- ホーム
- > 洋書
- > 英文書
- > Computer / General
Full Description
This is the comprehensive reference and technical guide to Microsoft System Center Configuration Manager 2012. A team of expert authors offers step-by-step coverage of related topics in every feature area, organized to help IT professionals rapidly optimize Configuration Manager 2012 for their requirements, and then deploy and use it successfully. The authors begin by introducing Configuration Manager 2012 and its goals, and explaining how it fits into the broader System Center product suite. Next, they fully address planning, design, and implementation. Finally, they systematically cover each of Configuration Manager 2012's most important feature sets, addressing issues ranging from configuration management to software distribution. Readers will learn how to use Configuration Manager 2012's user-centric capabilities to provide anytime/anywhere services and software, and to strengthen both control and compliance. The first book on Configuration Manager 2012, System Center Configuration Manager 2012 Unleashed joins Sams' market-leading series of books on Microsoft's System Center product suite: books that have achieved go-to status amongst IT implementers and administrators worldwide.
Contents
Foreword by Wally Mead xxixIntroduction 1PART I: Configuration Manager Overview and ConceptsChapter 1 Configuration Management Basics 7Ten Reasons to Use Configuration Manager 8The Evolution of Systems Management 9Hurdles in the Distributed Enterprise 10The IT Automation Challenge 10Configuration "Shift and Drift" 11Lack of Security and Control 11Timeliness of Asset Data 12Lack of Automation and Enforcement 12Proliferation of Virtualization and Cloud Computing 12Lack of Process Consistency 13The Bottom Line 13Systems Management Defined 14Microsoft's Strategy for Service Management 15Microsoft's Dynamic Systems Initiative 16IT Infrastructure Library and Microsoft Operations Framework 19Total Quality Management: TQM 24Six Sigma 24Service Management Mastery: ISO 20000 24Optimizing Your Infrastructure 25Overview of Microsoft System Center 29Reporting in System Center 30Operations Management 31Service Management 31Protecting Data 32Virtual Machine Management 32Deploy and Manage in the Cloud 33Orchestration and Automation 33Cloud-Based Configuration Monitoring 34Endpoint Protection 34The Value Proposition of Configuration Manager 34Summary 35Chapter 2 Configuration Manager Overview 37The History of Configuration Manager 37Systems Management Server 1.x 38Systems Management Server 2.0 38Systems Management Server 2003 39System Center Configuration Manager 2007 41System Center 2012 Configuration Manager 42Terminology in Configuration Manager 42Site Hierarchy 43Site 44Site Systems 46Senders 48Addresses 49Configuration Manager Discovery Types 49Configuration Manager Agent 50Configuration Manager Console 51Collections 52Queries 52Alerts 53Status System 53Managing Applications 54Content Management 57Software Update Management 59Compliance Settings 59BITS 59Software Metering 60Network Access Protection 60BranchCache 61Reporting 61What's New in This Version 6264-Bit Site System Requirements 62User-Centric Management 62Applications and Packages 63Hierarchy Changes 63New Configuration Manager Console 64Enhancements to BITS 64Application Catalog 64Extended Mobile Device Management 65Management Point Enhancements 65Boundary Changes 65Fallback Site 66Centrally Managed Client Settings 66Role-Based Administration 66Backup and Recovery 66Collection Changes 67Client Health Status Enhancements 68Compliance Settings Changes 68Remote Control Improvements 69Hardware Inventory Improvements 69Power Management Improvements 70Software Updates Improvements 72Improved End User Experience 73Content Library 73Operating System Deployment 73Distribution Point Changes 74System Center 2012 Endpoint Protection Integration 75Feature Dependencies of System Center 2012 Configuration Manager 75Summary 77Chapter 3 Looking Inside Configuration