Upload
darrin
View
47
Download
4
Tags:
Embed Size (px)
DESCRIPTION
What's New in Configuration Manager 2012 Since Beta 2. RC Change Overview. Key Features Endpoint Protection integration Application ‘Simulated Deployment’ (Pre-Flight) Improved Discovery processing DCRs, Bug Fixes, More…. Endpoint Protection (FEP) Integration. - PowerPoint PPT Presentation
Citation preview
Microsoft Confidential
What's New in Configuration Manager 2012 Since Beta 2
Microsoft Confidential
RC Change Overview
• Key Features− Endpoint Protection integration− Application ‘Simulated Deployment’ (Pre-
Flight)− Improved Discovery processing
• DCRs, Bug Fixes, More…
2
Microsoft Confidential
Endpoint Protection (FEP) Integration• Fully integrated setup and
management• Key Features
− Expedited malware events: client to admin within 5 minutes
− Built-in security admin role− Network-friendly definition
deployments− Improved scalability and
reliability − Simpler to setup and operate− Email subscriptions for alerts
3
Microsoft Confidential
Application Simulated Deployment (“Preflight”)• Goal: Provide confidence in moving to state based
dynamic applications− Did I do detection method right? − Did I get rules/relationships right? − What will my deployment type mix be?
• What it does: Runs application as required in “rules only” mode− No content download, no execution of deployment type− Results – what would the system have done?
− Processes detection method, requirement rules, dependencies and supersedence
− Does NOT simulate the install!
5
FEATURE AREASA quick overview
Microsoft Confidential
Hierarchy Updates• FQDN throughout the product• All ConfigMgr global replication through
Data Replication Service (DRS)− No more SQL transactional replication
• Replication Link Analyzer (in RC)• Cross forest support - untrusted forests for
site system roles− Not site servers
• Secondary site content routing− One layer
• SQL Configuration Options: Ports, Instances• MP replica support6
Microsoft Confidential
SQL Server Support• Beta 2 required:
− SQL Server 2008 SP1 CU14• RC1 requires:
− SQL Server 2008 SP2 CU6 plus 2603910− SQL Server 2008 R2 will be supported later
− SQL Server 2008 R2 SP1 CU3 plus hotfix when ready• Prerequisite check for SQL Server memory
limitation− Recommended to not allow SQL Server to use
any more than ~70% of memory
7
Microsoft Confidential
Performance• Scalability and performance
improvements throughout the product:− General console operation− Replication− State and Status messages (alerting)− Discovery Data Processing− Application Catalog− Collection updates
− Incremental off by default for custom collections
8
Microsoft Confidential
Client Randomizations• To help with our VDI integration, we
now implement the following:− Hardware inventory− Software inventory− Software update scans− Software update deployment evaluations− Compliance settings (DCM) evaluation− Endpoint Protection scans− Application deployment evaluations
9
Microsoft Confidential
ConfigMgr Console• Ability search via dates (e.g. last x days)• Added security scopes into the listview with
filter/sort/search• Only one admin console installer - 32 bit• Improved multi-lingual support, including
server setup• Reporting
− Reports are grouped by folders in the Reports node
− Report folder “Show-Me” - folders are now associated with security role permissions
• Assets and Compliance workspace switches place with Administration10
Microsoft Confidential
Applications• Application Catalog:
− Ability to change application catalog color scheme− Updated Application Catalog appearance− Catalog tables update on a schedule
− 3 minutes – 24 hours− "Run Now" action to force immediately
• Software Center− Ability to filter by type of deployment (applications,
operating systems, updates)− Ability to show or hide optional deployments
11
Microsoft ConfidentialMicrosoft NDA Confidential
12
Software Center
Microsoft ConfidentialMicrosoft NDA Confidential
13
Software Center
Microsoft Confidential
Software Center
Microsoft NDA Confidential
14
Microsoft Confidential
Application Catalog
Microsoft NDA Confidential
15
Microsoft Confidential
Monitoring and Discovery• Monitoring
− Alerts now have subscriptions with email− Added an "Endpoint Protection Status" node
