Monday, May 23, 2016

How to implement SSL for SCCM 2012 Application Catalog site(AppStore)

How to implement SSL for SCCM 2012 Application Catalog site(AppStore)

I have implemented a Self Service Portal using Configuration Manager Application Catalog for software and applications. The Application Catalog is the user’s gateway to the available applications that they can install and Software Center helps the user track the status of available and required software. It was installed as http site initially but to meet the corporate security requirement, I have implemented SSL without using PKI infrastructure.

For SSL implementation, Used self-signed Root CA certificate. You can use PKI, self-signed or 3rd part certificates for this. You can also create DNS alias for the site well.

Here are steps to achieve this….

Log in to the server where Application Catalog roles are installed.

IIS configuration

RunàInetmgr

Select the site where you have configured Application catalog.


Configure Binding for SSL



Redirect Rule for DNS FQDN Select HTTP Redirect



Your App Catalog website is now SSL enabled.

For More information on Application Catalogue please check this.









SCCM 1511 Features


SCCM 1511 Features

Details of SCCM 1511 features...

Windows 10
·         Windows 10 servicing
·         Sideloading apps in Windows 10
·         Compliance settings for Windows 10
Infrastructure
·         Preferred management points
·         Single Primary site supports up to 150k clients and 700k client in a hierarchy
·         Support for Microsoft Azure virtual machines
·         Diagnostics and Usage Data
·         Support for SQL Server AlwaysOn for highly available databases
·         Integration with Windows Update for Business
Console
·         Natively manage Office 365 desktop client update
·         Deploy Windows Business Store applications
·         Support for multiple Automatic Deployment Rules
·         Client deployment status in console monitoring
·         Schedule and run the WSUS clean up task from the Configuration Manager console
·         Updates and servicing
·         Client piloting to preproduction
·         Software Center
Operating System Deployment
·         Windows 10 in-place upgrade task sequence
·         Windows PE Peer Cache
Mobile Device Management
·         Mobile device management (MDM) feature parity between Intune stand-alone and Configuration Manager
·         Mobile Application Management
·         Data protection for mobile devices
·         On-premises mobile device management (MDM)
·         App deployment to Windows 10 devices with on-premises MDM
·         Certificate provisioning is supported for Windows 10 devices that you manage using on-premises mobile device management.
·         Improved workflow for creating mobile device configuration items
·         Bulk enrollment of Windows 10 devices with on-premises MDM
·         Wipe and retire for on-premises mobile device management

System Center Configuration Manager and incremental versions

 

With 1511 release System Center Configuration Manager:
·         Does not use a year or product identifier in the product name, as seen with past versions like Configuration Manager 2007 or System Center 2012 Configuration Manager
·         Supports incremental in-product updates, also called update versions.

What's changed from System Center 2012 Configuration Manager

 

In-console updates for Configuration Manager

In-console updates for Configuration Manager Infrastructure and clients replaces the following separate update methods:
·         Service packs
·         Cumulative updates
·         Extensions for Microsoft Intune
·         Individual fixes

Service connection point replaces Microsoft Intune connector

The Microsoft Intune connecter is replaced by a new site system role that enables additional functionality, the service connection point. The service connection point:

·         Replaces the Microsoft Intune connector when you integrate Intune with System Center Configuration Manager On-premises Mobile Device Management
·         Is used as a point of contact for devices you manage with
·         Uploads usage data about your deployment to the Microsoft cloud service
·         Makes updates that apply to your deployment available from within the Configuration Manager console

Usage data collection

System Center Configuration Manager collects usage data about your sites and infrastructure.

Support for Intel Active Management Technology (AMT)

With System Center Configuration Manager, native support for AMT-based computers from within the Configuration Manager console has been removed.
·         AMT-based computers remain fully managed.
·         Use of the add-on provides you access to the latest capabilities to manage AMT while removing limitations introduced until Configuration Manager could incorporate those changes
·         Out of Band Management in System Center 2012 Configuration Manager is not affected by this change
The removal of integrated AMT for System Center Configuration Manager includes:
·         The Out of Band Management point site system role is no longer used nor available

Deprecated functionality


Client deployment

System Center Configuration Manager introduces a new capability for testing new versions of the Configuration Manager client before upgrading the rest of site with the new software. This new capability gives you the opportunity to set up a preproduction collection in which to pilot a new client. Once you are satisfied with the new client software in preproduction, you can promote the client to automatically upgrade the rest of the site with the new version.

