List of Figures

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

List of Figures

Chapter 2. Setting up your lab environment

Figure 2.1. The Month of Lunches ConfigMgr lab environment

Figure 2.2. Specify a download location for the ConfigMgr prerequisite packages.

Figure 2.3. All of the source content downloaded and ready for use

Figure 2.4. The hydration scripts in action, building a deployment share in MDT

Figure 2.5. The hydration script has populated the MDT deployment share.

Figure 2.6. Set the TimeZoneName property to the right one for your environment.

Figure 2.7. Creating the MDT media build that will be used to build the lab environment

Figure 2.8. DC01 runs AD Domain Services in the lab environment.

Figure 2.9. The hydration kit comes with predefined task sequences to build and configure each server.

Figure 2.10. The ConfigMgr primary site server is a full web/SQL application server.

Figure 2.11. CLIENT01 represents a traditional managed system in a business environment.

Figure 2.12. You can launch a ConfigMgr PowerShell session from the console.

Figure 2.13. The ConfigMgr PowerShell session lets you work directly with the primary site.

Chapter 3. Making ConfigMgr aware of your environment

Figure 3.1. By the end of this chapter, you’ll be an expert in ConfigMgr discovery methods, among other things!

Figure 3.2. ConfigMgr hooks into your entire environment.

Figure 3.3. Adding a subnet to the Active Directory Site Lab

Figure 3.4. New subnet added to AD Sites and Services

Figure 3.5. Enable Active Directory Forest Discovery in ConfigMgr.

Figure 3.6. Specify an AD search path for System Discovery in ConfigMgr.

Figure 3.7. Adding the Users OU so that the discovery method can import AD user accounts

Figure 3.8. Create an AD location to search for groups.

Figure 3.9. Newly discovered user accounts and a user group

Figure 3.10. Configure ConfigMgr to provide content to managed machines from a local source.

Figure 3.11. Adding a boundary to a boundary group

Figure 3.12. Assigning a site server to a boundary group so clients can access content

Chapter 4. Managing ConfigMgr devices and users

Figure 4.1. By the end of this chapter, the secrets of devices and users will be yours!

Figure 4.2. The ConfigMgr client software repository on CM01

Figure 4.3. Create a Group Policy Object to change Windows Firewall settings.

Figure 4.4. Windows Firewall turned off using Group Policy

Figure 4.5. The new ConfigMgr client push account

Figure 4.6. The ConfigMgr server communicates with target systems during a client push.

Figure 4.7. The ConfigMgr server pushing the client installer to a remote machine

Figure 4.8. The ConfigMgr client has been successfully installed and is now running.

Figure 4.9. The ConfigMgr client on CLIENT01

Figure 4.10. Users and devices at the same level in the ConfigMgr console

Figure 4.11. You can define a variety of relationships between users and devices.

Figure 4.12. Potential primary users of CLIENT01

Figure 4.13. An Administrator Defined Primary User of CLIENT01

Figure 4.14. Defining a primary user automatically creates a primary device.

Chapter 5. Organizing devices and users

Figure 5.1. By the end of this chapter, you’ll be able to make collections to cater to every situation!

Figure 5.2. ConfigMgr comes prepopulated with built-in device collections.

Figure 5.3. Direct membership rules give you what you ask for—useful but inflexible.

Figure 5.4. Using data queries to build a dynamic collection

Figure 5.5. Using an include collection membership can give you terrific management granularity.

Figure 5.6. An exclude collection membership allows you to protect critical systems.

Figure 5.7. Depending on how you configure your limiting collection, the same query can produce different results.

Figure 5.8. Create your new collection and set the limiting collection.

Figure 5.9. Make sure your query rule looks like this.

Figure 5.10. Editing the query directly in WQL is a quick and efficient way to create a query.

Figure 5.11. Organizational folders are a great way to keep collection sprawl in check.

Figure 5.12. Each collection can be updated on a schedule or updated incrementally—or both, or neither.

Figure 5.13. Export a built collection and then a different ConfigMgr Site or environment.

Chapter 6. Configuring ConfigMgr clients

Figure 6.1. This chapter is all about making your deployed ConfigMgr clients do exactly what you want them to.

Figure 6.2. The workflow by which a ConfigMgr client obtains a policy from the ConfigMgr server

Figure 6.3. Each newly built ConfigMgr always contains the Default Client Settings policy group.

Figure 6.4. All the configurable properties in the Default Client Settings group

Figure 6.5. Change the default organization name for all ConfigMgr clients.