Manager 79Design Concepts 80Active Directory Integration 81Schema Extensions 81Additional Active Directory Benefits 90A WMI Primer 91WMI Feature Set and Architecture 91Inside the WMI Object Model 95Managing WMI 98Looking Inside the CIMV2 Namespace 103WMI in ConfigMgr 111ConfigMgr Client Namespaces 111Hardware Inventory Through WMI 112Additional Client Operations Through WMI 116 WMI on ConfigMgr Servers 120Components and Communications 124Inside the ConfigMgr Database 133ConfigMgr Tables and Views 133Using SQL Server Management Studio 134Viewing Detailed Process Activity 138SQL Replication Crash Course 146Configuration Manager Database Replication 148File-Based Replication 154Summary 157PART II: Planning, Design, and InstallationChapter 4 Architecture Design Planning 161Developing the Solution Architecture 161Establishing Business Requirements 162Assessing Your Environment 163Planning for Licensing 165Hierarchy Planning 167Configuration Manager Sites 167Planning Your Hierarchy Structure 169Planning Boundaries and Boundary Groups 170Choosing Client Discovery and Installation Methods 172Defining Your Client Architecture 174Planning for User-Centric Management 178Planning Content Management 178Planning for Infrastructure Dependencies 180Active Directory Considerations 180Planning Certificate Services 183Site Planning 186Site Servers and Site Systems Planning 186Capacity Planning 188Developing the Server Architecture 189Planning for Solution Scenarios 190Software Update Planning 190Planning for Internet-Based Clients 193Out of Band Management Planning 195Testing and Stabilizing Your Design 197The Proof of Concept 198The Pilot Deployment 204Summary 204Chapter 5 Network Design 205Understanding Your Network 206Configuration Manager Data Flow . 206Intrasite Server Communications 208Communications with SQL Server 208Communications Using RPC 209Communications Using SMB 209Replication of Deployment Content Refresh Data 213Site System Communications Using HTTP and HTTPS 214Other Server Communications 214Client to Server Communications 214Client Ports and Protocols 215Reasons for Changing Ports 215Initial Communication 221Identifying and Contacting the Client's Assigned Site 222Client Protocols 222Planning for Network Access Protection 224Site-to-Site Communications 225Database Replication 225File-Based Replication 226Data Priorities 227Fast Network and Slow Network Boundaries 227Use of BITS 229BITS Versions for ConfigMgr Clients 230Modifying BITS Functionality Through Group Policy 231Modifying BITS Functionality Within ConfigMgr 232Comparative Advantages of Group Policy and ConfigMgr Settings for BITS 233Systems with Multiple Interfaces and File Integrity Checking 233ConfigMgr and BranchCache 234Server and Site Placement 236Deploying Servers to Support Internet-Based Clients 237Using a Dedicated Site for Internet Clients 238Allowing Site-to-Site Communications Across an Inner Firewall 239Having a Site Span the Internal Network and Perimeter Network 240Using Web Proxies and Proxy Enrollment Points 240Intermittently Connected Users 241Network Discovery 241Discovering Network Topology 243Topology and Client Discovery 245Discovering Topology, Client, and Client Operating Systems 245Troubleshooting ConfigMgr Network Issues 246Network Configuration Issues 247Basic Connectivity Problems 247Name Resolution Issues 248Blocked or Unresponsive Ports 249Timeout Issues 250Identifying Network Issues Affecting ConfigMgr 250Summary 259Chapter 6 Installing System Center 2012 Configuration Manager 261Configuring Pre-Installation Requirements 261Windows Components 262Supported SQL Server Requirements 263Validating and Configuring Active Directory Requirements 265 Windows Server Update Services 265Prerequisite Checker 265Using the Prerequisite Files Downloader 269Performing Site Installations 270Installing the Central Administration Site 271Installing Primary Sites 278Installing Secondary Sites 288Installation Validation 294Site Properties 296Initial Configuration 296Installing Optional