03-25-2013 18:36

The Cumulative Update 1 (CU1) for System Center 2012 Configuration Manager Service Pack 1 (SCCM 2012 SP1) is available for download!!!

Hi to all,

Great news, the Cumulative Update 1 (CU1) for System Center 2012 Configuration Manager Service Pack 1 (SCCM 2012 SP1) is available for download !!!

What's news in this CU1 for SCCM2012 SP1:

Issues that are fixed

Administrator Console

  • A Discovery Data Record (DDR) that contains organizational unit (OU) paths that are longer than 220 characters are not processed. The DDM.log file on the site server contains event messages that resemble the following:

    CDiscoverySource::ValidateSchema - array property User OU Name cannot expand size so rejecting.

    CDiscoverDataManager::ProcessDDRs - Unable to update data source
  • The Allow clients to use a fallback source location for content option is missing from the Distribution Points tab of the package properties.

Site systems

  • Replication Configuration Manager incorrectly reports the link status as Degraded and then reports the status as Active one minute later.
  • Site replication fails after a site database is restored to a new server. Additionally, the Rcmctrl.log file contains the following error message:

    ERROR: Received unhandled SQL exception, printing info and throwing it again. This will be retried in next cycle.
    SqlException number: [8115]
    ERROR: Exception message: [Arithmetic overflow error converting expression to data type int.~~The 'spGetChangeTrackingMinValidVersion' procedure attempted to return a status of NULL, which is not allowed. A status of 0 will be returned instead.]

Device management

  • The Configuration Manager client cannot be installed on devices that contain newer ARM processors. Additionally, the following error message is logged in the DmClientSetup log file:

    Fail to get the CAB file name because of unsupported processor type: 0

Software updates

  • The Allow clients to share content with other clients on the same subnet option in the properties of a Software Update Group Deployment is ignored. Additionally, the DataTransferService.log file contains the following message:

    Not using branch cache option.
  • When a custom port is configured for software updates, an Internet only client may append the custom port to the URL for the Windows Update service. Additionally, when the custom port is set to 880, log entries that resemble the following may be logged in the DataTransferService.log file:

    UpdateURLWithTransportSettings(): OLD URL - http://download.windowsupdate.com/msdownload/update.cab

    UpdateURLWithTransportSettings(): NEW URL - http://download.windowsupdate.com:880/msdownload/update.cab
  • The Schedule Updates Wizard does not list content for Windows Server 2012. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

    2793237 FIX: The Schedule Updates Wizard does not list content for Windows Server 2012 in System Center 2012 Configuration Manager Service Pack 1

Client

  • The MicrosoftPolicyPlatformSetup.msi file is now correctly signed.
  • The selection of multiple targeted applications in Software Center will fail if the calendar region is set to Arabic (Saudi Arabia). Additionally, Software Center displays the following error message:

    Software Center cannot be loaded. There is a problem loading the required components for Software Center. You can try launching Software Center at a later time. If the problem continues, you can contact your helpdesk.
  • The hardware inventory on a computer that is running a 32-bit version of Windows Server 2003 R2 may cause the Wmiprvse.exe process to exit unexpectedly. Additionally, when you view the results of the fault, the details of the fault resemble the following:

    Faulting application wmiprvse.exe, version 5.2.3790.4455, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x00056b1d
  • PXE support is added for IA-32 EFI computers.

PowerShell

  • When the Clear-CMPxeDeployment cmdlet is run, you receive the following error message:

    The method or operation is not implemented.
  • When the Update-CMDistributionPoint –DeploymentTypeName cmdlet is run, you receive the following error message:

    Key not Found Exception.
  • When the New-CMDeviceCollection cmdlet is run, the refreshschedule parameter is not defined in the NewByLimitName parameter set.
  • When the New-CMDeviceCollection cmdlet is run together with the LimitingCollectionName option, the cmdlet is unsuccessful. Additionally, you receive the following error message:

    Unable to cast object of type 'Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlArrayItems' to type'System.Management.ManagementBaseObject'.
  • When the .GetType method is used for the object that is returned by the New-CMSchedule cmdlet, the method is unsuccessful. Additionally, you receive the following error message:

    The adapter cannot get property "GetType" for instance of SMS_ST_RecurInterval.
  • When the Import-CMComputerInformation -CollectionName "All Systems" -ComputerName "Computer01" -MacAddress "xx:xx:xx:xx:xx:xx" command is run, the command is unsuccessful. Additionally, you receive the following error message:

    WARNING: The collection All Systems does not exist or is not suitable for adding the new device.

Functionality that is updated:

PowerShell

Help for PowerShell is updated for the cmdlets that are included in Configuration Manager Service Pack 1 and in this cumulative update. In a PowerShell environment, use the Update-Help –Module ConfigurationManager cmdlet to retrieve the latest Help information from Microsoft.

The following cmdlets are added to the PowerShell module:

  • Add-CMDistributionPoint
  • Import-CMAntiMalwarePolicy
  • Import-CMDriver
  • New-CMAppVVirtualEnvironment
  • New-CMMigrationJob
  • New-CMPackage
  • New-CMSoftwareUpdateAutoDeploymentRule
  • New-CMTaskSequence
  • New-CMTaskSequenceInstallUpdateAction
  • New-CMTaskSequenceMedia
  • New-CMUserDataAndProfileConfigurationItem
  • Remove-CMTaskSequenceInstallUpdateAction
  • Set-CMTaskSequenceGroup
  • New-CMTaskSequenceGroup
  • Remove-CMTaskSequenceGroup
  • Set-CMApplicationCatalogWebsitePoint
  • Set-CMAppVVirtualEnvironment
  • Set-CMClientPushInstallation
  • Set-CMClientSetting
  • Set-CMDistributionPoint
  • Set-CMDriver
  • Set-CMEndpointProtectionPoint
  • Set-CMEnrollmentPoint
  • Set-CMEnrollmentProxyPoint
  • Set-CMHierarchySetting
  • Set-CMManagementPointComponent
  • Set-CMOperatingSystemImageUpdateSchedule
  • Set-CMOutOfBandManagementComponent
  • Set-CMReportingServicePoint
  • Set-CMSite
  • Set-CMSoftwareUpdateAutoDeploymentRule
  • Set-CMSoftwareUpdatePointComponent
  • Set-CMStateMigrationPoint
  • Set-CMStatusSummarizer
  • Set-CMSystemHealthValidatorPointComponent
  • Set-CMTaskSequence
  • Set-CMTaskSequenceInstallUpdateAction
  • Set-CMUserDataAndProfileConfigurationItem
  • Start-CMDistributionPointUpgrade

--------------------------------------

Click HERE for download

--------------------------------------

  • Launch the executable file and Click Next

  • Click Next

  • Select Yes, update the site database and click next

  • Click Next

  • Click Next

  • Click Next

  • Click Next

  • Click Install

  • Click next

Click Finish Big Smile


Posted by mbertuit | with no comments
Filed under: , , , , , , , , , , , , , , , , , , , , ,
03-15-2013 16:00

How to deploy the SCCM 2012 management console with SCCM2012

Hi to all,

In this post, i explain how to deploy the SCCM 2012 management console.

Prerequisite:

  • Source SCCM 2012 management console present in this folder >>(ConfigMgrSiteServerInstallationPath>\Tools\ConsoleSetup)

Right Click and select Create Package

Insert Package name and indicate source files and click Next

Click Next

Insert Name, command line under

consolesetup.exe /q TargetDir="C:\Program Files\configmgrConsole" EnableSQM=1 DefaultSiteServerName=Yourserver.domaine.com

Select all option indicate on the copy screen and click Next

Click Next

Click Next

Click Close

Package SCCM 2012 imported with successfully and ready to deploy!

