What’s New in Configuration Manager 2012

Updated: May 1, 2011

Applies To: System Center Configuration Manager 2012

Use the following sections to review information about significant changes in Configuration Manager 2012 since Configuration Manager 2007:

Configuration Manager Setup
The Configuration Manager Console
Sites and Hierarchies
Client Deployment and Operations
Software Deployment and Content Management
Monitoring and Reporting

Configuration Manager Setup

The following options in Setup are new or have changed in Configuration Manager 2012.

Feature	Description
New Setup options	The following options are new in Configuration Manager 2012 Setup: Central Administration Site The top-level Configuration Manager 2007 site in a multi-primary site hierarchy was known as a central site. In Configuration Manager 2012 the central site is replaced by the central administration site. The central administration site is not a primary site at the top of the hierarchy, but rather a site that is used for reporting and to facilitate communication between primary sites in the hierarchy. A central administration site supports a limited selection of site system roles and does not directly support clients or processing of client data. Installation of Site System Roles The following site roles can be installed and configured during Setup: Management point Distribution point You can specify local or remote site system servers for each role. The computer account for the site server is used for the installation on remote site system servers. Add or Remove Provider Roles When you choose to perform site maintenance, you now have the option to add or remove additional SMS Provider roles for the site. This replaces the option from Configuration Manager 2007 where you only had the option to move the SMS Provider. Site Recovery Configuration Manager 2007 used the Site Repair Wizard to recover sites. In Configuration Manager 2012, recovery is integrated in the Configuration Manager 2012 Setup Wizard.
No Setup option to install secondary sites	Secondary sites can only be installed from the Configuration Manager 2012 console.
Installation of the Configuration Manager console is optional	You can choose to install the Configuration Manager console during Setup or install the console after Setup by using the Configuration Manager console Windows Installer package (adminconsole.msi).
Unattended installation script is automatically created	Setup automatically creates the unattended installation script when you confirm the settings on the Summary page of the wizard. The unattended installation script contains the settings that you choose in the wizard. You can modify the script to install other sites in your hierarchy. Setup creates the script in %TEMP%\ConfigMgrAutoSave.ini.
Database replication	When you have more than one Configuration Manager 2012 site in your hierarchy, Configuration Manager uses database replication to transfer data and merge changes made to a site’s database with the information stored in the database at other sites in the hierarchy. This enables all sites to share the same information. When you have a primary site without any other sites, database replication is not used. Database replication is enabled when you install a primary site that reports to a central administration site or when you connect a secondary site to a primary site.
Setup Downloader	The Setup Downloader (SetupDL.exe) is now a standalone application that downloads the files required by Setup. You can now see the progress of files being downloaded and verified, and only the required files are downloaded (missing files and files that have been updated).
Prerequisite Checker	The Prerequisite Checker (prereqchk.exe) is now a standalone application that verifies server readiness for a specific site system role. In addition to the site server, site database server, and provider computer, the Prerequisite Checker now checks management point and distribution point site systems.

The Configuration Manager Console

There is a new console for Configuration Manager 2012, which provides the following benefits:

Logical grouping of operations into the following workspaces: Administration, Software Library, Monitoring, and Assets and Compliance. To change the default order of the workspaces and which ones are displayed, click the down arrow on the navigation pane above the status bar, and then select one of the options: Show More Buttons, Show Fewer Buttons, or Navigation Pane Options.
A ribbon to help you more efficiently use the console.
An administrative user sees only the objects that she is allowed to see, as defined by role-based administration.
Search capabilities throughout the console, to help you find your data more quickly.
Use of temporary nodes in the navigation pane that are automatically created and selected as a result of actions that you take and that do not display after you close the console. Examples of temporary nodes include the following:
- In the Assets and Compliance workspace, click the Device Collections node, and then select the All Systems collection. In the Collection group, click Show Members and the temporary node named All Systems is created and automatically selected in the navigation pane.
- In the Monitoring workspace, click Client Health, and in the Statistics section, browse to the All Systems collection, and then click Pass. The temporary node named Healthy clients from “All Systems” is created and automatically selected in the Assets and Compliance workspace.

Sites and Hierarchies

The following sections contain information about changes from Configuration Manager 2007 that relate to sites and hierarchies in Configuration Manager 2012.

Note
The Active Directory schema extensions for Configuration Manager 2012 are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for Configuration Manager 2012.

Site Types

Configuration Manager 2012 introduces the central administration site and some changes to primary and secondary sites. The following tables summaries these sites and how they compare to sites in Configuration Manager 2007.

Site	Purpose	Change from Configuration Manager 2007
Central administration site	The central administration site coordinates intersite data replication across the hierarchy by using Configuration Manager database replication. It also enables the administration of hierarchy-wide configurations for client agents, discovery, and other operations. Use this site for all administration and reporting for the hierarchy.	Although this is the site at the top of the hierarchy in Configuration Manager 2012, it has the following differences from a central site in Configuration Manager 2007: Does not process client data. Does not accept client assignments. Does not support all site system roles. Participates in database replication
Primary site	Manages clients in well-connected networks.	Primary sites in Configuration Manager 2012 have the following differences from primary sites in Configuration Manager 2007: Additional primary sites allow the hierarchy to support more clients. Cannot be tiered below other primary sites. No longer used as a boundary for client agent settings or security. Participates in database replication.
Secondary site	Controls content distribution for clients in remote locations across links that have limited network bandwidth.	Secondary sites in Configuration Manager 2012 have the following differences from secondary sites in Configuration Manager 2007: SQL Server is required and SQL Server Express will be installed during site installation if required. A proxy management point and distribution point are automatically deployed during the site installation. Secondary sites can be tiered to support content distribution to remote locations. Participates in database replication.

