As all Configuration Manager customers know, security is challenging and often requires complex setup configurations. Setting up a Certificate Authority, issuing certificates, and maintaining them can be a herculean task, and in most cases involves interacting with multiple teams in an organization.
It is the price we pay to have a highly secure environment, where the administrators, executives, and employees don’t have to worry about their data being compromised.
Configuration Manger leverages an existing PKI infrastructure to enable secure communication between clients and site system roles.
Before System Center Configuration Manager 2012, Configuration Manager 2007 had concepts called native mode and mixed mode: The philosophy behind native mode was to secure the site server and all its site systems, in addition to securing all site-to-site communication. This involved configuring a site signing certificate on all installed sites, plus there was an added restriction that a native mode site must always report to a native mode site.
During the planning phase for System Center 2012 Configuration Manager, we listened to customer feedback and revisited this native and mixed mode model, and debated our previous concept of securing the site. The result was client computer communication.
Key concepts for client computer communication:
Let’s take a couple of example scenarios to see how this new model works.
Woodgrove Bank currently has 20,000 intranet clients. These clients never leave the corporate network. Management recently made some changes in corporate policy to address the employee concerns about work life balance and the request for more flexible working arrangements. With the new policy in effect, 30% of the task force will be issued new laptops and they are allowed to work from home.
When the Configuration Manager administrator first read this memo, his first thought was “I have a lot of extra work to do before I can manage these laptops on the Internet!”
Currently all the clients are managed by a single System Center 2012 Configuration Manager primary site (PR1). All the site system roles are configured to communicate over HTTP.
Being aware of how native mode and Internet-based client management worked in Configuration Manager 2007, the administrator’s first assumption was that he would have to install a new native mode primary site. He doesn’t currently have a central administration site, so he thought this would mean either having two hierarchies to manage, or redesign his existing hierarchy.
However, when he investigates the changes in System Center 2012 Configuration Manager, he realizes that he does not need an additional site. Instead, all that’s needed are a few Internet-based roles that are configured for HTTPS communication:
Here’s a comparison of how the two solutions might look for this scenario, to support Internet-based client management in Configuration Manager 2007 and System Center 2012 Configuration Manager:
*Red halo around the site system roles represent sites and roles that are capable of HTTPS communication.
The next challenge is to how to manage Internet clients when they move back into the intranet. Our administrator does not want to change the existing hierarchy and does not want to configure all the clients and site system roles on the intranet to have PKI certificates. The answer to this is enabling intelligent client behavior, one of the new key concepts mentioned previously.
To enable this behavior, simply select this check box from the property page in the previous screenshot:
When selected, Internet clients on the intranet can communicate with HTTP site system roles on the intranet.
Trey Research has 5,000 clients that are managed by a single primary site (PR1). After the recent security push, the Configuration Manager administrator was instructed that all clients must communicate over HTTPS by using PKI certificates for mutual authentication.
If the site had been running Configuration Manager 2007, this would require migrating the whole site from mixed mode to native mode. This would involve checking that all clients had a PKI client certificate, reconfiguring IIS for all the site system roles, configuring the site to use the site server signing certificate, automatically reinstalling site system roles to operate in native mode, and waiting for the site server to resign all the client policies. This “big bang” approach requires a lot of careful planning to make sure that clients are not unmanaged after the migration, with the recommendation to make this change during a quiet period.
Because Trey Research has System Center 2012 Configuration Manager, the administrator doesn’t have to take this risk and work over the weekend. Instead, he does the following:
I hope that this information and example scenarios throw some light into the changes we made for System Center 2012 Configuration Manager, and how you can benefit from the flexibility they provide to manage clients over HTTPS – whether this is to manage client on the Internet or to provide greater security on the intranet.
For more information, see the following in the System Center 2012 Configuration Manager Documentation Library:
-- Abhishek Pathak
This posting is provided "AS IS" with no warranties and confers no rights.
The Documentation Library for System Center 2012 Configuration Manager and the Configuration Manager 2007 Documentation Library have been updated on the web and the latest content has Updated: May 1, 2012 at the top of the topic.
Downloadable documentation will be available soon, to be announced on this blog.
In addition to updating the documentation libraries, we also have two new topics that are added to the Technical Publications for System Center 2012 Configuration Manager:
We have removed the reference to the downloadable quizzes in Configuration Manager 2007 Quizzes. Now that the web-based quizzes are available, expect the downloadable versions to be retired soon. All new quizzes and any updates will be web-based.
