running
CCMEval.exe.
Th
he following ta
able lists the health
h evaluatio
on rules and reemediation acctions.
Verify WMI se
ervice exists No aautomatic rem
mediation
Verify/Remed
diate WMI servvice startup typ
pe Set sservice startup
p to automaticc
Verify/Remed
diate WMI servvice status Start service
WMI Reposito
ory Integrity Test Rein
nstall Client
MCT USE ONLY. STUDENT USE PROHIBITED
6-82 Planning and Completing System Center 2012 Configuration Manager Client Deployment
(continued)
Verify/Remediate SMS Agent Host service startup type Set service startup to automatic
Verify/Remediate Network Inspection service startup type Set service startup to manual
Verify/Remediate Windows Update service startup type Set service startup to automatic
Automatic remediation might not be desirable on all systems, for example mission critical servers where
the remediation activities might be disruptive. By installing the Configuration Manager client with the
client.msi property NotifyOnly=True or by changing the HKEY_LOCAL_MACHINE\Software\Microsoft
\CCM\CcmEval\NotifyOnly registry value to True you can disable automatic remediation.
Monitoring
M g Client Acctivity
On
O the server siide, the admin
nistrator can de
efine the frequ uency of clientt-server comm
munications thaat
de
etermine whetther the client has an active or inactive staatus.
Th
he client commmunication thrresholds can be configured iin the Client S
Status Setting
gs Properties dialog
bo
ox. The following table lists the
t settings fo
ound there, and
d their defaultt values.
Software inve
entory during the
t following days
d 7 days
Status messag
ges during the
e following dayys 7 days
Yoou can use the e Configuration Manager console to view interactions beetween the client and the
management
m syystem, which helps
h the admiinistrator distin
nguish betweeen unhealthy cclients and clie
ents that
arre just offline. Configuration Manager 201 12 retrieves infformation from
m AD DS to ide entify the inacttive
clients based on n the LastLogoonTimeStamp p.
MCT USE ONLY. STUDENT USE PROHIBITED
6-84 Planning and Completing System Center 2012 Configuration Manager Client Deployment
When you click on the Client Activity node, the results pane becomes divided into two sections showing
you information based on the client activity monitors you have configured.
Client activity for all devices. Displays a chart showing active computers, inactive computers and
computers with no Configuration Manager client installed. Click a section of the pie chart to create a
sticky node showing a list of computers with the status you selected. You can view activity detail for
each of the clients in the node to determine why they the displayed status.
Client activity trend for all devices. Displays a graph showing client activity over a specified period.
You can configure the time period that you want to view from 5 to 90 days from the Client activity
period drop-down list.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 6-85
Using
U Clien
nt Check to
o Monitorr Configuraation Man
nager Clien
nts
When
W you click on the Client Check node, the
t results panne becomes divvided into the
e following two
o
se
eparate section
ns that displayy information based
b Configuration Manager Health Evaluation task:
on the C
Client checck results for all devices displays a chart showing computers that paassed client che eck,
computers that failed clie ent check, commputers that haave not reportted results and d computers wwith no
Configuratiion Manager client
c installed.. Click a sectio hart to create a sticky node showing
on of the pie ch
mputers with the status you selected. You can click the C
a list of com Client Check DDetail tab in the
results for individual syste
ems to discove er any remediaation actions tthat Configuration Manager took.
In addition to the Client Check and Client Acttivity informat ion in the Con nfiguration Maanager console e, you
also
o can use the Client
C Status re
eports. After yo
ou install and cconfigure a reeporting services point role, tthe
Client Status repoorts become avvailable in the Client Status ffolder in the CConfiguration M Manager conso ole or
in th
he ConfigMgr_<site code>\\Client Status path in the reeporting websiite. The follow wing table lists the
repoorts that are avvailable.
Re
eport Desscription
Client Status History This report proviides a historicaal view of the overall client
sta
atus in the envvironment.
Client Status Su
ummary This report proviides administrrators with the current
ercentages of h
pe healthy and acctive clients forr a given
Co
ollection.
(continued)
Report Description
Clients with Failed Client Check This report displays details about clients that client check
Details failed for a specified collection.
Inactive Clients Details This report provides a detailed list of inactive clients for a
given Collection.
Question: Which reports can you use to view information about client status?
MCT USE ONLY. STUDENT USE PROHIBITED
6-88 Planning and Completing Systtem Center 2012 Connfiguration Manager Client Deployment
Modulle Revie
ew and Takeaw
ways
Rev
view Questiions
1. What discove
ery method can n you use to create boundarries in Configu
uration Manag
ger 2012, and h
how
are the bound
daries determiined?
2. In what situattion would you
u need to provvision client prroperties by ussing Group Po
olicy?
Module 7
Maintaining and Monitoring System Center 2012
Configuration Manager
Contents:
Lesson 1: Overview of Configuration Manager 2012 Site Maintenance 7-3
Lesson 2: Performing Backup and Recovery of a Configuration Manager 2012 Site 7-13
Lesson 3: Monitoring Configuration Manager 2012 Site Systems 7-30
Lab: Maintaining and Monitoring System Center 2012 Configuration Manager 7-36
MCT USE ONLY. STUDENT USE PROHIBITED
7-2 Maintainingg and Monitoring Sysstem Center 2012 Coonfiguration Manager
Module Overrview
Microsoft System m Center 2012 Configuration n Manager arcchitecture inclu udes multiple ccomponents oon the
site server, site sysstems and client devices. Altthough you ca n design the aarchitecture off the solution tto be
resilient to failures by implemen nting multiple site systems, uusing clusterin
ng for the dataabase, or
impplementing mu ultiple primary sites to beneffit from the rep
plication of glo
obal data, you
u must configuure
and perform regu ular site mainteenance tasks to o ensure that tthe solution yo
ou implementt is functional aand
effe
ective.
Perfforming regula
ar backups is ana important maintenance
m aactivity that you implement iin your
Con nfiguration Ma
anager environ nment. Perform ming regular b backups is even n more importtant if you havve a
stannd-alone primaary site so thatt you can reco
over the site coonfiguration orr the site datab
base in case eiither
failss.
If yo
ou have a multtiple-site envirronment, data is replicated tto other sites in the hierarchy. However, w we still
recoommend that youy perform backup
b for the
e site servers an
nd databases iin the central aadministration n site
and the primary sites
s to protectt your impleme entation in casse of operatingg system or sitte failure. The
dataabase replication mechanism m helps you in the recovery p process by repplicating the m
most recent glo obal
dataa from other sites in the hierrarchy.
Describe Con
nfiguration Manager 2012 sitte maintenancce tasks.
Back up and recover a Configuration Man
nager 2012 sitte.
Lesson
n1
Overv
view of Configuration
n Manag
ger 2012 Site
Mainttenance
e
Configuration Manager
M 2012 includes built-in maintenan nce tasks that yyou can enable
e and then configure
to edule. After installing your Configuration
o run on a sche C Manager envirronment, you must review the
M
bu
uilt-in mainten
nance tasks annd decide whicch ones to ena ble and when they should run.
Built-in site
e maintenance tasks
Maintenancce activities pe
erformed manually on a dail y, weekly, or m
monthly sched
dule
External mo
onitoring toolss used in the site, such as Sysstem Center 2
2012 Operation
ns Manager
After completin
ng this lesson, you
y will be able to:
Provide an overview of Configuration Manager
M 20122 site maintenaance.
Ov
verview of Configura
ation Mana
ager 2012
2 Site Main
ntenance
Monitoring th on. You can usse the monitoring features included in the
he site systemss and replicatio e
Configurationn Manager con nsole to view the
t status of thhe site systemss, evaluate the
e health of the
client, and mo
onitor site replication.
Question: De ols that you can use to monittor the health of Configurattion
escribe the too
Manager 20112 site systems.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deployingg System Center 20112 Configuration Mannager 7-5
Site Mainte
enance Tassks
Configuration Manager
M 2012 includes built-in maintenannce tasks that yyou can enablee and configure to
ru
un on a schedu hese tasks are enabled by deefault and perfform required cleanup activities,
ule. Some of th
su
uch as deleting
g aged informaation from thee database, en suring that ob
bsolete informaation is removved and
th
hat reports sho
ow up-to-date information.
Yo
ou can view th
he site mainten
nance tasks byy performing th
he following steps:
Th
he following ta
able lists the siite maintenancce tasks and th
heir purposes.
Site maintena
ance task Purpose
Monitor Keys Monitorrs the primary keys from thee site database tables.
(continued)
Delete Aged Status Messages Deletes aged status message data from the site database.
Delete Aged Discovery Data Deletes aged client discovery data from the site database.
Delete Aged Collected Files Deletes aged collected files data from the site database and from the
site server folder structure.
Delete Aged Software Deletes aged software metering data from the site database.
Metering Data
Delete Aged Software Deletes aged software metering summary data from the site database.
Metering Summary Data
Summarize Software Metering Summarizes software metering file usage data from multiple records
File Usage Data into one general record.
Summarize Software Metering Summarizes monthly software metering usage data from multiple
Monthly Usage Data records into one general record.
Clear Install Flag Clears the install flag in the database for clients whose Heartbeat
Discovery data records have not been updated in the specified interval,
so that the Configuration Manager client is reinstalled automatically
using Client Push.
Delete Inactive Client Deletes inactive client discovery data from the site database.
Discovery Data
Delete Obsolete Client Deletes obsolete client discovery data from the site database.
Discovery Data
Delete Aged Computer Deletes aged user-device affinity data from the site database.
Association Data
Delete Obsolete Alerts Deletes alerts that had been closed for a specific period of time.
Delete Aged Log Data Deletes aged data from the replication logs, and also cleans up object
lock requests.
Delete Aged Application Deletes application requests that are cancelled or denied, which are
Request Data older than the specified period of time.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 7-7
(continued)
Delete Aged Devices managed Deletes all the obsolete records in the Exchange partnership properties
by the Exchange Server table that have LastSuccessSyncTimeUTC earlier than the specified
Connector period of time. It also deletes the system records that correspond to
the obsolete partnership entries if they are managed solely by
Exchange.
Delete Aged Device Wipe Deletes aged device wipe records from the site database.
Record
Delete Obsolete Forest Deletes obsolete discovery data created by Active Directory Forest
Discovery Sites and Subnets Discovery by trying to find, and then remove, sites/subnets that have
not been discovered for a period of time via forest discovery.
Check Application Title with Checks that the correct application title is displayed in the Asset
Inventory Information Intelligence catalog. It does this by matching the installed software
data with catalog data, which it achieves by calculating the Software
Properties Hash based on the Product Name, the Publisher, and the
Product Version.
Delete Aged Enrolled Devices Deletes aged enrolled devices from the site database.
Delete Aged Threat Data Deletes aged Endpoint Protection threat data from the database.
Delete Aged Endpoint Deletes aged Endpoint Protection health status history data from the
Protection Health Status site database.
History Data
Delete Aged Client Operations Deletes aged Endpoint Protection scan requests.
Evaluate Collection Members Evaluates the collection members incrementally, every five minutes by
default.
Update Application Catalog Synchronizes the Application Catalog website database cache with the
Tables latest application information.
Delete Aged Delete Detection Deletes old data change information used by external systems
Data extracting data from database.
Delete Aged User Device Deletes aged information about user device affinity.
Affinity Data
Ma
aintaining a Configu
uration Ma
anager Sitee
Site maintenance for Configuration Manager 2012 involvess several types of activities yo
ou need to perform
to ensure
e that youur Configuratio
on Manager immplementation
n is working p
properly, and to o ensure that yyou
can recover in casse of hardware
e or software fa
ailure.
The first step you can take to co onfigure site maintenance
m fo
or your installaation is to creaate a site
maintenance plan n. This plan listts the configurration of the b uilt-in site maintenance taskks, describes
add
ditional mainteenance activitie es such as mon nitoring the sitte systems and d clients, and ddescribes recovvery
proccedures in case of a site failu
ure.
The configuration of th
he status system.
Recoveryy procedures in
n case of site failure.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 7-9
Create any necessary custom maintenance tasks that are external to Configuration Manager. Custom
maintenance tasks perform activities that are not included in the built-in tasks, and are sometimes
implemented as scripts that are then run automatically by the Task Scheduler. You can use batch files
or a scripting language, such as Windows PowerShell, to implement these tasks.
Review, configure, and enable/disable site maintenance tasks. Review the built-in site maintenance
tasks, configure them, and then enable or disable each task according to your site maintenance plan.
Configure the status summarizers. Configure the status summarizers to evaluate the health of the site
systems and components based on the number and importance of status messages.
Use the monitoring features included in Configuration Manager console. Use the Configuration
Manager console features to monitor the status of the site systems and to monitor replication.
Configure alerts. Configure alerts to be generated for errors or for specific thresholds.
Consider using System Center 2012 Operations Manager. You can use System Center 2012
Operations Manager to monitor your Configuration Manager environment.
MCT USE ONLY. STUDENT USE PROHIBITED
7-10 Maintaining and Monitoring System
S Center 2012 Configuration
C Managger
Cre
eating a Siite Mainte
enance Plan
To ensure
e that you do not overlook importan nt maintenancee activities, you should creatte a site
maintenance plann. Typically, you create a site maintenance plan during th he implementation of your
Con
nfiguration Maanager environ nment. It shoulld reflect your particular imp
plementation aarchitecture an
nd
your organization operations requirements.
ns specific IT-o
Configuring and
a verifying site
s backups.
Checking for file backlog on site servers and
a site system
ms.
Reviewing sta
atus messages for site system
ms and compo
onents.
Configuring and
a reviewing alerts in the console.
Checking for failed replication communiccation.
The following table lists typical maintenance tasks and the suggested frequency of the tasks.
Daily Maintenance Verify that built-in daily maintenance tasks are running successfully.
Tasks Check Configuration Manager site database status.
Check site server status.
Check Configuration Manager site system inboxes for backlogs.
Check site systems status.
Check client status and health.
Check the operating system event logs on site systems.
Check the SQL Server error log.
Check system performance.
Weekly Maintenance Verify that built-in weekly maintenance tasks are running successfully.
Tasks Delete unnecessary files from site systems.
Produce and distribute end user reports, if required.
Back up and then clear application, security, and system-event logs.
Check the site database size, and verify that the site database has enough
available disk space to enable growth.
Perform SQL Server database maintenance on the site database according
to your SQL Server maintenance plan.
Check available disk space on all site systems.
Run disk defragmentation tools on all site systems.
Periodic Maintenance Review the security plan for any required changes.
Tasks Change accounts and passwords if necessary, according to your security
plan.
Review the maintenance plan to verify that scheduled maintenance tasks
are scheduled properly and effectively depending on configured site
settings.
Review the design of the Configuration Manager hierarchy for any
changes.
Check network performance to ensure changes have not been made that
affect site operations.
Verify that Active Directory Domain Services (AD DS) settings affecting site
operations have not changed. For example, you should ensure that no
changes have been made to subnets that are assigned to Active Directory
sites, and that a Configuration Manager site is using Active Directory
Forest Discovery to create site boundaries.
Review the disaster recovery plan for any required changes.
Perform a site recovery in a test lab according to the disaster recovery plan
by using a backup copy of the most recent backup snapshot that the
Backup Site Server maintenance task created.
Check hardware for any errors or hardware updates available.
For each maintenance task listed in the site maintenance plan, you should assign an owner who is
responsible for performing that task. Most of the daily or weekly maintenance tasks can be performed by
administrative users who are assigned the Infrastructure Administrator or Operations Administrator
security roles.
MCT USE ONLY. STUDENT USE PROHIBITED
7-12 Maintaining and Monitoring System Center 2012 Configuration Manager
When configuring the built-in site maintenance tasks, you must ensure that you are not scheduling the
maintenance tasks too aggressively, which can create additional processing load on your site server and
database; or too passively, which may result in obsolete information not being deleted. In most
implementations, you should use the default schedules for the built-in maintenance tasks.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 7-13
Lesson
n2
Perfo
orming Backup
B and Re
ecoveryy of a Co
onfigura
ation
Manaager 201
12 Site
If the AfterBack
kup.bat batch file
f is present, the Backup Sitte Server task attempts to ru
un it immediattely
affter performing
g the site back
kup. This lesson examines ho ow to use the AAfterBackup.b
bat to perform
addditional back
kup operationss. This lesson also explains ho
ow to troublesshoot your bacckup procedurre and
re
esults, and how
w to perform a site recovery from your bacckup.
After completin
ng this lesson, you
y will be able to:
Describe th
he resources th
hat need to be backed up.
t Backup Site Server task.
Configure the
Describe th
he resources th
hat can be used
d to troublesh
hoot the backu
up.
Ov
verview of Backup an
nd Recove
ery
Plannning the Conffiguration Mannager backup and recovery processes enaables you to reecover from sitte
failu
ure. Backup an
nd recovery proocesses must be
b part of you r site maintenance plans to ensure that sittes
and hierarchies arre recovered quickly
q with miinimal data losss.
Bacckup Site Se
erver mainte
enance task
k
The Backup Site Server
S mainten nance task runss on a schedulle and backs u up the site dataabase, specific
regiistry keys, and specific folderr and files. Nott all files are b acked up; how
wever, you cann create the
AfteerBackup.bat file to automattically perform post-backup actions after tthe backup maaintenance tassk
finisshes, such as copying additioonal files from your site servver and archivin ng the backupp snapshot to a
secuure location.
Reccovery featu
ures
In case of hardware or softwaree failure, you need to restoree the site with minimal or noo data loss.
Site recovery inclu
udes potentially replacing fa
ailed hardwaree, reinstalling t he operating ssystem and
Connfiguration Maanager 2012, and restoring the site databaase from a bac kup.
Connfiguration Ma anager 2012 ha as recovery feaatures that difffer from previo
ous versions. FFor example,
in Configuration
C Manager
M 20122, recovery is in
ntegrated in th
he Configuration Manager SSetup Wizard, aand
therre is support fo
or multiple reccovery optionss, as outlined in
n the followingg table.
Re
ecovery option
n for: Recovery op
ption availablee
Th
he site server Recoveer the site serv er from a backkup
Reinsta
all the site servver
Th
he site database Recoveer the site dataabase from a b
backup
Create a new site dattabase
Use a site
s database t hat has been m manually recovered
Skip da
atabase recoveery
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 7-15
If you have a multiple-site implementation of Configuration Manager, you can benefit from data
replication, which can minimize data loss after recovery. When recovering a site that is part of a hierarchy,
Configuration Manager uses database replication to retrieve the most current global data created by the
failed site before it failed. This process minimizes data loss even when no backup is available.
When you need to recover a site, you can initiate an unattended site recovery by configuring an
unattended installation script and then using the Setup /script command.
Question: How do you perform a recovery of your entire site if your site server fails?
MCT USE ONLY. STUDENT USE PROHIBITED
7-16 Maintaining and Monitoring System
S Center 2012 Configuration
C Managger
Con
nfiguration Ma
anager 2012 sttores data in thhe Microsoft SQL Server siite database, in the files locaated
on the
t site server computer, andd in registry ke
eys.
To ensure
e that you can recover your entire Coonfiguration M
Manager enviroonment should d you have a ssite
failu d configure the Backup Site Server mainteenance task forr the central administration site
ure, you should
mary site in your hierarchy.
and for every prim
Bacckup and Re
ecovery Sce
enarios
Deppending on your implementa ation, you migght not need too have a site b
backup to avoiid data loss. In
n
y might succcessfully recovver a primary ssite by reinstalling the site, and
mulltiple-site implementations you
then
n using databa ase replication to retrieve the configuratio use before the failure.
on settings in u
A stand-alone
e primary site. To avoid data
a loss when a sstand-alone prrimary site fails, you must haave a
Configuration
n Manager bacckup.
Secondary sittes. You have no
n built-in feattures for the bbackup and reccovery of seco
ondary sites. W
When a
secondary site fails, you mu
ust reinstall it from
f the primaary site server.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 7-17
A central administration site with child primary sites. You can configure the Backup Site Server task
and perform recovery of the central administration site and all primary sites. Because database
replication is used in the hierarchy, the data required for recovery can be retrieved from another site
in the hierarchy, which means that you can recover a primary site even when you do not have a site
backup. The benefit of having a backup is that you can restore the data using the most recent
backup, and replication only needs to retrieve changes to the data since the last backup, which
reduces the amount of data transferred over your network.
