Cloud

What’s New in Microsoft Configuration Manager R2

We are just are getting used to Configuration Manager 2012 SP1 and Microsoft is coming out later this year with another update, R2. It may seem like they are just pushing out the updates to make our life rough, but really they are making it better. With each release they are updating current features and adding new ones in addition to supporting  additional platform versions for example the release of Windows 8.1. I am going to list out some of the updates to existing features and new features that Configuration Manager R2 will bring to the table. Most of this information was gathered from Technet.
Technet Information.

Site Installation 

  • When you run Setup to install a new primary site or central administration site, you can select non-default locations for the site database files. The option to specify non-default file locations is not available when you specify a SQL Server cluster.

Sites and Hierarchies Migration

  • You can merge hierarchies from other organizations that also use System Center 2012 R2 Configuration Manager into your System Center 2012 R2 Configuration Manager hierarchy.
  • You can migrate data from your System Center 2012 R2 Configuration Manager test environment into your System Center 2012 R2 Configuration Manager production environment.
  • Some UI labels and descriptions are updated to reflect the change in functionality that lets you migrate from one System Center 2012 R2 Configuration Manager hierarchy to another, and to reflect the functionality of migrating, not upgrading, distribution point between hierarchies.
  • When you use the Reassign Shared Distribution Points Wizard, you have the same options as when you deploy a new distribution point, including options make the distribution point a pull-distribution point and to add it to boundary groups in the destination hierarchy.

Client Deployment

  • You can now install the client certificate and enroll Mac computers by using the new enrollment wizard for the Mac client as an alternative to using the CMEnroll tool command-line tool.
  • You can now select Resultant Client Settings from the Configuration Manager console to view the effective client settings that will be applied to the selected device. The resultant client setting accounts for the prioritization or combination of attributes where multiple client settings have been deployed to the same device.
  • Configuration Manager now supports the Unified Write Filter available in certain Windows Embedded operating systems.
  • If you use wake-up proxy, you no longer have to manually configure Windows Firewall on clients to allow TCP/IP ping commands when you specify the Power Management client setting, Firewall exception for wake-up proxy.

Client Assignment

  • You can now reassign Configuration Manager clients, including managed mobile devices, to another primary site in the hierarchy. Clients can be reassigned individually or can be multi-selected and reassigned in bulk to a new site.

Mobile Devices

  • Users can enroll Android devices by using the company portal app which will be available on Google Play. The company portal app is supported on Android devices as of Android 4.0. When users download the company portal app the installation includes the management agent. The management agent gives you the following management capabilities.
    • You can manage compliance settings which include password, camera, and encryption settings.
    • When you deploy apps to Android devices, you now have the option to install the apps directly to the device.
    • Users are prompted to take required actions, such as app installations or updating device passcodes by using Android notifications.
  • Users can enroll iOS devices by using the iOS company portal app which will be available in the App store. The company portal app can be installed on iOS devices as of iOS 6. The company portal app will allow users to perform the following actions:
    • Change or reset passwords.
    • Download and install company apps.
    • Enroll, unenroll, or wipe company content from their devices.
  • Devices that run Windows RT, iOS and Android now support a deployment purpose of Required. This allows you to deploy apps automatically to devices according to a configured schedule.
  • Wipe and retire functions now include the option to only remove company content from devices,
  • You can configure enrolled devices as company-owned or personal-owned. Company-owned allows you to get software inventory on company content on all devices.
    • You can configure devices as personal-owned or company-owned by using the Change ownership action. Change ownership is only available for devices that are not domain-joined and do not have the Configuration Manager client installed.
    • Windows RT and Windows Phone 8 will only report inventory on company content when configured as company-owned.
    • If they are configured as company-owned, iOS and Android devices will report full inventory. If they are configured as personal-owned, iOS and Android will only report company content.
    • Windows Mobile 6 devices will report full inventory if they are configured as company-owned.
  • You can use Windows Intune to manage Windows 8.1 Preview devices that are not joined to the domain and do not have the Configuration Manager client installed.

Compliance Settings

  • New mobile device settings and mobile device setting groups have been added. These can be found on the Mobile Device Settings page of the Create Configuration Item Wizard.

Remote Connection Profiles

  • Deployment of remote connection profiles that allow users to remotely connect to work computers from the company portal, when they are not connected to the domain or if they are connected over the Internet.

Certificate Profiles

  • Deployment of user and device certificates for managed devices by using the Simple Certificate Enrollment Protocol (SCEP). These certificates can be used to support Wi-Fi and VPN connections.
  • Supported devices include those that run iOS, Windows 8.1 and Windows RT 8.1, and Android.
  • Deployment of root certification authority (CA) certificates and intermediate CA certificates, so that devices can create a chain of trust when they use server authentication for network connections.
  • A certificate registration point must be deployed in the central administration site or a primary site and the Configuration Manager Policy Module must be installed on a server running Windows Server 2012 R2 with Active Directory Certificate Services and the Network Device Enrollment Service role. This server must be accessible from the Internet and communicate with an enterprise CA in the intranet.

VPN Profiles

  • Deployment of VPN profiles that provision devices with the settings and certificates that they need to access corporate networks.
  • Supported devices include those that run iOS, Windows 8 and Windows 8.1, Windows RT and Windows RT 8.1.

Wi-Fi Profiles

  • Deployment of Wi-Fi profiles that provision devices with the settings and certificates that they need to access corporate Wi-Fi hotspots.
  • Supported devices include those that run iOS, Windows 8.1, and Windows RT 8.1, and Android.

