Monthly Archives: December 2012

Connecting Configuration Manager and Office365

In SCCM 2012 you have the option to manage your Activesync enabled devices (which are connected to Exchange 2010) with SP1 you have the option to also connect to your O365 Exchange site.
This connector uses PowerShell service site to connect.

PS: If you want to connect to an Office365 site using regular PowerShell you would need to download

The Microsoft Online Services Sign-in Assistant à http://go.microsoft.com/fwlink/p/?linkid=236300
Microsoft Online Services Modules for Windows PowerShell à
http://go.microsoft.com/fwlink/p/?linkid=236297

You can run the command get-command –module MSonline to list the cmdelts available for this module.

To connect you can use this script
$LiveCred
=
Get-Credential

$Session
=
New-PSSession
-ConfigurationName
Microsoft.Exchange
-ConnectionUri
https://ps.outlook.com/powershell/
-Credential
$LiveCred
-Authentication
Basic
-AllowRedirection

You have to enabled the –AllowRedirection since this allows for the remote session to automatically redirect you to your site.

As you can see from the script it redirects my session to my host

Then you just have to enter the new session

Import-pssession $session

But now back to Configuration Manager part of this post J

Open the console and goto Administration tab à

Choose “Add Exchange Server”

Enter the URL https://ps.outlook.com/ (Configuration Manager will add the PowerShell-LiveID prefix automatically)

Now go to the account tab and enter a live ID account which has administration rights

Now go to the discovery tab and choose find all mobile devices

After that click Apply à OK and then do a synchronize now

Now if you run into any trouble open the EasDisc.log file

Now you can see that the Mobile device is now imported into ConfigMgr

Happy New years!

System Center 2012 Service Pack 1 released, Holidays

Merry christmas to all!
System Center 2012 Service Pack 1 has now been released for download at MSDN.

You can read all about the new stuff here –>
http://technet.microsoft.com/en-us/library/jj649385.aspx

Going to be silent on this blog, will come back strong after new years 🙂

Cheers!

Trouble with Application Catalog

Had some trouble with a case today that the application catalog would not start. When we opened the catalog they could not connect to the catalog service and got this error message. According to the error message it could not connect to the application service.

02

If we checked the service with ConfigMgr console we can see that Application Catalog Web Point has status Critical

03

So when we checked the latest events for that components.

04

As we can see here WCF is not activated, so make sure that WCF is installed,

image

So after the component in installed try to reinstall the Application Portal Catalog point and it should work Smile

What’s new in the latest Intune release

The new Intune release that will be an early christmas gift for many has numerous new features including:
image

And now you can connect your on-premise ConfigMgr instance with Intune for more broad device management.

image

Here you have a list of the fully supported mobile devices.

image

Still missing the direct support for Android based phones but I’m guessing that is on the horizon as well Smile
For Windows 8 users, they will get a new Self-service portal in order to get their apps, which is going to be a fully blown “new-gui” app.
 
You can read more about what’s new here –>  http://bit.ly/ZBOdcs

One system to manage them all

Microsoft has seen that all environments aren’t all black and white. Some have Linux/Unix based systems, some have Mac’s and some are just sitting on a terminal such as Wyse or Igel.
And then there are some that just use a tablet (iPad or Android based) Some are lucky enough to have a Windows 8 RT based tablet such as Microsoft Surface or Samsung ATIV.
What problems arise with all these devices and consumerization of IT ?

Management

With all the different components in the mix, IT is having a hard time managing all this different devices. They usually have different systems to manage different devices.
Since they usually have one system that is good on Unix but doesn’t have features that work on Android or IPhones. With the surge of next generation workers people wish to bring their own device within the business.
(This Dilbert comic shows the frustration that IT-people have in many occasions) Smile

Now Microsoft has been good at managing what they do best, Windows. They have done so since the first release of ConfigMgr in 1994 (Good old SMS) The biggest chance in ConfigMgr 2012 is that the system is now more User-Centric.
Meaning that the system is “aware” of users within the environment, previously it was aimed at just the device.
And with the upcoming release of Service Pack 1 there are multiple news that make the IT-admin work easier.

