Client deployment refers to the planning, installation, and
management of System Center 2012
Configuration Manager client computers and mobile devices in
your enterprise. The types of devices that you have, your business
requirements, and your preferences, determine the methods that you
use to manage computers and mobile devices. This guide contains
information about how to plan, configure, manage, and monitor
client deployment in Configuration Manager to computers and mobile
devices.
Use the following sections for more information about how to
deploy and monitor client deployment for computers and mobile
devices:
Deploying the Configuration Manager
Client to Windows-Based Computers
The following table lists the various methods that you
can use to install the Configuration Manager client software on
computers. For information about how to decide which client
installation method to use, see Determine the Client
Installation Method to Use for Windows Computers in Configuration
Manager. For more information about how to install the client,
see How to
Install Clients on Windows-Based Computers in Configuration
Manager.
Client installation method |
Description |
Client push installation
|
Automatically installs the client to assigned resources and
manually installs the client to resources that are not
assigned.
|
Software update point installation
|
Installs the client by using the Configuration Manager software
updates feature.
|
Group Policy installation
|
Installs the client by using Windows Group Policy.
|
Logon script installation
|
Installs the client by using a logon script.
|
Manual installation
|
Manually installs the client software.
|
Upgrade installation by using application management
|
Upgrades clients to a newer version by using Configuration
Manager application management. You can also use Configuration
Manager 2007 software distribution to upgrade clients to
System Center 2012 Configuration Manager.
|
Automatic client upgrade
|
Configuration Manager with no service pack
Automatically upgrades Configuration Manager 2007 and
System Center 2012 Configuration Manager clients to
the latest System Center 2012 Configuration Manager
version when they are earlier than version that you specify.
For System Center 2012
Configuration Manager SP1 and
System Center 2012 R2 Configuration Manager
only:
Automatically upgrades Configuration Manager 2007 and
System Center 2012 Configuration Manager clients to
the latest System Center 2012 Configuration Manager
version when they are earlier than the version of their
System Center 2012 Configuration Manager assigned
site.
For more information, see the How to
Automatically Upgrade the Configuration Manager Client section
in the topic How
to Install Clients on Windows-Based Computers in Configuration
Manager.
|
Client imaging
|
Prestages the client installation in an operating system
image.
|
For information about how to install the Configuration
Manager client on devices that run Windows Embedded operating
systems, see the section Tasks for Managing Configuration Manager
Clients on Windows Embedded Devices in the Configuration
Manager 2007 Documentation Library.
After the client is installed successfully, it attempts
to assign to a site and find a management point from which to
download policy. For more information about site assignment, see
How to Assign
Clients to a Site in Configuration Manager.
Although the Configuration Manager console and reports
provide some information about client installation and site
assignment, you can use the fallback status point site system role
to more closely track and monitor client installation and site
assignment. For more information about the fallback status point,
see Determine
the Site System Roles for Client Deployment in Configuration
Manager.
What’s New in Configuration Manager for
Windows-Based Computers
The following items are new or have changed for client
deployment since Configuration Manager 2007:
- Clients are no longer configured for mixed
mode or native mode, but instead use HTTPS together with public key
infrastructure (PKI) certificates or HTTP together with self-signed
certificates. Clients use HTTPS or HTTP according to the
configuration of the site system roles that the clients connect to
and whether they have a valid PKI certificate that performs client
authentication.
On the Configuration Manager client, in Properties, on the
General tab, review the Client certificate value to
determine the current client communication method. This value
displays PKI certificate when the client communicates with a
management point over HTTPS, and Self-signed when the client
communicates with a management point over HTTP. Just as the client
property value for the Connection type updates, depending on
the current network status of the client, so the Client
certificate client property value updates, depending on with
which management point the client communicates.
- Because System Center 2012
Configuration Manager does not use mixed mode and native mode,
the client installation property /native: [<native mode
option>] is no longer used. Instead, use /UsePKICert
to use a PKI certificate that has client authentication capability,
if it is available, but fall back to an HTTP connection if no
certificate is available. If /UsePKICert is not specified,
the client does not attempt to communicate by using a PKI
certificate, but communicates by using HTTP only. Additionally, use
the new command /NoCRLCheck if you do not want a client to
check the certificate revocation list (CRL) before it establishes
an HTTPS communication.
- The client.msi property SMSSIGNCERT is
still used but requires the exported self-signed certificate of the
site server. This certificate is stored in the SMS
certificate store and has the Subject name Site Server and
the friendly name Site Server Signing Certificate.