• Discovery− IP subnets become IP address ranges− Remove System Group Discovery− Rename Security Group Discovery to Group
Discovery− Change the responsibility of
− Group discovery: Discover groups and membership of these groups
− System Discovery: Discover basic information of computers and OU of these computers
− User Discovery: It is responsible for discover basic information of users and OU of these users
16
Microsoft Confidential
Delta DiscoveryChanges in Active Directory
Beta 2
RCP
New ComputerNew User
Computer and user basic information changedComputer added to a group
User added to a groupComputer removed from a group
User removed from a group
Group Discovery• Discover security
groups and distribution groups
• Discover membership of groups, including both user and computers
• Support specifying individual groups as the discovery scope (Recommended)
• Detect any changes of group membership
17
Microsoft Confidential
Stale Computer Filtering• Based on two Active Directory
attributes:−Lastlogontimestamp: Record the last
logon timestamp of the computer. It requires Domain function level >= Windows Server 2003
−Pwdlastset: Record the last time when the computer changes its password. By default Active Directory policy enforces each computer changing password every 30 days.
18
Microsoft Confidential
Client Settings and Compliance Settings• Compliance Settings Management:
− Baseline remediation can now be limited to maintenance windows (default)
− Baseline deployments can now generate Operations Manager alerts
− Ability to create dynamic collections from baseline compliance (RC)
• Client Settings− Custom Client Settings can now be
exported and imported (not just for default)
19
Microsoft Confidential
Client Health Updates• Client health:
− Rule checks expanded from 12 to 21 including:− WMI service WMI Repository Integrity− BITS service ConfigMgr client,
prerequisites install− SMS Agent Host serviceConfigMgr Remote Control
service− Antimalware service (EP) Network Inspection
(EP)− Windows Update Agent
− Client health state is now live data− Previously was summarized data
− Can disable automatic remediation of client health via Registry (e.g. Mission critical systems such as servers)20
Microsoft Confidential
Additional Items• Remote Control:
− Agent is disabled by default− Ability to have agent create required Windows
firewall exemptions− Remote Control Viewer shortcut in the
ConfigMgr program group• Platform Support:
− Added platform support for− Windows Embedded 7 SP1− POSReady 7− Windows 7 Thin PC− Windows Embedded Compact 7
21
Microsoft Confidential
Additional Items (2)
• Embedded Device Management− Ability to use task sequences to manage
write filter enabled systems• Tools:
− RBA modeling tool:− Live modeling of security roles and assignments− Authoring and modeling of custom security roles
− Replication Link Analyzer (post RCP)• OSD:
− CMTrace.exe now included in default boot images
22
Microsoft Confidential
Additional Items (3)
• Setup prompts for Server and Client languages− Will download appropriate language
packs as needed• Browsing for accounts
− Most account browsing even allows for a “Verify” on the credentials
• Tool for manual creation of CCRs− Uses text file for input
23
Microsoft Confidential
Documentation Updates• http://technet.microsoft.com/en-us/library/gg682129.aspx • You are seeing documentation “live” as it is produced
− Some is forward looking, some needs to be updated, some is yet to be written
• What you can do:− Please use the feedback buttons! “Like” (5 stars) for sections
you find useful− If information is incorrect or confusing, please create a connect
item (preferred)Alternative: “Click the Rate and Give Feedback” with your observations and email for follow-up
− If pages are empty, it is yet to be written - please be patient. • Create a Connect Feedback item if:
− You cannot locate your topic in the document (not even a blank page)
− Missing or incomplete topics are blocking your TAP program (Help us Prioritize)
− You have observations about the design or arrangement of the documentation (e.g. combining of “About” and “How To” sections.
− You have contenders for the FAQ list?24