Frequently Asked Questions for Configuration Manager
Updated: February 1, 2012
Applies To: System Center 2012 Configuration Manager
The following frequently asked questions relate to the Configuration Manager console and collections.
Yes. The Configuration Manager console is a 32-bit program that can run on a 32-bit version of Windows and on a 64-bit version of Windows.
In System Center 2012 Configuration Manager, all collections must be limited to the membership of another collection. When you create a collection, you must specify a limiting collection. A collection is always a subset of its limiting collection. For more information, see How to Create Collections in Configuration Manager.
Yes. System Center 2012 Configuration Manager includes two new collection rules, the Include Collections rule and the Exclude Collections rule that allow you to include or exclude the membership of specified collections. For more information, see How to Create Collections in Configuration Manager.
No. Collections configured by using query rules that use certain classes do not support incremental updates. For a list of these classes, see How to Create Collections in Configuration Manager.
The following frequently asked questions relate to sites and hierarchies in Configuration Manager.
No. The Active Directory schema extensions for System Center 2012 Configuration Manager are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for System Center 2012 Configuration Manager.
System Center 2012 Configuration Manager introduces changes to both primary and secondary sites while the central administration site is new site type. The central administration site replaces the primary site referred to as a central site as the top-level site of a multi-primary site hierarchy. This site does not directly manage clients but does coordinate a shared database across your hierarchy, and it is designed to provide centralized reporting and configurations for your entire hierarchy.
No. In System Center 2012 Configuration Manager you cannot change the parent relationship of an active site. You can only add a site as a child of another site at the time you install the new site. Because the database is shared between all sites, joining a site that has already created default objects or that has custom configurations can result in conflicts with similar objects that already exist in the hierarchy.
With System Center 2012 Configuration Manager, primary sites have changed to support only secondary sites as child sites, and the new central administration site as a parent site. Unlike Configuration Manager 2007, primary sites no longer provide a security or configuration boundary. Because of this, you should only need to install additional primary sites to increase the maximum number of clients your hierarchy can support, or to provide a local point of contact for administration.
In System Center 2012 Configuration Manager, secondary sites require either SQL Server, or SQL Server Express to support database replication with their parent primary site. When you install a secondary site, Setup automatically installs SQL Server Express if a local instance of SQL Server is not already installed.
Database replication uses SQL Server to quickly transfer data for settings and configurations to other sites in the Configuration Manager hierarchy. Changes that are made at one site merge with the information stored in the database at other sites. Content for deployments, and other file-based data, still replicate by file-based replication between sites. Database replication configures automatically when you join a new site to an existing hierarchy.
Active Directory Forest discovery is a new discovery method in System Center 2012 Configuration Manager that allows you to discover network locations from multiple Active Directory forests. This discovery method can also create boundaries in Configuration Manager for the discovered network locations and you can publish site data to another Active Directory forest to help support clients, sites, and site system servers in those locations.
Yes. System Center 2012 Configuration Manager applies a hierarchy-wide set of default client settings (formerly called client agent settings) that you can then modify on clients by using custom client settings that you assign to collections. This creates a flexible method of delivering customized client settings to any client in your hierarchy, regardless of the site it is assigned to, or where it is located on your network. For more information, see How to Configure Client Settings in Configuration Manager.
Configuration Manager supports site-to-site (intersite) communication when a two-way forest trust exists between the forests. Within a site, Configuration Manager supports placement of site system roles on computers in an untrusted forest. Configuration Manager also supports clients that are in a different forest from their site’s site server when the site system role that they connect to is in the same forest as the client. For more information, see the Planning for Communications Across Forests in Configuration Manager section in the Planning for Communications in Configuration Manager topic.
System Center 2012 Configuration Manager clients can find available management points by using the management point that you specify during client deployment, Active Directory Domain Services, DNS, and WINS. Clients can connect to more than one management point in a site, always preferring communication that uses HTTPS, when this is possible because the client and management point uses PKI certificates.
There are some changes here since Configuration Manager 2007, which accommodate the change that clients can now communicate with more than one management point in site, and that you can have a mix of HTTPS and HTTP site system roles in the same site.
For more information, see “Planning for Service Location by Clients” in the Planning for Client Communication in Configuration Manager section in the Planning for Communications in Configuration Manager topic.