Command line for uninstall :
consolesetup.exe /uninstall /q

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Others command line option:

Type consolesetup.exe and choose from the following command-line options.
    
Command-line option     Description

/q

Installs the Configuration Manager console unattended. The EnableSQM, TargetDir, and DefaultSiteServerName options are required when you use this option.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

/uninstall
       

Uninstalls the Configuration Manager console. You must specify this option first when you use it with the /q option.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

LangPackDir
       
Specifies the path to the folder that contains the language files. You can use Setup Downloader to download the language files. If you do not use this option, Setup looks for the language folder in the current folder. If the language folder is not found, Setup continues to install English only. For more information about Setup Downloader, see Setup Downloader in this topic.


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

TargetDir

Specifies the installation folder to install the Configuration Manager console. This option is required when you use the /q option.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

EnableSQM
       

Specifies whether to join the Customer Experience Improvement Program (CEIP). Use a value of 1 to join the Customer Experience Improvement Program, and a value of 0 to not join the program. This option is required when you use the /q option.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DefaultSiteServerName
       
Specifies the FQDN of the site server to which the console connects when it opens. This option is required when you use the /q option.

Posted by mbertuit | with no comments
Filed under: , , , , , , , , , , ,
03-13-2013 19:36

Application Approval Workflow available for SCCM2012 (Application Catalog) / SCSM 2012 & Orchestrator 2012 !

Hi to all,

Great news, the SCCM 2012 application approval workflow is available for SCSM 2012 !!!

What  Application Approval Workflow?

This solution accelerator takes an application request submitted through the System Center 2012 Configuration Manager Application Catalog and transforms it into a System Center 2012 - Service Manager service request, allowing flexible approval lists and activities.

Prerequisite:

•    Microsoft System Center 2012 - Service Manager
•    Microsoft System Center 2012 - Orchestrator
•    Microsoft System Center Integration Pack for System Center 2012 Service Manager
•    Microsoft System Center 2012 Configuration Manager
•    Service Manager Portal

& Microsoft Visual C++ 2010 x64 Redistributable – 10.0.30319.

Overview

The Application Approval Workflow (AAW) extends your application approval process. End users can easily request applications on-demand directly through the Configuration Manager Application Catalog or via redirection from the Service Manager Self-Service Portal. Application requests requiring approval are routed to Service Manager where custom approver lists and activities can be configured based on user and application properties.

AAW uses System Center 2012 - Orchestrator between Configuration Manager and Service Manager to sync Configuration Manager applications, leverage Service Manager workflows, and post the approval status back to Configuration Manager. We created wizards in Service Manager to configure custom service request template-matching criteria. User and application properties received in the approval request from Configuration Manager are used to select a service request template containing an approver list and activities that best fit your business process.


Key features:

    Sync Configuration Manager applications data into the Service Manager database.
    Monitor and transport Configuration Manager Application Catalog requests requiring approval to Service Manager and open a service request.
    Return the completed approval workflow status to Configuration Manager for handling.
    Allow administrators to define and maintain application selection criteria for specific applications or application groups and specific users or user groups.
    Track service application requests and view application catalog contents in Service Manager.

Click HERE for download

 

Posted by mbertuit | with no comments
Filed under: , , , , , , , , , , ,
03-11-2013 14:48

System Center Advisor is a FREE service!

Hi to all,

Great news, System Center Advisor is a free service now !!!

What is Advisor?

System Center Advisor is a cloud service that enables IT Professionals to proactively avoid problems resulting from server configuration issues. It can help you resolve issues faster by providing access  to current and historical configuration data for a deployment. Additionally, System Center Advisor reduces downtime by providing suggestions for improvement and notifying users of key updates specific to their configuration

News:

  • New workloads were added in January including Lync 2010
  • Later this month we will release Update Rollup 3 for System Center Advisor
  • Last but not least...stay tuned for some exciting Advisor news during this years Microsoft Management Summit ! 

Advisor supports analysis of the following workloads:

  • Windows Server 2008 and 2008 R2:
    • Active Directory
    • Hyper-V Host
    • General operating system
  • SQL Server 2008 and later
    • SQL Engine
  • Microsoft SharePoint 2010 and later
  • Microsoft Exchange Server 2010 and later
  • Microsoft Lync Server 2010

Click Here for to know more

 

Source

Posted by mbertuit | with no comments
Filed under: , , , , , , ,
02-19-2013 17:21

System Center Monitoring Pack available for System Center Configuration Manager 2012 SP1 (SCCM 2012 SP1)

Hi to all,

Great news, the System Center Monitoring Pack is available for System Center Configuration Manager 2012 SP1 !

Overview:

This monitoring pack will allow you to monitor the health of Microsoft System Center 2012 – Configuration Manager by monitoring general health; data replication between Configuration Manager sites; server and service availability; SQL Server configurations; Backup and recovery; backlog monitoring; software update synchronization; and other server role configuration.
 
Feature Summary:
 This release of monitoring pack delivers improved capabilities for Configuration Manager monitoring, including the following:

 •Monitoring the availability status of all server roles
 •Monitoring the health status of key services
 •Monitoring SQL replication health status
 •Collecting and monitoring performance counters from Configuration Manager servers
 •A topology diagram of the Configuration Manager site hierarchy
 •Reports showing the availability status and performance of Configuration Manager servers
 •Monitoring the status of Configuration Manager alerts

Click HERE for download

Posted by mbertuit | with no comments
Filed under: , , , , ,
02-15-2013 16:18

How to install SCCM2012 with https, certificate PKI and how to install, configure and manage Mac OS Client with SCCM2012 ! (Mac OS X 10.6 (Snow Leopard) and Mac OS X 10.7 (Lion)

Hi to all,

 

 

It's with a great pleasure that i explain you how to install SCCM2012 with https, certificate PKI and how to install, configure and manage Mac OS Client with SCCM2012 ! (Mac OS X 10.6 (Snow Leopard)  and Mac OS X 10.7 (Lion)

In my example, i have

1 Active Directory server

1 Certificate server 2008 R2 enterprise or Windows 2012 Server HERE (not detailed in this post)

1 SCCM 2012 with SP1 Server not installed for the moment

1 Mac Book Pro with Mac OS X 10.7 (Lion)

Note : The following operating systems are supported for the Configuration Manager client for Mac computers:

  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)

---------------------------------------------------------------------------------------------------------------------------------


For STARTING prepare your certificate environment (with Windows 2008 R2 certificate server) for SCCM 2012 in https mode , it's under, let's GO!

1

Deploying the Web Server Certificate for Site Systems that Run IIS

Connect on your certificate server and follow the steps under

This certificate deployment has the following procedures:

  • Creating and Issuing the Web Server Certificate Template on the Certification Authority
  • Requesting the Web Server Certificate
  • Configuring IIS to Use the Web Server Certificate

This procedure creates a certificate template for Configuration Manager site systems and adds it to the certification authority.

  1. Create a security group named ConfigMgr IIS Servers that contains the member servers to install System Center 2012 Configuration Manager site systems that will run IIS.

  2. On the member server that has Certificate Services installed, in the Certification Authority console, right-click Certificate Templates and click Manage to load the Certificate Templates console.