Figure 6.6. Creating new custom settings for devices in the ConfigMgr console

Figure 6.7. Create a new entry to inventory file types on your clients.

Figure 6.8. Choose to inventory all application files (.exe).

Figure 6.9. Your device inventory settings are ready to go.

Figure 6.10. Use client settings to give greater UDA functionality to certain users.

Figure 6.11. Settings with a high priority take precedence over those with a lower priority of the same type (for example, device or user settings).

Figure 6.12. Device settings must be deployed to device collections, and vice versa for user settings.

Figure 6.13. The Deployments tab shows you which collections your settings are deployed against.

Figure 6.14. Resultant Client Settings shows the results of all settings on a device or user.

Figure 6.15. Force a local machine update to retrieve the latest policy.

Figure 6.16. The settings changes you made are now represented on remote systems.

Chapter 7. Creating and configuring applications with the AppModel

Figure 7.1. This chapter is all about creating and configuring applications by using the AppModel.

Figure 7.2. Keep software versions separate from each other when creating your master source folders.

Figure 7.3. Give each application installer its own source and a separate folder for different architectures.

Figure 7.4. Any additional information about the application such as publisher or software version can be entered manually.

Figure 7.5. ConfigMgr applications handle deployments to different architectures by using a variety of installation methods, such as MSI or App-V.

Figure 7.6. Requirements give you granular control over whether a deployment type will be processed on a client system.

Figure 7.7. Requirements ensure that the correct deployment type is used.

Figure 7.8. Detection methods ensure that an application has been successfully installed or removed.

Figure 7.9. Use custom detection methods to give your applications greater resilience—perfect for large-scale enterprise deployments.

Chapter 8. Deploying applications and packages to ConfigMgr clients

Figure 8.1. This chapter is all about getting applications and packages out to where they’re needed.

Figure 8.2. A distribution point holds content for ConfigMgr clients to access.

Figure 8.3. ConfigMgr has successfully distributed the files for Paint.NET to the distribution point.

Figure 8.4. Select the appropriate device collection to deploy Paint.NET to.

Figure 8.5. Paint.NET is ready to deploy to clients running Windows 10.

Figure 8.6. Paint.NET is available for installation on CLIENT01.

Figure 8.7. Paint.NET has been successfully installed via ConfigMgr.

Figure 8.8. The ConfigMgr Application Catalog lets users request and install available software.

Figure 8.9. You can make basic customizations to the appearance of the Application Catalog website.

Figure 8.10. Create a network-based location to store the downloaded Notepad++ installer.

Figure 8.11. Give the new package a unique name (the software version works well) and a path to the installation files.

Figure 8.12. Creating a new standard program within a new package

Figure 8.13. Your newly deployed package is ready for installation.

Figure 8.14. Manually creating a new deployment type for a non-AppModel installer

Figure 8.15. Manually creating a detection rule to act as a detection method

Chapter 9. Ensuring that ConfigMgr clients can access content

Figure 9.1. Content and distribution points: the foundation of a healthy ConfigMgr environment

Figure 9.2. A ConfigMgr primary server in Melbourne, supporting dedicated DPs in Sydney, Brisbane, and Perth

Figure 9.3. The preconfigured DP in your ConfigMgr lab

Figure 9.4. The ConfigMgr console shows you which drives are in use to store the DP.

Figure 9.5. The content distribution status of all packages in the ConfigMgr database

Figure 9.6. The detailed content status for boot image (x86)

Figure 9.7. Adding the DP to a new distribution point group

Figure 9.8. Deploying content to a user collection that’s associated with a DP group

Figure 9.9. Associating a user collection with a distribution point group

Figure 9.10. Validate a package from the DP in question.

Chapter 10. Keeping ConfigMgr clients patched

Figure 10.1. Patching: Fun? No. Much easier with ConfigMgr? Yes!

Figure 10.2. Use PowerShell to install Windows Server Update Services on CM01.

Figure 10.3. Use WsusUtil.exe to create and configure a new WSUS database on CM01.

Figure 10.4. CM01 is listening on the correct WSUS TCP ports.

Figure 10.5. WSUS/SUP components are now successfully installed in ConfigMgr.

Figure 10.6. That’s a pretty bleak list of Microsoft products to patch.

Figure 10.7. A full list of Microsoft products, ready for patching

Figure 10.8. Software updates downloading locally to CM01

Figure 10.9. Hey, you! It’s time to patch!