- When you reassign a client from a
Microsoft System Center 2012
Configuration Manager hierarchy to another
System Center 2012 Configuration Manager hierarchy,
the client can automatically replace the trusted root key, if the
new site is published to Active Directory Domain Services and the
client can access that information from a global catalog server.
For this scenario in Configuration Manager 2007, you had to remove
the trusted root key, manually replace the trusted root key, or
uninstall and reinstall the client.
- The server locator point is no longer used
for site assignment or to locate management points. This
functionality is replaced by the management point. The CCMSetup
Client.msi property SMSSLP remains supported, but only to
specify the computer name of management points.
- You no longer install International Client
Packs when you want to support different languages on the client.
Instead, select the client languages that you want during Setup.
Then, during the client installation, Configuration Manager
automatically installs support for those languages on the client,
enabling the display of information in a language that matches the
user’s language preferences. If a matching language is not
available, the client displays information in the default of
English. For more information, see the Planning
for Client Language Packs section in the Planning for Sites and
Hierarchies in Configuration Manager topic.
- Decommissioned clients are no longer
displayed in the Configuration Manager console, and they are
automatically removed from the database by the Delete Aged
Discovery Data task.
- The Client.msi property for CCMSetup,
SMSDIRECTORYLOOKUP=WINSPROMISCUOUS, is no longer supported.
This setting allowed the client to use Windows Internet Name
Service (WINS) to find a management point without verifying the
management point's self-signed certificate.
- To support the new 64-bit client, the
location of the CCM folder for client-related files (such as
the client cache and log files) has changed from
%windir%\system32 to %windir%. If you
reference the CCM folder for your own script files, update
these references for the new folder location for
System Center 2012 Configuration Manager clients.
System Center 2012 Configuration Manager does not
support the CCM folder on paths that support redirection
(such as Program Files and %windir%\system32)
on 64-bit operating systems.
- Automatic, site-wide client push now installs
the Configuration Manager on existing computer resources if the
client is not installed, and not just newly discovered computer
resources.
- Client push installation starts and tracks
the installation of the client by using the Configuration Manager
database and no longer creates individual .CCR files. When you
enable client push installation for a site, all discovered
resources that are assigned to the site and that do not have a
client installed are immediately added to the database, and client
installation begins.
- Configuration Manager can automatically
upgrade Configuration Manager 2007 and System Center 2012
Configuration Manager clients to the latest
System Center 2012 Configuration Manager version
when they are below a version that you specify. For more
information see the How to
Automatically Upgrade the Configuration Manager Client section
in the topic How
to Install Clients on Windows-Based Computers in Configuration
Manager.
What’s New in Configuration
Manager SP1 for Windows-Based Computers
The following items are new or have changed for client
deployment in Configuration Manager SP1:
- Configuration Manager can automatically
upgrade Configuration Manager 2007 and System Center 2012
Configuration Manager clients to the version of their assigned
System Center 2012 Configuration Manager site. For
more information see the How to
Automatically Upgrade the Configuration Manager Client for the
Hierarchy section in the topic How to Install Clients
on Windows-Based Computers in Configuration Manager.
- You can now specify the following
CCMSetup.exe properties as installation options when you use client
push:
- /forcereboot
- /skipprereq
- /logon
- /BITSPriority
- /downloadtimeout
- /forceinstall
- Configuration Manager SP1 clients now
use Microsoft Silverlight 5 for the Application Catalog.
Configuration Manager automatically installs this version of
Silverlight on clients if it is not already installed, and by
default, configures the Computer Agent client setting
Allow Silverlight applications to run in elevated trust mode
to Yes. For more information, see the
Certificates for Silverlight 5 and Elevated Trust Mode Required for
the Application Catalog section in the Security and Privacy for
Application Management in Configuration Manager topic.
- There is a new value that is now the default
for the Computer Agent client setting PowerShell
execution policy: All Signed. This new value restricts
the Configuration Manager client to running Windows PowerShell
scripts only if they are signed by a trusted publisher, regardless
of the current Windows PowerShell configuration on the client
computer. For more information, see the
Computer Agent section in the About Client Settings in
Configuration Manager topic.
- The new Computer Agent client setting,
Disable deadline randomization, by default, disables the
installation randomization delay for required software updates and
required application deployments. For more information, see the
Computer Agent section in the About Client Settings in
Configuration Manager topic.
