We are currently planning the next set of IT Pro Camps and are looking for your input.
What cities would you like to see the camps run in. We’ve posted the poll on our Facebook Page.
Get your voice heard and vote now!
The WIndows 7 Power Users Guide, by Microsoft MVP Mike Halsey, shows you to how to get the very best out of Windows 7. It’s suitable for users of every ability, from complete novices to tech pros, and includes step-by-step guides, illustrations and diagrams on every page and quick tips throughout. Download your copy here.
A thronging SharePoint 2013 site can generate a lot of new content. The improved social features in SharePoint 2013 can generate dramatic amounts of new, frequently changing content in a large organisation. When you couple this with the ubiquity of this content in SharePoint, this could cause an awful lot more database access and page slowdown than with previous versions.
To the rescue steps forward the Distributed Cache service. Based upon the AppFabric Cache Service, this is a requirement for SharePoint that is installed by the pre-requisite installer as part of your farm setup.
It’s not just social data that benefits from being cached. The Distributed Cache service also caches Newsfeeds, Microblogging, Conversations, Security Trimming, OneNote client access and more! In fact, it even takes away the necessity of farms that use Claims Authentication to implement session affinity load balancing.
First of all, download and read the Distributed Cache planning overview from Microsoft. When you install AppFabric as part of the SharePoint 2013 pre-requisites, it will automatically allocate 10% of the current available RAM to the cache. If you manually install the pre-requisites yourself, make sure you use the /gac switch when you install AppFabric. When you are building your farm, if you find you have already installed AppFabric before you run the pre-requisites installer, it is strongly recommended that you uninstall AppFabric first.
Servers running the Distributed Cache service are referred to as Cache Hosts. Every SharePoint farm needs at least one server running this service. By default, as you build your farm, the Distributed Cache service gets started on each server you join. When you have more than one instance of this service running in a farm, you have a Cache Cluster. In practice, when you have built your farm, you then proceed to switch off the Distributed Cache on any servers that you decide shouldn’t run that service, using the PowerShell cmdlets below.
Each item of data stored by the Distributed Cache is stored once only, and exists only on one server at a time. It’s worth noting that although AppFabric supports high availability, the SharePoint implementation of the Distributed Cache does not. If one of your cache servers dies, the cached items will be lost. In practice this means that performance will be reduced for that data until another Cache Host in the Cluster picks up that data.
Do not administer the Distributed Cache through the Service window in Administrative Tools under Control Panel, or through the AppFabric for Windows Server application on the Start menu. This could get the Distributed Cache service into a state where you might need to rebuild your farm!
There are two modes in which you can run the Distributed Cache service. You can run it as a dedicated service, with no other SharePoint services running on that server. Alternatively, you can run it collocated with other SharePoint services on the same server. For large scale production use, the recommendation is to have dedicated servers hosting your cache.
Microsoft recommends you avoid starting a Distributed Cache service instance on servers that are already running SQL Server, Search, Excel Services or Project Services.
If you plan to have more than one Cache Host, the first server added should be configured to allow inbound ICMPv4 traffic. If you are using Windows Firewall, you can enable this in PowerShell with the Set-NetFirewallRule cmdlet. The name of the rule is “File and Printer SharePoint (Echo request – ICMPv4-In)”. Notice also that it doesn’t take a Boolean ($true), but rather the string “True” as an argument to the -Enabled parameter. Don’t forget to Import-Module NetSecurity first, though!
Once the Distributed Cache service instance is started on any server in your farm, it will become part of your Cache Cluster.
The right way to start the service is with the Add-SPDistributedCacheServiceInstance PowerShell cmdlet. You run this on a SharePoint server you would like to add to your Cache Cluster, which makes the current server a Cache Host. Simply stopping the service instance would cause the contents of the cache on that server to go missing, degrading performance.
If you need to remove a server from the Cache Cluster, the safe way to do this is first to use Stop-SPDistributedCacheServiceInstance with the –Graceful parameter. This transfers any cached data to another server, and can therefore take some time to perform. Afterwards you can safely run Remove-SPDistributedCacheServiceInstance to make the current server a non-Cache Host.