The Backup Site Server task is implemented as a Windows service called SMS_SITE_BACKUP, which is
configured for manual startup. The service is configured to run on a schedule on the site server and
database server, and is started by the Scheduler when you have configured a backup to begin. You also
can manually start the service to initiate an unscheduled backup.
When the backup service starts, it follows the instructions predefined in the backup control file
smsbkup.ctl, located in the <ConfigMgrInstallationFolder>\Inboxes\smsbkup.box\. You can modify
the backup control file to change the behavior of the backup service, such as changing the account which
the service uses. Site backup status information is written by the Backup Site Server task to the
smsbkup.log file, which is automatically created in the folder that you specify in the property window of
the Backup Site Server maintenance task.
To verify that the site backup task successfully ran the AfterBackup.bat file, open the Configuration
Manager console, and then click the Component Status node in the Monitoring workspace. In the
results pane, review the status messages for SMS_SITE_BACKUP. If the task successfully initiated the
AfterBackup.bat batch file, the message ID 5040 is visible.
Question: What tool can you use to configure archiving of backup files that begins
automatically after the site backup completes?
MCT USE ONLY. STUDENT USE PROHIBITED
7-18 Maintaining and Monitoring System
S Center 2012 Configuration
C Managger
Co
onfiguring the Site Backup Tassk
The configuration
n options you choose
c for the
e Backup Site SServer task dep
pend on your site architecture.
You
u need to configure the apprropriate option
ns in the Back
kup Site Serve er dialog box.
To configure
c the Backup Site Se
erver task, perfform the follow
wing steps:
2. In the Admin
nistration worrkspace, expan guration, and tthen click the Sites node.
nd Site Config
6. Select Enable
e this task, and then click Se n. You have the
et Paths to sp ecify the backkup destination
following opttions:
Local drives on site server and SQL Server. You specify a path on the site servers local drive
where the backup files for the site server are stored. You also specify a path on the site database
servers local drive where the backup files for the site database are stored. You must create these
local folders before the backup task runs, and the site servers computer account must have write
access to both folders. This option is available only when the site database is on a remote site
system server.
7. Configure an appropriate schedule for the site backup task. As a best practice, consider a backup
schedule that is outside of active business hours.
8. Select the Enable alerts for backup task failures check box, click OK, and then click OK. When this
check box is selected, Configuration Manager creates a critical alert for the backup failure that you
can review from the Alerts node in the Monitoring workspace.
<ConfigMgrInstallationPath>\inboxes
<ConfigMgrInstallationPath>\Logs
<ConfigMgrInstallationPath>\data
<ConfigMgrInstallationPath>\srvacct
<ConfigMgrInstallationPath>\install.map file
The ..\HKEY_LOCAL_MACHINE\Software\Microsoft\SMS registry key
Configuration Manager site systems and secondary sites. There is no need to back up data from site
systems such as distribution points and management points. These site systems can easily be
reinstalled by the site server if they fail. There is no backup support for secondary sites; they must be
reinstalled from the parent primary site in case of failure.
Custom Reporting Services reports. You must back up any custom reports that you created by using
Reporting Services and the report server database files, so that you can recover them in case of a site
failure. You should include the following in the report server backup:
Encryption keys
Configuration files
Custom SQL Server views used in custom reports
Content library. You must back up the content library so that you can restore and redistribute content
to distribution points. When you initiate content redistribution, Configuration Manager copies the
files from the content library on the site server to the distribution points. The content library for the
site server is in the SCCMContentLib folder that usually is located on the drive that had the most free
disk space when the site was installed.
Package source files. You must maintain a copy of the package source files so that you can restore
them after a site failure, and then update the content on distribution points. When you initiate a
content update, Configuration Manager copies new or modified files from the package source to the
content library, which then copies the files to associated distribution points.
Windows Server Update Services (WSUS) database. You need to back up the WSUS database if you
want to recover the metadata about software updates. An alternative in case of failure, you can
reinstall the software update point on a new WSUS instance, but you would need to reconfigure the
synchronization settings.
Backup custom software updates. You must include the System Center Updates Publisher 2011
database in your backup if you have used System Center Updates Publisher 2011 to do any of the
following activities:
An unscheduled backup can be performed by starting the SMS_SITE_BACKUP service on the site server.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 7-21
Demonstra
D ation: Back
king Up a Primary
P Sitte
In
n this demonsttration, you will see how to configure
c the B
Backup Site Seerver task, and how to trigge
er and
monitor
m a backu
up.
Demonstrati
D ion Steps
Configure
C th
he Backup Site Server ta
ask
1.. On NYC-CFFG, start the Co
onfiguration Manager Con
nsole.
3. Navigate to the C:\Program Files\Microsoft Configuration Manager\Logs, and then open the
smsbkup.log file in Notepad.
4. If the backup completes successfully, at the end of the smsbkup.log file, the text Backup completed
appears, and then on the next line, the text STATMSG: ID=5035 appears.
5. Navigate to the E:\Backup\NYCBackup\SiteDBServer folder and verify that it contains the database
files.
8. Select the SMS_SITE_BACKUP component, and, on the ribbon, click Show Messages and click All.
9. Accept the default of 1 day ago.
10. In Configuration Manager Status Message Viewer, search for a message with a Message ID of
5035.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 7-23
Troublesho
T ooting a Site Backup
p
Yo
ou can use the
e logs and monitoring featurres included in
n Configuration Manager to ensure that th he
Ba
ackup Site Server task started according to
o the backup sschedule and tthat the backu
up operations
pe
erformed succcessfully.
To
o verify that th
he Backup Site
e Server mainte ompleted succcessfully, you can:
enance task co
Configure the
t Backup Site Server mainttenance task t o create an aleert when a bacckup fails. You
u can
check the Alerts
A node in the Monitoring workspace ffor these backuup failure alertts.
Review the Event Viewer logs for accouunt and accesss violations. Ensure that the sservice accoun nt for
SMS_SITE_B BACKUP can acccess any remo ote locations tthat are speciffied in the SMSS Backup control file
and that the service account has the ap
ppropriate privvileges to perfo orm the tasks in the Configu
uration
Manager Backup control file in the [Tassks] section. Byy default, the SSMS_SITE_BACCKUP runs und der the
local system
m account.
MCT USE ONLY. STUDENT USE PROHIBITED
7-24 Maintaining and Monitoring System Center 2012 Configuration Manager
Question: What tasks can you perform to verify that the backup was successful?
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 7-25
Site Recove
ery
Yoou must recovver a System Ce enter 2012 Coonfiguration M Manager site wh henever the site fails or dataa
lo
oss occurs in th nning the Systtem Center 2012
he site databasse. You can initiate the site r ecovery by run
Configuration Manager
M Setup with the Setup /script
p Wizard or byy using an una ttended installation script w
co
ommand. Yourr recovery options depend on o whether yo u have a back up of the System Center 201 12
Configuration Manager
M site and the site database.
To
o start the site
e recovery proccess, perform the
t following ssteps:
3.. On the Gettting Started page, select Recover a site,, and then clickk Next.
When
W performing the site reccovery in Syste
em Center 201 2 Configuratioon Manager, yyou must recovver the
sitte server and the
t site databa ase. If you wan
nt just to perfo
orm site mainteenance or a sitte reset, start tthe
se
etup from the installation pa ath.
Site server re
ecovery opttions
Yo
ou have the fo
ollowing recovery options for the failed sit e server:
Recover th he site server using an exissting backup. Use this optio on when you h have a backup of the
Configuratiion Manager site
s server creaated before thee site failure. TThe site is reinsstalled and the
e site
settings con
nfigured as theey were when the site was b
backed up.
MCT USE ONLY. STUDENT USE PROHIBITED
7-26 Maintaining and Monitoring System Center 2012 Configuration Manager
Reinstall this site server. Use this option when you do not have a backup of the site server. The site
server is reinstalled, and you must specify the site settings. You must use the same site name, site
code and configurations as the failed site, to be able to successfully recover the site.
Note When Setup detects an existing System Center 2012 Configuration Manager site on
the server, the recovery options for the site server are disabled, and the existing
Configuration Manager site files and registry keys are used.
Recover the site database using the backup set at the following location. Use this option when
you have a backup of the Configuration Manager site database created before the site database
failure. When you have a hierarchy, the changes made to the site database after the last site database
backup are retrieved from other sites through replication. When you recover the site database for a
stand-alone primary site, you lose any changes made to the site since the last backup.
Note If you select to restore the site database by using a backup set but the site database
already exists, the recovery will fail. You must manually delete the existing database files
before attempting recovery.
Create a new database for this site. Use this option when you do not have a backup of the
Configuration Manager site database. When you have a hierarchy, a new site database is created and
data is recovered by using replication from other sites in the hierarchy. This recovery option is not
available when you are recovering a stand-alone primary site or a central administration site with no
primary sites.
Use a site database that has been manually recovered. Use this option when you recover the
Configuration Manager site database by using a method other than the Backup Site Server
maintenance task. When you have a hierarchy, a new site database is created and data is recovered
by using replication from other sites in the hierarchy. When you recover the site database for a stand-
alone primary site, you lose any changes made to the site since the last backup.
Skip database recovery. Use this option when the site failure did not cause data loss in the
Configuration Manager site database, and you recover only the site server.
Post-Recovery Tasks
There are several post-recovery tasks that you may need to perform to complete the site recovery process:
Re-enter user account passwords. You must re-enter user account passwords for the user accounts
specified for the site, because all passwords are reset during the site recovery. The accounts for which
you must reset passwords are listed on the Finished page of the Setup Wizard after site recovery
completes and are saved on the recovered site server in the C:\ConfigMgrPostRecoveryActions.html
file.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 7-27
Reinstall hotfixes on the recovered site server. You must reinstall any hotfixes that were applied to the
site server. A list of any previously-installed hotfixes is located on the Finished page of the Setup
Wizard after the site recovery completes, and is saved to C:\ConfigMgrPostRecoveryActions.html on
the recovered site server.
Recover custom reports. You must re-import any custom reports you have created on Reporting
Services.
Recover content files. You must restore the content library and package source files to their original
locations. The site database contains information about the content files storage locations on the site
server, but the content files are not backed up or restored as part of the backup and recovery process.
You can restore these files from a file system backup of the site server.
Question: How do you recover a stand-alone primary site when the database becomes
corrupted?
MCT USE ONLY. STUDENT USE PROHIBITED
7-28 Maintaining and Monitoring System
S Center 2012 Configuration
C Managger
De
emonstration: Recov
vering a Primary Sitee
In th
his demonstration, you will see
s how to run n the System CCenter 2012 Co onfiguration MManager Setup
p
Wizzard, and see th
he Setup Wizaard options ava
ailable during the site recov ery process.
Dem
monstration
n Steps
Note To perform site reccovery, you ne eed to start thee setup prograam from the innstallation
media. If youu want to perfform only a site reset, you neeed to start the setup from tthe
installation path.
p
On the Getting
G Starte
ed page, at Ava
ailable Setup Options, clickk Recover a siite.
On the Product
P Key page select Insttall this prod uct as an evaluation.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 7-29
On the Microsoft Software License Terms page, select the I accept the license terms check
box.
On the Prerequisite Downloads page, select Use previously downloaded files. In the path
box, type E:\ConfigMgr2012\Redist.
In the Configuration Manager Setup Downloader dialog box, wait for the prerequisite
validation to finish.
On the Customer Experience Improvement Program Configuration page, select I dont want
to join the program at this time, and then click Next.
On the Settings Summary page, click Next.
On the Prerequisite Check page, click Cancel. For a real system recovery you would click Begin
Install, but for this demonstration you cancel the wizard.
MCT USE ONLY. STUDENT USE PROHIBITED
7-30 Maintaining and Monitoring System
S Center 2012 Configuration
C Managger
Lesson 3
Monito
oring Configur
C ration Manage
M er 2012 Site Sysstems
Connfiguration Maanager 2012 in ncludes monito oring and alertting features that you can usse to detect annd
trou
ubleshoot criticcal conditions related to the
e site systems aand clients. Yo
ou can configure the status ssystem
to determine
d the overall health of your Config guration Manaager environm ment based on status messag ges.
Configure ale
erts.
Configure the
e status system
m and status su
ummarizers.
Describe the features of Sysstem Center 2012 Operation
ns Manager that you can use
e to monitor
Configuration
n Manager 201 12 site systemss.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 7-31
Monitoring
M g Configurration Man
nager Dataabase Replication
Yo
ou can use the e monitoring features included in the Conffiguration Ma nager console
e to monitor daatabase
eplication in a multiple-site Configuration
re C Manager enviironment.
Yo
ou can monito or replication in the Configuration Manageer console, in tthe Monitoringg workspace, u under
th
he Database Reeplication nodde. Here you find the replicattion links, and you can view the status of tthe
eplication and of the associated componen
re nts for each sitte server.
Fo
or each replica
ation link you can ollowing infor mation:
c view the fo
Summary. Shows
S the ove
erall site replica
ation status an
nd information
n about global data and site data
replication status.
Co
onfiguring Alerts
Con
nfiguration Ma
anager 2012 in
ncludes an alerrting system th
hat generates aalerts in the Co
onfiguration
Man
nager console when specific conditions aree encounteredd.
The managem
ment point. Ge
enerates an ale
ert when the m
management p
point is not healthy.
Replication. Generates
G an alert
a n for more time than the inte
if replicatiion link conne ctivity is down erval
in the specificcations.
You
u can create ale
ert subscriptions only for Endpoint Protecttion so that yo
ou can receive alert informattion
by email.
e You must specify:
2. The e-mail ad
ddresses.
Configuring
C g the Statu
us System
Configuration Manager
M 2012 generates status messages aabout actions performed byy various
Configuration Manager
M compponents, and about
a site systeems and clientt status. All Co
onfiguration Manager
co
omponents ge enerate status messages.
Sttatus messages are stored in n the Configuraation Managerr database and d can be vieweed individuallyy using
th
he Configurattion Manager Status Messa age Viewer. Sttatus messagees also are agggregated usingg
ummarizers to determine the
su e health of the omponents and
e Configuratio n Manager sit e system or co
ob ation deployment. There aree four types of summarizers:
btain statistics about applica
Application
n Deployment Summarizer. Summarizes
S th
he status messaages related to
o application
deploymen nts.
Applicationn Statistics Sum mation about tthe installed deployment pro
mmarizer. Summarizes inform ocess to
create statistics.
Component Status Summ marizer. Summarizes the stat us messages rrelated to Conffiguration Man
nager
componentts to determine their health.
Site System
m Status Summ marizer. Summa arizes the statu
us messages reelated to Conffiguration Man
nager
site systemss to determine
e their health.
To
o configure the status summ
marizers, perforrm the followi ng steps:
4.. In the Statu ers dialog boxx, select the su mmarizer you want to configure, and then
us Summarize n click
Edit.
MCT USE ONLY. STUDENT USE PROHIBITED
7-34 Maintaining and Monitoring System Center 2012 Configuration Manager
You can view the aggregated health information for site systems and components that are calculated by
summarizers in the Configuration Manager console, in the Monitoring workspace, under the System
Status node. Here you can find the aggregated health status under the Site Status and Component Status
nodes.
You can configure status filter rules to detect critical conditions based on specific status messages, and
perform automated actions based on the conditions detected. The built-in status filter rules create events
in the Windows event logs when specific status messages are detected. You also can create custom status
filter rules to control how status messages are processed.
To configure the status filter rules perform the following steps:
2. In the navigation pane, expand Site Configuration, click Sites, and then in the results pane, select
the site.
4. In the Status Filter Rules dialog box, select the rule you want to configure, and then click Edit. You
can also create new status filter rules in this dialog box.
Status reporting
By configuring status reporting, you can modify how the server and client components report status
messages to the Configuration Manager status system, and configure the location where status messages
are sent. By default all status messages for All Milestones are sent without details to Configuration
Manager, and the information is not written to event logs.
To configure the status reporting perform the following steps:
2. In the navigation pane expand Site Configuration, click Sites, and then in the results pane, select the
site.
3. On the ribbon, in the Settings group, click Configure Site Components, and then click Status
Reporting.
4. In the Status Reporting Component Properties dialog box, select the level of details for Server
component status reporting and for Client component status reporting.
Note The default reporting settings are appropriate for most environments and should be
changed with caution. When you increase the level of status reporting by choosing to
report all status details you can increase the amount of status messages processed, which
increases the processing load on the site server and on the site database.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 7-35
Monitoring
M g by Using
g System Center
C 2012 Operatio
ons Manag
ger
Th
he Configuratiion Manager 2012
2 Managem ment Pack for Operations M anager helps aadministratorss
manage
m and addminister Configuration Man nager 2012 serrvers, computeers, databases, services, diskss,
pplications, or any other kind
ap d of object tha
at requires mo
onitoring.
Monitoring
g the availabilitty status of all server roles.
Monitoring
g the health sta
atus of key serrvices.
Monitoring
g SQL replicatio
on health statu
us.
Monitoring
g general CPU, Memory, and
d Disk system rresource usagee.
Providing a topology diagram of the Configuration M
Manager 2012
2 site hierarchyy.
Monitoring
g the performa
ance trends of some Configu
uration Manag
ger performancce counters.
Lab: Maintain
M ning and
d Monittoring SSystem Center 2012
Config
guration
n Managger
Lab
b Setup
For this lab, you will
w use the avaailable virtual machine
m enviro
onment. Beforre you begin the lab, you mu
ust
com
mplete the folloowing steps:
3. In the Actionss pane, click Connect. Wait until the virtuaal machine staarts.
Password
d: Pa$$w0rd
Domain: Contoso
5. Repeat steps two through four
f for 10748
8A-NYC-CAS- C and 10748A
A-NYC-CFG-C
C.
Lab
b Scenario
You
u are the netwo
ork administraator for Contosso, Ltd. Contosso has deployeed System Cen nter 2012
Connfiguration Ma
anager in a com
mplex hierarchhy with a centrral administrattion site, two p
primary sites and a
seco
ondary site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 7-37
You need to configure the Backup Site Server task, recover the site from a backup, and use monitoring
features to evaluate the health of your Configuration Manager environment by:
2. In the Configuration Manager console, click the Administration workspace, expand Site
Configuration, and then select Sites.
3. Select NYC --- New York Primary Site, and on the ribbon, click Settings, and then click Site
Maintenance.
4. In the Site Maintenance dialog box, edit the Backup Site Server task.
5. In the Backup Site Server Properties dialog box, select the Enable this task check box, and then
click Set Paths.
6. In the Set Backup Paths dialog box, verify that the option Local drive on site server for site data
and database is selected, and then browse to select a folder.
Note In practice, you should use either Network path (UNC name) for site data and
database to save backup on a network share, or you should use Local drives on site
server and SQL Server if the database is installed on a separate server.
7. Create a new folder called Backup in the Local Disk (C:) drive, and then click Select Folder.
8. In the Set Backup Paths dialog box, verify that C:\Backup appears in the box, and then click OK.
9. In the Backup Site Server Properties dialog box, in the Start after box, set the time to start 3
minutes from now, and then click OK.
10. In the Site Maintenance dialog box, verify that the Backup Site Server task is enabled.
X Task 2: Trigger the backup of the site and verify its completion
1. From Administrative Tools, start the Services console.
3. Navigate to the C:\Program Files\Microsoft Configuration Manager\Logs, and then open the
smsbkup.log file in Notepad.
4. If the backup is performed successfully, in the smsbkup.log file, the text Backup completed appears,
and then, on the next line, the text STATMSG: ID=5035 appears.
5. Navigate to the C:\Backup\NYCBackup\SiteDBServer folder, and then verify that it contains the
database files.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 7-39
7. In the Configuration Manager console, in the Monitoring workspace, expand System Status, and
then select the Component Status node.
8. Select the SMS_SITE_BACKUP component, and, on the ribbon, click Show Messages and click All.
10. In the Configuration Manager Status Message Viewer, search for a message with a Message ID of
5035.
Note When site backup completes successfully, message ID 5035 appears, which indicates
that the site backup completed without any errors.
Results: At the end of this exercise, you should have performed a backup for the Configuration Manager
site.
MCT USE ONLY. STUDENT USE PROHIBITED
7-40 Maintaining and Monitoring System Center 2012 Configuration Manager
The main task for this exercise is to use the Site Recovery Wizard to recover the site from backup.
