System Center 2012 R2 (all product) support for the April 2014 Windows Server 2012 R2 Update available NOW ! (KB2919355)

Hi to all,

 

Great news, System Center 2012 R2 components are supported on the April 2014 Windows Server 2012 R2 Update (KB2919355). The update can be applied to the latest System Center 2012 R2 workloads deployed before or after the update is offered or installed using your preferred distribution channels.

--------------------------------------------------------

Click Here for access to the KB2919355 !

--------------------------------------------------------

Applies to

  • Microsoft System Center 2012 R2
  • Microsoft System Center 2012 R2 App Controller
  • Microsoft System Center 2012 R2 Data Protection Manager
  • Microsoft System Center 2012 R2 Operations Manager
  • Microsoft System Center 2012 R2 Orchestrator
  • Microsoft System Center 2012 R2 Service Manager
  • Microsoft System Center 2012 R2 Virtual Machine Manager
  • Microsoft System Center 2012 R2 Configuration Manage

Hotfix Package 4 for Microsoft Application Virtualization 5.0 Service Pack 1 (Server) is now available !

Hi to all,

Great news, the Hotfix Package 4 for Microsoft Application Virtualization 5.0 Service Pack 1 (Server) is now available !

This hotfix package fixes the following issue.

Management Console scrolling

When you use the Microsoft Application Virtualization Management Server management console, the scroll bar to enable and disable applications in packages across many panels constantly jumps back to the top as you use it. This prevents you from being able to select items at the bottom of the list.

---------------------------------------------------------

Click Here for download

---------------------------------------------------------

SCCM 2012 | Free eBook available for download: Microsoft System Center: How to Troubleshoot Configuration Manager !!!

Hi to all !

Great news, a new ebook titled Microsoft System Center: Troubleshooting Configuration Manager that is free to download !!!

Part of a series of specialized guides on System Center—this book addresses the most common pain points for Configuration Manager administrators, providing insider and from-the-field insights to help you succeed. Written by experts on the Microsoft System Center team and with Microsoft MVP Mitch Tulloch as series editor, this title delivers concise technical guidance as you step through key concepts and tasks.


For more:

HERE

Reminder | Microsoft System Center 2012 R2 MVA available !!!

Hi to all,

Important reminder on MVA for System center 2012 Product !!!

What is MVA?

Successful technologists never stop learning and great technology never stops evolving. Microsoft Virtual Academy (MVA) offers online Microsoft training delivered by experts to help technologists continually learn, with hundreds of courses, in 11 different languages. Our mission is to help developers, knowledgeable IT professionals and advanced students learn the latest technology, build their skills, and advance their careers. MVA is free of charge, and the entire service is hosted on Windows Azure.

System center 2012 Courses Program:

These courses cover System Center 2012 SP1, including the individual components App Controller (SCAP), Configuration Manager (SCCM), Data Protection Manager (DPM), Endpoint Protection (SCEP), Operations Manager (SCOM), Orchestrator (SCO), Service Manager (SCSM) and Virtual Machine Manager (SCVMM).

Click Here for acces to the website !

 

SCCM 2012 R2 | How to import User Device Affinity (UDA) in Configuration Manager by CSV !

Hi to all,

In this post, i explain how to import User Device Affinity (UDA) in Configuration Manager by CSV

You begin by create a notepad file with *.csv extension indicate under:

Domaine\user,Computer

Right click on user and select import user device affinity

Select the *.csv file created previously

Check informations and click Next

Click Next

User device Affinity file Imported and finish :-)

You can check the User Device Affinity by right click on a Computer ressource and select edit primary user...

Finish

 

The System Center 2012 R2 Configuration Manager Toolkit available NOW for download !!!

Hi to all,

Great news, The System Center 2012 R2 Configuration Manager Toolkit for download !!!

 

Server Based Tools

  • DP Job Manager - A tool that helps troubleshoot and manage ongoing content distribution jobs to Configuration Manager distribution points.
  • Collection Evaluation Viewer - A tool that assists in troubleshooting collection evaluation related issues by viewing collection evaluation details.
  • Content Library Explorer - A tool that assists in troubleshooting issues with and viewing the contents of the content library.
  • Security Configuration Wizard Template for Microsoft System Center 2012 R2 Configuration Manager - The Security Configuration Wizard (SCW) is an attack-surface reduction tool for the Microsoft Windows Server 2008 R2 operating system. Security Configuration Wizard determines the minimum functionality required for a server's role or roles, and disables functionality that is not required.
  • Content Library Transfer – A tool that transfers content from one disk drive to another.
  • Content Ownership Tool – A tool that changes ownership of orphaned packages (packages without an owner site server).
  • Role-based Administration Modeling and Auditing Tool – This tool helps administrators to model and audit RBA configurations.
  • Run Metering Summarization Tool - The purpose of this tool is to run the metering summarization task to analyze raw metering data


Client Based Tools

  • Client Spy - A tool that helps you troubleshoot issues related to software distribution, inventory, and software metering on System Center 2012 Configuration Manager clients.
  • Configuration Manager Trace Log Viewer – A tool used to view log files created by Configuration Manager components and agents.
  • Deployment Monitoring Tool - The Deployment Monitoring Tool is a graphical user interface designed help troubleshoot Applications, Updates, and Baseline deployments on System Center 2012 Configuration Manager clients.
  • Policy Spy - A policy viewer that helps you review and troubleshoot the policy system on System Center 2012 Configuration Manager clients.
  • Power Viewer Tool – A tool to view the status of power management feature on System Center 2012 Configuration Manager clients.
  • Send Schedule Tool - A tool used to trigger a schedule on a client or trigger the evaluation of a specified DCM Baseline. You can trigger a schedule either locally or remotely.
  • Wakeup Spy – A tool that provides a view of the power state of Configuration Manager client computers and which operate as managers or manages.

Clic Here for download !!!

SCCM| Configuration Manager Documentation Library Update for August 2013 !!!

Hi to all,

News, the Configuration Manager Documentation Library is Updated for August 2013!

What's new?

Supported Configurations for Configuration Manager

- Updated to correct the references for .NET 4.0 to be .NET 4.5 for the prerequisites for site system roles that run on Windows Server 2012.

This topic also has a new section, Client Support Numbers for Sites and Hierarchies, which details how many clients and devices of each type are supported by the different versions of Configuration Manager, across the different core hierarchy designs, and at each site type. Additionally, this section contains new details about the number of management points you should plan to use to support the different types of clients in your environment.


