Tuesday, November 27, 2012

Book review: ConfigMgr Administration Cookbook

Recently I received a review request for the "Microsoft System Center 2012 Configuration Manager Administration Cookbook". For me a change to review a ConfigMgr 2012 book and acquire some new skills. This practical cookbook shows you how to administer ConfigMgr 2012 and understand how to solve particular problems/scenarios.

Packed with over 50 task-based and immediately reusable recipes, this book starts by showing you how to design a ConfigMgr Infrastructure. The book then dives into topics such as recommended SQL configuration for ConfigMgr, deploying Windows 7 with OS Deployment, deploying Applications and Software Updates, managing Compliance Settings, managing Sites and managing Inventory amongst others.


In addition to its cookbook style, which ensures the solutions are presented in a clear step-by-step manner, its explanations go into great detail, which makes it good learning material for everyone who has experience in ConfigMgr and wants to improve. The book is designed in such a way that each recipe is presented as a separate, standalone entity and reading of other, prior recipes is not required.

The authors are Brian Mason (a Systems Engineer at Wells Fargo where he manages over 350,000 resources with ConfigMgr) and Greg Ramsey (a Systems Engineer specializing in global systems management for Dell Services). A book page link can be found HERE.

Note: Personally I think it's a good book for administrators who are familiar with ConfigMgr, and want to improve their knowledge on known and also new functionalities. Therefore a lot of recipes are added, which can be used for practical purposes. That way both theory and practice are combined in this book, which is certainly an added value.

Friday, November 23, 2012

ConfigMgr 2012 Site Backup failure

In ConfigMgr 2012 Site Maintenance, the Backup Site Server can be enabled. That way a backup is created from your ConfigMgr Site Server. ConfigMgr provides a backup maintenance task that runs on a schedule and backs up the site database, specific registry keys, and specific folders and files. The Backup Site Server maintenance task does not include a backup for the content library or the package source files. When a site server fails, the information about the content library files is restored to the site database, but you must restore the content library and package source files on the site server.

During backup the SMS Writer service is used. This is a service that interacts with the Volume Shadow Copy Service (VSS) during the backup process. The SMS Writer service must be running for the Configuration Manager site back up to successfully complete. Just make sure that this service is running!

When creating a Maintenance plan in ConfigMgr there is a choice for Destination options. When selecting "Network path (UNC name) for site data and database" a UNC path is needed where both ConfigMgr data and SQL data is saved. Just create one folder, place a (hidden) share on it, and data will be saved. When selecting "Local drives on site server and SQL server" a local drive on both ConfigMgr and SQL server is needed for backup. Backup data for ConfigMgr will be saved on the local drive specified on the ConfigMgr server. Backup data for SQL will be saved on the local drive on the SQL server.

Microsoft recommends as a best practice, to keep multiple archives of the backup snapshot. You can create the AfterBackup.bat file to perform post-backup actions automatically after the backup maintenance task runs successfully. The AfterBackup.bat file is most frequently used to archive the backup snapshot to a secure location. However, you can also use the AfterBackup.bat file to copy files to your backup folder and start other supplemental backup tasks.

 
Sometimes there are ConfigMgr alerts created, that no Site Backup is possible. Error message: "Backup folder does not exist or backup service does not have permission to access the folder." Just make sure that NTFS and Share permissions are in place and the following workaround is used: Create a sub-folder under the existing Backup folder and configure the backup task accordingly to this folder. Note: This issue is schedule to be addressed in Service Pack 1 and is described HERE.

Additional information on Backup Site Server task can be found HERE. Hope it helps!

Monday, November 12, 2012

Windows 8 support in ConfigMgr 2007 SP2

For ConfigMgr 2007 their a lot of hotfixes available. Besides of having Service Pack 2 (SP2) and Release 3 (R3) installed, a lot of issues can be solved with installing hotfixes. These can be found on this website:
List of Public KB Articles and Hotfixes for Configuration Manager 2007 SP2


Last week a new hotfix was released for ConfigMgr 2007. This time Windows 8 support for client computers becames available. Very nice, because Windows 8 support wasn't planned for ConfigMgr 2007 first. Let's have a look at the features.
 