X Task: Use the Site Recovery wizard to recover the site from backup
1. On NYC-CFG, run E:\ConfigMgr2012\SMSSETUP\BIN\X64\setup.exe. The System Center 2012
Configuration Manager Setup Wizard starts.
2. In the Microsoft System Center 2012 Configuration Manager Setup Wizard use the following
settings to restore the site:
On the Getting Started page at Available Setup Options, click Recover a site.
On the Site Server and Database Recovery Options page, click Recover the site database
using the backup set at the following location, and then browse to select the
C:\Backup\NYCBackup folder where the backup you performed in the previous exercise is
located.
On the Site Recovery Information page, verify that the option Recover primary site is
selected.
On the Product Key page select Install this product as an evaluation, and then click Next.
On the Microsoft Software License Terms page, click the I accept these license terms check
box, and then click Next.
On the Prerequisite Downloads page, select Use previously downloaded files, and then
specify E:\ConfigMgr2012\Redist as the location.
On the Customer Experience Improvement Program Configuration page, select I dont want
to join the program at this time, and then click Next.
Complete the wizard using the default options. At the Prerequisite Check step, click Cancel, and
then click Yes. It takes time to restore the site, and so for this lab, you cancel the restoration
process.
Results: At the end of this exercise, you should have recovered the Configuration Manager 2012 primary
site
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 7-41
2. Monitor replication.
2. In the Configuration Manager console, click the Administration workspace, expand Site
Configuration, click Sites, and then click the site CAS --- Contoso Central Administration Site.
4. In the Status Summarizers dialog box, edit the Component Status Summarizer:
On the General tab of the Component Status Summarizer Properties dialog box, verify that
Enable status summarization is selected.
On the Thresholds tab, in the Message type box, click Error status Messages, and then in the
Thresholds list, double-click the SMS_SITE_BACKUP component.
In the Status Threshold Properties dialog box, review the warning and the critical thresholds to
the following values, and then close the dialog box.
5. In the Status Summarizers dialog box, edit the Site System Status Summarizer:
On the General tab of the Site System Status Summarizer Properties dialog box, verify that
Enable status summarization is selected. For primary sites, you also can configure the
replication and schedule in this dialog box.
On the Thresholds tab, review the values for the Default thresholds.
Click any object from the Specific thresholds list, and then click the Properties button. Review
the storage objects warning and critical thresholds, and then close the dialog box.
2. Briefly rest the mouse pointer over the line between the CAS and NYC sites to view the status of
global and site data replication for these sites.
MCT USE ONLY. STUDENT USE PROHIBITED
7-42 Maintaining and Monitoring System Center 2012 Configuration Manager
3. In the navigation pane, click Database Replication, and then in the results pane, click the CAS to
NYC replication link.
4. In the preview pane, review the information found at the Summary, Parent Site, and Child Site tabs
about the replication status, site configuration and SQL Server details for the parent and child sites.
Results: At the end of this exercise, you should have used the In-Console Monitoring features.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-C, and then click Revert.
Modu
ule Reviiew and
d Takeaw
ways
Review
R Quesstions
1.. What do yo
ou use the Afte
erBackup.Bat file
f for?
Module 8
Migrating from System Center Configuration Manager 2007
to System Center 2012 Configuration Manager
Contents:
Lesson 1: Overview of the Migration Process 8-3
Module Overrview
Microsoft Systemm Center 2012 Configuration n Manager pro ovides a rich feeature set thatt you can use tto
miggrate objects frrom System Ceenter Configurration Manageer 2007 to Con nfiguration Maanager 2012, aand to
restructure your site hierarchy during
d migratioon.
ng the Migration Job wizard, you can migrrate different ttypes of objects such as collections,
Usin
advertisements, so
oftware packages, software updates,
u Assett Intelligence ccustomizationss, operating syystem
dep
ployment objeccts, Desired Co
onfiguration Management
M o
objects, and software meterin ng rules.
Afte
er completing this module, you
y will be able to:
Lesson
n1
Overv
view of the Mig
gration Processs
Th
he migration process
p from Configuration
C Manager
M 20077 to Configuration Manager 2012 includess
co
onfiguring thee source hierarcchy, configurin
ng additional ssource sites, co
onfiguring shaared distributio
on
po
oints, migratin
ng collections, migrating objects by type, mmonitoring thee migration prrocess, and mig grating
Configuration Manager
M clientts. When the migration
m proccess is completted, you perform the cleanup of
migration
m data by removing thet configuration of the sou rce hierarchy.
In ou will review the migration process, revieew the types of objects that can be migratted,
n this lesson, yo
grating collecttions, and anallyze consolidation requirements when mig
diiscuss the restrrictions for mig grating
primary sites.
After completin
ng this lesson, you
y will be able to:
he migration process.
Describe th
Describe th
he need for con
nsolidating priimary sites.
MCT USE ONLY. STUDENT USE PROHIBITED
8-4 Migrating from System Center Configuration Manager 2007 to System Center
C 2012 Configuuration Manager
Ov
verview of the Migra
ation Proce
ess
Whe en migrating a Configuration Manager 20 007 hierarchy tto a Configuraation Manager 2012 hierarch hy,
you always perforrm a side-by-side migration. You install a ffully-functionaal Configuratio on Manager 20 012
hierrarchy in the sa
ame network environment
e as
a the Configu ration Manageer 2007 hierarchy, select and d
miggrate objects inn batches, and migrate clientts last. By usin g this approacch, you minimize the risks
ociated with a migration com
asso mpared to the risks you mayy encounter wh hen performinng an in-place
upggrade. Addition 12 installation fails, you can easily discard the new installation and revvert
nally, if the 201
back to the previo ous source hierarchy.
By performing
p a side-by-side
s migration,
m you also
a have the o opportunity to o consolidate ssites since the
Connfiguration Ma anager 2012 hiierarchy can have a maximu m of three sitee levels made up of the centtral
admministration site e, one level off primary sites below that, an nd a level of seecondary sites below the primary
sitess. If you have primary
p sites that are child sites of primaryy sites in the C
Configuration MManager 2007 7
hierrarchy, you nee ed to restructuure your hierarrchy when mig grating to Con nfiguration Maanager 2012,
because primary sites
s cannot be e the child site
es of other prim
mary sites in CConfiguration MManager 2012 2 as
theyy could be in previous
p versio
ons.
You
u can upgrade clients by usin ng any of the client
c installati on methods in
ncluding Client Push, Group
Policy installation, logon script, or manual installation. Wheen upgraded, tthe Configurattion Manager cclients
maintain the execcution history for
f advertisemments.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 8-5
1. Configure the source hierarchy. In the first step of the migration process, you configure the source
hierarchy by specifying the top-level site in the Configuration Manager 2007 implementation. This
site also becomes a source site for migrating Configuration Manager objects.
2. Configure additional source sites. You can specify additional source sites that contain objects you
want to migrate. You can only configure source sites that are below the top-level site that you
configured in the previous step.
3. Configure distribution point sharing. In this optional step, you configure a Configuration Manager
2007 distribution point so that it is visible to Configuration Manager 2012 clients after migration. You
use this approach to make packages available to Configuration Manager 2012 clients without
distributing the content to the Configuration Manager 2012 distribution points.
4. Migrate collections and associated objects. You create a migration job to migrate collections and
associated objects such as advertisements or packages.
5. Migrate objects by type. You select the types of objects to migrate, including boundaries, Asset
Intelligence customizations, software updates, operating system deployment objects, Desired
Configuration Management baselines and configuration items, and software metering rules.
6. Migrate Configuration Manager clients. You can use any of the client installation methods to upgrade
the client in place to the Configuration Manager 2012 version. This process maintains the client
execution history.
7. Convert secondary sites to distribution points. In this optional step, you can convert Configuration
Manager 2007 secondary sites to Configuration Manager 2012 distribution points. The Upgrade
Shared Distribution Point wizard uninstalls the secondary site and then configures the server as a
distribution point in Configuration Manager 2012 while maintaining the content on the distribution
point.
1. Remove distribution point sharing. When all Configuration Manager clients are migrated to the
Configuration Manager 2012 version, you can remove the distribution point sharing.
2. Remove the source hierarchy configuration and decommission the old hierarchy. The last step in the
migration process, after you ensure that all the necessary objects have been migrated, is to remove
the source hierarchy configuration and then decommission the Configuration Manager 2007
hierarchy.
Note Site codes cannot be reused. You need to provide unique site codes across
Configuration Manager 2007 and Configuration Manager 2012 hierarchies.
Question: How do you begin the migration process from Configuration Manager 2007 to
Configuration Manager 2012?
MCT USE ONLY. STUDENT USE PROHIBITED
8-6 Migrating from System Center Configuration Manager 2007 to System Center
C 2012 Configuuration Manager
Typ
pes of Objjects You Can
C Migra
ate
Ob
bject Wh
hat is migrated
d
Collections You can migrate query-based or direct mem mbership collecctions with thee
following restricttions:
Mixed collecctions (which ccontain both u users and devicces) cannot bee
migrated.
Collections that
t have the m
membership liimited to anotther collections are
migrated as individual col lections with aadditional inclu
usion rules.
Advertisementss You can migrate existing adve rtisements forr packages, sofftware updatess, or
Tassk Sequences so
s that the Co
onfiguration MManager 2012 cclients receive them.
Bo
oundaries You can migrate the existing b
boundaries to C
Configuration Manager 20112.
You need to assign the boundaaries to bound o use them for client
dary groups to
asssignment or co
ontent lookup..
So
oftware distrib
bution You can migrate software distrribution packaages. We recom
mmended thatt you
pa
ackages nfigure the package source using a Univerrsal Naming C
con Convention (UN
NC)
patth to minimize
e the need for reconfiguring
g the package source after
migration.
Virtual application You can migrate the virtual appplication packkages to Config guration Manaager
ackages
pa ns. Any existing
2012 application g advertisemen nts of virtual aapplication
pacckages are nott migrated.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 8-7
(continued)
Software updates To migrate software updates related objects, first you need to configure a
software update point in Configuration Manager 2012 and then synchronize
software-update metadata with the same sync source as the source hierarchy
uses. After you do this, you can migrate the following types of objects:
Deployments
Deployment packages
Templates
Software update lists
Asset Intelligence You can migrate any customizations you made to the Asset Intelligence
customizations catalog, including custom categories, software families, labels, hardware
requirements, and software lists.
Operating System You can migrate the following types of objects used in operating system
Deployment deployment:
Boot images
Driver packages
Drivers
Images
Packages
Task sequences
Desired Configuration You can migrate configuration baselines and configuration items you have
Management previously created in Configuration Manager 2007.
Software metering rules You can migrate software metering rules but not the metering history.
Queries
Security rights and instances for the site and objects
Configuration Manager 2007 web reports or SQL Server Reporting Services reports
Client inventory and history data (from the site database); however clients maintain execution history
Co
ollection Re
estrictionss
Whe en you migrate collections that are linked to other colleections or that have sub-colle ections,
Connfiguration Ma anager 2012 crreates a folder under the Useer Collections or Device Colllections node in
adddition to the lin
nked collection
ns and sub-colllections. Colleections that contain a referen
nce to a collecction
of a different resoource type cannot be migrated.
In Configuration
C Manager
M 20077, empty collecctions (collectio
ons that have no associated resources) are e used
to organize
o other collections. When
W migrating g an empty co ollection, it is cconverted to an organization
nal
fold
der that contains no users or devices.
Additional inclusion rules are added to the Servers and Desktops collection to ensure that they have the
same membership after migration. If the top-level collection does not have any membership rules and has
no advertisements targeted to it, the New York collection will be migrated to a folder in Configuration
Manager 2012, and the sub-collections Servers and Desktops will be migrated as collections with
additional inclusion rules in the New York folder.
Question: You have a collection in Configuration Manager 2007 that contains both users
and devices. What do you need to do to migrate the collection to Configuration Manager
2012?
MCT USE ONLY. STUDENT USE PROHIBITED
8-10 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
Co
onsolidatio
on Require
ements forr Primary SSites
In Configuration
C Manager
M 20122, a primary site cannot be th he child of anoother primary site; it can only be
a ch
hild of a centraal administratio on site. Similarrly, the only tyype of site thatt a secondary ssite can have aas a
pare e to these restrictions, the hiierarchy modeel in Configuraation Manager 2012
ent site is a priimary site. Due
can have a maxim mum of three le evels:
Secondary sittes. Secondary sites are used to manage cl ient communiication traffic o
on slow wide aarea
network (WAN) links.
A Configuration Manager
M 2007 hierarchy can have more th han three levels. Additionallyy, primary sitess are
allowed to have another
a primarry site as a parent. When you u migrate to C
Configuration M Manager 2012 2, any
prim
mary sites that are a child of another primaary site need t o be consolidaated.
Clients assigned to central primary sites in Co
onfiguration M Manager 2007 ccannot be assigned to the ce
entral
admministration site ation Manager 2012 becausee the central administration site cannot haave
e in Configura
assigned clients. The
T clients assiigned to the ceentral site in C
Configuration M
Manager 20077 need to be
reasssigned to anoother primary site
s in the Con nfiguration Ma nager 2012 hiierarchy.
Lesson
n2
Prepa
aring Co
onfigura
ation Manager
M r 2007 SSites for
Migra
ation
To
o migrate obje
ects from Conffiguration Man
nager 2007 to Configurationn Manager 201 12, you need tto
en
nsure that both the source and
a destinationn hierarchies m
meet certain p rerequisites.
In
n this lesson, yo
ou will review the preparatio
on steps you n
need to perform
m on Configurration Manage
er 2007
sittes to ensure successful
s migration of objeccts.
After completin
ng this lesson, you
y will be able to:
Describe th
he steps for pre
eparing Config
guration Manaager 2007 sitess for migration
n.
Describe th
he prerequisite
es for migration from Config uration Manag
ger 2007 to Co
onfiguration
Manager 20 012.
MCT USE ONLY. STUDENT USE PROHIBITED
8-12 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
Pre
eparing Co
onfiguratio
on Manager 2007 Siites for Miigration
To ensure
e a succe
essful migration, you should review your C Configuration M
Manager 2007 7 hierarchy setttings
and make change es as required. Not all of the changes desc ribed below are required to perform the
gration; however, they help streamline
mig s the migration pro
ocess.
Con
nsider the follo
owing points when
w reviewing
g your Configu ger 2007 hierarchy settings:
uration Manag
Migration is an
a opportunityy to restructure e the hierarchyy configuratio
on, because Co onfiguration
Manager 201 12 hierarchy ca an have a maxiimum of threee levels. Becausse primary site es cannot havee
other primaryy sites as child sites in Config
guration Manaager 2012, if yo ou have that cconfiguration in
your current Configuration Manager 2007 hierarchy yo ou must migrate all the obje ects in your
Configurationn Manager 200 07 hierarchy frrom the multipple primary sittes that are in a parent-child
d
relationship to a single prim
mary site in your new Config guration Mana ger 2012 hieraarchy.
Configuration n Manager 201 12 requires Wiindows Server 2008, SQL Seerver 2008, and 64-bit systems.
While it is nott necessary to upgrade the source
s hy to use thes e versions, you
hierarch u need to test them
to ensure theey are supporte ed in your organization enviironment, befoore installing tthe new
Configuration n Manager 201 12 hierarchy.
Mixed and sub-collections may require changes to their collection definitions to enable migration to
Configuration Manager 2012.
All software packages should be configured with an UNC path to reduce the need for reconfiguration
after you migrate them.
All site codes need to be unique throughout source and destination hierarchies.
MCT USE ONLY. STUDENT USE PROHIBITED
8-14 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
Co
onfiguratio
on Manage
er 2007 Prerequisitees for Migrration
To perform
p migra ation, ensure th
hat Configurattion Manager 2007 sites com
mply with the ffollowing
prerrequisites by:
Updating Con
nfiguration Ma
anager 2007 at all source sittes with Servicee Pack 2.
Configuring the
t following two
t user accou
unts in Configu
uration Manag
ger 2012 with permissions in
n each
source site th
hat you want to
o migrate:
The Sourrce Site SQL Seerver Account. This account rrequires Read and Execute p
permissions to the
source sitte database.
Note Use thet computer account for th he Source Site SMS Provider Account and the Source
Site SQL Servver Account ra
ather than a usser account.
RPC (WM
MI), 135 (TCP)
Configurat
C ion Manag
ger 2012 Prerequisit
P tes for Mig
gration
In
n-place upgrad de of an existin
ng Configuration Manager 22007 infrastruccture to System
m Center 2012 2
Configuration Manager
M is nott supported. In
nstead, you mu migration by installing
ust perform a side by side m
a Configuration n Manager 201 12 hierarchy on mputers than tthe Configurattion Manager 2007
n different com
sitte installation.
To
o perform miggration, you ne
eed to install and configure yyour Configuration Manage
er 2012 hierarcchy in
th
he same netwoork environment as your exissting Configurration Manageer 2007 implem
mentation prioor to
migration.
m The new hierarchyy can be one off the following
g:
Multiple sitte. Install a cen ation site and then install att least one prim
ntral administra mary site in the
e
hierarchy.
Stand-alone primary site.. Install a single primary site which will be the only primaary site in the
hierarchy.
Be
efore migratin
ng, ensure thatt the following
g Configuration
n Manager 20 12 migration p
prerequisites aare
co
omplete:
Use an acco ount in the Co
onfiguration Manager 2012 h hierarchy that has the Full A
Administrator ssecurity
role so thatt you can creatte objects in any site in the C
Configuration Manager 2012 hierarchy.
Configure a software upd
date point in your
y Configuraation Managerr 2012 hierarchhy, and synchronize
the softwarre update meta
adata using th
he same sourcee as the existin
ng software up
pdate point in your
Configuratiion Manager 2007
2 hierarchyy. This enables you to migratte software up
pdates.
Configure at
a least one Co
onfiguration Manager
M 2012 primary site, oor the central aadministration
n site, to
use the sam
me port numbe ers as the original Configuraation Managerr 2007 source ssite. This allow
ws client
requests to be directed and use shared distribution p points from thee Configuratio
on Manager 20 007 site.
Assign Site Delete permisssions to the Source Site Acccess Account o
on the source ssite to automaatically
remove the e distribution points
p from the
e Configuratio
on Manager 20 007 site during
g migration.
MCT USE ONLY. STUDENT USE PROHIBITED
8-16 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
Disscussion: Planning
P fo
or Migration
You
u are the admin
nistrator for Co
ontoso Ltd. Coontoso has dep ployed System
m Center Configuration
Man
nager 2007 in a multiple-site he existing envvironment includes the follow
e hierarchy. Th wing sites:
NYO
N New
w York Prim
mary CEN Primaary site, located in New Yorkk. It has 10,000
0
assign
ned clients.
DEN
D Denvver Seco
ondary CHI Secon ndary site, locaated in Denverr. It has 1,000
clientts which are asssigned to CHI.
CA
AN Cana
ada Prim
mary CEN Primaary site, located in Toronto. It has 500 assig
gned
clientts and is managed from New w York, since th
here
are no o administrativve personnel.
EH
HQ Lond
don Prim
mary CEN Primaary site, located in London w
where Contoso o has
the Eu uropean headquarters. It haas 4,000 assigned
clientts.
PA
AR Pariss Prim
mary LON Primaary site, located in Paris, which is managed
d from
Londoon. It has 1,000 assigned clieents.
LY
YO Lyon
n Seco
ondary PAR Secon
ndary site, locaated in Lyon. Itt has 500 clien
nts
which
h are assigned to PAR.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 8-17
Contoso uses a variety of server operating system versions for the site servers, including the following:
The Configuration Manager 2007 databases are hosted on either SQL Server 2005 or SQL Server 2008.
Contoso also uses multiple versions of service packs for Configuration Manager 2007 including:
Configuration Manager 2007 Service Pack 2 and R3, which are used in all locations in North America
and Canada.
Configuration Manager 2007 Service Pack 1 and R2, which are used in all locations in Europe.
Contoso wants to take advantage of the new hierarchy model from Configuration Manager 2012 and
consolidate the existing environment by installing site servers in the two datacenters located in New York
and London. For other locations, they want to use either secondary sites or distribution points.
