Certificate Requirements for Native Mode

Updated to reflect that SHA-1 is the only supported hash algorithm for native mode certificates.

Overview of Internet-Based Client Management

Updated to include task sequences as one of the features that are not supported when clients are managed on the Internet.

Out of Band Management and Double-Byte Character Sets

New topic that lists the considerations and limitations for using double-byte character sets and extended ASCII characters when you use the out of band management feature in Configuration Manager 2007 SP1 and later.

How to Create a Fallback Status Point in Configuration Manager

Updated with clarifications such as the security best practices for production networks, a reference to installing IIS for Windows Server 2008, a list of log files to check for successful installation, and how to install the fallback status on a new server.

How to Enable or Disable Certificate Revocation Checking (CRL) on Clients

Updated to clarify that the client functions that run as a result of task sequence actions always check the certificate revocation list (CRL) in a native mode site, even after following the procedures to disable CRL checking on clients. This limitation does not apply to Configuration Manager 2007 SP2.

Prerequisites for Out of Band Management

Updated to clarify changes that are relevant to Configuration Manager 2007 SP1 and later, including the following:

• Links to the supported configurations documentation for AMT version information.
  
  
• A recommendation to disable AMT on computers that cannot be supported by Configuration Manager, such as workgroup computers and computers with a disjointed namespace.
  
  
• Information about how the security right of Modify Collection Setting is required to configure in-band provisioning, to remove provisioning information, and to update AMT management controllers.
  
  

How to Provision Computers for AMT

Updated with a revised query for the collection that is used for in-band provisioning so that membership contains computers with an AMT status of Detected or Not Provisioned if they are also approved and not blocked.

AMT Provisioning Issues for Out of Band Management

Updated with a reference to the Intel vPro Expert Center: Microsoft vPro Manageability Web site (http://go.microsoft.com/fwlink/?LinkId=132001), which should be checked for issues that are specific to AMT. (Such issues include behavior differences between firmware versions, how to install and configure the Intel translator, and how to configure AMT). Additionally, new troubleshooting information in this topic includes the following scenarios:

• Configuration Manager Fails to Provision Computers with a Disjointed Namespace
  
  
• Computers Fail to Provision Out of Band Because the Computer Has Been Discovered by Configuration Manager
  
  

Out of Band Management Console Issues

Updated with new troubleshooting information that includes the following scenarios:

• The Out of Band Management Console Running on Windows XP SP2 or Windows Server 2003 SP1 Fails to Connect to AMT-Based Computers
  
  
• The Out of Band Management Console Fails to Connect to AMT-Based Computers That Were Successfully Provisioned Out of Band and Do Not Have an Operating System Installed
  
  
• IDE Redirection Fails When the Out of Band Management Console Runs as a Low-Rights User
  
  
• Unexpected Behavior with Blocked Configuration Manager Clients
  
  
• Slow Responses to AMT-Based Computers Using IPv6
  
  

Troubleshooting General Operating System Deployment Issues

Updated with the new entry "Security Registry Keys for Native Mode Remain in Captured Images”, which includes the prescribed additional steps to take if you capture an image from a native mode client.

Troubleshooting Task Sequence Initiated Operating System Deployment Issues

Updated with the new entry "Task Sequence Always Performs Certificate Revocation Checking in Native Mode Site", which explains how to identify a known issue with task sequences always checking the certificate revocation list (CRL) in a native mode site, even after following the procedures to disable CRL checking on clients.

Prerequisites for SQL Reporting Services

Updated with information about creating SQL Reporting Services report models by using SQL Server 2008.

Out of Band Management Security Best Practices and Privacy Information

Updated for revisions that are applicable to Configuration Manager 2007 SP1 and later, including the following security best practices:

• Request customized firmware before purchasing AMT-based computers.
  
  
• Manually revoke certificates and delete Active Directory accounts for AMT-based computers that are blocked by a Configuration Manager 2007 SP1 site.
  
  
• Use a dedicated certificate template for provisioning AMT-based computers.
  
  
• Use a dedicated organizational unit (OU) to publish AMT-based computers.
  
  
• Use Group Policy to restrict user rights for the AMT Accounts.
  
  
• Use a dedicated collection for in-band provisioning.
  
  
• Retrieve and store image files securely when booting from alternative media to use the IDE redirection function.
  
  
• Minimize the number of AMT Provisioning and Discovery Accounts.
  
  

How to Back Up a Secondary Site

Updated to remove the procedure to back up a secondary site because you cannot restore this backup by using the Site Repair Wizard. Instead, you must reinstall the secondary site. This information was also added to About the Site Repair Wizard.