Client deployment refers to the planning, installation, and management of System Center 2012 Configuration Manager client computers and mobile devices in your enterprise. The types of devices that you have, your business requirements, and your preferences, determine the methods that you use to manage computers and mobile devices. This guide contains information about how to plan, configure, manage, and monitor client deployment in Configuration Manager to computers and mobile devices.

Use the following sections for more information about how to deploy and monitor client deployment for computers and mobile devices:

Deploying the Configuration Manager Client to Windows-Based Computers

The following table lists the various methods that you can use to install the Configuration Manager client software on computers. For information about how to decide which client installation method to use, see Determine the Client Installation Method to Use for Windows Computers in Configuration Manager. For more information about how to install the client, see How to Install Clients on Windows-Based Computers in Configuration Manager.

Client installation method Description

Client push installation

Automatically installs the client to assigned resources and manually installs the client to resources that are not assigned.

Software update point installation

Installs the client by using the Configuration Manager software updates feature.

Group Policy installation

Installs the client by using Windows Group Policy.

Logon script installation

Installs the client by using a logon script.

Manual installation

Manually installs the client software.

Upgrade installation by using application management

Upgrades clients to a newer version by using Configuration Manager application management. You can also use Configuration Manager 2007 software distribution to upgrade clients to System Center 2012 Configuration Manager.

Automatic client upgrade

Configuration Manager with no service pack

Automatically upgrades Configuration Manager 2007 and System Center 2012 Configuration Manager clients to the latest System Center 2012 Configuration Manager version when they are earlier than version that you specify.

For Configuration Manager SP1 only:

Automatically upgrades Configuration Manager 2007 and System Center 2012 Configuration Manager clients to the latest System Center 2012 Configuration Manager version when they are earlier than the version of their System Center 2012 Configuration Manager assigned site.

For more information, see the How to Automatically Upgrade the Configuration Manager Client section in the topic How to Install Clients on Windows-Based Computers in Configuration Manager.

Client imaging

Prestages the client installation in an operating system image.

For information about how to install the Configuration Manager client on devices that run Windows Embedded operating systems, see the section Tasks for Managing Configuration Manager Clients on Windows Embedded Devices in the Configuration Manager 2007 Documentation Library.

After the client is installed successfully, it attempts to assign to a site and find a management point from which to download policy. For more information about site assignment, see How to Assign Clients to a Site in Configuration Manager.

Although the Configuration Manager console and reports provide some information about client installation and site assignment, you can use the fallback status point site system role to more closely track and monitor client installation and site assignment. For more information about the fallback status point, see Determine the Site System Roles for Client Deployment in Configuration Manager.

What’s New in Configuration Manager for Windows-Based Computers

What’s New in Configuration Manager SP1 for Windows-Based Computers

Deploying the Configuration Manager Client to Windows Embedded Devices

If your Windows Embedded device does not include the Configuration Manager client, you can use any of the client installation methods if the device meets the required dependencies. If the embedded device supports write filters, you must disable these filters before you install the client, and then re-enable the filters again after the client is installed and assigned to a site.

Write filters control how the operating system on the embedded device is updated when you make changes, such as when you install software. When write filters are enabled, instead of making the changes directly to the operating system, these changes are redirected to a temporary overlay. If the changes are only written to the overlay, they are lost when the embedded device shuts downs. However, if the write filters are temporarily disabled, the changes can be made permanent so that you do not have to make the changes again (or reinstall software) every time that the embedded device restarts. However, temporarily disabling and then re-enabling the write filters requires one or more restarts, so that you typically want to control when this happens by configuring maintenance windows so that restarts occur outside business hours.

