Overlapping Boundaries and ConfigMgr 2012
In ConfigMgr 2007 everybody's first reaction about overlapping boundaries was “don’t do it!”, but is that the same in ConfigMgr 2012? Well, the answer on that differs per situation. In this post I will describe the three different situations/ scenario’s about overlapping boundaries and ConfigMgr 2012.
- Scenario 1 – Overlapping boundaries for automatic site assignment: NOT supported! The site to which the client will assign is still unpredictable when there are multiple boundary groups that includes the current network location of the client (and of course, the boundary groups are assigned to different sites).
- Scenario 2 – Overlapping boundaries for content locations: Supported! It will enable the client to get a list of all the content locations that are connected with a boundary group that includes the current network location of the client. So it creates a sort of fallback scenario.
- Scenario 3 – Overlapping boundaries across a ConfigMgr 2012 and a ConfigMgr 2007 hierarchy (specific for automatic site assignment):
- Supported for ConfigMgr 2012 –clients. ConfigMgr 2012 –clients are able to check the version of the CofigMgr –site and they can’t assign to a ConfigMgr 2007 –site.
- Not supported for ConfigMgr 2007 –clients. ConfigMgr 2007 –clients are not able to check the version of the CofigMgr –site and they can incorrectly assign to a ConfigMgr 2012 –site.
So how can we prevent to get into one of these situations? Well, that actually easier then we might think. For ConfigMgr 2012 –sites it is possible to add a boundary to multiple boundary groups. Also it’s possible to use a boundary group only for site assignment (red square in the picture), or only for content locations (green square in the picture). So this makes it possible to use a set of boundary groups for automatic site assignment and a different set of boundary groups for content locations. This can help to avoid the overlapping boundaries for automatic site assignment.
Besides that it’s almost not possible to avoid the overlapping boundaries between the different hierarchies… The only thing that can done to stop the problems, is to stop automatic site assignment for ConfigMgr 2007 –clients. This avoids the ConfigMgr 2007 –clients from automatic assigning to the wrong site and the ConfigMgr 2012 –clients will keep on assigning to their own site.
See for more information: http://technet.microsoft.com/en-us/library/gg712679.aspx
System Center 2012 Configuration Manager RC2 is available!
For those who didn’t read it on Twitter, Facebook or mail yet, ConfigMgr 2012 RC2 is available for download! Last night I received the following mail:
Dear :
Thank you for downloading one or more System Center 2012 pre-release components. System Center 2012 Release Candidate is now available as part of the Microsoft private cloud evaluation:» Download Microsoft private cloud evaluation software
Enjoy!
Your TechNet Team
By starting the download I was pleasantly surprised to see that a part of this download is ConfigMgr 2012 RC2 (see picture).
System Center 2012 Endpoint Protection point in System Center 2012 Configuration Manager (RC)
Last week there was finally another update on ConfigMgr 2012. Besides some small changes, they also slightly changed the name of the products in the System Center –family. It all (including Endpoint Protection) now starts with System Center 2012!
This post will be about the new Endpoint Protection point in System Center 2012 Configuration Manager. During the beta’s it was already clear that Microsoft was going to change something about the integration of ConfigMgr 2012 and FEP 2012, and they did! They removed the Endpoint Protection from the Forefront –family and fully integrated it with ConfigMgr 2012!
I also mentioned before that I’m not really the “step-by-step guide maker”, but in some cases there are exceptions and this is another one of these cases. In this post I will show how to install the Endpoint Protection point and at the end some of the nicest/ biggest changes, so enjoy!
|
Go to Administration > Site Configuration > Sites and select Add Site System Roles in the ribon. |
 |
|
On the General page Browse to the specific Site Server, select the Site Code and click Next. |
 |
|
On the System Role Selection page select Endpoint Protection point and click Next. |
 |
|
On the Endpoint Protection page select I accept the Endpoint Protection license terms and click Next. |
 |
|
On the Microsoft Active Protection Service page select whether or not you want to join the Microsoft Active Protection Service and click Next. |
 |
|
On the Summary page click Next. |
 |
|
On the Progress page just wait… |
 |
|
On the Completion page click Close. |
 |
System Center 2012 Configuration Manager RC1 is available!
