System Center 2012 Configuration Manager RC1 is available!

For those who didn’t read it on Twitter (my Twitter almost exploded), Facebook or mail yet, ConfigMgr 2012 RC1 is available for download! For more information, read here the mail of Microsoft Connect:

We are extremely excited to announce the availability of the release candidates for System Center 2012 Configuration Manager and System Center 2012 Endpoint Protection (formerly known as Forefront Endpoint Protection 2012) today. Both releases are available through a single download package on the Microsoft Download Center.  You can learn more about this release at our Server and Cloud Platform blog.

Thank you for your on-going program participation and product feedback as it was instrumental in achieving this important milestone! 

Our next CEP session will focus on the System Center 2012 Configuration Manager Release Candidate. Adwait Joshi, Technical Product Manager for Configuration Manager, will discuss improvements and what’s new in RC.  We hope you will join this session and hear first-hand about the features now available!

Configuration Manager CEP Online Meeting
System Center 2012 Configuration Manager RC
Wednesday, November 2, 2011
9:00 – 10:30 AM PST
Online Meeting Information

Thank you,
The Configuration Manager Community Evaluation Program Team
cmcep@microsoft.com  |  https://connect.microsoft.com/ConfigurationManagervnext

Application Relationships in ConfigMgr 2012 (B2)

As we all know now for a while already, ConfigMgr 2012 (B2) has a new Application Model. The old fashion Packages are still possible, but there is nothing changed and no features added. They are just there to make a migration easier… Instead we’ve got Applications now, which make it easier to detect installed products, to create dependencies, to supersede, etc.. This post I want shine a light on the different relationships of an Application. ConfigMgr 2012 (B2) knows three different types of relationships for an Application:

  1. Dependencies
  2. Supersedence
  3. Global Conditions

Dependencies

DependenciesViewRelationshipLet’s start with the first relationship, dependencies. Dependencies make it easy to specify the software prerequisites of an Application. The cool thing is that this can be multiple things and it can even contain AND and OR statements. For example it’s possible to say that Adobe Reader 9.0 OR Adobe Reader X needs to be present. Besides that it’s also possible to define what needs to be done when neither of them is present. It’s possible to specify which version needs to be auto-installed, or it’s possible to just let it do nothing.

Also good to notice is that this can be done per Deployment Type. See as example the picture on the right. This picture shows the 7-Zip Application, which contains three Deployment Types. One x86 -version, one x64 -version and one App-V –version. This App-V version has as dependency that the App-V Desktop Client needs to be installed.

Supersedence

SupersedenceViewRelationshipThe second relationship is supersedence. Supersedence makes it easy for an administrator to create a relationship between two Applications and “declare” one Application newer than another previous Application. This is actually the same idea that is used with Software Updates already for years now. The supersedence –relationship needs to be specified on an Application –level, but the actions can be specified on a Deployment Type –level. This makes it possible to specify per Deployment Type what the new Deployment Type will be and whether the old version needs to be uninstalled, or that the new version will do an upgrade to the old version (default is upgrade). By specifying the uninstall option, the uninstall command of the superseded Application will be used.

See as example the picture above. This picture shows the new 7-Zip Application, which contains two Deployment Types. One x86 –version and one x64 –version. The x86 –version supersedes the x86 –version of the old Application and the x64 –version supersedes the x64 –version of the old Application.

Global Conditions

The third relationship is Global Conditions. Global Conditions are the most “variable” relationship, because these conditions can be almost everything. Actually Global Condition is, in my opinion, not even the correct term here, it should be Requirement Rules. The relation between these two is that a Global Condition has to be added to a Requirement Rule to be evaluated. Besides this a Global Condition can contain one or more System Attributes, which can be anything from WMI Queries until Registry Values.  The extra cool thing is that Global Conditions can be assigned per Deployment Type. This makes it possible to deploy multiple Deployment Types to the same (User) Collection, but only the one which has all requirements met will be truly deployed.

