Articles from October 2011



Configuration Manager Package Conversion Manager RC released

Yesterday was a very nice day for the Configuration Manager community with the release of Configuration Manager 2012 RD (with FEP 2012 RC) and System Center P2V Migration Toolkit RC. Today I found out that also the release candidate of the Configuration Manager Package Conversion Manager is released. The Configuration Manager Package Conversion Manager will help you with the conversion of your legacy Configuration Manager 2012 packages. A very nice enhancement of Configuration Manager 2012.

Configuration Manager Package Conversion Manager brings us the following key features:

  • Analyzes Packages. PCM’s analysis engine determines whether Configuration Manager packages are ready and can be converted to Configuration Manager 2012 Applications. Readiness states include “Unknown”, “Automatic”, “Manual”, “Not Applicable” and “Converted”.
  • Automatic Conversion. Allows a PCM admin to pick a single or multiple packages for automatic conversion.
  • Fix and Convert Wizard. Allows a PCM admin to pick a single package to fix a variety of issues to allow conversion. These fixes include editing the detection method, ordering programs, discovering dependent programs and selecting collection requirements associated with a deployment type for conversion.
  • Package Conversion Dashboard. PCM’s Conversion Dashboard shows the current state of conversion on all packages.
  • Online Help. PCM’s Online Help on TechNet explains the functionality of the Feature Pack download. The location is here.
  • PCMTrace.log. PCMTrace.log captures the actions and errors that occur during the conversion process.
Read more about the Package Conversion Manager in an earlier blog that I wrote. Download the Package Conversion Manager here!

Configuration Manager 2012 and Forefront Endpoint Protection 2012 RC versions released!

It is a very nice day, afterI found out earlier today that the Configuration Manager P2V Migration Toolkit was  released earlier this week, just a minute ago the news came that also the Configuration Manager 2012 and Forefront Endpoint Protection RC versions are released! (thanks Kent!)

You are able to download the bits here: http://www.microsoft.com/en-us/server-cloud/system-center/configuration-manager.aspx

Now, let’s rebuild my lab and check all the written content for the Mastering System Center Configuration Manager 2012 book!

Configuration Manager P2V Migration toolkit RC released

A couple of days ago the Configuration Manager Physical to Virtual Migration Toolkit release candidate was released. The Configuration Manager P2V Migration Toolkit is especially designed for Configuration Manager 2007 environments where there are branch offices with Configuration Manager site server hardware that needs to be reused while migrating to Configuration Manager 2012.

Since there is no in place upgrade path to Configuration Manager 2012, the Configuration Manager P2V Migration Toolkit brings the support to migrate the Configuration Manager 2007 site server side-by-side to Configuration Manager 2012.

The features of the Configuration Manager P2V Migration Toolkit are covered in an earlier blog but the Release Candidate brings not only bug fixes but also the following improvements:

  • Added support for high contrast, keyboard shortcuts and keyboard navigation.
  • Added additional support for critical boot drivers to enhance IDE disk driver support in the virtual instance.

If you want to test the Release Candidate of the Configuration Manager P2V Migration Toolkit, click here to download. Now let’s wait until the Release Candidate version of Configuration Manager 2012 is released ;)

 

Configuration Manager 2012 CEP Remote Control session summary

After a period without any Community Evaluation Program session, another session was held today. This time Eric Orman presented the latest information about the Remote Control feature in Configuration Manager 2012.

Like mentioned earlier the gold (CTRL-ALT-DEL) key is back! Woho! The feature is rewritten from scratch because of security issues like there where in SMS 2003 and earlier. Let’s see what’s there

Ability to send CTRL-ALT-DEL keystroke to host device

  • Switch users during an active session
  • Control a locked desktop
  • Access the secure desktop (SAS Secure desktop)
  • Ability to access winlogon screen
  • Ability to handle UAC prompts

Granular client agent settings at a collection level

  • Allows specifying different Remote Control client agent settings for different groups of machines using collections
  • Includes:
    • Remote Desktop and Remote Assistance
    • Permitted viewers list
    • Remote Control is integrated with the Software Center.