For those who didn’t read it on Twitter (my Twitter almost exploded), Facebook or mail yet, ConfigMgr 2012 RC1 is available for download! For more information, read here the mail of Microsoft Connect:
We are extremely excited to announce the availability of the release candidates for System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection (formerly known as Forefront Endpoint Protection 2012) today. Both releases are available through a single download package on the Microsoft Download Center. You can learn more about this release at our Server and Cloud Platform blog.
Thank you for your on-going program participation and product feedback as it was instrumental in achieving this important milestone!
Our next CEP session will focus on the System Center 2012 Configuration Manager Release Candidate. Adwait Joshi, Technical Product Manager for Configuration Manager, will discuss improvements and what’s new in RC. We hope you will join this session and hear first-hand about the features now available!
Configuration Manager CEP Online Meeting
System Center 2012 Configuration Manager RC
Wednesday, November 2, 2011
9:00 – 10:30 AM PST
Online Meeting Information
Thank you,
The Configuration Manager Community Evaluation Program Team
cmcep@microsoft.com | https://connect.microsoft.com/ConfigurationManagervnext
Microsoft Deployment Toolkit 2012 Beta is available!
For those who didn’t read it on Twitter, Facebook or mail yet, MDT 2012 B1 is available for download! Some of the best things that are mentioned in the release notes, are that it supports ConfigMgr 2012 B2 and also still supports ConfigMgr 2007 SP2! Besides that it also supports the deployment of ALL operating systems from Windows XP and Windows Server 2003 until now. So it only delivers extra’s! For more information, read here the mail of Microsoft Connect:
Thanks for your ongoing interest and participation in the MDT beta review program. We hope you’ll take the time to preview and provide feedback on MDT 2012 Beta 1.
Download the beta materials on Connect: https://connect.microsoft.com/site14/Downloads/DownloadDetails.aspx?DownloadID=8689
Microsoft Deployment Toolkit (MDT) 2012 Beta 1 rides the next wave of System Center releases with support for System Center Configuration Manager 2012. For Lite Touch installations, MDT 2012 improves the overall client-side user experience, while also providing behind-the-scenes enhancements for partitioning, UEFI, and user state migration. These features, combined with many small enhancements, bug fixes, and a smooth and simple upgrade process, make MDT 2012 Beta 1 more reliable and flexible than ever.
Key Benefits:
- Fully leverages the capabilities provided by System Center Configuration Manager 2012 for OS deployment.
- Improved Lite Touch user experience and functionality.
- A smooth and simple upgrade process for all existing MDT users.
Tell us what you think!
We value your input. Download the beta on Connect and tell us what you think!Please submit your feedback through Connect and direct any support questions you may have to satfdbk@microsoft.com.Availability
This program is now open. The beta review period will run through August 2011.Tell your friends
To join the beta review program for Microsoft Deployment Toolkit (MDT) 2012, visit Microsoft Connect:
https://connect.microsoft.com/site14Learn more
Visit the MDT home page: http://www.microsoft.com/MDTGet the latest news straight from the MDT team: http://blogs.technet.com/mniehaus/
MDT works with the Microsoft Assessment and Planning Toolkit and Security Compliance Manager to help you plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. Learn more at http://www.microsoft.com/solutionaccelerators.
Thank you for your interest in the development of MDT. We look forward to receiving your feedback!
Sincerely,
Solution Accelerators MDT Team
Microsoft Corporation
Forefront Endpoint Protection 2012 B for ConfigMgr 2012 B2
There was still something missing with ConfigMgr 2012 B2 and that was the Forefront Endpoint Protection (FEP) integration. Well, that’s been taking care of now. It’s now available already for a week (see: Forefront Endpoint Security Blog), so it’s about time to take a first look at it. The installation hasn’t changed much since FEP 2010 with ConfigMgr 2007 (see also: ConfigMgr 2007 and Forefront Endpoint Protection 2010), except that it’s now ConfigMgr 2012 B2 aware.
The first thing that I noticed was that the FEP 2012 B client is not really the FEP 2012 client yet, but the still FEP 2010 client (evaluation version). Both have version number 2.0.657.0.
The next thing that I noticed was that there actually didn’t change that much… Of course there are now subfolders (under the Device Collections) instead of subcollections and everything can be found in the “new ConfigMgr 2012 –workspaces”, but for example the packages are still the “old” packages.
So did nothing change then? Of course there are some new things. One of these things is that there are new/ more Reports. Another bigger one is an add-on to the new Role-Bosed Security of ConfigMgr 2012. 