If you get a Health Analyzer Rule violation in Central Administration saying that “The Distributed Cache host may cause cache reliability problems” it is likely that a Distributed Cache service instance has been stopped on a server without removing the server from the Cache Cluster. To resolve this, you can either start the service instance again using the Add-SPDistributedCacheServiceInstance cmdlet, or remove it with Remove-SPDistributedCacheServiceInstance as above.
Getting the memory allocation right is critical to SharePoint performance. We change the amount of memory allocated per server to get this right. If you later change the amount of installed RAM, the Distributed Cache service does not update its memory allocation automatically.
In a small farm with fewer than 10,000 users, Microsoft recommends allocating 1GB of RAM for the Distributed Cache. This can be either a dedicated server or collocated with other SharePoint services, such as the Web Application Service. Beyond this the recommendation is dedicated servers for the cache. A medium farm with fewer than 100,000 users should look to allocated around 2.5GB for the cache, and a large farm with up to 500,000 users should set aside around 12GB of RAM allocated for the cache.
The Distributed Cache service actually uses twice the allocated amount of RAM, using the extra for housekeeping.
It is a very strong recommendation that you should not allocate more than 16GB to any one Cache Host. This may cause the Cache Service to timeout during housekeeping operations and become unresponsive for several seconds at a time. If you need a cache size of greater than 16GB, it is better to use multiple servers in a Cache Cluster. You can have up to a maximum of 16 hosts in a Cache Cluster.
For the large farm example, we would use the Update-SPDistributedCacheSize cmdlet with the –CacheSizeInMB parameter specifying 12 as the amount of RAM to allocate. If you need to find out how much RAM is currently allocated, you can issue the Use-CacheCluster and Get-AFCacheHostConfiguration cmdlets.
When AppFabric is installed as part of the SharePoint pre-requisites, it is configured to run under the credentials of the server farm. This is far from ideal, and will eventually trigger a violation of a Health Analyzer Rule. To avoid this, you can change the account used by the Distributed Cache service. In the example below, we’re retrieving a managed account that has already been registered with our farm, called “CONTOSO\my_managed_account” with the Get-SPManagedAccount cmdlet. We then set that as the ManagedAccount property of the ProcessIdentity object of the Distributed Cache (“AppFabricCachingService”) SPService.
It is possible that after invoking the .Deploy() line in the above PowerShell script you will encounter an error such as “TCP port 22234 is already in use.”
Further attempts to work with the cache might also generate errors such as “Specified host is not present in cluster”:
You may even receive error messages saying “cacheHostInfo is null”.
Not to worry! Microsoft has an article on how to repair a broken Cache Host. First you need to get a reference to the broken Distributed Cache service instance, for example by filtering the results from Get-SPServiceInstance passing in the name of the affected host as the Server parameter, and then invoking Delete() on the service instance. Finally, you can restart the service instance with Add-SPDistributedCacheServiceInstance as below:
The Distributed Cache service is an enabler for many of the new social features in SharePoint 2013. We couldn’t have the rapid, almost real-time conversations in SharePoint’s feeds and microblogging features without it. Although it is tricky to configure, the Distributed Cache service is something you need to plan for in your SharePoint 2013 farms, and is best implemented with dedicated servers.
This post is brought to you by Ed Baker, Windows Server Instructor at Firebrand Training
Prior to Windows Server 2008, to allow different groups of users to have different password requirements or lockout policies, the user would have to implement multiple domains or password filters. Both of which were complex and costly.
In the 2008 flavour of the Operating System, Microsoft provided a work-around to this. This was also complex and convoluted, to say the least. It was almost as if it had been grudgingly allowed, but was so difficult to implement that most of us wouldn’t bother trying.
The R2 implementation added some ease-of-use functionality, but with Server 2012 Microsoft has finally embraced the concept as a day-to-day admin requirement.
Well, for a large organisation with many levels of user and security, it is often necessary to set different requirements for the password complexity and for the lockout policy. For example, the office admin assistant may not require the same levels as the research and development department.
The solution in Windows Server 2012 is implemented entirely through the Active Directory Administrative Center (ADAC). ADAC was available in Server 2008 R2 but was generally ignored by ‘true admins’. It is essentially a GUI front-end to PowerShell Cmdlets - allowing creation, editing and deletion of any Active Directory object in the ntds.dit database.