- Client notification in Configuration Manager
enables some client operations to be performed as soon as possible,
instead of during the usual client policy polling interval. For
example, you can use the client management task Download
Computer Policy to instruct computers to download policy as
soon as possible. Additionally, you can initiate some actions for
Endpoint Protection, such as a malware scan of a client.
By default, client notification communication uses TCP port 10123,
which is configurable as a site property for a primary site. You
might have to configure Windows Firewall on the management point,
clients, and any intervening firewalls for this new port
communication. However, client notification can fall back to using
the established client-to-management point communication of HTTP or
HTTPS. Actions taken by client notification are displayed in the
new Client Operations node in the Monitoring
workspace.
Note |
Client notification does not support role-based administration.
All users of the Configuration Manager console can see
notifications in the Client Operations node in the
Monitoring workspace. |
For more information, see How to Configure Client
Communication Port Numbers in Configuration Manager and
How to Manage
Clients in Configuration Manager.
- You can install the Configuration Manager
client on computers that run Mac OS X. You can then manage this
client by using compliance settings, deploying software, and by
collecting hardware inventory. For more information, see How to Install Clients
on Mac Computers in Configuration Manager.
- You can install the Configuration Manager
client on servers that run a supported version of Linux or UNIX.
You can then manage this client by using deploying software, and by
collecting hardware inventory. For more information, see How to Install Clients
on Linux and UNIX Computers in Configuration Manager.
What’s New in System Center 2012 R2
Configuration Manager for Windows-Based Computers
The following items are new or have changed for client
deployment in System Center 2012 R2 Configuration Manager:
- You can now select Resultant Client
Settings from the Configuration Manager console to view the
effective client settings that will be applied to the selected
device. The resultant client setting accounts for the
prioritization or combination of attributes where multiple client
settings have been deployed to the same device. For more
information, see
Viewing the Resultant Client Settings.
- You can now reassign Configuration Manager
clients, including managed mobile devices, to another primary site
in the hierarchy. Clients can be reassigned individually or can be
multi-selected and reassigned in bulk to a new site.
- If you use wake-up proxy, you no longer have
to manually configure Windows Firewall on clients to allow TCP/IP
ping commands when you specify the Power Management client
setting, Firewall exception for wake-up proxy.
- A new property has been added for
Ccmsetup.exe, /ExcludeFeatures:<feature>. This
property prevents the specified feature from installing the client
installation. For this release, the only supported feature is
ClientUI, which prevents the Software Center from installing
on the client. For more information, see
CCMSetup.exe Command-Line Properties.
Deploying the Configuration Manager
Client to Windows Embedded Devices
If your Windows Embedded device does not include the
Configuration Manager client, you can use any of the client
installation methods if the device meets the required dependencies.
If the embedded device supports write filters, you must disable
these filters before you install the client, and then re-enable the
filters again after the client is installed and assigned to a
site.
Write filters control how the operating system on the
embedded device is updated when you make changes, such as when you
install software. When write filters are enabled, instead of making
the changes directly to the operating system, these changes are
redirected to a temporary overlay. If the changes are only written
to the overlay, they are lost when the embedded device shuts downs.
However, if the write filters are temporarily disabled, the changes
can be made permanent so that you do not have to make the changes
again (or reinstall software) every time that the embedded device
restarts. However, temporarily disabling and then re-enabling the
write filters requires one or more restarts, so that you typically
want to control when this happens by configuring maintenance
windows so that restarts occur outside business hours.
When you install software on Windows Embedded devices
with Configuration Manager with no service pack, you must always
take additional steps to disable the write filters, install the
software, and then re-enable the write filters. However, if the
embedded client runs Configuration Manager SP1, you can
configure options to automatically disable and re-enable the write
filters when you deploy software such as applications, task
sequences, software updates, and the Endpoint Protection client.
The exception is for configuration baselines with configuration
items that use automatic remediation. In this scenario, the
remediation always occurs in the overlay so that it is available
only until the device is restarted. The remediation is applied
again at the next evaluation cycle, but only to the overlay, which
is cleared at restart. To force Configuration Manager SP1 to
commit the remediation changes, you can deploy the configuration
baseline and then another software deployment that supports
committing the change as soon as possible.
If the write filters are disabled, you can install
software on Windows Embedded devices by using Software Center.
However, if the write filters are enabled, the installation fails
and Configuration Manager displays an error message that you have
insufficient permissions to install the application.