GlobalConditionsViewRelationshipSee as example the picture on the right. This picture shows the x64 –version Deployment Type of the 7-Zip Application, which contains three Requirement Rules. One for the required Free Disk Space, one for Desktop Type and one for Primary Device. In this case this means that there has to 100 Mb free disk space AND it has to be a x64 –system AND it has to be the users primary device.

Think of all the possibilities this will generate, like deploying the App-V –version Deployment Type only to non primary devices. There is a whole new world going open!

Microsoft Deployment Toolkit 2012 Beta is available!

For those who didn’t read it on Twitter, Facebook or mail yet, MDT 2012 B1 is available for download! Some of the best things that are mentioned in the release notes, are that it supports ConfigMgr 2012 B2 and also still supports ConfigMgr 2007 SP2! Besides that it also supports the deployment of ALL operating systems from Windows XP and Windows Server 2003 until now. So it only delivers extra’s! For more information, read here the mail of Microsoft Connect:

Thanks for your ongoing interest and participation in the MDT beta review program. We hope you’ll take the time to preview and provide feedback on MDT 2012 Beta 1.

Download the beta materials on Connect: https://connect.microsoft.com/site14/Downloads/DownloadDetails.aspx?DownloadID=8689

Microsoft Deployment Toolkit (MDT) 2012 Beta 1 rides the next wave of System Center releases with support for System Center Configuration Manager 2012. For Lite Touch installations, MDT 2012 improves the overall client-side user experience, while also providing behind-the-scenes enhancements for partitioning, UEFI, and user state migration. These features, combined with many small enhancements, bug fixes, and a smooth and simple upgrade process, make MDT 2012 Beta 1 more reliable and flexible than ever.

Key Benefits:

  • Fully leverages the capabilities provided by System Center Configuration Manager 2012 for OS deployment.
  • Improved Lite Touch user experience and functionality.
  • A smooth and simple upgrade process for all existing MDT users.

Tell us what you think!
We value your input. Download the beta on Connect and tell us what you think!Please submit your feedback through Connect and direct any support questions you may have to satfdbk@microsoft.com.

Availability
This program is now open. The beta review period will run through August 2011.

Tell your friends
To join the beta review program for Microsoft Deployment Toolkit (MDT) 2012, visit Microsoft Connect:
https://connect.microsoft.com/site14

Learn more
Visit the MDT home page: http://www.microsoft.com/MDT

Get the latest news straight from the MDT team: http://blogs.technet.com/mniehaus/

MDT works with the Microsoft Assessment and Planning Toolkit and Security Compliance Manager to help you plan, securely deploy, and manage new Microsoft technologies—easier, faster, and at less cost. Learn more at http://www.microsoft.com/solutionaccelerators.

Thank you for your interest in the development of MDT. We look forward to receiving your feedback!

Sincerely,
Solution Accelerators MDT Team
Microsoft Corporation

Forefront Endpoint Protection 2012 B for ConfigMgr 2012 B2

FEPB_Client There was still something missing with ConfigMgr 2012 B2 and that was the Forefront Endpoint Protection (FEP) integration. Well, that’s been taking care of now. It’s now available already for a week (see: Forefront Endpoint Security Blog), so it’s about time to take a first look at it. The installation hasn’t changed much since FEP 2010 with ConfigMgr 2007 (see also: ConfigMgr 2007 and Forefront Endpoint Protection 2010), except that it’s now ConfigMgr 2012 B2 aware.

The first thing that I noticed was that the FEP 2012 B client is not really the FEP 2012 client yet, but the still FEP 2010 client (evaluation version). Both have version number 2.0.657.0.

FEPB_ReportsThe next thing that I noticed was that there actually didn’t change that much… Of course there are now subfolders (under the Device Collections) instead of subcollections and everything can be found in the “new ConfigMgr 2012 –workspaces”, but for example the packages are still the “old” packages.