We value customer feedback and try to incorporate it when possible. Although we can’t promise to make the docs perfect for everybody, we are committed to continual improvement. So, keep that feedback coming, and feel free to contact us about anything related to the documentation by using our usual address of SMSDocs@Microsoft.com.
What's New in the Documentation Library for System Center 2012 Configuration Manager, May 2012
The following information lists the topics that contain significant changes since the April 2012 update.
Supported Configurations for Configuration Manager
- Updated to remove the previously documented limitation that the NetBIOS name must match the first label of the domain FQDN. The SQL Server statements are also updated to include the Datacenter edition and this addition is also made in Planning for Hardware Configurations for Configuration Manager. We’ve also clarified that CU versions for SQL Server are minimum versions.
What’s New in Configuration Manager
- Updated the Sites and Hierarchies section for a new section for Language Pack Support. This information is also clarified in the Client Deployment and Operations section, which contains the information that you no longer install International Client Packs (ICPs) when you want to support different languages on the client.
Planning for Site Systems in Configuration Manager
- Updated the site system role placement for secondary sites. Most site system roles must be on the secondary site server.
Planning for Sites and Hierarchies in Configuration Manager
- Updated for additional information about planning for language packs at Configuration Manager sites, clients, and the Configuration Manager console.
Planning for Discovery in Configuration Manager
- Updated for the new section, Best Practices for Discovery.
Planning for Communications in Configuration Manager
- Updated for a procedure how to manually publish management points to DNS on Windows Server.
Example Scenarios for Planning a Simplified Hierarchy with Configuration Manager
- Updated the Steps Taken section in Scenario 2: Infrastructure Reduction and Management of Client Settings, to clarify that the decision to install a primary site in London instead of a secondary site was a result of assessing the available hardware for a site server, the current number of clients at London (5,500 clients exceed the supported number of clients for a secondary site), and the potential for growth at the location.
Install Sites and Create a Hierarchy for Configuration Manager
- Updated for a new section, Decommission Sites and Hierarchies, for information about how to uninstall Configuration Manager.
Manage Site and Hierarchy Configurations
- Updated for the new section, Manage Language Packs at Configuration Manager Sites.
Security and Privacy for Site Administration in Configuration Manager
- Updated the entry about the Security Configuration Wizard with the link to download the toolkit for System Center 2012 Configuration Manager: System Center 2012: Configuration Manager Component Add-ons and Extensions. This information is also updated in the Security and Privacy for System Center 2012 Configuration Manager guide.
Technical Reference for Ports Used in Configuration Manager
- Updated for the ports used by the new site system roles: the Application Catalog website point and Application Catalog web service point; the enrollment point and enrollment proxy point; and the Endpoint Protection point. Also clarified that Configuration Manager does not support dynamic ports for SQL Server.
Technical Reference for Language Packs in Configuration Manager
- New topic that provides technical details about language support in System Center 2012 Configuration Manager.
Planning for Migration to System Center 2012 Configuration Manager
- Updated for additional information about planning for overlapping boundaries if you will install new Configuration Manager 2007 client during the migration period.
About Client Installation Properties in Configuration Manager
- Updated for information about file locations for the /config: /NotifyOnly and CCMENABLELOGGING installation properties.
How to Manage Applications and Deployment Types in Configuration Manager
- Updated to clarify that the Retire management task does not remove any installed copies of the application from client computers.
Security and Privacy for Application Management in Configuration Manager
- Updated for the security best practice of deploying only signed applications for mobile devices so that you don’t have to configure settings that let unsigned applications install and run (“unlock”).
Introduction to Software Updates in Configuration Manager
- Updated for the new Extend Software Updates in Configuration Manager section for information about System Center Updates Publisher 2011 and added a reference to the new scenario topic, Example Scenario for Deploying Software Updates.
Example Scenario for Deploying Software Updates
- New topic that provides an example scenario for how you might deploy software updates in your environment.
Prerequisites For Deploying Operating Systems in Configuration Manager
- Updated for the external dependency, DHCP.
Planning a Task Sequences Strategy in Configuration Manager
- Updated for information about running task sequences in a maintenance window.