Client Agent Settings changed

There are two new settings for client agent settings:

  1. “Allow remote control of unattended computers”
  2. “Grand remote control permissions to local administrator group”

The following setting is changed

  • Default value new “false” for “Users can change policy or notification settings in Software Center”

New: Firewall exception rules (in RC build)

New in the RC Build of Configuration Manager 2012 are the Firewall exception rule for port 2701 (TCP). The exception rule is tied to the  Remote Control agent. When the agent is disabled the exception rule is also disabled. The rule can be configured via the client settings.

New: ability to lock the keybord and mouse of the controlled host

When the users perform CTRL-ALT-DEL to disconnect sessions while controlling the host, the desktop will lock to ensure security. The user cannot take over the session like in earlier versions.

Sent CTRL-Alt-Del and lock keybord / mouse features

New: Role based access (RBAC) control integration

  • Specific “Remote Tools” RBA Persona installed by default.
  • Controls “Show me” behavior enabling IT-Pro’s and systems that are in their security scop to run:
    • Remote Control
    • Remote Assistance
    • Remote Desktop
  • Security scope is defined as a system collection
  • IT Pro’s determine what machines are in a collection, assigned the collection to a security scope which is then assigned to “Remote Tools” persona.

Improved: High visibility notification “session  connection bar”

  • Provides  the end user a higher notification than previous SMS/Configuration Manager  products
  • Similar  experience to other Microsoft platforms such as LiveMesh and Remote Desktop Connection (Terminal Services
  • Contextual  test in notification bas that allows user to know how they are being remote  controlled.

Notification bar

Contextual notifications:

  • Full control: “Connected with”
  • Locked Keyboard and Mouse: “Controlled bny”
  • View Only: “Viewed by”

Severed connection

If the  network connection from the host machines becomes disabled or disconnected, the active session will lock the screen and secure the desktop.

What’s Improved in Remote Control:

  • Copy / paste of files or data is fully supported.
  • FQDN support is added, but it is still also using netbios when connecting to a host.
  • Browse the AD option in Permitted Viewers list (instead of txt files which is still supported)
  • Add a shortcut to start menu for Remote Control Viewer

New: Remote Control service:

When the remote control agent is enabled, the service will always run, if it is disabled the service will be disabled. The only way to start the Remote Control service is by enabling the Remote Control feature.

If the service is killed or disabled manually, a health service will start the service again. Remediation will occur. Nice!

New: Multi Monitor support

Remote Control will be able to control a multi monitor host, any size of monitors are supported.

Multi-monitor support

New: Single cursor design:

  • Configuration Manager 2012 uses single cursor design in which the host (end users) mouse  cursor is not rendered back to the viewer. Earlier versions used dual cursor  design.

What’s persisted:

  • Support within an active Remote Desktop session, so you are able to remotely control  VDI sessions.

Auditing of Remote Control

Auditing of remote control sessions is still supported by using the reporting feature (2  reports). It is reported by the viewer in the Configuration Manager 2012 Console and reported to the provider.

Supported platforms for Remote Control:

  • Viewer:  Windows XP (32bits), Vista (32/64), Windows 7 (32/64), Windows Server 2008 R2  (64)
  • Client (Host): Windows XP (32/64), Vista (32/64), Windows 7 (32/64), Windows Server 2003 (32/64), Windows Server 2008 (32/64), Windows Server 2008 R2 (64)

Hardware requirements:

Recommended:

  • Intel  P4, 3ghz, 1gb RAM, 2006 and newer video cards
  • Native  screen resolution 1280×1024
  • Defined as industry average by 2011
  • Recommended system requirements provides optimal user experience

Minimum Bandwidth

  • 128kbps up/down for good user experience

Multi-monitor support up to 8192/8192 resolution

Mirror Driver versus Screen scraper

No mirror  driver is used anymore, Configuration Manager is using screen scraper. If  something is changed, only the changed bitmaps are sent to the remote session.

Mirror driver Screen scraper
Driver installation Required Not needed
Bandwidth Low Lower
CPU utilization Lower Medium
Application compat issues Yes None
Aero glass Not supported Supported
ClearType Supported, causes  increased bandwidth Supported, no impact  on bandwidth
Bandwidth usage for GDI heavy scenarios Higher Low
Screen mispaints More Less
Mirror driver  servicing Required Not required
RDS support Not for XP and Windows Server 2003 All supported  platforms
Chipset / Graphics  driver compat. Less Yes

 

Optimizing performance

  • Screen  scraper limits the ability to tweak settings to improve performance
  • The only methods to optimize and increase performace are:
    • Reduce  screen resolution of host system
    • Disable  aero
    • Ensure  proper video card driver is installed.