System Center 2012 Configuration Manager has replaced the native mode site configuration in Configuration Manager 2007 with individual site system role configurations that accept client communication over HTTPS or HTTP. Because you can have site system roles that support HTTPS and HTTP in the same site, you have more flexibility in how you introduce PKI to secure the intranet client endpoints within the hierarchy. Clients over the Internet and mobile devices must use HTTPS connections.
For more information, see the Planning a Transition Strategy for PKI Certificates and Internet-Based Client Management section in the Planning for Security in Configuration Manager topic.
Configuration Manager supports some site system roles only at specific sites in a hierarchy, and some site system roles have other limitations as to where and when you can install them. When Configuration Manager does not support the installation of a site system role, it is not listed in the wizard. For example, the Endpoint Protection point cannot be installed in a secondary site, or in a primary site if you have a central administration site. So if you have a central administration site, you will not see the Endpoint Protection point listed if you run the Add Site System Roles Wizard on a primary site.
For more information about which site system roles can be installed where, see the Planning Where to Install Sites System Roles in the Hierarchy section in the Planning for Site Systems in Configuration Manager topic.
Use the following procedure to configure the Network Access Account:
- In the Administration workspace, expand Site Configuration, click Sites, and then select the site.
- On the Settings group, click Configure Site Components, and then click Software Distribution.
- Click the Network Access Account tab, configure the account, and then click OK.
Configuration Manager offers a number of high availability solutions. For information, see Planning for High Availability with Configuration Manager.
The following frequently asked questions relate to migrating Configuration Manager 2007 to System Center 2012 Configuration Manager.
Only Configuration Manager 2007 sites with SP2 are supported for migration.
Several important changes introduced with System Center 2012 Configuration Manager prevent an in-place upgrade; however, System Center 2012 Configuration Manager does support migration from Configuration Manager 2007 with a side-by-side deployment. For example, System Center 2012 Configuration Manager is native 64 bit application with a database that is optimized for Unicode and that is shared between all sites. Additionally, site types and site relationships have changed. These changes, and others, mean that many existing hierarchy structures cannot be upgraded. For more information, see Migrating from Configuration Manager 2007 to System Center 2012 Configuration Manager
Typically, you will migrate data from Configuration Manager 2007 over a period of time that you define. During the period of migration, you can continue to use your Configuration Manager 2007 hierarchy to manage clients that have not migrated to System Center 2012 Configuration Manager. Additionally if you update an object in the Configuration Manager 2007 hierarchy after you have migrated that object to System Center 2012 Configuration Manager, you can re-migrate that object again up until you decide to complete your migration.
When you migrate a Configuration Manager 2007 package to System Center 2012 Configuration Manager, it remains a package after migration. If you want to deploy the software from your Configuration Manager 2007 packages by using the new application model, you can use the Package Conversion Manager to convert package and programs into System Center 2012 Configuration Manager applications.
This type of information is easily recreated by an active client when it sends data to its System Center 2012 Configuration Manager site. Typically, it is only the current information from each client that provides useful information. To retain access to historical inventory information you can keep a Configuration Manager 2007 site active until the historical data is no longer required.
When you migrate content to System Center 2012 Configuration Manager, you are really migrating the metadata about that content. The content itself might remain hosted on a shared distribution point during migration, or on a distribution point that you will upgrade to System Center 2012 Configuration Manager. Because the site that owns the content is responsible for monitoring the source files for changes, plan to specify a site that is near to the source file location on the network.
Shared distribution points are Configuration Manager 2007 distribution points that can be used by System Center 2012 Configuration Manager clients during the migration period. A distribution point can be shared only when the Configuration Manager 2007 hierarchy that contains the distribution point remains the active source hierarchy and distribution point sharing is enabled for the source site that contains the distribution point. Sharing distribution points ends when you complete migration from the Configuration Manager 2007 hierarchy.
System Center 2012 Configuration Manager can upgrade supported Configuration Manager 2007 distribution points to System Center 2012 Configuration Manager distribution points. This upgrade allows you to maintain your existing distribution points with minimal effort or disruption to your network. You can also use the prestage option for System Center 2012 Configuration Manager distribution points to reduce the transfer of large files across low-bandwidth network connections.