* Support for Linux/Unix based Systems
* Support for Mac OSX
* Support for Windows Embedded
* Support for Android and IPhones (5 & 6) (Using Windows Intune Connector)
* Support for Windows 8 Phones and Windows RT (Using Windows Intune Connector)

Now if you are missing some devices here, ConfigMgr also has support for devices that support Exchange ActiveSync, so therefore ConfigMgr can be the center of your IT-management infrastructure. It still remains to see what functionality comes with Intune connector to mobile devices. (And if it can compare with other MDM systems on the market.) the main problem with MDM is that people are concerned about their private data on their devices since IT in some forms can manage their devices.
You can read more about it here –> http://www.informationweek.in/mobile/12-12-05/3_factors_to_consider_for_framing_byod_policy.aspx?utm_medium=twitter&utm_source=twitterfeed
 

You can look at this video interview with Wally Mead which is head of development of ConfigMgr if you wish to know more about Intune and SP1
http://blogs.technet.com/b/keithmayer/archive/2012/12/03/managing-mobile-devices-with-system-center-2012-configuration-manager-sp1-and-windows-intune.aspx#.UL0f3oNQUqx

Since a lot are competition on this front, ConfigMgr might gain the edge because of it’s wast support for devices, low cost and integration with other system center products.

Integration possibilities:

* System Center
* XenApp XenDesktop
* App-V
* Secunia
* RES
* AppSense
* + Much moresyst

With all these possibilities ConfigMgr can become a central point for managing all of your devices. 

Configuration Manager SP1 instant actions & Orchestrator

With Service Pack 1 there is a lot of new features available for instant actions. ConfigMgr is not happening “real-time” so when you deploy software to a computer it needs to wait for the computer to update its policy before it realizes that a new software is available. With Service Pack 1 you have more options to “speed things up” for instance you can do an remote computer update policy from within ConfigMgr.
Which is pretty similar with what you can with in Windows Server 2012 and Group Policy management where you can do a remote force update policy.

So you can do this on computer level or at collection level.
1

So as you can see we have
“Client Notification –> from here we can choose Update Computer Policy”
Endpoint Protection –> Update definition and full scan on the collection”

You can also do this at computer level, the options available will be reflected upon what component is installed. So if Endpoint protection is not installed you can not force update the definitions or run a full scan.
image

So in this case Endpoint protection is not installed on this computer so we can not update the endpoint. But this new features will allow for administrators to more quickly deploy updates / applications / endpoint definitions to computer.
Just remember that running updates on a large collection might result in a CPU spike on the Management Servers.

Now on the other hand we also have the ability to automate jobs from Orchestrator against Configuration Manager.
Now why would we do this ?
Just pretend we have a runbook that creates multiple virtual machines for a customer, we would want to have a custom computer collection created for that customer were we place all these new computers, where we would deploy baselines based upon what applications that customer wants as well. Might also be that a superuser wishes to deploy a new application that he purchased for his users that he wishes to deploy. Ill give some better examples as we go trough here.
Now to let’s take a look at the activities we have available in Orchestrator.

image

We have
* Deploy program
* Add Collection Rule
* Create Collection
* Perform Client Action
* Get Deployment Status
* Get Collection
* Deploy Task Sequence
* Query ConfigMgr
* Deploy Software Update
* Delete Collection
* Delete Collection rule
* Update Collection Membership
* Deploy Software
* Deploy Application
* Deploy Configuration Baseline

These actions can be used to deploy a runbook for a customer. For instance a superuser can issue a application deployment for its users after the software has been ordered.
Or a new customer can get a new computer collection created for its computers (or for instance a new VMM deployment can get a computer collection created in ConfigMgr and get baselines attached to it)
There are endless options here for deployment. You can also use this to do an instant “update” on the client using the Perform Client Action activity.

End of life System Center 2007 products

With the major release of System Center 2012 and soon to be Service Pack 1.
Microsoft has updated the End-of-life of its former System Center 2007 products.

Configuration Manager 2007 SP2
image

Operations Manager 2007

image

Data Protection Manager 2007

image

Service Manager 2010
image

System Center Virtual Machine Manager

image

And with the release of Windows Server 2012, System Center 2012 with SP1 is the only viable option.