If you install a Microsoft System Center Configuration Manager 2007 site but do not configure any of the features, the site is essentially useless. Features provide the actual functionality of Configuration Manager 2007. You can install just one feature or several features. Some features have dependencies on other features, for example Network Access Protection requires the software updates feature be operational first.
The following features are provided in Configuration Manager 2007:
- Software updates
- Operating system
- Desired configuration
- Network Access
- Wake On LAN
- Out of band
- Client Status
- SQL Reporting
The Administrator Console
The Configuration Manager 2007 console is the most common way that Configuration Manager administrators use Configuration Manager 2007, although some organizations use the Software Development Kit (SDK) to build custom user interfaces and many administrators use scripting to manage repetitive tasks more efficiently.
You can run the console from the site server or install additional consoles on your desktop or help desk computers to facilitate management. One console can manage many sites or many consoles can manage a single site. The Configuration Manager 2007 console runs as a Microsoft Management Console (MMC) snap-in, although you must run Configuration Manager 2007 Setup on the computer so that the snap-in is available.
Collections represent groups of resources and can consist not only of computers, but also of Microsoft Windows users and user groups as well as other discovered resources. Collections provide you with the means to organize resources into easily manageable units, enabling you to create an organized structure that logically represents the kinds of tasks that you want to perform. Collections also serve as targets for performing Configuration Manager operations on multiple resources at one time (such as software distribution or software updates). Collection membership can be either direct or query based. Query based collections are very powerful because they can group any resources together based on criteria. For example, if you want to deploy Microsoft Office 2007 only to computers with 1 GB of free disk space and 1 GB of RAM, you can create a collection that uses a query against the Configuration Manager 2007 inventory information in the database.
You can configure Configuration Manager 2007 to inventory hardware and software on Configuration Manager 2007 clients. Hardware inventory gives you system information (such as available disk space, processor type, and operating system) about each computer. You can configure the information returned in hardware inventory by modifying the SMS_def.mof file. Software inventory agent gives you information such as inventoried file types and versions present on client computers. Software inventory alone just returns lists of file types, but combining software inventory with the information in the Asset Intelligence catalog allows you to create reports on which applications are used in your environment. Software inventory can also collect copies of files in the database, but this is recommended only for small files that do not change very often.
The query feature in Configuration Manager 2007 uses WBEM query language (WQL) to query the site database. Query results are returned in the Configuration Manager 2007 console, where they can be exported using the MMC export list feature. Queries can also be used to create collections of resources that meet the query criteria.
Reporting is a supporting feature to many other Configuration Manager 2007 features. Reports are returned in Web pages in the browser. Programming is not required, but knowledge about creating SQL queries is extremely helpful. With reporting you can create reports that show the inventory you have collected or the software updates successfully deployed. You can also create dashboards, which combine several different views of information. Several pre-created reports are available to support common reporting scenarios. For more information about the reports provided for each feature, see the feature documentation.
Software distribution allows you to push just about anything to a client computer. Packages in software distribution can contain source files to deploy software applications and commands called programs that tell the client what executable file to run. A single package can contain multiple programs, each configured to run differently. Packages can also contain command lines to run files already present on the client, without actually containing additional source files.
|Configuration Manager 2007 can cause any executable file to run on the client, however it is important to understand that Configuration Manager 2007 does not actually package the executables or source files. Configuration Manager 2007 is like the delivery man; it gets the software or the command to the client, but the command must be able to run on the client independently of Configuration Manager 2007. If the software or command cannot run without Configuration Manager 2007 software distribution, it will never run with software distribution.|
Configuration Manager 2007 uses advertisements to specify which collections receive the program and the package.
The software updates feature provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. Software updates in Configuration Manager 2007 requires a Windows Server Update Services (WSUS) server to be installed and uses that to scan the client computers for applicable software updates. The administrator views which updates are needed in the environment and creates packages and deployments containing the source files for the software updates. Clients then install the software updates from distribution points and report their status back to the site database.
Software metering enables you to collect and report software program usage data. The data provided by these reports can be used by many groups within the organization such as IT and corporate purchasing.
Software metering in Configuration Manager 2007 supports the following scenarios:
- Identify which software applications are
being used, and who is using them.
- Identify the number of concurrent usages of a
specified software application.
- Identify actual software license
- Identify redundant software application
- Identify unused software applications which
could be relocated.
Mobile Device management
Mobile devices are supported as Configuration Manager 2007 clients. For documentation purposes, mobile clients are treated as a separate feature. Mobile clients can run a subset of Configuration Manager 2007 features such as inventory and software distribution, but cannot be managed by remote control and cannot receive operating system deployments like desktop clients.
Operating system deployment
Operating system deployment enables you to install new operating systems and software onto a computer. You can use operating system deployment to install operating system images to new or existing computers as well as to computers with no connection your Configuration Manager 2007 site. By using task sequences and the driver catalog operating system deployment streamlines new computer installations by allowing you to install software using one dynamic image that can be installed on different types of computers and configurations.