FEP 2012 provides three standard security roles for ConfigMgr 2012:
- FEP Full Administrator: All permissions for FEP in ConfigMgr
- FEP Policy Author: Permissions to create, modify and delete FEP policies in ConfigMgr
- FEP Policy Deployment Manager: Permissions to deploy FEP policies
I would say that there are still some obvious points to improve, like a newer client and a client deployment as a new ConfigMgr 2012 –Application.
How to Capture User Files and Settings Offline (WinPE) or Online (FullOS) using hard-links with ConfigMgr 2012 B2
This post will be another one about capturing user files and settings, but this time with ConfigMgr 2012 B2. I hope everyone still remembers my post about capturing user files and settings in ConfigMgr 2007 (and especially how much work it was). Usually I’m not really into writing ‘step-by-step guides’, but this time I will make an exception. The reason why I’m making this exception is that I want to show how easy it’s done now. It’s becoming really close to just next-next-finish. There are only four packages needed for/ by this step-by-step:
- Boot image package
- ConfigMgr client package
- USMT 4.0 package
- Image package
When these packages are present, right-click the Task Sequence node and select Create Task Sequence. After that follow the step-by-step below.
|
On the Create a New Task Sequence page, select Install an existing image package and click Next |
 |
|
On the Task Sequence Information page, fill in a Task sequence name, Browse for the Boot image and click Next. |
 |
|
On the Install Windows page, browse for the Image package, uncheck Partition and format the target computer before installing the operating system, (optional) fill in a Product key, (optional) select Always use the same administrator password and click Next. Note: It’s really important to uncheck Partition and format the target computer before installing the operating system, because otherwise it’s not possible to store the data locally. |
 |
|
On the Configure Network page, (optional) select Join a domain, Browse for the Domain and Domain OU, Set an Account and click Next. |
 |
|
On the Install ConfigMgr page, Browse for the ConfigMgr client Package, (optional) fill in the Installation Properties and click Next. |
 |
|
On the State Migration page, select Capture user settings, Browse for the USMT Package, select Save user settings locally and click Next. |
 |
|
On the Install Updates page, click Next. Note: As these settings are not part of the step-by-step, they are left to default. |
 |
|
On the Install Applications page, click Next. Note: As these settings are not part of the step-by-step, they are left to default. |
 |
|
On the Summary page, click Next. |
 |
|
On the Progress page, just wait… |
 |
|
On the Confirmation page, click Close. |
 |
Now the basic task sequence is ready and it only needs a little bit of ‘tweaking’. This can be done with the Task Sequence Editor. Also notice that the basic task sequence already sets the ‘extra’ task sequence variable OSDStateStorePath.
|
Select the Capture Files and Settings Group, go to the Options tab and Remove the Conditions (or remove the whole top Group). Note: This is necessary to make it possible to also capture user files and settings in WinPE. |
 |
|
Select the Capture User Files and Settings Step (optional: change the name), select Copy by using file system access and check Continue if some files cannot be captured and Capture locally by using links instead of copying files. Now go to the Options tab and add the condition of _SMSTSInWinPE equals FALSE. Note: This is necessary to make this step only run in FullOS. |
 |
|
Add an extra Capture User State Step (optional: change the name), select Copy by using file system access and check Continue if some files cannot be captured, Capture locally by using links instead of copying files and Capture in off-line mode (Windows PE only). Now go to the Options tab and add the condition of _SMSTSInWinPE equals TRUE. Note: This is necessary to make this step only run in WinPE. |
 |
The task sequence is now done and ready to be deployed. The result is a task sequence that will do a hard-link migration in both, WinPE or FullOS.
A collection of changes to the Collections in ConfigMgr 2012 B2
In this post I will try to give an overview of the changes made to the Collections in ConfigMgr 2012. The first notable changes in the Assets and Compliance workspace are:
- The Collections are now divided in User Collections and Device Collections. It’s now not possible anymore to have users and computers in one Collection. It will always be an User Collection OR a Device Collection.
- The standard Collections are now limited till, All User Groups, All Users, All Users and User Groups, All Desktop and Server Clients, All Mobile Devices, All Systems and All Unknown Computers. Both, the All Users and User Groups –and the All Systems –Collections, are not editable. These Collections are used as the base for all of the other Collections.
- There are NO Sub-Collections anymore. Instead there are some new feature to fill that ‘gap’. The main reasons for Sub-Collections where organization and phased deployments. To organize Collections there is now the option to create Folders and for phased deployments there is now the option to Include another Collection (more on that later in this post).
