0% found this document useful (0 votes)
224 views12 pages

SCCM PDF

This document provides tips for using System Center Configuration Manager (SCCM) to migrate desktops to Windows 7. It outlines a 6-step process for capturing a Windows 7 reference image: 1) Create a provisioning account, 2) Create a reference machine, 3) Customize the reference machine, 4) Create USB capture media, 5) Perform the image capture, 6) Import the captured image into SCCM. It also recommends using USB installation media to create the reference machine, as it is faster than CD/DVD, and using a Key Management Server for activation to avoid having to re-activate machines.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
224 views12 pages

SCCM PDF

This document provides tips for using System Center Configuration Manager (SCCM) to migrate desktops to Windows 7. It outlines a 6-step process for capturing a Windows 7 reference image: 1) Create a provisioning account, 2) Create a reference machine, 3) Customize the reference machine, 4) Create USB capture media, 5) Perform the image capture, 6) Import the captured image into SCCM. It also recommends using USB installation media to create the reference machine, as it is faster than CD/DVD, and using a Key Management Server for activation to avoid having to re-activate machines.
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Windows IT Pro

Using SCCM
to Migrate to Windows 7
Mel Beckman

sponsored by
Brought to you by Windows IT Pro
Tech Advisor • Windows IT Pro | p. 2

Contents
Preflight checklist for SCCM Windows 7 Deployment 3
SCCM Windows Deployment Tip: Using USB Installation
Media 4
SCCM Windows Deployment Tip: Use a Key Management
Server 5
SCCM 2007 SP2 required for Windows 7/2008
OS Deployment 5
DirectAccess gives Internet-based SCCM clients seamless
remote control 6
Create a Windows 7-based WinPE compatible with
SCCM 6
Deploy Microsoft App-V even if App-V Isn’t in Base
OS Image 8
Windows Intune Limitations Compared to SCCM 10
Windows 7 BranchCache Shares Files Between Peers on a
Subnet 11
Windows 7 boosts SCCM BDP Connections from
10 to 20 12
Next version of SCCM embraces Role Based Access Control
and BranchCache 12

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 3

Preflight checklist for SCCM Windows 7 Deployment


By Mel Beckman
Whether you’re migrating to Windows 7 or deploying it “green templates. We all have a few 32-bit-only applications that keep us
field,” you’ll want to use SCCM 2007’s Operating System Deploy- chained to the smaller bit size.
ment (OSD) tools to install a customized Windows 7 for your
environment. SCCM 2007’s capture-and-deploy process lets you The creation process is simple: install Windows 7, apply all
deploy Windows 7 in massive quantities with no intervention— Windows updates (which may take several iterations), and apply
a totally touch-free installation! To pull that off, however, you’ll optional Windows updates, such as .NET 4, that may be required
need to follow this preflight checklist, which outlines the steps for your environment. Any Windows IT admin worth his or her
required for setting up capture-and-deploy, and prepositions you salt knows this drill. A couple tips: (1), use USB installation media
for pushing Windows 7 to new machines or to upgrade existing (see detailed article following this one), and (2) avoid adding any
ones. device-specific Windows updates, such as new sound card drivers
and the like. You want this Windows 7 installation to be as clean
If you’re like most of us, you won’t be performing this process as possible. You’ll add drivers later—this Windows 7 installation is
frequently—perhaps once or twice a year. So keep a log of what just a template for further customization.
you’ve done for future reference; you’ll thank yourself later!
3. Customize the reference machine. You’re now ready to
1. Create a provisioning account. Microsoft’s best practice “put the tune on” your reference installation. Log into your newly
for SCCM OSD is to always use a separate account for provision- minted Windows 7 box, go to Control Panel->Programs->Turn
ing, rather than using your administrator account. So create a Windows Features On or Off and activate additional compo-
dedicated account in Active Directory to use only for SCCM OS nents, such as SNMP or Telnet, needed for your environment.
deployment processes. Grant the provisioning account the fol- Make sure the machine stays in a workgroup and does not join
lowing rights: your domain, and leave the administrator account password
blank. Setting an administrator password needlessly complicates
• Access rights to the Active Directory OU(s) to contain the subsequent steps.
computer account objects
• Add rights for resource objects to the SCCM database If you need to configure any regional settings, do that now as well.
Go to Control Panel->Clock, Language, and Region, and set
• Read rights to the location where the OS image files
your time zone, date and time format (such as 24-hour time), and
(.WIMs) will be stored
any language customizations you desire. You could also install
As part of this step, you’ll also want to create a folder to hold OS some common “default” applications at this point, such as Adobe
image files—for example, C:\CapturedOSimages, and share this Acrobat Reader. But it’s better to hold off on those—you’ll be
folder out. It will be used to receive the final OS image. happier having SCCM manage applications separately from the
OSD image. Separating application installation also means you
2. Create a reference machine. You need a piece of real hard- won’t have to re-image should a critical update be needed for
ware template Windows 7 installation customized to your taste. those apps.
This can be any old machine—a cast-off laptop, a maintenance
spare, whatever—that is capable of running Windows 7. Of 4. Create USB capture media. The “USB capture media” is just
course, the faster the hardware, the less time you’ll spend in the a USB key—with only a few hundred K capacity—containing the
reference machine build process, so don’t scrimp on CPU speed runtime code and script that performs the image capture, pushing
and memory if you don’t have to. The machine should be 64-bit the image to the share you created in Checklist Item 1. You’ll run
capable, so that you can create both 32-bit and 64-bit Windows 7 it later on the reference machine and stand back—the capture