Figure 10.10. As the local administrator, you have some control over update installation.

Chapter 11. Preparing to deploy Windows

Figure 11.1. By end of this chapter, you’ll be ready to deploy Windows by using ConfigMgr.

Figure 11.2. You can store multiple Windows images in a single WIM file.

Figure 11.3. Using proper names and descriptions for your images can save a lot of hassle later.

Figure 11.4. ConfigMgr automatically creates these boot images during installation.

Figure 11.5. Select the WIM you copied from WinPE as the base of your new boot image.

Figure 11.6. Extract the contents of the Dell driver CAB file to CM01.

Figure 11.7. Assign administrative categories to your drivers when you import them.

Figure 11.8. Create a new driver package that will house the imported drivers.

Figure 11.9. Move the imported drivers to a custom folder.

Figure 11.10. Name your task sequence and specify the custom boot image.

Figure 11.11. Choose the imported OS image to deploy.

Figure 11.12. Select the appropriate AD account to join the deployed system to the domain.

Chapter 12. Deploying Windows

Figure 12.1. The prep work has been done—it’s time to deploy Windows!

Figure 12.2. Hyper-V Generation 2 VMs natively support network boot.

Figure 12.3. Enabling PXE for network booting on a DP

Figure 12.4. Windows disk partitions required for UEFI-based systems

Figure 12.5. Grouping similar steps in the deployment TS

Figure 12.6. Setting a variable to specify which partition Windows will be installed to

Figure 12.7. Use a variable to specify where Windows will be installed.

Figure 12.8. Defining dynamic TS variables for deployments

Figure 12.9. Configuring the Network Access Account for WinPE

Figure 12.10. Deploying the task sequence to a device collection

Figure 12.11. Downloading the custom boot image to start the deployment process

Figure 12.12. WinPE can’t find a specific package on a DP.

Figure 12.13. Deploying Windows to a new virtual machine

Figure 12.14. Monitor the deployment from the ConfigMgr console.

Chapter 13. Advanced deployment of Windows with ConfigMgr and MDT

Figure 13.1. You can already deploy, but with MDT you can really deploy!

Figure 13.2. Launch the MDT ConfigMgr Integration tool.

Figure 13.3. The integration utility autodetects the site server and site code details.

Figure 13.4. The ConfigMgr console has new options for MDT-specific functions.

Figure 13.5. Network settings to join Windows to the MOL domain

Figure 13.6. The Task Sequence wizard creates all the required MDT packages.

Figure 13.7. New MDT-based task sequence using the new MDT boot image

Figure 13.8. MDT Toolkit and settings packages for use within ConfigMgr

Figure 13.9. The MDT gather step pulls in dynamic information about the deployment.

Figure 13.10. Task sequence variables provide conditional logic to the deployment process.

Chapter 14. Managing Linux clients

Figure 14.1. This chapter is Linux, Linux, and more Linux!

Figure 14.2. Installing Ubuntu Server from the installation ISO

Figure 14.3. Configure a static IP address on your Ubuntu system—it is a server, after all.

Figure 14.4. Accessing the ConfigMgr server share directly from LINUX01

Figure 14.5. The best kind of installation is a successful one!

Figure 14.6. You need to manually approve a system that ConfigMgr can’t automatically validate.

Figure 14.7. Using PuTTY to remotely connect to LINUX01 with SSH

Figure 14.8. Accessing the ConfigMgr client for Linux logs via a remote Samba share—very techy!

Chapter 15. Deploying to Linux and Mac clients

Figure 15.1. More Linux and some OS X for good measure!

Figure 15.2. Turning on verbose logging for the Linux client

Figure 15.3. The MP_hinv log file shows the incoming hardware inventory report from LINUX01.

Figure 15.4. Inventory information from Ubuntu available in the ConfigMgr database

Figure 15.5. The contents of the test script for deployment to LINUX01

Figure 15.6. Details of the package to deploy to LINUX01

Figure 15.7. Details of the program that will be used to deploy the text file

Figure 15.8. If you can read this, your deployment worked just fine!

Figure 15.9. The ConfigMgr client for Mac starts life as a Windows MSI.

Figure 15.10. The ConfigMgr client properties page gives you a basic amount of information on OS X.

Figure 15.11. The Tools folder contains some useful utilities for managing the OS X ConfigMgr client.

Figure 15.12. Use CMAppUtil to input a native OS X application and output a CMMAC file for ConfigMgr.

