Share via


What's New in System Center 2012 Configuration Manager

 

Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager

Use the following sections to review information about significant changes in System Center 2012 Configuration Manager since Configuration Manager 2007:

  • Site Installation and the Configuration Manager Console

  • Sites and Hierarchies

  • Client Deployment and Operations

  • Software Deployment and Content Management

  • Monitoring and Reporting

In addition, the following features either have not changed or have minor changes:

  • Wake on LAN

  • Windows Embedded devices

Site Installation and the Configuration Manager Console

The following sections contain information about changes in Configuration Manager since Configuration Manager 2007 that relate to how you install System Center 2012 Configuration Manager and changes to the Configuration Manager console.

Site Installation

The following options in Setup for site installation are new or have changed since Configuration Manager 2007.

  • Central Administration Site

    The top-level Configuration Manager 2007 site in a multi-primary site hierarchy was known as a central site. In System Center 2012 Configuration Manager the central site is replaced by the central administration site. The central administration site is not a primary site at the top of the hierarchy, but rather a site that is used for reporting and to facilitate communication between primary sites in the hierarchy. A central administration site supports a limited selection of site system roles and does not directly support clients or process client data.

  • Installation of Site System Roles

    The following site roles can be installed and configured during Setup:

    • Management point

    • Distribution point

    The site system roles are installed locally on the site server. After installation, you can add a distribution point on another server. The management point for the secondary site is a supported role only on the site server.

  • No Secondary Site Installation Option

    Secondary sites can only be installed from the System Center 2012 Configuration Manager console. For more information about installing a secondary site, see the Install a Secondary Site section in the topic.

  • Optional Configuration Manager Console Installation

    You can choose to install the Configuration Manager console during Setup or install the console after Setup by using the Configuration Manager console Windows Installer package (consolesetup.exe).

  • Server and client language selections

    You are no longer required to install your site servers by using source files for a specific language or install International Client Packs when you want to support different languages on the client. From Setup, you can choose the server and client languages that are supported in your Configuration Manager hierarchy. Configuration Manager uses the display language of the server or client computer when you have configured support for the language. English is the default language used when Configuration Manager does not support the display language of the server or client computer.

    Warning

    You cannot select specific languages for mobile device clients. Instead, you must enable all available client languages or use English only.

  • Unattended installation script is automatically created

    Setup automatically creates the unattended installation script when you confirm the settings on the Summary page of the wizard. The unattended installation script contains the settings that you choose in the wizard. You can modify the script to install other sites in your hierarchy. Setup creates the script in %TEMP%\ConfigMgrAutoSave.ini.

  • Database Replication

    When you have more than one System Center 2012 Configuration Manager site in your hierarchy, Configuration Manager uses database replication to transfer data and merge changes made to a site’s database with the information stored in the database at other sites in the hierarchy. This enables all sites to share the same information. When you have a primary site without any other sites, database replication is not used. Database replication is enabled when you install a primary site that reports to a central administration site or when you connect a secondary site to a primary site.

  • Setup Downloader

    Setup Downloader (SetupDL.exe) is a stand-alone application that downloads the files required by Setup. You can run Setup Downloader or Setup can run it during site installation. You can see the progress of files being downloaded and verified, and only the required files are downloaded (missing files and files that have been updated). For more information about Setup Downloader, see the Setup Downloader section in this topic.

  • Prerequisite Checker

    The Prerequisite Checker (prereqchk.exe) is a standalone application that verifies server readiness for a specific site system role. In addition to the site server, site database server, and provider computer, the Prerequisite Checker now checks management point and distribution point site systems. You can run Prerequisite Checker manually or Setup runs it automatically as part of site installation. For more information about the Prerequisite Checker, see the Prerequisite Checker section in this topic.

  • The Configuration Manager 2007 log viewer tool, Trace32, is now replaced with CMTrace.

For more information, see the Install Sites and Create a Hierarchy for Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

The Configuration Manager Console

There is a new console for System Center 2012 Configuration Manager, which provides the following benefits:

  • Logical grouping of operations into the following workspaces: Assets and Compliance, Software Library, Monitoring, and Administration. To change the default order of the workspaces and which ones are displayed, click the down arrow on the navigation pane above the status bar, and then select one of the options: Show More Buttons, Show Fewer Buttons, or Navigation Pane Options.

  • A ribbon to help you more efficiently use the console.

  • An administrative user sees only the objects that she is allowed to see, as defined by role-based administration.

  • Search capabilities throughout the console, to help you find your data more quickly.

  • Browse and verify capability for many accounts that you configure in the console, which helps to eliminate misconfiguration and can be useful for troubleshooting scenarios. For example, this design applies to the Client Push Installation Account and the Network Access Account.  

  • Use of temporary nodes in the navigation pane that are automatically created and selected as a result of actions that you take and that do not display after you close the console. Examples of temporary nodes include the following:

    • In the Assets and Compliance workspace, click the Device Collections node, and then select the All Systems collection. In the Collection group, click Show Members and the temporary node named All Systems is created and automatically selected in the navigation pane.

    • In the Monitoring workspace, click Client Status, and in the Statistics section, browse to the All Systems collection, and then click Active clients that passed client check or no results. The temporary node named Active clients that passed client check or no results from “All Systems” is created and automatically selected in the Assets and Compliance workspace.

Sites and Hierarchies

The following sections contain information about changes from Configuration Manager 2007 that relate to sites and hierarchies in System Center 2012 Configuration Manager.

Note

The Active Directory schema extensions for System Center 2012 Configuration Manager are unchanged from those used by Configuration Manager 2007. If you extended the schema for Configuration Manager 2007, you do not need to extend the schema again for System Center 2012 Configuration Manager.

Site Types

System Center 2012 Configuration Manager introduces the central administration site and some changes to primary and secondary sites. The following tables summaries these sites and how they compare to sites in Configuration Manager 2007.

Site

Purpose

Change from Configuration Manager 2007

Central administration site

The central administration site coordinates intersite data replication across the hierarchy by using Configuration Manager database replication. It also enables the administration of hierarchy-wide configurations for client agents, discovery, and other operations.

Use this site for all administration and reporting for the hierarchy.

Although this is the site at the top of the hierarchy in System Center 2012 Configuration Manager, it has the following differences from a central site in Configuration Manager 2007:

  • Does not process data submitted by clients, except for the Heartbeat Discovery discovery data record.

  • Does not accept client assignments.

  • Does not support all site system roles.

  • Participates in database replication

Primary site

Manages clients in well-connected networks.

Primary sites in System Center 2012 Configuration Manager have the following differences from primary sites in Configuration Manager 2007:

  • Additional primary sites allow the hierarchy to support more clients.

  • Cannot be tiered below other primary sites.

  • No longer used as a boundary for client agent settings or security.

  • Participates in database replication.

Secondary site

Controls content distribution for clients in remote locations across links that have limited network bandwidth.

Secondary sites in System Center 2012 Configuration Manager have the following differences from secondary sites in Configuration Manager 2007:

  • SQL Server is required and SQL Server Express will be installed during site installation if required.

  • A management point and distribution point are automatically deployed during the site installation.

  • Secondary sites can send content distribution to other secondary sites.

  • Participates in database replication.

For more information, see the Planning for Sites and Hierarchies in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Site Communication

The following items are new or have changed for site communication since Configuration Manager 2007:

  • Site-to-site communication now uses database replication in addition to file-based replication for many site-to-site data transfers, including configurations and settings.