How to Manage the User State in Configuration Manager
- Updated for how to create a USMT package and how to restore the user state if the operating system deployment fails.
Task Sequence Steps in Configuration Manager
- Updated the Updated Install Software Updates step for the information that the step cannot suppress restarts if the software update requires a restart.
How to Deploy Operating Systems by Using PXE in Configuration Manager
- As a result of customer feedback, updated to clarify that the exclusion list file can be stored anywhere on the computer and the specified path is used to identify the location.
Example Scenario for PXE-Initiated Operating System Deployment
- New topic that provides an example scenario for how you might deploy an operating system by using PXE in your environment.
Best Practices for Collections in Configuration Manager
- Updated for the new best practice: Do not modify the built-in collections and instead, copy and then modify the pasted collection.
How to Create Queries in Configuration Manager
- Updated to clarify that a query that contains no criteria will return all devices in the All Systems collection.
How to Extend Hardware Inventory in Configuration Manager
- Updated for the information that you must create a hardware inventory class for any MIF files you want to add to inventory.
How to Configure Software Inventory in Configuration Manager
- Updated for an example of how to specify a file type that you want to inventory.
Introduction to Software Metering in Configuration Manager
- Updated to include the reference to Example Scenario for Software Metering in Configuration Manager.
How to Manage AMT-based Computers Out of Band in Configuration Manager
- Updated to clarify that the out of band management power control commands are always available for a collection, even if the collection contains resources that are not provisioned for AMT.
How to Configure Endpoint Protection in Configuration Manager
- Updated for information about using software updates automatic deployment rules to deploy definition updates for Endpoint Protection.
Frequently Asked Questions for Configuration Manager
Updated for the new entries:
What’s New in the Documentation for Configuration Manager
- Updated with a section, What's New in the Documentation Library for May 2012, which lists the topics with significant technical updates since the official publication of the documentation library in March.
Information and Support for Configuration Manager
- Updated the Search the Configuration Manager Documentation Library section to explain how to use the scoped search link, with examples and search tips. Scoped search lets you search for topics that are only within the Documentation Library for System Center 2012 Configuration Manager. For example, it excludes links from Configuration Manager 2007 and external sources.
What's New in the Configuration Manager 2007 Documentation Library for May 2012
Configuration Manager 2007 General Supported Configurations
- Updated for the information that Windows Server 2008 R2 domain functional level and forest functional level is supported with Configuration Manager 2007 SP1 and Configuration Manager 2007 SP2.
Configuration Manager 2007 SP2 Supported Configurations
- Updated for SQL Server 2012 and Windows Embedded, which now includes Thin PC, Windows Embedded POSReady 7, and Windows Embedded Standard 7 SP1.
How to Manually Publish the Default Management Point to DNS
- As a result of customer feedback, updated with a procedure for Windows Server DNS.
About Heartbeat Discovery
- As a result of customer feedback, updated for information about how to initiate a manual Heartbeat Discovery cycle.
How to Create a Query
Conflicting Records
- Updated this technical reference topic to clarify that you must have Modify Resource and Read Resource permissions on any collection that contains a conflicting record to reconcile the conflicting records that appear in the Conflicting Records node.
About Configuration Manager Client Installation Properties
- As a result of customer feedback, updated the /mp:<Computer> CCMSetup property with the tip that if the client connects to a native mode management point, typically, you must specify the FQDN for this option rather than the computer name.
How to Capture and Restore the User State
- Updated for information about how to create a USMT package and added a section to restore the user state if the operating system deployment fails.
Install Software Updates Task Sequence Step
- Updated for the information that the step cannot suppress restarts if the software update requires a restart.
How to Provision Computers for AMT
- As a result of customer feedback, updated for a third step to perform before you provision AMT-based computers out of band: Identify the SMBIOS GUID for each computer so that you have this information for when you run the Import Computer for Out of Band Management Wizard. This information remains on the Import Computer for Out of Band Management Wizard page.
- New topic that rolls up the significant technical changes since June 2011.
-- The Configuration Manager Writing Team
If you use the Import Application Wizard and see the error message dialog box in the following screenshot that says “Cannot find any application in the specified file to import”, it might be because of one of these reasons:
In the current release, there is nothing in the log files that would help to identify the cause of this error.
To determine whether the zip file that you selected to import is a Configuration Manager application export file, the zip file should contain a structure similar to the following example:
If the file does not contain a similar structure, the import will fail.
