Introduction to Client Deployment in Configuration Manager

Client deployment refers to the planning, installation, and management of System Center 2012 Configuration Manager client computers and mobile devices in your enterprise. The types of devices that you have, your business requirements, and your preferences, determine the methods that you use to manage computers and mobile devices. This guide contains information about how to plan, configure, manage, and monitor client deployment in Configuration Manager to computers and mobile devices.

Use the following sections for more information about how to deploy and monitor client deployment for computers and mobile devices:

Deploying the Configuration Manager Client to Windows-Based Computers
- Deploying the Configuration Manager Client to Windows Embedded Devices
Considerations for Managing the Configuration Manager Client in a Virtual Desktop Infrastructure (VDI)
Deploying the Configuration Manager Client to Mac Computers
Deploying the Configuration Manager Client to Linux and UNIX Servers
Monitoring the Status of Client Computers in Configuration Manager
Managing Mobile Devices by Using Configuration Manager

Deploying the Configuration Manager Client to Windows-Based Computers

The following table lists the various methods that you can use to install the Configuration Manager client software on computers. For information about how to decide which client installation method to use, see Determine the Client Installation Method to Use for Windows Computers in Configuration Manager. For more information about how to install the client, see How to Install Clients on Windows-Based Computers in Configuration Manager.

Client installation method	Description
Client push installation	Automatically installs the client to assigned resources and manually installs the client to resources that are not assigned.
Software update point installation	Installs the client by using the Configuration Manager software updates feature.
Group Policy installation	Installs the client by using Windows Group Policy.
Logon script installation	Installs the client by using a logon script.
Manual installation	Manually installs the client software.
Upgrade installation by using application management	Upgrades clients to a newer version by using Configuration Manager application management. You can also use Configuration Manager 2007 software distribution to upgrade clients to System Center 2012 Configuration Manager.
Automatic client upgrade	Configuration Manager with no service pack Automatically upgrades Configuration Manager 2007 and System Center 2012 Configuration Manager clients to the latest System Center 2012 Configuration Manager version when they are earlier than version that you specify. For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only: Automatically upgrades Configuration Manager 2007 and System Center 2012 Configuration Manager clients to the latest System Center 2012 Configuration Manager version when they are earlier than the version of their System Center 2012 Configuration Manager assigned site. For more information, see the How to Automatically Upgrade the Configuration Manager Client section in the topic How to Install Clients on Windows-Based Computers in Configuration Manager.
Client imaging	Prestages the client installation in an operating system image.

For information about how to install the Configuration Manager client on devices that run Windows Embedded operating systems, see the section Tasks for Managing Configuration Manager Clients on Windows Embedded Devices in the Configuration Manager 2007 Documentation Library.

After the client is installed successfully, it attempts to assign to a site and find a management point from which to download policy. For more information about site assignment, see How to Assign Clients to a Site in Configuration Manager.

Although the Configuration Manager console and reports provide some information about client installation and site assignment, you can use the fallback status point site system role to more closely track and monitor client installation and site assignment. For more information about the fallback status point, see Determine the Site System Roles for Client Deployment in Configuration Manager.

What’s New in Configuration Manager for Windows-Based Computers

Note
The information in this section also appears in the Getting Started with System Center 2012 Configuration Manager guide.

The following items are new or have changed for client deployment since Configuration Manager 2007:

Clients are no longer configured for mixed mode or native mode, but instead use HTTPS together with public key infrastructure (PKI) certificates or HTTP together with self-signed certificates. Clients use HTTPS or HTTP according to the configuration of the site system roles that the clients connect to and whether they have a valid PKI certificate that performs client authentication.