  • The Configuration Manager 2007 concept of mixed-mode or native-mode sites to define how clients communicate to site systems in the site has been replaced by site system roles that can independently support HTTP or HTTPS client communications.

  • To help support client computers in other forests, Configuration Manager can discover computers in these forests and publish site information to these forests.

  • The server locator point is no longer used, and the functionality of this site system role is moved to the management point.

    Note

    Although the Active Directory schema extensions still include the server locator point, this object is not used by Microsoft System Center 2012 Configuration Manager.

  • Internet-based client management now supports the following:

    • User policies when the Internet-based management point can authenticate the user by using Windows authentication (Kerberos or NTLM).

    • Simple task sequences, such as scripts. Operating system deployment on the Internet remains unsupported.

    • Internet-based clients on the Internet first try to download any required software updates from Microsoft Update, rather than from an Internet-based distribution point in their assigned site. Only if this fails, will they then try to download the required software updates from an Internet-based distribution point.

For more information, see the Planning for Communications in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Site Modes

Sites are no longer configured for mixed mode or native mode. Instead, you secure client communication endpoints by configuring individual site system roles to support client connections over HTTPS or HTTP. Site system roles in the same site can have different settings, for example, some management points are configured for HTTPS and some are configured for HTTP. Most client connections over HTTPS use mutual authentication so you must make sure that clients have a PKI certificate that has client authentication capability to support this configuration. Mobile devices and client connections over the Internet must use HTTPS.

Active Directory Domain Services and DNS remains the preferred method for clients to find management points. However, you can still use WINS as an alternative service location method and Configuration Manager now supports an entry for HTTPS management points (record type of [19]) in addition to the entry for HTTP (record type of [1A].

For sites that use HTTPS client connections, you do not have to specify a PKI certificate for document signing (the site server signing certificate in Configuration Manager 2007) because System Center 2012 Configuration Manager automatically creates this certificate (self-signed). However, most of the PKI certificate requirements from Configuration Manager 2007 remain the same when you configure site system roles to use HTTPS client communication, except that many certificates now support SHA-2 in addition to SHA-1. For more information about the certificates, see Security: Certificates and Cryptographic Controls in this topic.

Language Pack Support

The following items are new or have changed for language support since Configuration Manager 2007:

  • You no longer install site servers by using source files designed for a specific language. Additionally, you no longer install International Client Packs to support different languages on the client. Instead, you can choose to install only the server and client languages that you want to support.

    • Available client and server language packs are included with the Configuration Manager installation media in the LanguagePack folder, and updates are available by download with the prerequisite files.

    • You can add client and server language packs to a site when you install the site, and can modify the language packs in use after the site installs.

  • You can install multiple languages at each site, and only need to install those you use:

    • Each site supports multiple languages for use with Configuration Manager consoles.

    • At each site you can install individual client language packs, adding support for only the client languages you want to support.

  • When you install support for a language that matches the display language of a computer, Configuration Manager consoles and the client user interface that run on that computer display information in that language.

  • When you install support for a language that matches the language preference that is in use by the web browser of a computer, connections to web-based information including the Application Catalog or SQL Server Reporting Services reports display in that language.

Site System Roles

The following site systems roles are removed:

  • The reporting point. All reports are generated by the reporting services point.

  • The PXE service point. This functionality is moved to the distribution point.

  • The server locator point. This functionality is moved to the management point.

  • The branch distribution point. Distribution points can be installed on servers or workstations that are in an Active Directory domain. The functionality of the branch distribution point is now a BranchCache setting for an application deployment type and the package deployment.

In addition, network load balanced (NLB) management points are no longer supported and this configuration is removed from the management point component properties. Instead, this functionality is automatically provided when you install more than one management point in the site.

The following site system roles are new:

  • The Application Catalog website point and the Application Catalog web services point. These site system roles require IIS and support the new client application, Software Center.

  • The enrollment proxy point, which manages enrollment requests from mobile devices, and the enrollment point, which completes mobile device enrollment and provisions AMT-based computers. These site system roles require IIS.

There is no longer a default management point at primary sites. Instead you can install multiple management points and the client will automatically select one, based on network location and capability (HTTPS or HTTP). This behavior supports a higher number of clients in a single site and provides redundancy, which was previously obtained by using a network load balancing (NLB) cluster. When the site contains some management points that support HTTPS client connections and some management points that support HTTP client connections, the client will connect to a management point that is configured for HTTPS when the client has a valid PKI certificate.

You can also have more than one Internet-based management point in a primary site, although you can specify only one when you configure clients for Internet-based client management. When Internet-based clients communicate with the specified Internet-based management point, they will be given a list of all the Internet-based management points in the site and then select one.

At a secondary site, the management point is no longer referred to as proxy management point, and must be co-located on the secondary site server.

Boundaries and Boundary Groups

The following items are new or have changed for boundaries since Configuration Manager 2007:

  • Boundaries are no longer site specific, but defined once for the hierarchy, and they are available at all sites in the hierarchy.

  • Each boundary must be a member of a boundary group before a device on that boundary can identify an assigned site, or a content server such as a distribution point.

  • You no longer configure the network connection speed of each boundary. Instead, in a boundary group you specify the network connection speed for each site system server associated to the boundary group as a content location server.

For more information, see the Planning for Boundaries and Boundary Groups in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Fallback Site for Client Assignment

In Configuration Manager 2007, automatic site assignment would fail if the client was not in a specified boundary. New in System Center 2012 Configuration Manager, if you specify a fallback site (an optional setting for the hierarchy) and the client is not in a boundary group, automatic site assignment succeeds and the client is assigned to the specified fallback site.

For more information, see the How to Assign Clients to a Site in Configuration Manager topic in the Deploying Clients for System Center 2012 Configuration Manager guide.

Discovery

The following items are new or have changed for Discovery since Configuration Manager 2007:

  • Each data discovery record is processed and entered into the database one time only, at a primary site or central administration site, and then the data discovery record is deleted without additional processing.

  • Discovery information entered into the database at one site is shared to each site in the hierarchy by using Configuration Manager database replication.

  • Active Directory Forest Discovery is a new discovery method that can discover subnets and Active Directory sites, and can add them as boundaries for your hierarchy.

  • Active Directory System Group Discovery has been removed.

  • Active Directory Security Group Discovery is renamed to Active Directory Group Discovery and discovers the group memberships of resources.

  • Active Directory System Discovery and Active Directory Group Discovery support options to filter out stale computer records from discovery.

  • Active Directory System, User, and Group Discovery support Active Directory Delta Discovery. Delta Discovery is improved from Configuration Manager 2007 R3 and can now detect when computers or users are added or removed from a group.

For more information, see the Planning for Discovery in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Client Agent Settings is Now Client Settings

In Configuration Manager 2007, client agent settings are configured on a per-site basis and you cannot configure these settings for the whole hierarchy. In System Center 2012 Configuration Manager, client agent settings and other client settings are grouped into centrally configurable client settings objects that are applied at the hierarchy. To view and configure these, modify the default client settings. If you need additional flexibility for groups of users or computers, configure custom client settings and assign them to collections. For example, you can configure remote control to be available only on specified computers.

For more information, see the Planning for Client Settings in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Security: Role-Based Administration

In Configuration Manager 2007, administrative access to site resources is controlled by using class and instance security settings that are verified by the SMS Provider computer to allow access to site information and configuration settings. System Center 2012 Configuration Manager introduces role-based administration to centrally define and manage hierarchy-wide security access settings for all sites and site settings.