You can perform an in-place upgrade of a Configuration Manager 2007 distribution point that preserves all content during the upgrade. This includes an upgrade of a distribution point on a server share, a branch distributing point, or standard distribution point.
You can perform an in-place upgrade of a Configuration Manager 2007 secondary site to a System Center 2012 Configuration Manager distribution point. During the upgrade, all migrated content is preserved.
During the upgrade to a System Center 2012 Configuration Manager distribution point, all migrated content is copied and then converted to the single instance store. The original Configuration Manager 2007 content remains on the server until it is manually removed.
You can migrate data from more than one Configuration Manager 2007 hierarchy however, you can only migrate one hierarchy at a time. You can migrate the hierarchies in any order. However, you cannot migrate data from multiple hierarchies that use the same site code. If you try to migrate data from a site that uses the same site code as a migrated site, this corrupts the data in the System Center 2012 Configuration Manager database.
System Center 2012 Configuration Manager supports migrating a Configuration Manager 2007 environment that is at a minimum of Service Pack 2.
You can migrate the following objects from Configuration Manager 2007 to System Center 2012 Configuration Manager:
- Configuration baselines and configuration items
- Operating system deployment boot images, driver packages, drivers, images, and packages
- Software distribution packages
- Software metering rules
- Software update deployment packages and templates
- Software update deployments
- Software update lists
- Task sequences
- Virtual application packages
For more information, see Objects That Can Migrate by Migration Job Type
No. Clients that you upgrade from Configuration Manager 2007 will not rerun advertisements that you migrate. System Center 2012 Configuration Manager retains the Configuration Manager 2007 Package ID for packages you migrate and clients that upgrade retain their advertisement history.
The following frequently asked questions relate to security and role-based administration in Configuration Manager.
Because role-based administration is integrated into the configuration of the hierarchy and management functions, there is no separate documentation section for role-based administration. Instead, information is integrated throughout the documentation library. For example, information about planning and configuring role-based administration is in the Planning for Security in Configuration Manager topic and the Configuring Security for Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide and the Security and Privacy for System Center 2012 Configuration Manager guide.
The Configuration Manager console lists the description of each role-based security role that is installed with Configuration Manager, and the minimum permissions and suitable security roles for each management function is included as a prerequisite in the relevant topic. For example, Prerequisites for Application Management in Configuration Manager in the Deploying Software and Operating Systems in System Center 2012 Configuration Manager guide list the minimum security permissions to manage and to deploy applications, and the security roles that meet these requirements.
If you install System Center 2012 Configuration Manager, there is no additional configuration because the Active Directory user account used to install Configuration Manager is automatically assigned to the Full Administrator security role, assigned to All Scopes, and has access to the All Systems and All Users and User Groups collections. However, if you want to provide full administrative permissions for other Active Directory users to access System Center 2012 Configuration Manager, create new administrative users in Configuration Manager using their Windows accounts and then assign them to the Full Administrator security role.
Unlike Configuration Manager 2007, sites no longer provide a security boundary. Instead, use role-based administration security roles to configure the permissions different administrative users have, and security scopes and collections to define the set of objects they can view and manage. These settings can be configured at a central administration site or any primary site and are enforced at all sites throughout the hierarchy.
As a best practice, specify a security group rather than user accounts when you configure administrative users for role-based administration.
Role-based administration does not support an explicit deny action on security roles, security scopes, or collections assigned to an administrative user. Instead, configure security roles, security scopes, and collections to grant permissions to administrative users. If users do not have permissions to objects by use of these role-based administration elements, they might have only partial access to some objects, for example they might be able to view, but not modify specific objects. However, you can use collection membership to exclude collections from a collection that is assigned to an administrative user.
Run the report Security for a specific or multiple Configuration Manager objects to find the object types that can be assigned to security roles. Additionally you can view the list of objects for a security role by viewing the security roles Properties and selecting the Permissions tab.
The following frequently asked questions relate to deploying and managing clients on computers and mobile devices in Configuration Manager.
Yes. System Center 2012 Configuration Manager supports the same client installation methods that Configuration Manager 2007 supports: client push, software update-based, group policy, manual, logon script, and image-based. For more information, see How to Install Clients on Computers in Configuration Manager.