Site

Purpose

Change from Configuration Manager 2007

Central administration site

The central administration site coordinates intersite data replication across the hierarchy by using Configuration Manager database replication. It also enables the administration of hierarchy-wide configurations for client agents, discovery, and other operations.

Use this site for all administration and reporting for the hierarchy.

Although this is the site at the top of the hierarchy in Configuration Manager 2012, it has the following differences from a central site in Configuration Manager 2007:

Does not process client data.
Does not accept client assignments.
Does not support all site system roles.
Participates in database replication

Primary site

Manages clients in well-connected networks.

Primary sites in Configuration Manager 2012 have the following differences from primary sites in Configuration Manager 2007:

Additional primary sites allow the hierarchy to support more clients.
Cannot be tiered below other primary sites.
No longer used as a boundary for client agent settings or security.
Participates in database replication.

Secondary site

Controls content distribution for clients in remote locations across links that have limited network bandwidth.

Secondary sites in Configuration Manager 2012 have the following differences from secondary sites in Configuration Manager 2007:

SQL Server is required and SQL Server Express will be installed during site installation if required.
A proxy management point and distribution point are automatically deployed during the site installation.
Secondary sites can be tiered to support content distribution to remote locations.
Participates in database replication.

Site Communication

The following items are new or have changed for site communication since Configuration Manager 2007:

Site-to-site communication now uses database replication in addition to file-based replication for many site-to-site data transfers, including configurations and settings.
Configuration Manager 2012 can now publish site information to trusted forests to better support clients that are not in the same forest as the site server

Site Modes

Sites are no longer configured for mixed mode or native mode. Instead, you secure client communication endpoints by configuring individual site system roles to support client connections over HTTPS or HTTP. Site system roles in the same site can have different settings, for example, some management points are configured for HTTPS and some are configured for HTTP. Most client connections over HTTPS use mutual authentication so you must make sure that clients have a PKI certificate that has client authentication capability to support this configuration. Mobile devices and client connections over the Internet must use HTTPS.

For sites that use HTTPS client connections, you do not have to specify a PKI certificate for document signing (the site server signing certificate in Configuration Manager 2007) because Configuration Manager 2012 automatically creates this certificate (self-signed). However, the PKI certificate requirements from Configuration Manager 2007 remain the same when you configure site system roles to use HTTPS client communication.

Site System Roles

The following site systems roles are no longer used:

The reporting point. All reports are generated by the reporting services point.
The PXE service point. This functionality is moved to the distribution point.
The branch distribution point. Distribution points can be installed on servers or workstations that are in an Active Directory domain. The functionality of the branch distribution point is now a BranchCache setting for an application deployment type and the package deployment.

The following site system roles are new:

The Application Catalog website point and the Application Catalog web services point. These site system roles require IIS and support the new client application, Software Center.
The mobile device proxy enrollment point, which manages enrollment requests from mobile devices, and the mobile device and AMT enrollment point, which completes mobile device enrollment and provisions AMT-based computers. These site system roles require IIS.

There is no longer a default management point for a site or the concept of a proxy management point in secondary sites. You can install multiple management points in the same site and the client will automatically select one, based on network location and capability (HTTPS or HTTP). This behavior supports a higher number of clients in a single site and provides redundancy, which was previously obtained by using a network load balancing (NBL) cluster. When the site contains some management points that support HTTPS client connections and some management points that support HTTP client connections, the client will connect to a management point that is configured for HTTPS when the client has a valid PKI certificate. Network load balancing (NLB) management points remain supported.

You can also have more than one Internet-based management point in the site, although you can specify only one when you configure clients for Internet-based client management. When Internet-based clients communicate with the specified Internet-based management point, they will be given a list of all the Internet-based management points in the site and then select one. Network load balancing Internet-based management points remain supported.

Boundaries and Boundary Groups

The following items are new or have changed for boundaries since Configuration Manager 2007:

Boundaries are no longer site specific, but defined once for the hierarchy, and they are available at all sites in the hierarchy.
Each boundary must be a member of a boundary group before a device on that boundary can identify an assigned site, or a content server such as a distribution point.

Fallback Site for Client Assignment

In Configuration Manager 2007, automatic site assignment would fail if the client was not in a specified boundary. New in Configuration Manager 2012, if you specify a fallback site (an optional setting for the hierarchy) and the client is not in a boundary group, automatic site assignment succeeds and the client is assigned to the specified fallback site.

Discovery

The following items are new or have changed for Discovery since Configuration Manager 2007:

Each discovery data record (DDR) is processed once at one site and then deleted without forwarding the DDR to a parent site.
Discovery information entered into the database at one site is shared with each site in the hierarchy by using database replication.
Active Directory forest discovery is a new discovery method that can discover subnets and Active Directory sites and translate them into boundaries for your hierarchy.