Instead of using individual class rights, role-based administration uses security roles to group typical administrative tasks that are assigned to multiple administrative users. Security scopes replace individual instance rights per object to group the permissions that are applied to site objects.

The combination of security roles, security scopes, and collections allow you to segregate the administrative assignments that meet your organization requirements and this combination defines what an administrative user can view and manage in the Configuration Manager hierarchy.

Role-based administration provides the following benefits:

  • Sites are no longer administrative boundaries.

  • You create administrative users for the hierarchy and assign security to them one time only.

  • You create content for the hierarchy and assign security to that content one time only.

  • All security assignments are replicated and available throughout the hierarchy.

  • There are built-in security roles to assign the typical administration tasks and you can create your own custom security roles.

  • Administrative users see only the objects that they have permissions to manage.

  • You can audit administrative security actions.

The following table illustrates the differences between implementing security permissions in Configuration Manager 2007 and System Center 2012 Configuration Manager:

Scenario

Configuration Manager 2007

System Center 2012 Configuration Manager

Add new administrative user

Perform the following actions from each site in the hierarchy:

  1. Add the Configuration Manager user.

  2. Select the security classes.

  3. For each class selected, select instance permissions.

Perform the following actions one time only from any site in the hierarchy:

  1. Add the Configuration Manager administrative user.

  2. Select the security roles.

  3. Select the security scopes.

  4. Select the collections.

Create and deploy software.

Perform the following actions from each site in the hierarchy:

  1. Edit the package properties and select the security classes

  2. Add each user or group to the instance and then select the instance rights.

  3. Deploy the software.

Perform the following actions one time only from any site in the hierarchy:

  1. Assign a security scope to the software deployment.

  2. Deploy the software.

To configure role-based administration, in the Administration workspace, click Security, and then view or edit the Administrative Users, Security Roles, and Security Scopes.

For more information, see the Planning for Role-Based Administration section in the Planning for Security in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Security: Certificates and Cryptographic Controls

The following items are new or have changed for certificates and cryptographic controls since Configuration Manager 2007:

  • For most Configuration Manager communications that require certificates for authentication, signing, or encryption, Configuration Manager automatically uses PKI certificates if they are available. If they are not available, Configuration Manager generates self-signed certificates.

  • The primary hashing algorithm that Configuration Manager uses for signing is SHA-256. When two Configuration Manager sites communicate with each other, they sign their communications by using SHA-256 and you can require that all clients use SHA-256.

  • Configuration Manager uses two new types of certificates for site systems: a site system server certificate for authentication to other site systems in the same Configuration Manager site, and a site system role certificate.

  • Configuration Manager also uses a client authentication certificate to send status messages from the distribution point to the management point.

  • The site server signing certificate is now self-signed; you cannot use a PKI certificate to sign client policies.

  • You can use a client PKI certificate for authentication to a site system that accepts HTTP client connections.

  • The new certificate issuers list for a site acts like a certificate trust list (CTL) in IIS. It is used by site systems and clients to help ensure that the correct client PKI certificate is used for PKI communication in Configuration Manager. For more information, see the Planning for the PKI Trusted Root Certificates and the Certificate Issuers List section in the Planning for Security in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

For more information about the certificates and the cryptographic controls, see Technical Reference for Cryptographic Controls Used in Configuration Manager in the Site Administration for System Center 2012 Configuration Manager guide.

For more information about the PKI certificate requirements, see PKI Certificate Requirements for Configuration Manager in the Site Administration for System Center 2012 Configuration Manager guide.

In addition, when you deploy operating systems and use PKI certificates, Configuration Manager now supports the following:

  • The client authentication certificate supports the Subject Alternative Name (SAN) certificate field and a blank Subject. If you use Active Directory Certificate Services with an enterprise CA to deploy this certificate, you can use the Workstation certificate template to generate a certificate with a blank Subject and SAN value.

  • Task sequences support the option to disable CRL checking on clients.

When you implement Internet-based client management, user policies are now supported for devices that are on the Internet when the management point can authenticate the user in Active Directory Domain Services. For example, the management point is in the intranet and accepts connections from Internet clients and intranet clients; or the management point is in a perimeter network that trusts the intranet forest where the user account resides. For more information about Internet-based client management, see the Planning for Internet-Based Client Management section in the Planning for Communications in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Backup and Recovery

The following items are new or have changed for backup and recovery since Configuration Manager 2007.

Feature

Description

Recovery integrated with System Center 2012 Configuration Manager Setup

Configuration Manager 2007 used the Site Repair Wizard to recover sites. In System Center 2012 Configuration Manager, recovery is integrated in the Configuration Manager Setup Wizard.

Support for multiple recovery options

You have the following options when running recovery in System Center 2012 Configuration Manager:

Site Server

  • Recover the site server from a backup.

  • Reinstall the site server

Site Database

  • Recover the site database from a backup

  • Create a new site database

  • Use a site database that been manually recovered

  • Skip database recovery

Recovery uses data replication to minimize data loss

System Center 2012 Configuration Manager database replication uses SQL Server to transfer data and merge changes made to a site’s database with the information stored in the database at other sites in the hierarchy. This enables all sites to share the same information.

Recovery in System Center 2012 Configuration Manager leverages database replication to retrieve global data that was created by the failed site before it failed. This process minimizes data loss even when no backup is available.

Recovery using a Setup script

You can initiate an unattended site recovery by configuring an unattended installation script and then using the Setup command /script option.

For more information, see the Planning for Backup and Recovery section in the Planning for Site Operations in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Manage Site Accounts Tool (MSAC)

The Manage Site Accounts (MSAC) command-line tool that was provided with Configuration Manager 2007 is not provided with System Center 2012 Configuration Manager. Do not use MSAC from Configuration Manager 2007 with System Center 2012 Configuration Manager. Instead, configure and manage the accounts by using the Configuration Manager console.

Client Deployment and Operations

The following sections contain information about changes from Configuration Manager 2007 that relate to client deployment and client operations in System Center 2012 Configuration Manager.

Client Deployment

The following items are new or have changed for client deployment since Configuration Manager 2007:

  • Clients are no longer configured for mixed mode or native mode, but instead use HTTPS with public key infrastructure (PKI) certificates or HTTP with self-signed certificates. Clients use HTTPS or HTTP according to the configuration of the site system roles that the clients connect to and whether they have a valid PKI certificate that includes client authentication capability.

    On the Configuration Manager client, in Properties, on the General tab, review the Client certificate value to determine the current client communication method. This value displays PKI certificate when the client communicates with a management point over HTTPS, and Self-signed when the client communicates with a management point over HTTP. Just as the client property value for the Connection type updates, depending on the current network status of the client, so the Client certificate client property value updates, depending on which management point the client communicates with.

  • Because Microsoft System Center 2012 Configuration Manager does not use mixed mode and native mode, the client installation property, /native: [<native mode option>], is no longer used. Instead, use /UsePKICert to use a PKI certificate that has client authentication capability, if it is available, but fall back to an HTTP connection if no certificate is available. If /UsePKICert is not specified, the client does not attempt to communicate by using a PKI certificate, but communicates by using HTTP only. Additionally, use the new command /NoCRLCheck if you do not want a client to check the certificate revocation list (CRL) before it establishes an HTTPS communication.