ADAC is back, and it’s on a mission. The tool is now the only place to carry-out several important administrative functions (apart from PowerShell version 3.0, where you can now do just about everything to do with Server management and administration).
To implement Fine-Grained Passwords you have to deploy a Windows Server 2012 Domain Controller, with the domain functional level set at Windows Server 2008 or above. You can now accomplish this task in ADAC (provided you ‘run as administrator’).
To be able to develop your skills in this area, it is also best practice to create a number of test groups and users, so that any changes you make do not impact on your day-to-day work. It’s better to test this on a sandbox set up, but if one is not available, having test accounts, groups and OUs will prevent any disasters.
In the scenario below, I have set-up FGP_User1, FGP_User2, FGP_GP1, FGP_GP2 - you can name yours as you choose. This can be done in AD Users and Computers, in ADAC or in PowerShell 3.0.
In the application, select Tools and ADAC. In the ADAC window select Tree View (easier to see what’s important), then select the domain you want to work with. Expand the tree until you can select the System container, expand that and select Password Settings Container.
Right-click and select: New à Password Settings.
The Create Password Settings window opens. There are several mandatory selections, most of which are pre-selected - you have to enter name and precedence. (Note: the lower the precedence number, the higher its priority!)
Here you can amend all the settings for this password object (Length, Lockout etc. - see image below).
Best practice is to enter a description of the policy, then click Add in the Directly Applies To area. Select your previously created group from the AD, and make sure that your policy has all the correct settings which relate to the password and lockout.
In this example I have added my User to a group with two FGP policies applied with different precedence settings
To determine which the valid password setting object is, select the user concerned, and right-click:
Choose View resultant password settings... This opens the policy that is active. For those of us who lived with the old way – this is a huge leap forward in usability.
Editing a policy is as simple as expanding the AD tree and selecting the correct policy within the Password Settings container. Right-click Properties; or double-click opens the policy for editing.
To delete a policy (not forgetting that by default AD objects are protected against accidental deletion) remove the check from the Protect From Accidental Deletion box. Save the policy, then right-click it and select Delete.
Unlike Users, it is not possible to enable or disable a policy. If it exists, it is active for any object that it is directly applied to. Don’t forget you can apply Policies to users or groups, as can be seen in the following image. This also allows you to see what will be affected when you delete the policy.
This is set to be one of the Windows Server 2012 ‘Big Five’ areas of functionality. The ability to add and remove Fine-Grained Passwords at will - with little difficulty or deep-down AD knowledge - is a huge boost to those who have asked for the feature year-on-year.
To refresh your memory, when this feature was first implemented in Windows Server 2008, it was necessary to use ADSIEDIT to create the new Password Settings Object AND all the attributes of that object (in this case Length of Password, Lockout details, etc.). It was also necessary to set the ‘applies to’ objects in ADSIEDIT. Not a friendly tool at the best of times.
Microsoft has implemented a much-wanted feature and developed a tool that now has much more usability than its first few variants.
And remember, ALL of these steps can be carried out with PowerShell 3.0, with relative ease.
By Vicky Lea
When it comes to purchasing licenses there are a number of different channels that you can purchase through. These are FPP (Full Packaged Product), OEM (Original Equipment Manufacturer) and Volume Licensing. So what are the key differences between the channels, and what impact do they have on your licensing rights? Because it is the usage rights you receive with the software that mainly distinguish between the channels.
Let us start off by looking at FPP licenses.
FPP licenses are purchased from retail and provide a quick and convenient way for customers requiring less than five licenses to purchase their software. Licenses sold through FPP are either full licenses or upgrade licenses. A full license does not require any pre-existing versions of the software to be on the machine it is installed on, whereas an upgrade license allow you to cost effectively upgrade to a newer version of software that you are already licensed for.
When you purchase FPP software you are entering into an agreement with Microsoft stating that you will adhere to the usage rights associated with the software. These rights include detail such as downgrade rights, which you generally do not get with FPP software, how many devices you are allowed to install the software on, whether you have the right to move the software to another computer (transfer rights) or not and nowadays whether you are allowed to use the software for commercial use or not.
The usage rights for FPP software are laid out in the Microsoft Software License Terms document, which can be downloaded from this site: http://www.microsoft.com/en-us/legal/IntellectualProperty/UseTerms/Default.aspx.