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 4

process is fully automated. In SCCM, navigate to SCCM Com- System Deployment->Operating System Images, and select
puter Management->Operating System Deployment->Task Add an Operating System Image. Choose the .WIM file from
Sequences->Create Task Sequence media. Select your USB key the build-and-capture folder, and SCCM will import it. You’re now
and then unmount it at completion. ready for deployment.

5. Perform the image capture. Insert the USB key on ref For many shops, you can deploy the image as-is. Some client
machine, run the .exe it contains. The reference machine will ex- platforms, however, may require special drivers for non-generic
ecute the task sequence stored on the key, reboot the machine, NIC, disk, and video hardware. If that’s the case, you’ll need to add
and start the capture process. It will boot into WinPE, change drivers to your deployment process, which is its own complex
to the Out of Box Experience (OBE), then transfer the image to topic outside the scope of this preflight checklist. A great source
the SCCM server share as a .WIM (Windows Image) file. You’ll be for guidance is Hayes Jupe’s blog entry “SCCM OSD – Driver best
prompted to enter a few values, including the destination share practices”:
for the image. The whole process takes less than 15 minutes on
an uncongested gigabit network. http://hayesjupe.wordpress.com/sccm-osd-driver-best-practices

6. Import the captured image into SCCM. You’ve finished You’re now ready to begin the deployment process best suited to
build-and-capture. Now you’re ready to prep SCCM for deploy- your needs, which involves creating a task sequence and adver-
ment. Navigate to SCCM Computer Management->Operating tising it, and selecting various installation or migration options.

SCCM Windows Deployment Tip: Using USB Installation


Media
By Mel Beckman
Although you can build a reference machine the old fashioned http://www.winsupersite.com/article/windows-7/install-win-
way, using CD or DVD installation media, installing Windows 7 us- dows-7-with-a-usb-memory-key
ing USB bootable media is way faster. Create one USB thumb drive
for 32-bit, one for 64-bit. The process is straightforward and widely USB installation is many times faster than disc-based installs
documented. The steps are well documented in Paul Thurrott’s because the media itself has no moving parts. You’re essentially
excellent article “Install Windows 7 With a USB Memory Key”: installing at system memory speed.

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 5

SCCM Windows Deployment Tip: Use a Key Management


Server
By Mel Beckman
Windows 7 has two kinds of Enterprise product keys: the Multiple is trivial and widely documented; Microsoft even has a movie
Activation Key (MAK), which hard-codes the license key on the illustrating the process (http://tinyurl.com/kmsmovie).
destination machine and will never require re-activation, and the
Key Management System (KMS) key. Using a MAK key requires You need not run the KMS on an actual server—it’s simple to
running through the manual activation process, which is a touch run even on a Windows 7 client box. Once the server is up and
to the workstation for you, or a pain in the neck for the user. If running, all future Win7 machines will find it on your network
you forget to perform the activation, the user logging in as non- automatically and self-activate, even without Internet access. A
administrator won’t be able to perform that step. You’ve then bonus security feature of KMS is that the Win7 clients must reac-
created a time bomb: The computer will shut down at some tivate with the KMS every few months, which automatically limits
future date, demanding activation, causing user heartburn and the usability of lost or stolen computers. In a shared virtualization
you tech support pain. (e.g., private cloud) environment, KMS also prevents cloud users
from absconding with your Windows licenses by dint of copying
Instead, it’s better to deploy a Key Management Server in your
its VHD.
organization and use the KMS license method. Setting up a KMS