Figure 15.13. Specify the CMMAC file in the Create Application wizard.

Figure 15.14. Nothing like a successfully created application!

Figure 15.15. The user is informed of new software deployments via a pop-up.

Chapter 16. Managing anti-malware with ConfigMgr

Figure 16.1. By the end of this chapter, your anti-malware will be up and running.

Figure 16.2. Make sure that the SUP is configured correctly before enabling Endpoint Protection.

Figure 16.3. The tighter the search, the more accurate the results.

Figure 16.4. The client has found the Endpoint Protection settings and is installing SCEP.

Figure 16.5. SCEP/Defender is installed with a default policy already configured.

Figure 16.6. Use the anti-malware policy to specify from where clients can update.

Figure 16.7. New policy is being applied to the SCEP agent

Figure 16.8. Have no fear; Defender is here.

Figure 16.9. Defender intercepted and automatically quarantined the EICAR test file.

Figure 16.10. The SCEP status page in the console gives you a graphical overview of malware outbreaks.

Chapter 17. Making sure clients are healthy

Figure 17.1. In this chapter, you’ll get healthy and stay healthy.

Figure 17.2. ConfigMgr health evaluation is a standard Windows scheduled task.

Figure 17.3. Use PowerShell to import and investigate the structure of an XML file.

Figure 17.4. CcmEval is designed to test for and remediate common client heath issues.

Figure 17.5. The overall client status pane alerts you to health issues in your environment.

Figure 17.6. These sticky nodes show you which devices are fine and which are having problems.

Figure 17.7. Use PowerShell to easily query all inactive clients.

Figure 17.8. Register Client Center with the console for ease of administration.

Figure 17.9. Enable and configure WinRM on the remote client for Client Center to function.

Figure 17.10. Client Center gives you access to every component of the ConfigMgr client.

Chapter 18. Reporting in ConfigMgr

Figure 18.1. Reports, reports, and more reports!

Figure 18.2. Reports give you easy access to ConfigMgr data.

Figure 18.3. The configuration for the reporting services point installation

Figure 18.4. You’re now ready to run reports.

Figure 18.5. Select the input parameters in order to run the compliance report.

Figure 18.6. A report showing the state of compliance in your lab environment

Figure 18.7. Use this drop-down to show or hide report parameters.

Figure 18.8. Using SQL Server Report Builder to create a custom ConfigMgr report

Chapter 19. Keeping an eye on your clients

Figure 19.1. Be Big Brother with metering and compliance.

Figure 19.2. Software metering rules are automatically generated via software inventory.

Figure 19.3. Metering rules are automatically populated from inventory data.

Figure 19.4. Launching a metered application triggers an event in the metering logs.

Figure 19.5. Software metering data is uploaded to the ConfigMgr server for central processing.

Figure 19.6. Configuration baselines contain the settings you want to test for compliance.

Figure 19.7. The ConfigMgr client is aware of which configurations have been deployed.

Figure 19.8. Automatic remediation of noncompliance is successful.

Chapter 20. What to do when things go wrong

Figure 20.1. Work out when ConfigMgr is telling you that something’s wrong.

Figure 20.2. ConfigMgr constantly monitors site role health.

Figure 20.3. Behind every status are a lot of status messages.

Figure 20.4. Get a quick traffic-light health view of your hierarchy.

Figure 20.5. Status messages are logged when a problem is detected.

Figure 20.6. ConfigMgr will keep an eye on free space on disks used by distribution points.

Figure 20.7. Need to gather more data? Just tick a box!

Figure 20.8. The ConfigMgr primary server AD computer account has full control over the System Management container.

Figure 20.9. You want to see healthy name resolution; otherwise, ConfigMgr gets sad.

Figure 20.10. DNS scavenging is a must for avoiding problems with out-of-date records.

Figure 20.11. ConfigMgr needs internet access, but a proxy server will work just fine.

Chapter 21. Securing ConfigMgr

Figure 21.1. Admin permissions for all is the enemy, and security is the solution.

Figure 21.2. Effective permissions are built up one layer at a time,

Figure 21.3. Default site admin created during installation

Figure 21.4. Create a new Full Administrator based on an AD group.

Figure 21.5. Create a custom security role based on an existing built-in role.

Figure 21.6. Create new security scopes to protect ConfigMgr objects.

Figure 21.7. Create a new administrative user with the least permissions necessary.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for List of Figures

Create new playlist

Sign In

Sign Up

List of Figures

Table of Contents for
List of Figures