Client Agent Settings

In Configuration Manager 2007, client agent settings are configured on a per-site basis and you cannot configure these settings for the whole hierarchy. In Configuration Manager 2012, client agent settings and other client settings are grouped into centrally configurable client settings objects that are applied at the hierarchy. To view and configure these, modify the default client settings. If you need additional flexibility for groups of users or computers, configure custom client settings and assign them to collections. For example, you can configure remote control to be available only on specified computers.

Security: Role-Based Administration

In Configuration Manager 2007, administrative access to site resources is controlled by using class and instance security settings that are verified by the SMS Provider computer to allow access to site information and configuration settings. Configuration Manager 2012 introduces role-based administration to centrally define and manage hierarchy-wide security access settings for all sites and site settings.

Instead of using individual class rights, role-based administration uses security roles to group typical administrative tasks that are assigned to multiple administrative users. Security scopes replace individual instance rights per object to group the permissions that are applied to site objects.

The combination of security roles, security scopes, and collections allow you to segregate the administrative assignments that meet your organization requirements and this combination defines what an administrative user can view and manage in the Configuration Manager hierarchy.

Role-based administration provides the following benefits:

Sites are no longer administrative boundaries.
You create administrative users for the hierarchy and assign security to them one time only.
You create content for the hierarchy and assign security to that content one time only.
All security assignments are replicated and available throughout the hierarchy.
There are built-in security roles to assign the typical administration tasks and you can create your own custom security roles.
Administrative users see only the objects that they have permissions to manage.
You can audit administrative security actions.

The following table illustrates the differences between implementing security permissions in Configuration Manager 2007 and Configuration Manager 2012:

Scenario	Configuration Manager 2007	Configuration Manager 2012
Add new administrative user	Perform the following actions from each site in the hierarchy: Add the Configuration Manager user. Select the security classes. For each class selected, select instance permissions.	Perform the following actions one time only from any site in the hierarchy: Add the Configuration Manager administrative user. Select the security roles. Select the security scopes. Select the collections.
Create and deploy software.	Perform the following actions from each site in the hierarchy: Edit the package properties and select the security classes Add each user or group to the instance and then select the instance rights. Deploy the software.	Perform the following actions one time only from any site in the hierarchy: Assign a security scope to the software deployment. Deploy the software.

Scenario

Configuration Manager 2007

Configuration Manager 2012

Add new administrative user

Perform the following actions from each site in the hierarchy:

Add the Configuration Manager user.
Select the security classes.
For each class selected, select instance permissions.

Perform the following actions one time only from any site in the hierarchy:

Add the Configuration Manager administrative user.
Select the security roles.
Select the security scopes.
Select the collections.

Create and deploy software.

Perform the following actions from each site in the hierarchy:

Edit the package properties and select the security classes
Add each user or group to the instance and then select the instance rights.
Deploy the software.

Perform the following actions one time only from any site in the hierarchy:

Assign a security scope to the software deployment.
Deploy the software.

To configure role-based administration, in the Administration workspace, click Security, and then view or edit the Administrative Users, Security Roles, and Security Scopes.

Backup and Recovery

The following table contains information about changes from Configuration Manager 2007 that relate to backup and recovery in Configuration Manager 2012.

Feature	Description
Recovery integrated with Configuration Manager 2012 Setup	Configuration Manager 2007 used the Site Repair Wizard to recover sites. In Configuration Manager 2012, recovery is integrated in the Configuration Manager 2012 Setup Wizard.
Support for multiple recovery options	You have the following options when running recovery in Configuration Manager 2012: Site server and SQL Server Site Server only SQL Server only (moving SQL Server to a new computer is supported)
Recovery uses data replication to minimize data loss	Configuration Manager 2012 database replication uses SQL Server to transfer data and merge changes made to a site’s database with the information stored in the database at other sites in the hierarchy. This enables all sites to share the same information. Recovery in Configuration Manager 2012 leverages database replication to retrieve global data that was created by the failed site before it failed. This process minimizes data loss even when no backup is available.
Recovery using a Setup script	You can initiate an unattended site recovery by configuring an unattended installation script and then using the Setup command /script option.

Client Deployment and Operations

The following sections contain information about changes from Configuration Manager 2007 that relate to client deployment and client operations in Configuration Manager 2012.

Client Deployment

The following items are new or have changed for client deployment since Configuration Manager 2007:

Clients are no longer configured for mixed mode or native mode, but instead use HTTPS with PKI certificates or HTTP with self-signed certificates, depending on the availability and configuration of the site system roles that the clients connect to and whether the clients have a valid PKI certificate that includes client authentication capability. You can determine the current client communication by viewing the Client certificate value in the General tab of the Configuration Manager client properties. This value displays PKI certificate when the client is communicating with a management point over HTTPS and Self-signed when the client communicates with a management point over HTTP. Just as the client property value for the Connection type updates, depending on the current network status of the client, so the Client certificate client property value updates, depending on which management point the client communicates with.
Because Configuration Manager 2012 does not use mixed mode and native mode, the client installation property, /native: [<native mode option>], is no longer used. Instead, use /UsePKICert to use a PKI certificate that has client authentication capability, if it is available, but fall back to an HTTP connection if no certificate is available. If /UsePKICert is not specified, the client does not attempt to communicate by using a PKI certificate, but communicates by using HTTP only. Additionally, use the new command /NoCRLCheck if you do not want a client to check the CRL before it establishes an HTTPS communication.
The client.msi property SMSSIGNCERT is still used but requires the exported self-signed certificate of the site server. This certificate is stored in the SMS certificate store and has the Subject name Site Server and the friendly name Site Server Signing Certificate.