SCCM 2007 SP2 required for Windows 7/2008 OS


Deployment
By John Savill

Q. What versions of System Center


Configuration Manager (SCCM) 2007
support Windows 7 and Windows Server
2008 R2 SP1?
A. On March 24, 2011, Microsoft announced that SCCM
2007 SP2, R2, and R3 all support Windows 7 SP1 and Windows
Server 2008 R2 SP1 operating systems for client installation. This
includes deployment of these OSes and hosting of roles and
consoles where supported by the OS. This announcement on
TechNet (http://tinyurl.com/sccmwin7) provides full details, along
with two updates required for full SP1 support.

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 6

DirectAccess gives Internet-based SCCM clients seamless


remote control
By John Savill

Q. All my System Center Configuration infrastructure services, including SCCM, to have access to the In-
ternet-based machines. With DirectAccess, clients on the Inter-
Manager (SCCM) Internet-based clients
net are treated as though they’re still on the corporate network,
are running Windows 7 and are Direct
and therefore SCCM can manage them as such. So if all your
Access enabled. Do I still need to use the
Internet clients are DirectAccess enabled, you’re not required
SCCM Internet-Based Client Management
to use SCCM Internet-Based Client Management. Because the
feature?
clients are treated as if they’re on the corporate network, certain
A. The Internet-Based Client Management feature of SCCM features (such as Remote Control) that aren’t available for SCCM
allows clients that are connected to the Internet without a VPN Internet-Based Client Management computers will be avail-
connection into the corporate network to be managed by SCCM able when you use DirectAccess. Note that OS Deployment still
through the use of certificates to protect the communications. won’t function, because DirectAccess relies on certificates and
There are certain SCCM features that aren’t supported when us- domain membership, and those won’t be available on a newly
ing the Internet-based management features, including Remote deployed OS.
Control, OS Deployment, and Network Access Protection.
Here’s a great Microsoft blog entry that goes into more detail on
DirectAccess lets clients connected to the Internet have full DirectAccess and SCCM: http://tinyurl.com/sccmdirectaccess.
connectivity to corporate resources and also allows corporate

Create a Windows 7-based WinPE compatible with SCCM


By John Savill

Q. How can I create a Windows 7-based machine that has the latest Windows Automated Installation Kit
(WAIK) installed. Make sure you open the WAIK command prompt
Windows Preinstallation Environment
to run the commands below that are in bold. In my example, I’m
(WinPE) that’s compatible with System
creating the image in the folder d:\temp\winpe_amd64, so if you
Center Configuration Manager (SCCM)?
use a different path, update your commands appropriately.
A. SCCM 2007 comes with two PE images—one 32-bit and
one 64-bit—that are used to capture and deploy OSes. You can C:\Program Files\Windows AIK\Tools\PETools>
create our own WinPE environments with additional utilities and copype.cmd amd64 d:\temp\winpe_amd64
configuration and use them with SCCM, you just need to make =========================================
sure you add the scripting and WMI packages. Creating Windows PE customization working
directory
Below is a transcript of the Windows command line instructions d:\temp\winpe_amd64
I used to create a new amd64 (64-bit) WinPE environment on a =========================================

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 7

1 file(s) copied. ]
1 file(s) copied. The operation completed successfully.
d:\temp\winpe_amd64> dism /image:d:\
C:\Program Files\Windows AIK\Tools\PETools\ temp\winpe_amd64\mount /add-package /
amd64\EFI\microsoft\boot\fonts\wgl4_boot.ttf packagepath:"c:\Program Files\Windows
7 File(s) copied AIK\tools\petools\amd64\winpe_fps\winpe-
1 file(s) copied. wmi.cab"
Success Deployment Image Servicing and Management
Updating path to include peimg, cdim- tool
age, imagex Version: 6.1.7600.16385
C:\Program Files\Windows AIK\Tools\ Image Version: 6.1.7600.16385
PETools\ Processing 1 of 1 - Add-
C:\Program Files\Windows AIK\Tools\ ing package WinPE-WMI-
PETools\..\AMD64 Package~31bf3856ad364e35~amd64~~6.1
d:\temp\winpe_amd64> dism /mount-wim / .7600.16385
wimfile:d:\temp\winpe_amd64\winpe.wim / [
index:1 /mountdir:d:\temp\winpe_amd64\mount ================
Deployment Image Servicing and Management 100.0%
tool ================
Version: 6.1.7600.16385 ]
Mounting image The operation completed successfully.
[ d:\temp\winpe_amd64> dism /unmount-wim /
================ mountdir:d:\temp\winpe_amd64\mount /commit
100.0% Deployment Image Servicing and Manage-
================ ment tool
] Version: 6.1.7600.16385
The operation completed successfully. Image File : d:\temp\winpe_amd64\winpe.wim
d:\temp\winpe_amd64> dism /image:d:\ Image Index : 1
temp\winpe_amd64\mount /add-package / Saving image
packagepath:"c:\Program Files\Windows [
AIK\tools\petools\amd64\winpe_fps\winpe- ================
scripting.cab" 100.0%
Deployment Image Servicing and Management ================
tool ]
Version: 6.1.7600.16385 Unmounting image
Image Version: 6.1.7600.16385 [
Processing 1 of 1 - Adding package WinPE- ================
Scripting-Package~31bf3856ad364e35~amd6 100.0%
4~~6.1.7600.16385 =====================]
[ The operation completed successfully.
================
100.0%
================