Microsoft does also provide limited support services for software that has been licensed via the FPP channel, details of which can be found here: http://support.microsoft.com/common/international.aspx.
OEM software is software that comes pre-installed when you purchase a new computer. So for instance when you purchase a new PC it might come with an OEM licensed copy of Windows 8 Pro pre-installed on it. One of the key benefits of this is that you then know that the software has been installed correctly and is working properly and if there are any issues it is the responsibility of the computer manufacturer or installer to provide support rather than Microsoft.
Again, OEM software usage is ruled by the Microsoft Software License Terms document. So for instance it will detail that with Windows 8 Pro licensed via OEM you do get limited downgrade rights in that you can downgrade as far back as two earlier versions if you so desire, either to Windows 7 Professional or Windows Vista Business. But that there are no transfer rights, so the software may not be removed from the PC it was originally installed on and installed on another, however, you are allowed to transfer the PC complete with the OEM licensed software to a new user if required.
The third channel you may purchase software through is Volume Licensing. There are a number of volume licensing agreements you can purchase through and these agreements have been tailored to suit the differing requirements of all sizes and types of organisation. There are agreements aimed at the small to medium sized business in the form of Open and Open Value, and agreements aimed at medium to large organisations in the form of the Select Plus and Enterprise Agreements.
Usage of software purchased through these agreements is controlled by a number of factors; the agreement itself may contain some usage rights specific to purchasing through that agreement, but the usage rights per product can be found in the Product List document and the Product Use Rights (PUR) document. You can download the Product List and PUR from here: http://www.microsoftvolumelicensing.com.
For example, with an Enterprise Agreement the transfer rights for software are detailed in the Enterprise Agreement document itself, stating that licenses may only be transferred once they have been fully paid for and that they can only be transferred to affiliates or a third party as part of a divestiture or merger. So it is always important to check the agreement documents as they will detail rights that are specific to the agreement itself, but what about the more general terms?
Well this is where documents such as the Product List and PUR come into play. The Product List provides monthly information about Microsoft Software and Online Services licensed through the volume licensing agreements, and details software availability through the different agreements, as well as Software Assurance migration paths, step-up licenses and available promotions. The PUR goes into detail on the general volume licensing terms for each licensing model plus any product-specific use rights. All these documents together can be used to determine the license terms for products purchased through specific agreements.
For example, when you purchase Windows 8 Pro through Volume Licensing the license is an upgrade license only. Meaning that the device must already be licensed for a qualifying operating system before installation of the Windows Upgrade. The Product List contains all the detail behind this including a list of the qualifying operating systems per agreement. Whereas the PUR goes into more detail on where Windows 8 Pro may be installed and who can access the software either locally or remotely.
Other important product rights you receive when purchasing your licenses through volume licensing are re-imaging and full downgrade rights. Downgrade rights again are detailed in the PUR, and you may find detail on re-imaging rights in the specific agreement documents. However, there is a very useful re-imaging brief that goes into all the detail you may need and you can download that from here: http://download.microsoft.com/download/3/D/4/3D42BDC2-6725-4B29-B75A-A5B04179958B/Reimaging.pdf.
So to wrap up, we have seen that there are a number of different ways for you to purchase your licenses, and the availability of software does vary through those channels, but the main impact on the licenses of buying through FPP, OEM or Volume Licensing is the usage rights you gain with the software.
This is one scenario and licensing situation. Each customer scenario can vary by deployment, usage, product version, and product use rights. Always check your contract, and the current Products Use Rights document to confirm how your environment should be fully licensed. The blogging team does not warrant that this scenario will be the right licensing solution for other similar cases.
On 1 November the Springboard Series Tour came to the UK – if you were there we hope you had an amazing day. For those of you that couldn’t make it, we filmed it all for you. As you missed out on the freebies from the day, we’re now giving you the chance to win a copy of Microsoft Office Professional Plus 2010. Marketing gal, Sam Taylor, has devised three brain-busting questions for you – we’ll enter all the correct answers into a prize draw. Don’t forget to check out the terms and conditions first. Yes, we know – yawn – but it has to be done. To enter your send your answers along with your email address to Sam.
