Microsoft System Center Configuration Manager Advanced Deployment

Microsoft System Center Configuration Manager Advanced Deployment

by Martyn Coupland
Released September 2014
Publisher(s): Packt Publishing
ISBN: 9781782172086

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Design, implement, and configure System Center Configuration Manager 2012 R2 with the help of real-world examples

In Detail

Microsoft System Center Configuration Manager is an enterprise device management solution from Microsoft. It helps manage applications from a single location, managing deployments on single or multiple devices and providing security of data stored on those devices. It contains a large number of features that are not always exposed in every environment. Expanding your knowledge of Configuration Manager will ensure that you and your organization get the best out of your investment in Configuration Manager.

This book will give you thorough insights into Configuration Manager environments from a design perspective. You will understand how proper decisions made at the first stage of a deployment can lead to a successful implementation at the later stages. Following this, you will learn how to secure your site using certificates and also deploy and manage endpoint protection to clients.

What You Will Learn

  • Analyze your environment to provide the best design solution
  • Secure your environment using certificates and encryption
  • Address challenges with unwanted application installations
  • Provide a secure operating system with endpoint protection
  • Learn how content management works in Configuration Manager
  • Deploy complex desktop and server operating systems
  • Keep your environment up to date with security updates
  • Manage mobile devices and Bring Your Own Device (BYOD)

