39,59 €
Mehr erfahren.
- Herausgeber: Packt Publishing
- Kategorie: Fachliteratur
- Sprache: Englisch
Microsoft System Center 2012 Configuration Manager (CM12) is a systems management application for managing large groups of Windows-based computer systems. System Center 2012 Configuration Manager provides remote control, patch management, software distribution, operating system deployment, network access protection, and hardware and software inventory.
This practical cookbook shows you how to administer System Center 2012 Configuration Manager and understand how to solve particular problems/scenarios
Packed with over 50 task-based and immediately reusable recipes, this book starts by showing you how to design a System Center 2012 Configuration Manager Infrastructure. The book then dives into topics such as recommended SQL configuration for System Center 2012 Configuration Manager, deploying Windows 7 with Operating System Deployment (OSD), deploying Applications and Software Updates, managing Compliance Settings, managing Sites and managing Inventory amongst others.
Das E-Book können Sie in Legimi-Apps oder einer beliebigen App lesen, die das folgende Format unterstützen:
Seitenzahl: 313
Veröffentlichungsjahr: 2012
Ähnliche
Table of Contents
Microsoft System Center 2012 Configuration Manager: Administration Cookbook
Microsoft System Center 2012 Configuration Manager: Administration Cookbook
Copyright © 2012 Packt Publishing
All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.
Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the authors, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book.
Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.
First published: September 2012
Production Reference: 1180912
Published by Packt Publishing Ltd.
Livery Place
35 Livery Street
Birmingham B3 2PB, UK.
ISBN 978-1-84968-494-1
www.packtpub.com
Cover Image by Tina Negus (<[email protected]>)
Credits
Authors
Brian Mason
Greg Ramsey
Reviewers
Torsten Meringer
Kim Oppalfens
Acquisition Editor
Robin de Jongh
Lead Technical Editor
Susmita Panda
Technical Editors
Vrinda Amberkar
Farhaan Shaikh
Copy Editor
Laxmi Subramanian
Project Coordinator
Michelle Quadros
Proofreader
Aaron Nash
Indexer
Rekha Nair
Production Coordinator
Melwyn D'sa
Cover Work
Melwyn D'sa
About the Authors
Brian Mason is a Systems Engineer at Wells Fargo where he manages over 350,000 resources with CM (note that any views expressed in this book are Brian's and not necessarily those of Wells Fargo). Brian is a 6-time Microsoft MVP for Configuration Manager (CM). He currently runs the Minnesota System Center User Group and its website where he blogs. He can be found answering forum questions on TechNet and myITforum.
I'd like to thank Rod Trent for creating myITforum, a place where people can share ideas and help each other figure out how to use SMS and CM. When I first started with SMS, Microsoft had no such offering so it was great to be able to seek out help and get it fast. I've met brilliant people there over the years. And I'd like to thank my wife, Susan, for allowing me to lock myself away to write. She never complained once.
Big thanks to Greg Ramsey for joining me on this book and his agreement with me to forward any receipts we receive from this book to the Wounded Warrior Project (http://www.woundedwarriorproject.org/).
Greg Ramsey is a Systems Engineer specializing in global systems management for Dell Services. He has a B.S. in Computer Sciences and Engineering from the Ohio State University and is a Microsoft Most Valuable Professional (MVP) for Microsoft System Center Configuration Manager. Greg co-authored SMS 2003 Recipes: A Problem-Solution Approach (Apress, 2006) and Microsoft System Center Configuration Manager Unleashed (Sams, 2009). Greg is the co-founder of the Ohio SMS Users Group and the Central Texas Systems Management User Group.
I'd like to thank Rod Trent for creating myITforum. Many problems have been solved, friendships forged, new career opportunities offered in that community. I'd also like to thank my wife Tina for her patience, love, and support.
Big thanks to Brian Mason for including me on this book journey, and suggesting to forward any receipts we receive from this book to the Wounded Warrior Project (http://www.woundedwarriorproject.org/). Semper Fi.
About the Reviewers
Torsten Meringer, ConfigMgr MVP since 2005, is a self-employed senior consultant in Germany, starting his own business in 1999. His primary focus is to design, migrate, deploy, train, and troubleshoot Microsoft's deployment and management solutions such as System Center Configuration Manager and Microsoft Deployment Toolkit in small to large-scale companies of over 200,000 clients. Torsten manages the German ConfigMgr blog at http://www.mssccmfaq.de and holds various MCSA, MCSE, MCTS, MCITP:EA certifications.