Site Systems 301Uninstalling Sites 309Uninstalling Primary Sites 309Uninstalling Secondary Sites 312Uninstalling a Full Hierarchy 314Troubleshooting Site Installation 315Summary 316Chapter 7 Migrating to System Center 2012 Configuration Manager 317About Migration 318Migration Background and Introduction 318Migration, Not an Upgrade 319Planning the Migration 320Central Site and Hierarchy Concepts in 2012 320About Site Mode 321 What Is Migrated 321 What Is Not Migrated 323Pre-Migration Activities 324Coexistence Considerations 327Migrating Your Configuration Manager Infrastructure 327Site Servers and Site Roles 328Security Considerations 332Boundaries and What's Changing 337Performing the Migration 338Migrating Features and Objects 338Migrating by Feature and Dependencies 338Migration Dependencies Configuration 339Configuring the Active Source Site 343Configuring Child Sites for Data Gathering 345Migration Jobs 347Shared Distribution Points 366Migration Clean Up 367Migrating Reports 369Legacy Reports 369SSRS Reports 369Custom Reports 369Client Migration and Methods 370Background and Client Migration Concepts 370Client Migration Strategies for Your Network 371Troubleshooting Migration Issues 371Summary 372PART III: Configuration Manager OperationsChapter 8 The Configuration Manager Console 375Console Highlights 376Touring the Console 376Configuration Manager Console Panes 377Configuration Manager Console Bars 378Backstage 378ConfigMgr Workspaces 379Assets and Compliance Workspace 380Software Library Workspace 380Monitoring Workspace 381Administration Workspace 383Console Node Details 384Console Deployment 388Console Placement 389Supported Platforms 389ConfigMgr Console Prerequisites 390Installation Using the ConfigMgr Setup Wizard 391Unattended Console Installation 394Role-Based Administration 395Introducing the "Show Me" Behavior 395Behind the Scenes 397The Three States of Interaction 397Connecting to a Site 398Recent Connections 398Clearing Recent Connections 398Personalizing the Console 400The In-Console Alert Experience 401Viewing Alerts 401Managing Alerts 402Configuring Alerts 403Subscribing to Alerts 404Configuration Manager Service Manager 404Initiating the Configuration Manager Service Manager Console 406Operating the Configuration Manager Service Manager Console 407Security Considerations 408SMS Provider Permissions 409DCOM Permissions 409 WMI Permissions 409Troubleshooting Console Issues 411Console Logging 411Verify Security 412Connectivity Issues 416Common Problems with the ConfigMgr Console 416Summary 417Chapter 9 Configuration Manager Client Management 419Discovery 419Active Directory Forest Discovery 420Active Directory Group Discovery 422Active Directory User Discovery 424Active Directory System Discovery 426Heartbeat Discovery 427Network Discovery 429Manually Importing Clients into ConfigMgr 431ConfigMgr Client Requirements 432Hardware Dependencies 432Software Dependencies 433Supported Platforms 433ConfigMgr Client Installation 435Manual Installation 435Installing with Logon Scripts 441Client Push 442Group Policy 447Software Update Point 448Client Approval 449Blocking and Unblocking Clients 450Automatically Upgrading the Client 450Troubleshooting Client Installation 451Client Assignment 453Client Health 454Client Settings 459Defining Priority 461Background Intelligent Transfer Device Settings 461Client Policy Device Settings 463Compliance Settings Device Settings 463Computer Agent Device Settings 464Computer Restart Device Settings 466Endpoint Protection Device Settings 466Hardware Inventory Device Settings 467Network Access Protection (NAP) Device Settings 470Power Management Device Settings 471Remote Control Device Settings 471Software Deployment Device Settings 476Software Inventory Device Settings 477Software Metering Device Settings 479Software Updates Device Settings 481State Messaging Device Settings 482User and Device Affinity Settings 482Using the Resource Explorer 483Wake On LAN 484WOL Prerequisites 484Two Types of WOL 