You need to plan for migration to Configuration Manager 2012. Use the following table to describe your
proposed architecture for the Configuration Manager 2012 hierarchy.
Site
code Location Site type Parent site Managing clients from:
Question: What components of the existing Configuration Manager 2007 hierarchy need to
be upgraded to enable migration?
MCT USE ONLY. STUDENT USE PROHIBITED
8-18 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
Lesson 3
Config
guring Migratio
M on Settiings
Afte
er you have co
onfigured the source
s hierarchhy, the migrat ion data gatheering process b begins. It colle
ects
info
ormation about the sites, andd objects withiin those sites, iin the Configu
uration Manag ger 2007 hierarrchy
starting from the top-level site you
y specified. The top-level site also is con nfigured as a ssource site thaat
contains objects to
t be migrated d.
You
u can configuree additional sittes from the Configuration
C M
Manager 2007 7 hierarchy as ssource sites, w
which
mak
kes it possible to migrate obj
bjects from theese sites to Con
nfiguration Maanager 2012.
Afte
er completing this lesson, yo
ou will be able to:
Configuring
C g the Sourrce Hierarcchy
Th
he source hierarchy is the se
et of Configura
ation Managerr 2007 sites thaat contain obje
ects you want to
migrate
m to Conffiguration Man nager 2012.
To
o configure the source hiera
archy you mustt input the folllowing information in the Sp
pecify Source
Hierarchy dialog
g box:
When
W you configure a Config guration Manager 2007 site aas the top-leveel site, you cann migrate obje ects
from it and anyy child primary sites. You cann only migrate objects from tthe site that yo ou selected in
adddition to sitess that are belo
ow the source site,
s so it is reccommended to
o select the sitte located at th
he top
off the Configuration Manager 2007 hierarchy, which is caalled a central site.
Configuration Manager
M 2012 uses these setttings to retrieeve informationn about objectts and distribu
ution
po
oints from the
e source site. During
D the data
a gathering prrocess, child sittes in the Conffiguration
Manager
M 2007 hierarchy are identified,
i which you can theen configure aas source sites for migration..
2. In the navigation pane, expand Migration, and then click the Source Hierarchy node.
Type the name of the top-level Configuration Manager 2007 site server.
Demonstra
D ation: Conffiguring th
he Source Hierarchy
In
n this demonsttration, you will see how to configure
c the ssource hierarchy.
Demonstrati
D ion Steps
Configure the Source Hierarchy
1.. On NYC-CFFG, start the Co
onfiguration Manager Con
nsole.
3.. In the Speccify Source Hiierarchy dialog box, use thee following setttings to config
gure the sourcce
hierarchy:
In the Top-level
T Con
nfiguration Manager
M 2007
7 site server b
box, type
NYC-C CM7.Contoso..com.
Under Specify the Source Site Acccount to use to access the e SMS Provide er for the sou urce site
server. This account required Re ead permissio ons to all sourrce site objectts, verify that U
User
Account is selected, and use Set to
o configure a new account w wing information:
with the follow
Pa
assword and Confirm
C passw
word boxes, tyype Pa$$w0rd
d.
Under Specify the Source Site Da atabase Accou QL Server for the
unt to use to access the SQ
sourcee site server. This
T account requires
r Read
d and Executee permissionss to the source site
databa me account as the Source S ite SMS Proviider Account is
ase, verify thatt Use the sam
selecte
ed.
Migration Da
ata Gatherring
You configure
e credentials for an addition
nal source site in an active so
ource hierarchyy.
You
u can modify th he schedule fo or this cycle byy editing the p roperties of th
he source site iin the Configu
uration
Man nager console.. The initial data-gathering process
p must rreview all objects in the Configuration Manager
2007 database an nd can take mo ore time to finish than subseequent data-gaathering proce esses that iden
ntify
onlyy changes to the data.
To gather
g data, th
he Configuratioon Manager 2012 top-level site connects tto the SMS Pro ovider and to the
he source site and then retrieves a list of o
site database of th objects and disstribution poin
nts.
You
u can use the Gather
G Data Noow action in thhe Configuratiion Manager cconsole to imm mediately startt the
mig
gration data ga ess and to reset the start timee of the next ccycle. Data gatthering runs on the
athering proce
configured schedule until you change
c the acttive source hieerarchy or until you use the SStop Gatheringg
Data action to end
d the data gatthering processs for that site.
You
u can use the Stop
S Gathering t end the dat a gathering prrocess for a so
g Data action to ource site when
n you
no longer want Coonfiguration Manager
M 2012 to identify neew or changed objects from that site.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 8-23
Configuring
C g Addition
nal Source
e Sites
So
ource sites are
e sites in the acctive source hierarchy that h ave data that you migrate to Configuratio
on
Manager
M 2012.
When
W you configure a source e hierarchy, you must specifyy the top-level site of the hie
erarchy first, w
which is
co he first source site for that so
onfigured as th ource hierarch
hy.
When
W you configure additionnal source sitess, you must co nfigure sourcee sites from the
e top down, and
co
onfigure the bottom-tier site
es last.
Yo
ou do not havve to configuree additional source sites befo migration jobs. However, you
ore creating m u can
on ata from source sites that you have configu
nly migrate da ured, and the migration data-gathering process
must
m have succeessfully gatherred data from these sites.
To
o configure ad
dditional sourcce sites in the active
a source h
hierarchy, perfform the follow
wing steps:
Co
onfiguring Distribution Point Sharing
S
You
u can share Configuration Manager 2007 distribution
d po
oints with Conffiguration Man nager 2012. Thhis
makkes the conten nt that is distrib
buted to Confiiguration Man nager 2007 dis tribution points immediatelyy
avaiilable to the clients in the Coonfiguration Manager
M 2012 hierarchy. By u using this approach, you cann
ensu
ure that the sa ame content re emains availab
ble for clients i n both hierarcchies and ensuure that you caan
maintain this conttent until you stop gathering g data and com mplete the migration.
Disttribution pointt sharing is a siite-wide settin
ng that, when eenabled, configures all eligib ble distribution
n
poinnts in a Config
guration Manager 2007 prim mary site and a ll its secondaryy sites as share
ed distributionn
poinnts. You cannoot select individdual distributioon points to sh
hare when you u enable distribution point
sharring.
Whe
en planning fo
or distribution point sharing,, consider the following prerrequisites:
Distribution points
p must be
e configured with
w a FQDN to
o be eligible fo
or sharing.
Shared distribution points can be upgraded in-place to Configuration Manager 2012 distribution points,
thereby preserving their content. Distribution points can be one of the following:
Stand-alone distribution points, which can be upgraded in place to Configuration Manager 2012
Secondary site servers, which can be converted to stand-alone distribution points in Configuration
Manager 2012
When you no longer have to support clients in your Configuration Manager 2007 environment, you can
upgrade a shared distribution point in your Configuration Manager 2012 hierarchy. When you upgrade
the distribution points in-place, you do not have to re-deploy content to new distribution points.
To upgrade a distribution point, the Configuration Manager 2007 site system server must meet the
following conditions:
The Configuration Manager 2007 site system server must have only the distribution point role
assigned to it. You cannot upgrade a Configuration Manager 2007 distribution point that has any
additional site system roles.
The site system server must have sufficient disk-space for the content to be converted from the
Configuration Manager 2007 content storage format to the single instance store format. This requires
available free space equal to two times the existing data on the distribution point.
The site system server must run an operating system version that is supported as a distribution point
in Configuration Manager 2012.
You can also choose to uninstall the existing distribution points from the Configuration Manager 2007
hierarchy and reuse the same hardware by installing the servers as distribution points in the Configuration
Manager 2012 hierarchy. In this case, you need to redeploy the content to the new distribution points.
MCT USE ONLY. STUDENT USE PROHIBITED
8-26 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
Migrating Se
econdary Sites
S to Disstribution Points
You
u can convert secondary
s sitess in Configurattion Manager 2007 to distrib
bution points in Configuration
Mannager 2012. Thhe conversion process is the same as the d distribution pooint upgrade process, with an
n
add
ditional step to
o uninstall the secondary
s site
e.
The upgrade proccess first uninstalls the Configguration Manaager 2007 seco ondary site, an
nd then waits u
until
the next data gathhering cycle before upgradin ng the distribu
ution point in--place to a Connfiguration
Man nager 2012 disstribution poin he default setttings for the data gathering cycle, the waitt time
nt. If you use th
mayy be up to four hours. This sttep ensures that the secondaary site was su uccessfully unin
nstalled before
e the
distribution point upgrade startts.
Whe
en converting a secondary site to a distrib
bution point, co
onsider the following restricctions:
Before upgrading a second dary site to a distribution poiint, ensure thaat you have uppgraded all exissting
remote distribbution points at
a that site. Affter the second
dary site is uninnstalled during
g the distributtion
point upgrade, the remaining remote distribution poin nts will becomee orphaned an nd will not be
eligible for up
pgrade.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 8-27
Lesson
n4
Migra
ating Objects
Too migrate objeects from Conffiguration Mannager 2007 sitees to Configurration Manage er 2012, you neeed to
crreate migration jobs. You can use these jobs to migrate collections an d associated oobjects or to m
migrate
obbjects by type. You can also choose to miggrate objects tthat were prevviously migrate
ed if they have
e
ch
hanged after migration
m to Configuration Manager
M 2012 .
In
n this lesson, yo
ou will review the steps requ
uired to createe migration job
bs, review the migrated obje
ects, and
usse the migratioon reports.
After completin
ng this lesson, you
y will be able to:
Describe th
he steps used to
t migrate obje
ects by object type.
Review mig
grated objects in the console
e.
Use the mig
gration reports to validate th
he migration.
MCT USE ONLY. STUDENT USE PROHIBITED
8-28 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
Migration Jo
obs
Collection migration
By selecting the collecttion migration option you caan migrate colllections and o
objects that are
e
related to
o selected collections, such as
a advertisemeents and softw
ware packages.
Object migration
By selecting the object migration opttion you can sselect individuaal objects type
es and object
instancess to migrate th
hem.
Migrating
M Collection
C s
Yo
ou can migrate collection de
efinitions and associated objjects, such as p
packages and advertisementts, from
Configuration Manager
M 2007 to Configurattion Manager 22012.
To
o migrate colle
ections, use the Create Migrration Job wizaard and select the following options:
General. Tyype a name fo
or the migration job and seleect the Collectiion migration option.
Select Collections. Selecct individual co
ollections to m
migrate.
Select Objeects. Select pa
ackages, advertisements, and
d other objectss that are asso
ociated with
collections to migrate the
em to Configuuration Manag er 2012.
Content Ownership. Select the Config
guration Mana ger 2012 site tthat will get th
he ownership ffor the
migrated objects content.
Security Sccope. Associatte the migrated
d objects with an existing seecurity scope o
or create a new
w scope.
This helps limit the admin
nistrative perm
missions to thee migrated objeects.
Collection Limiting. You
u can configure e how collectioon limiting setttings from Co
onfiguration
Manager 20007 are transla
ated to inclusio
on rules in Co nfiguration M anager 2012
Site Code Replacement
R . On this page, you can conffigure site cod e replacementt in the collecttion
queries. This is required iff you have queery rules that aare based on tthe Configurattion Manager site
code, becauuse you are migrating to a newn site with a new site codee.
Review Infformation. Yo ou can review the
t objects and
d information about the mig
gration of thosse
objects included in the migration
m job.
Settings. You
Y can run the
e migration job immediatelyy, or schedule it for a later time. Also, you can:
Configure whether previously
p migrrated objects ccan be overwrritten.
Transfe
er the organiza
ation folder strructure for objjects to the deestination site.
Enable programs for deployments after advertiseements are miigrated.
MCT USE ONLY. STUDENT USE PROHIBITED
8-30 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
You
u can migrate objects
o of diffe
erent types fro
om Configurat ion Manager 2
2007 to Config
guration
Man
nager 2012, including:
Boundaries
Software upd
date objects
Operating sysstem deployment objects
Configuration
n baselines
Asset Intellige
ence customizations
To migrate
m objectts by type, use the Create Migration Job w
wizard and seleect the followin
ng options:
Review Information. You can review the objects and information about the migration of the objects
included in the migration job.
Settings. You can run the migration job immediately or schedule it for a later time. You can also
configure whether previously-migrated objects can be overwritten, and whether to transfer the
organization folder structure for objects to the destination site.
Question: Why do you need to associate migrated objects with a security scope?
MCT USE ONLY. STUDENT USE PROHIBITED
8-32 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
De
emonstration: Creating Migrattion Jobs
In th
his demonstration, you will see
s how to mig
grate collectio
ons and migratte objects by ttype.
Dem
monstration
n Steps
Mig
grate collectio
ons and assocciated objectss
On the General
G page, configure the following opt ions:
Nam
me: Collectionss and associatted objects
In th
he Job type bo
ox select Colle
ection migratiion
Selecct Advertisem
ments and clea
ar the ConfigM
Mgr 2007 SP2
2 KB977384 to
o New York
Serv
vers check boxx.
Complete the wizard and choose the default settings. Select the Run the migration job now
option so that the migration job will run automatically after the wizard completes.
3. In the results pane, verify that the status of the migration job is Completed. If necessary, click
Refresh.
2. On the ribbon, click Create Migration Job. The Create Migration Job Wizard starts. Use the
following settings to configure the migration job:
On the Select Objects page, under Object types, select the following types of objects:
Boundaries
Configuration Baselines. In the Included Objects dialog box, confirm the inclusion of
configuration items.
On the Security Scope page, select Default, and then click Next.
Complete the wizard and choose the default settings. Select the Run the migration job now
option so that the migration job will run automatically after the wizard completes.
3. In the results pane, verify that the status of the migration job is Completed. If necessary, click
Refresh.
MCT USE ONLY. STUDENT USE PROHIBITED
8-34 Migratingg from System Centeer Configuration Mannager 2007 to System
m Center 2012 Configguration Manager
Rev
viewing Migrated
M Objects
O
To view
v the progrress of object migration
m for a migration jo b, select a mig
gration job, an
nd then in the
Objjects in Job ta
ab, select the objects
o for which you want to o view the sum mmary informaation.
er migration is performed, th
Afte he administrator can review migrated objeects and their p
properties, and
d
mpare them with the objects in the source site.
com
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manaager 8-35
Viewing
V Migration Reports
Configuration Manager
M 2012 includes several reports for reviewing mig gration jobs, o objects include
ed in
migration
m jobs, objects that fa
ailed to migratte, collections that used coll ection limiting
g, and Configuuration
Manager
M 2007 clients
c exclude ed from the uppgrade to Con nfiguration Ma nager 2012.
Migrating Cllients
You
u can use any supported
s client deployment method to m
migrate clients. When CCMSe etup detects a
Connfiguration Maanager 2007 client on the tarrget computerr, the existing client software
e is uninstalled
d, and
the new client sofftware is installed.
You ects the clientss will use in thee new environ
u need to ensure that all obje nment, such ass collections orr
packages, are alre
eady migrated before migratting the clientss.
Lab: Migratin
M ng from
m System
m Centeer Conffiguratio
on
Mana ager 200
07 to Sy
ystem Center
C 2
2012 Coonfiguraation
Mana ager
La
ab Setup
Fo
or this lab, you
u will use the available
a virtua
al machine envvironment. Beffore you begin
n the lab, you must
co
omplete the fo ollowing steps::
1.. On the host computer, click Start, poin
nt to Administtrative Tools, and then clickk Hyper-V Ma
anager.
User na
ame: Adminisstrator
Passwo
ord: Pa$$w0rd
d
Domain: Contoso
La
ab Scenario
o
Yoou are the network administtrator for Conttoso, Ltd. Conttoso has Configuration Manager 2007 and
d
Syystem Center 2012
2 Configurration Manage er, both deployyed as stand-aalone primary ssites.
Yo
ou need to perform the mig
gration of Conffiguration Man
nager objects by:
1.. Configuring
g the source hierarchy.
2. In the ConfigMgr Console, under Site Database, select the Site Management node, and verify that
version of the site is 4.00.6487.2000 which means the site is running Configuration Manager 2007
Service Pack 2.
3. Under Site Database, Site Management, CM7-New York Configuration Manager 2007, Site
Settings, select the Boundaries node, and then review the Properties of the existing IP subnet
boundary.
4. Under Computer Management, Collections, access the Properties of the Contoso Servers
collection.
5. In the Contoso Servers Properties dialog box, at Membership Rules, observe that there are no
membership rules defined.
Note Contoso Servers collection does not have any members and serves as a container for
the other two collections.
6. Under Contoso Servers, access the Properties of the New York Servers collection.
7. Review the Membership rules for the New York Servers collection, and then examine the query
used to determine the membership of the collection.
Note New York Servers collection uses a query rule to include all computers with a name
starting with NYC.
8. Under Contoso Servers, access the Properties of the ConfigMgr Servers collection.
9. Review the Membership rules for the ConfigMgr Servers collection, and then observe the direct
membership rule created for NYC-CM7.
Note The ConfigMgr Servers collection uses a direct membership rule to include NYC-
CM7 as a member.
11. Access the Properties of the ConfigMgr 2007 Toolkit V2 package, and then review its settings.
Note that this is an MSI package.
12. Access the Properties of the Excel Viewer package, and then review its settings. Note that this is an
App-V package.
14. Under Asset Intelligence, Customize Catalog, select the Software Categories node, and then
review the Contoso Software custom category.
15. Under the Software Families node, review the Contoso LOB Applications custom family.
16. Under the Custom Labels node, review the Contoso Application custom label.
17. Under Desired Configuration Management, select the Configuration Items node.
18. Access the Properties of the Windows Firewall Enabled configuration item, review the properties,
and then at the Settings tab, review the settings of the configuration item. Note that this
configuration item is using a WQL query to check the status of the Windows Firewall.
19. Under the Configuration Baselines node, access the Properties of the Contoso Security Policy
Validation baseline, and then review the settings.
2. In the Configuration Manager console, in the Administration workspace, under the Migration node,
select the Source Hierarchy node, and then on the ribbon, click Specify Source Hierarchy.
3. In the Specify Source Hierarchy dialog box, use the following settings to configure the source
hierarchy:
In the Top-level Configuration Manager 2007 site server box, type NYC-CM7.Contoso.com.
Under Specify the Source Site Account to use to access the SMS Provider for the source site
server. This account required Read permissions to all source site objects, verify that User
Account is selected, and then click the Set button to configure a new account with the following
information:
Click Verify and Test connection to validate the credentials and connection to source site.
Under Specify the Source Site Database Account to use to access the SQL Server for the
source site server. This account requires Read and Execute permissions to the source site
database, verify that Use the same account as the Source Site SMS Provider Account is
selected.
4. After you have configured the source hierarchy, the Data Gathering Status process starts. Wait for
the data collection to complete, and then click Close.
5. Under the Source Hierarchy node, select the CM7 source site, and then in the ribbon, click
Properties.
MCT USE ONLY. STUDENT USE PROHIBITED
8-40 Migrating from System Center Configuration Manager 2007 to System Center 2012 Configuration Manager
6. In the NYC-CM7.contoso.com Properties window, notice that the Data gathering interval setting is
set to 4 hours.
7. In the preview pane, click the Shared Distribution Points tab, and, on the ribbon, click Share
Distribution Points.
8. In the Share Distribution Points dialog box, select Enable distribution point sharing for this
Configuration Manager 2007 site server.
9. In the Data Gathering Status dialog box, wait for the data collection to complete.
10. On the ribbon, click Refresh, and then on the Shared Distribution Points tab, verify that
\\NYC-CM7.CONTOSO.COM appears.
Note By configuring the Shared Distribution Points option, both the Configuration
Manager 2007 clients and Configuration Manager 2012 clients will have access to the
packages during migration.
Results: At the end of this exercise, you should have reviewed the configuration of the Configuration
Manager 2007 site and configured the source hierarchy in Configuration Manager 2012.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 8-41
Select Advertisements, and then clear the ConfigMgr 2007 SP2 KB977384 to New York
Servers check box.
Select Software Distribution Packages, and then clear the KB977384 --- Advanced Client
Hotfix --- CM7 check box.
Select Virtual Application Packages, verify that Excel Viewer is selected, and then click
Next.
Continue the wizard and choose the default settings, and then on the Settings page, select the
Run the migration job now option.
3. In the results pane, verify that the status of the migration job is Completed. If necessary, click
Refresh.