To resolve the import error problem, try the following:
Summary:
If you see the error message “Cannot find any application in the specified file to import” when you try to import an application, check that the file is not corrupt and that it is an application exported zip file.
For more information about application management in System Center 2012 Configuration Manager, see How to Manage Applications and Deployment Types or Application Management in Configuration Manager in the System Center 2012 Configuration Manager Documentation Library.
--Michael Wray
This posting is provided "AS IS" with no warranties, and confers no rights.
You can use Configuration Manager to install the Enhanced Mitigation Experience Toolkit (EMET) 3.0 and subsequent configurations for applications to increase the security of applications on your managed systems. This blog walks you through the process of deploying and configuring EMET 3.0 using Configuration Manager.
The Enhanced Mitigation Experience Toolkit (EMET) 3.0 is designed to help prevent hackers from gaining access to your system, by adding additional security to any application configured for enhanced mitigation. One of the primary benefits of EMET is in hardening legacy applications that either don’t have up-to-date security mitigations in-code, or that haven’t been patched to the latest versions. Without vendor-provided updates to these applications, or adding the additional security controls and recompiling the application, there would be no easy way to secure them from exploitation. That’s where EMET comes in.
EMET leverages a Windows shim infrastructure called the Application Compatibility Framework. Using this framework, EMET applies the specified mitigations to each application configured for enhanced mitigation in a way that adds no additional resource overhead to the monitored applications. Full details on the latest release of EMET can be found here. EMET 3.0 can be downloaded from here.
EMET 3.0 also provides out of box protection profiles that add mitigation for some common applications. These can be applied to clients with EMET installed, by running a simple configuration binary. Additionally, the XML schema used in the protection profiles is straightforward, and can be easily modified to add your applications to the list of mitigated apps, and updated configurations can of course be delivered by Configuration Manager. As with any application you plan on deploying, it’s important to test EMET against your desired applications thoroughly before deploying to production.
The first step in deploying EMET is to download the EMET 3.0 MSI. After you have the MSI, then do the following steps. In this example, I’m going to reference building an application in Configuration Manager 2012, but the same thing could be accomplished with packages, programs, and advertisements using Configuration Manager 2007.
Now that you have EMET deployed (or the deployment in progress), you will need to configure EMET for enhanced mitigation of your specified applications. Without configuring EMET, the EMET client does nothing to offer enhanced application protection. Here we’ll create a collection of clients reporting they have the EMET client installed, and we’ll target those with the configuration package.
So the goal of this blog is twofold: one, I wanted to raise everyone’s awareness of the EMET tool itself, and two, I wanted to provide a simple way you can use Configuration Manager to deploy the EMET client and to configure it. At this time, we don’t have a way to surface EMET events (which are written to the event log on clients) into Configuration Manager, but we’re always investigating ways to make our solutions better together so it’s functionality we know that you need in the future. One option for surfacing events would be using event forwarding and parsing the results into SQL, but that’s outside of the scope of this particular blog. The main point is that EMET is an awesome tool for application hardening, and Configuration Manager is an excellent way to deploy and configure EMET.
--Jason Githens
The Configuration Manager console has been greatly improved in System Center 2012 Configuration Manager, which enhances its usability. In addition to improvements in performance and layout, the console now supports a quicker way to monitor the status of distribution point site system roles.
Using this new monitoring capability, you might see that the installation of a distribution point on a computer other than the site server (known as a remote distribution point) displays an error, with the message Failed to create virtual directory. This failure often indicates that the distribution point computer must be rebooted so that the IIS installation and configuration can complete. This might not be the only reason for this error, but try the following process to resolve the problem:
The following screenshot shows an example of this Failed to create virtual directory error:
Note: There is a known issue in the current release where the error might not always clear to return the distribution point status back to a success state. We hope to address this issue in a future release.
If you double-click this message, the following dialog box provides more detailed information:
To see whether you have resolved the problem, refresh the Configuration Manager console, and look for the new messages IIS was configured successfully and Content was distributed to distribution point:
For more information about managing the content library in System Center 2012 Configuration Manager, see Content Management in Configuration Manager in the System Center 2012 Configuration Manager Documentation Library.