485Configuring WOL 486Using WOL 487Summary 488PART IV: Software and Configuration ManagementChapter 10 Managing Compliance 491New and Improved in System Center 2012 Configuration Manager 493Configuring Compliance Settings 493Configuration Items and Baselines 495Configuration Items 496Configuration Baselines 512Compliance Evaluation 517Versioning 519Configuration Packs 521Exporting Configuration Items and Baselines 522Compliance Authoring 523Compliance Strategy 525Reporting 526On-Demand Results 527Alerting 527Remediation 528Troubleshooting 529Summary 531Chapter 11 Packages and Programs 533About Packages, Programs, Collections, Distribution Points, and Deployments 534Packages 534Programs 534Collections 535Distribution Points 535Deployments 536Combining the Use of Packages, Programs, Collections, and Deployments 536Creating a Package 536Creating a Package from the Package Definition Wizard 537Package Properties 543Creating a Package with the New Package Wizard 559Custom Packages 562Repackaging Software 562Avoiding Common ConfigMgr Software Packaging Issues 563Program and Package Properties 563Testing, Testing, Testing 563Summary 564Chapter 12 Creating and Managing Applications 565ConfigMgr Applications Overview 566About Applications 566About Deployment Types 567About Detection Methods 569About User Device Affinity 569About Creating Applications 571Creating a Windows Installer (MSI)-Based Application 571Application Properties 576Creating Deployment Types 591Creating a Windows Installer-Based Deployment Type 592Creating an Application Virtualization Deployment Type 595Creating a Script-Based Deployment Type 599Creating Detection Methods 602Detection Methods for Windows Installer Applications 602Other Detection Methods 604Custom Script Detection Methods 607Managing and Creating Global Conditions 610Device Global Conditions 611User Global Conditions 612Custom Global Conditions 612More About Managing Applications 617Adding Dependencies 617Managing Revision History 619Exporting and Importing Applications 620Superseding Applications 621Retiring and Deleting Applications 622Package Conversion Manager 623Summary 626Chapter 13 Distributing and Deploying Applications 627Creating and Managing Collections 628Direct Rule 630Query Rule 631Include Rule 634Exclude Rule 634About Incremental Updates 634User Collections Versus Device Collections 635About Distribution Points 635Installing Distribution Points 637Distribution Point Groups 640Associating Collections with Distribution Point Groups 641Sending Content to Distribution Points 642Monitoring Distribution Point Status 642Updating Content on Distribution Points 645Refreshing Content on Distribution Points 646Removing Content from Distribution Points 646Validating Content 647Using BranchCache 647Preferred Distribution Points 648Prestaging Content 648Importing and Exporting Content 652Troubleshooting Content Distribution 654About the Content Library 654Deploying Packages and Applications 654End User Experience 660Software Center 660Application Catalog 662Monitoring and Troubleshooting Deployments 665Simulated Deployments 667Summary 667Chapter 14 Software Update Management 669What's New in 2012 670Planning Your Update Strategy 670Incorporated Tools 672The Windows Update Agent 673 Windows Software Update Services 673Preparing for Software Updates with ConfigMgr 674Prerequisites for Software Updates 674Software Update Points 676Client Settings 687Group Policy Settings 689Software Update Building Blocks 692All Software Updates 692Software Update Groups 696Update Deployments 698Update Templates 703Deployment Packages 704Automatic Deployment Rules 706Maintenance Windows 708Superseded Updates 711The Software Updates Process in Action 711Software Update Decisions, Design, and Workflow 714Compliance Scanning 716End User Experience and Interaction 717Notifications 717Updates and Software Center 718Update Installation 720System Restarts and Restart Notifications 721Monitoring Software Updates 723Individual Update Status 723Update Deployment