  • The client.msi property SMSSIGNCERT is still used but requires the exported self-signed certificate of the site server. This certificate is stored in the SMS certificate store and has the Subject name Site Server and the friendly name Site Server Signing Certificate.

  • When you reassign a client from a Microsoft System Center 2012 Configuration Manager hierarchy to another Microsoft System Center 2012 Configuration Manager hierarchy, the client will be able to automatically replace the trusted root key if the new site is published to Active Directory Domain Services and the client can access that information from a Global Catalog server. For this scenario in Configuration Manager 2007, you had to remove the trusted root key, manually replace the trusted root key, or uninstall and reinstall the client.

  • The server locator point is no longer used for site assignment or to locate management points. This functionality is replaced by the management point. The CCMSetup Client.msi property SMSSLP remains supported, but only to specify the computer name of management points.

  • You no longer install International Client Packs when you want to support different languages on the client. Instead, select the client languages that you want during Setup. Then, during the client installation, Configuration Manager automatically installs support for those languages on the client, enabling the display of information in a language that matches the user’s language preferences. If a matching language is not available, the client displays information in the default of English. For more information, see the Planning for Client Language Packs section in the Planning for Sites and Hierarchies in Configuration Manager topic.

  • Decommissioned clients are no longer displayed in the Configuration Manager console and they are automatically removed from the database by the Delete Aged Discovery Data task.

  • The Client.msi property for CCMSetup, SMSDIRECTORYLOOKUP=WINSPROMISCUOUS, is no longer supported. This setting allowed the client to use WINS to find a management point without verifying the management point's self-signed certificate.

  • To support the new 64-bit client, the location of the CCM folder for client-related files (such as the client cache and log files) has changed from %windir%\system32 to %windir%. If you reference the CCM folder for your own script files, update these references for the new folder location for Microsoft System Center 2012 Configuration Manager clients. Microsoft System Center 2012 Configuration Manager does not support the CCM folder on paths that support redirection (such as Program Files and %windir%\system32) on 64-bit operating systems.

  • Automatic, site-wide client push now installs the Configuration Manager on existing computer resources if the client is not installed, and not just newly discovered computer resources.

  • Client push installation initiates and tracks the installation of the client by using the Configuration Manager database and no longer creates individual .CCR files. When you enable client push installation for a site, all discovered resources that are assigned to the site and that do not have a client installed are immediately added to the database and client installation begins.

  • Configuration Manager can automatically upgrade Configuration Manager 2007 and System Center 2012 Configuration Manager clients to the latest System Center 2012 Configuration Manager version when they are below a version that you specify. For more information see the How to Automatically Upgrade the Configuration Manager Client for the Hierarchy section in the topic How to Install Clients on Windows-Based Computers in Configuration Manager.

For more information, see the Introduction to Client Deployment in Configuration Manager topic in the Deploying Clients for System Center 2012 Configuration Manager guide.

Client Assignment

The following items are new or have changed for client assignment since Configuration Manager 2007:

  • For automatic site assignment to succeed with boundary information, the boundary must be configured in a boundary group that is configured for site assignment.

  • In Configuration Manager 2007, automatic site assignment would fail if the client was not in a specified boundary. New in System Center 2012 Configuration Manager, if you specify a fallback site (an optional setting for the hierarchy) and the client’s network location is not in a boundary group, automatic site assignment succeeds, and the client is assigned to the specified fallback site.

  • Clients can now download site settings from the management point after they have assigned to the site if they cannot locate these settings from Active Directory Domain Services.

  • Although clients continue to download policy and upload client data to management points in their assigned site or in a secondary site that is a child site of their assigned site, all clients that are configured for intranet client management can now use any management point in the hierarchy for content location requests. There is no longer a requirement to extend the Active Directory schema to support this capability, and there is no longer a concept of regional and global roaming.

  • DNS publishing no longer requires you to configure a DNS suffix on the client if there is a management point published to DNS in the same domain as the client. In this scenario, automatic site assignment works by default when you publish to DNS at least one management point, even if this management point is in a different Configuration Manager site to the client’s final assigned site.

For more information, see the How to Assign Clients to a Site in Configuration Manager topic in the Deploying Clients for System Center 2012 Configuration Manager guide.

Collections

The following items are new or have changed for collections since Configuration Manager 2007:

Feature

Description

User Collections and Device Collections nodes

You can no longer combine user resources and device resources in the same collection. The Configuration Manager console has two new nodes for user collections and device collections.

Sub collections

Sub collections are no longer used in System Center 2012 Configuration Manager.

In Configuration Manager 2007, sub collections had two main uses:

  • Organize collections in folders. In System Center 2012 Configuration Manager, you can now create a hierarchy of folders in which to store collections.

  • Sub collections were often used in Configuration Manager 2007 for phased software deployments to a larger collection of computers. In System Center 2012 Configuration Manager, you can use include rules to progressively increase the membership of a collection.

For more information, see How to Manage Collections in Configuration Manager.

Include collection rules and exclude collection rules

In System Center 2012 Configuration Manager, you can include or exclude the contents of another collection from a specified collection.

Incremental collection member evaluation

Incremental collection member evaluation periodically scans for new or changed resources from the previous collection evaluation and updates a collections membership with these resources, independently of a full collection evaluation. By default, when you enable incremental collection member updates, it runs every 10 minutes and helps to keep your collection data up-to-date without the overhead of a full collection evaluation.

Migration support

Collections can be migrated from Configuration Manager 2007 collections. For more information, see Planning a Migration Job Strategy in System Center 2012 Configuration Manager.

Role-based administration security scopes

You can use collections to limit access to Configuration Manager objects. For more information, see Planning for Security in Configuration Manager.

Collection resources

In Configuration Manager 2007, collections contained only resources from the site where they were created and from child sites of that site. In System Center 2012 Configuration Manager, collections contain resources from all sites in the hierarchy.

Collection limiting

In System Center 2012 Configuration Manager, all collections must be limited to the membership of another collection. When you create a collection, you must specify a limiting collection. A collection is always a subset of its limiting collection.

For more information, see the Introduction to Collections in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Queries

The following items are new or have changed for queries since Configuration Manager 2007:

  • The option to export the results of a query is not available in this release. As a workaround, you can copy the query results to the Windows clipboard.

For more information about queries, see the Introduction to Queries in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Client Status Reporting is Now Client Status

The following items are new or have changed for client status reporting (now client status) since Configuration Manager 2007:

  • Client status and client activity information is integrated into the Configuration Manager console.

  • Typical client problems that are detected are automatically remediated.

  • The Ping tool from Configuration Manager 2007 R2 client status reporting is not used by System Center 2012 Configuration Manager.

For more information, see the Monitoring the Status of Client Computers in Configuration Manager section in the Introduction to Client Deployment in Configuration Manager topic in the Deploying Clients for System Center 2012 Configuration Manager guide.

Desired Configuration Management is Now Compliance Settings

The following items are new or have changed for desired configuration management (now compliance settings) since Configuration Manager 2007:

  • Configuration Manager 2007 desired configuration management is now called compliance settings in System Center 2012 Configuration Manager.

  • Configuration Manager provides a new built-in security role named Compliance Settings Manager. Administrative users who are members of this role can manage and deploy configuration items and configuration baselines and view compliance results.

  • An administrative user can create registry and file system settings by browsing to an existing file, folder, or registry setting on the local or a remote reference computer.