Kim Oppalfens is a ConfigMgr MVP, and has been for 7 years now.
As an industry expert, Kim is a frequent speaker and ask-the-expert guest at both national and international events, and as such has presented several sessions at the Belgian Techdays. Kim has had the opportunity to present at Microsoft's prestigious MMS event for System Center enthusiasts, making this his third year to present at the most important System Center event worldwide. One topic he is keen on presenting, is the seemingly boring WMI layer.
Kim started Inovativ together with co-owners Kurt van Hoecke and Maarten Goet. Inovativ is a consultancy company specializing in System Center consultancy catering to the medium and large Belgian companies. Inovativ delivers both project consultancy, training as custom development on the different System Center products.
Last but not the least, Kim is a board member on the increasingly successful Belgian System Center User Group.
www.PacktPub.com
Support files, eBooks, discount offers and more
You might want to visit www.PacktPub.com for support files and downloads related to your book.
Did you know that Packt offers eBook versions of every book published, with PDF and ePub files available? You can upgrade to the eBook version at www.PacktPub.com and as a print book customer, you are entitled to a discount on the eBook copy. Get in touch with us at <[email protected]> for more details.
At www.PacktPub.com, you can also read a collection of free technical articles, sign up for a range of free newsletters and receive exclusive discounts and offers on Packt books and eBooks.
http://PacktLib.PacktPub.com
Do you need instant solutions to your IT questions? PacktLib is Packt's online digital book library. Here, you can access, read and search across Packt's entire library of books.
Why Subscribe?
Free Access for Packt account holders
If you have an account with Packt at www.PacktPub.com, you can use this to access PacktLib today and view nine entirely free books. Simply use your login credentials for immediate access.
Instant Updates on New Packt Books
Get notified! Find out when new books are published by following @PacktEnterprise on Twitter, or the Packt Enterprise Facebook page.
Preface
Microsoft's System Center Configuration Manager 2012 (CM12) is arguably the most complex (and feature rich) offering of the System Center suite. CM administrators must be proficient in a variety of technologies in order to effectively design and operate a CM hierarchy. The list of technologies that CM touches on is almost overwhelming, for example, SQL, IIS, MDT, WSUS, WMI, PXE, SSRS, workstation and server operating systems, networking, and more. It should come as no surprise then that CM admins have built themselves a strong network of support. Forums such as Microsoft TechNet and myITforum are daily filled with questions and answers. There are local user groups, online webcasts, and conferences held routinely for admins to learn and share their trials and tribulations.
We often hear of an Exchange or Active Directory admin suddenly getting CM dropped in his lap from the boss. There is little time to sink or swim. By giving quick recipes to get things done, readers can get things going (or keep them running) to buy time to better learn the product. This book does not spend time going into why CM does things the way it does, nor does it go into deep details as admins too often don't have the time for that. There are also other Configuration Manager 2007 (CM07) admins who don't want to spend time reading bible-sized books on CM12. They know CM07 very well and just need a quick guide to get them up to speed. Therefore, this book is aimed at getting admins up to speed fast with CM12.
This book will get the reader up to a working knowledge of the product. For example, we cover Operating System Deployment (OSD) far enough for the reader to create a Windows 7 image and deploy it. Real world finesse will come only with time, but that cannot begin until the reader picks up the terminology and fundamentals. This book should remove that feeling of being overwhelmed by putting the reader straight to work with step by step recipes. Once the reader has actually tried a recipe, the topic will seem less intimidating. By using these recipes, the reader will gain the fundamentals of site administration, reporting, software distribution and patching, and client management.
What this book covers
Chapter 1, Designing a System Center 2012 Configuration Manager Infrastructure, covers ways to reduce the drag on primary sites to help keep you on just one site if possible, such as installing SQL to be as efficient as possible and how to offload roles.
Chapter 2, Deploying Windows 7 with Operating System Deployment, shows you how to create an image and deploy it, taking into consideration the need to manage drivers or migrate user data.
Chapter 3, Deploying Applications and Software Updates, covers applications and patching, monitoring deployments, and use of the new Software Center and Application Catalog.
Chapter 4, Managing Compliance Settings, covers how to create configuration items, put them into baselines and deploy them, and then monitor computers for compliance to those baselines with e-mailed drift reports.
Chapter 5, Managing Sites, details ways to configure and manage sites, set up discovery tasks to find systems, and how to set up security roles and scopes for other admins.
Chapter 6, Managing Clients, covers installation of the CM client on systems, how to manage and monitor the health of that client, and how to manage power on those clients.