Warning |
Even if you do not select the Configuration Manager SP1
options to commit the changes, the changes might be committed if
another software installation or change is made that commits
changes. In this scenario, the original changes will be committed
in addition to the new changes. |
When Configuration Manager SP1 disables the write
filters to make changes permanent, only users who have local
administrative rights can log on and use the embedded device.
During this period, low-rights users are locked out and see a
message that the computer is unavailable because it is being
serviced. This helps protect the device while it is in a state
where changes can be permanently applied, and this servicing mode
lockout behavior is another reason to configure a maintenance
window for a time when users will not log on to these devices.
Configuration Manager supports managing the following
types of write filters:
- File-Based Write Filter (FBWF) –
(Configuration Manager SP1 and System Center 2012 R2 Configuration
Manager only). For more information, see File-Based Write Filter on MSDN.
- Enhanced Write Filter (EWF) RAM –
(Configuration Manager SP1 and System Center 2012 R2 Configuration
Manager only). For more information, see Enhanced Write Filter on MSDN.
- Unified Write Filter (UWF) – (System Center
2012 R2 Configuration Manager only). For more information, see
Unified Write Filter on
MSDN.
Configuration Manager does not support write filter
operations when the Windows Embedded device is in EWF RAM Reg
mode.
Important |
If you have the choice, use File-Based Write Filters with
Configuration Manager SP1 for increased efficiency and higher
scalability. When you have this configuration, configure the
following exceptions to persist client state and inventory data
between device restarts:
- CCMINSTALLDIR\*.sdf
- CCMINSTALLDIR\ServiceData
-
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\StateSystem
|
For an example scenario to deploy and manage
write-filter-enabled Windows Embedded devices in Configuration
Manager SP1, see Example Scenario for
Deploying and Managing Configuration Manager Clients on Windows
Embedded Devices.
For more information about how to build images for
Windows Embedded devices and configure write filters, see your
Windows Embedded documentation, or contact your OEM.
Note |
When you select the applicable platforms for software
deployments and configuration items, these display the Windows
Embedded families rather than specific versions. Use the following
list to map the specific version of Windows Embedded to the options
in the list box:
- Embedded Operating Systems based on
Windows XP (32-bit) includes the following:
- Windows XP Embedded
- Windows Embedded for Point of Service
- Windows Embedded Standard 2009
- Windows Embedded POSReady 2009
- Embedded operating systems based on
Windows 7 (32-bit) includes the following:
- Windows Embedded Standard 7 (32-bit)
- Windows Embedded POSReady 7 (32-bit)
- Windows ThinPC
- Embedded operating systems based on
Windows 7 (64-bit) includes the following:
- Windows Embedded Standard 7 (64-bit)
- Windows Embedded POSReady 7 (64-bit)
|
What’s New in System Center 2012 R2
Configuration Manager for Windows Embedded Devices
The following items are new or have changed for Windows
Embedded Devices in System Center 2012 R2 Configuration
Manager:
- Configuration Manager now supports the
Unified Write Filter available in certain Windows Embedded
operating systems.
Considerations for Managing the
Configuration Manager Client in a Virtual Desktop
Infrastructure (VDI)
System Center 2012 Configuration Manager
supports installing the Configuration Manager client on the
following virtual desktop infrastructure (VDI) scenarios:
- Personal virtual machines – Personal
virtual machines are generally used when you want to make sure that
user data and settings are maintained on the virtual machine
between sessions.
- Remote Desktop Services sessions –
Remote Desktop Services enables a server to host multiple,
concurrent client sessions. Users can connect to a session and then
run applications on that server.
- Pooled virtual machines – Pooled
virtual machines are not persisted between sessions. When a session
is closed, all data and settings are discarded. Pooled virtual
machines are useful when Remote Desktop Services cannot be used
because a required business application cannot run on the Windows
Server that hosts the client sessions.
The following table lists considerations for managing
the Configuration Manager client in a virtual desktop
infrastructure.
Virtual machine type |
More information |
Personal virtual machines
|
- Configuration Manager treats personal virtual
machines identically to a physical computer. The Configuration
Manager client can be preinstalled on the virtual machine image or
deployed after the virtual machine is provisioned.
|
Remote Desktop Services
|
- The Configuration Manager client is not
installed for individual Remote Desktop sessions. Instead, the
client is only installed one time on the Remote Desktop Services
server. All Configuration Manager features can be used on the
Remote Desktop Services server.
|
Pooled virtual machines
|
- When a pooled virtual machine is
decommissioned, any changes that you make by using Configuration
Manager are lost.