  • It is now easier to create configuration baselines.

  • You can reuse settings for multiple configuration items.

  • You can remediate noncompliant settings for WMI, the registry, scripts, and all settings for the mobile devices that are enrolled by Configuration Manager.

  • When you deploy a configuration baseline, you can specify a compliance threshold for the deployment. If the compliance is below the specified threshold after a specified date and time, System Center 2012 Configuration Manager generates an alert to notify the administrator.

  • You can use the new monitoring features of System Center 2012 Configuration Manager to monitor compliance settings and to view the most common causes of noncompliance, errors, and the number of users and devices that are affected.

  • You can deploy configuration baselines to users and devices.

  • Configuration baseline deployments and evaluation support Configuration Manager maintenance windows.

  • You can use compliance settings to manage the mobile devices that you enroll with Configuration Manager.

  • Configuration item versioning lets you view and use previous versions of configuration items. You can restore or delete previous versions of configuration items and see the user names of administrative users who made changes.

  • Configuration items can contain user and device settings. User settings are evaluated when the user is logged on. Examples of user settings include registry settings that are stored in HKEY CURRENT USER and user-based script settings that an administrative user configured.

  • Improved reports contain rule details, remediation information, and troubleshooting information.

  • You can now detect and report conflicting compliance rules.

  • Unlike Configuration Manager 2007, System Center 2012 Configuration Manager does not support uninterpreted configuration items. An uninterpreted configuration item is a configuration item that is imported into compliance settings, but the Configuration Manager console cannot interpret it. Consequently you cannot view or edit the configuration item properties in the console. Before you import Configuration Packs or configuration baselines to System Center 2012 Configuration Manager, you must remove uninterpreted configuration items in Configuration Manager 2007.

  • You can migrate configuration items and configuration baselines from Configuration Manager 2007 to System Center 2012 Configuration Manager. During migration, configuration data is automatically converted into the new format.

  • Settings groups from Configuration Manager 2007 are no longer supported in System Center 2012 Configuration Manager.

  • Regular expressions for settings are not supported in System Center 2012 Configuration Manager.

  • Using wildcards for registry settings is not supported in System Center 2012 Configuration Manager. If you migrate configuration data from Configuration Manager 2007, you must remove wildcards from registry settings before you migrate otherwise the data will be invalid in the System Center 2012 Configuration Manager configuration item.

  • The string operators Matches and Do not Match are not supported in System Center 2012 Configuration Manager.

  • You can no longer create configuration items of the type General from the Configuration Manager console. You can now create only application configuration items and operating system configuration items. However, if you create a configuration item for a mobile device, this is created as a general configuration item.

For more information, see the Introduction to Compliance Settings in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Out of Band Management

The following have changed for out of band management since Configuration Manager 2007:

  • System Center 2012 Configuration Manager no longer supports provisioning out of band, which could be used in Configuration Manager 2007 when the Configuration Manager client was not installed, or the computer did not have an operating system installed. To provision computers for AMT in System Center 2012 Configuration Manager, they must belong to an Active Directory domain, have the System Center 2012 Configuration Manager client installed, and be assigned to a System Center 2012 Configuration Manager primary site.

  • To provision computers for AMT, you must install the new site system role, the enrollment point, in addition to the out of band service point. You must install both these site system roles on the same primary site.

  • There is a new account, the AMT Provisioning Removal Account, which you specify on the Out of Band Management Component Properties: Provisioning tab. When you specify this account and use the same Windows account that is specified as an AMT User Account, you can use this account to remove the AMT provisioning information, if you have to recover the site. You might also be able to use it when the client was reassigned and the AMT provisioning information was not removed on the old site.

  • Configuration Manager no longer generates a status message to warn you that the AMT provisioning certificate is about to expire. You must check the remaining validity period yourself and ensure that you renew this certificate before it expires.

  • AMT discovery no longer uses port TCP 16992; only port TCP 16993 is used.

  • Port TCP 9971 is no longer used to connect the AMT management controller to the out of band service point to provision computers for AMT.

  • The out of band service point uses HTTPS (by default, port TCP 443) to connect to the enrollment point.

  • The WS-MAN translator is no longer supported.

  • The maintenance task Reset AMT Computer Passwords has been removed.

  • You no longer select individual permissions for each AMT User Account. Instead, all AMT User Accounts are automatically configured for the PT Administration (Configuration Manager 2007 SP1) or Platform Administration (Configuration Manager 2007 SP2) right, which grants permissions to all AMT features.

  • You must specify a universal security group in the Out Of Band Management Component Properties to contain the AMT computer accounts that Configuration Manager creates during the AMT provisioning process.

  • The site server computer no longer requires Full Control to the organizational unit (OU) that is used during AMT provisioning. Instead, it grants Read Members and Writer Members (this object only) permissions.

  • The enrollment point rather than the primary site server computer now requires the Issue and Manage Certificates permission on the issuing certification authority (CA). This permission is required to revoke AMT certificates. As in Configuration Manager 2007, this computer account requires DCOM permissions to communicate with the issuing CA. To configure this, ensure that for Windows Server 2008, the computer account of the enrollment point site system server is a member of the security group Certificate Service DCOM Access, or, for Windows Server 2003 SP1 and later, a member of the security group CERTSVC_DCOM_ACCESS in the domain where the issuing CA resides.

  • The certificate templates for the AMT web server certificate and the AMT 802.1X client certificate no longer use Supply in the request, and the site server computer account no longer requires permissions to the following certificate templates:

    • For the AMT web server certificate template: On the Subject tab, select Build from this Active Directory information, and then select Common name for the Subject name format. On the Security tab, grant Read and Enroll permissions to the universal security group that you specify in the Out Of Band Management Component Properties.

    • For the AMT 802.1X client certificate template: On the Subject tab, select Build from this Active Directory information, and then select Common name for the Subject name format. Clear the DNS name check box, and then select User principal name (UPN) as the alternate subject name. On the Security tab, grant Read and Enroll permissions to the universal security group that you specify in Out Of Band Management Point Component Properties.

  • The AMT provisioning certificate no longer requires that the private key can be exported.

  • By default, the out of band service point checks the AMT provisioning certificate for certificate revocation. This occurs when the site system first runs, and when the AMT provisioning certificate is changed. You can disable this option in the Out Of Band Service Point Properties.

  • You can enable or disable CRL checking for the AMT web server certificate in the out of band management console. To change the settings, click the Tools menu, and then click Options. The new setting is used when you next connect to an AMT-based computer.

  • When a certificate for an AMT-based computer is revoked, the revocation reason is now Cease of Operation instead of Superseded.

  • AMT-based computers that are assigned to the same Configuration Manager site must have a unique computer name, even when they belong to different domains and therefore have a unique FQDN.

  • When you reassign an AMT-based computer from one Configuration Manager site to another, you must first remove the AMT provisioning information, reassign the client, and then provision the client again for AMT.

  • The security rights View management controllers and Manage management controllers in Configuration Manager 2007 are now named Provision AMT and Control AMT, respectively. The Control AMT permission is automatically added to the Remote Tools Operator security role. If an administrative user is assigned to the Remote Tools Operator security role, and you want this administrative user to provision AMT-based computers or control the AMT audit log, you must add the Provision AMT permission to this security role, or ensure that the administrative user belongs to another security role that includes this permission.