On the Configuration Manager client, in Properties, on the General tab, review the Client certificate value to determine the current client communication method. This value displays PKI certificate when the client communicates with a management point over HTTPS, and Self-signed when the client communicates with a management point over HTTP. Just as the client property value for the Connection type updates, depending on the current network status of the client, so the Client certificate client property value updates, depending on with which management point the client communicates.
Because System Center 2012 Configuration Manager does not use mixed mode and native mode, the client installation property /native: [<native mode option>] is no longer used. Instead, use /UsePKICert to use a PKI certificate that has client authentication capability, if it is available, but fall back to an HTTP connection if no certificate is available. If /UsePKICert is not specified, the client does not attempt to communicate by using a PKI certificate, but communicates by using HTTP only. Additionally, use the new command /NoCRLCheck if you do not want a client to check the certificate revocation list (CRL) before it establishes an HTTPS communication.
The client.msi property SMSSIGNCERT is still used but requires the exported self-signed certificate of the site server. This certificate is stored in the SMS certificate store and has the Subject name Site Server and the friendly name Site Server Signing Certificate.
When you reassign a client from a Microsoft System Center 2012 Configuration Manager hierarchy to another System Center 2012 Configuration Manager hierarchy, the client can automatically replace the trusted root key, if the new site is published to Active Directory Domain Services and the client can access that information from a global catalog server. For this scenario in Configuration Manager 2007, you had to remove the trusted root key, manually replace the trusted root key, or uninstall and reinstall the client.
The server locator point is no longer used for site assignment or to locate management points. This functionality is replaced by the management point. The CCMSetup Client.msi property SMSSLP remains supported, but only to specify the computer name of management points.
You no longer install International Client Packs when you want to support different languages on the client. Instead, select the client languages that you want during Setup. Then, during the client installation, Configuration Manager automatically installs support for those languages on the client, enabling the display of information in a language that matches the user’s language preferences. If a matching language is not available, the client displays information in the default of English. For more information, see the Planning for Client Language Packs section in the Planning for Sites and Hierarchies in Configuration Manager topic.
Decommissioned clients are no longer displayed in the Configuration Manager console, and they are automatically removed from the database by the Delete Aged Discovery Data task.
The Client.msi property for CCMSetup, SMSDIRECTORYLOOKUP=WINSPROMISCUOUS, is no longer supported. This setting allowed the client to use Windows Internet Name Service (WINS) to find a management point without verifying the management point's self-signed certificate.
To support the new 64-bit client, the location of the CCM folder for client-related files (such as the client cache and log files) has changed from %windir%\system32 to %windir%. If you reference the CCM folder for your own script files, update these references for the new folder location for System Center 2012 Configuration Manager clients. System Center 2012 Configuration Manager does not support the CCM folder on paths that support redirection (such as Program Files and %windir%\system32) on 64-bit operating systems.
Automatic, site-wide client push now installs the Configuration Manager on existing computer resources if the client is not installed, and not just newly discovered computer resources.
Client push installation starts and tracks the installation of the client by using the Configuration Manager database and no longer creates individual .CCR files. When you enable client push installation for a site, all discovered resources that are assigned to the site and that do not have a client installed are immediately added to the database, and client installation begins.
Configuration Manager can automatically upgrade Configuration Manager 2007 and System Center 2012 Configuration Manager clients to the latest System Center 2012 Configuration Manager version when they are below a version that you specify. For more information see the How to Automatically Upgrade the Configuration Manager Client section in the topic How to Install Clients on Windows-Based Computers in Configuration Manager.

What’s New in Configuration Manager SP1 for Windows-Based Computers

Note
The information in this section also appears in the Getting Started with System Center 2012 Configuration Manager guide.

The following items are new or have changed for client deployment in Configuration Manager SP1:

Configuration Manager can automatically upgrade Configuration Manager 2007 and System Center 2012 Configuration Manager clients to the version of their assigned System Center 2012 Configuration Manager site. For more information see the How to Automatically Upgrade the Configuration Manager Client for the Hierarchy section in the topic How to Install Clients on Windows-Based Computers in Configuration Manager.
You can now specify the following CCMSetup.exe properties as installation options when you use client push:
- /forcereboot
- /skipprereq
- /logon
- /BITSPriority
- /downloadtimeout
- /forceinstall
Configuration Manager SP1 clients now use Microsoft Silverlight 5 for the Application Catalog. Configuration Manager automatically installs this version of Silverlight on clients if it is not already installed, and by default, configures the Computer Agent client setting Allow Silverlight applications to run in elevated trust mode to Yes. For more information, see the Certificates for Silverlight 5 and Elevated Trust Mode Required for the Application Catalog section in the Security and Privacy for Application Management in Configuration Manager topic.
There is a new value that is now the default for the Computer Agent client setting PowerShell execution policy: All Signed. This new value restricts the Configuration Manager client to running Windows PowerShell scripts only if they are signed by a trusted publisher, regardless of the current Windows PowerShell configuration on the client computer. For more information, see the Computer Agent section in the About Client Settings in Configuration Manager topic.
The new Computer Agent client setting, Disable deadline randomization, by default, disables the installation randomization delay for required software updates and required application deployments. For more information, see the Computer Agent section in the About Client Settings in Configuration Manager topic.