Another minor change can be found in the Home tab (same menu as a right-click) of a Collection. 
Most options are known from ConfigMgr 2007, except for the option Manage Affinity Requests. This is part of the new feature of ConfigMgr 2012, to set Primary Users to Devices and vice versa. It is also possible for user to set a Primary Device and that action will end-up as an Affinity Request.
Some more changes can be found in the Properties of a Collection. Before there where two places where the Properties could be found, Modify Collection Settings and Properties. Now it’s all together under the Properties of a Collection. The most notable changes here are:
- In the General tab, except for the two Collections mentioned before, all Collections have to be limited to another Collection.
- In the Membership Rules tab, are two extra Rule Types. There is now the option to Include and Exclude other Collections. This can be extremely helpful with phased software deployments.
- The Power Management tab, the Maintenance Windows tab, the Out of Band Management tab and the Collection Variables tab are now part the Properties of a Collection, instead of the Modify Collection Settings. The possible settings here have not been changed.
- In the Deployments tab, there is a detailed overview of all the assigned Deployments. With Software Updates even all the separate Software Updates, from every assigned Deployment, are shown. Deployments are previously known as Advertisements.
- The Distribution Groups tab is new. In this tab a Distribution Group can be assigned to a Collection. This will make sure that every assigned content will be automatically sent to all Distribution Points from the Group.
- In the Security tab it is possible to assign permission groups to the Collection. This is not new, but the Role Based Security behind it, is. It makes it really easy to give certain groups limited access to parts of ConfigMgr 2012.
- The Alerts tab is new. This tab makes it possible to set thresholds for the Client Health and Activity in this Collection.
The last notable changes can be found with selecting a Collection. On the bottom of the screen there are three new tabs. The first tab, Summary gives a summary of the standard information of the Collection. The second tab, Deployments shows all the Deployments for the Collection and the third tab, Assignments shows all the Assignments for the Collection. This can be Custom Device Settings, Compliance Settings, etc.
The NEW Distribution Point in ConfigMgr 2012 B2
I already tweeted last week that I really, really like the new Distribution Points in ConfigMgr 2012. Around that time they started writing some really good posts at the ConfigMgr OSD Blog about the new Distribution/PXE Point and Content Management. Even though these posts give really good information I still feel like I have to write down what I really, really like about it. So in this post I will sum up some of the cool new features/ properties of the new Distribution Point in ConfigMgr 2012.
- Distribution Point Role: The Distribution Point Role is now merged into one single type that can be used on workstations and server. Also there is now the ability to choose (and prioritize) two drives for the use of the Distribution Point. To me this is a logic choice as there are now no vague difference anymore in what is supported with which type of Distribution Point.
PXE Service Point Role: The PXE Service Point is now a property of a Distribution Point. To me this is a logic choice, as there was always a Distribution Point needed when there was a PXE Service Point. Besides that it also saves a lot of confusion, because of the extra Server Share Distribution Point that got created (SMSPXEIMAGES$). Adding a Boot Image to the RemoteInstall folder of WDS is now just a property setting of a Boot Image (Deploy this boot image from the PXE Service Point). - Distribution Point Groups: The Distribution Point Groups functionality got a really nice update too. It can still be used to distribute content to multiple Distribution Points at the same time, but now it also directly distributes content (assigned to the group) to new members of the group. To me this is a really nice (and very logic) additions to this functionality, because now all the members of a group always have the same content assigned to it.
- Content: The Distribution Point now has the option to show all the content that is assigned to. It also gives the option to validate the content and to manage (redistribute or remove) the content. Also the possibility to validate the content is added. This means as much as, the hash of the content will get checked on a schedule. When the has doesn’t mach this will be reported, but not “fixed”. To me this is a great addition to finally be able to quickly see the assigned content to a Distribution Point. Also no hash mismatches anymore! Well… if the content gets checked on a regularly base and (manual) actions will be taken.
- Content Library: The Distribution Point now stores the data in the Content Library (SCCMContentLib). This library is divided in three parts, Data Library (DataLib), File Library (FileLib) and Package Library (PkgLib). The Data Library stores Metadata about files, the File Library stores actual files and the Package Library stores references to files. To me this looks like a good solution to prevent the many different times (and locations) that where used to store data on a Distribution Point.