For more information, see the Introduction to Out of Band Management in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Remote Control

The following items are new or have changed for remote control since Configuration Manager 2007:

  • Remote control now supports sending the CTRL+ALT+DEL command to computers.

  • You can apply different remote control settings to collections of computers by using client settings.

  • You can lock the keyboard and mouse of the computer that is being administered during a remote control session.

  • The copy and paste functionality between the host computer and the computer that is being administered has been improved.

  • If the remote control network connection is disconnected, the desktop of the computer that is being administered will be locked.

  • You can start the remote control viewer from the Windows Start menu.

  • Remote control client settings can automatically configure the Windows Firewall on client computers to allow remote control to operate.

  • Remote control supports connecting to computers with multiple monitors.

  • A high visibility notification bar is visible on client computers to inform the user that a remote control session is active.

  • By default, members of the local Administrators group are granted the Remote Control permission as a client setting.

  • The account name of the administrative user who starts the remote control session is automatically displayed to users during the remote control session. This display helps users to verify who is connecting to their computer.

  • If Kerberos authentication fails when you make a remote control connection to a computer, you are prompted to confirm that you want to continue before Configuration Manager falls back to using the less secure authentication method of NTLM.

  • Only TCP port 2701 is required for remote control packets; ports TCP 2702 and TCP 135 are no longer used.

  • Responsiveness for low-bandwidth connections supports the following improvements:

    • Elimination of mouse trails by using single mouse cursor design.

    • Full support for Windows Aero.

    • Elimination of mirror driver.

For more information, see the Introduction to Remote Control in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Hardware Inventory

The following items are new or have changed for hardware inventory since Configuration Manager 2007:

  • In System Center 2012 Configuration Manager, you can enable custom hardware inventory, and add and import new inventory classes from the Configuration Manager console. The sms_def.mof file is no longer used to customize hardware inventory.

  • You can extend the inventory schema by adding or importing new classes.

  • Different hardware inventory settings can be applied to collections of devices by using client settings.

For more information, see the Introduction to Hardware Inventory in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Software Inventory

There are no significant changes for software inventory in Configuration Manager since Configuration Manager 2007.

For more information about software inventory, see the Introduction to Software Inventory in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Asset Intelligence

The following items are new or have changed for Asset Intelligence since Configuration Manager 2007:

  • In System Center 2012 Configuration Manager, you can enable Asset Intelligence hardware inventory classes without editing the sms_def.mof file.

  • You can now download the Microsoft Volume Licensing Service (MVLS) license statement from the Microsoft Volume Licensing Service Center and import the license statement from the Configuration Manager console.

  • There is a new maintenance task (Check Application Title with Inventory Information) that checks that the software title reported in software inventory is reconciled with the software title in the Asset Intelligence catalog.

  • There is a new maintenance task (Summarize Installed Software Data) that provides the information displayed in the Inventoried Software node under the Asset Intelligence node in the Assets and Compliance workspace.

  • The Client Access License reports have been deprecated.

For more information, see the Introduction to Asset Intelligence in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Software Metering

There are no significant changes for software metering in Configuration Manager since Configuration Manager 2007.

For more information about software metering, see the Introduction to Software Metering in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Power Management

The following items are new or have changed for power management since Configuration Manager 2007:

  • If an administrative user enables this option, users can exclude computers from power management.

  • Virtual machines are excluded from power management.

  • Administrative users can copy power management settings from another collection.

  • A new Computers Excluded report is now available. It displays the computers that are excluded from power management.

For more information, see the Introduction to Power Management in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Mobile Devices

Enrollment for mobile devices in System Center 2012 Configuration Manager is now natively supported by using the two new enrollment site system roles (the enrollment point and the enrollment proxy point) and a Microsoft enterprise certification authority.

For more information about how to configure enrollment for mobile devices by using System Center 2012 Configuration Manager, see How to Install Clients on Windows Mobile and Nokia Symbian Devices Using Configuration Manager.

After the mobile devices are enrolled, you can manage their settings by creating mobile device configuration items and then deploy them in a configuration baseline. For more information, see How to Create Mobile Device Configuration Items for Compliance Settings in Configuration Manager.

For more information, see the Managing Mobile Devices by Using Configuration Manager section in the Introduction to Client Deployment in Configuration Manager topic in the Deploying Clients for System Center 2012 Configuration Manager guide.

Exchange Server Connector

New in System Center 2012 Configuration Manager, the Exchange Server connector allows you to find and manage devices that connect to Exchange Server (on-premise or hosted) by using the Exchange ActiveSync protocol. Use this mobile device management process when you cannot install the Configuration Manager client on the mobile device.

For more information about the different management capabilities when you manage mobile devices by using the Exchange Server connector and when you install a Configuration Manager client on mobile devices, see Determine How to Manage Mobile Devices in Configuration Manager.

For more information about how to install and configure the Exchange Server connector, see the How to Manage Mobile Devices by Using Configuration Manager and Exchange topic in the Deploying Clients for System Center 2012 Configuration Manager guide.

Mobile Device Legacy Client

If you have mobile devices that you managed with Configuration Manager 2007 and you cannot enroll them by using System Center 2012 Configuration Manager, you can continue to use them with System Center 2012 Configuration Manager. The installation for this mobile device client remains the same. However, whereas Configuration Manager 2007 did not require PKI certificates, System Center 2012 Configuration Manager requires PKI certificates on the mobile device and the management points and distribution points.

Unlike other clients, mobile device legacy clients cannot automatically use multiple management points in a site.

File collection is no longer supported for these mobile device clients in System Center 2012 Configuration Manager and unlike the mobile devices that you can enroll with Configuration Manager or manage by using the Exchange Server connector, you cannot manage settings for these mobile devices. In addition, the mobile device management inventory extension tool (DmInvExtension.exe) is no longer supported. This functionality is replaced with the Exchange Server connector.

For more information about the different mobile device management capabilities, see Determine How to Manage Mobile Devices in Configuration Manager.

For more information, see the Managing Mobile Devices by Using Configuration Manager section in the Introduction to Client Deployment in Configuration Manager topic in the Deploying Clients for System Center 2012 Configuration Manager guide.

Endpoint Protection

System Center 2012 Endpoint Protection is now integrated with System Center 2012 Configuration Manager. The following items are new or have changed for Endpoint Protection since Forefront Endpoint Protection 2010:

  • Because Endpoint Protection is now fully integrated with Configuration Manager, you do not run a separate Setup program to install an Endpoint Protection server. Instead, select the Endpoint Protection point as one of the available Configuration Manager site system roles.

  • You can install the Endpoint Protection client by using Configuration Manager client settings, or you can manage existing Endpoint Protection clients. You do not use a package and program to install the Endpoint Protection client.

  • The Endpoint Protection Manager role-based administration security role provides an administrative user with the minimum permissions required to manage Endpoint Protection in the hierarchy.

  • Endpoint Protection in Configuration Manager provides new reports that integrate with Configuration Manager reporting. For example, you can now identify the users who have computers that most frequently report security threats.

  • You can use Configuration Manager software updates to automatically update definitions and the definition engine by using automatic deployment rules.

  • You can configure multiple malware alert types to notify you when Endpoint Protection detects malware on computers. You can also configure subscriptions to notify you about these alerts by using email.

  • The Endpoint Protection dashboard is integrated with the Configuration Manager console. You do not have to install the dashboard separately. To view the Endpoint Protection dashboard, click the System Center 2012 Endpoint Protection Status node in the Monitoring workspace.