Determine Whether to Extend the Active Directory Schema for Configuration Manager

- Based on customer feedback, updated to clarify which Active Directory Forest versions replicate the full global catalog, verses only replicating changes when the Active Directory Schema is modified.


Interoperability between Different Versions of Configuration Manager

- Updated to add a new section, Limitations when Upgrading to System Center 2012 R2 Configuration Manager, which lets you know about limitations that exist while your hierarchy is in the process of upgrading to System Center 2012 R2 Configuration Manager.


Planning to Upgrade System Center 2012 Configuration Manager

- Updated to clarify that you must close an open Configuration Manager console before that console can upgrade. This includes a console that runs on a site server that you upgrade as well as consoles that run on remote computers and that are upgraded to a new version independent of a site upgrade.

In addition, this topic has a new section, Planning to Upgrade to System Center 2012 R2 Configuration Manager, which contains what’s new in Setup (such as the option to specify custom locations for the SQL Server database files), an upgrade planning checklist, and a list of issues worth consideration when you upgrade a site to System Center 2012 R2 Configuration Manager.

Planning for Content Management in Configuration Manager

- Updated to align a statement about distribution point requiring BITS to enable a client to download content. (Distribution points do not require BITS for this purpose.) This aligns the guidance in this topic with updates published in May 2013 to the topic Supported Configurations for Configuration Manager.


Install and Configure Site System Roles for Configuration Manager

- Updated the reference to the Virtual IP Address (VIP) for cloud-based distribution points to reflect the recent changes in the Windows Azure web portal. This topic was also updated to clarify that site expansion was not available prior to Configuration Manager with Service Pack 1.


Technical Reference for Ports Used in Configuration Manager

- Based on customer feedback, provided more information about the dynamic port numbers, with a link to a Knowledge Base article that defines the different ranges for dynamic ports, which can be different, depending on the version of the operating system.


Prerequisites for Migration in System Center 2012 Configuration Manager

- Updated for the permissions that are required by the Source Site Database Account, which is used during migration. Also updated the information about the use of ports, to account for non-default TCP ports that might be in use.


Introduction to Client Deployment in Configuration Manager

- Updated to add information about the hardware inventory that is collected from Mac computers, and also clarified that client notification does not support role-based administration.


How to Install Clients on Mac Computers in Configuration Manager

- Updated to add information about how to use the new Mac Computer Enrollment Wizard in System Center 2012 R2 Configuration Manager. Also added a script that can be used to configure the System Center 2012 R2 Configuration Manager client to use an existing certificate.


How to Manage Clients in Configuration Manager

- Updated to add information about the new Change Ownership option for clients.


How to Configure Client Settings in Configuration Manager

- Updated for the What’s New in System Center 2012 R2 Configuration Manager section, with information about the new Resultant Settings option that displays calculated resultant settings for devices, users, and user groups.


Security and Privacy for Clients in Configuration Manager

- Updated to add the mobile device security issue that a wipe acknowledgment does not verify that the device has been successfully wiped. The following security best practices and security issues are also added for Mac computers: 

  • Store and access the client source files from a secured location.
  • Consider configuring the trusted root CA certificate such that it is trusted for the SSL protocol only, to help protect against elevation of privileges.
  • When users first enroll Mac computers, they are at risk from DNS spoofing.
  • Mac enrollment does not limit certificate requests.

 
About Client Installation Properties in Configuration Manager

- Updated for the CCMSetup.exe property of /ExcludeFeatures, which is new for System Center 2012 R2 Configuration Manager, and lets you prevent a feature from being installed during client installation. Currently, the only parameter supported for this property is ClientUI.

 
Introduction to Application Management in Configuration Manager

- Updated to include the latest information about device support for application management.

 
Security and Privacy for Application Management in Configuration Manager

- Updated to add the following security best practices and security issues for application management: 

  • If you deploy applications for Mac computers, make sure that the source files are from a trustworthy source.
  • If you configure a web application deployment type, use HTTPS rather than HTTP to secure the connection.
  • You cannot restrict install permissions for the company portal.

 
How to Manage Virtual Hard Disks in Configuration Manager

- New topic with information about how to manage virtual hard disks (VHDs) from the Configuration Manager console and integrate the VHDs that you create into your datacenter.

 
Introduction to Collections in Configuration Manager

- Updated to add What’s New for maintenance windows in System Center 2012 R2 Configuration Manager.

 
How to Create Mac Computer Configuration Items in Configuration Manager

- Updated with the information that key names are case sensitive and will not be evaluated if they differ from the key name on the Mac computer, that you cannot edit the key name after you have specified it, and added a note that Configuration Manager does not support using the Boolean data type for Mac configuration item script settings.

 
Introduction to Remote Connection Profiles in Configuration Manager

- Updated to add information about the Remote PC Connect security group that is used by remote connection profiles, and also clarified that Windows Group policy can override remote connection settings

 
Prerequisites for Remote Connection Profiles in Configuration Manager

- Updated to add the permissions required to manage remote connection profiles.

 
How to Create Remote Connection Profiles in Configuration Manager

- Updated to add information about supported formats for the Remote Desktop Gateway Server name.

 
How to Deploy Remote Connection Profiles in Configuration Manager

- Updated with the information that if a device leaves a collection to which a remote connection profile has been deployed, the remote connection profile settings are disabled on the device. However, for this to occur correctly, you must have already deployed at least one configuration item or configuration baseline containing a configuration item from your site.

 
Security and Privacy for Remote Connection Profiles in Configuration Manager

- New topic that lists the security best practices and privacy information for remote connection profiles.

 
Prerequisites for Certificate Profiles in Configuration Manager

- Updated to add the permissions required to manage certificate profiles.

 
How to Create Certificate Profiles in Configuration Manager

- Updated to add information about the new option that allows certificate enrollment only on the users’ primary device, or on any device. Also added information about how iOS devices support limited subject name formats and subject alternate names.

 
Security and Privacy for Certificate Profiles in Configuration Manager

- New topic, which lists the security best practices and privacy information for certificate profiles.

 
Introduction to VPN Profiles in Configuration Manager

- Updated and clarified that iOS 7 is supported for VPN profiles.

 
Prerequisites for VPN Profiles in Configuration Manager

- Updated to add the permissions required to manage VPN profiles.

 
How to Create VPN Profiles in Configuration Manager

- Updated with the information that you cannot use the characters \/:*?<>| in the VPN profile name, as these are not supported by Windows Server VPN. Also updated to add the latest information about supported connection types on each platform.