Chapter 7, Managing Inventory, details setup and usage of the various inventory methods of CM12 as well as metering of software usage.
Chapter 8, Managing Reports and Queries, walks you through Reporting Services installation, building queries for reports, and editing and creating reports.
What you need for this book
Readers with experience in CM07 will get up to speed sooner, but it isn't a requirement. However, experience is needed in the following areas:
Who this book is for
This book is for administrators who need to get up to speed quickly with CM12. Readers are given how-to steps without all the fat and fluff. Need to get SQL and CM installed right away? This book has recipes for design considerations. Need to just get a Windows 7 deployment started right now? There is an entire chapter dedicated to that. Need to set up a security drift report for your boss? There is a chapter for that as well. All the main features of CM12 have recipes written as concisely as possible to give the reader a quick start.
Conventions
In this book, you will find a number of styles of text that distinguish between different kinds of information. Here are some examples of these styles, and an explanation of their meaning.
Code words in text are shown as follows: "We can include other contexts through the use of the include directive."
A block of code is set as follows:
When we wish to draw your attention to a particular part of a code block, the relevant lines or items are set in bold:
Any command-line input or output is written as follows:
New terms and important words are shown in bold. Words that you see on the screen, in menus or dialog boxes for example, appear in the text like this: "clicking the Next button moves you to the next screen".
Note
Warnings or important notes appear in a box like this.
Tip
Tips and tricks appear like this.
Reader feedback
Feedback from our readers is always welcome. Let us know what you think about this book—what you liked or may have disliked. Reader feedback is important for us to develop titles that you really get the most out of.
To send us general feedback, simply send an e-mail to <[email protected]>, and mention the book title via the subject of your message.
If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, see our author guide on www.packtpub.com/authors.
Customer support
Now that you are the proud owner of a Packt book, we have a number of things to help you to get the most from your purchase.
Errata
Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you find a mistake in one of our books—maybe a mistake in the text or the code—we would be grateful if you would report this to us. By doing so, you can save other readers from frustration and help us improve subsequent versions of this book. If you find any errata, please report them by visiting http://www.packtpub.com/support, selecting your book, clicking on the erratasubmissionform link, and entering the details of your errata. Once your errata are verified, your submission will be accepted and the errata will be uploaded on our website, or added to any list of existing errata, under the Errata section of that title. Any existing errata can be viewed by selecting your title from http://www.packtpub.com/support.
Piracy
Piracy of copyright material on the Internet is an ongoing problem across all media. At Packt, we take the protection of our copyright and licenses very seriously. If you come across any illegal copies of our works, in any form, on the Internet, please provide us with the location address or website name immediately so that we can pursue a remedy.
Please contact us at <[email protected]> with a link to the suspected pirated material.
We appreciate your help in protecting our authors, and our ability to bring you valuable content.
Questions
You can contact us at <[email protected]> if you are having a problem with any aspect of the book, and we will do our best to address it.
Chapter 1. Designing a System Center 2012 Configuration Manager Infrastructure
In this chapter we will cover the following topics:
Introduction
In this chapter, we will walk through the various setup scenarios and configurations for System Center 2012 Configuration Manager (CM12), which covers both the migration from CM07 to CM12 as well as fresh CM12 installation scenarios. If you are inheriting a hierarchy that's already been built, you may still find some helpful information here, especially in terms of offloading site system roles if your server is overworked.
Dividing up site system roles
It is likely that most installations of CM consist of a single primary site with all roles loaded locally on the same server. Depending on the hardware used (RAM and disk IO chief among them), this will suffice for many organizations. As companies grow and the workload of CM starts to stress the hardware of a single server, administrators need to offload roles to other servers.
Note
Note that while it was a best practice to offload SQL in CM07, we now advise keeping SQL on box in CM12 as SQL replication has replaced much of the file based replication of CM07. CM12 is native x64 code so there is no performance hit for a WOW64 translation like there was with CM07 on x64 servers. Underpowered VMs, however, might benefit from offloading SQL to more powerful servers.
Getting ready
Admins should move roles off as described in the the following How to do it... section until the primary site starts to perform as expected. We will start with both the Distribution Point (DP) and the Management Point (MP). Unlike CM07, CM12 allows for more than one MP with no default MP to define. Offloading these two roles will do more to alleviate stress than any other steps. For this step, have another server ready where you can move these roles to.
How to do it...
With a working MP and DP on another server, those roles can now be removed from the primary site. Follow these steps to remove the roles:
How it works...