Terms and conditions
1. ELIGIBILITY: This competition is open to UK residents and who are 18 years of age or older at the time of entry. Employees of Microsoft or its affiliates, subsidiaries, advertising or promotion agencies are not eligible, nor are members of these employees’ families (defined as parents, children, siblings, spouse and life partners).
2. TO ENTER: To enter email your answers to firstname.lastname@example.org. Entries will not be returned. A completed entry includes answers to all three questions. The winner will be drawn at random from the correct answers received. Only one entry per person will be accepted. Incomplete, damaged, defaced or illegible entries may be deemed invalid at the sole discretion of Microsoft. Entry constitutes full and unconditional acceptance of these Terms and Conditions. Microsoft reserves the right to disqualify anyone in breach of these Terms and Conditions.
3. TIMING: This competition runs from 9am GMT 12 November The closing date of this competition is 5pm GMT 19 November 2010. Completed entries must reach Microsoft no later than the closing date.
4. USE OF DATA: Personal data which you provide when you enter this competition will not be used for future Microsoft UK marketing activity.
5. SELECTION OF WINNER: The winner will be picked at random and notified by email on 19th November 2010.
6. PRIZE: The prize is one copy of the Microsoft Office Professional Plus 2010 with an estimated retail price of £339.99. Prize as stated and non- transferable. No cash or other alternatives available. Microsoft reserves the right to substitute a prize of equal or greater value. The prize will be sent no later than 22nd November 2010. Prize may be considered a taxable benefit and the winner will be directly responsible for accounting for any tax liability arising on their prize.
7. WINNERS LIST: The winner consents to their surname being made publicly available. The winner’s surname will be available for a period of 3 weeks after the closing date by emailing email@example.com
8. OTHER: No correspondence will be entered into regarding either this competition or these Terms and Conditions. In the unlikely event of a dispute, Microsoft’s decision shall be final. Microsoft reserves the right to amend, modify, cancel or withdraw this competition at any time without notice.
9. Microsoft cannot guarantee the performance of any third party and shall not be liable for any act or default by a third party. Participants in this promotion agree that Microsoft will have no liability whatsoever for any injuries, losses, costs, damage or disappointment of any kind resulting in whole or in part, directly or indirectly from acceptance, misuse or use of a prize, or from participation in this promotion. Nothing in this clause shall limit Microsoft’s liability in respect of death or personal injury arising out of its own negligence or arising out of fraud.
Promoter: Microsoft Limited, Microsoft Campus, Thames Valley Park, Reading, RG6 1WG, England
Download the Microsoft IE9 beta here
And here it is folks the new Internet Explorer 9 Beta has just landed and everyone can download and go play with it as you wish. I’ve done quite a bit of that for you with NINE 1 minute tours of some of IE9’s new features. Features like tab pinning, OneBox, Notifications and Privacy all covered in under a minute each. If you’re an IT Pro though you’re going to want more details about things like IEAK (!!) (Internet Explorer Administration Kit) how to manage IE 9 through group policy and lots more lovely stuff. You might want to watch my one minute videos on Internet Explorer 9 Beta.
Quick and Clean
So what can I tell you about IE9 from the IT Pro's point of view. The first thing you notice is that it’s fast, the 2nd that it’s clean. It’s fast in every way I’ve used it, it’s fast at shopping on Amazon, it’s fast at Hotmail, it’s fast at Google reader, it’s fast at administering my blog on Wordpress, it’s fast at SharePoint stuff, it’s fast at Outlook Web Access, It’s fast administering Windows Intune (which uses Silverlight so plugins are fast) and uploading 9 videos to YouTube means I can tell you it’s fast with flash. Fast, Fast, Fast.
It’s also damn pretty to look at, that stripped down UI which melts into the background means I can concentrate on my SharePoint site or on my web site.
OneBox is like a command line for the web. I’ve actually found the OneBox to be a huge improvement as an IT Pro with our penchant for command lines because it brings everything together and I can type faster than I can point to things with a mouse! I want to go to a Favorite called “Dashboard” and I just type D-A-S-H-Shift+Enter in OneBox and it’s done. Visual search is a stellar feature which builds on the instant searching already built into OneBox and all those existing search providers work with OneBox too. A point to note on security here.