 
How to Deploy VPN Profiles in Configuration Manager

- Updated with the information when a VPN profile deployment is removed, the Wi-Fi profile is not removed from client devices. If you want to remove the profile from devices, you must manually remove it.

 
Security and Privacy for VPN Profiles in Configuration Manager

- New topic that lists the security best practices and privacy information for VPN profiles.

 
Introduction to Wi-Fi Profiles in Configuration Manager

- Updated with the information that iOS 7 is supported for Wi-Fi profiles.

 
Prerequisites for Wi-Fi Profiles in Configuration Manager

- Updated to add the permissions required to manage Wi-Fi profiles.

 
How to Create Wi-Fi Profiles in Configuration Manager

- Updated with the information that wireless network name and SSID can be a maximum of 32 characters, and added information about the certificates that might be required to authenticate Wi-Fi profiles.

 
How to Deploy Wi-Fi Profiles in Configuration Manager

- Updated with the information that when a Wi-Fi profile deployment is removed, the Wi-Fi profile is not removed from client devices. If you want to remove the profile from devices, you must manually remove it. 

 
Security and Privacy for Wi-Fi Profiles in Configuration Manager

- New topic that lists the security best practices and privacy information for Wi-Fi profiles.

 

What's New in the Configuration Manager 2007 Documentation Library for August 2013

The following information lists the topic that contains significant changes since the July 2013 update.

 
Configuration Manager 2007 Supported Configurations

- Based on customer feedback, updated four links for hardware requirements to point to the correct topic, Configuration Manager 2007 General Supported Configurations.

 
How to Uninstall a Primary Site

- Based on customer feedback, the introductory sentence of the topic was rewritten to remove an inconsistency and clarify the intent of the topic.

 
How to Copy Site Settings from One Site to Another

- Based on customer feedback, updated to clarify account transfers via the Transfer Site Settings wizard. You can't transfer information about accounts that run a site, but you can use the command line tool to set these accounts. The text previously suggested that you could not transfer an account, while the client push installation account is an account that you can transfer to another site, as a site setting.

source

The Cumulative Update 1 (CU1) for System Center 2012 Configuration Manager Service Pack 1 (SCCM 2012 SP1) is available for download!!!

Hi to all,

Great news, the Cumulative Update 1 (CU1) for System Center 2012 Configuration Manager Service Pack 1 (SCCM 2012 SP1) is available for download !!!

What's news in this CU1 for SCCM2012 SP1:

Issues that are fixed

Administrator Console

  • A Discovery Data Record (DDR) that contains organizational unit (OU) paths that are longer than 220 characters are not processed. The DDM.log file on the site server contains event messages that resemble the following:

    CDiscoverySource::ValidateSchema - array property User OU Name cannot expand size so rejecting.

    CDiscoverDataManager::ProcessDDRs - Unable to update data source
  • The Allow clients to use a fallback source location for content option is missing from the Distribution Points tab of the package properties.

Site systems

  • Replication Configuration Manager incorrectly reports the link status as Degraded and then reports the status as Active one minute later.
  • Site replication fails after a site database is restored to a new server. Additionally, the Rcmctrl.log file contains the following error message:

    ERROR: Received unhandled SQL exception, printing info and throwing it again. This will be retried in next cycle.
    SqlException number: [8115]
    ERROR: Exception message: [Arithmetic overflow error converting expression to data type int.~~The 'spGetChangeTrackingMinValidVersion' procedure attempted to return a status of NULL, which is not allowed. A status of 0 will be returned instead.]

Device management

  • The Configuration Manager client cannot be installed on devices that contain newer ARM processors. Additionally, the following error message is logged in the DmClientSetup log file:

    Fail to get the CAB file name because of unsupported processor type: 0

Software updates

  • The Allow clients to share content with other clients on the same subnet option in the properties of a Software Update Group Deployment is ignored. Additionally, the DataTransferService.log file contains the following message:

    Not using branch cache option.
  • When a custom port is configured for software updates, an Internet only client may append the custom port to the URL for the Windows Update service. Additionally, when the custom port is set to 880, log entries that resemble the following may be logged in the DataTransferService.log file:

    UpdateURLWithTransportSettings(): OLD URL - http://download.windowsupdate.com/msdownload/update.cab

    UpdateURLWithTransportSettings(): NEW URL - http://download.windowsupdate.com:880/msdownload/update.cab
  • The Schedule Updates Wizard does not list content for Windows Server 2012. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

    2793237 FIX: The Schedule Updates Wizard does not list content for Windows Server 2012 in System Center 2012 Configuration Manager Service Pack 1

Client

  • The MicrosoftPolicyPlatformSetup.msi file is now correctly signed.
  • The selection of multiple targeted applications in Software Center will fail if the calendar region is set to Arabic (Saudi Arabia). Additionally, Software Center displays the following error message:

    Software Center cannot be loaded. There is a problem loading the required components for Software Center. You can try launching Software Center at a later time. If the problem continues, you can contact your helpdesk.
  • The hardware inventory on a computer that is running a 32-bit version of Windows Server 2003 R2 may cause the Wmiprvse.exe process to exit unexpectedly. Additionally, when you view the results of the fault, the details of the fault resemble the following:

    Faulting application wmiprvse.exe, version 5.2.3790.4455, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x00056b1d
  • PXE support is added for IA-32 EFI computers.

PowerShell

  • When the Clear-CMPxeDeployment cmdlet is run, you receive the following error message:

    The method or operation is not implemented.
  • When the Update-CMDistributionPoint –DeploymentTypeName cmdlet is run, you receive the following error message:

    Key not Found Exception.
  • When the New-CMDeviceCollection cmdlet is run, the refreshschedule parameter is not defined in the NewByLimitName parameter set.
  • When the New-CMDeviceCollection cmdlet is run together with the LimitingCollectionName option, the cmdlet is unsuccessful. Additionally, you receive the following error message:

    Unable to cast object of type 'Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlArrayItems' to type'System.Management.ManagementBaseObject'.
  • When the .GetType method is used for the object that is returned by the New-CMSchedule cmdlet, the method is unsuccessful. Additionally, you receive the following error message:

    The adapter cannot get property "GetType" for instance of SMS_ST_RecurInterval.
  • When the Import-CMComputerInformation -CollectionName "All Systems" -ComputerName "Computer01" -MacAddress "xx:xx:xx:xx:xx:xx" command is run, the command is unsuccessful. Additionally, you receive the following error message:

    WARNING: The collection All Systems does not exist or is not suitable for adding the new device.