You might see content mismatch warnings in System Center 2012 Configuration Manager when content validation runs and determines that there is a discrepancy between the expected list of packages in WMI on the distribution point and the packages in the content library. In this scenario, the distribution point status goes into a warning state and the status message returned by the distribution point is listed in the Details pane when you view the status of the distribution point in the Monitoring workspace, Distribution Point Configuration Status node.
You can see an example of this scenario in the following screenshot where a distribution point has a Warning state and there is a status message in the Details tab in the Details pane that shows there was a failure to retrieve the package list.
Note: There is currently a known issue in the current release where the warning might not always clear to return the distribution point status back to a success state. We hope to address this issue in a future release.
To determine which package is causing this mismatch, review the smsdpmon.log file on the distribution point.
Using the CMTrace log file tool, the following snapshot shows the corresponding smsdpmon.log entry:
Notice the log entries:
CContentDefinition::LibraryPackagesWmi: The package data in WMI is not consistent to PkgLib CContentDefinition::LibraryPackagesWmi: Package CCA0000A can't be found in PkgLib
The simplest way to determine the missing package is to view the Content Status in the Monitoring workspace and search for the package ID by using the search field. After you have found the package ID, you can determine the name of the software.
If the package is not on the site, you must remove the package from WMI on the distribution point. The namespace to connect to is root\sccmdp. The class that contains the list of packages expected is SMS_PackagesInContLib. The simplest way to find the package and remove it from WMI is to run a query on the distribution point such as the following, and then delete the object that is returned.
select * from SMS_PackagesInContLib Where PackageID = 'CCB00002'
Note: Ensure that you replace the CCB00002 with your own package ID
If the package is on the site, you can update the content on the distribution point to clear the Warning state.
To update the content on the distribution point for applications:
The next time content validation occurs, the warning is cleared.
To update the content on the distribution point for packages:
The next time content validation runs, the warning is cleared.
We’re pleased to announce that we’ve just published a new set of our popular quizzes for System Center 2012 Configuration Manager. These 14 quizzes are a fun way to learn about some of the capabilities of the product and also to help you to find your way around our documentation library. Each quiz asks you ten questions and regardless of whether you answer correctly or incorrectly, provides the correct solution and links to the Configuration Manager online documentation. You can also print out your results for later reference.
For example, how well do you know the differences between Configuration Manager 2007 and System Center 2012 Configuration? Although these are documented in What’s New in Configuration Manager, take the What’s New in Configuration Manager Quiz to test your knowledge.
We’ve also increased the difficulty level on these quizzes by adding new features, which include the following:
The following quizzes are now available:
The quizzes are compatible with any computer running Windows XP, Windows Vista or Windows 7 and will download the correct version of Silverlight if it is not installed.
To run the quizzes, visit http://quizapp.cloudapp.net/default.aspx?quiz=Configmgr2012
We hope you enjoy these new quizzes and would love to hear your feedback about them and any of our other content. Contact us by emailing smsdocs@microsoft.com.
-- Rob Stack
The Documentation Library for System Center 2012 Configuration Manager and the Configuration Manager 2007 Documentation Library have been updated on the web and the latest content has Updated: April 1, 2012 at the top of the topic.
For those of you who visited us at MMS in Las Vegas last week, thank you for your feedback about the documentation, filling in our surveys, and piloting our new quizzes to test your knowledge on System Center 2012 Configuration Manager. Based on your feedback, we will incorporate a few changes to the quizzes and hope to make them available to everybody soon. When they are available, we’ll announce them on this blog.
What's New in the Documentation Library for System Center 2012 Configuration Manager, April 2012
The following information lists the topics that contain significant changes since the March 2012 update.
- Updated for the following updates and clarifications:
Determine Whether to Extend the Active Directory Schema for Configuration Manager
- Updated to clarify that Configuration Manager schema extensions can include objects and classes that are brought forward from previous versions but not used by System Center 2012 Configuration Manager. For example, this includes the class cn=MS-SMS-Server-Locator-Point, even though the server locator point is no longer used.
Planning for Sites and Hierarchies
- Updated to remove the bullet about fault tolerance being a reason to install a primary site. Instead, see the high availability options in Planning for High Availability with Configuration Manager.
- Updated to clarify that although a primary site can have more than one fallback status point, clients can be assigned to only one, which happens during client installation.
- Updated for the information that the Application Catalog web service point, like the out of band service point, must reside in the same Active Directory forest as the site server. Other site system roles can be installed in other forests.