MCT USE ONLY. STUDENT USE PROHIBITED
8-42 Migrating from System Center Configuration Manager 2007 to System Center 2012 Configuration Manager
2. In the Assets and Compliance workspace, under Device Collections, select the Contoso Servers
node, and then observe the migrated ConfigMgr Servers and New York Servers collection. If you
do not see the Contoso Servers folder, select the Overview node and then press F5 on your
keyboard to refresh the navigation pane.
3. Access the Properties of the New York Servers collection, and then review the Membership rules.
4. In the Software Library workspace, under Application Management, select the Packages node.
5. Select the migrated ConfigMgr 2007 Toolkit V2 package, and then in the preview pane, review the
information in the Deployments tab.
6. Under the Applications node, select the migrated Excel Viewer virtual application package, and
then in the preview pane, review the information in the Deployment Types tab.
2. On the ribbon, click Create Migration Job. The Create Migration Job Wizard starts. Use the
following settings to configure the migration job:
On the General page, configure the following options:
Name: Migrate objects by type
Description (optional): Migration of specific objects
In the Job type box select Object migration
On the Select Objects page, under Object types, select the following types of objects:
Boundaries
Configuration Baselines. In the Included Objects dialog box, confirm the inclusion of
configuration items.
On the Security Scope page, select Default, and then click Next.
Continue the wizard choosing the default settings, and then on the Settings page, select the Run
the migration job now option.
3. In the results pane, verify that the status of the migration job is Completed. If necessary, select the
Migrate objects by type object, and then click Refresh.
2. Under the Compliance Settings node, select the Configuration Items node, and then review the
migrated configuration items.
MCT USE ONLY. STUDENT USE PROHIBITED
10748A: Deploying System Center 2012 Configuration Manager 8-43
3. Select the Configuration Baselines node, and then review the migrated baseline.
4. In the Administration workspace, under the Hierarchy Configuration node, select the Boundaries
node, and then review the migrated boundary.
5. Select the Boundary Groups node, and then review the boundary groups created for the
Configuration Manager 2007 site and for the distribution points.
3. From the results pane, run the Migration Job properties report.
4. In the report window, select the first migration job as a parameter, and then click View Report.
Review the results, and then close the report window.
5. Close the Migration Job properties window.
6. In the results pane, run the Migration jobs report. Review the results, and then close the report
window.
2. In the results pane select CM7, and then, on the ribbon, click Stop Gathering Data. Click Yes the
Configuration Manager dialog box.
3. In the results pane verify that CM7 has the status Have not gathered data, and then, on the ribbon,
click Clean Up Migration Data.
4. In the Clean Up Migration Data dialog box, verify that in the Source hierarchy box appears CM7
(NYC-CM7.contoso.com) and then click OK. Click Yes in the Configuration Manager dialog box.
5. In the results pane, note that source hierarchy has been removed.
Results: At the end of this exercise, you should have created migration jobs, performed object migration,
and viewed the migration reports.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-B, and then click Revert.
Modulle Revie
ew and Takeaw
ways
Rev
view Questiions
1. What are the restrictions fo
or migrating co
ollections?
Coursse Evalu
uation
Yo
our evaluation
n of this course
e will help Microsoft understtand the qualitty of your learning experience.
Microsoft
M will ke
eep your answ nd confidentiall and will use yyour responsess to
wers to this surrvey private an
im
mprove your fu uture learning experience. Yo our open and honest feedbaack is valuable e and appreciaated.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L2-1
X Task 2: Verify the installation of Web Server (IIS) and related role services
In the results pane of the Server Manager console, in the Roles pane, scroll to the Web Server (IIS)
section, and then verify that the following features are installed:
ASP.NET
Windows Authentication
X Task 4: Verify that .NET Framework 4.0 and SQL Server 2008 R2 are installed
1. Click Start, and then click Control Panel.
2. In the Control Panel window, click View by: Large Icons.
3. Click Programs and Features.
4. Verify that Microsoft .NET Framework 4 Extended and Microsoft SQL Server 2008 R2 (64-bit)
are installed.
5. Close the Programs and Features window.
Results: After this exercise, you should have validated the prerequisites for installing System Center 2012
Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-2 Module 2: Planning and Deploying a Stand-Alone Environment
2. Double-click extadsch.exe.
3. Browse to the drive C, open the ExtADSch.log file created in the root of drive C, and then verify the
success of the operation by observing the classes and attributes added to AD DS and the message
that confirms the successful extension of the schema.
6. In the ADSI Edit console, right-click ADSI Edit, and then click Connect to.
7. In the Connection Settings dialog box, accept the defaults, and then click OK.
8. In the ADSI Edit console tree, expand Default naming context, expand the
DC=CONTOSO,DC=COM container, right-click the CN=System container, click New, and then click
Object.
9. In the Create Object page, select container, and then click Next.
10. In the Create Object page, in the Value text box, type System Management, click Next, and then
click Finish.
11. In the ADSI Edit console, click the CN=System container, verify that CN=System Management
container appears in the results pane, and then close the console.
X Task 3: Assign Full Control permissions for the System Management container to
the site server
1. On NYC-DC1, click Start, click Administrative Tools, click Active Directory Users and Computers
console, and then from the View menu, select Advanced Features.
2. In the navigation pane, expand Contoso.com, expand the System container, right-click the System
Management container, and then select Properties.
3. In the System Management Properties dialog box, select the Security tab, and then click Add.
4. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Object Types.
5. In the Object Types dialog box, select Computers, and then click OK.
6. In the Select Users, Computers, Service Accounts, or Groups dialog box, in the Enter the object
names to select text box, type NYC-CFG, click Check Names, and then click OK.
7. In the System Management Properties dialog box, select NYC-CFG (Contoso\NYC-CFG$), and in
the Allow column, select the Full Control permission check box (all checkboxes are selected), and
then click Advanced.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab A: Installing a Configuration Manager Primary Site L2-3
8. In the Advanced Security Settings for System Management dialog box, select
NYC-CFG (Contoso\NYC-CFG$) from the permission entry list, and then click Edit.
9. In the Permission Entry for System Management dialog box, in the Apply to dropdown list, select
This object and all descendant objects, and then click OK.
10. In the Advanced Security Settings for System Management dialog box, click OK.
Note After the installation, the Configuration Manager 2012 site server publishes
information in this container to enable clients to determine the assigned site and locate the
management point.
Results: At the end of this exercise, you should have extended the Active Directory schema, created the
System Management container, and assigned permissions to the Configuration Manager server.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-4 Module 2: Planning and Deploying a Stand-Alone Environment
3. Double-click splash.hta.
X Task 2: Run Installation Prerequisite Check and verify that the prerequisites are met
for the installation
1. In the System Center 2012 Configuration Manager Setup screen, click Assess server readiness.
2. Installation Prerequisite Check starts and evaluates the server for installed prerequisites.
3. In the Installation Prerequisite Check window, verify that there are no errors (you may receive several
warnings), and then click OK.
X Task 3: Run the System Center 2012 Configuration Manager Setup Wizard and select
the option to install a Configuration Manager 2012 stand-alone primary site
1. In the System Center 2012 Configuration Manager Setup screen, click Install.
2. The Microsoft System Center 2012 Configuration Manager Setup Wizard starts. On the Before
You Begin page, click Next.
3. On the Getting Started page, under Available Setup Options, select Install a Configuration
Manager primary site, and then click Next.
4. On the Product Key page, select Install this product as an evaluation, and then click Next.
5. On the Microsoft Software License Terms page, select the I accept these license terms check box,
and then click Next.
6. On the Prerequisite Licenses page, under Microsoft SQL Server 2008 R2 Express, select I accept
these License Terms, under Microsoft SQL Server 2008 Native Client, select I accept these
License Terms, under Microsoft Silverlight 4, select I accept these License Terms and automatic
updates of Silverlight, and then click Next.
7. On the Prerequisite Downloads page, select Use previously downloaded files, and then click
Browse.
8. In the Browse For Folder dialog box, select the E:\ConfigMgr2012\Redist folder, and then click OK.
9. On the Prerequisite Downloads page, click Next.
10. In the Configuration Manager Setup Downloader dialog box, wait for the prerequisite validation to
finish.
13. On the Site and Installation Settings page, type the following information, and then click Next.
14. On the Primary Site Installation page, select Install the primary site as a stand-alone site, and
then click Next.
16. On the Database Information page, verify that the SQL server name is NYC-CFG.Contoso.com and
the database name is CM_NYC, and then click Next.
17. On the SMS Provider Settings page, verify that the server name is NYC-CFG.Contoso.com, and
then click Next.
18. On the Client Computer Communication Settings page, select Configure the communication
method on each site system role, and then click Next.
19. On the Site System Roles page, verify that both Install a management point, and Install a
distribution point check boxes are selected, verify that that NYC-CFG.Contoso.com appears in both
FDQN text boxes, and then click Next.
20. On the Customer Experience Improvement Program Configuration page, select I dont want to
join the program at this time, and then click Next.
21. On the Settings Summary page, review your selected settings, and then click Next.
22. On the Prerequisite Check page, wait until Prerequisite Check validates the server readiness to host
the selected roles, and then click Begin Install.
23. In the Install window, wait for the installation to finish, and then click Close.
24. In the System Center 2012 Configuration Manager Setup screen, click Exit.
Results: At the end of this exercise, you should have installed System Center 2012 Configuration Manager
in a stand-alone primary site.
3. In the navigation pane, expand System Status, and then click Site Status.
X Task 2: View the status messages related to the Configuration Manager 2012
installation
1. In the navigation pane, click Site Status.
4. In the Status Messages: Set Viewing Period dialog box, verify that in the Select date and time
drop list, 1 day ago is selected, and then click OK. Configuration Manager Status Message Viewer
opens.
5. Double-click on any message, and then in the Status Message Details dialog box, review the details
of the status message. Use the Next and Previous buttons to view additional status messages.
6. Click OK to close the Status Message Details dialog box.
2. In the root folder, double-click the ConfigMgrPrereq.log file. Review the file and note any errors or
warnings reported by Prerequisite Checker.
3. Close Notepad.
4. In the root folder, double-click the ConfigMgrSetup.log file. Review the file and note any errors or
warnings reported by Setup.
Results: At the end of this exercise, you should have validated the installation of System Center 2012
Configuration Manager.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-8 Module 2: Planning and Deploying a Stand-Alone Environment
2. In the Active Directory Sites and Services console tree, expand the Sites folder, and then select
Default-First-Site-Name.
6. In the New Object --- Subnet dialog box, in the Prefix text box, type 10.10.0.0/24.
7. In the Select a site object for this prefix list, select the NewYork site, and then click OK.
X Task 2: Configure Active Directory Forest Discovery to create a new boundary from
the Active Directory site
1. On NYC-CFG, in the Configuration Manager console, select the Administration workspace.
2. In the navigation pane, expand Hierarchy Configuration, and then select Discovery Methods.
3. In the results pane, select the Active Directory Forest Discovery, and then on the ribbon, click
Properties.
4. In the Active Directory Forest Discovery Properties dialog box, select Enable Active Directory
Forest Discovery, select the Automatically create Active Directory site boundaries when they
are discovered check boxes, and then click OK.
5. In the Configuration Manager dialog box, click Yes to initiate full discovery.
7. In the results pane, select Contoso.com, and then on the ribbon, click Properties.
8. In the Contoso.com Properties dialog box, review the settings, and then click the Publishing tab.
9. On the Publishing tab, review the settings, and then click Cancel.
12. In the NewYork Properties dialog box, review the settings, and then click Cancel.
3. In the Create Boundary Group dialog box, on the General tab, in the Name text box, type New
York Clients, and then click Add.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab B: Performing Post-Setup Configuration Tasks L2-9
4. In the Add Boundaries dialog box, select the NewYork boundary, and then click OK.
5. In the Create Boundary Group dialog box, click the References tab, and then select the Use this
boundary group for site assignment check box.
7. In the Add Site Systems dialog box, select the \\NYC-CFG.Contoso.com check box, and then
click OK.
X Task 4: Install additional site system roles: Fallback Status Point and Reporting
Services Point
1. In the Configuration Manager console, in the navigation pane, expand Site Configuration, and then
click Servers and Site System Roles.
2. In the results pane, select \\NYC-CFG.Contoso.com, and on the ribbon, select the Home tab, and
then click Add Site System Roles.
3. The Add Site System Roles Wizard starts. On the General page, verify that the Name for the site
server is NYC-CFG.Contoso.com, and then click Next.
4. On the System Role Selection page, select Fallback status point and Reporting services point,
and then click Next.
5. On the Fallback Status Point page, review the settings, and then click Next.
6. On the Reporting Services Point page, verify that the Site database server name is
NYC-CFG.contoso.com and the Database name is CM_NYC, and then click Verify. Wait for the
message Successfully verified to appear.
7. Click the Set button next to User name, and then click New Account.
8. In the Windows User Account dialog box, specify the following credentials, and then click OK:
Password: Pa$$w0rd
10. On the Summary page, review the settings, and then click Next.
2. In the preview pane, right-click the Management point, and then click Properties.
3. In the Management point Properties dialog box, review the settings, select the Generate alert
when the management point is not healthy check box, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-10 Module 2: Planning and Deploying a Stand-Alone Environment
4. In the Site System Roles pane, right-click the Distribution point, and then click Properties.
5. In the Distribution point Properties dialog box, review the settings on each of the following tabs:
General
PXE
Multicast
Content Validation
6. In the Distribution point Properties window, click the Boundary Groups tab, verify that the New
York Clients boundary group you have created previously appears in the list, and then click Cancel.
Note The association between the distribution point and the boundary group was created
when you added the site system to the boundary group in a previous task.
Results: At the end of this exercise, you should have performed the initial configuration of a System
Center 2012 Configuration Manager stand-alone primary site.
2. In the navigation pane, expand Contoso.com, and then select the Users container.
3. Right-click the Users container, point to New, and then click Group.
4. In the New Object --- Group dialog box, in the Group name box, type Configuration Manager IIS
Servers, and then click OK.
5. Double-click Configuration Manager IIS Servers.
6. In the Configuration Manager IIS Servers Properties dialog box, on the Members tab, click Add.
7. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, click Object
Types, and in the Object Types dialog box, select the Computers check box, and then click OK.
8. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, in the Enter
the object names to select box, type NYC-CFG, click Check Names, and then click OK.
9. In the Configuration Manager IIS Servers Properties dialog box, click OK.
2. In the Certification Authority console, expand ContosoCA, and then click Certificate Templates.
3. Right-click the Certificate Templates folder, and then click Manage. The Certificate Templates
Console opens.
4. In the results pane, right-click Web Server, and then click Duplicate Template.
5. In the Duplicate Template dialog box, ensure that the Windows Server 2003 Enterprise option is
selected, and then click OK.
6. In the Properties of New Template dialog box, on the General tab, in the Template display name
box, type Configuration Manager Web Server Certificate.
7. Click the Subject Name tab, and then ensure that the Supply in the request option is selected.
8. On the Security tab, under Group or user names, click Domain Admins, and under Permissions
for Domain Admins, clear the Enroll check box, click Enterprise Admins, and then clear the Enroll
check box.
9. On the Security tab, click Add. In the Select Users, Computers, Service Accounts or Groups dialog
box, in the Enter the object names to select box, type Configuration Manager IIS Servers, click
Check Names and then click OK.
10. Click Configuration Manager IIS Servers, select the Enroll check box, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-12 Module 2: Planning and Deploying a Stand-Alone Environment
2. In the Duplicate Template dialog box, ensure that the Windows Server 2003 Enterprise option is
selected, and then click OK.
3. In the Properties of New Template dialog box, on the General tab, in the Template display name
box, type Configuration Manager Client Certificate.
4. On the Security tab, click Domain Computers, select the Read check box, select the Autoenroll
check box, and then click OK. Do not clear the Enroll check box.
2. In the Duplicate Template dialog box, ensure that the Windows Server 2003 Enterprise option is
selected, and then click OK.
3. In the Properties of New Template dialog box, on the General tab, in the Template display name
box, type Configuration Manager Client Distribution Point Certificate.
5. On the Security tab, under Group or user names, click Domain Admins, and under Permissions
for Domain Admins, clear the Enroll check box, click Enterprise Admins, and then clear the Enroll
check box.
6. On the Security tab, click Add, and in the Select Users, Computers, Service Accounts or Groups
dialog box, in the Enter the object names to select box, type Configuration Manager IIS Servers,
click Check Names, and then click OK.
7. Click Configuration Manager IIS Servers, select the Enroll check box, and then click OK. Do not
clear the Read permission.
2. In the Duplicate Template dialog box, ensure that the Windows Server 2003 Enterprise option is
selected, and then click OK.
3. In the Properties of New Template dialog box, on the General tab, in the Template display name
box, type Configuration Manager Mobile Device Certificate.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab C: Configuring PKI for Configuration Manager L2-13
4. Click the Subject Name tab, and then ensure that the Build from this Active Directory
information option is selected.
5. In the Subject name format list, select Common name, and under Include this information in
alternate subject name, clear the User principal name (UPN) check box, and then click OK.
2. Right-click the Certificate Templates folder, point to New, and then click Certificate Template to
Issue.
3. In the Enable Certificate Templates dialog box, click Configuration Manager Client Certificate,
keep the Ctrl key pressed, and then click Configuration Manager Client Distribution Point
Certificate, Configuration Manager Mobile Device Certificate, and Configuration Manager Web
Server Certificate.
4. In the Enable Certificate Templates dialog box, click OK, and then close the Certification Authority
console.
Results: After this exercise, you should have created a group for the Configuration Manager servers and
created the templates for Configuration Manager certificates.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-14 Module 2: Planning and Deploying a Stand-Alone Environment
3. In the New GPO dialog box, in the Name box, type Enable Autoenrollment of Certificates and
then click OK.
6. Right-click Certificate Services Client --- Auto-enrollment and then click Properties.
7. In the Configuration Model list, select Enabled, select the Renew expired certificates, update
pending certificates, and remove revoked certificates check box, select the Update certificates
that use certificate templates check box, and then click OK.
8. Close the Group Policy Management Editor window and the Group Policy Management console.
2. In the Shut Down Windows dialog box, under Option, select Operating System: Reconfiguration
(Planned), and then click OK.
3. Wait for the virtual machine to restart and then logon as domain Administrator.
4. On NYC-CFG, click Start, click Run, and in the Open box, type mmc.exe and then click OK.
5. In the Console 1 - [Console Root] console, click File, and then click Add/Remove Snap-in.
6. In the Add or Remove Snap-ins dialog box, in the Available snap-ins list, click Certificates, and
then click Add.
7. In the Certificates snap-in wizard, click Computer account, and then click Next.
8. In the Select Computer dialog box, ensure that the Local computer: (the computer this console is
running on) option is selected, and then click Finish.
10. In the Console 1 - [Console Root] console, expand Certificates (Local Computer), and then click
Personal.
11. Under Object Type, right-click Certificates, point to All Tasks, and then click Request New
Certificate.
12. In the Certificate Enrollment Wizard, on the Before You Begin page, click Next.
14. On the Request Certificates page, select the Configuration Manager Web Server Certificate
check box, and then click the More information is required to enroll for this certificate. Click
here to configure settings link.
15. In the Certificate Properties dialog box, on the Subject tab, under the Alternative name area, in
the Type list, select DNS.
16. In the Value box, type NYC-CFG.Contoso.com and then click Add.
17. Click the General tab, in the Friendly name box, type Configuration Manager Web Services and
then click OK.
19. On the Certificates Installation Results page, wait until the certificate is installed, and then click
Finish.
2. Under Object Type, right-click Certificates, point to All Tasks and then click Request New
Certificate.
3. In the Certificate Enrollment Wizard, on the Before You Begin page, click Next.
5. On the Request Certificates page, select the Configuration Manager Client Distribution Point
Certificate check box, and then click Enroll.
6. On the Certificates Installation Results page, wait until the certificate is installed, and then click
Finish.
7. In the Console 1 - [Console Root] console, expand Personal, and then click Certificates.
8. In the results pane, right-click the certificate that has Configuration Manager Client Distribution
Point Certificate on the Certificate Template column, point to All Tasks, and then select Export.
The Certificate Export Wizard opens.