Functionality that is updated:

PowerShell

Help for PowerShell is updated for the cmdlets that are included in Configuration Manager Service Pack 1 and in this cumulative update. In a PowerShell environment, use the Update-Help –Module ConfigurationManager cmdlet to retrieve the latest Help information from Microsoft.

The following cmdlets are added to the PowerShell module:

  • Add-CMDistributionPoint
  • Import-CMAntiMalwarePolicy
  • Import-CMDriver
  • New-CMAppVVirtualEnvironment
  • New-CMMigrationJob
  • New-CMPackage
  • New-CMSoftwareUpdateAutoDeploymentRule
  • New-CMTaskSequence
  • New-CMTaskSequenceInstallUpdateAction
  • New-CMTaskSequenceMedia
  • New-CMUserDataAndProfileConfigurationItem
  • Remove-CMTaskSequenceInstallUpdateAction
  • Set-CMTaskSequenceGroup
  • New-CMTaskSequenceGroup
  • Remove-CMTaskSequenceGroup
  • Set-CMApplicationCatalogWebsitePoint
  • Set-CMAppVVirtualEnvironment
  • Set-CMClientPushInstallation
  • Set-CMClientSetting
  • Set-CMDistributionPoint
  • Set-CMDriver
  • Set-CMEndpointProtectionPoint
  • Set-CMEnrollmentPoint
  • Set-CMEnrollmentProxyPoint
  • Set-CMHierarchySetting
  • Set-CMManagementPointComponent
  • Set-CMOperatingSystemImageUpdateSchedule
  • Set-CMOutOfBandManagementComponent
  • Set-CMReportingServicePoint
  • Set-CMSite
  • Set-CMSoftwareUpdateAutoDeploymentRule
  • Set-CMSoftwareUpdatePointComponent
  • Set-CMStateMigrationPoint
  • Set-CMStatusSummarizer
  • Set-CMSystemHealthValidatorPointComponent
  • Set-CMTaskSequence
  • Set-CMTaskSequenceInstallUpdateAction
  • Set-CMUserDataAndProfileConfigurationItem
  • Start-CMDistributionPointUpgrade

--------------------------------------

Click HERE for download

--------------------------------------

  • Launch the executable file and Click Next

  • Click Next

  • Select Yes, update the site database and click next

  • Click Next

  • Click Next

  • Click Next

  • Click Next

  • Click Install

  • Click next

Click Finish Big Smile


How to deploy the SCCM 2012 management console with SCCM2012

Hi to all,

In this post, i explain how to deploy the SCCM 2012 management console.

Prerequisite:

  • Source SCCM 2012 management console present in this folder >>(ConfigMgrSiteServerInstallationPath>\Tools\ConsoleSetup)

Right Click and select Create Package

Insert Package name and indicate source files and click Next

Click Next

Insert Name, command line under

consolesetup.exe /q TargetDir="C:\Program Files\configmgrConsole" EnableSQM=1 DefaultSiteServerName=Yourserver.domaine.com

Select all option indicate on the copy screen and click Next

Click Next

Click Next

Click Close

Package SCCM 2012 imported with successfully and ready to deploy!

Command line for uninstall :
consolesetup.exe /uninstall /q

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Others command line option:

Type consolesetup.exe and choose from the following command-line options.
    
Command-line option     Description

/q

Installs the Configuration Manager console unattended. The EnableSQM, TargetDir, and DefaultSiteServerName options are required when you use this option.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

/uninstall
       

Uninstalls the Configuration Manager console. You must specify this option first when you use it with the /q option.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

LangPackDir
       
Specifies the path to the folder that contains the language files. You can use Setup Downloader to download the language files. If you do not use this option, Setup looks for the language folder in the current folder. If the language folder is not found, Setup continues to install English only. For more information about Setup Downloader, see Setup Downloader in this topic.


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

TargetDir

Specifies the installation folder to install the Configuration Manager console. This option is required when you use the /q option.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

EnableSQM
       

Specifies whether to join the Customer Experience Improvement Program (CEIP). Use a value of 1 to join the Customer Experience Improvement Program, and a value of 0 to not join the program. This option is required when you use the /q option.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DefaultSiteServerName
       
Specifies the FQDN of the site server to which the console connects when it opens. This option is required when you use the /q option.

 

Dcom prerequisiste for use SCCM 2012 Console n SCCM 2012 Servers:

  1. From the Start menu, click Run and type Dcomcnfg.exe.

  2. In Component Services, click Console root, expand Component Services, expand Computers, and then click My Computer. On the Action menu, click Properties.

  3. In the My Computer Properties dialog box, on the COM Security tab, in the Launch and Activation Permissions section, click Edit Limits.

  4. In the Launch Permissions dialog box, click Add.

  5. In the Select User, Computers, or Groups dialog box, in the Enter the object names to select (examples): box, type SMS Admins and click OK.

  6. In the Permissions for SMS Admins section, select the check box to allow Remote Activation.

  7. Click OK twice, and then close Computer Management.

Application Approval Workflow available for SCCM2012 (Application Catalog) / SCSM 2012 & Orchestrator 2012 !

Hi to all,

Great news, the SCCM 2012 application approval workflow is available for SCSM 2012 !!!

What  Application Approval Workflow?

This solution accelerator takes an application request submitted through the System Center 2012 Configuration Manager Application Catalog and transforms it into a System Center 2012 - Service Manager service request, allowing flexible approval lists and activities.

Prerequisite:

•    Microsoft System Center 2012 - Service Manager
•    Microsoft System Center 2012 - Orchestrator
•    Microsoft System Center Integration Pack for System Center 2012 Service Manager
•    Microsoft System Center 2012 Configuration Manager
•    Service Manager Portal

& Microsoft Visual C++ 2010 x64 Redistributable – 10.0.30319.

Overview

The Application Approval Workflow (AAW) extends your application approval process. End users can easily request applications on-demand directly through the Configuration Manager Application Catalog or via redirection from the Service Manager Self-Service Portal. Application requests requiring approval are routed to Service Manager where custom approver lists and activities can be configured based on user and application properties.

AAW uses System Center 2012 - Orchestrator between Configuration Manager and Service Manager to sync Configuration Manager applications, leverage Service Manager workflows, and post the approval status back to Configuration Manager. We created wizards in Service Manager to configure custom service request template-matching criteria. User and application properties received in the approval request from Configuration Manager are used to select a service request template containing an approver list and activities that best fit your business process.