  3. In the results pane, right-click the entry that displays Web Server in the column Template Display Name, and then click Duplicate Template.

  4. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

    ImportantImportant
    Do not select Windows 2008 Server, Enterprise Edition.

  5. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the web certificates that will be used on Configuration Manager site systems, such as ConfigMgr Web Server Certificate.

  6. Click the Subject Name tab, and make sure that Supply in the request is selected.

  7. Click the Security tab, and remove the Enroll permission from the security groups Domain Admins and Enterprise Admins.

  8. Click Add, enter ConfigMgr IIS Servers in the text box, and then click OK.

  9. Select the Enroll permission for this group, and do not clear the Read permission.

  10. Click OK, and close the Certificate Templates Console.

  11. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

  12. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Web Server Certificate, and then click OK.

  13. If you do not need to create and issue any more certificate, close Certification Authority.

2

Requesting the Web Server Certificate


Connect on your sccm 2012 server and follow the steps under

This procedure allows you to specify the intranet and Internet FQDN values that will be configured in the site system server properties, and then installs the web server certificate on to the member server that runs IIS.

  1. Restart the member server that runs IIS, to ensure that the computer can access the certificate template that you created, by using the Read and Enroll permissions that you configured.

  2. Click Start, click Run, and type mmc.exe. In the empty console, click File, and then click Add/Remove Snap-in.

  3. In the Add or Remove Snap-ins dialog box, select Certificates from the list of Available snap-ins, and then click Add.

  4. In the Certificate snap-in dialog box, select Computer account, and then click Next.

  5. In the Select Computer dialog box, ensure Local computer: (the computer this console is running on) is selected, and then click Finish.

  6. In the Add or Remove Snap-ins dialog box, click OK.

  7. In the console, expand Certificates (Local Computer), and then click Personal.

  8. Right-click Certificates, click All Tasks, and then click Request New Certificate.

  9. On the Before You Begin page, click Next.

  10. If you see the Select Certificate Enrollment Policy page, click Next.

  11. On the Request Certificates page, identify the ConfigMgr Web Server Certificate from the list of displayed certificates, and then click More information is required to enroll for this certificate. Click here to configure settings.

  12. In the Certificate Properties dialog box, in the Subject tab, do not make any changes to the Subject name. This means that the Value box for the Subject name section remains blank. Instead, from the Alternative name section, click the Type drop-down list, and then select DNS.

  13. In the Value box, specify the FQDN values that you will specify in the Configuration Manager site system properties, and then click OK to close the Certificate Properties dialog box.

    Examples:

    • If the site system will only accept client connections from the intranet, and the intranet FQDN of the site system server is server1.internal.contoso.com: Type server1.internal.contoso.com, and then click Add.
    • If the site system will accept client connections from the intranet and the Internet, and the intranet FQDN of the site system server is server1.internal.contoso.com and the Internet FQDN of the site system server is server.contoso.com:

      1. Type server1.internal.contoso.com, and then click Add.
      2. Type server.contoso.com, and then click Add.
      noteNote
      It does not matter in which order you specify the FQDNs for Configuration Manager. However, check that all devices that will use the certificate, such as mobile devices and proxy web servers, can use a certificate SAN and multiple values in the SAN. If devices have limited support for SAN values in certificates, you might have to change the order of the FQDNs or use the Subject value instead.

  14. On the Request Certificates page, select ConfigMgr Web Server Certificate from the list of displayed certificates, and then click Enroll.

  15. On the Certificates Installation Results page, wait until the certificate is installed, and then click Finish.

  16. Close Certificates (Local Computer).

3

Configuring IIS to Use the Web Server Certificate


Connect on your sccm 2012 server and follow the steps under

This procedure binds the installed certificate to the IIS Default Web Site.

  1. On the member server that has IIS installed, click Start, click Programs, click Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. Expand Sites, right-click Default Web Site, and then select Edit Bindings.

  3. Click the https entry, and then click Edit.

  4. In the Edit Site Binding dialog box, select the certificate that you requested by using the ConfigMgr Web Server Certificates template, and then click OK.

    noteNote
    If you are not sure which is the correct certificate, select one, and then click View. This allows you to compare the selected certificate details with the certificates that are displayed with the Certificates snap-in. For example, the Certificates snap-in displays the certificate template that was used to request the certificate. You can then compare the certificate thumbprint of the certificate that was requested with the ConfigMgr Web Server Certificates template with the certificate thumbprint of the certificate currently selected in the Edit Site Binding dialog box.

  5. Click OK in the Edit Site Binding dialog box, and then click Close.

  6. Close Internet Information Services (IIS) Manager.

The member server is now provisioned with a Configuration Manager web server certificate.

ImportantImportant
When you install the Configuration Manager site system server on this computer, make sure that you specify the same FQDNs in the site system properties as you specified when you requested the certificate.

A this step, it's necessary to install SCCM 2012 and select https mode when you launch the installation.

-------------------------------------------------------------------------------------------------------------------------

4

Deploying the Client Certificate for Windows Computers

Connect on your certificate server and follow the steps under

This certificate deployment has the following procedures:

  • Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority
  • Configuring Autoenrollment of the Workstation Authentication Template by Using Group Policy
  • Automatically Enrolling the Workstation Authentication Certificate and Verifying Its Installation on Computers

This procedure creates a certificate template for System Center 2012 Configuration Manager client computers and adds it to the certification authority.

  1. On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console.

  2. In the results pane, right-click the entry that displays Workstation Authentication in the column Template Display Name, and then click Duplicate Template.

  3. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

    ImportantImportant
    Do not select Windows 2008 Server, Enterprise Edition.

  4. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the client certificates that will be used on Configuration Manager client computers, such as ConfigMgr Client Certificate.

  5. Click the Security tab, select the Domain Computers group, and select the additional permissions of Read and Autoenroll. Do not clear Enroll.

  6. Click OK and close Certificate Templates Console.

  7. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

  8. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Client Certificate, and then click OK.

  9. If you do not need to create and issue any more certificate, close Certification Authority.

5

Configuring Autoenrollment of the Workstation Authentication Template by Using Group Policy


Connect on your Active Directory server and follow the steps under

This procedure configures Group Policy to autoenroll the client certificate on computers.

  1. On the domain controller, click Start, click Administrative Tools, and then click Group Policy Management.

  2. Navigate to your domain, right-click the domain, and then select Create a GPO in this domain, and Link it here.

    noteNote
    This step uses the best practice of creating a new Group Policy for custom settings rather than editing the Default Domain Policy that is installed with Active Directory Domain Services. By assigning this Group Policy at the domain level, you will apply it to all computers in the domain. However, on a production environment, you can restrict the autoenrollment so that it enrolls on only selected computers by assigning the Group Policy at an organizational unit level, or you can filter the domain Group Policy with a security group so that it applies only to the computers in the group. If you restrict autoenrollment, remember to include the server that is configured as the management point.

  3. In the New GPO dialog box, enter a name for the new Group Policy, such as Autoenroll Certificates, and click OK.

  4. In the results pane, on the Linked Group Policy Objects tab, right-click the new Group Policy, and then click Edit.

  5. In the Group Policy Management Editor, expand Policies under Computer Configuration, and then navigate to Windows Settings / Security Settings / Public Key Policies.

  6. Right-click the object type named Certificate Services Client – Auto-enrollment, and then click Properties.

  7. From the Configuration Model drop-down list, select Enabled, select Renew expired certificates, update pending certificates, and remove revoked certificates, select Update certificates that use certificate templates, and then click OK.