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 8

Deploy Microsoft App-V even if App-V Isn’t in Base OS


Image
By John Savill

Q. How can I deploy the Microsoft tion, and so might the host name, etc. The switches shown are for
demonstration only.
Application Virtualization (App-V) client
using System Center Configuration Man- Client\x64\setup.exe /s /v" /qn
ager (SCCM) if App-V isn’t in my base OS SWIPUBSVRHOST=\"savdalappv01.savilltech.
image? net\" SWIPUBSVRTYPE=\"RTSP\" SWIPUB-
A. If you’re using SCCM task sequences to deploy your OS, SVRPORT=\"554\" SWIPUBSVRDISPLAY=\"SAV
DALAPPV01\" SWIFSDRIVE=\"Q\" SWICACHE-
it’s very easy to add in a step to also deploy the App-V client.
SIZE=\"4096\""
There are two main approaches. The first is to just copy the App-V
client setup files to a folder and create a new package. Then, You need all the repeat double quotes, and note that in my
within that package create a program that calls the setup.exe distribution, I have a Client folder under the main App-V source
for the App-V client (you need one for x64 and one for x32). The folder that contains the actual main files. That’s why I have
setup.exe will install, as will prerequisite requirements such as Vi- Client\<architecture>\setup.exe. Make sure you use Browse to
sual C++ SP1 Redistributable 2005 and 2008 and the Application check that the path is correct.
Error Reporting. Within your program, add the various switches to
configure the App-V client with App-V Server (such as cache size), The above is kind of a lazy approach (but it works).The alternative
as shown here: is to actually install the prerequisites manually, then run setup.
msi (instead of setup.exe) to install the actual App-V client. Once
again, you pass switches to the setup.msi to perform the con-
figuration. If you’re deploying to Windows Vista and Windows 7,
you need to deploy the Visual C++ SP1 2005 and 2008 redistrib-
utables (you need the linked versions because they have the ATL
security update). The application error reporting is in the Support
folder of each architectures setup files and is installed from there.
If you’re deploying to Windows XP, you also need to deploy the
Microsoft Core XML Services 6.0 SP1.

You could deploy these by creating a package for each of the


components and adding a program to deploy with dependen-
cies (the best option to re-use components). Or you can put
them all in one package and use a script to call each component
one at a time, such as the following (which I saved as x64install.
bat):

start /wait %~dp0Client\prereq\vc2005\


vcredist_x86.exe /Q
My full command line from above is shown below. Note that I use start /wait %~dp0Client\prereq\vc2008\
RTSP (hence port 554)—this might be different in your organiza- vcredist_x86.exe /Q

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 9

start /wait msiexec /i %~dp0Cli-


ent\x64\Support\Watson\dw20shared.
msi APPGUID={342C9BB8-65A0-46DE-
AB7A-8031E151AF69} REBOOT=Suppress
REINSTALL=ALL REINSTALLMODE=vomus
start /wait msiexec.exe /i
%~dp0Client\x64\setup.msi
SWIPUBSVRHOST="savdalappv01.
savilltech.net" SWIPUBSVRTYPE="RTSP"
SWIPUBSVRPORT="554"
SWIPUBSVRDISPLAY="SAVDALAPPV01"
SWIFSDRIVE="Q" SWICACHESIZE="4096" /q