Client Assignment

The following items are new or have changed for client assignment since Configuration Manager 2007:

For automatic site assignment to succeed with boundary information, the boundary must be configured in a boundary group.
In Configuration Manager 2007, automatic site assignment would fail if the client was not in a specified boundary. New in Configuration Manager 2012, if you specify a fallback site (an optional setting for the hierarchy) and the client is not in a boundary group, automatic site assignment succeeds and the client is assigned to the specified site.

Collections

The following items are new or have changed for collections since Configuration Manager 2007:

Feature	Description
User Collections and Device Collections nodes	You can no longer combine user resources and device resources in the same collection. The Configuration Manager console has two new nodes for user collections and device collections.
Users and Devices nodes show recently used collections	New nodes in the Configuration Manager console show recently used collections.
Sub collections are no longer used in Configuration Manager 2012.	In Configuration Manager 2007, subcollections had two main uses: Organize collections in a folder-based manner. In Configuration Manager 2012, you can now create a hierarchy of folders in which to store collections. Subcollections were often used in Configuration Manager 2007 to deploy software incrementally to a larger collection of computers. In Configuration Manager 2012, you can use include rules to progressively increase the membership of a collection. For more information, see How to Manage Collections in Configuration Manager 2012.
Include rules and exclude rules	In Configuration Manager 2012, you can easily include or exclude the contents of another collection from a specified collection.
Incremental collection member evaluation	Incremental collection member evaluation periodically scans for only new or changed resources from the previous collection evaluation and updates a collections membership with only these resources, independently of a full collection evaluation. By default, incremental collection member evaluation runs every 10 minutes and helps to keep your collection data up to date without the overhead of a full collection evaluation.
Migration support	Collections can be migrated from Configuration Manager 2007 collections. For more information, see Migrating from Configuration Manager 2007 to Configuration Manager 2012.
Role-based administration security scopes	Collections can be used to limit access to Configuration Manager 2012 objects.
Collections contain resources from all sites in the hierarchy	In Configuration Manager 2007, collections contained only resources from the site where they were created. In Configuration Manager 2012, collections contain resources from all sites in the hierarchy.
Collection limiting	In Configuration Manager 2012, all collections must be limited to the membership of another collection. When you create a collection, you must specify a limiting collection. Only resources from the limiting collection can be added to the new collection.

Client Status

The following items are new or have changed for Client Status since Configuration Manager 2007:

Client problems that are detected are automatically remediated.
Client health and client status information is integrated into the Configuration Manager console.

Desired Configuration Management is Now Compliance Settings

The following items are new or have changed for desired configuration management (now Compliance Settings) since Configuration Manager 2007:

The desired configuration management feature in Configuration Manager 2007 is now called compliance settings. It still supports configuration items and configuration baselines, but it now supports remediation for WMI, registry and script settings that are noncompliant.
Settings can now be reused by multiple configuration items.
Configuration baselines can be deployed to users and devices.
Compliance settings can be used to manage mobile devices.
The new monitoring features of Configuration Manager 2012 can be used to monitor compliance settings.
Compliance settings features enhanced versioning of configuration items. Specific versions of a configuration item can be included in a configuration baseline.
Unlike Configuration Manager 2007, Configuration Manager 2012 does not support uninterpreted configuration items. An uninterpreted configuration item is a configuration item that is imported into compliance settings and that cannot be interpreted by the Configuration Manager console. Consequently this configuration item properties cannot be viewed or edited in the console. Before you import Configuration Packs or configuration baselines, you must remove uninterpreted Configuration Items in Configuration Manager 2007 before importing to Configuration Manager 2012.

Out of Band Management

The following items are new or have changed for Out of Band Management since Configuration Manager 2007:

Configuration Manager 2012 no longer supports provisioning out of band, which could be used in Configuration Manager 2007 when the Configuration Manager client was not installed or the computer did not have an operating system installed. To provision computers for AMT in Configuration Manager 2012, they must belong to an Active Directory domain, have the Configuration Manager 2012 client installed, and be assigned to a Configuration Manager 2012 primary site.
To provision computers for AMT, you must install the new site system role, the enrollment point, in addition to the out of band service point. Both these site system roles must be installed in the same primary site.
AMT discovery no longer uses port TCP 16992; only port TCP 16993 is used.
Port TCP 9971 is no longer used to connect the AMT management controller to the out of band service point to provision computers for AMT.
The out of band service point uses HTTPS (port TCP 443 by default) to connect to the enrollment point.
The WS-MAN translator is no longer supported.
You no longer select individual permissions for each AMT User Account. Instead, all AMT User Accounts are automatically configured for the PT Administration (Configuration Manager 2007 SP1) or Platform Administration (Configuration Manager 2007 SP2) right, which grants permissions to all AMT features.
You must specify a universal security group in the Out Of Band Management Component Properties to contain the AMT computer accounts that Configuration Manager creates during the AMT provisioning process.
The site server computer no longer requires Full Control to the OU that is used during AMT provisioning. Instead, grant Read Members and Writer Members (this object only).
The certificate templates for the AMT web server certificate and the AMT 802.1X client certificate no longer use Supply in the request and the site server computer account no longer requires permissions to these certificate templates:
- For the AMT web server certificate template: On the Subject tab, select Build from this Active Directory information and then select Common name for the Subject name format. On the Security tab, grant Read and Enroll permissions to the universal security group that you specify in the Out Of Band Management Component Properties.
- For the AMT 802.1X client certificate template: On the Subject tab, select Build from this Active Directory information and select Common name for the Subject name format. Clear DNS name, and then select User principal name (UPN) for the alternate subject name. On the Security tab, grant Read and Enroll permissions to the universal security group that you specify in the Out Of Band Management Point Component Properties.
The AMT provisioning certificate no longer requires that the private key can be exported.
The AMT provisioning certificate will be checked for certificate revocation by the out of band service point, by default. You can disable this option in the out of band service point properties.
AMT-based computers that are assigned to the same Configuration Manager site must have a unique computer name, even when they belong to different domains and therefore have a unique FQDN.
When you reassign an AMT-based computer from one Configuration Manager site to another, you must first remove the AMT provisioning information, reassign the client, and then provision the client again for AMT.
The security rights View management controllers and Manage management controllers from Configuration Manager 2007 is now named Provision AMT and Control AMT, respectively. The Control AMT permission is automatically added to the Remote Tools Operator security role. If an administrative user is assigned to the Remote Tools Operator security role and you want her to provision AMT-based computers or control the AMT audit log, you must add the Provision AMT permission to this security role or make sure that the administrative user belongs to another security role that includes this permission.

