Blog Post

Microsoft Security Blog

Announcement: Configuration Manager Documentation Library Update for November 2012

yvetteomeally's avatar
Icon for Microsoft rankMicrosoft
Sep 08, 2018
First published on CloudBlogs on Nov, 30 2012

The Documentation Library for System Center 2012 Configuration Manager and Configuration Manager 2007 Documentation Library have been updated on the web and the latest content has Updated: November 1, 2012 at the top of the topic.

These updates include prerelease documentation to support System Center 2012 Configuration Manager SP1, updates for the release version of System Center 2012 Configuration Manager, and updates for Configuration Manager 2007.

This month sees three particularly important doc updates:

  • The initial publication of the Windows PowerShell cmdlets for System Center 2012 Configuration Manager SP1. Expect more to follow.
  • Information about upgrading System Center 2012 Configuration Manager to Service Pack 1 and interoperability information. Upgrade remains unsupported until Service Pack 1 releases, but we’ve included information now to help you plan.
  • Some planning information for the “Bring Your Own Device” (BYOD) scenario that you’ve been hearing about for Service Pack 1, by using Windows Intune with Configuration Manager. Expect more “how to” information for this in our next publication. This functionality also remains unsupported until Service Pack 1 releases.

As always with our documentation, we write for the intended release version of the product, which might not match a prerelease version of Configuration Manager that you have for testing.

If you have questions or feedback about the documentation, you can contact us by using our usual email address of .

What's New in the Documentation Library for System Center 2012 Configuration Manager, November 2012

The following information lists the topics that contain significant changes since the October 2012 update.

Supported Configurations for Configuration Manager

- Updated for the following information:

  • A new section for site system role prerequisites on Windows Server 2012, supported in Configuration Manager SP1: Prerequisites for Site System Roles on Windows Server 2012 .
  • A list of web browsers that are supported for the Application Catalog.
  • Clarification that secondary site servers are not supported on domain controllers.
  • The maximum supported number of packages on a distribution point is 10,000.
  • Clarified that a reporting services point can use an instance of SQL Server that hosts other processes, including the site database.
  • Removed BITS server extensions as a prerequisite for distribution points.
  • Tips for installing the Configuration Manager client with a reduced footprint, which is often required for Windows Embedded devices.
  • Supported maximum numbers of Mac computers and Windows Embedded devices for a primary site.
  • Mobile devices that can be enrolled by using the Windows Intune connector.

What’s New in Configuration Manager SP1

- Updated throughout for most sections.

Fundamentals of Configuration Manager

- Updated for Configuration Manager SP1 information, for example, site expansion if you install a stand-alone primary site and later decide that you need additional primary sites.

Planning to Upgrade System Center 2012 Configuration Manager

- New topic to help you plan to upgrade System Center 2012 Configuration Manager to Configuration Manager SP1. This topic includes an upgrade checklist and information about the automatic actions taken by Configuration Manager during an upgrade, and those that you must do yourself after upgrading a site.

PKI Certificate Requirements for Configuration Manager

- Updated for a new entry for a SQL Server cluster (specific certificate requirements) and information about the PKI certificates that Windows Intune automatically generates in Configuration Manager SP1 for the Windows Intune connector and mobile devices.

Planning for Discovery in Configuration Manager

- Updated for the new best practice to not run Active Directory Forest Discovery at multiple sites when you plan to automatically create boundaries from the discovery data, because this can create duplicate boundary objects.

Planning for Content Management in Configuration Manager

- Updated for the information that when you use cloud-based distribution points in Configuration Manager SP1, clients on the Internet that are given content locations that include Internet-based distribution points do not fall back to use a cloud-based distribution point if the Internet-based distribution points are not accessible.

Planning for Site Systems in Configuration Manager

- Updated for the information that you must not install a System Center 2012 Configuration Manager management point on a computer that runs the Configuration Manager 2007 client.