Operating system deployment

·         A new task sequence type is available in the Create Task Sequence Wizard, Upgrade an operating system from upgrade package, that creates the steps to upgrade computers from Windows 7, Windows 8, or Windows 8.1 to Windows 10.
·         Windows PE Peer Cache is now available when you deploy operating systems. Computers that run a task sequence to deploy an operating system can use Windows PE Peer Cache to obtain content from a local peer (a peer cache source) instead of downloading content from a distribution point..
·         You can now view the state of Windows as a Service in your environment, create servicing plans to form deployment rings and ensure that Windows 10 current branch computers are kept up to date when new builds are released, and view alerts when Windows 10 clients are near end of support for their build of Current Branch (CB) or Current Branch for Business (CBB).

Application management

·         System Center Configuration Manager lets you deploy Universal Windows Platform (UWP) apps for devices running Windows 10 and later.
·         Software Center has a new, modern look and apps that previously only appeared in the Application Catalog (user-available apps) now appear in Software Center under the Applications tab. This makes these deployments more discoverable to users and removes the need for them to use the Application Catalog. Additionally, a Silverlight enabled browser is no longer required.
·         The new Windows Installer through MDM application type lets you create and deploy Windows Installer-based apps to enrolled PCs that run Windows 10.te an application for an in-house iOS app you only need to specify the installer (.ipa) file for the app. You no longer need to specify a corresponding property list (.plist) file.
·         In Configuration Manager 2012, to specify a link to an app in the Windows Store, you could either specify the link directly, or browse to a remote computer that had the app installed. In System Center Configuration Manager, you can still enter the link directly, but now, instead of browsing to a reference computer, you can now browse the store for the app directly from the Configuration Manager console.

Software updates

·         System Center Configuration Manager now has the ability to differentiate a Windows 10 computer that connects to Windows Update for Business (WUfB) for software update management versus the computers connected to WSUS for software update management. The UseWUServer attribute is new and specifies whether the computer is manage with WUfB. You can use this setting in a collection to remove these computers from software update management. For more information
·         You can now schedule and run the WSUS clean up task from the Configuration Manager console. You can now manually run the WSUS cleanup task from in Software Update Point Component properties. When you select to run the WSUS cleanup task, it will run at the next software updates synchronization. The expired software updates will be set to a status of declined on the WSUS server and the Windows Update Agent on computers will no longer scan these software updates. For more information.

Compliance settings

·         System Center Configuration Manager introduces an improved workflow for creating configuration items. Now, when you create a configuration item, and select supported platforms, only the settings relevant to that platform are available.
·         The create configuration item wizard now makes it easier to choose the configuration item type you want to create. Additionally, new and updated configuration items are available for:
o    Windows 10 devices managed with the Configuration Manager client
o    Mac OS X devices managed with the Configuration Manager client
o    Windows desktop and server computers managed with the Configuration Manager client
o    Windows 8.1 and Windows 10 devices managed without the Configuration Manager client
o    Windows Phone devices managed without the Configuration Manager client
o    iOS and Mac OS X devices managed without the Configuration Manager client
o    Android and Samsung KNOX devices managed without the Configuration Manager client
·         Support for managing settings on Mac OS X computers that are either enrolled with Microsoft Intune or managed using the Configuration Manager client.
·         System Center Configuration Manager lets you integrate with Microsoft Passport for Work which is an alternative sign-in method that uses Active Directory, or an Azure Active Directory account to replace a password, smart card, or virtual smart card on devices running Windows 10.

Mobile device management with Microsoft Intune

System Center Configuration Manager introduces improvements to the mobile device management experience including:
·         Limit the number of devices a user can enroll
·         Specify terms and conditions users of the Company Portal must accept before accept before they can enroll or use the app
·         Added an device enrollment manager role to help manage large numbers of devices

On-premises Mobile Device Management

With System Center Configuration Manager you can now manage mobile devices using on-premises Configuration Manager infrastructure. All device management and management data is handled on-premises and is not part of Microsoft Intune or other cloud services. This type of device management doesn't require client software since the capabilities that Configuration Manager uses to manage the devices are built into the device operating systems.


Tuesday, May 17, 2016

SCCM 2012 Collection for Computers with IE 11 installed on Windows 7 OS



select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceID = SMS_R_System.ResourceID inner join SMS_G_System_OPERATING_SYSTEM on SMS_G_System_OPERATING_SYSTEM.ResourceID = SMS_R_System.ResourceID where SMS_G_System_SoftwareFile.FilePath like "%\\Program Files\\Internet Explorer\\" and SMS_G_System_SoftwareFile.FileName like "iexplore.exe" and SMS_G_System_SoftwareFile.FileVersion like "11.%" and SMS_G_System_OPERATING_SYSTEM.Version like "6.1%"

Thanks

SCCM 2012 Collection for Computers having less than XX GB Free Disk Space

Computers having less than XX GB Free Disk Space


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_LOGICAL_DISK on SMS_G_System_LOGICAL_DISK.ResourceID = SMS_R_System.ResourceId where SMS_G_System_LOGICAL_DISK.FreeSpace < xxxxx(MB)