Status 723Reporting 724A Super-Quick Walkthrough 724Troubleshooting Software Updates 725WSUS and SUP 725Downloading Updates 726Client Update Scanning and Deployment 727Beyond the Built-In Update Process 727System Center Update Publisher 728SCUP Installation 728SCUP Configuration 729Catalogs 733Publications 735Updates 735Custom Updates 737Rules 741Quick Walkthrough 742Using NAP to Protect Your Network 742NAP Prerequisites 742Agent Settings 744System Health 744Client Compliance 747Remediation 748Summary 748Chapter 15 Mobile Device Management 751Planning for Mobile Device Management 752Overview of Mobile Device Management 753Light Management 753Exchange Server Connector 754Access Rules 762Troubleshooting Light Management 764 Working with Devices 764End User Experience 767In-Depth Management 768Public Key Infrastructure 771Heartbeat Discovery 771Mobile Device Management Site Roles 772Client Settings 775Enrolling Mobile Devices 779Software Deployment 780Compliance Settings 782Reporting 782Partner Extensibility 783Summary 784Chapter 16 Endpoint Protection 785Prerequisites for Endpoint Protection 787Planning and Considerations 788Creating Custom Client Settings and Antimalware Policies 788Deciding from Where to Update and When 789Deploying to a Test Collection First 789Categorizing Client Remediation Status 790Targeting Collections with Custom Antimalware Policy and Client Settings 790Installing the Endpoint Protection Role 792Configuring the SUP for Endpoint Protection 797Configuring the SUP to Synchronize Definition Updates 797Creating Auto Deployment Rules for Definition Updates 799Working with Antimalware Policies 804Understanding the Default Antimalware Policy 804Creating Custom Antimalware Policy 807Importing and Merging Antimalware Policies 808Configuring Alerts for Endpoint Protection 809Configuring Email Notification 810Configuring Alerts for Device Collections 812Configuring Alert Subscriptions 813Configuring Custom Client Device Settings for Endpoint Protection 814Deploying Endpoint Protection Custom Client Agent Settings 815Monitoring Status in Endpoint Protection 816Configuring Collections to Appear in Collection View 816Security State View for the Selected Collection 816Operational State View for Clients and Computers in the Selected Collection 818Performing On-Demand Actions for Malware 819Reporting in Endpoint Protection 820Creating and Deploying Windows Firewall Policies 823Understanding the Endpoint Protection Client 824Installing the Endpoint Protection Client 827Understanding Endpoint Protection Client Settings 827Communication Between the Client and the Server 829Automatic Removal of Antimalware Software 829Removing the Endpoint Protection Client 830Delivery of Definition Updates 830Summary 831Chapter 17 Configuration Manager Queries 833Introducing the Queries Node 834Organizing the Query List Pane 835Viewing Queries and Query Results 837Creating Queries 838WMI Query Language 838Objects, Classes, and Attributes 839ConfigMgr Query Builder 841Criterion Types, Operators, and Values 846Criterion Types 846Operators 848Values 850Writing Advanced Queries 851Limitations of Extended WQL in ConfigMgr 852Utilizing the Date and Time Functions in WQL Queries 853Examples of Advanced Queries 854Converting WQL to SQL 857Relationships, Operations, and Joins 858Querying Discovery Data 860Querying Inventory Data 861Using Query Results 863Exporting Query Results to a Text File 863Importing and Exporting Queries Between Sites 863Creating a Collection Based on Query Results 866Status Message Queries 866Viewing Status Messages 867Creating Status Message Queries 868Summary 870Chapter 18 Reporting 871SQL Server Reporting Services Overview 871Implementing SSRS 872SQL Server Version Selection 872Server Placement Options 872SSRS Installation 873SSRS Configuration 876Backing Up SSRS 882Reporting Best Practices 884Interacting with Reports from the Console 885Search Capability 885Running Reports 886Creating Subscriptions 887Managing SSRS Report Security 890Creating