- Data returned from Configuration Manager
features such as hardware inventory, software inventory and
software metering might not be relevant to your needs as the
virtual machine might only be operational for a short length of
time. Consider excluding pooled virtual machines from inventory
tasks.
|
Because virtualization supports running multiple
Configuration Manager clients on the same physical computer, many
client operations have a built-in randomized delay for scheduled
actions such as hardware and software inventory, antimalware scans,
software installations, and software update scans. This delay helps
distribute the CPU processing and data transfer for a computer that
has multiple virtual machines that run the Configuration Manager
client.
Note |
With the exception of Windows Embedded clients that are in
servicing mode, Configuration Manager clients that are not running
in virtualized environments also use this randomized delay. When
you have many deployed clients, this behavior helps avoid peaks in
network bandwidth and reduces the CPU processing requirement on the
Configuration Manager site systems, such as the management point
and site server. The delay interval varies according to the
Configuration Manager capability. In Configuration Manager with no
service pack, this behavior is not configurable in the
Configuration Manager console. For Configuration Manager SP1
only, the randomization delay is disabled by default for required
software updates and required application deployments by using the
following client setting: Computer Agent: Disable
deadline randomization. |
Deploying the Configuration Manager
Client to Mac Computers
For System Center 2012
Configuration Manager SP1 and
System Center 2012 R2 Configuration Manager
only:
You can install the Configuration Manager client on Mac
computers that run the Mac OS X operating system and use the
following management capabilities:
Capability |
More Information |
Hardware inventory
|
You can use Configuration Manager hardware inventory to collect
information about the hardware and installed applications on Mac
computers. This information can then be viewed in Resource Explorer
in the Configuration Manager console and used to create
collections, queries and reports. For more information, see
How to Use
Resource Explorer to View Hardware Inventory in Configuration
Manager.
Configuration Manager collects the following hardware
information from Mac computers:
- Processor
- Computer System
- Disk Drive
- Disk Partition
- Network Adapter
- Operating System
- Service
- Process
- Installed Software
- Computer System Product
- USB Controller
- USB Device
- CDROM Drive
- Video Controller
- Desktop Monitor
- Portable Battery
- Physical Memory
- Printer
Important |
You cannot extend the hardware information that is collected
from Mac computers during hardware inventory. |
|
Compliance settings
|
You can use Configuration Manager compliance settings to view
the compliance of and remediate Mac OS X preference (.plist)
settings. For example, you could enforce settings for the home page
in the Safari web browser or ensure that the Apple firewall is
enabled. You can also use shell scripts to monitor and remediate
settings in MAC OS X.
|
Application management
|
Configuration Manager can deploy software to Mac computers. You
can deploy the following software formats to Mac computers:
- Apple Disk Image (.DMG)
- Meta Package File (.MPKG)
- Mac OS X Installer Package (.PKG)
- Mac OS X Application (.APP)
|
When you install the Configuration Manager client on
Mac computers, you cannot use the following management capabilities
that are supported by the Configuration Manager client on
Windows-based computers:
- Client push installation
- Operating system deployment
- Software updates
Note |
You can use Configuration Manager application management to
deploy required Mac OS X software updates to Mac computers. In
addition, you can use compliance settings to make sure that
computers have any required software updates. |
- Maintenance windows
- Remote control
- Power management
- Client status client check and
remediation
For more information about how to install and configure
the Configuration Manager Mac client, see How to Install Clients
on Mac Computers in Configuration Manager.
What’s New in System Center 2012 R2
Configuration Manager for Mac Computers
The following items are new or have changed for Mac
computers in System Center 2012 R2 Configuration Manager:
- You can now install the client certificate
and enroll Mac computers by using the new enrollment wizard for the
Mac client as an alternative to using the CMEnroll tool
command-line tool.
- You can now use the renew certificate wizard
to renew the Mac client certificate.
Deploying the Configuration Manager
Client to Linux and UNIX Servers
For System Center 2012
Configuration Manager SP1 and
System Center 2012 R2 Configuration Manager
only:
You can install the Configuration Manager client on
computers that run Linux or UNIX. This client is designed for
servers that operate as a workgroup computer, and the client does
not support interaction with logged-on users.
After you install the client software and the client
establishes communication with the Configuration Manager site, you
manage the client by using the Configuration Manager console and
reports.