Operating system deployment provides the following solutions for deploying operating system images to computers:
- Provide a secure operating system deployment
- Assist with managing the cost of deploying
images by allowing one image to work with different computer
- Assist with unifying deployment strategies to
help provide a solid deployment foundation for future operating
system deployment methods.
Desired configuration management
Desired configuration management enables you to define configuration standards and policies, and audit compliance throughout the enterprise against those defined configurations. Best practices configurations can be used from Microsoft and vendors in the form of Microsoft® System Center Configuration Manager 2007 Configuration Packs. These Configuration Packs can then be refined to meet customized business requirements. Additionally, desired configuration management supports an authoring environment for customized configurations.
This feature is designed to provide data for use by many groups within the organization, including IT and corporate security. Desired configuration management supports the following scenarios:
- Detect production server configuration drift
and confirm provisioned servers meet expected build
- Provide the help desk with probable cause
information, reducing the time-to-resolve (TTR) of incidents and
provide probable cause analysis for problems
- Report compliance with regulatory policies,
and in-house security policies
- Provide change verification and tracking
|If you are familiar with the Business Solution Add-on, Desired Configuration Monitoring with Systems Management 2003 Service Pack 1, see the following reference for a comparison between the two features: Comparison of SMS 2003 Desired Configuration Monitoring and Configuration Manager 2007 Desired Configuration Management.|
Remote tools in Configuration Manager 2007 includes the remote control feature which allows an operator with sufficient access rights the ability to remotely administer client computers in the Configuration Manager 2007 site hierarchy.
You can use remote control to troubleshoot problems on client computers and to provide remote help desk support where access to the user's computer is necessary.
Network Access Protection
Network Access Protection (NAP) is a policy enforcement platform built into the Windows Vista and Windows Server 2008 operating systems that helps you to better protect network assets by enforcing compliance with system health requirements. You can configure DHCP Enforcement, VPN Enforcement, 802.1X Enforcement, IPsec Enforcement, or all four, depending on your network needs.
|For an overview of how Network Access Protection works in Windows, see the Webcast "Introduction to Network Access Protection" (http://go.microsoft.com/fwlink/?LinkId=68775).|
Network Access Protection in Configuration Manager 2007 works with Windows Network Policy Server (NPS) on Windows Server 2008, to enforce software update compliance through client remediation. Network policies allow you to limit network access for clients until they have the software updates that you designate as required.
|Network Access Protection is not designed to secure a network from malicious users. It is designed to help administrators maintain the health of the computers on the network, which in turns helps maintain the network’s overall integrity. Network Access Protection does not prevent an authorized user with a compliant computer from uploading a malicious program to the network or engaging in other inappropriate behavior.|
Wake On LAN
The Wake On LAN feature helps to achieve a higher success rate for scheduled Configuration Manager 2007 activities, reducing associated network traffic during business hours, and helps organizations to conserve power by not requiring computers to be left on for maintenance outside business hours.
Wake On LAN in Configuration Manager 2007 supports the following scenarios:
- Sending a wake-up transmission prior to the
configured deadline for a software update deployment.
- Sending a wake-up transmission prior to the
configured schedule of a mandatory advertisement, which can be for
software distribution or a task sequence.
Out of band management
Applies only to Configuration Manager 2007 SP1 and later.
The out of band management feature in Configuration Manager 2007 SP1 provides powerful management control for computers that have the Intel vPro chip set and a supported version of Intel Active Management Technology (Intel AMT).
Out of band management requires a Microsoft public key infrastructure (PKI) and supports the following scenarios:
- Powering on one or many computers (for
example, for maintenance on computers outside business hours).
- Powering off one or many computers (for
example, the operating system stops responding).
- Restarting a nonfunctioning computer or
booting from a locally connected device or known good boot image
- Re-imaging a computer by booting from a boot
image file that is located on the network or by using a PXE
- Reconfiguring the BIOS settings on a selected
computer (and bypassing the BIOS password if this is supported by
the BIOS manufacturer).
- Booting to a command-based operating system
to run commands, repair utilities, or diagnostic applications (for
example, upgrading the firmware or running a disk repair
- Configuring scheduled software update
deployments and advertisements to wake up computers prior to
Client Status Reporting
Client status reporting in Configuration Manager 2007 R2 provides up-to-date information on the status of clients in a Configuration Manager 2007 hierarchy. Client status reporting is useful in situations where standard methods of client troubleshooting cannot be used.
SQL Reporting Services
SQL Reporting Services in Configuration Manager 2007 R2 provides a set of tools and resources that help you use the advanced reporting capabilities of SQL Reporting Services from the Configuration Manager console.
Power management in Configuration Manager 2007 R3 provides a set of tools and resources that you can use to manage and monitor the power consumption of computers in the enterprise.