So did nothing change then? Of course there are some new things. One of these things is that there are new/ more Reports. Another bigger one is an add-on to the new Role-Bosed Security of ConfigMgr 2012. FEPB_SecRolFEP 2012 provides three standard security roles for ConfigMgr 2012:

  1. FEP Full Administrator: All permissions for FEP in ConfigMgr
  2. FEP Policy Author: Permissions to create, modify and delete FEP policies in ConfigMgr
  3. FEP Policy Deployment Manager: Permissions to deploy FEP policies

I would say that there are still some obvious points to improve, like a newer client and a client deployment as a new ConfigMgr 2012 –Application.

How to Capture User Files and Settings Offline (WinPE) or Online (FullOS) using hard-links with ConfigMgr 2012 B2

This post will be another one about capturing user files and settings, but this time with ConfigMgr 2012 B2. I hope everyone still remembers my post about capturing user files and settings in ConfigMgr 2007 (and especially how much work it was). Usually I’m not really into writing ‘step-by-step guides’, but this time I will make an exception. The reason why I’m making this exception is that I want to show how easy it’s done now. It’s becoming really close to just next-next-finish. There are only four packages needed for/ by this step-by-step:

  1. Boot image package
  2. ConfigMgr client package
  3. USMT 4.0 package
  4. Image package

When these packages are present, right-click the Task Sequence node and select Create Task Sequence. After that follow the step-by-step below.

 

On the Create a New Task Sequence page, select Install an existing image package and click Next

CTSW_NewTS

On the Task Sequence Information page, fill in a Task sequence name, Browse for the Boot image and click Next.

CTSW_TSInf

On the Install Windows page, browse for the Image package, uncheck Partition and format the target computer before installing the operating system, (optional) fill in a Product key, (optional) select Always use the same administrator password and click Next.

Note: It’s really important to uncheck Partition and format the target computer before installing the operating system, because otherwise it’s not possible to store the data locally.

CTSW_InstWin

On the Configure Network page, (optional) select Join a domain, Browse for the Domain and Domain OU, Set an Account and click Next.

CTSW_ConfNetw

On the Install ConfigMgr page, Browse for the ConfigMgr client Package, (optional) fill in the Installation Properties and click Next.

CTSW_InstClnt

On the State Migration page, select Capture user settings, Browse for the USMT Package, select Save user settings locally and click Next.

CTSW_StatMigr

On the Install Updates page, click Next.

Note: As these settings are not part of the step-by-step, they are left to default.

CTSW_InclUpd

On the Install Applications page, click Next.

Note: As these settings are not part of the step-by-step, they are left to default.

CTSW_InstAppl

On the Summary page, click Next.

image

On the Progress page, just wait…

CTSW_Prog

On the Confirmation page, click Close.

CTSW_Conf

Now the basic task sequence is ready and it only needs a little bit of ‘tweaking’. This can be done with the Task Sequence Editor. Also notice that the basic task sequence already sets the ‘extra’ task sequence variable OSDStateStorePath.

Select the Capture Files and Settings Group, go to the Options tab and Remove the Conditions (or remove the whole top Group).

Note: This is necessary to make it possible to also capture user files and settings  in WinPE.

image

Select the Capture User Files and Settings Step (optional: change the name), select Copy by using file system access and check Continue if some files cannot be captured and Capture locally by using links instead of copying files. Now go to the Options tab and add the condition of _SMSTSInWinPE equals FALSE.

Note: This is necessary to make this step only run in FullOS.

TSed_CaptFullOS

Add an extra Capture User State Step (optional: change the name), select Copy by using file system access and check Continue if some files cannot be captured, Capture locally by using links instead of copying files and Capture in off-line mode (Windows PE only). Now go to the Options tab and add the condition of _SMSTSInWinPE equals TRUE.

Note: This is necessary to make this step only run in WinPE.

TSed_CaptWinPE

The task sequence is now done and ready to be deployed. The result is a task sequence that will do a hard-link migration in both, WinPE or FullOS.

A collection of changes to the Collections in ConfigMgr 2012 B2

CollectionOverviewIn this post I will try to give an overview of the changes made to the Collections in ConfigMgr 2012. The first notable changes in the Assets and Compliance workspace are:

  • The Collections are now divided in User Collections and Device Collections. It’s now not possible anymore to have users and computers in one Collection. It will always be an User Collection OR a Device Collection.
  • The standard Collections are now limited till, All User Groups, All Users, All Users and User Groups, All Desktop and Server Clients, All Mobile Devices, All Systems and All Unknown Computers. Both, the All Users and User Groups –and  the All Systems –Collections, are not editable. These Collections are used as the base for all of the other Collections.
  • There are NO Sub-Collections anymore. Instead there are some new feature to fill that ‘gap’. The main reasons for Sub-Collections where organization and phased deployments. To organize Collections there is now the option to create Folders and for phased deployments there is now the option to Include another Collection (more on that later in this post).

Another minor change can be found in the Home tab (same menu as a right-click) of a Collection. CollectionHomeTabMost options are known from ConfigMgr 2007, except for the option Manage Affinity Requests. This is part of the new feature of ConfigMgr 2012, to set Primary Users to Devices and vice versa. It is also possible for user to set a Primary Device and that action will end-up as an Affinity Request.

CollectionProperties Some more changes can be found in the Properties of a Collection. Before there where two places where the Properties could be found, Modify Collection Settings and Properties. Now it’s all together under the Properties of a Collection. The most notable changes here are:

  • In the General tab, except for the two Collections mentioned before, all Collections have to be limited to another Collection.
  • In the Membership Rules tab, are two extra Rule Types. There is now the option to Include and Exclude other Collections. This can be extremely helpful with phased software deployments.
  • The Power Management tab, the Maintenance Windows tab, the Out of Band Management tab and the Collection Variables tab are now part the Properties of a Collection, instead of the Modify Collection Settings. The possible settings here have not been changed.
  • In the Deployments tab, there is a detailed overview of all the assigned Deployments. With Software Updates even all the separate Software Updates, from every assigned Deployment, are shown. Deployments are previously known as Advertisements.
  • The Distribution Groups tab is new. In this tab a Distribution Group can be assigned to a Collection. This will make sure that every assigned content will be automatically sent to all Distribution Points from the Group.
  • In the Security tab it is possible to assign permission groups to the Collection. This is not new, but the Role Based Security behind it, is. It makes it really easy to give certain groups limited access to parts of ConfigMgr 2012.
  • The Alerts tab is new. This tab makes it possible to set thresholds for the Client Health and Activity in this Collection.

CollectionSummary The last notable changes can be found with selecting a Collection. On the bottom of the screen there are three new tabs. The first tab, Summary gives a summary of the standard information of the Collection. The second tab, Deployments shows all the Deployments for the Collection and the third tab, Assignments shows all the Assignments for the Collection. This can be Custom Device Settings, Compliance Settings, etc.

The NEW Distribution Point in ConfigMgr 2012 B2

I already tweeted last week that I really, really like the new Distribution Points in ConfigMgr 2012. Around that time they started writing some really good posts at the ConfigMgr OSD Blog about the new Distribution/PXE Point and Content Management. Even though these posts give really good information I still feel like I have to write down what I really, really like about it. So in this post I will sum up some of the cool new features/ properties of the new Distribution Point in ConfigMgr 2012. 

  • Distribution Point Role: The Distribution Point Role is now merged into one single type that can be used on workstations and server. Also there is now the ability to choose (and prioritize) two drives for the use of the Distribution Point. To me this is a logic choice as there are now no vague difference anymore in what is supported with which type of Distribution Point.
  • DPPropertiesPXEPXE Service Point Role: The PXE Service Point is now a property of a Distribution Point. To me this is a logic choice, as there was always a Distribution Point needed when there was a PXE Service Point. Besides that it also saves a lot of confusion, because of the extra Server Share Distribution Point that got created (SMSPXEIMAGES$). Adding a Boot Image to the RemoteInstall folder of WDS is now just a property setting of a Boot Image (Deploy this boot image from the PXE Service Point).
  • Distribution Point Groups: The Distribution Point Groups functionality got a really nice update too. It can still be used to distribute content to multiple Distribution Points at the same time, but now it also directly distributes content (assigned to the group) to new members of the group. To me this is a really nice (and very logic) additions to this functionality, because now all the members of a group always have the same content assigned to it.
  • Content: The Distribution Point now has the option to show all the content that is assigned to. It also gives the option to validate the content and to manage (redistribute or remove) the content. Also the possibility to validate the content is added. This means as much as, the hash of the content will get checked on a schedule. When the has doesn’t mach this will be reported, but not “fixed”. To me this is a great addition to finally be able to quickly see the assigned content to a Distribution Point. Also no hash mismatches anymore! Well… if the content gets checked on a regularly base and (manual) actions will be taken.
  • Content Library: The Distribution Point now stores the data in the Content Library (SCCMContentLib). This library is divided in three parts, Data Library (DataLib), File Library (FileLib) and Package Library (PkgLib). The Data Library stores Metadata about files, the File Library stores actual files and the Package Library stores references to files. To me this looks like a good solution to prevent the many different times (and locations) that where used to store data on a Distribution Point.
  • Boundary Groups: The Distribution Point now gets protected by adding a Boundary Group directly to it. And a Boundary Group can contain multiple Boundaries. To me this is a not necessary addition, because now there will always be the need to create a Boundary Group to be able to create a Protected Distribution Point.

More information about Content Management in ConfigMgr 2012: http://technet.microsoft.com/en-us/library/gg682003.aspx

ConfigMgr 2012 BETA 2 is available!

For those who didn’t read it on Twitter, Facebook or mail yet, ConfigMgr 2012 BETA 2 is available for download! For more information, read here the mail of Microsoft Connect:

The Configuration Manager Team is pleased to announce the release of Configuration Manger 2012 Beta 2!  It is now available on Connect: https://connect.microsoft.com/ConfigurationManagervnext/Downloads/DownloadDetails.aspx?DownloadID=34794

Please reference the Supported Configuration Document and Release Notes which can be found on:
http://download.microsoft.com/download/5/4/5/54508737-EB00-4B65-8DB3-F0D810FA3A9F/Configuration Manager 2012 Beta 2 Supported Configuration.pdf

http://technet.microsoft.com/en-us/library/gg703318.aspx

A few notes before you get started:

  1. Please use only SQL Server 2008 SP1 and CU 10 or 11 (SQL 2008 SP2 or SQL 2008 R2 is not supported)
  2. Ensure site server computer has internet access to download pre-requisites or run setupdl.exe from an internet connected computer
  3. Ensure Windows Firewall is either disabled or SQL ports 1433 and 4022 are open on the CAS and Primary site.
  4. To manage Windows XP SP3 non-English clients, locate and download the Windows Remote Management update from the following location: http://support.microsoft.com/kb/936059. This update is needed to prevent the client from continually attempting remediation. Please see release notes for more information.
  5. From the  Microsoft Connect site (https://connect.microsoft.com/ConfigurationManagervnext/Downloads/DownloadDetails.aspx?DownloadID=29497), download the software update WSUS-KB131665-x64.exe and install the software update on all software update point site system roles if you are using Software Update Point based client deployment. Please see release notes for more information.
  6. For task sequence deployments the option for downloading content from the DP and running it locally will not work and will result in errors in the tsagent.log Workaround is to download content from the DP when required and run locally. Please see release notes for more information
  7. Configuration Manager Network Access Protection is not supported in this release

You many also reference How to videos posted on TechNet:
http://technet.microsoft.com/en-us/systemcenter/cm/gg721914.aspx

We look forward to your feedback! Please submit your feedback regularly using the Feedback Form (https://connect.microsoft.com/ConfigurationManagervnext/feedback/CreateFeedbackForm.aspx?FeedbackFormConfigurationID=4216&FeedbackType=1).  

Thank you,
Configuration Manager Customer Team