A point to note on security here, any kind of instant searching of the web includes a two way dialogue with the search provider. Be that in the web page itself or in a search box in a brower. We’ve taken a stand for user rights with IE9 and we make it so that that functionality has to be initially enabled and you can disable it at any time. Not all browsers do this, it’s important.
The back and forward buttons, the mainstay of navigation in a browser hold some magic sauce too. When you pin a tab – oh yeah you can drag tabs to your task bar to pin them! – it turns the website into an application and the back and forward buttons follow the websites colour scheme. It’s a small thing but it makes an amazing difference changing from the browser centric approach of other browsers to this web-centric one.
The web just works
It’s kind of obvious for a web browser but the key thing is that it’s about the web. Immediately in IE9 you see that the browser melts into the background but it does that in more than just a visual way. IE9 is very standards compliant and interoperable really taking advantage of HTML5 standards and making them fly, our most standards compliant browser yet.
Ok lets stop.
Usually when we (Microsoft) say that people think we mean we took a spec and built on it to make it better, not in this case, we took the HTML5 spec (an area we’re leading the W3C with) and made it the best it could be by extending into the power of the PC using the he 90% of the PC that most browsers don’t. You’ll have seen the fish.
But what if you don’t have a mega whizzy PC? Well your devs still get the opportunity to code in a ubiquitous, reusable way. Code once, run everywhere.
We’ve built on the solid safety foundation that came to fruition with IE8 and in IE9 it seems to get even more “comfortable” which I guess is what you get from 2nd generation security. From the viewpoint of the IT Pro though this level of security is Phenomenal. IE9 Includes technology to block the single biggest hole in your corporate armour – your users downloading dodgy stuff. I might not be talking this up enough.
IE9 users reputation management and SmartScreen technology to instantly, seamlessly respond to new threats. That means that you don’t have to wait whilst some AV lab dudes cook up antigen. That reduces the response time and that reduces your attack surface lots!
Management is something that gets us IT Pros a bit gusshy, we love to manage stuff and know what’s going on. IE9 includes some amazingly powerful tools out of the box. NO other browser has this level of managent. I don’t see any other browser that lets you deploy this easily either.
Take this scenario:
Your intranet site is crawling along, your users are complaining, you’ve got a headache, the phone won’t stop…you need to work out what’s going on.
IE9 includes “Developer” tools which are perfect for you to use (just hit F12). The tools now include Network tracing, so you can look at your intranet site (or any site) and see what’s causing the performance bottleneck. Ahh yes it’s that massive JPG that Bob the MD just uploaded to the company home page to announce his new pet Chihuahua!
The developer tools give you all manner of tools to fully understand what’s going on and to troubleshoot issues your users are having with the sites their visiting.
You also get everything you know and trust for managing IE9 – or at least you will do when we reach full release – so you’ll get over 1500 Group policy settings to control all aspects of the users experience (including New in IE9 control over Add-ons!), you’ll get the IEAK to help streamline and manage your Internet Explorer deployment. WSUS can manage IE9, Windows Intune will be able to and SCCM will have your back too. Slipstream installation means you can install IE9 into your existing deployment packages with real ease.
And do you know when anyone else is going to release a patch for their browser? We’ll do it on patch Tuesday thanks very much!
The reliability of having patches on the same day every month is just one thing, you need to know that the browsers not going to crash every five minutes and cause your users pain. It’s not. If one tab crashes the whole house of cards won’t come crashing down. IE9 has automatic hang and crash recovery – your user don’t even have to do anything to take advantage of this stuff!
Tab crash recovery was introduced with IE8 but with IE9 it’s extended to tab hang recovery – so the effects of a particular tab hanging, because of poor java script for example, are kept away from the rest of the experience. Take that infinite loop!
How you can be an IE9 hero
Wouldn’t it be cool if every PC you deployed had a customized icon on the task bar for your company Intranet. Wouldn’t the boss love that? Simple. Take 3 lines of HTML code (+1 for each jump list entry), add it to the header of your web site and save. Then drag the tab to the task bar. Check out this video for how to do just that. I’ll post more on this when some of the dev dudes posts become live.
Do that and you get a pretty darn custom looking browser for you Intranet site. Try it now with Gorillaz website, they’ve already made the code changes.
