Chapter 2. Setting up your lab environment
Figure 2.1. The Month of Lunches ConfigMgr lab environment
Figure 2.2. Specify a download location for the ConfigMgr prerequisite packages.
Figure 2.3. All of the source content downloaded and ready for use
Figure 2.4. The hydration scripts in action, building a deployment share in MDT
Figure 2.5. The hydration script has populated the MDT deployment share.
Figure 2.6. Set the TimeZoneName property to the right one for your environment.
Figure 2.7. Creating the MDT media build that will be used to build the lab environment
Figure 2.8. DC01 runs AD Domain Services in the lab environment.
Figure 2.10. The ConfigMgr primary site server is a full web/SQL application server.
Figure 2.11. CLIENT01 represents a traditional managed system in a business environment.
Figure 2.12. You can launch a ConfigMgr PowerShell session from the console.
Figure 2.13. The ConfigMgr PowerShell session lets you work directly with the primary site.
Chapter 3. Making ConfigMgr aware of your environment
Figure 3.2. ConfigMgr hooks into your entire environment.
Figure 3.3. Adding a subnet to the Active Directory Site Lab
Figure 3.4. New subnet added to AD Sites and Services
Figure 3.5. Enable Active Directory Forest Discovery in ConfigMgr.
Figure 3.6. Specify an AD search path for System Discovery in ConfigMgr.
Figure 3.7. Adding the Users OU so that the discovery method can import AD user accounts
Figure 3.8. Create an AD location to search for groups.
Figure 3.9. Newly discovered user accounts and a user group
Figure 3.10. Configure ConfigMgr to provide content to managed machines from a local source.
Figure 3.11. Adding a boundary to a boundary group
Figure 3.12. Assigning a site server to a boundary group so clients can access content
Chapter 4. Managing ConfigMgr devices and users
Figure 4.1. By the end of this chapter, the secrets of devices and users will be yours!
Figure 4.2. The ConfigMgr client software repository on CM01
Figure 4.3. Create a Group Policy Object to change Windows Firewall settings.
Figure 4.4. Windows Firewall turned off using Group Policy
Figure 4.5. The new ConfigMgr client push account
Figure 4.6. The ConfigMgr server communicates with target systems during a client push.
Figure 4.7. The ConfigMgr server pushing the client installer to a remote machine
Figure 4.8. The ConfigMgr client has been successfully installed and is now running.
Figure 4.9. The ConfigMgr client on CLIENT01
Figure 4.10. Users and devices at the same level in the ConfigMgr console
Figure 4.11. You can define a variety of relationships between users and devices.
Figure 4.12. Potential primary users of CLIENT01
Figure 4.13. An Administrator Defined Primary User of CLIENT01
Figure 4.14. Defining a primary user automatically creates a primary device.
Chapter 5. Organizing devices and users
Figure 5.2. ConfigMgr comes prepopulated with built-in device collections.
Figure 5.3. Direct membership rules give you what you ask for—useful but inflexible.
Figure 5.4. Using data queries to build a dynamic collection
Figure 5.5. Using an include collection membership can give you terrific management granularity.
Figure 5.6. An exclude collection membership allows you to protect critical systems.
Figure 5.8. Create your new collection and set the limiting collection.
Figure 5.9. Make sure your query rule looks like this.
Figure 5.10. Editing the query directly in WQL is a quick and efficient way to create a query.
Figure 5.11. Organizational folders are a great way to keep collection sprawl in check.
Figure 5.13. Export a built collection and then a different ConfigMgr Site or environment.
Chapter 6. Configuring ConfigMgr clients
Figure 6.2. The workflow by which a ConfigMgr client obtains a policy from the ConfigMgr server
Figure 6.3. Each newly built ConfigMgr always contains the Default Client Settings policy group.
Figure 6.4. All the configurable properties in the Default Client Settings group
Figure 6.5. Change the default organization name for all ConfigMgr clients.