When you install software on Windows Embedded devices with Configuration Manager with no service pack, you must always take additional steps to disable the write filters, install the software, and then re-enable the write filters. However, if the embedded client runs Configuration Manager SP1, you can configure options to automatically disable and re-enable the write filters when you deploy software such as applications, task sequences, software updates, and the Endpoint Protection client. The exception is for configuration baselines with configuration items that use automatic remediation. In this scenario, the remediation always occurs in the overlay so that it is available only until the device is restarted. The remediation is applied again at the next evaluation cycle, but only to the overlay, which is cleared at restart. To force Configuration Manager SP1 to commit the remediation changes, you can deploy the configuration baseline and then another software deployment that supports committing the change as soon as possible.

If the write filters are disabled, you can install software on Windows Embedded devices by using Software Center. However, if the write filters are enabled, the installation fails and Configuration Manager displays an error message that you have insufficient permissions to install the application.

Warning
Even if you do not select the Configuration Manager SP1 options to commit the changes, the changes might be committed if another software installation or change is made that commits changes. In this scenario, the original changes will be committed in addition to the new changes.

When Configuration Manager SP1 disables the write filters to make changes permanent, only users who have local administrative rights can log on and use the embedded device. During this period, low-rights users are locked out and see a message that the computer is unavailable because it is being serviced. This helps protect the device while it is in a state where changes can be permanently applied, and this servicing mode lockout behavior is another reason to configure a maintenance window for a time when users will not log on to these devices.

Configuration Manager supports the following types of write filters:

Configuration Manager does not support write filter operations when the Windows Embedded device is in EWF RAM Reg mode.

Important
If you have the choice, use File-Based Write Filters with Configuration Manager SP1 for increased efficiency and higher scalability. When you have this configuration, configure the following exceptions to persist client state and inventory data between device restarts:
  • CCMINSTALLDIR\*.sdf

  • CCMINSTALLDIR\ServiceData

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\StateSystem

For an example scenario to deploy and manage write-filter-enabled Windows Embedded devices in Configuration Manager SP1, see Example Scenario for Deploying and Managing Configuration Manager Clients on Windows Embedded Devices.

For more information about how to build images for Windows Embedded devices and configure write filters, see your Windows Embedded documentation, or contact your OEM.

Note
When you select the applicable platforms for software deployments and configuration items, these display the Windows Embedded families rather than specific versions. Use the following list to map the specific version of Windows Embedded to the options in the list box:
  • Embedded Operating Systems based on Windows XP (32-bit) includes the following:

    • Windows XP Embedded

    • Windows Embedded for Point of Service

    • Windows Embedded Standard 2009

    • Windows Embedded POSReady 2009

  • Embedded operating systems based on Windows 7 (32-bit) includes the following:

    • Windows Embedded Standard 7 (32-bit)

    • Windows Embedded POSReady 7 (32-bit)

    • Windows ThinPC

  • Embedded operating systems based on Windows 7 (64-bit) includes the following:

    • Windows Embedded Standard 7 (64-bit)

    • Windows Embedded POSReady 7 (64-bit)

Considerations for Managing the Configuration Manager Client in a Virtual Desktop Infrastructure (VDI)

System Center 2012 Configuration Manager supports installing the Configuration Manager client on the following virtual desktop infrastructure (VDI) scenarios:

  • Personal virtual machines – Personal virtual machines are generally used when you want to make sure that user data and settings are maintained on the virtual machine between sessions.

  • Remote Desktop Services sessions – Remote Desktop Services enables a server to host multiple, concurrent client sessions. Users can connect to a session and then run applications on that server.

  • Pooled virtual machines – Pooled virtual machines are not persisted between sessions. When a session is closed, all data and settings are discarded. Pooled virtual machines are useful when Remote Desktop Services cannot be used because a required business application cannot run on the Windows Server that hosts the client sessions.

The following table lists considerations for managing the Configuration Manager client in a virtual desktop infrastructure.

Virtual machine type More information

Personal virtual machines

  • Configuration Manager treats personal virtual machines identically to a physical computer. The Configuration Manager client can be preinstalled on the virtual machine image or deployed after the virtual machine is provisioned.