Table of contents

  1. Microsoft System Center Configuration Manager Advanced Deployment
    1. Table of Contents
    2. Microsoft System Center Configuration Manager Advanced Deployment
    3. Credits
    4. About the Author
    5. Acknowledgments
    6. About the Reviewers
    7. www.PacktPub.com
      1. Support files, eBooks, discount offers, and more
        1. Why subscribe?
        2. Free access for Packt account holders
        3. Instant updates on new Packt books
    8. Preface
      1. What this book covers
      2. What you need for this book
      3. Who this book is for
      4. Conventions
      5. Reader feedback
      6. Customer support
        1. Downloading the example code
        2. Errata
        3. Piracy
        4. Questions
    9. 1. Designing Complex Hierarchies
      1. Selecting the appropriate site system server
        1. When to use a central administration site
        2. Determining the location of primary sites
        3. Working with secondary sites
          1. Client count
          2. Traffic control
          3. The local management point
          4. What should you do when you are unsure?
      2. Designing fault-tolerant hierarchies
        1. Fault tolerance in site systems
        2. Fault tolerance in site-system roles
      3. Backup and recovery in Configuration Manager
        1. Advanced backup options
        2. Additional backup tasks
        3. Restoring a Configuration Manager site
          1. Post recovery tasks to complete the recovery
      4. Designing to support trusted forests
      5. Designing to support nontrusted forests
      6. Designing a sample hierarchy
        1. Business requirements
          1. Design assumptions and risks
        2. Planning the new hierarchy
          1. Directly addressing the stated requirements
          2. Planning for the SQL Server configuration
          3. Planning for fault tolerance and high availability
        3. Defining the business benefits
        4. Delivering the design documentation
        5. Design diagrams
      7. Summary
    10. 2. Implementing Security with Certificates
      1. Planning for the use of certificates
      2. Setting up a secure communication
        1. Preparing the certificate authority
          1. Setting up certificate services using the user interface
          2. Setting up certificate services using PowerShell
        2. Configuring certificate templates
          1. Creating the web server certificate template
          2. Creating the client certificate for distribution points
          3. Creating the client certificate for Windows computers
          4. Issuing certificate templates
          5. Requesting the web server certificate
          6. Requesting the client certificate for distribution points
            1. Exporting the distribution point client certificate
          7. Deploying the client certificate for Windows workstations
          8. Configuring IIS to use the distribution point certificate
      3. Configuring Configuration Manager
        1. Configuring distribution points to use certificates
        2. Configuring management points to use certificates
      4. Deploying certificates to workgroup computers
      5. Summary
    11. 3. Working with Inventory, Asset Intelligence, and Software Metering
      1. Configuring the software and hardware inventory
        1. Planning the configuration of inventory
          1. Configuring the hardware inventory
            1. Configuring the required settings
          2. Initiating inventory cycles manually
      2. Using the inventory data to your advantage
        1. Controlling the inventory with control files
        2. Tracking assets with the inventory
          1. Tracking build cycles with the registry
            1. Preparing the MOF files
            2. Import custom modifications
          2. Tracking with reports
      3. Making use of software metering
        1. Modifying metering retention
        2. Viewing metering data
        3. Removing unused software with metering data
      4. Real-world use of asset intelligence
        1. Licensing with asset intelligence
      5. Controlling applications with the inventory data
        1. Using security groups for application control
      6. Summary
    12. 4. Security with Endpoint Protection
      1. Configuring the endpoint protection infrastructure
        1. Deploying the endpoint protection point
        2. Deploying the endpoint protection point with the console
          1. Deploying the endpoint protection point with PowerShell
        3. About the Microsoft Active Protection Service
      2. Creating endpoint protection policies
        1. Deploying endpoint protection policies
        2. Importing predefined policy templates
      3. Deploying endpoint protection definition updates
        1. Setting up the software update point
        2. Using automatic deployment rules
      4. Deploying endpoint protection agents
        1. Deploying agents using client settings policies
        2. Deploying endpoint protection in your image
      5. Responding to threats
        1. Monitoring endpoint protection
        2. Managing threat alerts
        3. Testing endpoint protection with EICAR
      6. Controlling the Windows Firewall
      7. Summary
    13. 5. Advanced Content Management
      1. Deploying distribution points
        1. Planning for the placement of distribution points
          1. Placement of distribution points with fast connectivity
          2. Placement of distribution points with slow connectivity
        2. Creating distribution points using the console
        3. Creating distribution points using PowerShell
      2. How to deploy cloud distribution points
        1. How the service works
        2. Creating the management certificate
          1. Creating the certificate template
          2. How to enroll the certificate
          3. Exporting the management certificate
        3. Uploading the management certificate to Windows Azure
        4. Creating the cloud distribution point
        5. Creating the DNS entry
          1. Allowing clients to use cloud distribution points
      3. Understanding the content library
        1. Anatomy of the content library
          1. Package library
          2. Data library
          3. File library
        2. Content actions
      4. Introducing network caching
        1. Recommendations for where caching devices exist
      5. Working with data deduplication
        1. Deduplication on the content source
        2. Deduplication on the distribution point
        3. Evaluating data deduplication
      6. Summary
    14. 6. Application Deployment
      1. Introducing the application model
        1. Application management workflow
        2. Exploring the elements of an application
          1. Using application requirements
          2. Using application dependencies
            1. Sample application deployment
          3. Using application detection methods
          4. Using simulated deployments
        3. Superseding applications
          1. How to specify a relationship
        4. Targeting multiple platforms