For more information, see the Introduction to Endpoint Protection in Configuration Manager topic in the Assets and Compliance in System Center 2012 Configuration Manager guide.

Software Deployment and Content Management

The following sections contain information about changes from Configuration Manager 2007 that relate to software updates, software distribution, operating system deployment and task sequences in System Center 2012 Configuration Manager.

Software Updates

Although the general concepts for deploying software updates are the same in System Center 2012 Configuration Manager as they were in Configuration Manager 2007, new or updated functionality is available that improves the software update deployment process. This includes automatic approval and deployment for software updates, improved search with expanded criteria, enhancements to software updates monitoring, and greater user control for scheduling software update installation.

The following table lists the functionality that is new or that has changed for software updates since Configuration Manager 2007.

Functionality

Description

Software update groups

Software update groups are new in Configuration Manager and replace update lists that were used in Configuration Manager 2007. Software update groups more effectively organize software updates in your environment. You can manually add software updates to a software updates group, or add software updates automatically to a new or existing software update group by using an automatic deployment rule. You can also deploy a software update group manually or automatically by using an automatic deployment rule. After you deploy a software update group, you can add new software updates to the group, and they are automatically deployed.

Automatic deployment rules

Automatic deployment rules automatically approve and deploy software updates. You specify the criteria for software updates (for example, all Windows 7 software updates released in the last week), the software updates are added to a software update group, you configure deployment and monitoring settings, and decide whether to deploy the software updates in the software update group. You can deploy the software updates in the software update group or retrieve compliance information from client computers for the software updates in the software update group without deploying them.

Software updates filtering

New search and expanded criteria are available when software updates are listed in the Configuration Manager console. You can add a set of criteria that makes it easy to find the software updates that you require. You can save the search criteria to use later. For example, you can set criteria for all critical software updates for Windows 7 and for software updates that were released in the last year. After you filter for the updates that you require, you can select the software updates and review compliance information per software update, create a software update group that contains the software updates, manually deploy the software updates, and so on.

Software updates monitoring

In the Configuration Manager console, you can monitor the following software updates objects and processes:

  • Important software updates compliance and deployment views

  • Detailed state messages for all deployments and assets

  • Software updates error codes with additional information to help identify issues

  • Status for software updates synchronization

  • Alerts for important software updates issues

Software update reports are also available that provide detailed state information for software updates, software update groups, and software update deployments.

Manage superseded software updates

Superseded software updates in Configuration Manager 2007 were automatically expired during the full software updates synchronization process for a site.

In System Center 2012 Configuration Manager, you can decide whether to manage superseded software updates as in Configuration Manager 2007, or you can configure a specified period of time where the software update is not automatically expired after it is superseded. During this time, you can deploy superseded software updates.

Increased user control over software updates installation

Configuration Manager gives users more control over when to install software updates on their computer. Configuration Manager Software Center is an application that is installed with the Configuration Manager client. Users run this application on the Start menu to manage the software that is deployed to them. This includes software updates. In Software Center, users can schedule software update installation at a convenient time before the deadline and install optional software updates. For example, you can configure your business hours and have software updates run outside of those hours to minimize productivity loss. When the deadline is reached for a software update, the installation for the software update is started.

Software update files are stored in the content library

The content library in System Center 2012 Configuration Manager is the location that stores all content files for software updates, applications, operating system deployment, and so on. The content library provides a single instance store for content files on the site server and distribution points, and provides an advantage over content management functionality in Configuration Manager 2007. For example, in Configuration Manager 2007, you might distribute the same content files multiple times by using different deployments and deployment packages. The result was that the same content files were stored multiple times on the site server and on distribution points and added unnecessary processing overhead and excessive hard disk space requirements.

For more information about content management, see the Content Library section in the Introduction to Content Management in Configuration Manager topic.

Software update deployment template

There is no longer a Deployment Templates node in the Configuration Manager console to manage your templates. Deployment templates can be created only in the Automatic Deployment Rules Wizard or Deploy Software Updates Wizard. Deployment templates store many of the deployment properties that might not change from deployment to deployment, and they can save much time for administrative users when they deploy software updates.

Deployment templates can be created for different deployment scenarios in your environment. For example, you can create a template for expedited software update deployments and planned deployments. The template for the expedited deployment can suppress display notifications on client computers, set the deadline for zero (0) days from the deployment schedule, and enable system restarts outside maintenance windows. The template for a planned deployment can allow for display notifications on client computers and set the deadline for 14 days from the deployment schedule.

Internet-based clients can retrieve update files from the Internet

When an Internet-based client receives a deployment, the client first tries to download the software files from Microsoft Update instead of distribution points. When the connection to Microsoft is not successful, clients fall back to a distribution point that hosts the software update files and is configured to accept communication from clients on the Internet.

Update lists are no longer used

Update lists have been replaced by software update groups.

Deployments are no longer used

Although you can still deploy software updates in System Center 2012 Configuration Manager, there is no longer a visible software update deployment object. The deployment object is now nested in a software update group.

The New Policies Wizard is no longer available to create a NAP policy for software updates

The Network Access Protection node in the Configuration Manager console and the New Policies Wizard are no longer available in System Center 2012 Configuration Manager. To create a NAP policy for software updates, you must select Enable NAP evaluation on the NAP Evaluation tab in software update properties.

For more information, see the Introduction to Software Updates in Configuration Manager topic in the Deploying Software and Operating Systems in System Center 2012 Configuration Manager guide.

Application Management

Applications are new in System Center 2012 Configuration Manager and have the following characteristics:

  • Applications contain the files and information necessary to deploy a software package to a computer or a mobile device. Applications contain multiple deployment types that contain the files and commands necessary to install the software. For example, an application could contain deployment types for a local installation of a software package, a virtual application package or a version of the application for mobile devices.

  • Requirement rules define conditions that specify how an application is deployed to client devices. For example, you can specify that the application should not be installed if the destination computer has less than 2GB RAM or you could specify that a virtual application deployment type is installed when the destination computer is not the primary device of the user.

  • Global conditions are similar to requirement rules but can be reused with any deployment type.

  • User device affinity allows you to associate a user with specified devices. This allows you to deploy software to a user rather than a device. For example, you could deploy an application so that it only installs on the primary device of the user. On devices that are not the primary device of the user, you could deploy a virtual application that is removed when the user logs out.

  • Deployments are used to distribute applications. A deployment can have an action which specifies whether to install or uninstall the application and a purpose which specifies whether the application must be installed or whether the user can choose to install it.

  • System Center 2012 Configuration Manager can use detection methods to determine if a deployment type has already been installed on a device by using product information, or a script.

  • Application management supports the new monitoring features in System Center 2012 Configuration Manager. The status of an application deployment can be monitored directly in the Configuration Manager console.

  • Packages and programs from Configuration Manager 2007 are supported in System Center 2012 Configuration Manager and can use some of the new deployment and monitoring features.

  • You can now deploy a task sequence on the Internet, as a method to deploy a script, for example, prior to installing a package and program. It is still not supported to deploy an operating system over the Internet.

  • Software Center is a new client interface that allows users to request and install applications, control some client functionality, and to access the Application Catalog, which contains details about all available applications.

  • When you deploy software to users, users no longer have to log off and back on again for Configuration Manager to include the new software deployment in the user policy. However, if the deployment uses a Windows group and you have newly added the user to this group, the Windows requirement for the user to log off and back on again to receive the new Windows group membership still applies before the user can receive the user-targeted software deployment.