9. On the Welcome to the Certificate Export Wizard page, click Next.
10. On the Export Private Key page, select Yes, export the private key, and then click Next.
11. On the Export File Format page, ensure Personal Information Exchange --- PKCS #12 (.PFX)
option is selected, and then click Next.
12. On the Password page, type Pa$$w0rd in both Password and Type and confirm password
(mandatory) text boxes, and then click Next.
13. On the File to Export page, in the File name text box, type C:\ConfigMgrClientDPCertificate.pfx
and then click Next.
14. On the Completing the Certificate Export Wizard page, click Finish.
15. In the Certificate Export Wizard dialog box, click OK.
16. Close the Console 1 --- [Console Root] console, and in the Microsoft Management Console dialog
box, click No.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-16 Module 2: Planning and Deploying a Stand-Alone Environment
2. Expand NYC-CFG (CONTOSO\Administrator), expand Sites, right-click Default Web Site, and then
click Edit Bindings.
3. In the Site Bindings dialog box, click https, and then click Edit.
4. In the Edit Site Binding dialog box, in the SSL certificate list, select Configuration Manager Web
Services, and then click OK.
3. In the navigation pane expand Site Configuration, and then click Servers and Site System Roles.
4. In the results pane, click \\NYC-CFG.contoso.com, and in the preview pane, right-click Site system,
and then click Properties.
5. In the Site system Properties dialog box, select Specify an FQDN for this site system for use on
the Internet.
6. In the Internet FQDN text box, type NYC-CFG.contoso.com and then click OK.
7. In the preview pane, right-click Distribution point and then click Properties.
8. In the Distribution point Properties dialog box, on the General tab, select Import certificate, and
then click Browse.
9. In the Open dialog box, browse to select the C:\ConfigMgrClientDPCertificate.pfx certificate file,
and then click Open.
10. On the General tab, in the Password text box, type Pa$$w0rd.
11. On the General tab, click HTTPS, and then under Requires computers to have a valid PKI client
certificate, select Allow intranet and Internet connections, and then click OK.
12. In the preview pane, click Management point, and then click Properties.
13. In the Management point Properties dialog box, on the General tab, click HTTPS, and then under
This option requires client computers to have a valid PKI client certificate for client
authentication, select Allow intranet and Internet connections.
14. Select the Allow mobile devices to use this management point check box, and then click OK.
Results: After this exercise, you should have issued the Configuration Manager certificates and configured
HTTPS communication for Configuration Manager roles.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab C: Configuring PKI for Configuration Manager L2-17
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-A and then click Revert.
3. In the navigation pane, expand the Security node, and then click Security Roles.
4. Review the list of roles available in the results pane. Note that there are 14 built-in roles.
6. Review the list of scopes available in the results pane. Note there are two built-in scopes: All and
Default.
8. In the results pane, select CONTOSO\Administrator and review the information presented in the
preview pane. By default, the user who performed the Configuration Manager setup is assigned the
Full Administrator role, the All security scope, and the All Systems and All Users and User Groups
collections.
2. In the results pane, select Application Administrator, and then, on the ribbon, click Properties.
3. In the Application Administrator Properties dialog box, on the General tab, examine the role
description.
4. Click the Administrative Users tab and note there are no users associated with this role. In addition,
note that you cannot add users from this property window.
5. Click the Permissions tab, and then examine the permissions associated with this role. Expand each
category, and then review the individual permissions. Note that you cannot modify the permissions
for built-in roles.
Results: At the end of this exercise, you will have reviewed the built-in roles, including their associated
permissions, and the built-in security scopes.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-20 Module 3: Planning and Configuring Role-Based Administration
2. In the Active Directory Users and Computers console, expand Contoso.com, right-click the Users
container, point to New, and then select User.
3. In the New Object --- User dialog box, in both the First name and User logon name text boxes, type
NewYorkAdmin and then click Next.
4. In the New Object --- User dialog box, in both the Password and Confirm password text boxes, type
Pa$$w0rd, clear the User must change password at next logon box, and then click Next.
7. In the New Object --- Group dialog box, in the Group name text box, type New York Application
Admins as the group name, and then click OK.
8. Click the Users container, and then in the details pane, right-click the newly created New York
Application Admins group, and then click Properties.
9. In the New York Application Admins Properties dialog box, click the Members tab, and then click
Add.
10. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, in the Enter
the object names to select field, type NewYorkAdmin, click Check Names, and then click OK.
11. In the New York Application Admins Properties dialog box, click OK.
X Task 2: Create a custom scope for the New York application administrators
1. On NYC-CFG, in the Configuration Manager console, verify that you are still in the Administration
workspace.
2. In the navigation pane, expand the Security node, and then click Security Scopes.
3. On the ribbon, click Create Security Scope.
4. In the Create Security Scope dialog box, in the Security scope name text box, type New York and
then click OK.
5. In the Configuration Manager console, in the navigation pane, click Distribution Points.
6. In the results pane, select \\NYC-CFG.Contoso.com, and then on the ribbon, click Set Security
Scopes.
7. In the Set Security Scopes dialog box, leave the Default scope selected, select New York, and then
click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Planning and Configuring Role-Based Administration L3-21
2. In the navigation pane, expand the Overview node, and then click Device Collections.
3. On the ribbon, click Create Device Collection. The Create Device Collection Wizard starts.
4. On the General page, in the Name box, type New York Servers, and then next to Limiting
collection, click Browse.
5. In the Select Collection dialog box, select All Systems, and then click OK.
7. On the Membership Rules page, click Add Rule, and then click Direct Rule. The Create Direct
Membership Rule Wizard starts.
9. On the Search for Resources page in the Resource class list, verify that System Resource is
selected, and in the Value text box, type NYC%, and then click Next.
10. On the Select Resources page, select NYC-CFG, and then click Next.
13. In the Create Device Collection Wizard, on the Membership Rules page, verify that NYC-CFG was
added to the list, and then click Next.
14. On the Summary page, click Next.
3. In the results pane, select Application Administrator, and then on the ribbon, click Copy.
4. In the Copy Security Role dialog box, in the Name text box, type Application and Update
Administrator
5. In the Copy Security Role dialog box, in the Customize the permissions for this copy of the
security role area, in the Permissions box, configure the following permissions by expanding each
permission group and selecting Yes next to each individual permission:
X Task 5: Add a new group of administrative users, and assign a custom role and a
custom scope
1. In the Configuration Manager console, in the navigation pane, under the Security node, click
Administrative Users.
3. In the Add User or Group dialog box, next to User or group name, click Browse.
4. In the Select User, Computer, or Group dialog box, in the Enter the object name to select text
box, type New York Application Admins, click Check Names, and then click OK.
5. In the Add User or Group dialog box next to the Assigned security roles list box, click Add.
6. In the Add Security Role dialog box, select the Application and Update Administrator role, and
then click OK.
7. In the Add User or Group dialog box, under Assigned security scopes and collections, verify that
the Only the instances of objects that are assigned to the specified scopes or collections option
is selected. In the list box, select each collection and security scope, and then click Remove.
8. In the Add User or Group dialog box, in the Security scopes and collections area, click Add, and
then click Security Scope.
9. In the Add Security Scope dialog box, select New York, and then click OK.
10. In the Add User or Group dialog box, in the Security scopes and collections area, click Add, and
then select Collection.
11. In the Select Collections dialog box, select Device Collections, select New York Servers, and then
click OK.
Note The users added to the New York Application Admins group will have access to only
the Configuration Manager objects associated with the New York scope and resources in
the New York Servers collection.
Results: At the end of this exercise, you will have created a custom security scope, a custom collection,
and a custom security role.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Planning and Configuring Role-Based Administration L3-23
2. In the Windows Security dialog box, in the Username box, type NewYorkAdmin and in the
Password box, type Pa$$w0rd, and then click OK.
2. In the navigation pane, under the Overview node, click Device Collections.
3. In the results pane, verify that you can see only the New York Servers collection.
4. In the navigation pane, click on the Devices node.
5. In the results pane, verify that you can see only the resources associated to your collection.
7. In the navigation pane, under the Overview node, click Distribution Points.
8. In the results pane, verify that you can see the \\NYC-CFG.Contoso.com server.
Results: At the end of this exercise, you will have tested the new role permissions.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-B, and then click Revert.
2. Double-click extadsch.exe.
3. Browse to the drive C, open the ExtADSch.log file created in the root of drive C, and then verify the
success of the operation by observing the classes and attributes added to AD DS and the message
that confirms the successful extension of the schema.
3. In the Connection Settings dialog box, accept the defaults, and then click OK.
4. In the ADSI Edit console tree, expand Default naming context, expand DC=CONTOSO,DC=COM
container, right-click the CN=System container, click New, and then click Object.
5. On the Create Object page, select container, and then click Next.
6. In the Create Object page, in the Value text box, type System Management, and then click Next.
8. In the ADSI Edit console, click the CN=System container, verify that CN=System Management
container appears in the results pane, and then close the console.
X Task 3: Create a group for the Configuration Manager servers in Active Directory
Users and Computers
1. Click Start, click Administrative Tools, and then click Active Directory Users and Computers.
2. In the navigation pane, expand Contoso.com, and then select the Users container.
3. Right-click the Users container, point to New, and then click Group.
4. In the New Object --- Group dialog box, in the Group name text box, type ConfigMgrServers as the
group name, and then click OK.
5. In the details pane, right-click the ConfigMgrServers group, and then click Properties.
6. In the ConfigMgrServers Properties dialog box, select the Members tab, and then click Add.
7. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, click Object
Types.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-26 Module 4: Planning and Deploying a Multiple-Site Hierarchy
8. In the Object Types dialog box, select Computers, and then click OK.
9. In the Select Users, Contacts, Computers, Service Accounts, or Groups dialog box, in the Enter
the object names to select text box, type NYC-CAS; NYC-CFG; LON-CFG; TOR-CFG, click Check
Names, and then click OK.
X Task 4: Assign Full Control permissions for the System Management container to
the group
1. In the Active Directory Users and Computers console, click View, and then select Advanced
Features.
2. In the navigation pane, expand the System container, right-click the System Management
container, and then select Properties.
3. In the System Management Properties dialog box, select the Security tab, and then click Add.
4. In the Select Users, Computers, Service Accounts, or Groups dialog box, in the Enter the object
names to select text box, type ConfigMgrServers, click Check Names, and then click OK.
6. In the Advanced Security Settings for System Management dialog box, select ConfigMgrServers
from the permission entry list, and then click Edit.
7. In the Permission Entry for System Management dialog box, in the Apply to dropdown list, select
This object and all descendant objects, and then click OK.
8. In the Advanced Security Settings for System Management dialog box, click OK.
Note After the installation, Configuration Manager 2012 site servers publish information
in the System Management container to enable clients to determine the assigned site and
locate the management point.
Results: At the end of this exercise, you should have extended the Active Directory schema, created the
System Management container, and assigned permissions to the group of Configuration Manager servers.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab A: Installing a Central Administration Site L4-27
3. Double-click splash.hta.
X Task 2: Run Installation Prerequisite Check and verify that the prerequisites are met
1. In the System Center 2012 Configuration Manager Setup screen, select Assess server readiness.
2. Prerequisite Checker starts and evaluates the server for installed prerequisites.
3. In the Installation Prerequisite Check window, verify that there are no errors (you may receive several
warnings), and then click OK.
X Task 3: Run Setup to install a Configuration Manager 2012 central administration site
1. In the System Center 2012 Configuration Manager Setup screen, click Install.
2. The Microsoft System Center 2012 Configuration Manager Setup Wizard starts. On the Before
You Begin page, click Next.
3. On the Getting Started page, at Available Setup Options, select Install a Configuration Manager
central administration site, and then click Next.
4. On the Product Key page, select Install this product as an evaluation, and then click Next.
5. On the Microsoft Software License Terms page, select I accept these license terms, and then click
Next.
6. On the Prerequisite Licenses page, under Microsoft SQL Server 2008 R2 Express, select I accept
these License Terms, under Microsoft SQL Server 2008 Native Client, select I accept these
License Terms, under Microsoft Silverlight 4, select I accept these License Terms and automatic
updates of Silverlight, and then click Next.
7. On the Prerequisite Downloads page, select Use previously downloaded files, and then click
Browse.
8. In the Browse For Folder window, select the E:\ConfigMgr2012\Redist, and then click OK.
9. On the Prerequisite Downloads page, click Next. Configuration Manager Setup Downloader
starts to verify the prerequisites. Wait for the operation to finish.
12. On the Site and Installation Settings page, configure the following options, and then click Next.
Site code: CAS
13. On the Database Information page, verify that the SQL server name is NYC-CAS.Contoso.com and
that the database name is CM_CAS, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-28 Module 4: Planning and Deploying a Multiple-Site Hierarchy
14. On the SMS Provider Settings page, verify that the server name is NYC-CAS.Contoso.com, and
then click Next.
15. On the Customer Experience Improvement Program Configuration page, select I dont want to
join the program at this time, and then click Next.
16. On the Settings Summary page, review your selected settings, and then click Next.
17. On the Prerequisite Check page, wait for the prerequisite checking to finish, and then click Begin
Install.
18. On the Install page, wait for the installation to complete, and then click Close.
19. In the System Center 2012 Configuration Manager Setup screen, click Exit. Close Windows
Explorer.
Results: At the end of this exercise, you should have installed System Center 2012 Configuration Manager
in a central administration site.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab A: Installing a Central Administration Site L4-29
2. In the Configuration Manager console, in the navigation pane, select the Monitoring workspace.
3. In the navigation pane, expand System Status, and then click Site Status.
4. View the status of each site systems and site system roles.
X Task 2: View the status messages for the Configuration Manager 2012 installation
1. In the navigation pane, select Site Status.
4. In the Status Messages: Set Viewing Period dialog box, verify Select date and time is selected and,
in the corresponding drop-list, verify that 1 day ago is selected, and then click OK.
5. In the Configuration Manager Status Message Viewer for <CAS> <Contoso Central Administration
Site> window, double-click any status message, and then review the details. Click OK to close the
Status Message Details box.
6. Close the Configuration Manager Status Message Viewer for <CAS> <Contoso Central Administration
Site> window.
3. Note any errors and warnings reported by Prerequisite Checker. Close Notepad.
4. In the root folder, open the ConfigMgrSetup.log file. The file is displayed in Notepad.
5. Note any errors and warnings reported by the setup. Close Notepad and then close Windows
Explorer.
2. In the navigation pane, expand Site Configuration, and then select Servers and Site System Roles.
3. In the results pane, select NYC-CAS.contoso.com, and then in the preview pane, review the roles
installed on the server, including:
Component server
Site database server
Site server
Site system
MCT USE ONLY. STUDENT USE PROHIBITED
L4-30 Module 4: Planning and Deploying a Multiple-Site Hierarchy
4. In the results pane, right-click NYC-CAS.contoso.com and then select Add Site System Roles. The
Add Site System Roles Wizard starts.
6. On the System Role Selection page, review the available roles. The list includes:
Note The site system roles directly related to client management cannot be installed in a
central administration site. This includes the following roles:
Results: At the end of this exercise, you should have validated the installation of System Center 2012
Configuration Manager.
3. Double-click splash.hta.
X Task 2: Run Installation Prerequisite Check and verify that the prerequisites are met
1. In the System Center 2012 Configuration Manager Setup screen, select Assess server readiness.
2. Installation Prerequisite Check starts and evaluates the server for installed prerequisites.
3. In the Installation Prerequisite Check window, verify that there are no errors (you may receive several
warnings), and then click OK.
X Task 3: Run Setup to install a Configuration Manager 2012 primary site in the
existing hierarchy
1. In the System Center 2012 Configuration Manager Setup screen, click Install.
2. The Microsoft System Center 2012 Configuration Manager Setup Wizard starts. On the Before
You Begin page, click Next.
3. On the Getting Started page, at Available Setup Options, select Install a Configuration Manager
primary site, and then click Next.
4. On the Product Key page, select Install this product as an evaluation, and then click Next.
5. On the Microsoft Software License Terms page, select I accept these license terms, and then click
Next.
6. On the Prerequisite Licenses page, under Microsoft SQL Server 2008 R2 Express, select I accept
these License Terms, under Microsoft SQL Server 2008 Native Client, select I accept these
License Terms, under Microsoft Silverlight 4, select I accept these License Terms and automatic
updates of Silverlight, and then click Next.
7. On the Prerequisite Downloads page, select Use previously downloaded files, and then click
Browse.
8. In the Browse For Folder dialog box, select the E:\ConfigMgr2012\Redist, and then click OK.
9. On the Prerequisite Downloads page, click Next. Configuration Manager Setup Downloader
starts to verify the prerequisites. Wait for the operation to finish.
12. On the Site and Installation Settings page, type the following settings, and then click Next.
13. On the Primary Site Installation page, select the Join the primary site to an existing hierarchy
option.
14. In the Central administration site server (FQDN) text box, type NYC-CAS.Contoso.com, and then
click Next.
15. On Database Information page, verify that the server name is NYC-CFG.Contoso.com and that the
database name is CM_NYC, and then click Next.
16. On the SMS Provider Settings page, verify that the server name is NYC-CFG.Contoso.com, and
then click Next.
17. On the Client Computer Communication Settings page, select Configure the communication
method on each site system role, and then click Next.
18. On the Site System Roles page, verify that both Install a management point and Install a
distribution point options are selected, verify that NYC-CFG.Contoso.com appears in both FQDN
text boxes, and then click Next.
19. On the Customer Experience Improvement Program Configuration page, select I dont want to
join the program at this time, and then click Next.
20. On the Settings Summary page, review your selected settings, and then click Next.
21. On the Prerequisite Check page, wait for the prerequisite checking to finish, and then click Begin
Install.
22. In the Install window, wait for the installation to complete, and then click Close.
23. In the System Center 2012 Configuration Manager Setup screen, click Exit.
Results: At the end of this exercise, you should have installed a System Center 2012 Configuration
Manager primary site in an existing hierarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab B: Installing a Primary Site in an Existing Hierarchy L4-33
3. In the navigation pane, expand System Status, and then click Site Status.
4. View the status of each site system and site system roles.
X Task 2: View the status messages for the Configuration Manager 2012 installation
1. In the navigation pane, select Site Status.
4. In the Status Messages: Set Viewing Period dialog box, verify Select date and time is selected, and
that in the corresponding drop-list, 1 day ago is selected, and then click OK.
5. In the Configuration Manager Status Message Viewer for <NYC> <New York Primary Site> window,
double-click any status message, and then review the details. Click OK to close the Status Message
Details box.
6. Close the Configuration Manager Status Message Viewer for <NYC> <New York Primary Site>
window.
3. Note any errors and warnings reported by Prerequisite Checker. Close Notepad.
4. In the root folder, open the ConfigMgrSetup.log file. The file is displayed in Notepad.
5. Note any errors and warnings reported by the setup. Close Notepad.
2. In the navigation pane, expand Site Configuration, and then select Servers and Site System Roles.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-34 Module 4: Planning and Deploying a Multiple-Site Hierarchy
3. In the results pane, select NYC-CFG.contoso.com, and then in the preview pane, note the roles
installed on the server, including:
Component server
Distribution point
Management point
Site database server
Site server
Site system
4. In the results pane right-click on NYC-CFG.contoso.com, and then select Add Site System Roles.
The Add Site System Roles Wizard starts.
Enrollment point
Note When installed as part of a hierarchy, some of the site system roles cannot be
installed in a primary site. Instead, these roles are installed at the central administration site.