What’s more this functionality can be enhanced with some java script to include notification icons (just like Outlook and messenger) – perhaps number of new articles on your company intranet today?
What you should do now
Go get the IE9 Beta and try it out. If you need to test code side by side with IE8 for some reason then get the latest platform preview from the IE Test Drive Site or check out http://beautyoftheweb.com for more.
Neil Hodgkinson has provided a step by step guide to getting started with System Center 2012 Configuration Manager. This is part of a 15 part series which will cover the installation, setup, configuration and usage of Microsoft System Center 2012 Configuration Manager. To find the additional articles in the series please take a look at Neil’s site.
http://SCCM2012 IIS Default for group policy is not needed if you are using SCCM push, read more about it here http://technet.microsoft.com/en-us/library/bb632380.aspx
Remote Differential Compression for site server and branch distribution point computers
Site servers and branch distribution points require Remote Differential Compression (RDC) to generate package signatures and perform signature comparison. By default, RDC is not installed on Windows Server 2008 or Windows Server 2008 R2 and must be enabled manually.
Use the following procedure to enable Remote Differential Compression for Windows Server 2008 and Windows Server 2008 R2 and now 2012
Delegate Permission to the System Management Container
Open Active Directory Users and Computers. Click on view, select Advanced Features. Select the System Management Container, and right click it, choose All Tasks and Delegate Control.
When the Welcome to Delegation of Control Wizard appears click next, then click Add. Click on Object Types, select Computers. Type in your SCCM server name and click on Check Names, it should resolve.
Click Ok, then Next. Choose Create a Custom Task to Delegate, click next, make sure this folder, existing objects in this folder and creation of new objects in this folder is selected.
Click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in FULL CONTROL, and click next then Finish.
Extent the AD schema for sccm
Perform the below on your Active Directory server, simply browse the network to your AD Server server \\adminserver\c$ and copy the contents of SC2012_SP1_RTM_SCCM_SCEP and find \SMSSetup\Bin\x64\Extadsch.exe, right click and choose Run As Administrator.
Open SQL ports
Create an OU for your SCCM server and allow port 1433 and 4022 for SQL replication with group policy – Select Computer Configuration, Policies, Windows Settings, Windows Firewall with Advanced Security and select Inbound Rules, choose New and follow the wizard for opening up TCP port 1433, repeat for port 4022.
If using group policy refer to step 2 below Image
To open a port in the Windows firewall for TCP access
To open access to SQL Server when using dynamic ports
Install .net frame work and IIS WCF activation and BITS
In Server Manager select Features, Add Features, Select .NET Framework 3.5, also select WCF Activation and when prompted answer Add Required Role Services click next and next again. (Make sure the BIT and IIS service is running/restart after install).
SQL Server 2012
Install SQL on D:\Program Files... and when running setup.exe right click and choose Run as Administrator, Select all options on install, click on the account name and enter the admin username and password.
Click next and finish install (takes a long time).Make sure SCCM computer is a member of the built-in administrators.
Check TCPIP properties for listening IP address in SQL Server Configuration Manager Start up the SQL Server Configuration Manager, and expand SQL Server Network Configuration on the left pane, highlight Protocols for <Instancename> and double click on TCPIP in the right pane
Click on IP addresses
Change IP2 to enabled yes
Leave default IP
Change IP4 to enabled yes
SQL Memory Configuration
The logon account for the SQL Server service cannot be a local user account, NT SERVICE\<sql service name> or LOCAL SERVICE. You must configure the SQL Server service to use a valid domain account, NETWORK SERVICE, or LOCAL SYSTEM. SEE BELOW PIC
Installation of System Center 2012 Configuration Manager with SP1
Here is the download link for the Assessment and deployment kit http://www.microsoft.com/en-us/download/details.aspx?id=30652 this is one of the prerequisites.
Also restart your server
When the wizard appears, click on Install, click next and then select Install a Configuration Manager Primary Site
Click next, and then create a folder on your D/E Drive called rc_updates
Click next on your Language of choice and enter your site installation settings install on D/E not C:
Install as the first site in a new hierarchy
Click next, leave the FQDN as default
Select Configure the Communication method on each site system role and review all setting.