        5. Making applications persistent
      2. Deploying virtual applications
        1. Using virtual environments
      3. How the application model works
      4. When to use packages
        1. Usage scenarios for packages
      5. Summary
    15. 7. Deploying Windows 8.1 and Windows Server 2012 R2
      1. Introduction to operating system deployment
        1. Benefits of deploying standard images
      2. Integrating the Microsoft Deployment Toolkit
        1. Installing the console extensions
        2. Configuring the deployment share
        3. Configuring the deployment database
      3. Creating custom boot images
        1. Adding drivers to boot images
        2. Adding components to boot images
      4. Maintaining a driver library
        1. Managing drivers using driver packages
          1. Searching and downloading drivers
          2. Extracting drivers and creating a repository
          3. Importing drivers into Configuration Manager
          4. Assigning driver packages to task sequences
      5. Creating reference images
        1. Deciding on your image format
          1. Capturing and deploying thick images
          2. Capturing and deploying thin images
          3. Capturing and deploying hybrid images
        2. Maintaining versions on your images
      6. Using images in virtual environments
        1. Creating VHD files using task sequences
          1. Creating the task sequence for the VHD
          2. Creating the VHD
      7. Deploying your captured images
        1. Configuring the task sequence information
        2. Editing the task sequence
        3. Making your task sequence available
      8. Summary
    16. 8. Deploying Security Updates
      1. Software updates
        1. The anatomy of software update deployment
          1. Introducing software update groups
          2. Introducing deployment packages
          3. Introducing automatic deployment rules
        2. How software update synchronization works
          1. Synchronization on child sites
      2. Designing a software update infrastructure
        1. Capacity planning of the software updates infrastructure
        2. How to design the infrastructure for software updates
          1. Planning the placement of software update points
          2. Using an existing WSUS server as the source
          3. Planning for the switching of software update points
      3. Monitoring software updates
        1. Viewing compliance using reporting
        2. Monitoring compliance with baselines
      4. A sample scenario to patch workstations
        1. Customer requirements
        2. Implementing the infrastructure for patching
          1. Deploying a single software update point
          2. Deploying multiple software update points
          3. Software update point design decisions
        3. Configuring the software update point component
        4. Deploying patches to pilot devices
          1. Creating automatic deployment rules
        5. Deploying patches to live devices
        6. Reporting patch compliance
          1. Obtaining compliance with a compliance baseline
      5. A sample scenario to patch servers
        1. Customer requirements
        2. Configuring maintenance windows
          1. Applying maintenance windows to collections
        3. Configuring automatic deployment rules and deployments
      6. Summary
    17. 9. Advanced Reporting
      1. Report Builder
        1. Developing reports using Report Builder
          1. Requirements for reports
        2. Configuring Report Builder for Configuration Manager
      2. Creating custom reports
        1. Defining the report requirements
        2. Creating the initial report layout
        3. Adding the data source to the report
        4. Creating the first report
          1. Creating the parameter for the report
          2. Creating the results dataset
          3. Formatting and displaying the data
        5. Creating the second report
          1. Creating the dataset for the report
      3. Creating custom charts
        1. Working with chart components
        2. Configuring data visualizations
      4. Optimizing query performance
      5. Configuring report subscriptions
        1. Creating report subscriptions
      6. Summary
    18. 10. Preventing Configuration Drift
      1. An introduction to compliance settings
        1. Use cases for compliance settings
        2. Remedying of noncompliant clients
      2. Example scenarios for compliance monitoring
        1. Monitoring application-specific settings
          1. Creating the configuration item
          2. Creating the configuration baseline
          3. Deploying the configuration baseline
          4. Monitoring the deployment
          5. Remediating the file presence
        2. Monitoring unauthorized software applications
          1. Creating the configuration item
          2. Creating the configuration baseline
          3. Removing the software where it is detected
      3. Summary
    19. 11. Managing Bring Your Own Device and Mobility
      1. Deploying company resource profiles
        1. Managing Wi-Fi profiles with Configuration Manager
        2. Managing certificates with Configuration Manager
          1. Creating certificate profiles
        3. Managing VPN profiles with Configuration Manager
      2. Managing Internet-based devices
        1. How Internet-based client management works
        2. Functionality in Internet-based client management
        3. Requirements for Internet-based client management
        4. Using Internet-based client management
      3. Using the Microsoft Exchange connector
        1. Connecting to Exchange using the connector
        2. Managing ActiveSync devices
      4. Using Windows Intune
        1. Requirements for Windows Intune
        2. Deploying the Windows Intune connector
        3. Enrolling mobile devices with Windows Intune
      5. Summary
    20. 12. Advanced Troubleshooting
      1. Error tracing in Configuration Manager
        1. Modifying the logging options for components
        2. Where to find specific logfiles
      2. Using the Configuration Manager toolkit
        1. Using server-based diagnostic tools
          1. Using the DP job manager tool
          2. Using the collection evaluation viewer tool
          3. Using the content library explorer tool
          4. Using the content ownership tool
        2. Using client-based diagnostic tools
          1. Using the Client Spy tool
          2. Using the Policy Spy tool
          3. Using the deployment monitoring tool
      3. Using the service manager utility
        1. Determining when to use the utility
        2. Restarting Configuration Manager services
      4. Real-world scenarios
        1. Troubleshooting content distribution errors
        2. Troubleshooting deployment errors
        3. Troubleshooting site system errors
      5. Summary
    21. Index

Product information

  • Title: Microsoft System Center Configuration Manager Advanced Deployment
  • Author(s): Martyn Coupland
  • Release date: September 2014
  • Publisher(s): Packt Publishing
  • ISBN: 9781782172086