When you create a package and program to upgrade Configuration Manager clients, this installation method is designed to upgrade existing System Center 2012 Configuration Manager clients. You can control which distribution points hosts the package and the client computers that install the package. This installation method supports only System Center 2012 Configuration Manager clients and cannot upgrade Configuration Manager 2007 clients.
In comparison, the automatic client upgrade method automatically creates the client upgrade package and program and this installation method can be used with Configuration Manager 2007 clients as well as System Center 2012 Configuration Manager clients. The package is automatically distributed to all distribution points in the hierarchy and the deployment is sent to all clients in the hierarchy for evaluation. This installation method supports System Center 2012 Configuration Manager clients and Configuration Manager 2007 clients that are assigned to a System Center 2012 Configuration Manager site. Because you cannot restrict which distribution points are sent the upgrade package or which clients are sent the deployment, use automatic client upgrade with caution and do not use it as your main method to deploy the client software.
For more information, see How to Upgrade Configuration Manager Clients by Using a Package and Program and How to Automatically Upgrade the Configuration Manager Client for the Hierarchy in the How to Install Clients on Computers in Configuration Manager topic.
The term “device” in System Center 2012 Configuration Manager applies to a computer or a mobile device such as a Windows Mobile Phone.
For information about supporting clients for a virtual desktop infrastructure (VDI), see the Considerations for Managing the Configuration Manager Client in a Virtual Desktop Infrastructure (VDI) section in the Introduction to Client Deployment in Configuration Manager topic.
Yes, client status is new in System Center 2012 Configuration Manager and allows you to monitor the activity of clients and check and remediate various problems that can occur.
You can view the client health rules in the %windir%\CCM\ccmeval.xml file that is installed on the client but Configuration Manager does not support changes to the file. Instead, use compliance settings in Configuration Manager to check for additional items that you consider required for the health of your clients. For example, you might check for specific registry key entries, files, and permissions.
Configuration Manager contains many improvements since Configuration Manager 2007 to help you manage clients when they are on the Internet:
- Configuration Manager supports a gradual transition to using PKI certificates, and not all clients and site systems have to use PKI certificates before you can manage clients on the Internet. For more information, see Planning a Transition Strategy for PKI Certificates and Internet-Based Client Management.
- The certificate selection process that Configuration Manager uses is improved by using a certificate issuers list. For more information, see Planning for the PKI Trusted Root Certificates and the Certificate Issuers List.
- Unless the Configuration Manager client is installed on the Internet or is configured as Internet-only, you no longer have to configure client computers with an Internet-based management point. Instead, the client will automatically retrieve a list of Internet-based management points when it is on the intranet.
- Although deploying an operating system is still not supported over the Internet, you can deploy generic task sequences for clients that are on the Internet.
- If the Internet-based management point can authenticate the user, user polices are now supported when clients are on the Internet. This functionality supports user-centric management and user device affinity for when you deploy applications to users.
- Configuration Manager Internet-based clients on the Internet first try to download any required software updates from Microsoft Update, rather than from an Internet-based distribution point in their assigned site. Only if this fails, will they then try to download the required software updates from an Internet-based distribution point.
DirectAccess is a Windows solution for managing domain computers when they move from the intranet to the Internet. This solution requires the minimum operating systems of Windows Server 2008 R2 and Windows 7 on clients. Internet-based client management is specific to Configuration Manager, and it allows you to manage computers and mobile devices when they are on the Internet. The Configuration Manager clients can be on workgroup computers and never connect to the intranet, and they can also be mobile devices. The Configuration Manager solution works for all operating system versions that are supported by Configuration Manager.
Both solutions require PKI certificates on clients and servers. However, DirectAccess requires a Microsoft enterprise certification authority, whereas Configuration Manager can use any PKI certificate that meets the requirements documented in PKI Certificate Requirements for Configuration Manager.
Not all Configuration Manager features are supported for Internet-based client management. For more information, see the Planning for Internet-Based Client Management section in the Planning for Communications in Configuration Manager topic. In comparison, because a client that connects over DirectAccess behaves as if it is on the intranet, all features, with the exception of deploying an operating system, are supported by Configuration Manager.
|Some Configuration Manager communications are server-initiated, such as client push installation and remote control. For these connections to succeed over DirectAccess, the initiating computer on the intranet and all intervening network devices must support IPv6.|
For support information about how Configuration Manager supports DirectAccess, see the DirectAccess Feature Support section in the Supported Configurations for Configuration Manager topic.