Remote Control

Remote Control in Configuration Manager 2012 now supports CTRL-ALT-DEL.

Hardware Inventory

In Configuration Manager 2012, you can enable custom hardware inventory classes without editing the sms_def.mof file.

Power Management

The following items are new or have changed for Power Management since Configuration Manager 2007:

If enabled by an administrative user, users can exclude devices from power management.
Virtual machines can now be excluded from power management.
Power management settings can be copied from another collection.

Mobile Devices

Enrollment for mobile devices in Configuration Manager 2012 is now natively supported by using the two new enrollment site system roles (the mobile device enrollment proxy point and the mobile device and AMT enrollment point) and a Microsoft enterprise certification authority. For Configuration Manager to enroll and manage mobile devices, you must configure IIS with a web server certificate on the computers that hold the following site system roles: the management point, the distribution point, the mobile device and AMT enrollment point, and the mobile device enrollment proxy point. Additionally, if you want to allow users to wipe their own mobile devices, configure IIS with a web server certificate on the computers that hold the Application Catalog web service point and the Application Catalog website point. For more information about how to deploy this certificate, see . You must also create and issue a certificate template for mobile device enrollment. For more information about how to deploy this certificate template, see .

After the certificates are configured, use the following steps to enroll mobile devices:

Optional but recommended to support automatic discovery for the enrollment service: Create a DNS alias (CNAME) named ConfigMgrEnroll that points to the site system server on which you will install the mobile device enrollment proxy point.
Configure the management point and distribution point site system roles for client connections over HTTPS and configure the management point to allow mobile devices.
Install the mobile device enrollment proxy point and the mobile device and AMT enrollment point. If you want to allow users to wipe their own mobile devices, install the Application Catalog web service point and the Application Catalog website point. Optionally, install the reporting services point if you want to run reports for mobile devices.
Edit the default client settings (for all users) or create custom client settings that are assigned to a collection that contains users who you will allow to enroll their mobile devices. Configure the client user setting option for mobile devices to allow users to enroll their mobile devices, and then create a mobile device enrollment profile that is configured to use the certificate template that you created for mobile device enrollment. In the profile, specify the Configuration Manager site that contains the enrollment site system roles for the Site Code and specify the Configuration Manager site that will manage the mobile device for the Assigned Site Code.
To enroll a mobile device, start the mobile device browser, type https://<FQDN>/ClientCabs/ConfigMgrEnroll.Cab to download and open the file, and then follow the instructions. If you have not configured a DNS alias, you must specify the FQDN of the site system server that holds the mobile device enrollment proxy point.

Exchange Server Connector

New in Configuration Manager 2012, the Exchange Server connector allows you to find and manage devices that connect to Exchange Server (on-premise or hosted) by using the Exchange ActiveSync protocol. Use this mobile device management process when you cannot install the Configuration Manager client on the mobile device. When you use the Exchange Server connector, the mobile devices are managed by the settings that you define in Configuration Manager 2012 instead of being managed by the default Exchange ActiveSync mailbox policies. Any Exchange ActiveSync mailbox policies that are configured on the Exchange Server and assigned to users will still be applied. Both Configuration Manager and Exchange Server can remotely wipe a mobile device.

The account that connects to the Exchange Client Access server to manage mobile devices for Configuration Manager must be able to run the following cmdlets:

Set-ADServerSettings
Get-ActiveSyncOrganizationSettings
Get-ActiveSyncDeviceStatistics
Get-ActiveSyncDevice
Get-ExchangeServer
Get-Recipient
Get-ActiveSyncMailboxPolicy
Set-ActiveSyncMailboxPolicy
New-ActiveSyncMailboxPolicy
Remove-ActiveSyncDevice
Clear-ActiveSyncDevice

The following management roles include these cmdlets: Recipient Management; View Only Organization Management; and Server Management. For more information about management role groups in Exchange Server 2012, see (http://go.microsoft.com/fwlink/?LinkId=212914).