Client notification in Configuration Manager enables some client operations to be performed as soon as possible, instead of during the usual client policy polling interval. For example, you can use the client management task Download Computer Policy to instruct computers to download policy as soon as possible. Additionally, you can initiate some actions for Endpoint Protection, such as a malware scan of a client.

By default, client notification communication uses TCP port 10123, which is configurable as a site property for a primary site. You might have to configure Windows Firewall on the management point, clients, and any intervening firewalls for this new port communication. However, client notification can fall back to using the established client-to-management point communication of HTTP or HTTPS. Actions taken by client notification are displayed in the new Client Operations node in the Monitoring workspace.

Note
Client notification does not support role-based administration. All users of the Configuration Manager console can see notifications in the Client Operations node in the Monitoring workspace.

For more information, see How to Configure Client Communication Port Numbers in Configuration Manager and How to Manage Clients in Configuration Manager.

You can install the Configuration Manager client on computers that run Mac OS X. You can then manage this client by using compliance settings, deploying software, and by collecting hardware inventory. For more information, see How to Install Clients on Mac Computers in Configuration Manager.
You can install the Configuration Manager client on servers that run a supported version of Linux or UNIX. You can then manage this client by using deploying software, and by collecting hardware inventory. For more information, see How to Install Clients on Linux and UNIX Computers in Configuration Manager.

What’s New in System Center 2012 R2 Configuration Manager for Windows-Based Computers

Note
The information in this section also appears in the Getting Started with System Center 2012 Configuration Manager guide.

The following items are new or have changed for client deployment in System Center 2012 R2 Configuration Manager:

You can now select Resultant Client Settings from the Configuration Manager console to view the effective client settings that will be applied to the selected device. The resultant client setting accounts for the prioritization or combination of attributes where multiple client settings have been deployed to the same device. For more information, see Viewing the Resultant Client Settings.
You can now reassign Configuration Manager clients, including managed mobile devices, to another primary site in the hierarchy. Clients can be reassigned individually or can be multi-selected and reassigned in bulk to a new site.
If you use wake-up proxy, you no longer have to manually configure Windows Firewall on clients to allow TCP/IP ping commands when you specify the Power Management client setting, Firewall exception for wake-up proxy.
A new property has been added for Ccmsetup.exe, /ExcludeFeatures:<feature>. This property prevents the specified feature from installing the client installation. For this release, the only supported feature is ClientUI, which prevents the Software Center from installing on the client. For more information, see CCMSetup.exe Command-Line Properties.

Deploying the Configuration Manager Client to Windows Embedded Devices

If your Windows Embedded device does not include the Configuration Manager client, you can use any of the client installation methods if the device meets the required dependencies. If the embedded device supports write filters, you must disable these filters before you install the client, and then re-enable the filters again after the client is installed and assigned to a site.

Write filters control how the operating system on the embedded device is updated when you make changes, such as when you install software. When write filters are enabled, instead of making the changes directly to the operating system, these changes are redirected to a temporary overlay. If the changes are only written to the overlay, they are lost when the embedded device shuts downs. However, if the write filters are temporarily disabled, the changes can be made permanent so that you do not have to make the changes again (or reinstall software) every time that the embedded device restarts. However, temporarily disabling and then re-enabling the write filters requires one or more restarts, so that you typically want to control when this happens by configuring maintenance windows so that restarts occur outside business hours.