  8. Close Group Policy Management.

6

Connect on your Workstation and follow the steps under

Automatically Enrolling the Workstation Authentication Certificate and Verifying Its Installation on Computers

This procedure installs the client certificate on computers and verifies the installation.

  1. Restart the workstation computer, and wait a few minutes before logging on.

    noteNote
    Restarting a computer is the most reliable method of ensuring success with certificate autoenrollment.

  2. Log on with an account that has administrative privileges.

  3. In the search box, type mmc.exe., and then press Enter.

  4. In the empty management console, click File, and then click Add/Remove Snap-in.

  5. In the Add or Remove Snap-ins dialog box, select Certificates from the list of Available snap-ins, and then click Add.

  6. In the Certificate snap-in dialog box, select Computer account, and then click Next.

  7. In the Select Computer dialog box, ensure that Local computer: (the computer this console is running on) is selected, and then click Finish.

  8. In the Add or Remove Snap-ins dialog box, click OK.

  9. In the console, expand Certificates (Local Computer), expand Personal, and then click Certificates.

  10. In the results pane, confirm that a certificate is displayed that has Client Authentication displayed in the Intended Purpose column, and that ConfigMgr Client Certificate is displayed in the Certificate Template column.

  11. Close Certificates (Local Computer).

  12. Repeat steps 1 through 11 for the member server to verify that the server that will be configured as the management point also has a client certificate.

The computer is now provisioned with a Configuration Manager client certificate.

7

Connect on your certificate server and follow the steps under

Deploying the Client Certificate for Distribution Points

noteNote
This certificate can also be used for media images that do not use PXE boot, because the certificate requirements are the same.

This certificate deployment has the following procedures:

  • Creating and Issuing a Custom Workstation Authentication Certificate Template on the Certification Authority
  • Requesting the Custom Workstation Authentication Certificate
  • Exporting the Client Certificate for Distribution Points

This procedure creates a custom certificate template for Configuration Manager distribution points that allows the private key to be exported, and adds the certificate template to the certification authority.

noteNote
This procedure uses a different certificate template from the certificate template that you created for client computers, because although both certificates require client authentication capability, the certificate for distribution points requires that the private key is exported. As a security best practice, do not configure certificate templates to allow the private key to be exported unless this configuration is required. The distribution point requires this configuration because you must import the certificate as a file, rather than select it from the certificate store. By creating a new certificate template for this certificate, you can restrict which computers request a certificate that allows the private key to be exported. In our example deployment, this will be the security group that you previously created for Configuration Manager site system servers that run IIS. On a production network that distributes the IIS site system roles, consider creating a new security group for the servers that run distribution points so that you can restrict the certificate to just these site system servers. You might also consider adding the following modifications for this certificate:
  • Require approval to install the certificate, for additional security.
  • Increase the certificate validity period. Because you must export and import the certificate each time before it expires, increasing the validity period reduces how often you must repeat this procedure. However, when you increase the validity period, it decreases the security of the certificate because it provides more time for an attacker to decrypt the private key and steal the certificate.
  • Use a custom value in the certificate Subject field or Subject Alternative Name (SAN) to help identify this certificate from standard client certificates. This can be particularly helpful if you will use the same certificate for multiple distribution points.

To create and issue the custom Workstation Authentication certificate template on the certification authority

  1. On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console.

  2. In the results pane, right-click the entry that displays Workstation Authentication in the column Template Display Name, and then click Duplicate Template.

  3. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

    ImportantImportant
    Do not select Windows 2008 Server, Enterprise Edition.

  4. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the client authentication certificate for distribution points, such as ConfigMgr Client Distribution Point Certificate.

  5. Click the Request Handling tab, and select Allow private key to be exported.

  6. Click the Security tab, and remove the Enroll permission from the Enterprise Admins security group.

  7. Click Add, enter ConfigMgr IIS Servers in the text box, and then click OK.

  8. Select the Enroll permission for this group, and do not clear the Read permission.

  9. Click OK and close Certificate Templates Console.

  10. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

  11. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Client Distribution Point Certificate, and then click OK.

  12. If you do not have to create and issue any more certificates, close Certification Authority.

8

Connect on your Sccm 2012 server and follow the steps under

Requesting the Custom Workstation Authentication Certificate

This procedure requests and then installs the custom client certificate on to the member server that runs IIS and that will be configured as a distribution point.

  1. Click Start, click Run, and type mmc.exe. In the empty console, click File, and then click Add/Remove Snap-in.

  2. In the Add or Remove Snap-ins dialog box, select Certificates from the list of Available snap-ins, and then click Add.

  3. In the Certificate snap-in dialog box, select Computer account, and then click Next.

  4. In the Select Computer dialog box, ensure Local computer: (the computer this console is running on) is selected, and then click Finish.

  5. In the Add or Remove Snap-ins dialog box, click OK.

  6. In the console, expand Certificates (Local Computer), and then click Personal.

  7. Right-click Certificates, click All Tasks, and then click Request New Certificate.

  8. On the Before You Begin page, click Next.

  9. If you see the Select Certificate Enrollment Policy page, click Next.

  10. On the Request Certificates page, select the ConfigMgr Client Distribution Point Certificate from the list of displayed certificates, and then click Enroll.

  11. On the Certificates Installation Results page, wait until the certificate is installed, and then click Finish.

  12. In the results pane, confirm that a certificate is displayed that has Client Authentication displayed in the Intended Purpose column, and that ConfigMgr Client Distribution Point Certificate is displayed in the Certificate Template column.

  13. Do not close Certificates (Local Computer).

9

Connect on your certificate server and follow the steps under

Exporting the Client Certificate for Distribution Points

This procedure exports the custom Workstation Authentication certificate to a file, so that it can be imported in the distribution point properties.

  1. In the Certificates (Local Computer) console, right-click the certificate that you have just installed, select All Tasks, and then click Export.

  2. In the Certificates Export Wizard, click Next.

  3. On the Export Private Key page, select Yes, export the private key, and then click Next.

    noteNote
    If this option is not available, the certificate has been created without the option to export the private key. In this scenario, you cannot export the certificate in the required format. You must reconfigure the certificate template to allow the private key to be exported, and then request the certificate again.

  4. On the Export File Format page, ensure that the option Personal Information Exchange - PKCS #12 (.PFX) is selected.

  5. On the Password page, specify a strong password to protect the exported certificate with its private key, and then click Next.

  6. On the File to Export page, specify the name of the file that you want to export, and then click Next.

  7. To close the wizard, click Finish in the Certificate Export Wizard page, and click OK in the confirmation dialog box.

  8. Close Certificates (Local Computer).

  9. Store the file securely and ensure that you can access it from the Configuration Manager console.

The certificate is now ready to be imported when you configure the distribution point.

TipTip
You can use the same certificate file when you configure media images for an operating system deployment that does not use PXE boot, and the task sequence to install the image must contact a management point that requires HTTPS client connections.

 

10

Connect on your certificate server and follow the steps under

Deploying the Client Certificate for Mac Computers

noteNote
The client certificate for Mac computers applies to Configuration Manager SP1 only.

This certificate deployment has a single procedure to create and issue the enrollment certificate template on the certification authority.

This procedure creates a custom certificate template for Configuration Manager Mac computers and adds the certificate template to the certification authority.

noteNote
This procedure uses a different certificate template from the certificate template that you might have created for Windows client computers or for distribution points. By creating a new certificate template for this certificate, you can restrict the certificate request to authorized users.

