No. The Active Directory schema extensions for Configuration Manager 2012 are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for Configuration Manager 2012.

Configuration Manager 2012 introduces changes to both primary and secondary sites while the central administration site is new site type. The central administration site replaces the primary site referred to as a central site as the top-level site of a multi-primary site hierarchy. This site does not directly manage clients but does coordinate a shared database across your hierarchy, and it is designed to provide centralized reporting and configurations for your entire hierarchy.

No. In Configuration Manager 2012 you cannot change the parent relationship of an active site. You can only add a site as a child of another site at the time you install the new site. Because the database is shared between all sites, joining a site that has already created default objects or that has custom configurations can result in conflicts with similar objects that already exist in the hierarchy.

With Configuration Manager 2012, primary sites have changed to support only secondary sites as child sites, and the new central administration site as a parent site. Unlike Configuration Manager 2007, primary sites no longer provide a security or configuration boundary. Because of this, you should only need to install additional primary sites to increase the maximum number of clients your hierarchy can support, or to provide a local point of contact for administration.

In Configuration Manager 2012 secondary sites require either SQL Server, or SQL Server Express to support database replication with their parent primary site.

Database replication is based upon SQL Server replication and replaces file-based site-to-site data transfers for settings and configurations. This enables common information to be quickly replicated to each Configuration Manager 2012 site in a hierarchy. Database replication configures automatically when you join a new site to an existing hierarchy.

Active Directory Forest discovery is a new discovery method in Configuration Manager 2012 that allows you to discover network locations from multiple Active Directory forests. This discovery method can also create boundaries in Configuration Manager for the discovered network locations and you can publish site data to another Active Directory forest to help support clients, sites, and site system servers in those locations.

Yes. Configuration Manager 2012 applies a hierarchy-wide set of default client settings (formerly called client agent settings) that you can then modify on clients by using custom client settings that you assign to collections. This creates a flexible method of delivering customized client settings to any client in your hierarchy, regardless of the site it is assigned to, or where it is located on your network. For more information, see How to Configure Client Settings in Configuration Manager 2012.

Configuration Manager 2012 has replaced the native mode site configuration in Configuration Manager 2007 with individual site system role configurations that accept client communication over HTTPS or HTTP. Because you can have site system roles that support HTTPS and HTTP in the same site, you have more flexibility in how you introduce PKI to secure the intranet client endpoints within the hierarchy. Clients over the Internet and mobile devices must use HTTPS connections.

Use the following procedure to configure the Network Access Account:

How to configure the Network Access Account for a site

Several important changes introduced with Configuration Manager 2012 prevent an in-place upgrade, however Configuration Manager 2012 does support migration from Configuration Manager 2007 with a side-by-side deployment. For example, Configuration Manager 2012 is native 64 bit application with a database that is optimized for Unicode and that is shared between all sites. Additionally, site types and site relationships have changed. These changes, and others, mean that many existing hierarchy structures cannot be upgraded. For more information, see Migrating from Configuration Manager 2007 to Configuration Manager 2012

This type of information is easily recreated by an active client when it sends data to its Configuration Manager 2012 site. Typically, it is only the current information from each client that provides useful information. To retain access to historical inventory information you can keep a Configuration Manager 2007 site active until the historical data is no longer needed.

When you migrate content to Configuration Manager 2012, you are really migrating the metadata about that content. The content itself might remain hosted on a shared distribution point during migration, or on a distribution point that you will upgrade to Configuration Manager 2012. Because the site that owns the content is responsible for monitoring the source files for changes, plan to specify a site that is near to the source file location on the network.

Shared distribution points are Configuration Manager 2007 distribution points that can be used by Configuration Manager 2012 clients during the migration period. A distribution point can be shared only when the Configuration Manager 2007 hierarchy that contains the distribution point remains the active source hierarchy and distribution point sharing is enabled for the source site that contains the distribution point. Sharing distribution points ends when you complete migration from the Configuration Manager 2007 hierarchy.

Configuration Manager 2012 can upgrade supported Configuration Manager 2007 distribution points to Configuration Manager 2012 distribution points. This upgrade allows you to maintain your existing distribution points with minimal effort or disruption to your network. You can also use the prestage option for Configuration Manager 2012 distribution points to reduce the transfer of large files across low-bandwidth network connections.

You can migrate data from more than one Configuration Manager 2007 hierarchy however, you can only migrate one hierarchy at a time. You can migrate the hierarchies in any order. However, you cannot migrate data from multiple hierarchies that use the same site code. If you try to migrate data from a site that uses the same site code as a migrated site, this corrupts the data in the Configuration Manager 2012 database.

Configuration Manager 2012 supports migrating a Configuration Manager 2007 environment that is at a minimum of Service Pack 2.

You can migrate the following objects from Configuration Manager 2007 to Configuration Manager 2012:

• Advertisements
  
  
• Boundaries
  
  
• Collections
  
  
• Configuration baselines and configuration items
  
  
• Operating system deployment boot images, driver packages, drivers, images, and packages
  
  
• Software distribution packages
  
  
• Software metering rules
  
  
• Software update deployment packages and templates
  
  
• Software update deployments
  
  
• Software update lists
  
  
• Task sequences
  
  
• Virtual application packages
  
  

For more information, see

No. Clients that you upgrade from Configuration Manager 2007 will not rerun advertisements that you migrate. Configuration Manager 2012 retains the Configuration Manager 2007 Package ID for packages you migrate and clients that upgrade retain their advertisement history.

