KBArticle

Download an updated version of the Configuration Manager 2007 Documentation Library which contains new material and fixes to documentation problems reported by customers since the last update was published. Refer to the “What’s New in the Documentation Library” topic in each release for a list of topics with significant updates:

========

Configuration Manager 2007 SP2 Content

The following topics in the Documentation Library contain new Configuration Manager 2007 SP2 content:

  • What's New in Configuration Manager 2007 SP2
  • Out of Band Management in Configuration Manager 2007 SP1 and Later

The following section describes what's new in the Microsoft System Center Configuration Manager 2007 Documentation Library since April 2009. The topics listed in the table are new or contain significant technical changes to Configuration Manager 2007. Topics that contain minor changes to Configuration Manager 2007 are not listed.

Planning and Deploying the Server Infrastructure for Configuration Manager 2007

Certificate Requirements for Native Mode: Updated to reflect that SHA-1 is the only supported hash algorithm for native mode certificates.

Overview of Internet-Based Client Management: Updated to include task sequences as one of the features that are not supported when clients are managed on the Internet.

Out of Band Management and Double-Byte Character Sets: New topic that lists the considerations and limitations for using double-byte character sets and extended ASCII characters when you use the out of band management feature in Configuration Manager 2007 SP1 and later.

Planning and Deploying Clients for Configuration Manager 2007

How to Create a Fallback Status Point in Configuration Manager: Updated with clarifications such as the security best practices for production networks, a reference to installing IIS for Windows Server 2008, a list of log files to check for successful installation, and how to install the fallback status on a new server.

How to Enable or Disable Certificate Revocation Checking (CRL) on Clients: Updated to clarify that the client functions that run as a result of task sequence actions always check the certificate revocation list (CRL) in a native mode site, even after following the procedures to disable CRL checking on clients. This limitation does not apply to Configuration Manager 2007 SP2.

Configuration Manager 2007 Features

Prerequisites for Out of Band Management: Updated to clarify changes that are relevant to Configuration Manager 2007 SP1 and later, including the following:

  • Links to the supported configurations documentation for AMT version information.
  • A recommendation to disable AMT on computers that cannot be supported by Configuration Manager, such as workgroup computers and computers with a disjointed namespace.
  • Information about how the security right of Modify Collection Setting is required to configure in-band provisioning, to remove provisioning information, and to update AMT management controllers.

How to Provision Computers for AMT: Updated with a revised query for the collection that is used for in-band provisioning so that membership contains computers with an AMT status of Detected or Not Provisioned if they are also approved and not blocked.

AMT Provisioning Issues for Out of Band Management: Updated with a reference to the Intel vPro Expert Center: Microsoft vPro Manageability Web site (http://go.microsoft.com/fwlink/?LinkId=132001), which should be checked for issues that are specific to AMT. (Such issues include behavior differences between firmware versions, how to install and configure the Intel translator, and how to configure AMT). Additionally, new troubleshooting information in this topic includes the following scenarios:

  • Configuration Manager Fails to Provision Computers with a Disjointed Namespace
  • Computers Fail to Provision Out of Band Because the Computer Has Been Discovered by Configuration Manager

Out of Band Management Console Issues: Updated with new troubleshooting information that includes the following scenarios:

  • The Out of Band Management Console Running on Windows XP SP2 or Windows Server 2003 SP1 Fails to Connect to AMT-Based Computers
  • The Out of Band Management Console Fails to Connect to AMT-Based Computers That Were Successfully Provisioned Out of Band and Do Not Have an Operating System Installed
  • IDE Redirection Fails When the Out of Band Management Console Runs as a Low-Rights User
  • Unexpected Behavior with Blocked Configuration Manager Clients
  • Slow Responses to AMT-Based Computers Using IPv6

Troubleshooting General Operating System Deployment Issues: Updated with the new entry "Security Registry Keys for Native Mode Remain in Captured Images”, which includes the prescribed additional steps to take if you capture an image from a native mode client.

Troubleshooting Task Sequence Initiated Operating System Deployment Issues: Updated with the new entry "Task Sequence Always Performs Certificate Revocation Checking in Native Mode Site", which explains how to identify a known issue with task sequences always checking the certificate revocation list (CRL) in a native mode site, even after following the procedures to disable CRL checking on clients.

Prerequisites for SQL Reporting Services: Updated with information about creating SQL Reporting Services report models by using SQL Server 2008.

Security and Privacy for Configuration Manager 2007

Out of Band Management Security Best Practices and Privacy Information

Updated for revisions that are applicable to Configuration Manager 2007 SP1 and later, including the following security best practices:

  • Request customized firmware before purchasing AMT-based computers.
  • Manually revoke certificates and delete Active Directory accounts for AMT-based computers that are blocked by a Configuration Manager 2007 SP1 site.
  • Use a dedicated certificate template for provisioning AMT-based computers.
  • Use a dedicated organizational unit (OU) to publish AMT-based computers.
  • Use Group Policy to restrict user rights for the AMT Accounts.
  • Use a dedicated collection for in-band provisioning.
  • Retrieve and store image files securely when booting from alternative media to use the IDE redirection function.
  • Minimize the number of AMT Provisioning and Discovery Accounts.

 

Maintaining Configuration Manager 2007

How to Back Up a Secondary Site: Updated to remove the procedure to back up a secondary site because you cannot restore this backup by using the Site Repair Wizard. Instead, you must reinstall the secondary site. This information was also added to About the Site Repair Wizard.

For all the details and to download the update see http://www.microsoft.com/downloads/details.aspx?FamilyID=71816b0f-de06-40e0-bce7-ad4b1e4377bb&displaylang=en

Enjoy!

J.C. Hornbeck | Manageability Knowledge Engineer