Key features:

    Sync Configuration Manager applications data into the Service Manager database.
    Monitor and transport Configuration Manager Application Catalog requests requiring approval to Service Manager and open a service request.
    Return the completed approval workflow status to Configuration Manager for handling.
    Allow administrators to define and maintain application selection criteria for specific applications or application groups and specific users or user groups.
    Track service application requests and view application catalog contents in Service Manager.

Click HERE for download

 

System Center Advisor is a FREE service!

Hi to all,

Great news, System Center Advisor is a free service now !!!

What is Advisor?

System Center Advisor is a cloud service that enables IT Professionals to proactively avoid problems resulting from server configuration issues. It can help you resolve issues faster by providing access  to current and historical configuration data for a deployment. Additionally, System Center Advisor reduces downtime by providing suggestions for improvement and notifying users of key updates specific to their configuration

News:

  • New workloads were added in January including Lync 2010
  • Later this month we will release Update Rollup 3 for System Center Advisor
  • Last but not least...stay tuned for some exciting Advisor news during this years Microsoft Management Summit ! 

Advisor supports analysis of the following workloads:

  • Windows Server 2008 and 2008 R2:
    • Active Directory
    • Hyper-V Host
    • General operating system
  • SQL Server 2008 and later
    • SQL Engine
  • Microsoft SharePoint 2010 and later
  • Microsoft Exchange Server 2010 and later
  • Microsoft Lync Server 2010

Click Here for to know more

 

Source

Posted by mbertuit | with no comments
Filed under: , , , , , , ,

System Center Monitoring Pack available for System Center Configuration Manager 2012 SP1 (SCCM 2012 SP1)

Hi to all,

Great news, the System Center Monitoring Pack is available for System Center Configuration Manager 2012 SP1 !

Overview:

This monitoring pack will allow you to monitor the health of Microsoft System Center 2012 – Configuration Manager by monitoring general health; data replication between Configuration Manager sites; server and service availability; SQL Server configurations; Backup and recovery; backlog monitoring; software update synchronization; and other server role configuration.
 
Feature Summary:
 This release of monitoring pack delivers improved capabilities for Configuration Manager monitoring, including the following:

 •Monitoring the availability status of all server roles
 •Monitoring the health status of key services
 •Monitoring SQL replication health status
 •Collecting and monitoring performance counters from Configuration Manager servers
 •A topology diagram of the Configuration Manager site hierarchy
 •Reports showing the availability status and performance of Configuration Manager servers
 •Monitoring the status of Configuration Manager alerts

Click HERE for download

How to install SCCM2012 with https, certificate PKI and how to install, configure and manage Mac OS Client with SCCM2012 ! (Mac OS X 10.6 (Snow Leopard) and Mac OS X 10.7 (Lion)

Hi to all,

 

 

It's with a great pleasure that i explain you how to install SCCM2012 with https, certificate PKI and how to install, configure and manage Mac OS Client with SCCM2012 ! (Mac OS X 10.6 (Snow Leopard)  and Mac OS X 10.7 (Lion)

In my example, i have

1 Active Directory server

1 Certificate server 2008 R2 enterprise or Windows 2012 Server HERE (not detailed in this post)

1 SCCM 2012 with SP1 Server not installed for the moment

1 Mac Book Pro with Mac OS X 10.7 (Lion)

Note : The following operating systems are supported for the Configuration Manager client for Mac computers:

  • Mac OS X 10.6 (Snow Leopard)
  • Mac OS X 10.7 (Lion)

---------------------------------------------------------------------------------------------------------------------------------


For STARTING prepare your certificate environment (with Windows 2008 R2 certificate server) for SCCM 2012 in https mode , it's under, let's GO!

1

Deploying the Web Server Certificate for Site Systems that Run IIS

Connect on your certificate server and follow the steps under


This certificate deployment has the following procedures:

  • Creating and Issuing the Web Server Certificate Template on the Certification Authority
  • Requesting the Web Server Certificate
  • Configuring IIS to Use the Web Server Certificate

This procedure creates a certificate template for Configuration Manager site systems and adds it to the certification authority.

  1. Create a security group named ConfigMgr IIS Servers that contains the member servers to install System Center 2012 Configuration Manager site systems that will run IIS.

  2. On the member server that has Certificate Services installed, in the Certification Authority console, right-click Certificate Templates and click Manage to load the Certificate Templates console.

  3. In the results pane, right-click the entry that displays Web Server in the column Template Display Name, and then click Duplicate Template.

  4. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

    ImportantImportant
    Do not select Windows 2008 Server, Enterprise Edition.
  5. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the web certificates that will be used on Configuration Manager site systems, such as ConfigMgr Web Server Certificate.

  6. Click the Subject Name tab, and make sure that Supply in the request is selected.

  7. Click the Security tab, and remove the Enroll permission from the security groups Domain Admins and Enterprise Admins.

  8. Click Add, enter ConfigMgr IIS Servers in the text box, and then click OK.

  9. Select the Enroll permission for this group, and do not clear the Read permission.

  10. Click OK, and close the Certificate Templates Console.

  11. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

  12. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Web Server Certificate, and then click OK.

  13. If you do not need to create and issue any more certificate, close Certification Authority.

2

Requesting the Web Server Certificate


Connect on your sccm 2012 server and follow the steps under


This procedure allows you to specify the intranet and Internet FQDN values that will be configured in the site system server properties, and then installs the web server certificate on to the member server that runs IIS.

  1. Restart the member server that runs IIS, to ensure that the computer can access the certificate template that you created, by using the Read and Enroll permissions that you configured.

  2. Click Start, click Run, and type mmc.exe. In the empty console, click File, and then click Add/Remove Snap-in.

  3. In the Add or Remove Snap-ins dialog box, select Certificates from the list of Available snap-ins, and then click Add.

  4. In the Certificate snap-in dialog box, select Computer account, and then click Next.

  5. In the Select Computer dialog box, ensure Local computer: (the computer this console is running on) is selected, and then click Finish.

  6. In the Add or Remove Snap-ins dialog box, click OK.

  7. In the console, expand Certificates (Local Computer), and then click Personal.

  8. Right-click Certificates, click All Tasks, and then click Request New Certificate.

  9. On the Before You Begin page, click Next.

  10. If you see the Select Certificate Enrollment Policy page, click Next.

  11. On the Request Certificates page, identify the ConfigMgr Web Server Certificate from the list of displayed certificates, and then click More information is required to enroll for this certificate. Click here to configure settings.

  12. In the Certificate Properties dialog box, in the Subject tab, do not make any changes to the Subject name. This means that the Value box for the Subject name section remains blank. Instead, from the Alternative name section, click the Type drop-down list, and then select DNS.

