book

Microsoft System Center Configuration Manager Advanced Deployment

Name: Microsoft System Center Configuration Manager Advanced Deployment
Author: Martyn Coupland
ISBN: 9781782172086

by Martyn Coupland

September 2014

Intermediate to advanced

290 pages

6h 48m

English

Packt Publishing

Read now

Unlock full access

Microsoft System Center Configuration Manager Advanced Deployment
Table of Contents
Microsoft System Center Configuration Manager Advanced Deployment
Credits
About the Author
Acknowledgments
About the Reviewers
www.PacktPub.com
Support files, eBooks, discount offers, and moreWhy subscribe?Free access for Packt account holdersInstant updates on new Packt books
Preface
What this book covers
What you need for this book

Who this book is for
Conventions
Reader feedback
Customer support
Downloading the example codeErrataPiracyQuestions
1. Designing Complex Hierarchies
Selecting the appropriate site system serverWhen to use a central administration siteDetermining the location of primary sitesWorking with secondary sitesClient countTraffic controlThe local management pointWhat should you do when you are unsure?
Designing fault-tolerant hierarchies
Fault tolerance in site systemsFault tolerance in site-system roles
Backup and recovery in Configuration Manager
Advanced backup optionsAdditional backup tasksRestoring a Configuration Manager sitePost recovery tasks to complete the recovery
Designing to support trusted forests
Designing to support nontrusted forests
Designing a sample hierarchy
Business requirementsDesign assumptions and risksPlanning the new hierarchyDirectly addressing the stated requirementsPlanning for the SQL Server configurationPlanning for fault tolerance and high availabilityDefining the business benefitsDelivering the design documentationDesign diagrams
Summary
2. Implementing Security with Certificates
Planning for the use of certificates
Setting up a secure communication
Preparing the certificate authoritySetting up certificate services using the user interfaceSetting up certificate services using PowerShellConfiguring certificate templatesCreating the web server certificate templateCreating the client certificate for distribution pointsCreating the client certificate for Windows computersIssuing certificate templatesRequesting the web server certificateRequesting the client certificate for distribution pointsExporting the distribution point client certificateDeploying the client certificate for Windows workstationsConfiguring IIS to use the distribution point certificate
Configuring Configuration Manager
Configuring distribution points to use certificatesConfiguring management points to use certificates
Deploying certificates to workgroup computers
Summary
3. Working with Inventory, Asset Intelligence, and Software Metering
Configuring the software and hardware inventoryPlanning the configuration of inventoryConfiguring the hardware inventoryConfiguring the required settingsInitiating inventory cycles manually
Using the inventory data to your advantage
Controlling the inventory with control filesTracking assets with the inventoryTracking build cycles with the registryPreparing the MOF filesImport custom modificationsTracking with reports
Making use of software metering
Modifying metering retentionViewing metering dataRemoving unused software with metering data
Real-world use of asset intelligence
Licensing with asset intelligence
Controlling applications with the inventory data
Using security groups for application control
Summary
4. Security with Endpoint Protection
Configuring the endpoint protection infrastructureDeploying the endpoint protection pointDeploying the endpoint protection point with the consoleDeploying the endpoint protection point with PowerShellAbout the Microsoft Active Protection Service
Creating endpoint protection policies
Deploying endpoint protection policiesImporting predefined policy templates
Deploying endpoint protection definition updates
Setting up the software update pointUsing automatic deployment rules
Deploying endpoint protection agents
Deploying agents using client settings policiesDeploying endpoint protection in your image
Responding to threats
Monitoring endpoint protectionManaging threat alertsTesting endpoint protection with EICAR
Controlling the Windows Firewall
Summary
5. Advanced Content Management
Deploying distribution pointsPlanning for the placement of distribution pointsPlacement of distribution points with fast connectivityPlacement of distribution points with slow connectivityCreating distribution points using the consoleCreating distribution points using PowerShell
How to deploy cloud distribution points
How the service worksCreating the management certificateCreating the certificate templateHow to enroll the certificateExporting the management certificateUploading the management certificate to Windows AzureCreating the cloud distribution pointCreating the DNS entryAllowing clients to use cloud distribution points
Understanding the content library
Anatomy of the content libraryPackage libraryData libraryFile libraryContent actions
Introducing network caching
Recommendations for where caching devices exist
Working with data deduplication
Deduplication on the content sourceDeduplication on the distribution pointEvaluating data deduplication
Summary
6. Application Deployment
Introducing the application modelApplication management workflowExploring the elements of an applicationUsing application requirementsUsing application dependenciesSample application deploymentUsing application detection methodsUsing simulated deploymentsSuperseding applicationsHow to specify a relationshipTargeting multiple platformsMaking applications persistent
Deploying virtual applications
Using virtual environments
How the application model works
When to use packages
Usage scenarios for packages
Summary
7. Deploying Windows 8.1 and Windows Server 2012 R2
Introduction to operating system deploymentBenefits of deploying standard images
Integrating the Microsoft Deployment Toolkit