- Boundary Groups: The Distribution Point now gets protected by adding a Boundary Group directly to it. And a Boundary Group can contain multiple Boundaries. To me this is a not necessary addition, because now there will always be the need to create a Boundary Group to be able to create a Protected Distribution Point.
More information about Content Management in ConfigMgr 2012: http://technet.microsoft.com/en-us/library/gg682003.aspx
ConfigMgr 2012 BETA 2 is available!
For those who didn’t read it on Twitter, Facebook or mail yet, ConfigMgr 2012 BETA 2 is available for download! For more information, read here the mail of Microsoft Connect:
The Configuration Manager Team is pleased to announce the release of Configuration Manger 2012 Beta 2! It is now available on Connect: https://connect.microsoft.com/ConfigurationManagervnext/Downloads/DownloadDetails.aspx?DownloadID=34794
Please reference the Supported Configuration Document and Release Notes which can be found on:
http://download.microsoft.com/download/5/4/5/54508737-EB00-4B65-8DB3-F0D810FA3A9F/Configuration Manager 2012 Beta 2 Supported Configuration.pdf
http://technet.microsoft.com/en-us/library/gg703318.aspx
A few notes before you get started:
- Please use only SQL Server 2008 SP1 and CU 10 or 11 (SQL 2008 SP2 or SQL 2008 R2 is not supported)
- Ensure site server computer has internet access to download pre-requisites or run setupdl.exe from an internet connected computer
- Ensure Windows Firewall is either disabled or SQL ports 1433 and 4022 are open on the CAS and Primary site.
- To manage Windows XP SP3 non-English clients, locate and download the Windows Remote Management update from the following location: http://support.microsoft.com/kb/936059. This update is needed to prevent the client from continually attempting remediation. Please see release notes for more information.
- From the Microsoft Connect site (https://connect.microsoft.com/ConfigurationManagervnext/Downloads/DownloadDetails.aspx?DownloadID=29497), download the software update WSUS-KB131665-x64.exe and install the software update on all software update point site system roles if you are using Software Update Point based client deployment. Please see release notes for more information.
- For task sequence deployments the option for downloading content from the DP and running it locally will not work and will result in errors in the tsagent.log Workaround is to download content from the DP when required and run locally. Please see release notes for more information
- Configuration Manager Network Access Protection is not supported in this release
You many also reference How to videos posted on TechNet:
http://technet.microsoft.com/en-us/systemcenter/cm/gg721914.aspx
We look forward to your feedback! Please submit your feedback regularly using the Feedback Form (https://connect.microsoft.com/ConfigurationManagervnext/feedback/CreateFeedbackForm.aspx?FeedbackFormConfigurationID=4216&FeedbackType=1).
Thank you,
Configuration Manager Customer Team
About Me
I'm Peter van der Woude, I'm 27 years old and I'm living together with my wife and son in the Netherlands.
Currently I work for Login Consultants. At this moment my main focus is System Center Configuration Manager 2007 (ConfigMgr 2007) and I love it!.
Awards
- No Tweets Available
Recent Posts
- Overlapping Boundaries and ConfigMgr 2012
- System Center 2012 Configuration Manager RC2 is available!
- Remember this?: Software Distribution is currently paused on this computer with ConfigMgr 2007
- Remember this?: Re-run Advertisement for one (or more) specific client(s) with ConfigMgr 2007
- System Center 2012 Endpoint Protection point in System Center 2012 Configuration Manager (RC)
Calendar
Categories
- App-V 4.5
- App-V 4.5 CU1
- App-V 4.6
- Applications
- Asset Intelligence
- Award
- Boundaries
- Boundary Groups
- Certificates
- Collections
- ConfigMgr 2007
- ConfigMgr 2012
- ConfigMgr vNext
- Distribution Point
- Distribution Point
- Endpoint Protection Point
- FEP 2010
- FEP 2012
- Maintenance Windows
- MDT 2010
- MDT 2012
- Microsoft Community Contributor
- Modena
- Native Mode
- PXE Service Point
- Reporting Services
- Scripting
- Site Backup
- Site Boundaries
- Software Distribution
- Software Updates
- Task Sequence
- Task Sequence
- Uncategorized
- USMT 4.0
- Windows 7
- WSUS 3.0 SP1
Blogroll
- ConfigMgr Technet forum
- Omar's Blog on Systems Management (http://oehoeven.spaces.live.com/)
- Showing you how to do IT (http://www.windows-noob.com/)
- System Management Repository (http://sysmgmt.wordpress.com/)
Visitor Locations