If you install Configuration Manager 2012, there is no additional configuration because the Active Directory user account used to install Configuration Manager is automatically assigned to the Full Administrator security role, assigned to All Scopes, and has access to the All Systems and All Users and User Groups collections. However, if you want to provide full administrative permissions for other Active Directory users to access Configuration Manager 2012, create new administrative users in Configuration Manager using their Windows accounts and then assign them to the Full Administrator security role.

As a best practice, specify a security group rather than user accounts when you configure administrative users for role-based administration.

Role-based administration does not support an explicit deny action on security roles, security scopes, or collections assigned to an administrative user. Instead, configure security roles, security scopes, and collections to grant permissions to administrative users. If users do not have permissions to objects by use of these role-based administration elements, they might have only partial access to some objects, for example they might be able to view, but not modify specific objects. However, you can use collection membership to exclude collections from a collection that is assigned to an administrative user.

Run the report Security for a specific or multiple Configuration Manager objects to find the object types that can be assigned to security roles. Additionally you can view the list of objects for a security role by viewing the security roles Properties and selecting the Permissions tab.

Yes. Configuration Manager 2012 supports the same client installation methods that Configuration Manager 2007 supports: client push, software update-based, group policy, manual, logon script, and image-based. For more information, see How to Install Clients in Configuration Manager 2012.

AMT-based computers that were provisioned with Configuration Manager 2007 must have their provisioning data removed before you migrate them to Configuration Manager 2012, and then provisioned again by Configuration Manager 2012. Because of functional changes between the versions, the security group, OU, and web server certificate template have different requirements:

• If you used a security group in Configuration Manager 2007 for 802.1X authentication, you can continue to use this group if it is a universal security group. If it is not a universal group, you must convert it or create a new universal security group for Configuration Manager 2012. The security permissions of Read Members and Write Members for the site server computer account remain the same.
  
  
• The OU can be used without modification. However, Configuration Manager 2012 no longer requires Full Control to this object and all child objects. You can reduce these permissions to Create Computer Objects and Delete Computer Objects on this object only.
  
  
• The web server certificate template from Configuration Manager 2007 cannot be used in Configuration Manager 2012 without modification. This certificate template no longer uses Supply in the request and the site server computer account no longer requires Read and Enroll permissions.
  
  

For more information about the security group and OU, see Step 1 in How to Provision and Configure AMT-Based Computers in Configuration Manager 2012.

For more information about the certificate requirements, see PKI Certificate Requirements for Configuration Manager 2012 and the example deployment, .

When the certificate on the mobile device is due for renewal, users are automatically prompted to accept the new certificate. When they confirm the prompt, Configuration Manager automatically re-enrolls their mobile device.

You must wipe the mobile device if you no longer want it to be enrolled in Configuration Manager 2012. When you wipe a mobile device, this action deletes all data that is stored on the mobile device and on any attached memory cards. In addition, the certificate that was issued during enrollment is revoked with the following reason: Cease of Operation.

Configuration Manager 2012 applications contain the administrative details and Application Catalog information necessary to deploy a software package or software update to a computer or mobile device.

A deployment type is contained within an application and specifies the installation files and method that Configuration Manager will use to install the software. The deployment type contains rules and settings that control if and how the software is installed on client computers.

The deployment purpose defines what the deployment should do and represents the administrator’s intent. For example, an administrative user might require the installation of software on client computers or might just make the software available for users to install themselves. A global condition can be set to check regularly that required applications are installed and to reinstall them if they have been removed.

Global conditions are conditions used by requirement rules. Requirement rules set a value for a deployment type for a global condition. For example, “operating system =” is a global condition; a requirement rule is “operating system = Win7.”

To make a deployment optional, configure the deployment purpose as Available in the applications deployment type. Available applications display in the Application Catalog where users can install them.

Yes. Users can browse a list of available software in the Application Catalog. Users can then request an application which, if approved, will be installed on their computer. To make a deployment optional, configure the deployment purpose as Available in the applications deployment type.

Some scenarios, such as the deployment of a script that runs on a client computer but that does not install software, are more suited to using a package and program rather than an application.

Yes. You can configure multiple deployment types for an application. Rules that specify which deployment type is run allows you to specify how the application is made available to the user.

Yes. Configuration Manager 2012 collects usage statistics from client devices that can be used to automatically define user device affinities or to help you manually create affinities.

Yes. You can see migrated packages and programs in the Packages node in the Software Library workspace. You can also use the Import Package from Definition Wizard to import Configuration Manager 2007 package definition files into your site.

Yes. In Configuration Manager 2012, the term software includes software updates, applications, scripts, task sequences, device drivers, configuration items, and configuration baselines.

The term “device” in Configuration Manager 2012 applies to a computer or a mobile device such as a Windows Mobile Phone.

Depending on the deployment purpose you have specified in the deployment type of an application, Configuration Manager 2012 periodically checks that the state of the application is the same as its purpose. For example, if an application’s deployment type is specified as Required, Configuration Manager will reinstall the application if it has been removed. Only one deployment type can be created per application and collection pair.