Configuration Manager 2012 How To Video Series Compliance and Settings Management Overview(fka DCM) OnurKocSnr. Program Manager System Center Configuration Manager
Vision Provide a unified platform for customers and partners to define, monitor, enforce and report configuration compliance in the enterprise for users across all supported ConfigMgr devices. Pillars: • Simplify administrator experience • Embrace “user centric” management • Integrate architecture, infrastructure, administrator experience for all user-centric management disciplines for policy evaluation and rule authoring.
Investments • Simplify administrator experience • Deployment of Baselines • Monitoring Baseline deployment compliance status • Automatic remediation (aka DCM “set”) • CI revisioning and audit tracking • Support for Mobile phones • Integrated architecture, infra, experience for all user-centric disciplines. • Migration
Simplify administrator experience • Role-based administration built in “Compliance Settings Management Role” • Browse gold system when creating configuration items • Simplified Baseline creation experience • Re-use of settings across CI boundary
Simplify administrator experience • Role-based administration built in “Compliance Settings Management Role” • Browse gold system when creating configuration items • Simplified Baseline creation experience • Re-use of settings across CI boundary Scenario: Built in Compliance and Settings Management Role.
Simplify administrator experience • Role-based administration built in “Compliance Settings Management Role” • Browse gold system when creating configuration items • Simplified Baseline creation experience • Re-use of settings across CI boundary Scenario: Simplify configuration item creation.
User or Device Targeting Scenario: Deploy configuration policy to users or devices, remediate and report compliance for user or device. Design principal: Did support device targeting in 2007, now with user targeting support aligning with user centric vision. • New verb is “Deployment” no longer use Assignment term • Deploy baselines to user or device collections • If deployed to users evaluation options • Evaluate Baseline on all devices user logs on • Evaluate Baseline on only user’s primary machines • CIs in Baseline can contain user and device setting • User settings: • Registry settings stored under HKCU • Script setting: Run discovery and remediation scripts under user context • CIs with user settings will be evaluated when user logs on.
Define compliance SLAs for Baseline deployments Scenario: Alert admin when target compliance threshold is not met. Design principal: Provide clear alert description and condition not met for each Baseline deployment. Admin can manage alert properties for each BL deployment which is aligned with SWD and SUM. • Admin can define Target Compliance SLA % at BL Deployment level • Alerts are generated if SLA is not met • Customize alerts properties • Reevaluate alert condition in time in future again.
In Console Monitoring Scenario: Allow admin to view BL deployment compliance statistics within console Design principal: Show the most important issues admin needs to worry about in priority order within console • Most common Noncompliant/Errors sorted based on # of devices/users impacted • Deployed to Users vs Device • If deployed to user collection, asset details is sorted by user • If deployed to device collection, asset detail is sorted by device • Reports are also available and now includes remediation, conflict and error reporting
Monitor vs Remediate • Monitoring: We still support monitoring for all Configuration Manager 2007 setting providers (Registry Key, Registry Value, File, Folder, Script , WMI, XML…..etc) • Check existence of setting • Check value of setting • Remediation: Only supported for Registry-, wmi- and script-based settings and all mobile phone settings • Create setting if not exist • Set value if not compliant • Run remediation script • Remediate phone settings
Support for Mobile phones Scenario: Support configuration and compliance management for mobile phones Design principal: Unified platform and user experience to define, monitor, enforce and report configuration compliance for users across all supported ConfigMgr devices. • Fully integrated authoring, targeting and reporting experience • Easily build a CI from built-in common settings or create your own settings • Compliance evaluation off-loaded to server to limit battery and cpu impact on mobile • Support for WM6.1 and WP 6.5.x
Configuration Item revisioningand audit tracking Scenario: Support change management for configuration items Design principal: Ability to see revisions of configuration item, view who changed what and chose to use specific or latest revision of CIs in Baselines.
Migration Scenario: Migrate 2007 Config Packs Design principal: Migration and Import support for all 2007 Config Packs to 2012. • Ability to import 2007 CI and Baselines to 2012 environment • Migration from 2007 hierarchy to 2012 using migration tool • Migration or Import will automatically convert v4 schema to v5 schema