Additionally, this update adds Windows 8 and Windows Server 2012 to the supported platform list in the following features:

- Software distribution;
- Software update management;
- Desired Configuration Management (DCM).


This update also fixes the following issues:
 
- Discovery Data Manager (DDM) does not create Client Configuration Requests (CCRs) for Windows 8-based computers that are discovered by using the Active Directory System Discovery.
- When the system processes a new power profile, the SMS Agent Host service (Ccmexec.exe) or the WMI Provider Host service (Wmiprvse.exe) stops unexpectedly.

 
This means that the ConfigMgr client can now be installed on Windows 8 and Windows Server 2012 systems. On these systems applications and software updates can be deployed and DCM can be used. In ConfigMgr 2012 this isn't supported yet. Windows 8 and Windows Server 2012 support will be added in System Center 2012 SP1 (Q1 2013).

Very nice to have more possibilities in ConfigMgr 2007 again. 
Hotfix Request

Thursday, November 8, 2012

ConfigMgr 2012 Service Pack 1 features

Next year (Q1 2013) System Center 2012 Service Pack 1 (SP1) becomes available. This Service Pack will be released for System Center 2012 and not just for ConfigMgr only. It containes updates for compatibility with Windows 8, Windows Server 2012 and other enhancements including support for Azure VM and capabilities for Hosted Service Providers. For ConfigMgr 2012 it will be a big step forwards, because of multiple new features and functionalities!

In this blogpost I will mention these:

– Support for Windows 8 (for both ConfigMgr/SCEP client installation and Operating System deployment);
– Support for Windows To Go (Full Windows 8 installation on a certified 32GB USB-stick);
– User data & profile configuration by means of folder redirection, offline files & roaming profiles;
– New deployment types for Windows 8 applications, including standalone applications and links to the Windows Store;
– Support for Windows Server 2012 (for both ConfigMgr client installation and Operating System deployment);
– Support for SQL Server 2012 (installation of ConfigMgr database);
– ConfigMgr client installation on MAC computers, Linux and UNIX servers;
– Possibility for Windows PowerShell cmdlets (to automate ConfigMgr tasks);
– Support for cloud services, including a new Distribution Point for Windows Azure;

– A more flexible hierarchy management for Central Administration Site (CAS) and Primary Site servers;


– Support for multiple Software update points (SUPs), with automatic  redundancy (same as Management points);
– Console Extensions integration in ConfigMgr console (downloading computer policy and initiating a malware scan to be performed as soon as possible);
– Support for virtual environments that allow multiple virtual applications (App-V packages) to share file system and registry information instead of running in an isolated space;
– Email alert subscriptions are now supported for all features, not just Endpoint Protection (useful for the Application Catalog);
– Multiple application types for Software Catalog usage and deployment, Mobile Device APP stores and App-V 5.0 (!) support;
– Support for App-V 5.0 packages (release: Q1 2013);
– Windows Intune integration (finally a Mobile Device Management solution for cloud device management);
– Support for Windows Embedded devices, because of Windows Embedded Device Manager (WEDM) integration.


As you can see a lot of new features and functionalities are added in ConfigMgr 2012 SP1. I'm very enthusiastic that this already great product (compared to previous versions), will be more advanced with every release. Stay tuned for more information early next year!

Tuesday, November 6, 2012

Files necessary to run the Office Customization Tool were not found

When starting Setup.exe /admin from Microsoft Office 2013 RTM, I got the message "Files necessary to run the Office Customization Tool were not found.  Run Setup from the installation point of a qualifying product." When doing the same in Microsoft Office 2010 the Office Customization Tool (OCT) is started. With OCT you can create a MSP (answer) file for silent installation.


Looking on the web I found the following solution for this HERE.