When you install software on Windows Embedded devices with Configuration Manager with no service pack, you must always take additional steps to disable the write filters, install the software, and then re-enable the write filters. However, if the embedded client runs Configuration Manager SP1, you can configure options to automatically disable and re-enable the write filters when you deploy software such as applications, task sequences, software updates, and the Endpoint Protection client. The exception is for configuration baselines with configuration items that use automatic remediation. In this scenario, the remediation always occurs in the overlay so that it is available only until the device is restarted. The remediation is applied again at the next evaluation cycle, but only to the overlay, which is cleared at restart. To force Configuration Manager SP1 to commit the remediation changes, you can deploy the configuration baseline and then another software deployment that supports committing the change as soon as possible.

If the write filters are disabled, you can install software on Windows Embedded devices by using Software Center. However, if the write filters are enabled, the installation fails and Configuration Manager displays an error message that you have insufficient permissions to install the application.

Warning
Even if you do not select the Configuration Manager SP1 options to commit the changes, the changes might be committed if another software installation or change is made that commits changes. In this scenario, the original changes will be committed in addition to the new changes.

When Configuration Manager SP1 disables the write filters to make changes permanent, only users who have local administrative rights can log on and use the embedded device. During this period, low-rights users are locked out and see a message that the computer is unavailable because it is being serviced. This helps protect the device while it is in a state where changes can be permanently applied, and this servicing mode lockout behavior is another reason to configure a maintenance window for a time when users will not log on to these devices.

Configuration Manager supports managing the following types of write filters:

File-Based Write Filter (FBWF) – (Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only). For more information, see File-Based Write Filter on MSDN.
Enhanced Write Filter (EWF) RAM – (Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only). For more information, see Enhanced Write Filter on MSDN.
Unified Write Filter (UWF) – (System Center 2012 R2 Configuration Manager only). For more information, see Unified Write Filter on MSDN.

Configuration Manager does not support write filter operations when the Windows Embedded device is in EWF RAM Reg mode.

Important
If you have the choice, use File-Based Write Filters with Configuration Manager SP1 for increased efficiency and higher scalability. When you have this configuration, configure the following exceptions to persist client state and inventory data between device restarts: CCMINSTALLDIR\*.sdf CCMINSTALLDIR\ServiceData HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\StateSystem

For an example scenario to deploy and manage write-filter-enabled Windows Embedded devices in Configuration Manager SP1, see Example Scenario for Deploying and Managing Configuration Manager Clients on Windows Embedded Devices.

For more information about how to build images for Windows Embedded devices and configure write filters, see your Windows Embedded documentation, or contact your OEM.

Note
When you select the applicable platforms for software deployments and configuration items, these display the Windows Embedded families rather than specific versions. Use the following list to map the specific version of Windows Embedded to the options in the list box: Embedded Operating Systems based on Windows XP (32-bit) includes the following: Windows XP Embedded Windows Embedded for Point of Service Windows Embedded Standard 2009 Windows Embedded POSReady 2009 Embedded operating systems based on Windows 7 (32-bit) includes the following: Windows Embedded Standard 7 (32-bit) Windows Embedded POSReady 7 (32-bit) Windows ThinPC Embedded operating systems based on Windows 7 (64-bit) includes the following: Windows Embedded Standard 7 (64-bit) Windows Embedded POSReady 7 (64-bit)

Note

When you select the applicable platforms for software deployments and configuration items, these display the Windows Embedded families rather than specific versions. Use the following list to map the specific version of Windows Embedded to the options in the list box:

Embedded Operating Systems based on Windows XP (32-bit) includes the following:
- Windows XP Embedded
- Windows Embedded for Point of Service
- Windows Embedded Standard 2009
- Windows Embedded POSReady 2009
Embedded operating systems based on Windows 7 (32-bit) includes the following:
- Windows Embedded Standard 7 (32-bit)
- Windows Embedded POSReady 7 (32-bit)
- Windows ThinPC
Embedded operating systems based on Windows 7 (64-bit) includes the following:
- Windows Embedded Standard 7 (64-bit)
- Windows Embedded POSReady 7 (64-bit)

What’s New in System Center 2012 R2 Configuration Manager for Windows Embedded Devices

Considerations for Managing the Configuration Manager Client in a Virtual Desktop Infrastructure (VDI)

System Center 2012 Configuration Manager supports installing the Configuration Manager client on the following virtual desktop infrastructure (VDI) scenarios:

Personal virtual machines – Personal virtual machines are generally used when you want to make sure that user data and settings are maintained on the virtual machine between sessions.
Remote Desktop Services sessions – Remote Desktop Services enables a server to host multiple, concurrent client sessions. Users can connect to a session and then run applications on that server.
Pooled virtual machines – Pooled virtual machines are not persisted between sessions. When a session is closed, all data and settings are discarded. Pooled virtual machines are useful when Remote Desktop Services cannot be used because a required business application cannot run on the Windows Server that hosts the client sessions.