Once all IIS roles have been offloaded, IIS can be removed from the primary site. This strengthens security of the server and frees up resources for the remaining duties of the site. As you offload roles, the server has less to do as resources are freed up.
There's more...
Beyond IIS-based roles, there are still several items that can cause stress to the primary site server, which you can offload to other servers.
Offloading the SUP
With the MP and DP offloaded, the bulk of the client traffic to the primary site has been removed. The SUP role should be offloaded next as it's another point where clients can directly hit your primary site. To do this simply follow these steps:
Offloading Endpoint Protection
If you are using Endpoint Protection in your company, you can move this role next, but note that there will be no change to the server load. To do this simply follow these steps:
Offloading SQL Reporting Services
The SQL Reporting Service Point can cause stress if people are repeatedly running reports that are hard for your primary to query. The smart move there is to simply set such reports to cache for a certain amount of time (an hour, a day, and so on) so that no matter how often the report is run, the cached data is used instead of fresh queries to the primary site's database. Additionally, reporting services for SQL 2008 and above no longer require IIS, so offloading the role doesn't help towards the ability to remove IIS. Should you still wish to offload that role anyway, (perhaps just as a rule you might decide that no other roles be allowed on a primary) select a server with SQL Reporting Services installed (IIS is not necessary). Follow these steps to offload the SQL Reporting Services Point role:
The remaining roles should cause no discernible stress to the primary. But there is one additional step you can take to reduce the impact of the MP role to your server and that is to create a transactional replica between the primary site and the MP. With such a replica, the MP can answer all client requests without querying the primary site. This also allows clients to remain functional if the primary site is down for maintenance or patching (assuming you've offloaded other roles needed, such as DP, SUP, and so on).
By creating this replica, there is a benefit in that if other roles are offloaded from the primary site, the primary site could go down for patching or maintenance while software distribution and patching could continue.
See also
Creating migration jobs
Migrating objects (packages, collections, task sequences, and so on) from CM07 to CM12 use a different process than we used from SMS 2003 to CM07. Due to the significant changes in the backend infrastructure, we can no longer attach and upgrade an existing CM07 site server to CM12. To make our side-by-side upgrade process easier, Microsoft created a new migration process that lets us select multiple CM07 sites (even from different CM07 hierarchies if desired) to migrate objects. Migration jobs allow us to pick and choose which objects to migrate.
Getting ready
Before we create a migration job, we must have a configured Active Source Hierarchy. To configure an Active Source Hierarchy, we need valid credentials to see the objects, just as we would for granting someone read rights to objects in CM07. All migration steps are performed in the admin console under Administration | Migration.
From the ActiveSourceHierarchy subnode, run the Specify Source Hierarchy Wizard and observe the progress in the progress dialog as well as the migmctrl.log file on the CM12 site server. All information related to migration is logged in this file.
Configuring the Active Source Hierarchy will automatically synchronize all computer objects from the source hierarchy (or hierarchies). This process also automatically discovers all child sites of the configured CM07 site. Note that we can only migrate owned objects from the specified source hierarchy. If we need to discover and migrate objects from child sites in the CM07 hierarchy, we must also configure those as source sites. Once we have configured our source hierarchy we can create multiple migration jobs.
How to do it...
To create a new migration job, perform the following steps:
How it works...
The migration tool uses the credentials specified in the active source hierarchy configuration to migrate the desired object to the CM site. In this example, we selected specific objects to migrate. Notice that in the object selector dialog, we can identify which objects have already been migrated.
Note
CM users in the default roles of Full Administrator, Infrastructure Administrator, and Operations Administrator have security rights to create migration jobs.
There's more...
In addition to the object-based migration we just performed, we can also select a collection-based migration. When we specify a collection-based migration, selected collections and all objects required for those collections are migrated by default. We can clear a checkbox in the wizard so that only the collections are migrated, if desired. When we select a subcollection for migration, all the collections that are required to traverse to the root are also migrated.
Also, notice from the previous image that we can determine which collections have been migrated, which collections are device collections, and which collections are user collections. In CM12, a collection cannot contain both devices and users. Click on the View Collections that Cannot Migrate… button to view collections that meet one or more of the following criteria:
Also, notice from the previous image that some collections will be migrated to a folder instead of a collection. CM12 does not support nested collections. The migration process will ensure that collections are migrated and organized similarly to the CM07 configuration, but will not be exact. Always run the migration process in a test environment before running migration jobs in production.