  1. Create a security group that contains user accounts for administrative users who will enroll the certificate on the Mac computer by using Configuration Manager. Make sure that this group does not contain user accounts for users who can enroll mobile devices in Configuration Manager.

  2. On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console.

  3. In the results pane, right-click the entry that displays Authenticated Session in the column Template Display Name, and then click Duplicate Template.

  4. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

    ImportantImportant
    Do not select Windows 2008 Server, Enterprise Edition.

  5. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the Mac client certificate, such as ConfigMgr Mac Client Certificate.

  6. Click the Subject Name tab, make sure that Build from this Active Directory information is selected, select Common name for the Subject name format: and clear User principal name (UPN) from Include this information in alternate subject name.

  7. Click the Security tab, and remove the Enroll permission from the Domain Admins and Enterprise Admins security groups.

  8. Click Add, specify the security group that you created in step one, and then click OK.

  9. Select the Enroll permission for this group, and do not clear the Read permission.

  10. Click OK and close Certificate Templates Console.

  11. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

  12. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Mac Client Certificate, and then click OK.

  13. If you do not have to create and issue any more certificates, close Certification Authority.

The Mac client certificate template is now ready to be selected when you configure client settings for enrollment.

11

Steps to Install and Configure the Client for Mac Computers

Connect on your SCCM 2012 server and follow the steps under

To configure management points and distribution points to support Mac computers

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration, select Servers and Site System Roles, and then select the server that holds the site system roles to configure.

  3. In the details pane, right-click Management point, click Role Properties, and in the Management Point Properties dialog box, configure the following options, and then click OK:

    1. Select HTTPS.
    2. Select Allow Internet-only client connections or Allow intranet and Internet client connections. These options require that an Internet FQDN is specified in the site system properties.
    3. Select Allow mobile devices and Mac computers to use this management point.

  4. In the details pane, right-click Distribution point, click Role Properties, and in the Distribution Point Properties dialog box, configure the following options, and then click OK:

    • Select HTTPS.
    • Select Allow Internet-only client connections or Allow intranet and Internet client connections. These options require that an Internet FQDN is specified in the site system properties.
    • Click Import certificate, browse to the exported client distribution point certificate file, and then specify the password.

  5. Repeat steps 2 through 4 in this procedure for all management points and distribution points in primary sites that you will use with Mac computers.

 

12

Connect on your SCCM 2012 server and follow the steps under

To install and configure the enrollment site systems: New site system server

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration, and click Servers and Site System Roles

  3. On the Home tab, in the Create group, click Create Site System Server.

  4. On the General page, specify the general settings for the site system, and then click Next.

    ImportantImportant
    Make sure that you specify the Internet FQDN, even if it is the same value as the intranet FQDN. Mac computers always connect to the Internet FQDN, even when they are on the intranet.

  5. On the System Role Selection page, select Enrollment proxy point and Enrollment point from the list of available roles, and then click Next.

  6. On the Enrollment Proxy Point page, review the settings and make any changes that you require, and then click Next.

  7. On the Enrollment Point Settings page, review the settings and make any changes that you require, and then click Next.

  8. Complete the wizard.


13

Connect on your SCCM2012 and follow the steps under

To configure the default client settings for Configuration Manager to enroll certificates for Mac computers

  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Client Settings.

  3. Click Default Client Settings.

    ImportantImportant
    You cannot use a custom client setting for the enrollment configuration; you must use the default client settings.

  4. On the Home tab, in the Properties group, click Properties.

  5. Select the Enrollment section, and then configure the following user settings:

    1. Allow users to enroll mobile devices and Mac computers:Yes
    2. Enrollment profile: Click Set Profile.

  6. In the Mobile Device Enrollment Profile dialog box, click Create.

  7. In the Create Enrollment Profile dialog box, enter a name for this enrollment profile, and then configure the Management site code. Select the Configuration Manager SP1 primary site that contains the management points that will manage the Mac computers.

    noteNote
    If you cannot select the site, check that at least one management point in the site is configured to support mobile devices.

  8. Click Add.

  9. In the Add Certification Authority for Mobile Devices dialog box, select the certification authority (CA) server that will issue certificates to Mac computers, and then click OK.

  10. In the Create Enrollment Profile dialog box, select the Mac computer certificate template that you created in Step 3, and then click OK.

  11. Click OK to close the Enrollment Profile dialog box, and then click OK to close the Default Client Settings dialog box.

    TipTip
    If you want to change the client policy interval, use the Client policy polling interval client setting in the Client Policy client setting group.

All users will be configured with these settings when they next download client policy. To initiate policy retrieval for a single client, see the Initiate Policy Retrieval for a Configuration Manager Client section in the How to Manage Clients in Configuration Manager topic.

In addition to the enrollment client settings, ensure that you have configured the following Configuration Manager client device settings:

noteNote
For more information about Configuration Manager client settings, see How to Configure Client Settings in Configuration Manager.

14

Connect on your SCCM 2012 and follow the steps under

Click HERE for download mac sccm client file

Launch install and click Next

Click on I Agree and click Next

Click Next

Click Next

Click Close

Now, the Mac client file appear

15

Connect on your Mac os computer and follow the steps under

Transfert the file on your Mac and decompress the *.dmg file

You have all files for install the client on your Mac

You can can verify your access to your certificate server in typing the URL (https://server.domain.xxx)

Launch the console on your mac and type this command under:

sudo ./ccmsetup

16

Connect on your Mac os computer and follow the steps under

Install the client and then enroll the client certificate on the Mac computer.

type this command under:

sudo ./CMEnroll -s <enrollment_proxy_server_name> -ignorecertchainvalidation -u <'user name'> [-p <password>]

The SCCM client is now installed, it's necessary to reboot your mac and you have after the Configuration Manager icon appear

For test the connectivity, click on Connect now

If the connection is good, you can see that the SCCM client is connected!

And after the first synchronisation, you can see the Mac computer object in the All Systems collection

You can see the inventory in ressource explorer

Enjoy!

Posted by mbertuit | with no comments
Filed under: , , , , , , , , , , , ,
02-06-2013 14:43

Reminder | SQL 2012 Collation for System Center Configuration Manager 2012 (SCCM2012)

Hi to all,

Just a reminder for indicate what the good sql 2012 collation parameter for SCCM 2012 DB prerequisite :

SQL_Latin1_General_CP1_CI_AS

Source

Posted by mbertuit | with no comments
Filed under: , , , , , , , , , ,
02-06-2013 11:32

SCCM 2012 | All Log Files in Configuration Manager | Information present in this post :-)

Hi to all,

An important post for to know the meanin of  SCCM 2012 log's file's in :

Source

Posted by mbertuit | with no comments
Filed under: , , , , , , , ,
02-04-2013 19:16

DCM | Microsoft Security Compliance Manager available for download !

Hi to all,

Great news, the new Microsoft Security Compliance Manager is available for download!!!

SCM 3.0 provides ready-to-deploy policies and DCM configuration packs based on Microsoft Security Guide recommendations and industry best practices, allowing you to easily manage configuration drift, and address compliance requirements for Windows operating systems and Microsoft applications.

Overview:

The Microsoft Security Compliance Manager takes our extensive guidance and documentation—including the previously stand-alone product-specific security guides—and incorporates it into one tool, enabling you to access and automate all of your organization’s security baselines in a centralized location.

