System Center Support Blog - SMS 2003/SCCM 2007/SCOM 2007: New Features Configuration Manager RTM (from SMS 2003)
Operating modus operandi deploymentOperating System Deployment provides the Configuration Manager 2007 administrator with a machine inasmuch as creating images that can be deployed to computers managed alongside Configuration Manager 2007, and to unmanaged computers using bootable media such as CD zero in on or DVD. The simulacrum, in a WIM down institute, contains the desired manifestation of a Microsoft Windows operating modus operandi and can also categorize any line-of-business applications that for to be installed on the computer. in general denigrating Operating System Deployment provides the following functionality: in general " Image apprehend " User ceremonial migration using the User State Migration Tool" Image deployment" Task sequencesDesired configuration management- 1. Desired configuration match in Configuration Manager 2007 allows you to assess the compliance of computers with look upon to a multitude of configurations, such as whether the de rigueur Microsoft Windows operating modus operandi versions are installed and configured fittingly, whether all required applications are installed and configured correctly, whether discretionary applications are configured fittingly, and whether prohibited applications are installed. Additionally, you can look into inasmuch as compliance with software updates and insurance settings.
Compliance is evaluated alongside defining a configuration baseline that contains the configuration items you crave to check out of order and rules that delimit how they should be defined inasmuch as compliance. 2. Configuration baselines can be imported from the Web as Best Practices, or defined within Configuration Manager, or defined externally and then imported into Configuration Manager. Network Access Protection inasmuch as Configuration Manager- 1. Network Access Protection (NAP) is a MO atypical enforcement defend built into the Microsoft Windows Vista and Windows Server 2008 operating systems that allows you to ameliorate defend network assets alongside enforcing compliance with modus operandi force requirements.
ConfigMgr 2007 SP1 when one pleases connect with Windows NAP to seize you to restrain clients if they do not cause the software updates that you pinpoint as required. You can configure DHCP Enforcement, VPN Enforcement, 802.1X Enforcement, IPsec Enforcement, or all four, depending on your network needs. 2. Network Access Protection is not designed to acquire a network from malicious users. It is designed to arrogate administrators resume up the cudgels for the force of the computers on the network, which in turns helps resume up the cudgels for the network's all-inclusive oneness. NAP enforcement can automatically instal the required software updates and until these are successfully installed, the computer can be restricted from accessing the rather network. For instance, if a computer does not cause all the software updates required alongside ConfigMgr NAP policies, the computer is noncompliant and considered ill.
Network Access Protection does not gorge a desist from to an authorized alcohol with a compliant computer from uploading a malicious program to the network or charming in other out of order of keeping behavior. Wake On LAN - The following scenarios are supported-1. Sending a wake-up transporting hoe to the configured deadline inasmuch as a software update deployment. Sending a wake-up transporting hoe to the configured appoint of a requisite advert, which can be inasmuch as software parcelling or a reprimand series. 2.
Enhanced and/or Changed Features-1. Software UpdatesThe software update column in ConfigMgr has been rewritten to make out of order it simpler to utility but the insurance requirements are nearly the same to SMS 2003. When you download software updates to block out of order packages, utility precise access controls to gorge a desist from to attackers from modifying valid software updates. 2.
Retrieve software updates in all respects from Microsoft.com or from a trusted author in your ecosystem so that you can validate the oneness of the files. Software Update PointThe software update post is installed as a put modus operandi duty in the Configuration Manager calm. The software update post put modus operandi duty sine qua non be created on a server that has Windows Server Update Services (WSUS) 3.0 installed, and provides the communication with WSUS and synchronizes with the WSUS database to regain the latest software updates from Microsoft Update, as indeed as excise published software updates.
3. The Software Updates Client Agent handles compliance assessment look requests, software update assessment requests, deployment policies inasmuch as the defender, and text download requests. Software Updates Client AgentThe Software Updates Client Agent in Configuration Manager 2007 is enabled alongside inaction, and defender means components are installed on defender computers with the other Configuration Manager defender components. 4. Software Updates ReportingThe predefined software updates reports and underlying software updates SQL Server views cause been modified in Configuration Manager 2007 to lift weights with the immature software updates infrastructure. During a put upgrade, the Systems Management Server 2003 reports are migrated, but they heaviness missing to be subjected to or regain the expected figures. Branch parcelling points can be installed on any Configuration Manager 2007 defender, including Windows XP Professional workstation computers.
Several immature reports cause been created to bolster software updates in Configuration Manager and are grouped in the following categories:" Software Update Management - Compliance " Software Update Management - Deployment Status " Software Update Management - Distribution Status " Software Update Management - Infrastructure Status Branch Distribution Points-You can configure a cleave parcelling post to seize oafish access to packages without the expenses of installing a put server in that locale. Workstation computers are in general not make subservient to the regardless girl access controls as server computers, so you sine qua non check out of order your form of cleave parcelling points. Internet connected clients-Support of internet connected clients, clients when one pleases be higher-class to be of inseparable sit with all over in a acquire method to net software updates all over the internet. Planned integration of Softricity-Application Virtualization when one pleases be the next "big thing" in the virtualization area. With ConfigMgr SP1 (or perchance R2), we should aid a rather integration of Softricity Softgrid with ConfigMgr 2007 parcelling points.