You can manage Intel vPro computers by using out of band management in System Center 2012 Configuration Manager. For more information, see Out of Band Management in Configuration Manager in the Assets and Compliance in System Center 2012 Configuration Manager guide.
AMT-based computers that were provisioned with Configuration Manager 2007 must have their provisioning data removed before you migrate them to System Center 2012 Configuration Manager, and then provisioned again by System Center 2012 Configuration Manager. Because of functional changes between the versions, the security group, OU, and web server certificate template have different requirements:
- If you used a security group in Configuration Manager 2007 for 802.1X authentication, you can continue to use this group if it is a universal security group. If it is not a universal group, you must convert it or create a new universal security group for System Center 2012 Configuration Manager. The security permissions of Read Members and Write Members for the site server computer account remain the same.
- The OU can be used without modification. However, System Center 2012 Configuration Manager no longer requires Full Control to this object and all child objects. You can reduce these permissions to Create Computer Objects and Delete Computer Objects on this object only.
- The web server certificate template from Configuration Manager 2007 cannot be used in System Center 2012 Configuration Manager without modification. This certificate template no longer uses Supply in the request and the site server computer account no longer requires Read and Enroll permissions.
For more information about the security group and OU, see Step 1 in How to Provision and Configure AMT-Based Computers in Configuration Manager.
For more information about the certificate requirements, see PKI Certificate Requirements for Configuration Manager and the example deployment, Deploying the Certificates for AMT.
There is no report in System Center 2012 Configuration Manager that displays which collections of computers have a power plan applied. However, in the Device Collections list, you can select the Power Configurations column to display whether a collection has a power plan applied.
The following frequently asked questions relate specifically to mobile devices in Configuration Manager.
Because the management of mobile devices is so similar to managing computers in System Center 2012 Configuration Manager, there is no separate documentation section for mobile devices. Instead, information is integrated throughout the documentation library. For example, information about how to install the client on mobile devices is in the Deploying Clients for System Center 2012 Configuration Manager guide. Information about how to configure settings for mobile devices, such as password settings, is in the Compliance Settings in Configuration Manager section of the Assets and Compliance in System Center 2012 Configuration Manager guide, and information about how to install applications on mobile devices is in the Application Management in Configuration Manager section of the Deploying Software and Operating Systems in System Center 2012 Configuration Manager guide.
Some of the main topics that contain information about mobile devices include the following:
|Supported Configurations for Configuration Manager||See the Mobile Device Requirements section to check whether Configuration Manager can support your mobile device environment.|
|PKI Certificate Requirements for Configuration Manager||Contains certificate requirements if you install the Configuration Manager client on mobile devices. No certificates are required by Configuration Manager if you manage mobile devices that connect to Exchange Server.|
|Planning for Site Systems in Configuration Manager||Contains information about where to install the site system roles that are required to manage mobile devices.|
|Introduction to Client Deployment in Configuration Manager||The Deploying the Configuration Manager Client to Mobile Devices section contains introductory information for managing mobile devices and what is new from Configuration Manager 2007.|
|Prerequisites for Client Deployment in Configuration Manager||The Prerequisites for Mobile Device Clients section contains information about the dependencies and firewall requirements for when you enroll mobile devices by using Configuration Manager.|
|Determine How to Manage Mobile Devices in Configuration Manager||Contains information about the differences between the management options for mobile devices in Configuration Manager.|
|How to Install Clients on Mobile Devices and Enroll Them by Using Configuration Manager||Contains instructions to enroll mobile devices by using Configuration Manager.|
|How to Manage Mobile Devices by Using the Exchange Server Connector in Configuration Manager||Contains instructions to install the Exchange Server connector, so that you can manage mobile devices that connect to an Exchange Server.|
|Security and Privacy for Clients in Configuration Manager||Contains security best practices and privacy information for mobile devices.|
|How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager||Contains instructions to configure settings for mobile devices that are enrolled by Configuration Manager.|
|Technical Reference for Log Files in Configuration Manager||See the Mobile Devices section for the list of log files that are created when you manage mobile devices in Configuration Manager.|
If you have mobile device legacy clients in your System Center 2012 Configuration Manager hierarchy, the installation and configuration for these mobile devices is the same as in Configuration Manager 2007. For more information, see Mobile Device Management in Configuration Manager in the Configuration Manager 2007 documentation library.