These roles include:
Asset Intelligence synchronization point
Results: At the end of this exercise, you should have validated the installation of System Center 2012
Configuration Manager 2012.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab B: Installing a Primary Site in an Existing Hierarchy L4-35
2. Review the content of the file, and then close the viewer:
[Identification]
Action=InstallPrimarySite
[Options]
ProductID=EVAL
SiteCode=LON
SiteName=London Primary Site
SMSInstallDir=C:\Program Files\Microsoft Configuration Manager
SDKServer=LON-CFG.CONTOSO.COM
RoleCommunicationProtocol=HTTPorHTTPS
ClientsUsePKICertificate=0
PrerequisiteComp=1
PrerequisitePath= E:\ConfigMgr2012\Redist
MobileDeviceLanguage=0
ManagementPoint=LON-CFG.CONTOSO.COM
ManagementPointProtocol=HTTP
DistributionPoint=LON-CFG.CONTOSO.COM
DistributionPointProtocol=HTTP
DistributionPointInstallIIS=0
AdminConsole=1
JoinCEIP=0
[SQLConfigOptions]
SQLServerName=LON-CFG.CONTOSO.COM
DatabaseName=CM_LON
SQLSSBPort=4022
[HierarchyExpansionOption]
CCARSiteServer=NYC-CAS.CONTOSO.COM
X Task 2: Run the Setup for Configuration Manager 2012 and use the script option
1. Click Start, click Run, type cmd, and then click OK.
2. At the command prompt, type the following commands, each followed by pressing Enter:
e:
cd ConfigMgr2012\smssetup\bin\X64
setup /script E:\ConfigMgrSetup\ConfigMgrAutoSave_LON.ini
Note The Configuration Manager Setup runs in unattended mode. The installation
process may take up to 30 minutes. You can use Windows Task Manager to keep track of
the progress. When you see CcmExec.exe as a running process, the setup is complete.
Results: At the end of this exercise, you should have installed a System Center 2012 Configuration
Manager primary site in an existing hierarchy using the automated setup method.
X Task 2: Verify that Web Server (IIS) and related role services are installed
In the results pane of the Server Manager console, in the Roles pane, scroll to the Web Server (IIS)
section, and then verify that the following features are installed:
ASP.NET
Windows Authentication
X Task 3: Verify that the BITS and Remote Differential Compression features
are installed
1. In the navigation pane of the Server Manager console, click Features.
2. In the results pane, verify that the following features are installed:
X Task 4: Add the primary site server computer account to the local
Administrators group
1. In the navigation pane of the Server Manager console, expand Configuration, expand Local Users
and Groups, and then click Groups.
4. In the Select Users, Computers, Service Accounts or Groups dialog box, click Object Types.
5. In the Object Types dialog box, select Computers, and then click OK.
6. In the Select Users, Computers, Service Accounts or Groups dialog box, in the Enter the object
names to select text box, type NYC-CFG, click Check Names and then click OK.
Note During a secondary site installation, SQL Server Express can be installed as part of
the Create Secondary Site Wizard if a SQL instance is not already installed on the server.
Results: At the end of this exercise, you should have validated the prerequisites for installing a System
Center 2012 Configuration Manager secondary site.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab C: Installing a Secondary Site L4-39
3. In the navigation pane, expand Site Configuration, and then select Sites.
4. In the results pane, select NYC --- New York Primary Site, and then on the ribbon, click Create
Secondary Site. The Create Secondary Site Wizard starts.
6. On the General page, configure the following options, and then click Next:
Site code: TOR
Site server name: TOR-CFG.Contoso.com
Site Name: Toronto Secondary Site
7. On the Installation Source Files page, select the option Copy installation source files over the
network from the parent site server, and then click Next.
8. On the SQL Server Settings page, select the option Install and configure a local copy of SQL
Server Express on the secondary site computer, verify that the following information is specified,
and then click Next:
SQL Server service port: 1433
SQL Server Service Broker Port: 4022
9. On the Distribution Point page, accept the default settings, and then click Next.
10. On the Drive Settings page, accept the default settings, and then click Next.
13. In the Summary page, review your selected settings, and then click Next.
Note When the Create Secondary Site Wizard finishes, the installation continues in the
background on the target server. To validate the installation, verify the installation logs in
the next exercise.
15. In the Configuration Manager console, in the results pane, select TOR --- Toronto Secondary Site,
and then on the ribbon, click the Show Install Status button.
16. In the Secondary Site Installation Status dialog box, review the progress of installation actions, click
Refresh to monitor status, and then click OK. It takes approximately 15-20 minutes for installation to
complete.
Results: At the end of this exercise, you should have installed System Center 2012 Configuration Manager
secondary site.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-40 Module 4: Planning and Deploying a Multiple-Site Hierarchy
2. In the root folder, open the ConfigMgrSetup.log file. In the Open with box, select Notepad, and
then click OK.
X Task 2: View the system status for the new secondary site
1. On NYC-CFG, in the Configuration Manager console, in the navigation pane, select the Monitoring
workspace.
2. In the navigation pane, expand System Status, and then select Site Status.
5. In the results pane, view the status of the replication link between NYC and TOR. It should show that
the link is active.
Note The secondary site status can be viewed at the parent primary site or at the central
administration site. It may take some time until the installation finishes and the secondary
site status appears in the console.
Results: At the end of this exercise, you should have validated the installation of a System Center 2012
Configuration Manager 2012 secondary site.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-A and then click Revert.
3. In the navigation pane, click the Database Replication node, and then in the results pane, select the
CAS to NYC replication link. Verify that the Link State shows Link Active. If it does not, refresh the
results pane.
4. Review the information available in the preview pane under the Replication Status area. In the Site
Replication Status section, verify that both Parent Site State and Child Site State have the status of
Replication Active.
5. In the Global Data Replication Status section, verify that both Parent Site to Child Site Global
State and Child Site to Parent Site Global State display the Link Active status and that the Last
Synchronization Time reflects todays date.
Note If the status of Parent Site to Child Site Global State and Child Site to Parent
Site Global State are Link Inactive, verify that both NYC-CAS and NYC-CFG have started.
To refresh the status, click the CAS to NYC replication link, and then press F5.
6. In the preview pane, click the Parent Site tab. Review the information available in the Replication
Status area. Note that SQL Server port is 1433 and SQL Server service broker port is 4022.
7. In the preview pane, click the Child Site tab. Review the information available in the Replication
Status area.
3. On the ribbon, click Create Device Collection. The Create Device Collection Wizard starts.
4. On the General page, in the Name text box, type New York Computers and then click Browse.
5. In the Select Collection dialog box, select All Systems, and then click OK.
7. On the Membership Rules page, click Add Rule, and then click Direct Rule. The Create Direct
Membership Rule Wizard starts.
9. On the Search for Resources page, in Resource Class, verify that System Resource is selected, in
the Value text box, type NYC% and then click Next.
10. On the Select Resources page, select both NYC-CAS and NYC-CFG, and then click Next.
2. In the Configuration Manager console, verify you are in the Assets and Compliance workspace.
4. In the results pane, verify that the New York Computers collection appears in the list of device
collections.
5. Right-click the New York Computers collection and then click Show Members. Notice that a new
node appears in the navigation pane under Devices. Notice also that the members of the collection
appear in the results pane.
Results: At the end of this exercise, you should have verified the replication between the central
administration site and a primary site in a Configuration Manager hierarchy.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab A: Monitoring and Troubleshooting Replication L5-43
2. In the navigation pane, click the Database Replication node, and then in the results pane, click the
CAS to NYC replication link.
3. Right-click the CAS to NYC replication link, and then click Properties.
4. In the Replication Status Properties dialog box, verify that Generate an alert when this
replication link is not working for a specified period of time checkbox is selected.
5. In the Replication Status Properties dialog box, in the Number of minutes box, change the value
to 3 minutes, and then click OK.
3. In the Service Control window, wait for the service to stop. Wait at least 3 minutes before continuing
to the next task.
2. In the Configuration Manager Trace Log Tool dialog box, click Yes to make the program the
default viewer for all log files and then close the tool.
3. In the Configuration Manager console, in the navigation pane, click the Alerts node.
4. In the results pane, select the alert named Replication link down between parent site and NYC,
and then on the ribbon, click Configure.
5. In the Replication link down between parent site and NYC Properties dialog box, verify that
Minutes replication link connectivity down greater than has a value of 3, and then click OK.
6. In the navigation pane, click the Assets and Compliance workspace, and then click the Device
Collections node.
7. Right-click the New York Computers collection and then click Properties.
8. In the New York Computers Properties dialog box, in the Name text box, change the name of the
collection to New York Servers and then click OK.
10. In the navigation pane, click the Database Replication node, and then in the results pane, click the
CAS to NYC replication connection.
11. Verify that the status of the replication link is either Link Degraded or Link Failed. Press F5, if
necessary, to refresh the status.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-44 Module 5: Data Replication and Content Management
12. Right-click the CAS to NYC replication link and then click Save Diagnostic Files.
13. In the Save As dialog box, in the File name box, type Replication Diagnostics, in the navigation
pane, select Local Disk (C:), and then click Save.
15. In Windows Explorer, navigate to the C: drive, and then open the file Replication Diagnostics in
Notepad.
16. Review the content of the file. Note that the Parent Site to Child Site Global State shows the status
of Link Failed or Link Degraded. Close Notepad.
X Task 4: Resolve the issue and verify that replication is functioning correctly
1. On NYC-CAS, right-click the CAS to NYC replication link and then click Replication Link Analyzer.
2. Replication Link Analyzer starts detecting problems. Wait for the operation to finish.
3. In the Replication Link Analyzer window, on the Restart the SMS_EXECUTIVE service on
NYC-CFG.contoso.com page, click Restart the SMS_EXECUTIVE service. Wait for the operation to
finish.
4. In the Replication Link Analyzer window, on the Successfully restarted the SMS_EXECUTIVE service
on NYC-CFG.contoso.com page, click Continue.
5. In the Replication Link Analyzer window, on the Troubleshooting Report page, click the link under
Replication Link Analysis Report. The content of ReplicationAnalysis.xml opens in Internet
Explorer. (Note: based upon timing you may still have issues detected, if issues are detected first click
the Check to see if the problem is fixed link)
6. Review the content of the file, and then close Internet Explorer.
7. In the Replication Link Analyzer window, click the link under Replication Link Analysis Log. The
content of ReplicationLinkAnalysis.log opens in Configuration Manager Trace Log Tool.
8. Review the content of the file and then close Configuration Manager Trace Log Tool.
Results: At the end of this exercise, you should have performed troubleshooting replication.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab B: Configuring Content Management L5-45
2. In the navigation pane of the Server Manager console, expand Configuration, expand Local Users
and Groups, and then click Groups.
5. In the Select Users, Computers, Service Accounts or Groups dialog box, click Object Types.
6. In the Object Types dialog box, select Computers, and then click OK.
7. In the Select Users, Computers, Service Accounts or Groups dialog box, in the Enter the object
names to select text box, type NYC-CFG, click Check Names, and then click OK.
3. In the navigation pane, expand Site Configuration, and then click Servers and Site System Roles.
4. On the ribbon, click the Home tab, and then click Create Site System Server. The Create Site
System Server Wizard starts.
7. On the General page, in the Site Code drop-down list, select NYC --- New York Primary Site, and
then click Next.
8. On the System Role Selection page, select Distribution point, and then click Next.
9. On the Distribution Point page, select the Install and configure IIS if required by Configuration
Manager and Enable this distribution point for prestaged content options, and then click Next.
10. On the Drive Settings page, review the default settings, and then click Next.
13. On the Content Validation page, select Validate content on a schedule, and then click Next.
15. On the Summary page, review the settings, and then click Next.
X Task 3: Create a distribution point group and assign the distribution points to the
distribution point group
1. In the Configuration Manager console, in the navigation pane, click the Distribution Point Groups
node.
3. In the Create New Distribution Point Group dialog box, in the Name box type New York DP, and
in the Description box, type New York Distribution Points and then click the Members tab.
5. In the Add Distribution Points dialog box, select both \\NYC-CFG.Contoso.com and
\\NYC-SVR1.Contoso.com, and then click OK.
6. In the Create New Distribution Point Group dialog box, click OK.
7. In the Configuration Manager console, in the results pane, double-click New York DP.
8. A new node named New York DP appears in the navigation pane. In the results pane, verify that you
see the distribution points that you added to the group.
Results: At the end of this exercise, you should have created a distribution point, created a distribution
point group, and added distribution points to the group.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab B: Configuring Content Management L5-47
3. In the navigation pane, expand Application Management, and then click the Applications node.
4. On the ribbon, click Create Application. The Create Application Wizard starts.
5. On the General page, verify that in the Type box Windows Installer (Native) is selected, and then
click Browse.
12. In the Configuration Manager console, in the results pane, click the Microsoft Office PowerPoint
Viewer 2007 (English) application, on the ribbon, click Deployment, and then click Distribute
Content. The Distribute Content Wizard starts.
15. On the Content Destination page, click Add, and then click Distribution Point Group.
16. In the Add Distribution Point Groups dialog box, select New York DP, and then click OK.
17. On the Content Destination page, click Next.
2. In the Microsoft Office PowerPoint Viewer 2007 (English) Properties window, click the Content
Locations tab.
3. In the Distribution points or distribution point groups list, select \\NYC-CFG.Contoso.com, and
click Validate.
6. In the Microsoft Office PowerPoint Viewer 2007 (English) Properties window, click OK.
9. In the results pane, click Microsoft Office PowerPoint Viewer 2007 (English), and then review the
information in the preview pane. Observe that two distribution points were targeted, but Completion
Statistics show that 1 is reported as success and 1 is in progress.
10. In the preview pane, click the View Status link. A sticky node appears in the navigation pane, and in
the results pane, you should see the Content Status for the selected package.
11. In the navigation pane, click the Distribution Point Configuration Status node.
12. In the results pane, click \\NYC-CFG.Contoso.com, and in the preview pane, click the Details tab.
Review the status messages related to content distribution.
13. In the Configuration Manager console, click the Administration workspace.
15. In the results pane, select \\NYC-CFG.Contoso.com, and then on the ribbon, click Properties.
16. In the \\NYC-CFG.Contoso.com Properties dialog box, click the Content tab.
17. In the Deployment packages list, click Microsoft Office PowerPoint Viewer 2007 (English), and
then click Validate.
18. In the Configuration Manager message box, click OK.
Results: At the end of this exercise, you should have distributed content and monitored the distribution
process.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab B: Configuring Content Management L5-49
2. In the results pane, click Microsoft Office PowerPoint Viewer 2007 (English), and then on the
ribbon, click Create Prestage Content File. The Create Prestaged Content File Wizard starts.
4. In the Prestaged content file dialog box, navigate to the Local Disk (C:) folder, in the File name
box, type PowerPointViewer and then click Save.
8. In the Add Distribution Points dialog box, select \\NYC-CFG.Contoso.com, and then click OK.
14. In the address bar, type \\NYC-SVR1\C$ and then press Enter.
2. At the command prompt, type the following, pressing Enter after each line:
CD C:\SMS_DP$\sms\Tools
extractcontent.exe /P:C:\PowerPointViewer.pkgx /S
2. In the navigation pane, expand Distribution Status, and then click the Content Status node.
3. In the results pane, click Microsoft Office PowerPoint Viewer 2007 (English), and then review the
information in the preview pane. Observe that two distribution points were targeted, and Success is
now listed as 2.
Results: At the end of this exercise, you should have performed content prestaging.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-50 Module 5: Data Replication and Content Management
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-C and then click Revert.
2. In the Active Directory Sites and Services console, in the navigation pane, right-click Sites, and then
click New Site.
3. In the New Object --- Site dialog box, in the Name box, type NewYork.
7. In the New Object --- Subnet dialog box, in the Prefix box, type 10.10.0.0/24.
8. Under Select a site object for this prefix, click NewYork, and then click OK.
10. In the results pane, right-click NYC-DC1, and then click Move.
11. In the Move Server dialog box, click NewYork, and then click OK.
12. In the navigation pane expand NewYork, and then select Servers.
X Task 2: Configure Active Directory Forest Discovery to create a new boundary from
the Active Directory site
1. On the NYC-CAS server click Start, click All Programs, expand Microsoft System Center 2012,
expand Configuration Manager, and then click Configuration Manager Console.
3. In the navigation pane, expand Hierarchy Configuration, and then click Discovery Methods.
4. In the results pane, identify the Active Directory Forest Discovery methods. You should have three
entries available in the results pane: one for the CAS site, one for the NYC site and one for the LON
site.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-52 Module 6: Planning and Completing System Center 2012 Configuration Manager Client Deployment
5. In the results pane, select the Active Directory Forest Discovery for the CAS site, and then on the
ribbon, click Properties.
6. In the Active Directory Forest Discovery Properties dialog box, select Enable Active Directory
Forest Discovery, select Automatically create Active Directory site boundaries when they are
discovered, and then click OK.
9. In the results pane, select Contoso.com, and then on the ribbon, click Properties.
10. In the Contoso.com Properties dialog box, on the General tab, review the settings, and then click
the Publishing tab.
11. In the Publishing tab, review the settings, and then click Cancel.
12. In the results pane, select Contoso.com, and then on the ribbon, click Show IP Subnets.
13. A new node named IP Subnets of Contoso.com should appear in the navigation pane, and then in
the results pane, you should see the IP subnets discovered from Active Directory.
14. In the navigation pane, select Active Directory Forests, in the results pane select Contoso.com, and
then on the ribbon, click Show Active Directory Sites.
15. A new node named Active Directory Sites of Contoso.com appears in the navigation pane, and
then in the results pane, you should see the sites discovered from Active Directory.
17. In the results pane, select the NewYork boundary, and then on the ribbon, click Properties.
18. In the NewYork Properties dialog box, review the settings on the General tab, and then click the
Site Systems tab.
19. On the Site Systems tab, note that you cannot add a site system using this dialog box, and then click
the Boundary Groups tab.
20. On the Boundary Groups tab, note that the boundary is not yet assigned to a boundary group, and
then click Cancel.
3. In the Create Boundary Group dialog box, on the General tab, in the Name: box, type New York
Systems and then click Add.
4. In the Add Boundaries dialog box, check the box next to NewYork, and then click OK.
5. In the Create Boundary Group dialog box, select the References tab.
6. On the References tab, check the Use this boundary group for site assignment box.
7. Next to Assigned site, click the dropdown menu, and then select NYC-New York Primary Site.
9. In the Add Site Systems dialog box, check the box next to \\NYC-CFG.Contoso.com, and then click
OK.
Note You have created the New York Systems boundary group at the central
administration site, however, configured the assigned site to be NYC --- New York Primary
Site. All clients in this boundary group are installed and managed by the
NYC-CFG.contoso.com site server.
3. In the navigation pane, expand Hierarchy Configuration, and then click Discovery Methods. Note
that you can only see the discovery methods that can be configured for NYC primary site and TOR
secondary site.
4. In the results pane, select the Active Directory System Discovery, and then on the ribbon, click
Properties.
5. In the Active Directory System Discovery Properties dialog box, select Enable Active Directory
System Discovery, and then click the New ( ) button.
9. In the Active Directory System Discovery Properties dialog box, select the Polling Schedule tab,
and then review the settings.
10. In the Active Directory System Discovery Properties dialog box, select the Active Directory
Attributes tab, and then review the settings.
11. In the Active Directory System Discovery Properties dialog box, select the Option tab, review the
settings, and then click OK.
2. In the Active Directory User Discovery Properties dialog box, select Enable Active Directory User
Discovery, and then click the New ( ) button.
4. In the Select New Container dialog box, select Contoso, and then click OK.
6. In the Active Directory User Discovery Properties dialog box, select the Polling Schedule tab, and
then review the settings.
7. In the Active Directory User Discovery Properties dialog box, select the Active Directory
Attributes tab, review the settings, and then click OK.
2. In the Active Directory Group Discovery Properties dialog box, select Enable Active Directory
Group Discovery, click Add, and then click Location.
3. In the Add Active Directory Location dialog box, in the Name box, type Contoso domain and then
click Browse.
4. In the Select New Container dialog box, select Contoso, and then click OK.
6. In the Active Directory Group Discovery Properties dialog box, select the Polling Schedule tab,
and then review the settings.
7. In the Active Directory Group Discovery Properties dialog box, select the Option tab, review the
settings, and then click OK.
8. In the Configuration Manager message box, click Yes.
X Task 7: Verify that the discovered computers appear in the All Systems collection and
are correctly assigned to the site
1. In the Configuration Manager Console, click the Assets and Compliance workspace.
4. A new sticky node called All Systems appears in the navigation pane under the Devices node. In the
results pane, observe the systems that are members of the All Systems collection and their assigned
site. On the Site Code column, you should see NYC for most systems.
Results: At the end of this exercise, you should have configured the Active Directory discovery methods.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Planning and Completing System Center 2012 Configuration Manager Client Deployment L6-55
2. In the results pane, right-click \\NYC-CFG.Contoso.com, and then click Add Site System Roles. The
Add Site System Roles Wizard starts.