Figure 6.6. Creating new custom settings for devices in the ConfigMgr console
Figure 6.7. Create a new entry to inventory file types on your clients.
Figure 6.8. Choose to inventory all application files (.exe).
Figure 6.9. Your device inventory settings are ready to go.
Figure 6.10. Use client settings to give greater UDA functionality to certain users.
Figure 6.13. The Deployments tab shows you which collections your settings are deployed against.
Figure 6.14. Resultant Client Settings shows the results of all settings on a device or user.
Figure 6.15. Force a local machine update to retrieve the latest policy.
Figure 6.16. The settings changes you made are now represented on remote systems.
Chapter 7. Creating and configuring applications with the AppModel
Figure 7.1. This chapter is all about creating and configuring applications by using the AppModel.
Figure 7.7. Requirements ensure that the correct deployment type is used.
Figure 7.8. Detection methods ensure that an application has been successfully installed or removed.
Chapter 8. Deploying applications and packages to ConfigMgr clients
Figure 8.1. This chapter is all about getting applications and packages out to where they’re needed.
Figure 8.2. A distribution point holds content for ConfigMgr clients to access.
Figure 8.4. Select the appropriate device collection to deploy Paint.NET to.
Figure 8.5. Paint.NET is ready to deploy to clients running Windows 10.
Figure 8.6. Paint.NET is available for installation on CLIENT01.
Figure 8.7. Paint.NET has been successfully installed via ConfigMgr.
Figure 8.8. The ConfigMgr Application Catalog lets users request and install available software.
Figure 8.9. You can make basic customizations to the appearance of the Application Catalog website.
Figure 8.10. Create a network-based location to store the downloaded Notepad++ installer.
Figure 8.12. Creating a new standard program within a new package
Figure 8.13. Your newly deployed package is ready for installation.
Figure 8.14. Manually creating a new deployment type for a non-AppModel installer
Figure 8.15. Manually creating a detection rule to act as a detection method
Chapter 9. Ensuring that ConfigMgr clients can access content
Figure 9.1. Content and distribution points: the foundation of a healthy ConfigMgr environment
Figure 9.3. The preconfigured DP in your ConfigMgr lab
Figure 9.4. The ConfigMgr console shows you which drives are in use to store the DP.
Figure 9.5. The content distribution status of all packages in the ConfigMgr database
Figure 9.6. The detailed content status for boot image (x86)
Figure 9.7. Adding the DP to a new distribution point group
Figure 9.8. Deploying content to a user collection that’s associated with a DP group
Figure 9.9. Associating a user collection with a distribution point group
Chapter 10. Keeping ConfigMgr clients patched
Figure 10.1. Patching: Fun? No. Much easier with ConfigMgr? Yes!
Figure 10.2. Use PowerShell to install Windows Server Update Services on CM01.
Figure 10.3. Use WsusUtil.exe to create and configure a new WSUS database on CM01.
Figure 10.4. CM01 is listening on the correct WSUS TCP ports.
Figure 10.5. WSUS/SUP components are now successfully installed in ConfigMgr.
Figure 10.6. That’s a pretty bleak list of Microsoft products to patch.
Figure 10.7. A full list of Microsoft products, ready for patching
Figure 10.8. Software updates downloading locally to CM01
Figure 10.9. Hey, you! It’s time to patch!
Figure 10.10. As the local administrator, you have some control over update installation.
Chapter 11. Preparing to deploy Windows
Figure 11.1. By end of this chapter, you’ll be ready to deploy Windows by using ConfigMgr.
Figure 11.2. You can store multiple Windows images in a single WIM file.
Figure 11.3. Using proper names and descriptions for your images can save a lot of hassle later.
Figure 11.4. ConfigMgr automatically creates these boot images during installation.
Figure 11.5. Select the WIM you copied from WinPE as the base of your new boot image.
Figure 11.6. Extract the contents of the Dell driver CAB file to CM01.