To access the security guidance for Windows client and server operating systems and Microsoft applications, simply download the tool, and select the "Attachments \ Guides" node within each product baseline tree.

Take advantage of the experience of Microsoft security professionals, and reduce the time and money required to harden your environment. This end-to-end Solution Accelerator will help you plan, deploy, operate, and manage your security baselines for Windows client and server operating systems, and Microsoft applications. Access the complete database of Microsoft recommended security settings, customize your baselines, and then choose from multiple formats—including XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP)—to export the baselines to your environment to automate the security baseline deployment and compliance verification process. Use the Security Compliance Manager to achieve a secure, reliable, and centralized IT environment that will help you better balance your organization’s needs for security and functionality.

Key Features & Benefits

  • Integration with the System Center 2012 Process Pack for IT GRC: Product configurations are integrated into the Process Pack for IT GRC to provide oversight and reporting of your compliance activities.
  • Gold master support: Import and take advantage of your existing Group Policy or create a snapshot of a reference machine to kick-start your project.
  • Configure stand-alone machines: Deploy your configurations to non-domain joined computers using the new GPO Pack feature.
  • Updated security guidance: Take advantage of the deep security expertise and best practices in the updated security guides and the attack surface reference workbooks to help reduce the security risks that you consider to be the most important.
  • Centralized Management of Your Baseline Portfolio: The centralized management console of the Security Compliance Manager provides you with a unified, end-to-end user experience to plan, customize, and export security baselines. The tool gives you full access to a complete portfolio of recommended baselines for Windows client and server operating systems, and Microsoft applications. The Security Compliance Manager also enables you to quickly update the latest Microsoft baseline releases and take advantage of baseline version control.
  • Security Baseline Customization: Customizing, comparing, merging, and reviewing your baselines policy configurations just got easier. Use the customization capabilities of the Security Compliance Manager to duplicate any of the recommended baselines from Microsoft and quickly modify security settings to meet the standards of your organization’s environment.
  • Multiple Export Capabilities: Export baselines in formats like XLS, Group Policy objects (GPOs), Desired Configuration Management (DCM) packs, or Security Content Automation Protocol (SCAP) to enable automation of deployment and monitoring baseline compliance.
  • Available policy configuration baselines include Windows Server 2012, Windows Server 2008 R2 SP1, Windows Server 2008 SP2, Windows Server 2003 SP2, Hyper-V, Windows 8, Windows 7 SP1, Windows Vista SP2, Windows XP SP3, BitLocker Drive Encryption, Windows Internet Explorer 10, Windows Internet Explorer 9, Windows Internet Explorer 8, Microsoft Office 2010 SP1, Microsoft Office 2007 SP2, Exchange Server 2010 SP2 and Exchange Server 2007 SP3.

Click HERE for download

 

Posted by mbertuit | with no comments
Filed under: , , , , , , ,
02-04-2013 14:50

Reminder | System Center Configuration Manager 2012 (SCCM2012) Documentation Library Update for January 2013 !

Hi to All,

Just a reminder for you announce that the System Center Configuration Manager Documentation Library is Updated for January 2013 !

Updated: January 1, 2013

What's New in the Documentation Library for System Center 2012 Configuration Manager, January 2013

The following information lists the topics that contain significant changes since the November 2012 update.

Supported Configurations for Configuration Manager

- Updated for the following information:

  • The WSUS prerequisites for software update points that run on Windows Server 2012.
  • IPv6 support exemptions for mobile devices that are enrolled by Windows Intune and the Windows Intune Connector, and for wake-up proxy.
  • A new section, Operation System Deployment, is added to Function-Specific Requirements. This new section provides information about the requirement for the Automated Installation Kit (Windows AIK) for Configuration Manager without a service pack, and its replacement by the Windows Assessment and Deployment Kit (Windows ADK) for Configuration Manager with SP1.

 
What’s New in Configuration Manager SP1

- Updated to include pull-distribution points and wake-up proxy.

What’s New in the Documentation for Configuration Manager

- Updated for the new section, What's New in the Documentation Library for January 2013. This provides a rollup of significant documentation updates since May 2012.

Planning for Sites and Hierarchies in Configuration Manager

- Added details for site expansion: You must restart the SMS_POLICY_PROVIDER on the primary site after you expand a primary site before new or updated client settings are distributed to clients assigned to that primary site.

Planning for Discovery in Configuration Manager

- Updated to clarify that when Active Directory Forest Discovery discovers a supernet that is assigned to an Active Directory site, Configuration Manager translates the supernet into a boundary as an IP address range.

Planning for Content Management in Configuration Manager

- Updated to clarify that Internet clients that are offered content on Internet-based distribution points never fall back to cloud-based distribution points.

Planning for Site Systems in Configuration Manager

- Updated for the new proxy server configuration that is available in Configuration Manager SP1, for site system roles that require connections to the Internet. This information is also added to Install and Configure Site System Roles for Configuration Manager.

Planning for Communications in Configuration Manager

- Updated the Planning How to Wake Up Clients section for information about wake-up proxy.

Install Sites and Create a Hierarchy for Configuration Manager

- Updated for the following information:

  • The unattended script file details, including new sections for unattended recovery of a primary site or central administration site.
  • Details about the automatic creation of an unattended installation script when you run Setup for Configuration Manager.
  • The command line details for /MANGAELANGS, for managing languages at a previously installed site.


Configuring Settings for Client Management in Configuration Manager

- Updated the Configure Wake on LAN section for information about wake-up proxy.


Configure Database Replicas for Management Points

- Updated for information about the required configurations to use a database replica; you must configure databases to support a Max Text Repl Size of 2 GB.

Manage Cloud Services for Configuration Manager

- Updated to clarify that because Configuration Manager collects data from Windows Azure on an hourly basis, it is possible that data usage can exceed threshold levels that you configure before Configuration Manager can access the data and generate an alert.

Technical Reference for Ports Used in Configuration Manager

- Updated for wake-up proxy communication (client to and from client).

Technical Reference for Log Files in Configuration Manager

- Updated for wake-up proxy communication.

Introduction to Client Deployment in Configuration Manager

- Updated the Monitoring the Status of Client Computers in Configuration Manager section for a list of checks and remediation actions.
 

Prerequisites for Client Deployment in Configuration Manager

- Updated to clarify that BITS is not automatically downloaded during client installation.

Determine How to Manage Mobile Devices in Configuration Manager

- Updated to include enrollment by Windows Intune for devices that run Windows Phone 8, Windows RT, and iOS.

How to Manage Mobile Devices by Using the Windows Intune Connector in Configuration Manager

- New topic for Configuration Manager SP1 that explains how to manage mobile devices that run Windows Phone 8, Windows RTM, iOS, and Android. This mobile device management solution requires a subscription to Windows Intune and uses the Windows Intune connector site system role.

How to Prevent the Client Software from Installing on Specific Computers in Configuration Manager

- Updated to clarify the registry location for 32-bit and 64-bit computers.

About Client Settings in Configuration Manager

- Updated to add information about the wake-up proxy settings for the Power Management group settings.

About Client Installation Properties in Configuration Manager

- Updated to correct the information that the /NotifyOnly property is an MSI property. It was previously documented incorrectly as a CCMSetup property.

Windows Firewall and Port Settings for Client Computers in Configuration Manager

- Updated for information about wake-up proxy communication and a related procedure to configure Windows Firewall to allow TCP/IP ping commands.

Introduction to Content Management in Configuration Manager

- Updated for information about how to move the content library.