Install Sites and Create a Hierarchy
- Updated the /TESTDBUPGRADE option in the Using Command-Line Options with Setup section to clarify that this switch is not supported on a production database.
- Updated to change the ClientUsePKICertificate (incorrect) Key Name to ClientsUsePKICertificate (correct) in the Configuration Manager Unattended Setup section.
- Updated the Modify the Site Database Configuration section to clarify that Configuration Manager does not support changing the port for SQL Server after the site is installed. Although you can change the SQL Server Service Broker (SSB) port after the site is installed by running Setup on the site server and selecting Perform site maintenance or reset this site, the SQL Server TCP port can be configured only when you install a site.
In addition, we added a new section, Configure Custom Locations for the Site Database Files. This section provides information about how use non-default file locations for your site database.
Finally, in the Modify the Site Database Configuration section we added an important callout about uninstalling database replicas before you move the site database.
- Updated to clarify that Configuration Manager does not support dynamic ports for SQL Server. Because SQL Server named instances by default use dynamic ports for connections to the database engine, when you use a named instance, you must manually configure the static port that you want to use for intrasite communication.
Planning for Migration Jobs in System Center 2012 Configuration Manager
- Updated to clarify that when a collection migrates, Configuration Manager also migrates collection settings that include maintenance windows and collection variables, but cannot migrate collection settings for AMT client provisioning.
Planning for Content Deployment During Migration to System Center 2012 Configuration Manager
- Updated the Distribution Point Upgrade section to clarify the package migration behavior during a distribution point upgrade.
Prerequisites for Client Deployment in Configuration Manager
- Updated to clarify that although most operating systems now include BITS, some operating systems, such as Windows Server 2003 R2 SP2, do not. Unlike Configuration Manager 2007, client deployment in System Center 2012 Configuration Manager does not include BITS, so if you install the client on an operating system that does not already have BITS installed, you must first install it, for example, manually or by using Group Policy.
In addition, the distribution point is added as an optional but recommend site system role for client deployment. In System Center 2012 Configuration Manager, computers try to download the client source files from a local distribution point before falling back to a management point.
Best Practices for Client Deployment in Configuration Manager
- Updated for the new best practice to install additional client languages on the site before you deploy clients on computers and mobile devices. If you install the languages after clients are deployed you must reinstall the client on computers before they can use the additional languages, and wipe and re-enroll mobile devices.
How to Assign Clients to a Site in Configuration Manager
- Updated to clarify the assignment behavior for a System Center 2012 Configuration Manager client when it is assigned to a Configuration Manager 2007 site, either by using automatic site assignment (you have overlapping boundaries) or direct site assignment (a misconfiguration).
Prerequisites for Out of Band Management in Configuration Manager
- Updated the external dependency table to include a link for the supported AMT versions that are listed in the Out of Band Management section in the Supported Configurations for Configuration Manager topic.
Updated for the new entry:
- Although the information and date in this topic has not changed this month, the links have been updated for the new System Center 2012 Configuration Manager forums, and the new TechCenter website. These links are also included in our updated automatic response when you email SMSDocs@Microsoft.com.
What's New in the Configuration Manager 2007 Documentation Library for April 2012
The following information lists the topics that contain significant changes since the February 2012 update.
- Updated to clarify the /noservice CCMSetup option and that if SMSSITECODE is not specified, this client.msi property defaults to AUTO (automatic site assignment).
Renewing or Changing the Site Server Signing Certificate
- Based on customer feedback, updated to clarify that this topic contains planning information if you will renew or change the site server signing certificate. Links are now provided for how to request the site server signing certificate and information for how to configure it in Configuration Manager.
The Documentation Library for System Center 2012 Configuration Manager has been updated on the web and the latest content has Updated: March 1, 2012 at the top of the topic. This is the official release version of this library. There are no significant updates for the Configuration Manager 2007 Documentation Library.
You will soon be able to download a local copy of the TechNet library docs for System Center 2012 Configuration Manager by running a new version of the Help File Update Wizard. When this is available, we will announce it on this blog.
As a reminder from last month: The default view for TechNet is now Lightweight, rather than Classic. If you want to return to the Classic view, click the Preferences icon in the top right of the page. Then, from the Choose View page, click Classic.