Software Deployment and Content Management

The following sections contain information about changes from Configuration Manager 2007 that relate to software updates, software distribution, operating system deployment and task sequences in Configuration Manager 2012.

Software Updates

Though the general concept for deploying software updates is the same in Configuration Manager 2012, new or updated features are available that provide improvements to the software update deployment process, including automatic approval and deployment for software updates, improved search with expanded criteria, enhancements to software updates monitoring, greater user control for scheduling software update installation, and so on. The following table contains the changes to software updates in Configuration Manager 2012.

Feature	Description
Software update groups	Software update groups are new in Configuration Manager 2012 and replace update lists and deployments that are used in Configuration Manager 2007. Software update groups provide a more effective method for you to organize software updates in your environment. You can manually add software updates to a software updates group or software updates can be automatically added to a new or existing software update group by using an automatic deployment rule. You can also deploy a software update group manually or automatically by using an automatic deployment rule. After you deploy a software update group, you can add new software updates to the group and they will automatically be deployed.
Automatic deployment rules	Automatic deployment rules provide the ability to automatically approve and deploy software updates. You specify the criteria for software updates (for example, all Windows 7 software updates released in the last 1 week), the software updates are added to a software update group, you configure deployment and monitoring settings, and choose whether to deploy the software updates in the software update group. You can deploy the software updates in the software update group or retrieve compliance information from devices for the software updates in the software update group without deploying them.
Software updates filtering	New search and the ability to provide expanded criteria is available when software updates are listed in the Configuration Manager console. You can add a set of criteria that make it very easy to find the software updates that you need. You can then save the search criteria to use at a later time. For example, you can set criteria for all critical software updates for Windows 7, and released in the last year. After you filter for the updates that you need, you can select the software updates and review compliance information per software update, create a software update group that contains the software updates, manually deploy the software updates, and so on.
Software updates monitoring	The Configuration Manager console provides the following to help you to monitor software updates objects and processes: Key software updates compliance and deployment views. Detailed state messages for all deployments and assets. Software updates error codes with additional information to help identify issues. Status for software updates synchronization. Alerts for key software updates issues. Software updates reports are also available that provide detailed state information for software updates, software update groups, and software update deployments.
Manage superseded software updates	Software updates in Configuration Manager 2007 were automatically expired during the full software updates synchronization process for a site. This prevented you from deploying superseded software updates because they were expired and Configuration Manager does not allow you to deploy expired software updates. In Configuration Manager 2012, you can choose whether to manage superseded software updates as it is in Configuration Manager 2007 or you can configure a specified period of time where the software update is not automatically expired after it is superseded. That allows you to deploy superseded software updates when necessary.
Increased user control over software update installation	Configuration Manager 2012 provides users more control over when software updates are installed on their device. Configuration Manager Software Center is an application that installs when the Configuration Manager 2012 client is installed. Users run this application from the Start menu to request software and manage the software that is deployed to them, including software updates. Software Center allows users to schedule software update installation at a convenient time before the deadline and install optional software updates. For example, you can configure your business hours and have software updates run outside of those hours to minimize lost productivity. When the deadline is reached for a software update, the installation for the software update is initiated.
Software update files are stored in the content library	The content library in Configuration Manager 2012 is the location where all content files are stored for software updates, applications, operating system deployment, and so on. The content library is located on the site server and each distribution point. The content library provides advantages over content management functionality in Configuration Manager 2007. For example, in Configuration Manager 2007 you might deploy the same content files multiple times using different deployments and deployment packages. The result was that the same content files were stored on the site server and distribution points multiple times. The content library in Configuration Manager 2012 provides a single instance store for content files. This means that before content files are downloaded and copied to distribution points, Configuration Manager 2012 checks to see if the content file is already in the content library, and if so, the existing content file is used.
Software update deployment template	There is no longer a Deployment Templates node in the Configuration Manager console to manage your templates. Deployment templates can be created only in the Automatic Deployment Rules Wizard or Deploy Software Updates Wizard. Deployment templates store many of the deployment properties that might not change from deployment to deployment, and they can save a lot of time for administrators when deploying software updates. Deployment templates can be created for different deployment scenarios in your environment. For example, you can create a template for expedited software update deployments and planned deployments. The template for the expedited deployment can suppress display notifications on client computers, set the deadline for 0 days from the deployment schedule, and allow system restarts outside of maintenance windows. The template for a planned deployment can allow display notifications on client computers and set the deadline for 14 days from the deployment schedule.

The following software updates features have been deprecated in Configuration Manager 2012.

Feature	Description
Update lists	Update lists have been replaced by software update groups.
Deployments	Though you can still deploy software updates in Configuration Manager 2012, there is no longer a visible software update deployment object. The deployment object is now nested in a software update group.

The following software updates objects remain in Configuration Manager 2012 much like they were in Configuration Manager 2007.

Feature	Description
Software update point	The software update point is required for software updates on the central administration site and primary sites, is optional on secondary sites, and is installed as a site system role in the Configuration Manager console. The software update point site system role must be created on a server running Windows Server Update Services (WSUS). The software update point interacts with the WSUS services to configure software update settings and to synchronize software updates. At a secondary site, you have the option of installing an active software update point for the site. Having a software update point at a secondary site provides local access to client computers when scanning for software updates compliance. When the secondary site does not have a configured software update point, client computers will connect to the active software update point on the parent site. You will need to determine whether client computers at the remote site have sufficient connectivity to WSUS running on the parent site or whether WSUS running on a local software update point is required.