Planning for Content Management in Configuration Manager

- Updated for information about the pull-distribution point, a new configuration for distribution points that is available in Configuration Manager SP1. Related information also appears in Configuring Content Management in Configuration Manager and Operations and Maintenance for Content Management in Configuration Manager.

Configuring Content Management in Configuration Manager

- Updated the Install and Configure the Distribution Point section for additional information about the Allow clients to connect anonymously setting.

Introduction to Application Management in Configuration Manager

- Updated for the new deployment types that Configuration Manager SP1 supports and added information about the company portal, used by mobile devices and the Windows Intune connector in Configuration Manager SP1.

How to Create Applications in Configuration Manager

- Updated for the new deployment types for mobile devices that are enrolled by the Windows Intune connector.

How to Create Deployment Types in Configuration Manager

- Updated to clarify that the available requirements depend on the device type that the deployment type is for.

Introduction to Software Updates in Configuration Manager

- Updated to add information about the Windows PowerShell cmdlet that you can use if you want to use a network load balanced (NLB) software update point in Configuration Manager SP1.

How to Create Queries in Configuration Manager

- Updated to add new mobile device types to the sample query to return devices of a specific type.

How to Create Windows Configuration Items for Compliance Settings in Configuration Manager

- Updated to add information about how to create Active Directory settings.

How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager

- Updated to add an example property list entry for the configuration item settings.

Introduction to Endpoint Protection in Configuration Manager

- Updated for a new workflow diagram that shows the steps and processes required to configure Endpoint Protection in Configuration Manager.

How to Create and Deploy Windows Firewall Policies for Endpoint Protection in Configuration Manager

- Updated to clarify that definition updates from a software update automatic deployment rule will continue to be installed, regardless of the antimalware settings.

Example Scenario for Protecting Computers From Malware by Configuring Endpoint Protection in Configuration Manager

- New topic that provides an example scenario for how you can implement Endpoint Protection in Configuration Manager to protect computers from malware attacks.

Scenarios and Solutions Using System Center 2012 Configuration Manager

- New guide that contains example scenario and solutions documentation from the other Configuration Manager guides.

Frequently Asked Questions for Configuration Manager

- Updated questions and answers include:

  • How can I create a collection of Windows 8 computers that are Always On Always Connected capable?
  • Does wake-up proxy have its own service?
  • Does disabling the wake-up proxy client setting remove or just stop the wake-up proxy service on clients?
  • Why does my first connection attempt for Remote Desktop always fail to a sleeping a computer when I use wake-up proxy?

Source

Posted by mbertuit | with no comments
Filed under:
01-25-2013 13:53

Reminder | Change hierarchy option for System Center 2012 Configuration Manager (SCCM 2012)

Hi to all,

Great news, now you can add an central site configuration manager to a existing primary site (stand alone in using the option under !!!

1- Install as the first site in a hierarchy

or

2-Expand an existing stand alone alone primary site into a herarchy

Click here for download SCCM2012

 

Posted by mbertuit | with no comments
Filed under: , , , , , , , , , , , ,
01-23-2013 19:49

Reminder | System Center 2012 Configuration Manager SP1 (SCCM 2012 With SP1) is available on Microsoft Technet !!!

Hi to all,

Just a reminder for you inform that the System Center 2012 Configuration Manager With SP1 is available on Microsoft Technet Website !!!

Click HERE for download

Posted by mbertuit | 1 comment(s)
Filed under: , , , , , , , , , , , , , , , , , ,
01-18-2013 11:13

SCCM 2012 | How to use the Operating System Deployment CreateMedia.exe

Hi to all,

Just an important information if you are intereted by create media option in System Center Configuration Manager 2012:

What's CreateMedia.exe :

Use CreateMedia.exe binary to create media from the command-line or through a script that was implemented by System Center 2012 Configuration Manager Operating System Deployment.

Click HERE for to know more

 

Posted by mbertuit | with no comments
Filed under: , , , , , , ,
11-13-2012 2:10

The Infrastructure Planning and Design team is pleased to announce that the IPD guide for System Center 2012 - Operations Manager (SCOM2012) is now available for download!

Hi to all,

Great news,

The Infrastructure Planning and Design team is pleased to announce that the IPD guide for System Center 2012 - Operations Manager is now available for download!

Download the guide now at http://go.microsoft.com/fwlink/?LinkID=245476

This guide outlines the infrastructure design elements that are crucial to a successful implementation of Operations Manager. It guides you through the process of designing components, layout, and connectivity in a logical, sequential order. You’ll find easy-to-follow steps on identification and design of the required management groups, helping you to optimize the management infrastructure.

Infrastructure Planning and Design streamlines the planning process by:

* Defining the technical decision flow through the planning process.

* Listing the decisions to be made and the commonly available options and considerations.

* Relating the decisions and options to the business in terms of cost, complexity, and other characteristics.

* Framing decisions in terms of additional questions to the business to ensure a comprehensive alignment with the appropriate business landscape.

Tell your peers about IPD guides! Please forward this mail to anyone who wants to learn more about Infrastructure Planning and Design guides.

Join the Beta Program

Subscribe to the IPD beta program and we will notify you when new beta guides become available for your review and feedback. These are open beta downloads. If you are not already a member of the IPD beta program and would like to join, follow these steps:

1. Go here to join the IPD beta program: https://connect.microsoft.com/InvitationUse.aspx?ProgramID=1587&InvitationID=IPDM-QX6H-7TTV&SiteID=14.  If the link does not work for you, copy and paste it into the web browser address bar.

2. Sign in using a valid Windows Live ID.

3. Enter your registration information.

4. Continue to the IPD beta program page, scroll down to Infrastructure Planning and Design, and click the link to join the IPD beta program.

Already a member of the IPD beta program? Go here to get the latest IPD beta downloads:https://connect.microsoft.com/content/content.aspx?ContentID=6556&SiteID=14

Related Resources

Check out all that the Infrastructure Planning and Design team has to offer! Visit the IPD page on TechNet,www.microsoft.com/ipd, for additional information, including our most recent guides.

 

Posted by mbertuit | with no comments
Filed under: , , , , , , , , , , , , , , , , , ,
11-03-2012 1:54

System Center Configuration Manager (SCCM) Documentation Library is Update for October 2012 !!!

Hi to all,

Great news, the System Center Configuration Manager (SCCM) Documentation Library is Update for October 2012 !!!

What's New in the Documentation Library for System Center 2012 Configuration Manager, October 2012

The following information lists the topics that contain significant changes since the September 2012 update.

Supported Configurations for Configuration Manager

- Updated for the following information:

  • SQL Server 2008 R2 is not supported for a database cluster for Configuration Manager.
  • Support statements for embedded operating systems.
  • Configuration Manager SP1 installs SQL Server 2012 Express when you install a secondary site.
  • To install a Configuration Manager site, the remote registry service must be enabled on the computer that hosts the site database.
  • Cloud-based distribution points do not support IPv6, which is a Windows Azure limitation.
  • Windows Server 2008 SP2 x86 is now listed as supported for a distribution point.
  • Removed BITS server extensions as a requirement for distribution points.

What’s New in Configuration Manager SP1

- Updated with a link to Supported Configurations for Configuration Manager for more information about the newly supported operating systems and versions for Configuration Manager SP1. The Endpoint Protection section is also updated for information about the new Definition Update template that you can use with the Create Automatic Deployment Rule Wizard.

PKI Certificate Requirements for Configuration Manager

- Updated with information about the Configuration Manager SP1 cloud-based distribution point service certificate.

