settings management in configmgr 2012, not your plain old dcm
DESCRIPTION
More info on http://www.techdays.beTRANSCRIPT
Settings management in ConfigMgr 2012Sub-title
Kim OppalfensSenior Consultant, Inovativ
Not your plain old DCM
Agenda
Compliance and settings management visionFeatures and improvements done in ConfigMgr 2012 Usage scenarios
VisionPillars:
Simplify administrator experience Embrace “user centric” managementIntegrate architecture, infrastructure, administrator experience
Key Concepts
BaselineGroup of CIs with presence rules.
Configuration Item Configuration model defined
for OS , Application (settings,
rules, applicability )
WMI
XML
Registry
IIS
MSI
Agent discovers CIs,
validates data against
rules, remediates and
reports compliance
Script
SQL
SoftwareUpdates
File
ActiveDirectory
ConfigMgr AgentCollection
Deploymen
t
Monitor/remediate
Features and Improvements
• Unified compliance-settings mgmt across client types• Simplify administrator experience• Deployment of Baselines • User and Device targeting of Baselines • Define compliance SLAs for Baseline deployments and generate Alerts
• Monitoring Baseline deployment compliance status• In Console monitoring• Updated reports to include remediation, conflict and error reporting
• Automatic remediation (aka DCM “set”)• CI revisioning and change control
Role Base Access Control Scenario: Built in Compliance and Settings Management Role. Design principal: Just view and manage objects relevant for Compliance and Settings Management Role within console.
Browse on gold system when creating CIsScenario: Simplify configuration item creation. Design principal: Admin can create DCM setting and rule without typing.
Browse local / remote machineRegistry and File System only
Demodemo
Creating configuration items by browsing gold system
User or Device Targeting Scenario: Deploy policy to users or devices, remediate and report compliance for user or device.Design principal: Aligning with user centric vision.
If deployed to users evaluation optionsEvaluate Baseline on all devices user logs onEvaluate Baseline on only user’s primary machines
CIs with user settings will be evaluated at log on.
Demodemo
Deploying Baseline to user collections
Compliance SLAs for Baseline deployments
Scenario: Alert admin when target threshold is not met. Design principal: Provide clear in-console alerts per feature scenario
Admin can define Target Compliance SLA % at BL Deployment levelAlerts are generated if SLA is not metReevaluate alert condition in time in future again.
In Console Monitoring Scenario: Allow admin to view BL deployment compliance stats from consoleDesign principal: Show the most important issues admin needs to worry about in priority order within console• Most common Noncompliant/Errors sorted based on # of devices/users Deployed to Users vs
Device• If deployed to user collection, asset details is sorted by user• If deployed to device collection, asset detail is sorted by device
• Reports are available and includes remediation, conflict and error reporting
ReportingLets admin see compliance at a glanceDrill-down to see detailsView Troubleshooting and remediation info
Demodemo Viewing Baseline compliance statistics using new In Console Monitoring UX and Reporting
Monitor vs Remediate Monitoring: We still support monitoring for all Configuration
Manager 2007 setting providers (Registry Key, Registry Value, File, Folder, Script , WMI, XML…..etc)
Check existence of settingCheck value of setting
Remediation: Only supported for Registry-, wmi- and script-based settings and all mobile phone settings
Create setting if not existSet value if not compliantRun remediation scriptRemediate phone settings
Demodemo
Enable remediation
Support for Mobile phonesScenario: Support compliance management for mobile devicesDesign principal: Unified compliance-settings mgmt across client types.
Fully integrated authoring, targeting and reporting experienceEasily build a CI from built-in common settings or create your own settingsCompliance evaluation off-loaded to server to limit battery and cpu impact on mobile Support for WM6.1 and WP 6.5.x
Demo Create and deploy configuration Item for mobile devices
CI Versioning and auditing
Scenario: Support change management for configuration itemsDesign principal: Ability to see revisions of configuration item
view who changed what
Chose to use specific or latest revision of CIs in Baselines.
Migration Scenario: Migrate 2007 Config Packs Design principal: Migration or Import support for all 2007 Packs.
Ability to import 2007 CI and Baselines to 2012 environmentMigration from 2007 hierarchy to 2012 using migration toolMigration or Import will automatically convert v4 schema to v5 schema
New Configuration Packs Customer ask : Server CPs are not updated!.Solution: We will convert following server BPA templates to DCM CIS/BLs, publish them up on ConfigPack catalog and make sure they work with ConfigMgr 2007 and 2012 releases.
SQL Server 2008 R2Exchange Server 2010 SharePoint Server 2007Windows 2008 R2 IIS server, DHCP, TS
What customers will do? Download these new server CPs, deploy to servers and check compliance Note: All BPA rules are converted to DCM settings with PS script type. Rules will check passed/failed.
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.