  13. In the Value box, specify the FQDN values that you will specify in the Configuration Manager site system properties, and then click OK to close the Certificate Properties dialog box.

    Examples:

    • If the site system will only accept client connections from the intranet, and the intranet FQDN of the site system server is server1.internal.contoso.com: Type server1.internal.contoso.com, and then click Add.
    • If the site system will accept client connections from the intranet and the Internet, and the intranet FQDN of the site system server is server1.internal.contoso.com and the Internet FQDN of the site system server is server.contoso.com:

      1. Type server1.internal.contoso.com, and then click Add.
      2. Type server.contoso.com, and then click Add.
      noteNote
      It does not matter in which order you specify the FQDNs for Configuration Manager. However, check that all devices that will use the certificate, such as mobile devices and proxy web servers, can use a certificate SAN and multiple values in the SAN. If devices have limited support for SAN values in certificates, you might have to change the order of the FQDNs or use the Subject value instead.
  14. On the Request Certificates page, select ConfigMgr Web Server Certificate from the list of displayed certificates, and then click Enroll.

  15. On the Certificates Installation Results page, wait until the certificate is installed, and then click Finish.

  16. Close Certificates (Local Computer).

3

Configuring IIS to Use the Web Server Certificate


Connect on your sccm 2012 server and follow the steps under


This procedure binds the installed certificate to the IIS Default Web Site.

  1. On the member server that has IIS installed, click Start, click Programs, click Administrative Tools, and then click Internet Information Services (IIS) Manager.

  2. Expand Sites, right-click Default Web Site, and then select Edit Bindings.

  3. Click the https entry, and then click Edit.

  4. In the Edit Site Binding dialog box, select the certificate that you requested by using the ConfigMgr Web Server Certificates template, and then click OK.

    noteNote
    If you are not sure which is the correct certificate, select one, and then click View. This allows you to compare the selected certificate details with the certificates that are displayed with the Certificates snap-in. For example, the Certificates snap-in displays the certificate template that was used to request the certificate. You can then compare the certificate thumbprint of the certificate that was requested with the ConfigMgr Web Server Certificates template with the certificate thumbprint of the certificate currently selected in the Edit Site Binding dialog box.
  5. Click OK in the Edit Site Binding dialog box, and then click Close.

  6. Close Internet Information Services (IIS) Manager.

The member server is now provisioned with a Configuration Manager web server certificate.

ImportantImportant
When you install the Configuration Manager site system server on this computer, make sure that you specify the same FQDNs in the site system properties as you specified when you requested the certificate.

A this step, it's necessary to install SCCM 2012 and select https mode when you launch the installation.

-------------------------------------------------------------------------------------------------------------------------

4

Deploying the Client Certificate for Windows Computers

Connect on your certificate server and follow the steps under


This certificate deployment has the following procedures:

  • Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority
  • Configuring Autoenrollment of the Workstation Authentication Template by Using Group Policy
  • Automatically Enrolling the Workstation Authentication Certificate and Verifying Its Installation on Computers

This procedure creates a certificate template for System Center 2012 Configuration Manager client computers and adds it to the certification authority.

  1. On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console.

  2. In the results pane, right-click the entry that displays Workstation Authentication in the column Template Display Name, and then click Duplicate Template.

  3. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

    ImportantImportant
    Do not select Windows 2008 Server, Enterprise Edition.
  4. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the client certificates that will be used on Configuration Manager client computers, such as ConfigMgr Client Certificate.

  5. Click the Security tab, select the Domain Computers group, and select the additional permissions of Read and Autoenroll. Do not clear Enroll.

  6. Click OK and close Certificate Templates Console.

  7. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

  8. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Client Certificate, and then click OK.

  9. If you do not need to create and issue any more certificate, close Certification Authority.

5

Configuring Autoenrollment of the Workstation Authentication Template by Using Group Policy


Connect on your Active Directory server and follow the steps under


This procedure configures Group Policy to autoenroll the client certificate on computers.

  1. On the domain controller, click Start, click Administrative Tools, and then click Group Policy Management.

  2. Navigate to your domain, right-click the domain, and then select Create a GPO in this domain, and Link it here.

    noteNote
    This step uses the best practice of creating a new Group Policy for custom settings rather than editing the Default Domain Policy that is installed with Active Directory Domain Services. By assigning this Group Policy at the domain level, you will apply it to all computers in the domain. However, on a production environment, you can restrict the autoenrollment so that it enrolls on only selected computers by assigning the Group Policy at an organizational unit level, or you can filter the domain Group Policy with a security group so that it applies only to the computers in the group. If you restrict autoenrollment, remember to include the server that is configured as the management point.
  3. In the New GPO dialog box, enter a name for the new Group Policy, such as Autoenroll Certificates, and click OK.

  4. In the results pane, on the Linked Group Policy Objects tab, right-click the new Group Policy, and then click Edit.

  5. In the Group Policy Management Editor, expand Policies under Computer Configuration, and then navigate to Windows Settings / Security Settings / Public Key Policies.

  6. Right-click the object type named Certificate Services Client – Auto-enrollment, and then click Properties.

  7. From the Configuration Model drop-down list, select Enabled, select Renew expired certificates, update pending certificates, and remove revoked certificates, select Update certificates that use certificate templates, and then click OK.

  8. Close Group Policy Management.

6

Connect on your Workstation and follow the steps under

Automatically Enrolling the Workstation Authentication Certificate and Verifying Its Installation on Computers


This procedure installs the client certificate on computers and verifies the installation.

  1. Restart the workstation computer, and wait a few minutes before logging on.

    noteNote
    Restarting a computer is the most reliable method of ensuring success with certificate autoenrollment.
  2. Log on with an account that has administrative privileges.

  3. In the search box, type mmc.exe., and then press Enter.

  4. In the empty management console, click File, and then click Add/Remove Snap-in.

  5. In the Add or Remove Snap-ins dialog box, select Certificates from the list of Available snap-ins, and then click Add.

  6. In the Certificate snap-in dialog box, select Computer account, and then click Next.

  7. In the Select Computer dialog box, ensure that Local computer: (the computer this console is running on) is selected, and then click Finish.

  8. In the Add or Remove Snap-ins dialog box, click OK.

  9. In the console, expand Certificates (Local Computer), expand Personal, and then click Certificates.

  10. In the results pane, confirm that a certificate is displayed that has Client Authentication displayed in the Intended Purpose column, and that ConfigMgr Client Certificate is displayed in the Certificate Template column.