The following table lists considerations for managing the Configuration Manager client in a virtual desktop infrastructure.

Virtual machine type	More information
Personal virtual machines	Configuration Manager treats personal virtual machines identically to a physical computer. The Configuration Manager client can be preinstalled on the virtual machine image or deployed after the virtual machine is provisioned.
Remote Desktop Services	The Configuration Manager client is not installed for individual Remote Desktop sessions. Instead, the client is only installed one time on the Remote Desktop Services server. All Configuration Manager features can be used on the Remote Desktop Services server.
Pooled virtual machines	When a pooled virtual machine is decommissioned, any changes that you make by using Configuration Manager are lost. Data returned from Configuration Manager features such as hardware inventory, software inventory and software metering might not be relevant to your needs as the virtual machine might only be operational for a short length of time. Consider excluding pooled virtual machines from inventory tasks.

Because virtualization supports running multiple Configuration Manager clients on the same physical computer, many client operations have a built-in randomized delay for scheduled actions such as hardware and software inventory, antimalware scans, software installations, and software update scans. This delay helps distribute the CPU processing and data transfer for a computer that has multiple virtual machines that run the Configuration Manager client.

Note
With the exception of Windows Embedded clients that are in servicing mode, Configuration Manager clients that are not running in virtualized environments also use this randomized delay. When you have many deployed clients, this behavior helps avoid peaks in network bandwidth and reduces the CPU processing requirement on the Configuration Manager site systems, such as the management point and site server. The delay interval varies according to the Configuration Manager capability. In Configuration Manager with no service pack, this behavior is not configurable in the Configuration Manager console. For Configuration Manager SP1 only, the randomization delay is disabled by default for required software updates and required application deployments by using the following client setting: Computer Agent: Disable deadline randomization.

Note

With the exception of Windows Embedded clients that are in servicing mode, Configuration Manager clients that are not running in virtualized environments also use this randomized delay. When you have many deployed clients, this behavior helps avoid peaks in network bandwidth and reduces the CPU processing requirement on the Configuration Manager site systems, such as the management point and site server. The delay interval varies according to the Configuration Manager capability. In Configuration Manager with no service pack, this behavior is not configurable in the Configuration Manager console. For Configuration Manager SP1 only, the randomization delay is disabled by default for required software updates and required application deployments by using the following client setting: Computer Agent: Disable deadline randomization.

Deploying the Configuration Manager Client to Mac Computers

For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only:

You can install the Configuration Manager client on Mac computers that run the Mac OS X operating system and use the following management capabilities:

Capability

More Information

Hardware inventory

You can use Configuration Manager hardware inventory to collect information about the hardware and installed applications on Mac computers. This information can then be viewed in Resource Explorer in the Configuration Manager console and used to create collections, queries and reports. For more information, see How to Use Resource Explorer to View Hardware Inventory in Configuration Manager.

Configuration Manager collects the following hardware information from Mac computers:

Processor
Computer System
Disk Drive
Disk Partition
Network Adapter
Operating System
Service
Process
Installed Software
Computer System Product
USB Controller
USB Device
CDROM Drive
Video Controller
Desktop Monitor
Portable Battery
Physical Memory
Printer

Important
You cannot extend the hardware information that is collected from Mac computers during hardware inventory.

Compliance settings

You can use Configuration Manager compliance settings to view the compliance of and remediate Mac OS X preference (.plist) settings. For example, you could enforce settings for the home page in the Safari web browser or ensure that the Apple firewall is enabled. You can also use shell scripts to monitor and remediate settings in MAC OS X.