You can use the following management capabilities when
you install the Configuration Manager client on Linux and UNIX
computers:
When you install the Configuration Manager client on
Linux and UNIX computers, you cannot use the following management
capabilities that are supported by the Configuration Manager client
on Windows-based computers:
- Client push installation
- Operating system deployment
- Application deployment; instead, deploy
software by using packages and programs.
- Software inventory
- Software updates
- Compliance settings
- Remote control
- Power management
- Client status client check and
remediation
- Internet-based client management
For information about the supported Linux and UNIX
distributions and the hardware required to support the client for
Linux and UNIX, see the
Client Requirements for Linux and UNIX Servers section in the
Supported
Configurations for Configuration Manager topic.
For more information about how to install and configure
the Configuration Manager client for Linux and UNIX, see How to Install Clients
on Linux and UNIX Computers in Configuration Manager.
What’s New in Cumulative Update 1
for the Client for Linux and UNIX
The following items are new or have changed for the
client for Linux and UNIX with cumulative update 1:
Monitoring the Status of Client
Computers in Configuration Manager
Use the Client Status node in the
Monitoring workspace of the Configuration Manager console to
monitor the health and activity of client computers in your
hierarchy. Configuration Manager uses the following two methods to
evaluate the overall status of client computers.
Client Activity: You can configure thresholds to
determine whether a client is active, for example:
- Whether the client requested policy during
the last seven days.
- Whether Heartbeat Discovery found the client
during the last seven days.
- Whether the client sent hardware inventory
during the last seven days.
When all these thresholds are exceeded, the client is
determined to be inactive.
Client Check: A client evaluation engine is
installed with the Configuration Manager client, which periodically
evaluates the health of the Configuration Manager client and its
dependencies. This engine can check or remediate some problems with
the Configuration Manager client.
You can configure remediation not to run on specific
computers, for example, a business-critical server. In addition, if
there are additional items that you want to evaluate, you can use
System Center 2012 Configuration Manager compliance
settings to provide a comprehensive solution to monitor the overall
health, activity, and compliance of computers in your organization.
For more information about compliance settings, see Compliance Settings in
Configuration Manager.
Client status uses the monitoring and reporting
capabilities of Configuration Manager to provide information in the
Configuration Manager console about the health and activity of the
client. You can configure alerts to notify you when clients check
results or client activity drops below a specified percentage of
clients in a collection or when remediation fails on a specified
percentage of clients.
For information about how to configure client status,
see How to
Configure Client Status in Configuration Manager.
Checks and remediations made by client
check
The following checks and remediations can be performed
by client check.
Client check |
Remediation action |
More information |
Verify that client check has recently run
|
Run client check
|
Checks that client check has run at least one time in the past
three days.
|
Verify that client prerequisites are installed
|
Install the client prerequisites
|
Checks that client prerequisites are installed. Reads the file
ccmsetup.xml in the client installation folder to discover the
prerequisites.
|
WMI repository integrity test
|
Reinstall the Configuration Manager client
|
Checks that Configuration Manager client entries are present in
WMI.
|
Verify that the client service is running
|
Start the client (SMS Agent Host) service
|
No additional information
|
WMI Event Sink Test.
|
Restart the client service
|
Check whether the Configuration Manager related WMI event sink
is lost
|
Verify that the Windows Management Instrumentation (WMI) service
exists
|
No remediation
|
No additional information
|
Verify that the client was installed correctly
|
Reinstall the client
|
No additional information
|
WMI repository read and write test
|
Reset the WMI repository and reinstall the Configuration Manager
client
|
Remediation of this client check is only performed on computers
that run Windows Server 2003, Windows XP (64-bit) or earlier
versions.
|
Verify that the antimalware service startup type is
automatic
|
Reset the service startup type to automatic
|
No additional information
|
Verify that the antimalware service is running
|
Start the antimalware service
|
No additional information
|
Verify that the Windows Update service startup type is automatic
or manual
|
Reset the service startup type to automatic
|
No additional information
|
Verify that the client service (SMS Agent Host) startup type is
automatic
|
Reset the service startup type to automatic
|
No additional information
|
Verify that the Windows Management Instrumentation (WMI) service
is running.
|
Start the Windows Management Instrumentation service
|
No additional information
|
Verify that the Microsoft SQL CE database is healthy
|
Reinstall the Configuration Manager client
|
No additional information
|
Verify that the Microsoft Policy Platform service startup type
is manual.