Client Computer Communication Settings (HTTP or HTTPS). Select Configure the communication method on each site system role.
Any warnings can be fixed after the install
Make a brew this part can take a while!
After the install has finished restart the server.
The next step in the guide we will be going through the different discovery methods and creating boundary Groups.
Head on over to http://www.technodge.co.uk for more Deployment guides.
Neil Hodgkinson has been working in the IT industry for 14 years with 9 of those working in the education sector, I have worked with many versions of Windows Server, Exchange and Group Policy . Over the last few years I have been specializing in Deployment methods starting with Microsoft's deployment tool kit and the migrating over to Microsoft System Center, the Holy grail of servers- for Endpoint Protection, Deployment, App Control for windows 8 and the ability to manage smart phones.
I also do a lot of free consultancy for all the local primary schools on the best way to deploy and control their windows environment Via system center and Group policy's.
IT is a passion and I feel you have to be passionate about the IT industry for things to keep things moving forward.
Guest Post by Julie Caulfield who works for Veeam who won the 2012 Partner of the Year for Management and Virtualisation.
I was lucky enough to attend Microsoft Tech-Ed this year in Amsterdam and was very impressed with the new functionality Microsoft has managed to cram into its new release of Server 2012. It has massive scalability advancements such as with the new VHDX file format, lots of new hardware interaction and plenty of DR focused features to keep your private\public cloud floating. At the same time I was pleased to see that they hadn’t forgotten about the SMB IT shops that run a small number of servers but are also looking to benefit from virtualisation. Options like shared nothing live migrations and the use of CSV file servers to host virtual disks for the Hyper-V hosts themselves will allow SMBs to fully embrace virtualisation without massive hardware costs.
It is the use of virtualisation in the SMB space that makes me stop and take note because it is critical to make tools available in this market to ensure that virtualisation adoption is readily available, no matter what size your organisation may be. This new functionality from Microsoft fits right in with the Veeam Essentials bundle which has recently been simplified to offer enterprise class data protection, monitoring and reporting for use on up to 3 physical hosts (6 CPU sockets) purchased in 2 socket bundles. With Windows Server 2012 offering so many great virtualisation benefits a SMB could now just as easily run an enterprise class infrastructure with high-speed backup and replication with very minimal investment.
Windows Server 2012 coupled with Veeam Essentials will help to deliver the essential toolkit of virtualisation - a cost-effective solution that is easy to use and intuitive, allowing IT to build a functioning virtual data centre as well as a spontaneous data protection solution on a shoestring budget. The Veeam on-host proxy gives the added benefit of using the Hyper-V hosts as backup servers pushing Veeam data moving services into the Hyper-V kernel itself reducing the infrastructure footprint.
Ease of use and affordability screams out – make things simple and affordable – Veeams agentless technology means no need to install anything into the virtual servers themselves. Veeam Essentials leverages storage based snapshots and integrates with VSS to give the IT manager transaction consistent backups directly across the SAN fabric to any location on their network as a backup repository. The inline block level de-duplication and compression of VHD files minimises the size of the resulting backup files and in turn minimises storage usage on the repository.
The graphical user interface is easy to use; additionally all functionality is accessible via PowerShell scripts for automation of tasks. Restoring couldn’t be easier or quicker with the ‘Instant restore’ feature allowing you to run a virtual machine directly from a backup file bringing restores down to a few minutes and then running a full restore behind the scenes.
But the ultimate cherry on the cake or should I say the final tool in the SMB toolkit comes with the Veeams bundle including a monitoring and reporting solution for your Hyper-V deployment giving you real-time alerting on CPU, memory, network and disk performance which is hardware agnostic. The monitoring and reporting dashboards allow you to identify bottlenecks and trends in your virtual environment so you can resolve them quickly and before they cause service outages.
Try it for Free
Whether you’re an experienced IT professional or new to the field, we have the training and certification path that will help lead you to success. Our classes are taught by Microsoft Certified Trainers, so you can be confident that the lesson material is accurate, complete, and up to date. Great training leads to Microsoft Certification—the premier credential of IT professionals worldwide. Certification is available for a diverse spectrum of job roles and responsibilities, and validates your ability to get the job done right.
Click on the image to view a larger version of it.
Or download the PDF of this here.