Application management

Configuration Manager can deploy software to Mac computers. You can deploy the following software formats to Mac computers:

Apple Disk Image (.DMG)
Meta Package File (.MPKG)
Mac OS X Installer Package (.PKG)
Mac OS X Application (.APP)

When you install the Configuration Manager client on Mac computers, you cannot use the following management capabilities that are supported by the Configuration Manager client on Windows-based computers:

Client push installation
Operating system deployment

Software updates

Note
You can use Configuration Manager application management to deploy required Mac OS X software updates to Mac computers. In addition, you can use compliance settings to make sure that computers have any required software updates.

Maintenance windows
Remote control
Power management
Client status client check and remediation

For more information about how to install and configure the Configuration Manager Mac client, see How to Install Clients on Mac Computers in Configuration Manager.

What’s New in System Center 2012 R2 Configuration Manager for Mac Computers

Deploying the Configuration Manager Client to Linux and UNIX Servers

For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only:

You can install the Configuration Manager client on computers that run Linux or UNIX. This client is designed for servers that operate as a workgroup computer, and the client does not support interaction with logged-on users.

After you install the client software and the client establishes communication with the Configuration Manager site, you manage the client by using the Configuration Manager console and reports.

You can use the following management capabilities when you install the Configuration Manager client on Linux and UNIX computers:

Functionality	More information
Collections, queries, and maintenance windows	See How to Manage Linux and UNIX Clients in Configuration Manager.
Hardware inventory	See Hardware Inventory for Linux and UNIX in Configuration Manager.
Software deployment	See Deploying Software to Linux and UNIX Servers in Configuration Manager.
Monitoring and reporting	See How to Monitor Linux and UNIX Clients in Configuration Manager.

When you install the Configuration Manager client on Linux and UNIX computers, you cannot use the following management capabilities that are supported by the Configuration Manager client on Windows-based computers:

Client push installation
Operating system deployment
Application deployment; instead, deploy software by using packages and programs.
Software inventory
Software updates
Compliance settings
Remote control
Power management
Client status client check and remediation
Internet-based client management

For information about the supported Linux and UNIX distributions and the hardware required to support the client for Linux and UNIX, see the Client Requirements for Linux and UNIX Servers section in the Supported Configurations for Configuration Manager topic.

For more information about how to install and configure the Configuration Manager client for Linux and UNIX, see How to Install Clients on Linux and UNIX Computers in Configuration Manager.

What’s New in Cumulative Update 1 for the Client for Linux and UNIX

Monitoring the Status of Client Computers in Configuration Manager

Use the Client Status node in the Monitoring workspace of the Configuration Manager console to monitor the health and activity of client computers in your hierarchy. Configuration Manager uses the following two methods to evaluate the overall status of client computers.

Client Activity: You can configure thresholds to determine whether a client is active, for example:

Whether the client requested policy during the last seven days.
Whether Heartbeat Discovery found the client during the last seven days.
Whether the client sent hardware inventory during the last seven days.

When all these thresholds are exceeded, the client is determined to be inactive.

Client Check: A client evaluation engine is installed with the Configuration Manager client, which periodically evaluates the health of the Configuration Manager client and its dependencies. This engine can check or remediate some problems with the Configuration Manager client.

You can configure remediation not to run on specific computers, for example, a business-critical server. In addition, if there are additional items that you want to evaluate, you can use System Center 2012 Configuration Manager compliance settings to provide a comprehensive solution to monitor the overall health, activity, and compliance of computers in your organization. For more information about compliance settings, see Compliance Settings in Configuration Manager.

Client status uses the monitoring and reporting capabilities of Configuration Manager to provide information in the Configuration Manager console about the health and activity of the client. You can configure alerts to notify you when clients check results or client activity drops below a specified percentage of clients in a collection or when remediation fails on a specified percentage of clients.

For information about how to configure client status, see How to Configure Client Status in Configuration Manager.

Checks and remediations made by client check

The following checks and remediations can be performed by client check.