a Report 890Authoring Custom Reports 893Development Tool Selection 893Building a Custom Report 893Interactive Features 902Advanced Reporting Techniques 903Advanced Custom Report Example 904Authoring Best Practices 912Built-in ConfigMgr Reports 912Troubleshooting SSRS 945SSRS Logs 945Report Server Event Errors 946Optimizing SSRS Performance 949Subscriptions 950Report Caching 950Report Snapshots 950Report Timeout Values 950Performance Best Practices 951Reporting on Reporting Services 951System Center Data Warehouse 957Summary 958Chapter 19 Operating System Deployment 959What OSD Does 960What's New in OSD 961Deployment Scenarios 963Tools Incorporated into OSD 965Sysprep 965 Windows Auto mated Installation Kit 966User State Migration Tool 968OSD Phases 968Planning 969Preparation 969Creation 970Testing 970Productionization 970OSD Building Blocks 970Drivers 971Driver Packages 975Operating System Images 976Operating System Installers 976Boot Images 977Task Sequences 984Site System Roles 1020Distribution Points 1020State Migration Point 1025Driver Management 1030Drivers in the Image 1031Drivers After the Image 1031User State 1032USMT 1034Computer Associations 1036User State Without SMP 1038Image Operations 1039Image Creation 1039Image Upkeep 1044Offline Software Updates 1045Image Deployment 1047User Device Affinity 1049Deployment Challenges 1050Application Compatibility 1051User Data 1052Image Maintenance 1052Hardware Considerations 1054Monitoring Task Sequence Deployments 1057Update Deployment Status 1057Reporting 1058Troubleshooting 1058Command Line Support 1058The Smsts.log File 1060 Windows Setup Log Files 1061Troubleshooting USMT 1061Summary 1061PART V: Administering System Center Configuration ManagerChapter 20 Security and Delegation in Configuration Manager 1065Planning for Security and Delegation 1065ConfigMgr Security Solutions 1067Role-Based Administration 1068Managing Administrative Users 1069Security Roles 1070Security Scopes 1074Associating Security Scopes and Collections with Individual Roles 1077Administrative Security Reports 1078RBA Under the Hood 1079Preventing Unauthorized Access to ConfigMgr 1084Securing Access at the Active Directory Level 1084Securing Access at the Database Level 1085Auditing ConfigMgr Administrative Actions 1086Securing the ConfigMgr Infrastructure 1089Building Security into Your Hierarchy 1089Securing Site Systems 1090ConfigMgr Cryptographic Controls 1096ConfigMgr Network Security 1097ConfigMgr Content Security 1115Securing ConfigMgr Accounts 1116Summary 1123Chapter 21 Backup, Recovery, and Maintenance 1125Performing Site and SQL Server Backups 1125Backing Up ConfigMgr 1126Restoring ConfigMgr Backups 1129Site Maintenance Options 1136Using Backup and Restore to Migrate to New 1139SQL Replication 1140Monitoring SQL Replication 1140Replication Link Analyzer 1143Alerts for SQL Replication 1144Site Maintenance 1145Site Maintenance Tasks 1145DDR Retention 1155Obsolete Records 1162How a Record Can Be Marked Obsolete 1163Database Maintenance 1165Making the Status Message System Work for You 1166Maintaining Status Data 1167Status Filter Rules 1169Status Summarizers 1172Monitoring Configuration Manager with Operations Manager 1174Services and Descriptions 1175Summary 1176PART VI: AppendixesAppendix A Configuration Manager Log Files 1179Related Documentation 1180Viewing Log Files 1180Enabling Logging 1181Client Logs 1183Server Logs 1188Functionality Logs 1194Software and Application Installation Logs 1207Log File Mining 1209Appendix B Extending Hardware Inventory 1211How to Extend Hardware Inventory 1212Example of Extending Inventory 1213Creating a Device Collection 1223Appendix C Reference URLs 1225General Resources 1225Microsoft's Configuration Manager Resources 1229Other Configuration Manager Resources 1234Blogs 1235Microsoft System Center 1237Public Forums 1237Utilities 1238Appendix D Available Online 1241SQL Profiler Template 1241Top 10 Most Executed Reports Query 1241OSD Starter Scripts 1241Live Links 1242Index 1243