When the certificate on the mobile device is due for renewal, users are automatically prompted to accept the new certificate. When they confirm the prompt, Configuration Manager automatically re-enrolls their mobile device.
You must wipe the mobile device if you no longer want it to be enrolled in System Center 2012 Configuration Manager. When you wipe a mobile device, this action deletes all data that is stored on the mobile device and on any attached memory cards. In addition, the certificate that was issued during enrollment is revoked with the following reason: Cease of Operation.
No. In this dual management scenario, Configuration Manager sends the wipe command in the client policy and by using the Exchange Server connector, and then monitors the wipe status for the mobile device. As soon as Configuration Manager receives a wipe confirmation from the mobile device, it cancels the second and pending wipe command so that the mobile device is not wiped twice.
Yes, if you only want to find mobile devices and retrieve inventory data from them as a read-only mode of operation, you can do this by granting a subset of the cmdlets that the account uses to connect to the Exchange Client Access server. The required cmdlets for a read-only mode of operation are as follows:
|When the Exchange Server connector operates with these limited permissions, you cannot create access rules, or wipe mobile devices, and mobile devices will not be configured with the settings that you define. In addition, Configuration Manager will generate alerts and status messages to notify you that it could not complete operations that are related to the Exchange Server connector.|
The following frequently asked questions relate to remote control in Configuration Manager.
By default, remote control is disabled on client computers. Enable remote control as a default client setting for the hierarchy, or by using custom client settings that you apply to selected collections.
TCP 2701 is the only port that System Center 2012 Configuration Manager uses for remote control. When you enable remote control as a client setting, you can select one of three firewall profiles that automatically configure this port on Configuration Manager clients; Domain, Private, or Public.
The Permitted Viewers List grants an administrative user the Remote Control permission for a computer, and the role-based administration security role of Remote Tools Operator grants an administrative user the ability to connect a Configuration Manager console to a site so that audit messages are sent when they manage computers by using remote control.
Yes. In the Configuration Manager remote control window, click Action, and then click Send Ctrl+Alt+Del.
You can find this out by using the remote control reports: Remote Control – All computers remote controlled by a specific user and Remote Control – All remote control information. For more information, see How to Audit Remote Control Usage in Configuration Manager.
The remote control settings for System Center 2012 Configuration Manager clients are now in Software Center, on the Options tab.
The following frequently asked questions relate to software updates, applications, scripts, operating system deployment, task sequences, device drivers, configuration items, and configuration baselines in Configuration Manager.
System Center 2012 Configuration Manager applications contain the administrative details and Application Catalog information necessary to deploy a software package or software update to a computer or mobile device.
A deployment type is contained within an application and specifies the installation files and method that Configuration Manager will use to install the software. The deployment type contains rules and settings that control if and how the software is installed on client computers.
The deployment purpose defines what the deployment should do and represents the administrator’s intent. For example, an administrative user might require the installation of software on client computers or might just make the software available for users to install themselves. A global condition can be set to check regularly that required applications are installed and to reinstall them if they have been removed.
Global conditions are conditions used by requirement rules. Requirement rules set a value for a deployment type for a global condition. For example, “operating system =” is a global condition; a requirement rule is “operating system = Win7.”
To make a deployment optional, configure the deployment purpose as Available in the applications deployment type. Available applications display in the Application Catalog where users can install them.
Yes. Users can browse a list of available software in the Application Catalog. Users can then request an application which, if approved, will be installed on their computer. To make a deployment optional, configure the deployment purpose as Available in the applications deployment type.
Some scenarios, such as the deployment of a script that runs on a client computer but that does not install software, are more suited to using a package and program rather than an application.
Yes. You can configure multiple deployment types for an application. Rules that specify which deployment type is run allows you to specify how the application is made available to the user.
Yes. Configuration Manager collects usage statistics from client devices that can be used to automatically define user device affinities or to help you manually create affinities.
No. you must create a new deployment that can include extra options that include scheduling and user experience.
Yes. You can see migrated packages and programs in the Packages node in the Software Library workspace. You can also use the Import Package from Definition Wizard to import Configuration Manager 2007 package definition files into your site.