Client check	Remediation action	More information
Verify that client check has recently run	Run client check	Checks that client check has run at least one time in the past three days.
Verify that client prerequisites are installed	Install the client prerequisites	Checks that client prerequisites are installed. Reads the file ccmsetup.xml in the client installation folder to discover the prerequisites.
WMI repository integrity test	Reinstall the Configuration Manager client	Checks that Configuration Manager client entries are present in WMI.
Verify that the client service is running	Start the client (SMS Agent Host) service	No additional information
WMI Event Sink Test.	Restart the client service	Check whether the Configuration Manager related WMI event sink is lost
Verify that the Windows Management Instrumentation (WMI) service exists	No remediation	No additional information
Verify that the client was installed correctly	Reinstall the client	No additional information
WMI repository read and write test	Reset the WMI repository and reinstall the Configuration Manager client	Remediation of this client check is only performed on computers that run Windows Server 2003, Windows XP (64-bit) or earlier versions.
Verify that the antimalware service startup type is automatic	Reset the service startup type to automatic	No additional information
Verify that the antimalware service is running	Start the antimalware service	No additional information
Verify that the Windows Update service startup type is automatic or manual	Reset the service startup type to automatic	No additional information
Verify that the client service (SMS Agent Host) startup type is automatic	Reset the service startup type to automatic	No additional information
Verify that the Windows Management Instrumentation (WMI) service is running.	Start the Windows Management Instrumentation service	No additional information
Verify that the Microsoft SQL CE database is healthy	Reinstall the Configuration Manager client	No additional information
Verify that the Microsoft Policy Platform service startup type is manual.	Reset the service startup type to manual	No additional information
Verify that the Background Intelligent Transfer Service exists	No Remediation	No additional information
Verify that the Background Intelligent Transfer Service startup type is automatic or manual	Reset the service startup type to automatic	No additional information
Verify that the Network Inspection Service startup type is manual	Reset the service startup type to manual if installed	No additional information
Verify that the Windows Management Instrumentation (WMI) service startup type is automatic	Reset the service startup type to automatic	No additional information
Verify that the Windows Update service startup type on Windows 8 computers is automatic or manual	Reset the service startup type to manual	No additional information
Verify that the client (SMS Agent Host) service exists.	No Remediation	No additional information
Verify that the Configuration Manager Remote Control service startup type is automatic or manual	Reset the service startup type to automatic	No additional information
Verify that the Configuration Manager Remote Control service is running	Start the remote control service	No additional information
Verify that the client WMI provider is healthy	Restart the Windows Management Instrumentation service	Remediation of this client check is only performed on computers that run Windows Server 2003, Windows XP (64-bit) or earlier.
Verify that the wake-up proxy service (ConfigMgr Wake-up Proxy) is running	Start the ConfigMgr Wakeup Proxy service	For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only: This client check is made only if the Power Management: Enable wake-up proxy client setting is set to Yes on supported client operating systems.
Verify that the wake-up proxy service (ConfigMgr Wake-up Proxy) startup type is automatic	Reset the ConfigMgr Wakeup Proxy service startup type to automatic	For System Center 2012 Configuration Manager SP1 and System Center 2012 R2 Configuration Manager only: This client check is made only if the Power Management: Enable wake-up proxy client setting is set to Yes on supported client operating systems.

What’s New in Configuration Manager for Client Status

Managing Mobile Devices by Using Configuration Manager

You can use the following solutions to manage mobile devices in Configuration Manager:

In Configuration Manager SP1, you can use the Windows Intune connector to enroll mobile devices that run Windows Phone 8, Windows RT, and iOS. This solution uses the built-in management client and does not install the Configuration Manager client, but does automatically install PKI certificates on the mobile devices. This solution does not require you to have your own PKI, but does require a Windows Intune subscription.
Configuration Manager can enroll mobile devices and deploy the Configuration Manager client on supported mobile operating systems when the mobile device and site system roles use PKI certificates. This solution automatically installs PKI certificates onto the mobile devices but requires you to run Active Directory Certificate Services and an enterprise certification authority.
When the mobile devices run Windows CE or Windows Mobile 6.0, you must install the mobile device legacy client by using a package and program. This solution also requires PKI certificates that must be installed independently from Configuration Manager.
If you cannot use the other mobile device management solutions, you can use the Configuration Manager Exchange Server connector to find and manage mobile devices that connect to Microsoft Exchange Server or Exchange Online. Because a management client is not installed, management is more limited for this solution than the others. For example, with the exception of Android devices that use the Windows Intune connector in Configuration Manager SP1, you cannot deploy applications to these mobile devices. However, you can retrieve some inventory information, define settings and access rules, and issue wipe commands for these mobile devices in Configuration Manager.

