This week was a week full of System Center 2012 Configuration Manager, first the Configuration Manager day of the Dutch System Center User Group on Wednesday, the missed CEP session about Configuration Manager 2012 RC presented by Adwait Joshi, (because of time change, watched the recording) and the System Center Day of the Belgium System Center User Group today. During the Dutch and Belgium User Group days Configuration Manager Godfather Wally Mead (yeah!) presented the latest about the Release Candidate and lots more! Today let take a look at the changes in the Release Candidate of Configuration Manager 2012.
Since Beta2 lots of changes and loads of bug fixes are made in Configuration Manager 2012 to make the Release Candidate better and better. Let’s see what’s changed.
Some new key features are:
Endpoint protection integration
The product Forefront Endpoint Protection is moved to the System Center 2012 Configuration Manager Product Team and is rebranded to System Center 2012 Endpoint Protection. It is fully integrated with Configuration Manager 2012, Endpoint protection is became a Site Role.
Key features are:
- Expedited malware events: client to admin within 5 minutes
- Built-in security admin role
- Network-friendly definition deployments
- Improved scalability and reliability
- Simpler to setup and operate
- E-mail subscriptions for alerts
- Firewall control (basic)
If you have the core CAL you are allowed to use the Endpoint Protection feature, for the server you need a separate license. More about System Center Endpoint protection in a later blog.
Application deployment simulation
When deploying a new application you always want to test your deployment. A new feature is the Release Candidate is to simulate the application deployment. Goals of this feature are the following:
- Confidence in moving to state based dynamic applications
- Did I do detection method right?
- Did I get rules/relationships right?
- What will my deployment type mix be?
It does not install the application, but it will check your detection methods, requirement rules, dependencies and supersedence.
Discovery is improved by for instance simplifying group discovery. The System Group and User Group discovery are merged to one discovery method, which is called Active Directory Group Discovery. Besides merging the methods, Configuration Manager will now also remove devices or users from collections that are for instance removed from an Active Directory Group. (nice!)
Besides the key features, lots of other features and parts of Configuration Manager 2012 are changed.
In the hierarchy several changes like the following are made,
- FQDN throughout the product (like we saw in the blog about Secondary Sites)
- All Configuration Manager Replication through Data Replication Service (DRS) (No more SQL transactional replication)
- Replication Link Analyzer (in RC)
- Cross forest support – untrusted forests for site system roles (not site servers)
- Secondary site content routing (one layer)
- SQL Configuration Options: Ports, Instances
- MP replica support (allowed to create a (partly) replica of the MP SQL database)
- Branch cache support for Software Updates by peer-to-peer content distribution.
Scalability and performance improvements throughout the product:
- General console operation
- State and Status messages (alerting)
- Discovery Data Processing
- Application Catalog
User interface and Administrator Console
Besides the swap of the Administration and Assets and Compliance workspaces in the console enhanced dashboards, loads of other things are changed.
- Ability search via dates (e.g. last x days)
- Added security scopes into the list view with filter/sort/search
- Only one admin console installer – 32 bit
- Improved multi-lingual support, including server setup
- Ability to change the color settings of the Application Catalog website
- Reports are grouped by folders in the User Interface
- Report Folder “Show-Me” – Folders are now associated with security role permissions
Stale Computer Filtering (yeah!)
When working with SLAs you run into issues with old stale systems that did not report to the management point for ages. This will bring down the availability percentage or when deploying updates or anti-virus signatures the stale devices will be reported as not updated. From now on you are able to filter out the stale computers. This can be done on bases of two Active Directory attributes.
- Lastlogontimestamp: Record the last logon timestamp of the computer. It requires Domain function level greater or equal to Windows Server 2003
- Pwdlastset: Record the last time when the computer changes its password. By default Active Directory policy enforces each computer changing password every 30 days.
Client Settings and DCM
Client Settings and DCM are further enhanced with the following features
- Compliance Settings Management (DCM):
- Baseline remediation can now be limited to maintenance windows (default)
- Baseline deployments can now generate Operations Manager alerts
- Ability to create dynamic collections from baseline compliance (RC)
- Client Settings
- Custom Client Settings can now be exported and imported (Not just for default)
Client health feature is further enhanced with the following features
- Rule checks expanded from 12 to 21 including:
- WMI service
- WMI Repository Integrity
- BITS service
- Configuration Manager client, prerequisites install
- SMS Agent Host service
- Configuration Manager Remote Control service
- Antimalware service (EP)
- Network Inspection (EP)
- Windows Update Agent
- Client health state is now live data (versus summarized)
- Can disable automatic remediation of client health via Registry (e.g. Mission critical systems such as servers)
The Remote Control feature is further enhanced with the following features:
- Ability to have agent create required Windows firewall exemptions from the Console.
- Remote Control Viewer shortcut in the Configuration Manager program group
- Agent is disabled by default in the Settings, the service will also be disabled. When the agent is enabled, the Windows service will also be enabled.
RC will bring us support for new platforms like:
- Windows Embedded 7 SP1
- POSReady 7
- Windows 7 Thin PC
- Windows Embedded Compact 7
Embedded Device Management
Ability to use task sequences to manage write filter enabled systems
- RBA modeling tool:
- Live modeling of security roles and assignments
- Authoring and modeling of custom security roles
- CMTrace.exe and CMTrace64.exe embedded in the Boot images for troubleshooting
What’s coming up in RTM?
At this time Microsoft is busy developing a feature which allows you to deploy / push Configuration Manager 2012 client software to devices from a Distribution Point. If you ask me a very nice feature which allows you to limit your network traffic to a remote primary site.
RTM will also bring us a working Replication Link Analyzer, the button is there in the Configuration Manager Console but it is not yet working correctly.
Thanks to the Belgium and Dutch SCUG, Wally Mead, the CEP and all other speakers for the loads of information about the System Center suite with Configuration Manager 2012 in particular.