Planning for Discovery in Configuration Manager

- Updated for the following:

  • Best practice for Active Directory Forest Discovery to run it at a single site only in the hierarchy if you will enable this discovery method to automatically create boundaries.
  • Configuration Manager SP1 Heartbeat Discovery data records include the version of the Configuration Manager client.


Planning for Site Systems in Configuration Manager

- Updated to clarify that you cannot install a System Center 2012 Configuration Manager management point on a computer that has a Configuration Manager 2007 client installed.


Planning for Sites and Hierarchies in Configuration Manager

- Updated for the Configuration Manager SP1 prerequisite for site expansion that the computer account of the central administration site must be a member of the Administrator group on the stand-alone primary site during the site expansion.


Planning for Communications in Configuration Manager

- Updated for the following clarifications:

  • WINS publishing supports an entry for the first HTTPS management point in a site as well as an entry for the first HTTP management point.
  • Configuration Manager DNS publishing does not support a disjoint namespace.


Planning for Site Operations in Configuration Manager

- Updated with the information that the Update Application Catalog Tables maintenance task applies to all primary sites in the hierarchy.

 
Planning for Security in Configuration Manager

- Updated for the information that if you specify the trusted root key for additional security during client installation, you must also specify the site code, by using the Client.msi property SMSSITECODE=<site code>.


Planning for High Availability with Configuration Manager

- Updated to remove the incorrect statement that clients in the boundaries of a secondary site that has a management point can fall back to using a management point in their assigned site if the management point in the secondary site becomes unavailable.


Install and Configure Site System Roles for Configuration Manager

- Updated for information about how to configure cloud-based distribution points.


Technical Reference for Log Files in Configuration Manager

- Updated with several new log files for Configuration Manager and Configuration Manager SP1.


Step-by-Step Example Deployment of the PKI Certificates for Configuration Manager: Windows Server 2008 Certification Authority

- Updated for a new section, Deploying the Custom Web Server Certificate for Cloud-Based Distribution Points. These instructions provide an example deployment of the Configuration Manager cloud-based service certificate that is required for cloud-based distribution points in Configuration Manager SP1.


Configuration Manager Privacy Statement

- Updated for the latest privacy information for Configuration Manager SP1.


Introduction to Client Deployment in Configuration Manager

- Updated for the following:

  • Information about which features the Configuration Manager SP1 client for Mac computers support and do not support.
  • Information about which features the Configuration Manager SP1 client for Linux and UNIX servers support and do not support.
  • Information about installing the client on Windows Embedded devices that use write filters.


How to Install Clients on Windows Computers in Configuration Manager

- Updated for a new procedure to configure automatic client upgrades in Configuration Manager SP1.


How to Install Clients on Mac Computers in Configuration Manager

- Updated to restructure the information, based on customer feedback.


How to Install Clients on Mobile Devices and Enroll Them by Using Configuration Manager

- Updated to clarify that you can use the domain\username format to enroll a mobile device only if you first enter an email address format, wait for authorization to fail, and then enter your domain account credentials. If you try to use the domain\username format on the initial screen, you will see an error message that says this format not supported.


How to Manage Clients in Configuration Manager

- Updated to correct the temporary folder name for the cache, which is %windir%\ccmcache. This folder name is also corrected in About Client Installation Properties in Configuration Manager.


About Client Settings in Configuration Manager

- Updated for the following:

  • Clarified that the client setting Schedule compliance evaluation is a default value only and can be changed for each deployment.
  • Added the new Computer Agent, PowerShell execution policy value of All Signed, which is new in Configuration Manager SP1 and the new default value. There is also useful information about how to identify if unsigned scripts fail to run because of this client setting.
  • Added the new Computer Agent, Disable deadline randomization setting, which is new to Configuration Manager SP1. This setting determines whether the client uses an activation delay of up to two hours to install required software updates and required applications when the deadline is reached.


About Client Installation Properties in Configuration Manager

- Updated to add the new CCMSetup property of /forceinstall, which lets you specify that any existing Configuration Manager client will be uninstalled before installing the new client. Information is also added about how to specify multiple values for the /skipprereq client installation property.


Example Scenario for Deploying and Managing Configuration Manager Clients on Windows Embedded Devices

- New topic that demonstrates how you might manage embedded devices with write filters in Configuration Manager SP1. It includes installing the client, configuring a maintenance window, client settings, a required application, and Endpoint Protection.


Planning for Content Management in Configuration Manager

- Updated for information about cloud-based distribution points.


How to Create Applications in Configuration Manager

- Updated to add information about the new applications and deployment type lists for Configuration Manager SP1. This information is also added to How to Create Deployment Types in Configuration Manager. This topic also clarifies that you cannot create .appx applications from a Configuration Manager console that runs Windows XP.


How to Create and Deploy Applications for Mac Computers in Configuration Manager

- New topic that provides information about how to create and deploy applications for Mac computers in Configuration Manager SP1.


How to Deploy Applications in Configuration Manager

- Updated with the information that the Deploy automatically according to schedule whether or not a user is logged on option is named Pre-deploy software to the user’s primary device in Configuration Manager SP1. The functionality remains the same.


Introduction to Operating System Deployment in Configuration Manager

- Updated with the tip that you can use the Configuration Manager Upgrade Assessment Tool to help you identify which computers could run Windows 7 or Windows 8.


How to Manage Operating System Images and Installers

- Updated to add a new section for applying software updates to an operating system image, which includes a new Configuration Manager SP1 setting for “continue on error”. This topic also has a new procedure for applying software updates.


How to Manage Boot Images in Configuration Manager

- Updated to add a new section, “Configure Multiple Languages for Boot Image Deployment”.


How to Manage Task Sequences in Configuration Manager

- Updated for Configuration Manager SP1 new options to make the task sequence available.


Operations and Maintenance for Content Management

- Updated to remove the incorrect reference to validating content for distribution groups


How to Deploy Operating Systems by Using PXE in Configuration Manager

- Updated to correct the registry path for the exclusion list.


How to Manage Boot Images in Configuration Manager

- Updated to add the section “Configure Multiple Languages for Boot Image Deployment”.


Task Sequence Steps in Configuration Manager

- Updated for the following:

  • The preprovision BitLocker step.
  • The TPM and PIN option for key management for the Enable BitLocker step.
  • That you can access content from the distribution point in Configuration Manager SP1.
  • That you can use CCMSetup.exe command-line options in the Setup Windows and ConfigMgr step in Configuration Manager SP1.


How to Create Queries in Configuration Manager

- Updated to add the WQL query example for devices of a specific type. For example, this lets you create a collection for just Mac computers, or just Linux servers.


Prerequisites for Compliance Settings in Configuration Manager

- Updated for the required permissions to manage user data and profiles configuration items in Configuration Manager SP1.


How to Create User Data and Profiles Configuration Items in Configuration Manager

- Updated for information about how to enable user data and profiles configuration items in Configuration Manager SP1.


How to Create Windows Configuration Items for Compliance Settings in Configuration Manager

- Updated to add guidance about how to browse to registry settings on remote computers.


How to Create Mac Computer Configuration Items in Configuration Manager

- New topic that provides information about how to create and deploy configuration items for Mac computers in Configuration Manager SP1.

 

Thanks a lot to source !!! The Configuration Manager Writing Team

Posted by mbertuit | with no comments
Filed under: , , , , , , , , , , , , ,
More Posts Next page »