|
Reset the service startup type to manual
|
No additional information
|
Verify that the Background Intelligent Transfer Service
exists
|
No Remediation
|
No additional information
|
Verify that the Background Intelligent Transfer Service startup
type is automatic or manual
|
Reset the service startup type to automatic
|
No additional information
|
Verify that the Network Inspection Service startup type is
manual
|
Reset the service startup type to manual if installed
|
No additional information
|
Verify that the Windows Management Instrumentation (WMI) service
startup type is automatic
|
Reset the service startup type to automatic
|
No additional information
|
Verify that the Windows Update service startup type on Windows 8
computers is automatic or manual
|
Reset the service startup type to manual
|
No additional information
|
Verify that the client (SMS Agent Host) service exists.
|
No Remediation
|
No additional information
|
Verify that the Configuration Manager Remote Control service
startup type is automatic or manual
|
Reset the service startup type to automatic
|
No additional information
|
Verify that the Configuration Manager Remote Control service is
running
|
Start the remote control service
|
No additional information
|
Verify that the client WMI provider is healthy
|
Restart the Windows Management Instrumentation service
|
Remediation of this client check is only performed on computers
that run Windows Server 2003, Windows XP (64-bit) or earlier.
|
Verify that the wake-up proxy service (ConfigMgr Wake-up Proxy)
is running
|
Start the ConfigMgr Wakeup Proxy service
|
For System Center 2012
Configuration Manager SP1 and
System Center 2012 R2 Configuration Manager
only:
This client check is made only if the Power Management:
Enable wake-up proxy client setting is set to Yes on
supported client operating systems.
|
Verify that the wake-up proxy service (ConfigMgr Wake-up Proxy)
startup type is automatic
|
Reset the ConfigMgr Wakeup Proxy service startup type to
automatic
|
For System Center 2012
Configuration Manager SP1 and
System Center 2012 R2 Configuration Manager
only:
This client check is made only if the Power Management:
Enable wake-up proxy client setting is set to Yes on
supported client operating systems.
|
What’s New in Configuration Manager for
Client Status
The following items are new or have changed for client
status since Configuration Manager 2007:
- Client check and client activity information
is integrated into the Configuration Manager console.
- Typical client problems that are detected are
automatically remediated.
- The Ping tool used by Configuration Manager
2007 R2 client status reporting is not used by
System Center 2012 Configuration Manager.
Managing Mobile Devices by Using
Configuration Manager
You can use the following solutions to manage mobile
devices in Configuration Manager:
- In Configuration Manager SP1, you can
use the Windows Intune connector to enroll mobile devices that
run Windows Phone 8, Windows RT, and iOS. This
solution uses the built-in management client and does not install
the Configuration Manager client, but does automatically install
PKI certificates on the mobile devices. This solution does not
require you to have your own PKI, but does require a
Windows Intune subscription.
- Configuration Manager can enroll mobile
devices and deploy the Configuration Manager client on supported
mobile operating systems when the mobile device and site system
roles use PKI certificates. This solution automatically installs
PKI certificates onto the mobile devices but requires you to run
Active Directory Certificate Services and an enterprise
certification authority.
- When the mobile devices run Windows CE
or Windows Mobile 6.0, you must install the mobile device
legacy client by using a package and program. This solution also
requires PKI certificates that must be installed independently from
Configuration Manager.
- If you cannot use the other mobile device
management solutions, you can use the Configuration Manager
Exchange Server connector to find and manage mobile devices that
connect to Microsoft Exchange Server or Exchange Online. Because a
management client is not installed, management is more limited for
this solution than the others. For example, with the exception of
Android devices that use the Windows Intune connector in
Configuration Manager SP1, you cannot deploy applications to
these mobile devices. However, you can retrieve some inventory
information, define settings and access rules, and issue
wipe commands for these mobile devices in Configuration
Manager.
For more information about these mobile device
management solutions, see Determine How to Manage
Mobile Devices in Configuration Manager.
For more information about how to install the mobile
device legacy client for Windows CE mobile devices, see
Mobile Device Management in
Configuration Manager in the Configuration Manager 2007
documentation library.
What’s New in Configuration Manager for
Mobile Devices
The following items are new for mobile devices since
Configuration Manager 2007:
- Enrollment for mobile devices in
Configuration Manager is now natively supported by using the two
new enrollment site system roles (the enrollment point and the
enrollment proxy point) and a Microsoft enterprise certification
authority. For more information about how to configure and enroll
mobile devices in Configuration Manager, see How to Install Clients
on Mobile Devices and Enroll Them by Using Configuration
Manager.