Remote Desktop Services

  • The Configuration Manager client is not installed for individual Remote Desktop sessions. Instead, the client is only installed one time on the Remote Desktop Services server. All Configuration Manager features can be used on the Remote Desktop Services server.

Pooled virtual machines

  • When a pooled virtual machine is decommissioned, any changes that you make by using Configuration Manager are lost.

  • Data returned from Configuration Manager features such as hardware inventory, software inventory and software metering might not be relevant to your needs as the virtual machine might only be operational for a short length of time. Consider excluding pooled virtual machines from inventory tasks.

Because virtualization supports running multiple Configuration Manager clients on the same physical computer, many client operations have a built-in randomized delay for scheduled actions such as hardware and software inventory, antimalware scans, software installations, and software update scans. This delay helps distribute the CPU processing and data transfer for a computer that has multiple virtual machines that run the Configuration Manager client.

Note
With the exception of Windows Embedded clients that are in servicing mode, Configuration Manager clients that are not running in virtualized environments also use this randomized delay. When you have many deployed clients, this behavior helps avoid peaks in network bandwidth and reduces the CPU processing requirement on the Configuration Manager site systems, such as the management point and site server. The delay interval varies according to the Configuration Manager capability. In Configuration Manager with no service pack, this behavior is not configurable in the Configuration Manager console. For Configuration Manager SP1 only, the randomization delay is disabled by default for required software updates and required application deployments by using the following client setting: Computer Agent: Disable deadline randomization.

Deploying the Configuration Manager Client to Mac Computers

For Configuration Manager SP1 only:

You can install the Configuration Manager client on Mac computers that run the Mac OS X operating system and use the following management capabilities:

Capability More Information

Hardware inventory

You can use Configuration Manager hardware inventory to collect information about the hardware and installed applications on Mac computers. This information can then be viewed in Resource Explorer in the Configuration Manager console and used to create collections, queries and reports. For more information, see How to Use Resource Explorer to View Hardware Inventory in Configuration Manager.

Compliance settings

You can use Configuration Manager compliance settings to view the compliance of and remediate Mac OS X preference (.plist) settings. For example, you could enforce settings for the home page in the Safari web browser or ensure that the Apple firewall is enabled. You can also use shell scripts to monitor and remediate settings in MAC OS X.

Application management

Configuration Manager can deploy software to Mac computers. You can deploy the following software formats to Mac computers:

  • Apple Disk Image (.DMG)

  • Meta Package File (.MPKG)

  • Mac OS X Installer Package (.PKG)

  • Mac OS X Application (.APP)

When you install the Configuration Manager client on Mac computers, you cannot use the following management capabilities that are supported by the Configuration Manager client on Windows-based computers:

  • Client push installation

  • Operating system deployment

  • Software updates

    Note
    You can use Configuration Manager application management to deploy required Mac OS X software updates to Mac computers. In addition, you can use compliance settings to make sure that computers have any required software updates.
  • Remote control

  • Power management

  • Client status client check and remediation

For more information about how to install and configure the Configuration Manager Mac client, see How to Install Clients on Mac Computers in Configuration Manager.

Deploying the Configuration Manager Client to Linux and UNIX Servers

For Configuration Manager SP1 only:

You can install the Configuration Manager client on computers that run Linux or UNIX. This client is designed for servers that operate as a workgroup computer, and the client does not support interaction with logged-on users.

After you install the client software and the client establishes communication with the Configuration Manager site, you manage the client by using the Configuration Manager console and reports.

You can use the following management capabilities when you install the Configuration Manager client on Linux and UNIX computers:

Functionality More information

Collections, queries, and maintenance windows

See How to Manage Linux and UNIX Clients in Configuration Manager.

Hardware inventory

See Hardware Inventory for Linux and UNIX in Configuration Manager.

Software deployment

See Deploying Software to Linux and UNIX Servers in Configuration Manager.