  11. Close Certificates (Local Computer).

  12. Repeat steps 1 through 11 for the member server to verify that the server that will be configured as the management point also has a client certificate.

The computer is now provisioned with a Configuration Manager client certificate.

7

Connect on your certificate server and follow the steps under

Deploying the Client Certificate for Distribution Points


noteNote
This certificate can also be used for media images that do not use PXE boot, because the certificate requirements are the same.

This certificate deployment has the following procedures:

  • Creating and Issuing a Custom Workstation Authentication Certificate Template on the Certification Authority
  • Requesting the Custom Workstation Authentication Certificate
  • Exporting the Client Certificate for Distribution Points

This procedure creates a custom certificate template for Configuration Manager distribution points that allows the private key to be exported, and adds the certificate template to the certification authority.

noteNote
This procedure uses a different certificate template from the certificate template that you created for client computers, because although both certificates require client authentication capability, the certificate for distribution points requires that the private key is exported. As a security best practice, do not configure certificate templates to allow the private key to be exported unless this configuration is required. The distribution point requires this configuration because you must import the certificate as a file, rather than select it from the certificate store. By creating a new certificate template for this certificate, you can restrict which computers request a certificate that allows the private key to be exported. In our example deployment, this will be the security group that you previously created for Configuration Manager site system servers that run IIS. On a production network that distributes the IIS site system roles, consider creating a new security group for the servers that run distribution points so that you can restrict the certificate to just these site system servers. You might also consider adding the following modifications for this certificate:
  • Require approval to install the certificate, for additional security.
  • Increase the certificate validity period. Because you must export and import the certificate each time before it expires, increasing the validity period reduces how often you must repeat this procedure. However, when you increase the validity period, it decreases the security of the certificate because it provides more time for an attacker to decrypt the private key and steal the certificate.
  • Use a custom value in the certificate Subject field or Subject Alternative Name (SAN) to help identify this certificate from standard client certificates. This can be particularly helpful if you will use the same certificate for multiple distribution points.

To create and issue the custom Workstation Authentication certificate template on the certification authority

  1. On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console.

  2. In the results pane, right-click the entry that displays Workstation Authentication in the column Template Display Name, and then click Duplicate Template.

  3. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

    ImportantImportant
    Do not select Windows 2008 Server, Enterprise Edition.
  4. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the client authentication certificate for distribution points, such as ConfigMgr Client Distribution Point Certificate.

  5. Click the Request Handling tab, and select Allow private key to be exported.

  6. Click the Security tab, and remove the Enroll permission from the Enterprise Admins security group.

  7. Click Add, enter ConfigMgr IIS Servers in the text box, and then click OK.

  8. Select the Enroll permission for this group, and do not clear the Read permission.

  9. Click OK and close Certificate Templates Console.

  10. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

  11. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Client Distribution Point Certificate, and then click OK.

  12. If you do not have to create and issue any more certificates, close Certification Authority.

8

Connect on your Sccm 2012 server and follow the steps under

Requesting the Custom Workstation Authentication Certificate

This procedure requests and then installs the custom client certificate on to the member server that runs IIS and that will be configured as a distribution point.

  1. Click Start, click Run, and type mmc.exe. In the empty console, click File, and then click Add/Remove Snap-in.

  2. In the Add or Remove Snap-ins dialog box, select Certificates from the list of Available snap-ins, and then click Add.

  3. In the Certificate snap-in dialog box, select Computer account, and then click Next.

  4. In the Select Computer dialog box, ensure Local computer: (the computer this console is running on) is selected, and then click Finish.

  5. In the Add or Remove Snap-ins dialog box, click OK.

  6. In the console, expand Certificates (Local Computer), and then click Personal.

  7. Right-click Certificates, click All Tasks, and then click Request New Certificate.

  8. On the Before You Begin page, click Next.

  9. If you see the Select Certificate Enrollment Policy page, click Next.

  10. On the Request Certificates page, select the ConfigMgr Client Distribution Point Certificate from the list of displayed certificates, and then click Enroll.

  11. On the Certificates Installation Results page, wait until the certificate is installed, and then click Finish.

  12. In the results pane, confirm that a certificate is displayed that has Client Authentication displayed in the Intended Purpose column, and that ConfigMgr Client Distribution Point Certificate is displayed in the Certificate Template column.

  13. Do not close Certificates (Local Computer).

9

Connect on your certificate server and follow the steps under

Exporting the Client Certificate for Distribution Points


This procedure exports the custom Workstation Authentication certificate to a file, so that it can be imported in the distribution point properties.

  1. In the Certificates (Local Computer) console, right-click the certificate that you have just installed, select All Tasks, and then click Export.

  2. In the Certificates Export Wizard, click Next.

  3. On the Export Private Key page, select Yes, export the private key, and then click Next.

    noteNote
    If this option is not available, the certificate has been created without the option to export the private key. In this scenario, you cannot export the certificate in the required format. You must reconfigure the certificate template to allow the private key to be exported, and then request the certificate again.
  4. On the Export File Format page, ensure that the option Personal Information Exchange - PKCS #12 (.PFX) is selected.

  5. On the Password page, specify a strong password to protect the exported certificate with its private key, and then click Next.

  6. On the File to Export page, specify the name of the file that you want to export, and then click Next.

  7. To close the wizard, click Finish in the Certificate Export Wizard page, and click OK in the confirmation dialog box.

  8. Close Certificates (Local Computer).

  9. Store the file securely and ensure that you can access it from the Configuration Manager console.

The certificate is now ready to be imported when you configure the distribution point.

TipTip
You can use the same certificate file when you configure media images for an operating system deployment that does not use PXE boot, and the task sequence to install the image must contact a management point that requires HTTPS client connections.

 

10

Connect on your certificate server and follow the steps under

Deploying the Client Certificate for Mac Computers


noteNote
The client certificate for Mac computers applies to Configuration Manager SP1 only.

This certificate deployment has a single procedure to create and issue the enrollment certificate template on the certification authority.

This procedure creates a custom certificate template for Configuration Manager Mac computers and adds the certificate template to the certification authority.

noteNote
This procedure uses a different certificate template from the certificate template that you might have created for Windows client computers or for distribution points. By creating a new certificate template for this certificate, you can restrict the certificate request to authorized users.
  1. Create a security group that contains user accounts for administrative users who will enroll the certificate on the Mac computer by using Configuration Manager. Make sure that this group does not contain user accounts for users who can enroll mobile devices in Configuration Manager.

  2. On the member server that is running the Certification Authority console, right-click Certificate Templates, and then click Manage to load the Certificate Templates management console.