Figure 11.7. Assign administrative categories to your drivers when you import them.
Figure 11.8. Create a new driver package that will house the imported drivers.
Figure 11.9. Move the imported drivers to a custom folder.
Figure 11.10. Name your task sequence and specify the custom boot image.
Figure 11.11. Choose the imported OS image to deploy.
Figure 11.12. Select the appropriate AD account to join the deployed system to the domain.
Chapter 12. Deploying Windows
Figure 12.1. The prep work has been done—it’s time to deploy Windows!
Figure 12.2. Hyper-V Generation 2 VMs natively support network boot.
Figure 12.3. Enabling PXE for network booting on a DP
Figure 12.4. Windows disk partitions required for UEFI-based systems
Figure 12.5. Grouping similar steps in the deployment TS
Figure 12.6. Setting a variable to specify which partition Windows will be installed to
Figure 12.7. Use a variable to specify where Windows will be installed.
Figure 12.8. Defining dynamic TS variables for deployments
Figure 12.9. Configuring the Network Access Account for WinPE
Figure 12.10. Deploying the task sequence to a device collection
Figure 12.11. Downloading the custom boot image to start the deployment process
Figure 12.12. WinPE can’t find a specific package on a DP.
Figure 12.13. Deploying Windows to a new virtual machine
Figure 12.14. Monitor the deployment from the ConfigMgr console.
Chapter 13. Advanced deployment of Windows with ConfigMgr and MDT
Figure 13.1. You can already deploy, but with MDT you can really deploy!
Figure 13.2. Launch the MDT ConfigMgr Integration tool.
Figure 13.3. The integration utility autodetects the site server and site code details.
Figure 13.4. The ConfigMgr console has new options for MDT-specific functions.
Figure 13.5. Network settings to join Windows to the MOL domain
Figure 13.6. The Task Sequence wizard creates all the required MDT packages.
Figure 13.7. New MDT-based task sequence using the new MDT boot image
Figure 13.8. MDT Toolkit and settings packages for use within ConfigMgr
Figure 13.9. The MDT gather step pulls in dynamic information about the deployment.
Figure 13.10. Task sequence variables provide conditional logic to the deployment process.
Chapter 14. Managing Linux clients
Figure 14.1. This chapter is Linux, Linux, and more Linux!
Figure 14.2. Installing Ubuntu Server from the installation ISO
Figure 14.3. Configure a static IP address on your Ubuntu system—it is a server, after all.
Figure 14.4. Accessing the ConfigMgr server share directly from LINUX01
Figure 14.5. The best kind of installation is a successful one!
Figure 14.6. You need to manually approve a system that ConfigMgr can’t automatically validate.
Figure 14.7. Using PuTTY to remotely connect to LINUX01 with SSH
Figure 14.8. Accessing the ConfigMgr client for Linux logs via a remote Samba share—very techy!
Chapter 15. Deploying to Linux and Mac clients
Figure 15.1. More Linux and some OS X for good measure!
Figure 15.2. Turning on verbose logging for the Linux client
Figure 15.3. The MP_hinv log file shows the incoming hardware inventory report from LINUX01.
Figure 15.4. Inventory information from Ubuntu available in the ConfigMgr database
Figure 15.5. The contents of the test script for deployment to LINUX01
Figure 15.6. Details of the package to deploy to LINUX01
Figure 15.7. Details of the program that will be used to deploy the text file
Figure 15.8. If you can read this, your deployment worked just fine!
Figure 15.9. The ConfigMgr client for Mac starts life as a Windows MSI.
Figure 15.10. The ConfigMgr client properties page gives you a basic amount of information on OS X.
Figure 15.13. Specify the CMMAC file in the Create Application wizard.
Figure 15.14. Nothing like a successfully created application!
Figure 15.15. The user is informed of new software deployments via a pop-up.
Chapter 16. Managing anti-malware with ConfigMgr
Figure 16.1. By the end of this chapter, your anti-malware will be up and running.