Install Sites and Create a Hierarchy for Configuration Manager

- Updated for the following information:

  • In Configuration Manager SP1, you must disable distributed views for all primary sites before you uninstall from the hierarchy a primary site that uses distributed views.
  • You can configure the SQL Server service port to be a non-default TCP port in Configuration Manager SP1.
  • The required permissions to run Setup for several of the site installation procedures.
  • For the unattended installation of a central administration site or primary site:
    • Clarification that some switches for modifying client and server languages at the site are valid only when you modify an existing site, and not when installing a new site.
    • Corrections for some switches that were listed as required but are optional.

Install and Configure Site System Roles for Configuration Manager

- Updated for new information about refreshing the Kerberos tickets for computers when you install a site system on a computer other than the site server when the site server is on a domain controller. In this scenario, the new site system role doesn’t complete installation until either the Kerberos ticket refreshes, or the computer with the site system role reboots (which refreshes the Kerberos ticket).

Configure Database Replicas for Management Points

- Added a new section for uninstalling a database replica. In addition:

  • Added the information that after you restore a site database that was configured for database replicas, you must reconfigure those database replicas.
  • Updated the “Configuring the Database Replica Server” section to include information that the SQL Server service on the replica database server must run as the System account.

Upgrade Configuration Manager to a New Service Pack

- New topic that contains information about how to upgrade from System Center 2012 Configuration Manager with no service pack to Configuration Manager Service Pack 1.

Interoperability between Different Versions of Configuration Manager

- New topic that contains information (previously published in a different topic) about interoperability between System Center 2012 Configuration Manager and Configuration Manager 2007. The topic also contains new information about interoperability between sites with different service pack versions in System Center 2012 Configuration Manager - for example, running a System Center 2012 Configuration Manager hierarchy that contains sites with no service pack and one or more sites with Service Pack 1.

Backup and Recovery in Configuration Manager

- Updated to add a new section, “Using Data Protection Manager to Back up Your Site Database” and updated the “Recover a Secondary Site” section.

Prerequistes for Reporting in Configuration Manager

- Updated to add the section “Supported SQL Server Versions for the Reporting Services Point”.

Configuring Reporting in Configuration Manager

- Updated to add the section “Reporting Services Security Roles for Configuration Manager”.

Technical Reference for Cryptographic Controls Used in Configuration Manager

- Updated for Configuration Manager SP1.

Technical Reference for Ports Used in Configuration Manager

- Updated for cloud-based distribution points and the Windows Intune connector in Configuration Manager SP1.

Technical Reference for Log Files in Configuration Manager

- Updated for log files related to Mac computers and for Linux and UNIX servers.

Configuration Manager Privacy Statement

- Updated for the latest privacy information for Configuration Manager SP1.

Planning for the Migration of Configuration Manager Objects to System Center 2012 Configuration Manager

- Updated for the following clarifications:

  • Software metering rules that you migrate lose their association to clients at a site in System Center 2012 Configuration Manager, and must be reapplied to clients after migration.
  • Boot images you migrate from Configuration Manager 2007 that are on shared distribution points cannot be accessed by clients in the System Center 2012 Configuration Manager hierarchy.

Prerequisites for Client Deployment in Configuration Manager

- Updated for the exact version of Silverlight 5 that is used in Configuration Manager SP1, and a warning that the .NET Framework 4 installation might require a computer restart before installation completes.

How to Install Clients on Windows Computers in Configuration Manager

- Updated the client push procedures that support supplying some CCMSetup properties in Configuration Manager SP1, in addition to the Client.msi properties.

How to Install Clients on Mobile Devices and Enroll Them by Using Configuration Manager

- Updated to include the new UI changes for Configuration Manager SP1.

How to Manage Clients in Configuration Manager

- Updated to clarify that the new Configuration Manager SP1 options for Retire are only for mobile devices that are enrolled by Windows Intune.