For more information about these mobile device management solutions, see Determine How to Manage Mobile Devices in Configuration Manager.

For more information about how to install the mobile device legacy client for Windows CE mobile devices, see Mobile Device Management in Configuration Manager in the Configuration Manager 2007 documentation library.

What’s New in Configuration Manager for Mobile Devices

Note
The information in this section also appears in the Getting Started with System Center 2012 Configuration Manager guide.

The following items are new for mobile devices since Configuration Manager 2007:

Enrollment for mobile devices in Configuration Manager is now natively supported by using the two new enrollment site system roles (the enrollment point and the enrollment proxy point) and a Microsoft enterprise certification authority. For more information about how to configure and enroll mobile devices in Configuration Manager, see How to Install Clients on Mobile Devices and Enroll Them by Using Configuration Manager.
New in Configuration Manager, the Exchange Server connector lets you find and manage devices that connect to Exchange Server, on-premise or hosted, by using the Exchange ActiveSync protocol. Use this mobile device management process when you cannot install the Configuration Manager client on the mobile device. For more information, see How to Manage Mobile Devices by Using Configuration Manager and Exchange.
If you have mobile devices that you managed with Configuration Manager 2007, and you cannot enroll them by using System Center 2012 Configuration Manager, you can continue to use them with System Center 2012 Configuration Manager. The installation for this mobile device client is still the same. However, whereas Configuration Manager 2007 did not require PKI certificates, System Center 2012 Configuration Manager requires PKI certificates on the mobile device and the management points and distribution points. File collection is no longer supported for these mobile device clients in Configuration Managerand, unlike the mobile devices that you can enroll with Configuration Manager or manage by using the Exchange Server connector, you cannot manage settings for these mobile devices. In addition, the mobile device management inventory extension tool (DmInvExtension.exe) is no longer supported. This functionality is replaced with the Exchange Server connector.

What’s New in Configuration Manager SP1 for Mobile Devices

Important
The client certificates for mobile devices and Mac computers have different requirements. Therefore, if you configure client settings enrollment for mobile devices and Mac computers, do not configure the certificate templates to use the same user accounts.

What’s New in System Center 2012 R2 Configuration Manager for Mobile Devices

Note
The information in this section also appears in the Getting Started with System Center 2012 Configuration Manager guide.

The following items are new for mobile device management in System Center 2012 R2 Configuration Manager:

Users can enroll Android devices by using the company portal app which will be available on Google Play. The company portal app is supported on Android devices as of Android 4.0. When users download the company portal app the installation includes the management agent. The management agent gives you the following management capabilities.
- You can manage compliance settings which include password, camera, and encryption settings.
- When you deploy apps to Android devices, you now have the option to install the apps directly to the device
- Users are prompted to take required actions, such as app installations or updating device passcodes by using Android notifications.
Users can enroll iOS devices by using the iOS company portal app which will be available in the App store. The company portal app can be installed on iOS devices as of iOS 6. The company portal app will allow users to perform the following actions:
- Change or reset passwords.
- Download and install company apps.
- Enroll, unenroll, or wipe company content from their devices.
Devices that run Windows RT, iOS and Android now support a deployment purpose of Required. This allows you to deploy apps automatically to devices according to a configured schedule.
Wipe and retire functions now include the option to only remove company content from devices, see the table in Device Life-cycle Management for information about what company content is removed.
You can configure enrolled devices as company-owned or personal-owned. Company-owned allows you to get software inventory on on all mobile devices. You can configure devices as personal-owned or company-owned by using the Change ownership action. Change ownership is only available for devices that are not domain-joined and do not have the Configuration Manager client installed.All mobile devices will report software inventory on company content when they are personal-owned or company-owned. iOS and Android will report a full software inventory on the device if they are set as Company-owned.You can configure enrolled devices as company-owned or personal-owned. Company-owned allows you to get software inventory on company content on all devices.
You can use Windows Intune to manage Windows 8.1 devices that are not joined to the domain and do not have the Configuration Manager client installed.