Keyboard shortcuts

Overview keybord shortcuts

Compatibility

The Remote  Control feature in Configuration Manager 2012 is not compatible with previous  versions of SMS/Configuration Manager Remote Tools. Like mentioned earlier, the  feature is completely rewritten. It is based on the same platform as Office  Communicator 2007 R2 / Lync and LiveMesh Remote Desktop.

Security

The feature  is FIPS compliant, the goal is that the feature is certified when Configuration  Manager 2012 will be released. User authentication utilized SPNEFO authentication  protocol with Kerberos if available or NTLM for workgroups or non-trusted AD
forests. It uses Secure Communication Encryption with AES+SHA1, and 128 bit AES  key.

Comparison chart

Comparison chart

The  documentation about Configuration Manager 2012 is also updates lately, so check  it out if you want! http://technet.microsoft.com/en-us/library/gg682062.aspx

Another great feature which is embedded into Configuration Manager 2012, I can’t wait until RC is coming up.. ;)

Till next  time.

Peter

Configuration Manager 2012 CEP session about Remote Control

A couple of days ago I wrote a blog about the changed dates for the Configuration Manager 2012 Community Evaluation Program. Some of the planned sessions did not yet have any subject. Yesterday the CEP team announced that the subject of session next (19/10/2011) week will be “Remote Control in Configuration Manager 2012″.

The CEP team invites you: “Remote Control gold key is back but there’s more! Please join us and our presenter Eric Orman, System Center Configuration Manager Program Manager for Remote Control, to hear about the new features and functionality in Configuration Manager 2012 Remote Control. 

Please note the time change to 8:00 AM Pacific Time.  “

Join the Community Evaluation Program or read the summary at this site after the session is being held.

 

Configuration Manager 2012 CEP dates changed

Checking the dates for the Configuration Manager 2012 Community Evaluation Program today learned me that some dates are added and changed since the original list was published. Last week the session was cancelled but since then three more sessions where added to the list!

Date Subject
10/19/2011 Remote Control
11/2/2011 Looking Ahead to the RC
11/16/2011 Subject unknown

Join the Community Evaluation Program or read the summary at this site after the session is being held.

MDT 2012 integration in Configuration Manager 2012 – part 2

It has been a while that I blogged about the Microsoft Deployment Toolkit 2012 integration with Configuration Manager 2012. Let’s see today how you are able to create a task sequence and what you are able to do with it.

When being in the Configuration Manager 2012 Console, go to the Software Library workspace and browse to Operating Systems and Task Sequences. From there click on the Create MDT Task Sequence button in the home ribbon.

The Create MDT task sequence will start and let’s choose Client Task Sequence. Other options are Client Replace Task Sequence, OEM Preload Task Sequence (Post-OEM), OEM Preload Task Sequence (Pre-OEM), Microsoft Deployment Custom Task Sequence, Server Task Sequence and User Driven Installation Task Sequence. In the following blogs I will come back at all the different Task Sequences.

Select the right task sequence template

Give the Task Sequence a name and click on Next to proceed configuring the Task Sequence.

Supply a name for the Task Sequence

Supply details about the domain you are joining, the account which is used to join the workstation to the domain and the Windows Settings.

Select the components for your new Boot Image

If you don’t want to backup a computer before reimaging, click on Next. Select or create a new Boot image, based on the Microsoft Deployment Toolkit. Let’s create a new one for this blog so supply an UNC path and click on next. After that supply the name and version of the boot image and click on next. Select the Boot Image components. Go further with configuring.

When being in the testing phase select the enable command support (F8) at the customizations screen and click on next. After creating a custom boot image, let’s supply the information to create a Microsoft Deployment Toolkit 2012 package. Next you need to select the Windows Image that you want to deploy.

If don’t already have a Configuration Manager 2012 Client package, you are able to let the wizard create a package for you.

Create a new Conifguration Manager 2012 Client package

The next step is to use or create an User State Migration Toolkit 4 package, let’s create one and supply the information (UNC path for the source, name and version etc) to create a new one. Next you need to create a new Settings package, in this package a new customsettings.ini and unattended.xml is deployed.