Software Updates

  • New maintenance window dedicated for software updates installation. This lets you configure a general maintenance window and a different maintenance window for software updates. When a general maintenance window and software updates maintenance window are both configured, clients install software updates only during the software updates maintenance window.
  • You can now change the deployment package for an existing automatic deployment rule. New software updates are added to the specified deployment package every time an automatic deployment rule is run. Deployment packages can become very large over time and might impact replication scenarios, particularly when a new distribution point is added to your hierarchy or when a distribution point is added to a distribution point group. You can now change the deployment package periodically to keep the size of the deployment package from getting too large.
  • You can now preview software updates that meet the property filters and search criteria that you define in an automatic deployment rule. Software updates preview lets you review the software updates before you create the deployment. The Preview button is located on the Software Updates page in the Automatic Deployment Wizard and on the Software Updates tab in the properties for the automatic deployment rule.

Application Management

  • Web applications in System Center 2012 R2 Configuration Manager are a new deployment type that allows you to deploy a shortcut to a web-based app on users’ devices.
  • Windows 8.1 introduces the app bundle (or .appxbundle package) to help optimize the packaging and distribution of Windows Store apps and resource packages. Configuration Manager extends the existing Windows app package deployment type to recognize .appxbundle package files.
  • The create application wizard includes a new option that allows you to configure featured applications. These applications are displayed prominently in the company portal.
  • You can specify a privacy link for each application that users can review before they install the application.
  • You can configure an application to automatically open a VPN connection if a VPN profile has been configured.

Operating System Deployment

  • Support for Windows Server 2012 R2 and Windows 8.1.
  • Support for boot images created by using the Windows Automated Installation Kit (Windows AIK) for Windows 7 SP1 and based on Windows PE 3.1.
  • Ability to create prestaged content files for task sequence content. The Create Prestaged Content action creates a compressed, prestaged content file that contains the files and associated metadata for the content in the task sequence. By default, Configuration Manager detects and adds the dependencies associated with the task sequence to the prestaged content file. You can then manually import the content at a site server, secondary site, or distribution point.
  • Added virtual hard disk management from the Configuration Manager console. You can create and modify virtual hard disks, and upload them to Virtual Machine Manager.
  • New task sequence steps:
    • Run PowerShell Script: This task sequence step runs the specified Windows PowerShell script on the target computer.
    • Check Readiness: This task sequence step verifies that the target computer meets the specified deployment prerequisite conditions.
    • Set Dynamic Variables: This task sequence step gathers information and sets specific task sequence variables with the information. Then, it evaluates defined rules and sets task sequence variables based on the variables and values configured for rules that evaluate to true.

New task sequence built-in variables:

  • SMSTSDownloadRetryCount: Use this variable to specify the number of times that Configuration Manager attempts to download content from a distribution point.
  • SMSTSDownloadRetryDelay: Use this variable to specify the number of seconds that Configuration Manager waits before it retries to download content from a distribution point.
  • TSErrorOnWarning: Use this variable to specify whether the task sequence engine treats the requirements not met warning from an application as a fatal error. You can set this variable to True or False. False is the default behavior.
  • _TSAppInstallStatus: The task sequence sets the _TSAppInstallStatus variable with the installation status for the application during the Install Application task sequence step. The task sequence sets the variable with one of the following values:
    • Undefined: Set when the Install Application task sequence step has not been run.
    • Error: Set when at least one application failed because of an error during the Install Application task sequence step.
    • Warning: Set when no errors occur during the Install Application task sequence step, but one or more applications, or a required dependency, did not install because a requirement was not met.
    • Success: Set when there are no errors or warning detected during the Install Application task sequence step.

Content Management

  • The following changes are introduced for pull-distribution points:
    • Pull-distribution points support the prioritization of their source distribution points. A priority can be assigned to one or more source distribution points, and the pull-distribution point attempts to locate content from a distribution point assigned to the lowest numbered priority before attempting to contact a distribution point associated with the next higher numbered priority.
    • Pull-distribution points push status for completed actions to the site server. This replaces the requirement to have Distribution Manager (distmgr) on the site server poll each pull-distribution point periodically to obtain this status, and helps to reduce the overall processing load for distmgr on the site server.
  • From the Distribution Status node in the Monitoring workspace of the Configuration Manager console, you can cancel distributions that are in progress to a distribution point, and redistribute distributions that have failed.You can use the new built-in report named Distribution point usage summary to view details about how individual distribution points are utilized, including how many unique clients access the distribution point, and how much data transfers from the distribution point.
  • You can configure multiple Network Access Accounts at each site.
  • The following additional optimizations are introduced to improve performance during deployment of content:
    • Each time Configuration Manager transfers content to a distribution point, it calculates the speed of the transfer. During subsequent content deployment, this information is used to prioritize which distribution points receive content first. This is done to maximize the number of distribution points that receive content in the shortest period of time.
    • To improve concurrent distributions, when Configuration Manager validates content on distribution points, it validates up to 50 files during each WMI call to a distribution point. Prior to this version, Configuration Manager used a single WMI call to a distribution point to validate each individual file.

Reporting

  • Configuration Manager reports are now fully enabled for role-based administration. The data for all reports included with Configuration Manager is filtered based on the permissions of the administrative user who runs the report. Administrative users with specific roles can only view information defined for their roles.

So as you can see this update brings a lot of updated and new functions to Configuration Manager R2. It will be exciting to put these new features to the test once they make the final release available to the public.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Robert Kuchera

Lead Microsoft Infrastructure Consultant

More from this Author

Subscribe to the Weekly Blog Digest:

Sign Up
Follow Us
TwitterLinkedinFacebookYoutubeInstagram