Figure 16.2. Make sure that the SUP is configured correctly before enabling Endpoint Protection.
Figure 16.3. The tighter the search, the more accurate the results.
Figure 16.4. The client has found the Endpoint Protection settings and is installing SCEP.
Figure 16.5. SCEP/Defender is installed with a default policy already configured.
Figure 16.6. Use the anti-malware policy to specify from where clients can update.
Figure 16.7. New policy is being applied to the SCEP agent
Figure 16.8. Have no fear; Defender is here.
Figure 16.9. Defender intercepted and automatically quarantined the EICAR test file.
Chapter 17. Making sure clients are healthy
Figure 17.1. In this chapter, you’ll get healthy and stay healthy.
Figure 17.2. ConfigMgr health evaluation is a standard Windows scheduled task.
Figure 17.3. Use PowerShell to import and investigate the structure of an XML file.
Figure 17.4. CcmEval is designed to test for and remediate common client heath issues.
Figure 17.5. The overall client status pane alerts you to health issues in your environment.
Figure 17.6. These sticky nodes show you which devices are fine and which are having problems.
Figure 17.7. Use PowerShell to easily query all inactive clients.
Figure 17.8. Register Client Center with the console for ease of administration.
Figure 17.9. Enable and configure WinRM on the remote client for Client Center to function.
Figure 17.10. Client Center gives you access to every component of the ConfigMgr client.
Chapter 18. Reporting in ConfigMgr
Figure 18.1. Reports, reports, and more reports!
Figure 18.2. Reports give you easy access to ConfigMgr data.
Figure 18.3. The configuration for the reporting services point installation
Figure 18.4. You’re now ready to run reports.
Figure 18.5. Select the input parameters in order to run the compliance report.
Figure 18.6. A report showing the state of compliance in your lab environment
Figure 18.7. Use this drop-down to show or hide report parameters.
Figure 18.8. Using SQL Server Report Builder to create a custom ConfigMgr report
Chapter 19. Keeping an eye on your clients
Figure 19.1. Be Big Brother with metering and compliance.
Figure 19.2. Software metering rules are automatically generated via software inventory.
Figure 19.3. Metering rules are automatically populated from inventory data.
Figure 19.4. Launching a metered application triggers an event in the metering logs.
Figure 19.5. Software metering data is uploaded to the ConfigMgr server for central processing.
Figure 19.6. Configuration baselines contain the settings you want to test for compliance.
Figure 19.7. The ConfigMgr client is aware of which configurations have been deployed.
Figure 19.8. Automatic remediation of noncompliance is successful.
Chapter 20. What to do when things go wrong
Figure 20.1. Work out when ConfigMgr is telling you that something’s wrong.
Figure 20.2. ConfigMgr constantly monitors site role health.
Figure 20.3. Behind every status are a lot of status messages.
Figure 20.4. Get a quick traffic-light health view of your hierarchy.
Figure 20.5. Status messages are logged when a problem is detected.
Figure 20.6. ConfigMgr will keep an eye on free space on disks used by distribution points.
Figure 20.7. Need to gather more data? Just tick a box!
Figure 20.9. You want to see healthy name resolution; otherwise, ConfigMgr gets sad.
Figure 20.10. DNS scavenging is a must for avoiding problems with out-of-date records.
Figure 20.11. ConfigMgr needs internet access, but a proxy server will work just fine.
Chapter 21. Securing ConfigMgr
Figure 21.1. Admin permissions for all is the enemy, and security is the solution.
Figure 21.2. Effective permissions are built up one layer at a time,
Figure 21.3. Default site admin created during installation
Figure 21.4. Create a new Full Administrator based on an AD group.
Figure 21.5. Create a custom security role based on an existing built-in role.
Figure 21.6. Create new security scopes to protect ConfigMgr objects.
Figure 21.7. Create a new administrative user with the least permissions necessary.
3.144.25.74