About Client Settings in Configuration Manager

- Updated for the following:

  • Added information for the Background Intelligent Transfer group settings.
  • Updated the Client Policy : Enable user policy polling on clients for the new restriction in Configuration Manager SP1 that if this setting is not enabled, users cannot install applications from the Application Catalog.
  • Added important note to the Metered Internet Connections settings that software installations are always permitted when a user initiates them from Software Center or the Application Catalog.
  • Added the section for the Enrollment group settings for Configuration Manager SP1, which replaces the Mobile Devices group settings in Configuration Manager with no service pack.

About Client Installation Properties in Configuration Manager

- Corrected the information for the SMSCACHESIZE value that previously said you couldn’t specify a value lower than the default of 5120 MB. On a newly installed client, you can specify a value as low as 1 MB. However, on a reinstalled client, you can’t specify a value lower than the previously specified value.

Security and Privacy for Clients in Configuration Manager

- Updated for Configuration Manager SP1, which includes information about automatic client upgrade, Windows Embedded devices, Mac computers, and mobile devices that are enrolled by Windows Intune.

Security and Privacy for Content Management in Configuration Manager

- Updated for cloud-based distribution points in Configuration Manager SP1.

Introduction to Application Management in Configuration Manager

- Clarified that the Configuration Manager client on Mac computers and on Linux and UNIX servers do not support the Application Catalog or Software Center.

Planning to Deploy Windows 8 Apps in Configuration Manager

- New topic for Configuration Manager SP1 that contains planning information to help you deploy Windows 8 apps to computers in your hierarchy.

Planning for App-V Integration with Configuration Manager

- New topic that contains planning information to help you deploy virtual applications by using Configuration Manager.

How to Create Applications in Configuration Manager

- Updated to clarify that for Configuration Manager SP1, users must have a valid Windows Store account to install an App from the Windows Store. This information is also added to How to Create Deployment Types in Configuration Manager .

How to Deploy Applications in Configuration Manager

– Updated for information about the new Configuration Manager SP1 option Allow clients on a metered Internet connection to download content after the installation deadline, which might occur additional costs .

How to Manage User Device Affinity in Configuration Manager

- Updated with the information that if the Windows Event Log rolls over, automatically generated user device affinities might not work.

Configuring the Application Catalog and Software Center in Configuration Manager

- Updated with the information that in Configuration Manager SP1, users from another domain can, by default, access the Application Catalog. In Configuration Manager with no service pack, you have to explicitly grant permissions for these users.

Security and Privacy for Application Management in Configuration Manager

- Updated for the following:

  • The security best practice to select applications in the virtual environment that have the same trust level when you configure App-V virtual environments.
  • The security best practice to secure the location of the .cmmac file and the communication channel when you import this file into Configuration Manager for application deployment to Mac computers.
  • Privacy information for the Application Catalog approval information.
  • Security issues that App-V pacakges are not signed and published App-V applications can be installed by all users on the computer.

Introduction to Software Updates in Configuration Manager

- Updated to add information about the new software update point functionality in Configuration Manager SP1.

Planning for Software Updates in Configuration Manager

- Updated to add a new section, “Software Update Points in Configuration Manager SP1”.

Configuring Software Updates in Configuration Manager

- Updated with a new structure that supports both Configuration Manager with no service pack and Configuration Manager SP1.

Prerequisites for Deploying Operating Systems in Configuration Manager

- Updated the “Dependencies External to Configuration Manager” section to include new dependencies for Configuration Manager SP1.

Planning for PXE-Initiated Operating System Deployments in Configuration Manager

- Updated the section “Windows Deployment Service and Dynamic Host Configuration Protocol (DHCP)” to add that the UDP port 68 might be required if DHCP authorization is required on the server.

How to Manage Boot Images in Configuration Manager

- Added information about a new setting that allows you to configure the Windows PE scratch space.

Planning for Operating System Deployment Interoperability

- New topic that provides information about deploying operating systems when you have different versions of Configuration Manager running on sites in your hierarchy.

Task Sequence Action Variables in Configuration Manager

- Updated to change the OSDDomainName and OSDDomainOUName action variables to OSDJoinDomainName and OSDJoinDomainOUName in the “Join Domain or Workgroup Task Sequence Action Variables” section.