This occurs when the admin folder is missing from the installation point. For it seems Office 2013 Preview Administrative Template Files are needed to start the Office Customization Tool. Just download the tools (x86/x64 choice) and start it to create a admin and admx folder. The admin folder must be copied in the Office 2013 source afterwards. After that OCT is working as usual again. Strange thing that admin files are not included by default!?

The Office 2013 Preview Administrative Template files (ADMX/ADML) and Office Customization Tool can be download HERE.

Monday, November 5, 2012

How to install a multiple SMS Provider in ConfigMgr 2012

In ConfigMgr the SMS Provider is installed during installation. The SMS Provider is the interface between the ConfigMgr console and the Site database. In ConfigMgr 2007 there can be only one SMS Provider installed per ConfigMgr Site. In ConfigMgr 2012 however multiple installations of the SMS Provider are supported. Just remember: It cannot be installed on a clustered SQL server database server or on the same computer as the SMS Provider for another site.

For example: ConfigMgr 2012 is installed already and the SMS Provider is installed on your Primary Site server. Now you want to install another one on your SQL server, which isn't installed on a clustered SQL server database server. Here are the steps which must be followed:

1) Open the Start Menu on the ConfigMgr server and select Microsoft System Center 2012 > Configuration Manager > Configuration Manager Setup
2) Getting Started > Select "Perform site maintenance or reset this Site" and click Next
3) Site Maintenance > Select "Modify SMS Provider configuration" and click Next
4) Manage SMS Providers > Select "Add a new SMS provider" and "Enter the FQDN of the server where the SMS Provider is to be installed" and click Next
5) Configuration > After a few minutes the SMS Provider will be installed on another server


Good news that the SMS Provider can be installed multiple times now, and isn't a Single-point-of-failure anymore! With above steps multiple SMS Providers can be installed or uninstalled. Just choose to divide ConfigMgr roles also to have a High Available ConfigMgr environment.
Good luck with your installation!

Thursday, November 1, 2012

System Center 2012 Endpoint Protection (part 3)

Last time I wrote a blogpost about System Center 2012 Endpoint Protection (SCEP) functionality. I mentioned the installation/configuration and deploying SCEP agents (Part 1), and deploying antimalware policies & definition updates (Part 2). This time the SCEP series continues with monitoring, dashboard views and reports. When antimalware policies and definition updates are in place, it's time to have a look at monitoring the SCEP agents. There are multiple functionalities for that.

Let's start with the SCEP dashboard first.

Beneath Monitoring, the "System Center 2012 Endpoint Protection Status" can be found. This is THE dashboard for viewing Security State (Client status, Malware remediation status, Top 5 malware by number of computers) and Operational State (Operational status of clients, Definition status on computers). It can be viewed for all collections where an anti-malware policy is deployed too. Because I deploy it to ALL servers and clients (most of time), I've selected the "All Desktop and Server Clients" collection here.


Nice thing is, it's completely dynamic. You can click on all Links and graphical stuff to go to the relevant system(s). After clicking a Link or graphical item, a specific SCEP collection is showed with systems and ALL (Deployment state, Policy name, Policy application state, Definition last version, Remediation status) Endpoint Protection information. From default collections there are buttons for SCEP available too. Both Endpoint Protection status and Malware details can be watched here. SCEP is integrated on multiple places in the console.


When looking at Reports, there are six SCEP reports available. Most usable ones are "Antimalware activity report" and Dashboard. Both have a nice graphical layout by default. When rightclick on a report it's possible to select "Create Subscription", which generates a report on a scheduled time. Reports can be delivered by Windows File Share and E-mail this way. You can define the Render format also, which can be: XML, CSV, TIFF, PDF, (M)HTML, RPL, Excel and Word files.

My personal conclusion:
Microsoft did a great job with SCEP integration in ConfigMgr 2012, with: automatic SCEP client deployment, multiple policies which can be merged, a very nice dynamic dashboard, automatic deployment rules for definition updates & beautiful reports which can be delivered multiple ways and saved in multiple formats! Therefore I recommend customers for using SCEP all the time. SCEP integration in ConfigMgr 2012 is the best antivirus solution there is!