- New in Configuration Manager, the Exchange
Server connector lets you find and manage devices that connect to
Exchange Server, on-premise or hosted, by using the Exchange
ActiveSync protocol. Use this mobile device management process when
you cannot install the Configuration Manager client on the mobile
device. For more information, see How to Manage Mobile
Devices by Using Configuration Manager and Exchange.
- If you have mobile devices that you managed
with Configuration Manager 2007, and you cannot enroll them by
using System Center 2012 Configuration Manager, you
can continue to use them with System Center 2012
Configuration Manager. The installation for this mobile device
client is still the same. However, whereas Configuration Manager
2007 did not require PKI certificates, System Center 2012
Configuration Manager requires PKI certificates on the mobile
device and the management points and distribution points. File
collection is no longer supported for these mobile device clients
in Configuration Managerand, unlike the mobile devices that you can
enroll with Configuration Manager or manage by using the Exchange
Server connector, you cannot manage settings for these mobile
devices. In addition, the mobile device management inventory
extension tool (DmInvExtension.exe) is no longer supported. This
functionality is replaced with the Exchange Server connector.
What’s New in Configuration
Manager SP1 for Mobile Devices
The following items are new for mobile devices in
Configuration Manager SP1:
- The client settings group to configure mobile
device enrollment settings is no longer named Mobile Devices
and is now named Enrollment. This change and associated
changes, such as the change from the client setting of Mobile
device enrollment profile to Enrollment profile,
reflects that the enrollment functionality is now extended to Mac
computers.
Important |
The client certificates for mobile devices and Mac computers
have different requirements. Therefore, if you configure client
settings enrollment for mobile devices and Mac computers, do not
configure the certificate templates to use the same user
accounts. |
- Mobile devices that are enrolled by
Configuration Manager SP1 now use the client policy polling
interval setting in the Client Policy client setting group
and no longer use the polling interval in the renamed
Enrollment client setting group. This change lets you
configure different client policy intervals for mobile devices that
are enrolled by Configuration Manager, by using custom device
client settings. You cannot create custom device client settings
for Enrollment.
- You can enroll mobile devices that run
Windows Phone 8, Windows RT, and iOS when you use
the Windows Intune connector. For more information, see
How to Manage
Mobile Devices by Using Configuration Manager and Windows
Intune.
- Users who have mobile devices that are
enrolled by Windows Intune and Android devices that are
managed by the Exchange Server connector can install apps from the
company portal. The company portal is the Application Catalog
equivalent for these mobile devices.
- The new Retire option for mobile
devices in the Configuration Manager console is supported only for
mobile devices that are enrolled by Windows Intune.
What’s New in System Center 2012 R2
Configuration Manager for Mobile Devices
The following items are new for mobile device
management in System Center 2012 R2 Configuration Manager:
- Users can enroll Android devices by using the
company portal app which will be available on Google Play. The
company portal app is supported on Android devices as of Android
4.0. When users download the company portal app the installation
includes the management agent. The management agent gives you the
following management capabilities.
- You can manage compliance settings which
include password, camera, and encryption settings.
- When you deploy apps to Android devices, you
now have the option to install the apps directly to the device
- Users are prompted to take required actions,
such as app installations or updating device passcodes by using
Android notifications.
- Users can enroll iOS devices by using the iOS
company portal app which will be available in the App store. The
company portal app can be installed on iOS devices as of iOS 6. The
company portal app will allow users to perform the following
actions:
- Change or reset passwords.
- Download and install company apps.
- Enroll, unenroll, or wipe company content
from their devices.
- Devices that run Windows RT, iOS and Android
now support a deployment purpose of Required. This allows
you to deploy apps automatically to devices according to a
configured schedule.
- Wipe and retire functions now include the
option to only remove company content from devices, see the table
in Device
Life-cycle Management for information about what company
content is removed.
- You can configure enrolled devices as
company-owned or personal-owned. Company-owned allows you to get
software inventory on on all mobile devices. You can configure
devices as personal-owned or company-owned by using the Change
ownership action. Change ownership is only available for
devices that are not domain-joined and do not have the
Configuration Manager client installed.All mobile devices will
report software inventory on company content when they are
personal-owned or company-owned. iOS and Android will report a full
software inventory on the device if they are set as
Company-owned.You can configure enrolled devices as company-owned
or personal-owned. Company-owned allows you to get software
inventory on company content on all devices.
- You can use Windows Intune to manage Windows
8.1 devices that are not joined to the domain and do not have the
Configuration Manager client installed.
See Also