Monitoring and reporting

See How to Monitor Linux and UNIX Clients in Configuration Manager.

When you install the Configuration Manager client on Linux and UNIX computers, you cannot use the following management capabilities that are supported by the Configuration Manager client on Windows-based computers:

  • Client push installation

  • Operating system deployment

  • Application deployment; instead, deploy software by using packages and programs.

  • Software updates

  • Compliance settings

  • Remote control

  • Power management

  • Client status client check and remediation

  • Internet-based client management

For more information about how to install and configure the Configuration Manager client for Linux and UNIX, see How to Install Clients on Linux and UNIX Computers in Configuration Manager.

Monitoring the Status of Client Computers in Configuration Manager

Use the Client Status node in the Monitoring workspace of the Configuration Manager console to monitor the health and activity of client computers in your hierarchy. Configuration Manager uses the following two methods to evaluate the overall status of client computers.

Client Activity: You can configure thresholds to determine whether a client is active, for example:

  • Whether the client requested policy during the last seven days.

  • Whether Heartbeat Discovery found the client during the last seven days.

  • Whether the client sent hardware inventory during the last seven days.

When all these thresholds are exceeded, the client is determined to be inactive.

Client Check: A client evaluation engine is installed with the Configuration Manager client, which periodically evaluates the health of the Configuration Manager client and its dependencies. This engine can check or remediate some problems with the Configuration Manager client.

You can configure remediation not to run on specific computers, for example, a business-critical server. In addition, if there are additional items that you want to evaluate, you can use System Center 2012 Configuration Manager compliance settings to provide a comprehensive solution to monitor the overall health, activity, and compliance of computers in your organization. For more information about compliance settings, see Compliance Settings in Configuration Manager.

Client status uses the monitoring and reporting capabilities of Configuration Manager to provide information in the Configuration Manager console about the health and activity of the client. You can configure alerts to notify you when clients check results or client activity drops below a specified percentage of clients in a collection or when remediation fails on a specified percentage of clients.

For information about how to configure client status, see How to Configure Client Status in Configuration Manager.

Checks and remediations made by client check

What’s New in Configuration Manager for Client Status

Managing Mobile Devices by Using Configuration Manager

You can use the following solutions to manage mobile devices in Configuration Manager:

  • In Configuration Manager SP1, you can use the Windows Intune connector to enroll mobile devices that run Windows Phone 8, Windows RT, and iOS. This solution uses the built-in management client and does not install the Configuration Manager client, but does automatically install PKI certificates on the mobile devices. This solution does not require you to have your own PKI, but does require a Windows Intune subscription.

  • Configuration Manager can enroll mobile devices and deploy the Configuration Manager client on supported mobile operating systems when the mobile device and site system roles use PKI certificates. This solution automatically installs PKI certificates onto the mobile devices but requires you to run Active Directory Certificate Services and an enterprise certification authority.

  • When the mobile devices run Windows CE or Windows Mobile 6.0, you must install the mobile device legacy client by using a package and program. This solution also requires PKI certificates that must be installed independently from Configuration Manager.

  • If you cannot use the other mobile device management solutions, you can use the Configuration Manager Exchange Server connector to find and manage mobile devices that connect to Microsoft Exchange Server or Exchange Online. Because a management client is not installed, management is more limited for this solution than the others. For example, with the exception of Android devices that use the Windows Intune connector in Configuration Manager SP1, you cannot deploy applications to these mobile devices. However, you can retrieve some inventory information, define settings and access rules, and issue wipe commands for these mobile devices in Configuration Manager.

For more information about these mobile device management solutions, see Determine How to Manage Mobile Devices in Configuration Manager.

For more information about how to install the mobile device legacy client for Windows CE mobile devices, see Mobile Device Management in Configuration Manager in the Configuration Manager 2007 documentation library.

What’s New in Configuration Manager for Mobile Devices

What’s New in Configuration Manager SP1 for Mobile Devices

See Also