The following are new or changed for virtual application (App-V) deployment in System Center 2012 Configuration Manager:

  • Virtual applications support App-V Dynamic Suite Composition by using Configuration Manager local and virtual application dependencies.

  • You can selectively publish the components of a virtual application to client computers.

  • Performance improvements when publishing application shortcuts to client computers.

  • Clients now check more quickly for required installations after logon. Clients also now check for required installations when the desktop is unlocked.

  • Applications can be deployed to users of Remote Desktop Services or Citrix servers when other users are logged in.

  • System Center 2012 Configuration Manager supports streaming virtual applications over the Internet from an Internet-based distribution point.

  • Streaming support for packages suited together using Dynamic Suite Composition.

  • In Configuration Manager 2007, you had to enable streaming support for virtual applications on each distribution point. In System Center 2012 Configuration Manager, all distribution points are automatically capable of virtual application streaming.

  • Reduced disk space usage on distribution points as application content is no longer duplicated for multiple application revisions.

  • Virtual application content is no longer persisted by default in the Configuration Manager client cache.

  • You can no longer create virtual applications by using Configuration Manager packages and programs. You must use Configuration Manager application management.

  • Configuration Manager supports migrating virtual application packages from Configuration Manager 2007 to System Center 2012 Configuration Manager. When you migrate an App-V package from Configuration Manager 2007, the migration Wizard will create this as a System Center 2012 Configuration Manager application.

  • The Configuration Manager 2007 client option Allow virtual application package advertisement has been removed. In System Center 2012 Configuration Manager, virtual applications can be deployed by default.

  • Virtual applications that are deployed from an App-V Server are not deleted by the Configuration Manager client.

  • Configuration Manager hardware inventory can be used to inventory virtual applications deployed by an App-V Server.

  • Application content that has been downloaded to the App-V cache is not downloaded to the Configuration Manager client cache.

    Note

    To modify a virtual application, you must first create it as a Configuration Manager application.

For more information, see the Introduction to Application Management in Configuration Manager topic in the Deploying Software and Operating Systems in System Center 2012 Configuration Manager guide.

Operating System Deployment

The following items are new or have changed for operating system deployment since Configuration Manager 2007:

For more information, see the Introduction to Operating System Deployment in Configuration Manager topic in the Deploying Software and Operating Systems in System Center 2012 Configuration Manager guide.

Content Management

The following items are new or have changed for content management since Configuration Manager 2007:

  • Branch distribution points were available in Configuration Manager 2007 to distribute content, for example, to a small office with limited bandwidth. In System Center 2012 Configuration Manager, there is only one distribution point type with the following new functionality:

    • You can install the distribution point site system role on client or server computers.

    • You can configure bandwidth settings, throttling settings, and schedule content distribution between the site server and distribution point.

    • You can prestage content on remote distribution points and manage how Configuration Manager updates content to the prestaged distribution points.

    • The PXE service point and the associated settings are in the properties for the distribution point.

  • In Configuration Manager 2007, you configure a distribution point as protected to prevent clients outside the protected boundaries from accessing the distribution point. In System Center 2012 Configuration Manager, preferred distribution points replace protected distribution points.

  • Distribution point groups provide a logical grouping of distribution points for content distribution. You can add one or more distribution points from any site in the Configuration Manager hierarchy to the distribution point group. You can also add the distribution point to more than one distribution point group. This expanded functionality lets you manage and monitor content from a central location for distribution points that span multiple sites.

  • The content library in System Center 2012 Configuration Manager is the location that stores all content files for software updates, applications, operating system deployment, and so on. The content library provides a single instance store for content files on the site server and distribution points, and provides an advantage over content management functionality in Configuration Manager 2007. For example, in Configuration Manager 2007, you might distribute the same content files multiple times by using different deployments and deployment packages. The result was that the same content files were stored multiple times on the site server and on distribution points and added unnecessary processing overhead and excessive hard disk space requirements.

  • You can prestage content, which is the process to copy content, to the content library on a site server or distribution point before you distribute the content. Because the content files are already in the content library, Configuration Manager does not copy the files over the network when you distribute the content.

  • The Configuration Manager console provides content monitoring that includes the status for all package types in relation to the associated distribution points, the status of content assigned to a specific distribution point group, the state of content assigned to a distribution point, and the status of optional features for each distribution point.

  • You can enable content validation on distribution points to verify the integrity of packages that have been distributed to the distribution point.

  • In Configuration Manager 2007, content files are automatically distributed to the disk drive with the most amount of free space. In System Center 2012 Configuration Manager, you configure the disk drives on which you want to store content and configure the priority for each drive when Configuration Manager copies the content files.

  • BranchCache has been integrated in System Center 2012 Configuration Manager so that you can control usage at a more detailed level. You can configure the BranchCache settings on a deployment type for applications and on the deployment for a package.

For more information, see the Introduction to Content Management in Configuration Manager topic in the Deploying Software and Operating Systems in System Center 2012 Configuration Manager guide.

Monitoring and Reporting

The following sections contain information about changes from Configuration Manager 2007 that relate to monitoring and reporting in System Center 2012 Configuration Manager.

Reporting

The following items are new or have changed for reporting since Configuration Manager 2007:

  • Configuration Manager no longer uses the reporting point; the reporting services point is the only site system role that Configuration Manager now uses for reporting.

  • Full integration of the Configuration Manager 2007 R2 SQL Server Reporting Services solution: In addition to standard report management, Configuration Manager 2007 R2 introduced support for SQL Server Reporting Services reporting. System Center 2012 Configuration Manager integrates the Reporting Services solution, adds new functionality, and removes standard report management as a reporting solution.

  • Report Builder 2.0 integration: System Center 2012 Configuration Manager uses Microsoft SQL Server 2008 Reporting Services Report Builder 2.0 as the exclusive authoring and editing tool for both model-based and SQL-based reports. Report Builder 2.0 is automatically installed when you create or modify a report for the first time.

  • Report subscriptions in SQL Server Reporting Services let you configure the automatic delivery of specified reports by email or to a file share in scheduled intervals.

  • You can run Configuration Manager reports in the Configuration Manager console by using Report Viewer, or you can run reports from a browser by using Report Manager. Both methods for running reports provide a similar experience.

  • Reports in Configuration Manager are rendered in the locale of the installed Configuration Manager console. Subscriptions are rendered in the locale that SQL Server Reporting Services is installed. When you author a report, you can specify the assembly and expression.

For more information, see the Introduction to Reporting in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Alerts

Alerts are new in System Center 2012 Configuration Manager and provide near real-time awareness of current site operations and conditions in the Configuration Manager console. Alerts are state-based and will automatically update when conditions change. System Center 2012 Configuration Manager alerts are not similar to status messages in Configuration Manager, nor are they similar to alerts in other System Center products, such as those found in Microsoft System Center Operations Manager 2007.

For more information, see the Configuring Alerts in Configuration Manager topic in the Site Administration for System Center 2012 Configuration Manager guide.

Monitoring Database Replication

You can monitor the status of System Center 2012 Configuration Manager data replication by using the Database Replication node in the Monitoring workspace of the Configuration Manager console.

For more information, see the  Monitor Configuration Manager Sites and Hierarchy topic from the Site Administration for System Center 2012 Configuration Manager guide.