Yes. In System Center 2012 Configuration Manager, the term software includes software updates, applications, scripts, task sequences, device drivers, configuration items, and configuration baselines.
Depending on the deployment purpose you have specified in the deployment type of an application, System Center 2012 Configuration Manager periodically checks that the state of the application is the same as its purpose. For example, if an application’s deployment type is specified as Required, Configuration Manager reinstalls the application if it has been removed. Only one deployment type can be created per application and collection pair.
No, you can continue to deploy packages and programs that have been migrated from your Configuration Manager 2007 site. However, packages and programs cannot use some of the new features of System Center 2012 Configuration Manager such as requirement rules, dependencies and supersedence.
If you don’t require HTTPS connections (for example, users will not connect from the Internet), the quick guide instructions are as follows:
- Make sure that you have all the prerequisites for the Application Catalog site roles. For more information, see Prerequisites for Application Management in Configuration Manager.
- Install the following Application Catalog site system roles and select the default options:
- Application Catalog web service point
- Application Catalog website point
- Configure the following Computer Agentdevice client settings by editing the default client settings, or by creating and assigning custom client settings:
- Default Application Catalog website point: Automatically detect
- Add default Application Catalog website to Internet Explorer trusted site zone: True
- Install Permissions: All users
For full instructions, see Configuring the Application Catalog and Software Center in Configuration Manager.
You can use a task sequence to deploy applications. However, when you configure an application deployment rather than use a task sequence, you benefit from the following:
- You have a richer monitoring and compliance experience.
- You can supersede a previous version of the application and can uninstall or upgrade the previous version.
- You can deploy applications to users.
For more information about how to deploy applications, see Introduction to Application Management in Configuration Manager.
No. Software update groups are new in System Center 2012 Configuration Manager and replace update lists that were used in Configuration Manager 2007.
Software update groups provide a more effective method for you to organize software updates in your environment. You can manually add software updates to a software update group or software updates can be automatically added to a new or existing software update group by using an automatic deployment rule. You can also deploy a software update group manually or automatically by using an automatic deployment rule. After you deploy a software update group, you can add new software updates to the group and they will automatically be deployed.
Yes. You can create automatic deployment rules to automatically approve and deploy software updates that meet specified search criteria.
In Configuration Manager 2007, superseded software updates are automatically expired during full software updates synchronization. In System Center 2012 Configuration Manager, you can choose to automatically expire superseded software updates during software updates synchronization just as it is in Configuration Manager 2007. Or, you can specify a number of months before a superseded software update is expired. This allows you to deploy a superseded software update for the period of time while you validate and approve the superseding software update in your environment.
System Center 2012 Configuration Manager might automatically remove expired and superseded software updates. Consider the following scenarios:
- Expired software updates that are not associated with a deployment are automatically removed up every 7 days by a site maintenance task.
- Expired software updates that are associated with a deployment are not automatically removed by the site maintenance task.
- Superseded software updates that you have configured not to expire for a specified period of time are not removed or deleted by the site maintenance task.
You can remove expired software updates from all software update groups and software update deployments so that they are automatically removed. To do this, search for expired software updates, select the returned results, choose edit membership, and remove the expired software updates from any software update group for which they are members.
The software update group icons are different in the following scenarios:
- When a software update group contains at least one expired software update, the icon for that software update group contains a black X.
- When a software update group contains no expired software updates, but at least one superseded software update, the icon for that software update group contains a yellow star.
- When a software update group has no expired or superseded software updates, the icon for that software update group contains a green arrow.
The following frequently asked questions relate to Endpoint Protection in Configuration Manager.
Endpoint Protection is fully integrated with System Center 2012 Configuration Manager and no longer requires a separate installation. In addition, there are a number of new features and enhancements in Endpoint Protection. For more information, see the Endpoint Protection section in the What’s New in Configuration Manager topic.
Yes, you can deploy Endpoint Protection definitions by using Configuration Manager software updates. For more information, see Step 3: Configure Configuration Manager Software Updates to Deliver Definition Updates to Client Computers in the How to Configure Endpoint Protection in Configuration Manager topic.
Yes, System Center 2012 Endpoint Protection uses Configuration Manager alerts to more quickly notify you when malware is detected on client computers.