Task Sequence Built-in Variables in Configuration Manager

- Updated to add the SMSTSAssignmentsDownloadInterval and MSTSAssignmentsDownloadRetry variables.

Security and Privacy for Deploying Operating Systems in Configuration Manager

- Updated for the following security improvements in Configuration Manager SP1:

  • The state migration point now authenticates clients by using a Configuration Manager token that is issued by the management point.
  • To help protect bootable media, the content is now hashed and must be used with the original policy. If the content hash fails or the check that the content matches the policy fails, the client will not use the bootable media.

How to Import Configuration Data in Configuration Manager

- Updated to add a link to the new Microsoft Configuration Pack for System Center 2012 Configuration Manager.

Security and Privacy for Compliance Settings in Configuration Manager

- Updated for the following security best practices:

  • Do not configure compliance rules that use data that can be modified by end users.
  • Secure the communication channel when you browse to a reference computer.

How to Configure Definition Updates for Endpoint Protection in Configuration Manager

- New topic that contains information about how to configure update sources for Endpoint Protection definitions.

How to Configure Alerts for Endpoint Protection in Configuration Manager

- Updated for the clarification that the Percentage of computers with malware detected count excludes computers that do not have the Configuration Manager client installed. It does include computers that do not have the Endpoint Protection client installed.

How to Create and Deploy Antimalware Policies for Endpoint Protection in Configuration Manager

- Updated for new information about exclusion settings that you can use to prevent folders from being scanned by Endpoint Protection.

How to Manage Antimalware Policies and Firewall Settings for Endpoint Protection in Configuration Manager

- Updated for new information about the available management tasks to remediate detected malware.

How to Monitor Endpoint Protection in Configuration Manager

- Added a new section called “Malware Alert Levels”, which contains a description of the various malware alert levels that you might see in the console and reports.

Security and Privacy for Endpoint Protection in Configuration Manager

- Updated for an entry about the risks and implications of users having local administrative privileges when their computers run the Endpoint Protection client.

Glossary for Microsoft System Center 2012 Configuration Manager

- Updated for Configuration Manager SP1 terms.

Cmdlets in System Center 2012 Configuration Manager SP1

- New section in the Technical Publications node that contains the Windows PowerShell topics for Configuration Manager cmdlets and about topics for the Configuration Manager cmdlets. Note that although the Configuration Manager SP1 Cmdlet Reference topic itself is blank, expand it in the table of contents to see a list of the cmdlets currently published.

Frequently Asked Questions for Configuration Manager

- Updated questions and answers include:

  • How can I create a collection that contains only Mac computers, or only Linux servers?
  • Why might there be differences between a client’s assigned, installed, and resident site values when I look at the client properties in the Configuration Manager console?
  • Can I install the Configuration Manager client on my Windows Embedded devices that have very small disks?
  • Where is the documentation for the Configuration Manager client for Mac Computers?
  • Where is the documentation for the Configuration Manager client for Linux and UNIX?
  • If the same application is deployed to a user and a device, which one takes priority?
  • Why do I see an error message about insufficient permissions from a Windows Embedded device when I try to install software from Software Center?

What's New in the Configuration Manager 2007 Documentation Library for November 2012

The following information lists the topics that contain significant changes since the September 2012 update.

Configuration Manager 2007 SP2 Supported Configurations

- Updated for support for Windows 8 (Pro and Enterprise editions) and Windows Server 2012 (Standard and Datacenter editions) as Configuration Manager clients. This information was previously published on the Configuration Manager team blog .

Note the following:

  • Neither Windows 8 nor Windows Server 2012 is supported to host a site system role.
  • There is an optional hotfix available for download that adds support for these operating systems to the supported platforms list for several features.

How to Remediate Non-Compliant Computers Using Software Distribution

- Updated to correct the number mapping for the compliance severity levels.

-- The Configuration Manager Writing Team

This posting is provided "AS IS" with no warranties and confers no rights.

Published Sep 08, 2018
Version 1.0
No CommentsBe the first to comment