Installing the console extensionsConfiguring the deployment shareConfiguring the deployment database
Creating custom boot images
Adding drivers to boot imagesAdding components to boot images
Maintaining a driver library
Managing drivers using driver packagesSearching and downloading driversExtracting drivers and creating a repositoryImporting drivers into Configuration ManagerAssigning driver packages to task sequences
Creating reference images
Deciding on your image formatCapturing and deploying thick imagesCapturing and deploying thin imagesCapturing and deploying hybrid imagesMaintaining versions on your images
Using images in virtual environments
Creating VHD files using task sequencesCreating the task sequence for the VHDCreating the VHD
Deploying your captured images
Configuring the task sequence informationEditing the task sequenceMaking your task sequence available
Summary
8. Deploying Security Updates
Software updatesThe anatomy of software update deploymentIntroducing software update groupsIntroducing deployment packagesIntroducing automatic deployment rulesHow software update synchronization worksSynchronization on child sites
Designing a software update infrastructure
Capacity planning of the software updates infrastructureHow to design the infrastructure for software updatesPlanning the placement of software update pointsUsing an existing WSUS server as the sourcePlanning for the switching of software update points
Monitoring software updates
Viewing compliance using reportingMonitoring compliance with baselines
A sample scenario to patch workstations
Customer requirementsImplementing the infrastructure for patchingDeploying a single software update pointDeploying multiple software update pointsSoftware update point design decisionsConfiguring the software update point componentDeploying patches to pilot devicesCreating automatic deployment rulesDeploying patches to live devicesReporting patch complianceObtaining compliance with a compliance baseline
A sample scenario to patch servers
Customer requirementsConfiguring maintenance windowsApplying maintenance windows to collectionsConfiguring automatic deployment rules and deployments
Summary
9. Advanced Reporting
Report BuilderDeveloping reports using Report BuilderRequirements for reportsConfiguring Report Builder for Configuration Manager
Creating custom reports
Defining the report requirementsCreating the initial report layoutAdding the data source to the reportCreating the first reportCreating the parameter for the reportCreating the results datasetFormatting and displaying the dataCreating the second reportCreating the dataset for the report
Creating custom charts
Working with chart componentsConfiguring data visualizations
Optimizing query performance
Configuring report subscriptions
Creating report subscriptions
Summary
10. Preventing Configuration Drift
An introduction to compliance settingsUse cases for compliance settingsRemedying of noncompliant clients
Example scenarios for compliance monitoring
Monitoring application-specific settingsCreating the configuration itemCreating the configuration baselineDeploying the configuration baselineMonitoring the deploymentRemediating the file presenceMonitoring unauthorized software applicationsCreating the configuration itemCreating the configuration baselineRemoving the software where it is detected
Summary
11. Managing Bring Your Own Device and Mobility
Deploying company resource profilesManaging Wi-Fi profiles with Configuration ManagerManaging certificates with Configuration ManagerCreating certificate profilesManaging VPN profiles with Configuration Manager
Managing Internet-based devices
How Internet-based client management worksFunctionality in Internet-based client managementRequirements for Internet-based client managementUsing Internet-based client management
Using the Microsoft Exchange connector
Connecting to Exchange using the connectorManaging ActiveSync devices
Using Windows Intune
Requirements for Windows IntuneDeploying the Windows Intune connectorEnrolling mobile devices with Windows Intune
Summary
12. Advanced Troubleshooting
Error tracing in Configuration ManagerModifying the logging options for componentsWhere to find specific logfiles
Using the Configuration Manager toolkit
Using server-based diagnostic toolsUsing the DP job manager toolUsing the collection evaluation viewer toolUsing the content library explorer toolUsing the content ownership toolUsing client-based diagnostic toolsUsing the Client Spy toolUsing the Policy Spy toolUsing the deployment monitoring tool
Using the service manager utility
Determining when to use the utilityRestarting Configuration Manager services
Real-world scenarios
Troubleshooting content distribution errorsTroubleshooting deployment errorsTroubleshooting site system errors
Summary
Index

Content preview from Microsoft System Center Configuration Manager Advanced Deployment

Controlling applications with the inventory data

It is not uncommon for organizations to provide applications based on roles. For example, users in finance may get one set of applications, and users within HR may get another set of applications.

Another scenario that is common is controlling installs and uninstalls via security groups in Active Directory. A lot has been written about the best way to populate collections. If a specific method fits your organization, then use it; you will end up with the same results.

Using security groups for application control

This method of controlling applications uses a combination of inventory and security groups in Active Directory. The basic principle behind this is as follows:

Add the user to the Active Directory ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Deploying Microsoft System Center Configuration Manager

Publisher Resources

ISBN: 9781782172086

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Microsoft System Center Configuration Manager Advanced Deployment

by Martyn Coupland

Controlling applications with the inventory data

Using security groups for application control

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.