3. In the General page, verify that the Name for the site server is NYC-CFG.Contoso.com, and then
click Next.
4. In the System Role Selection page, select Fallback status point, and then click Next.
5. In the Fallback Status Point page, review the settings, and then click Next.
6. In the Summary page, review the settings, and then click Next.
8. In the results pane, select \\NYC-CFG.Contoso.com, and then in the preview pane, right-click the
Management point role, and then click Properties.
9. Select the Generate alert when the management point is not healthy check box, and then click
OK.
10. In the navigation pane, under Site Configuration, select the Sites node, and then click the
Hierarchy Settings button on the ribbon.
11. In Site Settings Properties, select the Use a fallback site check box, in the Fallback site list, select
NYC --- New York Primary Site, and then click OK.
2. In the Active Directory Users and Computers console, in the navigation pane, right-click the Users
container, and then click New, User.
6. In the Active Directory Users and Computers console, right-click the newly created
ConfigMgrClientPush user, and then click Properties.
9. In the Select Groups dialog box, in the Enter the object names to select text box, type Domain
Admins, click the Check Names button, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-56 Module 6: Planning and Completing System Center 2012 Configuration Manager Client Deployment
2. In the navigation pane, expand Site Configuration, and then click the Sites node.
3. In the results pane, right-click NYC --- New York Primary Site, click Client Installation Settings, and
then click Client Push Installation.
4. In the Client Push Installation Properties dialog box, click the Accounts tab.
5. At the Accounts tab, click the New ( ) button, and then click New Account.
6. In the Windows User Account dialog box, click the Browse button.
7. In the Select User dialog box, in the Enter the object name to select text box, type
ConfigMgrClientPush, click the Check Names button, and then click OK.
8. In the Windows User Account dialog box, in both the Password and Confirm password boxes,
type Pa$$w0rd and then click Verify. The Windows User Account dialog box expands.
9. In the Windows User Account dialog box, in the Network Share box, type \\NYC-DC1\C$, and
then click Test connection.
12. In the Client Push Installation Properties dialog box, click the Installation Properties tab.
13. At the Installation Properties tab, in the Installation properties box, after the text
SMSSITECODE=NYC type a space, and then type FSP=NYC-CFG.CONTOSO.COM.
14. In the Client Push Installation Properties dialog box, click OK.
3. In the results pane, right-click NYC-CFG, and then click Install Client. The Install Configuration
Manager Client Wizard starts.
5. In the Installation Options page, check the Install the client software from a specified site box,
verify that in the Site list appears NYC --- New York Primary Site, and then click Next.
8. In the results pane, right-click NYC-DC1, and then click Install Client. The Install Configuration
Manager Client Wizard starts.
10. In the Installation Options page, check the Allow the client software to be installed on domain
controllers box, and then click Next.
Results: At the end of this exercise, you should have started the installation of the Configuration Manager
client.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-58 Module 6: Planning and Completing System Center 2012 Configuration Manager Client Deployment
3. At the Processes tab, verify that ccmsetup.exe appears in the list of processes.
Note If ccmsetup.exe does not appear in the list repeat the installation ensuring that the
Allow the client software to be installed on domain controllers check box is selected.
After the client installation, CcmExec.exe should appear in the list of processes.
2. In the Control Panel window, next to View by, select Large icons.
3. In the Control Panel window, click Configuration Manager.
4. In the Configuration Manager Properties dialog box, on the General tab, review the information.
5. In the Configuration Manager Properties dialog box, click the Components tab, and then verify
the status of the agents. Some of the agents should have the Status of Enabled.
6. In the Configuration Manager Properties dialog box, click the Actions tab.
7. In the Actions list, select Machine Policy Retrieval & Evaluation Cycle, and then click Run Now to
initiate the connection of the Configuration Manager client to the management point.
Note When running inside a virtual machine, the Configuration Manager client uses
randomization for the initial time interval of connection to the management point. Running
the Machine Policy Retrieval & Evaluation Cycle manually ensures that all components are
updated as required.
8. In the Machine Policy Retrieval & Evaluation Cycle message box, click OK.
3. In the results pane, the status on the Client Activity column for NYC-DC1 and NYC-CFG should be
Active.
Note If the status of the clients is not Active, on the ribbon, click the Update
Membership button and then refresh the console. It may take a minute or two for the
Client Activity to show as Active.
4. In the results pane, select NYC-DC1, and then review the information in the preview pane.
6. In the NYC-DC1 Properties dialog box, review the information, and then click OK.
Results: At the end of this exercise, you should have installed the Configuration Manager client using the
Client Push installation method.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-C and then click Revert.
3. In the navigation pane, expand Site Configuration, and then click Sites.
4. In the results pane, click NYC --- New York Primary Site.
6. In the Site Maintenance dialog box, click Backup Site Server, and then click Edit.
7. In the Backup Site Server Properties dialog box, select the Enable this task check box, and then
click Set Paths.
8. In the Set Backup Paths dialog box, verify the option Local drive on site server for site data and
database is selected, and then click Browse.
Note In practice, you should use either Network path (UNC name) for site data and
database to save backup on a network share, or, if the database is installed on a separate
server, use Local drives on site server and SQL Server.
9. In the Select Folder dialog box, navigate to drive C, create a new folder called Backup, and then click
Select Folder.
10. In the Set Backup Paths dialog box, verify that C:\Backup appears in the box, and then click OK.
11. In the Backup Site Server Properties dialog box, in the Start after box, set the time to start 3
minutes from now, and then click OK. You may need to adjust the Latest start time, so it is at least
one hour after the time you entered in the Start after box.
12. In the Site Maintenance dialog box, on the Enabled column, next to the Backup Site Server task,
verify that the word Yes is displayed. Click OK.
X Task 2: Trigger the backup of the site and verify its completion
1. Click Start, click All Programs, expand Administrative Tools, and then click Services.
2. In the Services console, in the details pane, click the SMS_SITE_BACKUP service, and then on the
toolbar, click the Start Service button. Close the Services window.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-62 Module 7: Maintaining and Monitoring System Center 2012 Configuration Manager
3. Navigate to the C:\Program Files\Microsoft Configuration Manager\Logs, and then open the
smsbkup.log file in Notepad.
4. If the backup is performed successfully, at the end of the smsbkup.log file, the text Backup
completed appears, and then on the next line, the text STATMSG: ID=5035 appears.
5. Navigate to the C:\Backup\NYCBackup\SiteDBServer folder and verify that it contains the database
files.
8. In the navigation pane, expand System Status, and then click the Component Status node.
9. In the results pane, click the SMS_SITE_BACKUP component.
11. In the Status Messages: Set Viewing Period dialog box, accept the default of 1 day ago, and then
click OK.
12. In Configuration Manager Status Message Viewer, search for a message with a Message ID of
5035.
Note When site backup completes successfully, message ID 5035 appears, which indicates
that the site backup completed without any errors.
Results: At the end of this exercise, you should have performed a backup for the Configuration Manager
site.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Maintaining and Monitoring System Center 2012 Configuration Manager L7-63
2. The Microsoft System Center 2012 Configuration Manager Setup Wizard starts. In the Before
You Begin window, click Next.
3. On the Getting Started page at Available Setup Options, click Recover a site, and then click Next.
4. On the Site Server and Database Recovery Options page, click Recover the site database using
the backup set at the following location, and then click Browse.
5. In the Browse For Folder dialog box, select the C:\Backup\NYCBackup folder, and then click OK.
6. On the Site Server and Database Recovery Options page, click Next.
7. On the Site Recovery Information page, verify that the option Recover primary site is selected,
and then click Next.
8. On the Product Key page, select Install this product as an evaluation, and then click Next.
9. On the Microsoft Software License Terms page, click the I accept these license terms check box,
and then click Next.
10. On the Prerequisite Licenses page, under Microsoft SQL Server 2008 R2 Express, select I accept
these License Terms, under Microsoft SQL Server 2008 Native Client, select I accept these
License Terms, under Microsoft Silverlight 4, select I accept these License Terms and automatic
updates of Silverlight, and then click Next.
11. On the Prerequisite Downloads page, select Use previously downloaded files, and then click
Browse.
12. In the Browse For Folder dialog box, select the E:\ConfigMgr2012\Redist folder, and then click OK.
17. On the Customer Experience Improvement Program Configuration page, select I dont want to
join the program at this time, and then click Next.
18. On the Settings Summary page, click Next.
19. In the Prerequisite Check dialog box, click Cancel, and then click Yes. It takes time to restore the
site, and so for this lab, cancel the restoration process.
Results: At the end of this exercise, you should have reviewed the recovery process for the Configuration
Manager 2012 primary site.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-64 Module 7: Maintaining and Monitoring System Center 2012 Configuration Manager
3. In the navigation pane expand Site Configuration, click Sites, and then in the results pane, click the
CAS --- Contoso Central Administration Site site.
6. On the General tab of the Component Status Summarizer Properties dialog box, verify that
Enable status summarization is selected.
7. On the Thresholds tab, in the Message type box, click Error status Messages, and then in the
Thresholds list, double-click the SMS_SITE_BACKUP component.
8. In the Status Threshold Properties dialog box, change the warning and the critical threshold to the
following values, and then click OK.
10. In the Status Summarizers dialog box, select Site System Status Summarizer, and then click Edit.
11. On the General tab of the Site System Status Summarizer Properties dialog box, verify that
Enable status summarization is selected. For primary sites, you also can configure the replication
and schedule in this dialog box.
12. On the Thresholds tab, review the values for the Default thresholds.
13. Click any object from the Specific thresholds list, and then click the Properties button. Review the
storage objects warning and critical thresholds, and then click OK.
14. In the Site System Status Summarizer Properties dialog box, click OK.
2. In the navigation pane, click Site Hierarchy to open the Hierarchy Diagram view.
3. Briefly rest the mouse pointer over the line between the CAS and NYC sites to view the status of
global and site data replication for these sites.
4. In the navigation pane, click Database Replication, and then in the results pane, click the CAS to
NYC replication link.
5. In the preview pane, click the Summary tab to view details about the replication link status.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Maintaining and Monitoring System Center 2012 Configuration Manager L7-65
6. In the preview pane, click the Parent Site tab to view details about the site configuration and SQL
Server details for the parent site.
7. In the preview pane, click the Child Site tab to view details about the site configuration and SQL
Server details for the child site.
Results: At the end of this exercise, you should have used the In-Console Monitoring features.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-C, and then click Revert.
2. In the navigation pane, expand Site Database, and then click Site Management. In the results pane,
verify that on the Version column appears 4.00.6487.2000 which means the site is running
Configuration Manager 2007 Service Pack 2.
3. In the navigation pane under Site Database, expand Site Management, expand CM7-New York
Configuration Manager 2007, expand Site Settings, and then click Boundaries.
4. In the results pane, right-click the IP subnet boundary and then click Properties.
5. In the Properties dialog box, review the configuration of the boundary, and then click Cancel.
6. In the navigation pane, expand Computer Management, expand Collections, right-click Contoso
Servers collection, and then click Properties.
7. In the Contoso Servers Properties dialog box, click the Membership Rules tab. Observe that there
are no membership rules defined, and then click OK.
Note Contoso Servers collection does not have any members and serves as a container
for the other two collections.
8. In the navigation pane, expand Contoso Servers, click the New York Servers collection, and then in
the results pane, observe that NYC-CM7 is the only member of the collection.
9. In the navigation pane, right-click the New York Servers collection and then click Properties.
10. In the New York Servers Properties dialog box, click the Membership Rules tab.
11. Under Membership rules, select New York Servers, and then click the Properties button.
12. In the Query Rule Properties dialog box, click Edit Query Statement.
13. In the New York Servers Query Statement Properties dialog box, click Show Query Language.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-68 Module 8: Migrating from System Center Configuration Manager 2007 to System Center 2012 Configuration Manager
14. In the New York Servers Query Statement Properties dialog box, examine the query, and then
click Cancel.
Note New York Servers collection uses a query rule to include all computers with a name
starting with NYC.
16. In the New York Servers Properties dialog box, click Cancel.
17. In the navigation pane, click the ConfigMgr Servers collection, and then in the results pane, observe
that NYC-CM7 is the only member of the collection.
18. In the navigation pane, right-click the ConfigMgr Servers collection and then click Properties.
19. In the ConfigMgr Servers Properties dialog box, click the Membership Rules tab.
20. Under Membership rules, observe the direct membership rule created for NYC-CM7.
Note ConfigMgr Servers collection uses a direct membership rule to include NYC-CM7 as
a member.
22. In the navigation pane, expand Software Distribution, and then click Packages.
23. In the results pane, right-click the ConfigMgr 2007 Toolkit V2 package and then click Properties.
Note this is a MSI package.
24. Review the properties of the package, and then click Cancel.
25. In the results pane, right-click the Excel Viewer package and then click Properties. Note this is an
App-V package.
26. Review the properties of the package, and then click Cancel.
29. In the navigation pane, expand Asset Intelligence, expand Customize Catalog, and then click
Software Categories. Review the Contoso Software custom category.
30. In the navigation pane, click Software Families. Review the Contoso LOB Applications custom
family.
31. In the navigation pane, click Custom Labels. Review the Contoso Application custom label.
32. In the navigation pane, expand Desired Configuration Management, and then click Configuration
Items.
33. In the results pane, right-click the Windows Firewall Enabled configuration item and then click
Properties.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Migrating from System Center Configuration Manager 2007 to System Center 2012 Configuration Manager L8-69
34. In the Windows Firewall Enabled Properties dialog box, at the General tab review the properties,
click the Settings tab.
35. At the Settings tab, select Windows Firewall is running setting, and then click Edit.
36. In the Windows Firewall is running Properties dialog box, review the settings, and then click
Cancel. Note this configuration item is using a WQL query to check the status of the Windows
Firewall.
37. In the Windows Firewall Enabled Properties dialog box, click Cancel.
40. In the Contoso Security Policy Validation Properties dialog box, review the settings, and then click
Cancel.
3. In the navigation pane, expand the Migration node, and then click Source Hierarchy.
5. In the Specify Source Hierarchy dialog box, in the Top-level Configuration Manager 2007 site
server box, type NYC-CM7.contoso.com.
6. In the Specify Source Hierarchy dialog box, under Specify the Source Site Account to use to
access the SMS Provider for the source site server. This account required Read permissions to
all source site objects, verify that User Account is selected, click Set, and then click New Account.
7. In the Windows User Account dialog box, in the User name box, type Contoso\Administrator.
8. In the Windows User Account dialog box, in the Password and Confirm password boxes, type
Pa$$w0rd and then click Verify.
12. In the Specify Source Hierarchy dialog box, under Specify the Source Site Database Account to
use to access the SQL Server for the source site server. This account requires Read and Execute
permissions to the source site database, verify that Use the same account as the Source Site
SMS Provider Account is selected, and then click OK.
13. In the Data Gathering Status dialog box, wait for the data collection to complete, and then click
Close.
14. In the navigation pane, verify Source Hierarchy is selected. In the results pane, select CM7, and then
on the ribbon, click Properties.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-70 Module 8: Migrating from System Center Configuration Manager 2007 to System Center 2012 Configuration Manager
15. In the NYC-CM7.contoso.com Properties window, review the Data gathering interval setting that is
set to 4 hours, and then click Cancel.
16. In the preview pane, click the Shared Distribution Points tab.
18. In the Share Distribution Points dialog box, click Enable distribution point sharing for this
Configuration Manager 2007 site server, and then click OK.
19. In the Data Gathering Status dialog box, wait for the data collection to complete, and then click
Close.
20. On the ribbon, click Refresh, and then verify that \\NYC-CM7.CONTOSO.COM appears in the
preview pane on the Shared Distribution Points tab.
Note By configuring the Shared Distribution Points option, both the Configuration
Manager 2007 clients and Configuration Manager 2012 clients will have access to the
packages during migration.
Results: At the end of this exercise, you should have reviewed the configuration of the Configuration
Manager 2007 site and configured the source hierarchy in Configuration Manager 2012.
MCT USE ONLY. STUDENT USE PROHIBITED
Lab: Migrating from System Center Configuration Manager 2007 to System Center 2012 Configuration Manager L8-71
2. On the ribbon, click Create Migration Job. The Create Migration Job Wizard starts.
3. On the General page, in the Name box, type Collections and associated objects and then in the
Description (optional) box, type Migrate collections and associated objects.
4. On the General page, in the Job type box, select Collection migration, and then click Next.
5. On the Select Collections page, select Contoso Servers (this also selects New York Servers and
ConfigMgr Servers), verify the Migrate objects that are associated with the specified collections
option is selected, and then click Next.
6. On the Select Objects page, under Object types, verify that Advertisements is selected.
7. Under Available objects, click to clear the ConfigMgr 2007 SP2 KB977384 to New York Servers
check box.
11. Under Available objects, verify that Excel Viewer is selected, and then click Next.
12. On the Content Ownership page, observe that content ownership is assigned to NYC ---Contoso
Primary Site, and then click Next.
13. On the Security Scope page, select Default, and then click Next.
14. On the Collection Limiting page, click Next.
16. On the Review Information page, review the objects to be migrated, and then click Next.
17. On the Settings page, verify that Run the migration job now is selected, review the other settings,
and then click Next.
21. In the results pane, verify the status of the migration job is Completed. If necessary, click Refresh.
2. In the preview pane, click the Objects in Job tab, and then review the objects included in the
migration job.
3. In the Configuration Manager Console, click the Assets and Compliance workspace.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-72 Module 8: Migrating from System Center Configuration Manager 2007 to System Center 2012 Configuration Manager
4. In the navigation pane, expand Device Collections, and then select the Contoso Servers node. If
you do not see the Contoso Servers folder, select the Overview node, and then press F5 on your
keyboard to refresh the navigation pane.
5. In the results pane, observe the ConfigMgr Servers and New York Servers collections.
6. Right-click the New York Servers collection and then select Properties.
7. In the New York Servers Properties dialog box, click the Membership Rules tab.
8. Under Membership rules, select the New York Servers rule, and then click Edit.
9. In the Query Rule Properties dialog box, review the query, and then click Cancel.
10. In the New York Servers Properties dialog box, click Cancel.
11. In the Configuration Manager Console, click the Software Library workspace.
12. In the navigation pane, expand Application Management, and then select the Packages node.
13. In the results pane, select ConfigMgr 2007 Toolkit V2, and then in the preview pane, click the
Deployments tab.
4. In the Name box, type Migrate objects by type and then in the Description (optional) box, type
Migration of specific objects.
5. On the General page, in the Job type box, select Object migration, and then click Next.
6. On the Select Objects page, under Object types, click to select Boundaries.
12. On the Security Scope page, select Default, and then click Next.
13. On the Review Information page, review the objects to be migrated, and then click Next.
14. On the Settings page, verify that Run the migration job now is selected, review the other settings,
and then click Next.
18. In the results pane, verify that the status of the migration job is Completed. If necessary, select the
Migrate objects by type object, and then click Refresh.
2. In the navigation pane, expand Asset Intelligence, and then click Catalog.
4. In the navigation pane, expand Compliance Settings, and then click Configuration Items.
12. In the results pane, review the boundary groups created for the Configuration Manager 2007 site and
for the distribution points.
4. In the results pane, click Migration Job properties, and then on the ribbon, click Run.
5. After Migration Job Name, click Values.
6. Under Migration Job Name, click the first migration job, and then click OK.
9. In the results pane, click Migration jobs, and then on the ribbon, click Run.
2. In the navigation pane, expand the Migration node, and then click the Source Hierarchy node.
3. In the results pane select CM7, and then, on the ribbon, click Stop Gathering Data.
4. In the Configuration Manager dialog box, click Yes.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-74 Module 8: Migrating from System Center Configuration Manager 2007 to System Center 2012 Configuration Manager
5. In the results pane verify that CM7 has the status Have not gathered data, and then, on the ribbon,
click Clean Up Migration Data.
6. In the Clean Up Migration Data dialog box, verify that in the Source hierarchy box appears CM7
(NYC-CM7.contoso.com) and then click OK.
8. In the results pane, note that source hierarchy has been removed.
Results: At the end of this exercise, you should have created migration jobs, performed object migration,
and viewed the migration reports. You have also decommissioned the source hierarchy.
2. In the Virtual Machines list, right-click 10748A-NYC-DC1-B and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.