For example, you might to use Classic so that you have the Collapse All/Expand All control in the top left of the page. When you click Expand All before you search on a page, search then finds text in sections that are collapsed. The Expand All capability is not included in the Lightweight view.
What's New in the Documentation Library for System Center 2012 Configuration Manager, March 2012
Configuration Manager
- Updated to include a link to the Release Notes for System Center 2012 Configuration Manager
Introduction to Configuration Manager
- Updated with a new section for Example Scenarios for Configuration Manager that walk you through how you might use Configuration Manager to empower users by ensuring access to applications from any device, unify compliance management for devices, and simplify client management for devices.
Planning for Communications Across Forests in Configuration Manager
- Updated to clarify how clients across forests and clients in workgroups are supported by Configuration Manager.
Technical Reference for the Prerequisite Checker in Configuration Manager
- New topic that provides technical details about available prerequisite checks that Setup runs or that you can run separately to check for security rights, Configuration Manager dependencies, and system requirements.
- Updated for the required permissions when you install a primary or secondary site.
Install and Configure Site System Roles for Configuration Manager
- Updated to clarify why throttling settings for the fallback status point do not apply only when it is configured for client connections on the Internet.
Configure Database Replicas for Management Points
- Updated for corrections to the script in the Configure a Self-Signed Certificate for the Database Replica Server section.
- Updated to clarify when a Configuration Manager 2007 distribution point on a secondary site server is eligible for upgrade to System Center 2012 Configuration Manager.
- Updated to incorporate mobile device clients, roaming, and how to verify site assignment.
Best Practices for Client Deployment
- New topic with some client deployment best practice recommendations for client computers.
How to Install Clients on Mobile Devices and Enroll Them by Using Configuration Manager
- Updated to add the client settings that relate to the polling schedule and hardware inventory.
- Updated to clarify the /noservice and /mp properties.
How to Deploy Applications in Configuration Manager
- Updated to clarify that the option Require administrator approval if users request this application is unavailable when the application is deployed to a device collection. Also clarified the option Deploy automatically according to schedule whether or not a user is logged on.
Prerequisites for Application Management in Configuration Manager
- Updated with the new external dependency that if you deploy .SIS/.SISX files to a Nokia Symbian Belle mobile device that is enrolled by Configuration Manager, you must use a file format that conforms to the OS v9.x SIS file format specification.
Example Scenario for Application Management in Configuration Manager
- New topic that provides an example walkthrough of how you might create, deploy, and manage applications by using Configuration Manager.
Introduction to Hardware Inventory in Configuration Manager
- Updated to clarify and add information about using MIF files to extend hardware inventory. These topics include additional information:
Introduction to Compliance Settings in Configuration Manager
- Updated to clarify that although you cannot create general configuration items in the Configuration Manager console, mobile device configuration items are automatically configured with this configuration item type.
How to Create Windows Configuration Items in Configuration Manager
- Updated to clarify that SQL Query settings cannot use SQL commands that modify the database.
How to Import Configuration Data in Configuration Manager
- Updated to clarify the behavior of the option Create a new copy of the imported configuration baselines and configuration items.
Example Scenario for Compliance Settings in Configuration Manager
- New topic that provides an example walkthrough of how you might use compliance settings to automatically remediate a registry key setting that prevents an application from running.
- Updated with additional information about how to create automatic deployment rules and the antimalware products that Endpoint Protection can uninstall.
- Updated with new entries that include the following:
We are announcing support changes for the following releases. Please look for these changes to be reflected in the Supported Configuration pages within a few months.
System Center Configuration Manager 2007 SP2 and R3 support Microsoft SQL Server 2012 (upgrade):
System Center Configuration Manager 2007 SP2 and System Center Configuration Manager 2007 R3 now support upgrading an existing site database to Microsoft SQL Server 2012.
The reporting services point site system and client status reporting feature in System Center Configuration Manager 2007 R3 are also supported with SQL Server 2012.
To use SQL Server 2012 for the site database, you must upgrade the instance of SQL Server in use at a site from SQL Server 2008 or SQL Server 2008 R2 to SQL Server 2012. It is not supported to install a new Configuration Manager 2007 SP2 site with SQL Server 2012. It is also not supported to install Configuration Manager 2007 R3 when SQL Server 2012 is in use for the site database.
The following software updates are required to use SQL Server 2012 to host the site database:
--Harini Muralidharan