html5-img
1 / 23

Configuration Manager 2012 Compliance and Settings Management

Configuration Manager 2012 Compliance and Settings Management. Roberto Rodriguez Premier Field Engineer Microsoft Corporation. Session Agenda . Compliance and settings management vision Features and improvements done in ConfigMgr 2012 Demos. Vision.

efrem
Télécharger la présentation

Configuration Manager 2012 Compliance and Settings Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Configuration Manager 2012 Compliance and Settings Management Roberto Rodriguez Premier Field Engineer Microsoft Corporation

  2. Session Agenda • Compliance and settings management vision • Features and improvements done in ConfigMgr 2012 • Demos

  3. Vision Provide a unified platform for customers and partners to define, monitor, enforce and report configuration compliance in the enterprise for users across all supported ConfigMgr devices. Pillars: • Simplify administrator experience • Embrace “user centric” management • Integrate architecture, infrastructure, administrator experience for all user-centric management disciplines for policy evaluation and rule authoring.

  4. Key Concepts ConfigMgr Agent Agent discovers CIs, validates data against rules, remediates and reports compliance Collection Monitor/remediate Deployment Baseline Group of CIs with presence rules. WMI XML Configuration Item Script Active Directory Configuration model defined for OS , Application (settings, rules, applicability ) Registry SQL File IIS Software Updates MSI

  5. Features and Improvements • Unified compliance-settings mgmt across servers, desktops, laptops, and mobile devices • Simplify administrator experience • Role-based administration built in “Compliance Settings Management Role” • Browse gold system when creating configuration items • Simplified Baseline creation experience • Re-use of settings across CI boundary • Deployment of Baselines • User and Device targeting of Baselines • Define compliance SLAs for Baseline deployments and generate Alerts • True per user evaluation and remediation • Monitoring Baseline deployment compliance status • In Console monitoring • Updated reports to include remediation, conflict and error reporting • Automatic remediation (aka DCM “set”) • CI revisioning and change control • Migration of existing Configuration Manager 2007 Baselines and CIs

  6. Role Base Access Control Scenario: Built in Compliance and Settings Management Role. Design principal: Just view and manage objects relevant for Compliance and Settings Management Rolewithin console.

  7. Browse on gold system when creating CIs Scenario: Simplify configuration item creation. Design principal: Admin can create DCM setting and rule without typing by browsing gold system registry and file system, eliminating human errors. Browse local / remote machine Registry and File System only

  8. Demo Creating Configuration Items by browsing gold system

  9. User or Device Targeting Scenario: Deploy policy to users or devices, remediate and report compliance for user or device. Design principal: Did support device targeting in 2007, now with user targeting support aligning with user centric vision. • New verb is “Deployment” no longer use Assignment term • Deploy baselines to user or device collections • If deployed to users evaluation options • Evaluate Baseline on all devices user logs on • Evaluate Baseline on only user’s primary machines • CIs in Baseline can contain user and device setting • User settings: • Registry settings stored under HKCU • Script setting: Run discovery and remediation scripts under user context • CIs with user settings will be evaluated when user logs on.

  10. Demo Deploying Baseline to user collection

  11. Compliance SLAs for Baseline deployments Scenario: Alert admin when target compliance threshold is not met. Design principal: Provide clear alert description, condition not met for each Baseline deployment. Admin can manage alert properties for each BL deployment which is aligned with SWD and SUM. • Admin can define Target Compliance SLA % at BL Deployment level • Alerts are generated if SLA is not met • Customize alerts properties • Reevaluate alert condition in time in future again.

  12. Demo Viewing Target Compliance SLA Alerts

  13. In Console Monitoring Scenario: Allow admin to view BL deployment compliance statistics within console Design principal: Show the most important issues admin needs to worry about in priority order within console • Most common Noncompliant/Errors sorted based on # of devices/users impacted • Deployed to Users vs Device • If deployed to user collection, asset details is sorted by user • If deployed to device collection, asset detail is sorted by device • Reports are also available and now includes remediation, conflict and error reporting

  14. Reporting • Lets admin see compliance at a glance • Drill-down to see details • View Troubleshooting and remediation info

  15. Demo Viewing Baseline compliance statistics using new In Console Monitoring UX and Reporting

  16. Monitor vs Remediate • Monitoring: We still support monitoring for all Configuration Manager 2007 setting providers (Registry Key, Registry Value, File, Folder, Script , WMI, XML…..etc) • Check existence of setting • Check value of setting • Remediation: Only supported for Registry-, wmi- and script-based settings and all mobile phone settings • Create setting if not exist • Set value if not compliant • Run remediation script • Remediate phone settings

  17. Demo Enable remediation

  18. Support for Mobile phones Scenario: Support configuration - compliance management for mobile devices Design principal: Unified platform and user experience to define, monitor, enforce, report compliance for users across all supported ConfigMgr devices. • Fully integrated authoring, targeting and reporting experience • Easily build a CI from built-in common settings or create your own settings • Compliance evaluation off-loaded to server to limit battery and cpu impact on mobile • Support for WM6.1 and WP 6.5.x

  19. Demo Create and deploy configuration Item for mobile devices

  20. CI revisioningand audit tracking Scenario: Support change management for configuration items Design principal: Ability to see revisions of configuration item, view who changed what and chose to use specific or latest revision of CIs in Baselines.

  21. Migration Scenario: Migrate 2007 Config Packs Design principal: Migration or Import support for all 2007 Config Packs to 2012. • Ability to import 2007 CI and Baselines to 2012 environment • Migration from 2007 hierarchy to 2012 using migration tool • Migration or Import will automatically convert v4 schema to v5 schema

  22. New server Configuration Packs • Customer ask : Server CPs are not updated!. • Solution: We will convert following server BPA templates to DCM CIS/BLs, publish them up on ConfigPack catalog  and make sure they work with ConfigMgr 2007 and 2012 releases. • SQL Server 2008 R2 • Exchange Server 2010 • SharePoint Server 2007 • Windows 2008 R2 IIS server • Windows 2008 R2 DHCP server • Windows 2008 R2 TS server • What customers will do? Download these new server CPs, deploy to servers and check compliance • Note: All BPA rules are converted to DCM settings with PS script type. Rules will check passed/failed.

  23. Conclusion ConfigMgr 2012 provides unified compliance and settings management across all devices users have such as desktops, laptops, mobile devices even servers!

More Related