  3. In the results pane, right-click the entry that displays Authenticated Session in the column Template Display Name, and then click Duplicate Template.

  4. In the Duplicate Template dialog box, ensure that Windows 2003 Server, Enterprise Edition is selected, and then click OK.

    ImportantImportant
    Do not select Windows 2008 Server, Enterprise Edition.
  5. In the Properties of New Template dialog box, on the General tab, enter a template name to generate the Mac client certificate, such as ConfigMgr Mac Client Certificate.

  6. Click the Subject Name tab, make sure that Build from this Active Directory information is selected, select Common name for the Subject name format: and clear User principal name (UPN) from Include this information in alternate subject name.

  7. Click the Security tab, and remove the Enroll permission from the Domain Admins and Enterprise Admins security groups.

  8. Click Add, specify the security group that you created in step one, and then click OK.

  9. Select the Enroll permission for this group, and do not clear the Read permission.

  10. Click OK and close Certificate Templates Console.

  11. In the Certification Authority console, right-click Certificate Templates, click New, and then click Certificate Template to Issue.

  12. In the Enable Certificate Templates dialog box, select the new template that you have just created, ConfigMgr Mac Client Certificate, and then click OK.

  13. If you do not have to create and issue any more certificates, close Certification Authority.

The Mac client certificate template is now ready to be selected when you configure client settings for enrollment.

11

Steps to Install and Configure the Client for Mac Computers

Connect on your SCCM 2012 server and follow the steps under

To configure management points and distribution points to support Mac computers


  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration, select Servers and Site System Roles, and then select the server that holds the site system roles to configure.

  3. In the details pane, right-click Management point, click Role Properties, and in the Management Point Properties dialog box, configure the following options, and then click OK:

    1. Select HTTPS.
    2. Select Allow Internet-only client connections or Allow intranet and Internet client connections. These options require that an Internet FQDN is specified in the site system properties.
    3. Select Allow mobile devices and Mac computers to use this management point.
  4. In the details pane, right-click Distribution point, click Role Properties, and in the Distribution Point Properties dialog box, configure the following options, and then click OK:

    • Select HTTPS.
    • Select Allow Internet-only client connections or Allow intranet and Internet client connections. These options require that an Internet FQDN is specified in the site system properties.
    • Click Import certificate, browse to the exported client distribution point certificate file, and then specify the password.
  5. Repeat steps 2 through 4 in this procedure for all management points and distribution points in primary sites that you will use with Mac computers.

 

12

Connect on your SCCM 2012 server and follow the steps under

To install and configure the enrollment site systems: New site system server


  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, expand Site Configuration, and click Servers and Site System Roles

  3. On the Home tab, in the Create group, click Create Site System Server.

  4. On the General page, specify the general settings for the site system, and then click Next.

    ImportantImportant
    Make sure that you specify the Internet FQDN, even if it is the same value as the intranet FQDN. Mac computers always connect to the Internet FQDN, even when they are on the intranet.
  5. On the System Role Selection page, select Enrollment proxy point and Enrollment point from the list of available roles, and then click Next.

  6. On the Enrollment Proxy Point page, review the settings and make any changes that you require, and then click Next.

  7. On the Enrollment Point Settings page, review the settings and make any changes that you require, and then click Next.

  8. Complete the wizard.



13

Connect on your SCCM2012 and follow the steps under

To configure the default client settings for Configuration Manager to enroll certificates for Mac computers


  1. In the Configuration Manager console, click Administration.

  2. In the Administration workspace, click Client Settings.

  3. Click Default Client Settings.

    ImportantImportant
    You cannot use a custom client setting for the enrollment configuration; you must use the default client settings.
  4. On the Home tab, in the Properties group, click Properties.

  5. Select the Enrollment section, and then configure the following user settings:

    1. Allow users to enroll mobile devices and Mac computers:Yes
    2. Enrollment profile: Click Set Profile.
  6. In the Mobile Device Enrollment Profile dialog box, click Create.

  7. In the Create Enrollment Profile dialog box, enter a name for this enrollment profile, and then configure the Management site code. Select the Configuration Manager SP1 primary site that contains the management points that will manage the Mac computers.

    noteNote
    If you cannot select the site, check that at least one management point in the site is configured to support mobile devices.
  8. Click Add.

  9. In the Add Certification Authority for Mobile Devices dialog box, select the certification authority (CA) server that will issue certificates to Mac computers, and then click OK.

  10. In the Create Enrollment Profile dialog box, select the Mac computer certificate template that you created in Step 3, and then click OK.

  11. Click OK to close the Enrollment Profile dialog box, and then click OK to close the Default Client Settings dialog box.

    TipTip
    If you want to change the client policy interval, use the Client policy polling interval client setting in the Client Policy client setting group.

All users will be configured with these settings when they next download client policy. To initiate policy retrieval for a single client, see the Initiate Policy Retrieval for a Configuration Manager Client section in the How to Manage Clients in Configuration Manager topic.

In addition to the enrollment client settings, ensure that you have configured the following Configuration Manager client device settings:

noteNote
For more information about Configuration Manager client settings, see How to Configure Client Settings in Configuration Manager.

14

Connect on your SCCM 2012 and follow the steps under

Click HERE for download mac sccm client file

Launch install and click Next

Click on I Agree and click Next

Click Next

Click Next

Click Close

Now, the Mac client file appear

15

Connect on your Mac os computer and follow the steps under

Transfert the file on your Mac and decompress the *.dmg file

You have all files for install the client on your Mac

You can can verify your access to your certificate server in typing the URL (https://server.domain.xxx)

Launch the console on your mac and type this command under:

sudo ./ccmsetup

16

Connect on your Mac os computer and follow the steps under

Install the client and then enroll the client certificate on the Mac computer.

type this command under:

sudo ./CMEnroll -s <enrollment_proxy_server_name> -ignorecertchainvalidation -u <'user name'> [-p <password>]

The SCCM client is now installed, it's necessary to reboot your mac and you have after the Configuration Manager icon appear

For test the connectivity, click on Connect now

If the connection is good, you can see that the SCCM client is connected!

And after the first synchronisation, you can see the Mac computer object in the All Systems collection

You can see the inventory in ressource explorer

Enjoy!

Reminder | SQL 2012 Collation for System Center Configuration Manager 2012 (SCCM2012)

Hi to all,

Just a reminder for indicate what the good sql 2012 collation parameter for SCCM 2012 DB prerequisite :

SQL_Latin1_General_CP1_CI_AS

Source

More Posts Next page »