Feature

Description

Software update point

The software update point is required for software updates on the central administration site and primary sites, is optional on secondary sites, and is installed as a site system role in the Configuration Manager console. The software update point site system role must be created on a server running Windows Server Update Services (WSUS). The software update point interacts with the WSUS services to configure software update settings and to synchronize software updates.

At a secondary site, you have the option of installing an active software update point for the site. Having a software update point at a secondary site provides local access to client computers when scanning for software updates compliance. When the secondary site does not have a configured software update point, client computers will connect to the active software update point on the parent site. You will need to determine whether client computers at the remote site have sufficient connectivity to WSUS running on the parent site or whether WSUS running on a local software update point is required.

Application Management

Applications are new in Configuration Manager 2012 and have the following characteristics:

Applications contain the files and information necessary to deploy a software package to a computer or a mobile device. Applications contain multiple deployment types that contain the files and commands necessary to install the software. For example, an application could contain deployment types for a local installation of a software package, a virtual application package or a version of the application for mobile devices.
Requirement rules define conditions that specify how an application is deployed to client devices. For example, you can specify that the application should not be installed if the destination computer has less than 2GB RAM or you could specify that a virtual application deployment type is installed when the destination computer is not the primary device of the user.
Global conditions are similar to requirement rules but can be reused with any deployment type.
User device affinity allows you to associate a user with specified devices. This allows you to deploy software to a user rather than a device. For example, you could deploy an application so that it only installs on the primary device of the user. On devices that are not the primary device of the user, you could deploy a virtual application that is removed when the user logs out.
Deployments are used to distribute applications. A deployment can have an action which specifies whether to install or uninstall the application and a purpose which specifies whether the application must be installed or whether the user can choose to install it.
Configuration Manager 2012 can use detection methods to determine if a deployment type has already been installed on a device by using product information, or a script.
Application management supports the new monitoring features in Configuration Manager 2012. The status of an application deployment can be monitored directly in the Configuration Manager console.
Packages and programs from Configuration Manager 2007 are supported in Configuration Manager 2012 and can use some of the new deployment and monitoring features.
Software center is a new client interface that allows users to request and install applications, control some client functionality and to access the application catalog which contains details about all available applications.

Operating System Deployment

The following items are new or have changed for Operating System Deployment since Configuration Manager 2007:

You can apply Windows Updates by using Component-Based Servicing (CBS) to update the Windows Imaging (.wim) file format images that are stored in the operating system images in the Software Library.
The Task Sequence Media Wizard includes steps to add prestart command files (formerly pre-execution hooks) to prestaged media, bootable media, and stand-alone media.
You can configure the Task Sequence Media Wizard to suppress the Configuration Manager Boot Media wizard during operating system installation. This configuration enables you to deploy operating systems without end user intervention.
You can define a deployment in a prestart command that overrides existing deployments to the target computer. Use the SMSTSPreferredAdvertID task sequence variable to configure the task sequence to use a specific Offer ID, based on conditions that you configure.
You can use the same task sequence media to deploy operating systems to computers anywhere in the hierarchy.
The Capture User State task sequence action and the Restore User State task sequence action supports new features from the User State Migration Tool (USMT) version 4.
You can use the Install Application task sequence action to deploy applications from the Software Library when you deploy an operating system.
You can define user device affinity for a client computer during operating system deployment.
The functionality of the PXE service point and its configuration is moved to the distribution point.

Content Management

The following items are new or have changed for content management since Configuration Manager 2007:

Feature	Description
Updated distribution point role	Unlike Configuration Manager 2007 that had the standard and branch distribution points, Configuration Manager 2012 provides one distribution point type that can be installed on workstations and servers.
Content library	The content library in Configuration Manager 2012 is the location where all content files are stored for software updates, applications, operating system deployment, and so on. The content library is located on the site server and each distribution point, and provides a big advantage over content management functionality in Configuration Manager 2007. For example, in Configuration Manager 2007 you might deploy the same content files multiple times using different deployments and deployment packages. The result was that the same content files were stored on the site server and distribution points multiple times. This added a lot of unnecessary processing overhead and hard disk space requirements. The content library in Configuration Manager 2012 provides a single instance store for content files on the site server and distribution points. This means that before content files are downloaded to the site server and copied to distribution points, Configuration Manager 2012 checks to see if the content file is already in the content library, and if so, the existing content file is used.
Content storage	In Configuration Manager 2007, content files are automatically distributed to the disk drive with the most free space. In Configuration Manager 2012, you can configure the disk drives to use for content storage and what priority each drive has when Configuration Manager 2012 copies content files. Content files are copied to the drive with the highest priority until the drive is below a specified amount of free space.
Prestaging content	You can prestage content files for all package types on distribution points in Configuration Manager 2012. In the Configuration Manager console, you select the content that you want and use the Create Prestaged Content File Wizard to create a compressed prestaged content file that contains the files and associated metadata for the content that you selected. You can then manually import the content at a site server, secondary site, or distribution point, the content is added to the content library, and registered with the site server. The distribution point can be configured for prestaging, and then when you distribute content you can choose whether you will always prestage the content on the distribution point, prestage the initial content for the package but use the normal content distribution process when there are updates to the content, or always use the normal content distribution process for the content in the package. During the import process, Configuration Manager detects version conflicts and will prevent the content for an older version of the package from being prestaged.
Bandwidth throttling and scheduling	You can now configure bandwidth settings, throttling settings, and schedule content distribution between the site server to the distribution point, much like you could configure for site-to-site communication in Configuration Manager 2007.
PXE service point integration	The PXE service point is no longer a site role in Configuration Manager 2012, but integrated as a property of the distribution point site system role. The same certificate is used for PXE and the distribution point. There is no longer a PXE share for boot images, but rather an attribute of the boot image and the image will automatically deploy to the PXE store. Multicast options have also been integrated with the distribution point.
BranchCache integration	BranchCache has been integrated in Configuration Manager 2012 and provides you with an ability to control usage at a more detailed level. You can configure the BranchCache settings on a deployment type for applications and on the deployment for a package.
Distribution point groups	Distribution point groups provide a logical grouping of distribution points for content distribution. When you distribute content to a distribution point group, all distribution points that are members of the distribution point group receive the content. If you add a distribution point to the distribution point group after an initial content distribution, the content is automatically distributed to the new distribution point member. You can also add a collection to distribution point groups, which creates an association, and then target the collection to distribute content. When you distribute content to a collection, Configuration Manager 2012 determines the content that is associated with the distribution point group, and then the content is distributed to all distribution points that are members of distribution point group.
Content validation	Content validation can be enabled on distribution points to verify the integrity of packages that have been distributed to the distribution point. You can configure content validation to run on a schedule or you can manually initiate content validation from the properties for distribution points, distribution point groups, and package types (for example, applications, packages, deployment packages, and boot images). You can view status reports from the Monitoring workspace in the Configuration Manager console.
Management of content files	You can now manage your content from the properties of distribution points, distribution point groups, and package types (for example, application, deployment package, driver package, and so on). From the distribution point and distribution point properties, you can see all package types that are assigned for distribution. From the package properties, you can see all distribution points and distribution point groups in which the package has been distributed. You can redistribute, validate, or remove the content from the properties for the object.
Content monitoring	The Configuration Manager 2012 console provides content monitoring that includes the status for all package types in relation to the associated distribution points, the status of content assigned to a specific distribution point group, the state of content assigned to a distribution point, and the status of optional features for each distribution point (Content validation, PXE, and Multicast).

Monitoring and Reporting

The following sections contain information about changes from Configuration Manager 2007 that relate to monitoring and reporting in Configuration Manager 2012.

Reporting

The following items are new or have changed for Reporting since Configuration Manager 2007:

Feature	Description
The reporting point no longer used	The Reporting Services point is the only site system role that is used for reporting in Configuration Manager 2012.
Full integration of the Configuration Manager 2007 R2 SQL Server Reporting Services solution	In addition to standard report management, Configuration Manager 2007 R2 introduced support for SQL Server Reporting Services reporting. Configuration Manager 2012 has integrated this solution and added functionality. Advantages of integrating SQL Server Reporting Services include the following: Uses an industry standard reporting system to query the Configuration Manager 2012 database. SQL Reporting Services high performance, availability and scalability. Enables users to subscribe to reports; for example, a manager could automatically be e-mailed a report each day, detailing the status of a software update rollout. Enables users to export reports in a variety of popular formats. When you install the Reporting Services point in Configuration Manager 2012, the built-in Configuration Manager reports are automatically copied to the Reporting Services server and organized in folders by report category.
Report Builder 2.0 integration	Configuration Manager 2012 uses Microsoft SQL Server 2008 Reporting Services Report Builder 2.0 as the exclusive authoring and editing tool for both Model and SQL-based reports. Report Builder 2.0 is automatically installed when you create or modify a report for the first time. Report Builder 2.0 supports the full capabilities of SQL Server 2008 Reporting Services including the following: Delivers an intuitive, report authoring environment with a look and feel similar to Microsoft Office. Flexible report layout capabilities of SQL Server 2008 Report Definition Language. Data Visualizations including charts and gauges. Richly formatted textboxes. Ability to export to Microsoft Word format.
Subscription management	Report subscriptions in SQL Reporting Services enable you to configure the automatic delivery of specified reports by e-mail or to a file share at scheduled intervals.
Reporting experience	You can run Configuration Manager 2012 reports in the Configuration Manager console by using Report Viewer or you can run reports from a browser by using Report Manager. Each method for running reports provides a similar experience.
Localized reporting	Reports in Configuration Manager 2012 are rendered in the locale of the installed Configuration Manager console. In the SQL Reporting Services Report Manager, you can browse and change the locale settings. Subscriptions are rendered in the locale that SQL Server Reporting Services is installed. When you are authoring a report, you can specify the assembly and expression.

Alerts

Alerts are new in Configuration Manager 2012 and provide near real-time awareness of current site operations and conditions in the Configuration Manager console. Alerts are state-based and will automatically update when conditions change. Configuration Manager 2012 alerts are not similar to status messages in Configuration Manager, nor are they similar to alerts in other System Center products, such as those found in Microsoft System Center Operations Manager 2007.

Monitoring Database Replication

You can monitor the status of Configuration Manager 2012 data replication by using the Database Replication node in the Monitoring workspace of the Configuration Manager console.