Skip the Sysprep package since we will deploy a Windows 7 image and finish the Wizard.

While creating the MDT Task Sequence, the boot image, Configuration Manager Client package, USMT package and settings package are created. Be sure to place them on the distribution points in your environment.

While creating the boot image you see some action in the package source folder and in the process bar.

The WIM file is being created

Monitor the progress bar

Let’s see how the just created Task Sequence looks like by selecting the Task Sequence and clicking on the edit button in the home ribbon.

Task Sequence full of tasks

As you see a lot more tasks in the task sequence are there, this is because this one task sequence supports three deployment scenario’s, the refresh scenario, new computer and the replace scenario (in combination with the Client Replace Task Sequence). Further
scripts that make the deployment of a Windows image smoother are added to the task sequence.

Next you need to deploy this task sequence to a collection and be sure to copy all the related content to the distribution points like mentioned earlier. Also be sure to enable the new boot image for booting with PXE.

Boot your machine into PXE and depending of your task sequence and deployment the deployment will start automatically or you need to entwer WinPE by pressing F12 while booting into PXE.

Windows 7 is being installed

 

Earlier blogs about the MDT 2012 integration with Configuration Manager 2012:

Till next time!

The features of Configuration Manager 2012 overview – part 6

While being on holiday I have some time to write another blog in the “The features of Configuration Manager 2012 overview”-series, this time I like to write about some less know features like Out-of-Band Management and Power Management and one of the changed features Remote Control.

Out-of-Band Management

With Out-of-Band Management in Configuration Manager 2012 you are able to connect to a computer’s Active Management Technology (AMT) management controller when a computer is turned off, in hibernation mode or unresponsive via the operating system. You find Active Management Technology support into Intel vPro chipset versions.

Out-of-band options for a collection

Out-Of-Band Management in Configuration Manager adds functionality to the in-band management based on the Client Server principle. When a by Configuration Manager managed computer does not function right or the operating system is corrupt or not available, you can use Out-of-Band Management to get control again by booting in PXE and deploying a new Operating System without getting local access to the computer.

With Out-of-Band management you are able to perform the following tasks:

  • Powering on or powering off one or more computers for maintenance or when a computer is unresponsive
  • If a computer is not functioning in the right way, you are able to boot the computer from a locally connected device or booting by PXE so Configuration Manager can reimage the computer.
  • Changing BIOS settings on a selected computer.
  • Booting into a command line based operating system to run commands, repair utilities, or diagnostic applications.
  • Using wake on LAN to be able to deploy scheduled software of software updates deployments.

Select to Power on, Power Down or Restart all computers in a collection

To secure out-of-band management, you are able to configure 802.1X for wired and wireless configurations, you can also use unauthenticated wired connections. Out-of-band management also supports:

  • Auditing of selected Active Management Technology features.
  • Different power states, to help conserve power consumption and get a grip to it.
  • Storing up to 4096 bytes of ASCII characters in Active Management Technology in the nonvolatile random access memory of the management controller.

Power Management

In Configuration Manager 2007R3 the new Power Management feature was introduced. The Power Management feature is in Configuration Manager 2012 fully integrated and gives you the ability to manage and monitor the power consumption of your client computers in your environment. With the reporting features you are able to analyze your power consumption.

Powermanagement options for a collection

Based on Device Collections you are able to define different Power Management policies. For instance you are able to define different Power Settings for working hours or nonworking hours per collection of computers. This way you are able to force computers to shut down during nonbusiness hours or you can define a policy for a collection of computers that are allowed to be turned on for 24hours a day.

Define your peak and non peak plans for each collection by setting options shown in the next figure.

Set the options for the power plan

Remote Control     

The Remote Control feature allows the support department to remotely control a user’s computer to help the user or troubleshoot issues. Where the ability to send a CTRL+ALT+DEL command was removed in Configuration Manager 2007, is this feature back in remote control. In the SMS 2003 version of remote control was a big security leak which made people able to “hijack” or use a session from where the remote session was broken or lost. With the enhanced Remote Control security features in Configuration Manager 2012 this is not possible anymore.

Remote control via right click

To read earlier blogs in this series of blogs see the following links: