You are browsing the archive for 2010 May.

Microsoft EndPoint protection team and System center development team are merging!

3:13 pm in ConfigMgr, SCCM 2007 by Kenny Buntinx [MVP]

As part of STB’s strategy to align future Windows endpoint security and systems management engineering, the Forefront endpoint protection development team will join the System Center development team which is led by Brad Anderson. With this change, Brad’s new organization will be called the Management and Security Division.

The entire press release can be found here:

http://www.microsoft.com/presspass/press/2007/may07/05-02SecManPR.mspx

Which is in line with the decision that was made in october to rebuild Forefront on top of SCCM (a systems management product) as opposed to its old mom 2005 architecture (a monitoring product).

As you can read here:

http://blogs.technet.com/b/forefront/archive/2010/04/21/converging-endpoint-security-and-management-it-just-makes-sense.aspx

 

On top of that it also moves SCCM into the area that Gartner predicts for several years already that lifecycle management is moving to (Endpoint protection integration).

Symantec and Altiris are moving in that direction, and so is Microsoft now.

 

Gartner lifecycle management magic quadrant: http://www.gartner.com/technology/media-products/reprints/microsoft/vol12/article3/article3.html

Gartner extract:

PCCLM and Endpoint Protection: The PCCLM and endpoint protection markets are both mature. There is less of a need for best-of-breed point solutions than there was five years ago, and organizations are placing greater value on the integration between these sets of tools and the preservation of a single vendor strategy. For example, with this type of capability, the PCCLM tool can discover the last time a machine’s antivirus (AV) client scanned, and force a scan if appropriate. The implication here is that security can set the policy that defines when scans must take place, but the discover, detect, remediate function can be handled by operations, which is its competency.”

Enjoy the dive into the Dark Magic of WMI.

"The M in WMI stands for Magic"
Kim Oppalfens – Sms Expert for lack of any other expertise
Windows Server System MVP – SMS
http://myitforum.com/cs2/blogs/koppalfens/default.aspx

http://www.linkedin.com/in/kimoppalfens

http://twitter.com/thewmiguy

SCCM V.next Beta 1 : Released !!!

3:40 pm in ConfigMgr, ConfigMgr V.next, SCCM v.Next, V.next by Kenny Buntinx [MVP]

Today I am very excited to announce the release of Beta 1 for System Center Configuration Manager v.Next.

System Center Configuration Manager v.Next is uniquely positioned to provide for powerful and flexible user-centric client management, allowing users to be able to seamlessly access their data from virtually anywhere, across multiple device types while providing IT with unified management tools and centralized control.

This next release of Configuration Manager is focused on 3 main pillars:

User centric application management  - Empowering Administrators to define intent, and end users flexible access to the right application at the right time

  • Allow the administrator to think users first
  • Application management model to capture admin intent
  • End user self-service software portal

Infrastructure simplification – Simplify management infrastructure, processes and administrative overhead

  • Unified management across PCs and devices
  • New role based administration and end-user experiences
  • Automated content distribution and troubleshooting
  • Redesigned core infrastructure and improved scalability

Simplify Client Management – Daily tasks, model based configuration management and improvements over existing capabilities

  • Automated compliance remediation
  • Client health and auto remediation
  • Remote control enhancements
  • Offline servicing of OS images

Read it further at Jeff’s Wettlaufers Blog post : http://blogs.technet.com/b/systemcenter/archive/2010/05/24/the-next-generation-of-client-management.aspx

You will see me blogging more and more on V.next when doing my Beta 1 test routines , so stay tuned …

 

Hope it Helps ,

Kenny Buntinx

SCCM 2007 R3 Beta (refresh) Installation (Howto)

6:45 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, Installation, R3, Reporting, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, SQL Reporting services, SRS by Kenny Buntinx [MVP]

I have recently deployed Configuration Manager 2007 R3 beta (refresh) in production at my TAP customer. Below I will outline the steps for deploying Configuration Manager 2007 R3 beta.

Disclaimer: You are not allowed to install any beta products in your production environment!!! This is only allowed for selected TAP Customers !!! Always install beta products in lab environments !!!

This blog post highlights R3 the beta upgrade preparation on your SCCM 2007 SP2 environment . You need SP2 in order to be allowed the installation of R3, so if you did not upgraded your environment , this is the first step !

We talk further about the actual server upgrade and validation tasks.

 

1. Prerequisites :

SCCM 2007 SP2 only environment

Below a table with the site roles where this R3 upgrade is applicable if you have SCCM 2007 SP2 installed :

Role

Needed Installs Comments Specific Comments
Site Server (Central Site) Hotfix KB977384 & R3 Installation Always install This site needs to be upgraded first.
Site Server (Primary Site) Hotfix KB977384 & R3 Installation Always install These sites needs to be upgraded secondly.
Site Server (Secondary Site) Hotfix KB977384 & R3 Installation * Always Install These sites needs to be upgraded after the primary sites because you will need certain included R2 features.
Admin Console R3 Installation to make sure that all functionality is present -
DP, SUP, SQL DB Server (if remote) Not applicable none -
 

SCCM 2007 SP2 R2 environment

Below a table with the site roles where this R3 upgrade is applicable if you have SCCM 2007 R2 already installed :

Role Needed Installs Comments Specific Comments
Site Server (Central Site) Hotfix KB977384 & R3 Installation none This site needs to be upgraded first.
Site Server (Primary Site) Hotfix KB977384 & R3 Installation none These sites needs to be upgraded secondly.
Site Server (Secondary Site) Hotfix KB977384 & R3 Installation * Hotfix must always be installed ! Look below for additional information if you really need to install R3 on your secondary’s
Admin Console R3 Installation to make sure that all functionality is present -
DP, SUP, SQL DB Server (if remote) Not applicable none -

* Site Server (Secondary Site) :

If you have SCCM 2007 R2 installed on your secondary sites and then :

1. You don’t need to install R3 on secondary sites if you do not use any "Proxy MP" or "AD discovery" feature at your secondary sites if you only use the "Power Mgmt" feature through your organization & run "AD discovery" on your Central or Primary sites.
2. You do need R3 on your secondary sites if you do use the "Proxy MP" functionality or "AD discovery" at your secondary sites.

If you are planning to use these features in secondary sites you need to install R3. Since most customers do use proxy MP role on secondary ,you need to install R3 there as well.

2. Pre-Flight Checks for R3 Beta (refresh) Upgrade

  • Take a  ConfigMgr Site Backup and verify that it is successful.
  • Make sure that ConfigMgr 2007 SP2 is installed correctly and that all site server components are healthy

 

3. Configuration Manager 2007 R3 Beta (refresh) Server Upgrade

 

  • Install the server side hotfix (KB977384) (included in the dowload of the R3 media) .This hotfix, which comes with the R3 of SCCM 2007, is a prerequisite for SCCM 2007 R3. During the installation it also creates a SCCM Package/Program containing a MSP file allowing to update SCCM Advanced Clients Components. This client hotfix package has to be deployed to all ConfigMgr 2007 SP2 clients before power policies can be managed.

image

Click “Next”to continue.

TRUVO-0083

Click “I accept …”to continue and select “Next”to continue.

image

Hit the Ïnstall” button.

TRUVO-0085

The Hotfix starts to install.

image

It will prompt you to create a Package & Program for later deployment to your Configmgr 2007 SP2 clients.

image

During the installation process, when prompted to create a software distribution package for client hotfix deployment, Provide a name for the ConfigMgr package & Program. However your package & program needs to be done thru conformity of your production naming convention & deployment standards. This client hotfix package has to be deployed to all ConfigMgr SP2 clients in the environment before their power policies can be managed

image

Specify the package source & click “Next” to continue.

image

Click “Next” to continue.

image

Click “Finish” to exit.

  • During the hotfix KB977384 installation, the source bits for the client hotfix package will be copied into the client\i386\hotfix\KB977384Beta folder. Look if the bits exists in that folder.

image

  • After successful installation of hotfix KB977384 pre-requisites, execute R3 beta (refresh) installation from the installation source location using SPLASH.HTA. Follow the screenshots below to complete the installation.

image

Click “Next” to continue.

image

Accept the license agreement and Click “Next” to continue.

image

Click “Next” to continue.

image

Click “Next” to continue.

image

image

Click “Finish” to exit.

 

4. Post Configuration Manager 2007 R3 Beta (refresh) Server tasks

  • Open SCCM Console & navigate to Site Database – Site Management – <Site Code> – <Site Name> and view properties to confirm that R3 Installed is “Yes” as shown below

image

  • Verify that the SMS_Def.mof has been appended with R3 specific WMI classes, without any changes to the pre-existing class definitions.

image

image

  • Go to the ConfigMgr Console, navigate to [Site Database] – [Site Management] – [Your site code] – [Your site name] – [Site Settings] – [Client Agents].You will see a new item called “Power Management Client Agent”. Go to the “Power Management Client Agent” properties and check the box “Enable Power Management on Clients”.

image 

  • Install SCCM Reporting Services Point. Power Management in SCCM 2007 R3 contains a number of reports to help you to analyze power consumption and computer power settings in your organization. These Reports require SQL Reporting Services which was introduced in SCCM 2007 R2.If you never worked or used SRS reporting , get used to it , because it will be the only reporting functionality left in Configmgr V.next.

Note : I am not going to explain how to set-up SRS reporting . You can find guidance on Technet or the online help .

image 

Copy SCCM Reports to Reporting Services. Power Management in SCCM 2007 R3 gives you 17 new reports.

image

Click “Next” to Continue.

image

Fill in your credentials and Click “Next” to Continue.

image

Select “Import Report Definition Language Files From Microsoft Signed Cabinet File”.

image

Browse to the "%SCCM installation folder%\Reports\Power Management" folder and select the MicrosoftReportPack.cab file. Click "Open” to Continue.

image

Look if all reports are selected and Click “Next” to Continue.

image

Click “Next” to Continue.

image

Look at the status and see that all reports are imported successfully. Click “Next” to Continue.

image

Look in the SCCM console if the reports exists.You can run all Reports from the SCCM Console now.

 

5. Deploy the MSP file contained into the SCCM Package created by installing the hotfix onto you SCCM 2007 SP2 Clients

After the R3 installation is completed on the site server, the next step is to deploy R3 hotfix to all SP2 clients to use all R3 features.Look for the Client hotfix package & program that where created during installation and must be available under ‘Software Distribution’ and then look for the Packages Node.

  • Validate your Package & Program Properties

TRUVO-0092

  • Deploy your package to all your Distribution points, before deploying the package to all clients.

TRUVO-0093

  • Create your deployment collection(s).Deployments should be done in multiple phases.Start with a Test/Pilot group and the second wave should be per site/region.You could use “Link to Collection” for avoiding creating to much collections.

TRUVO-0094

  • Creation your Advertisements.There are no special requirements in creating advertisements for this deployment.

TRUVO-0095

 

Hope it Helps ,

 

Kenny Buntinx

Video TechDays 2010: WMI for the SCCM Admin

10:20 am in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, SCCM 2007, SMS, techdays, WMI by Kenny Buntinx [MVP]

 

Since its first debut System Center Configuration manager and its predecessors have been relying heavily on the Windows Management Instrumentation (WMI) architecture. WMI is omni-present is System Center Configuration Manager, from queries over dynamic collections, through hardware inventory and storing client and Management Point settings and policies, under the hood you will find WMI just about anywhere. Given this omni-presence it should come as no surprise that the stability of WMI at your Site Systems and clients is crucial to a stable System Center Configuration Manager implementation. Knowing WMI, by consequence, is a great asset to any System Center Configuration Administrator. In this session you will learn the ins-and-outs of the WMI architecture in general and how it applies to System Center Configuration Manager. You’ll learn about the available namespaces and classes and the extended WMI Query language (WQL) that is specific to System Center Configuration Manager. This session will cover the tools available to have a peak at WMI yourself as well as to the WMI-related tool called policy spy that comes with the System Center Configuration Manager toolkit. By the end of this session you’ll know what the WMI architecture looks like, how System Center Configuration Manager uses it, and how you can use that knowledge to your advantage, be it to be able to better troubleshoot System Center Configuration Manager issues, better understand the product, or to automate tasks through scripting or programming. In the end this session will make you a better System Center Configuration Manager administrator.

 

Speaker: Kim Oppalfens – MVP SCCM

The Citrix Connector for System Center Configuration Manager

10:28 am in citrix, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, MMS2010, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Xenapp by Kenny Buntinx [MVP]

As they demonstrated a few weeks ago at #MMS2010, the System Center team is working in partnership with Citrix to integrate the management of XenApp with Configuration Manager.

The connector enhances Configuration Manager, enabling administrators to orchestrate the tasks required to deliver applications to XenApp Servers and publish XenApp hosted applications seamlessly and with minimal impact to the user.

They’ve put together a white paper that outlines how the new capabilities can be used to improve enterprise application management.

I think this is a huge step forward as today’s issues where not distributing the app on a Citrix/Xenapp box , but to publish the app thru the Xenapp Console .

I will try this connector in the upcoming weeks at my customers and let you know what my experiences are. So stay tuned .

 

Hope it Helps,

Kenny Buntinx

Step by Step guide for provisioning Intel VPro clients in SCCM 2007 SP2 Part 3

3:15 pm in AMT, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, configmgr2007, ConfigMgr2007 R3, OOB, out of band management, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007, Vpro by Kenny Buntinx [MVP]

In my previous post I have talked about  the 3rd Party Remote Configuration Certificate that is needed on each OOB Service Point to Provision Intel vPro technology based systems in SCCM at http://scug.be/blogs/sccm/archive/2009/11/30/step-by-step-guide-for-provisioning-intel-vpro-clients-in-sccm-2007-sp2-part-2.aspx

Now we will talk about importing the 3rd Party Remote Configuration Certificate on the OOB Service Point (In this example we will use a certificate from GoDaddy ).

In part 3 we will explain how to import the Vpro certificate and to export the certificate again for the use of the OOB role in System Center Configuration manager.

1. When you receive your certificate from your vendor ( in this case Godaddy ) , you will probably get 2 certificates :

  • Your AMT server point certificate ( containing the FQDN of your server )
  • Some intermediate chained certificate from Godaddy. (You should look at this as the PKI chain certificates so that the chain could be verified)

image

You could check your certificate that it is a good certificate for AMT provisioning by just looking at the properties ( Select cert  – Right Click – Select open)

image

Make sure that the certificate has been intended for the following purposes :

  1. Ensures identtity of a remote computer
  2. Proves your identety to a remote computer
  3. 2.16.840.1.114413.1.7.23.2

and that it has been issued for the server that will serve as the AMT provisioning point.

2. You will need to import both certificates by right clicking the certificate and select “Install Certificate” on your AMT “out of band service point” as shown below.

image

3. Preparing the AMT Provisioning Certificate for the Out of Band Management role on the SCCM server.

1. When done correctly they should be seen in your certificate store at Certificates (Local Computer) running on the member server, right-click the provisioning certificate, click All Tasks, and then click Export.

2. In the Certificate Export Wizard, click Next.

3. On the Export Private Key page, select Yes, export the private key, and then click Next.

4. On the Export File Format page, ensure that Personal Information Exchange – PKCS #12 (.PFX) is selected, and then select Include all certificates in the certificate path if possible.

5. On the Password page, specify a strong password to protect the exported certificate with its private key, and then click Next.

6. Click Next, and on the File to Export page, specify the path and name of the file that you want to export, and then click Next.

7. Click Finish in the Completing the Certificate Export Wizard page, and then click OK in the Certificate Export Wizard dialog box.

8. Store the file securely, and ensure that you can access it from the Configuration Manager console.

4. The AMT provisioning certificate is now ready to be configured for the out of band management component.In part 4 we will explain how to set-up the other certificates needed and the internal  PKI infrastucture that is needed for the OOB role in System Center Configuration manager.

 

Hope it Helps ,

Kenny Buntinx