Note that I have switches to configure the App-V client. Also note for
the Watson (Application Error Reporting) install, the APPBUID is App-
V client version-specific. In the above, that’s the right GUID for the
4.6 SP1 client install. The full list can be found on this TechNet page, My full hierarchy of files is shown below for easy reference to
in case you want to install a different version of App-V client, but this match my configuration and install files:
FAQ is based on installing the 4.6 SP1 client.
App-V Client 4.6 SP1\x64install.bat
I also created a batch file for the x86 install:
App-V Client 4.6 SP1\x86install.bat
start /wait %~dp0Client\prereq\vc2005\ App-V Client 4.6 SP1\Client\Prereq\
vcredist_x86.exe /q vc2005\vcredist_x86.exe
start /wait %~dp0Client\prereq\vc2008\ App-V Client 4.6 SP1\Client\Prereq\
vcredist_x86.exe /q vc2008\vcredist_x86.exe
start /wait msiexec /i %~dp0Cli- App-V Client 4.6 SP1\Client\x64\setup.exe
ent\x86\Support\Watson\dw20shared. App-V Client 4.6 SP1\Client\x64\setup.msi
msi APPGUID={342C9BB8-65A0-46DE- App-V Client 4.6 SP1\Client\x64\Support\
AB7A-8031E151AF69} REBOOT=Suppress Watson\dw20shared.msi
REINSTALL=ALL REINSTALLMODE=vomus App-V Client 4.6 SP1\Client\x86\setup.exe
start /wait msiexec.exe /i App-V Client 4.6 SP1\Client\x86\setup.msi
%~dp0Client\x86\setup.msi App-V Client 4.6 SP1\Client\x86\Support\
SWIPUBSVRHOST="savdalappv01. Watson\dw20shared.msi
savilltech.net" SWIPUBSVRTYPE="RTSP"
Ideally, put each part into its own package with its own install
SWIPUBSVRPORT="554"
program. Doing it that way gives you the most reuse and self-
SWIPUBSVRDISPLAY="SAVDALAPPV01"
repair functionality. The batch file approach is a nice middle
SWIFSDRIVE="Q" SWICACHESIZE="4096" /q
option, while just calling setup.exe is certainly the fastest and
I use the same 32-bit Visual C++ install for both 32-bit and 64- easiest way but will gives a slower installation (the prerequisites
bit installs. Only the Watson version and App-V client change have to be extracted from the setup.exe for Visual C++ then
between architectures. installed).

I then create a program within the App-V client package that just No matter which method you choose, you should place the ac-
calls the x64install.bat (or x32install.bat), as shown (called BitByBit tual App-V client deployment near the end of the task sequence,
for mine, compared to the regular x64 install that uses setup.exe): where you normally deploy applications such as your malware

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 10

protection and Microsoft Office (if it’s not virtualized), as shown


below. Note that in mine, I’m also deploying the Office Deploy-
ment Kit for App-V, because I virtualize Office 2010 with App-V:

Windows Intune Limitations Compared to SCCM


By John Savill

Q. Is it true that if I cover my machines pockets of users outside of their corporate environment who they
still want to manage.
with Windows Intune, I can upgrade
those machines to Windows 7 Enterprise
and get access to the Microsoft Desktop Intune is a per-computer, per-month subscription. As part
Optimization Pack (MDOP)? of that subscription, as long as the computer has Windows
7 Professional or Business, the Intune subscription gives the
A. Windows Intune is Microsoft’s cloud-based PC manage- right to upgrade that machine to Windows 7 Enterprise. For an
ment solution. It offers some capabilities similar to the on-premise additional $1 a month per computer, MDOP can also be added,
System Center Configuration Manager (SCCM) solution, including giving access to all of MDOP’s features, including Microsoft Ap-
Microsoft update management, malware protection, inventory, plication Virtualization, Microsoft Enterprise Desktop Virtualiza-
remote assistance, and alerts and monitoring. Intune, in its current, tion, Advanced Group Policy Management, Diagnostics and
first version, doesn’t offer software or OS deployment. Intune can Recovery Toolset, Desktop Error Monitoring, and Asset Inventory
be great for organizations that can’t deploy SCCM or that have Service.

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 11

Windows 7 BranchCache Shares Files Between Peers on a


Subnet
By John Savill

Q. Can System Center Configuration As the name, and this diagram, suggests, this is primarily aimed
at distributed environments that may have a slow (high latency)
Manager (SCCM) clients take advantage
link to the main datacenter, where having 50 users download
of BranchCache?
the same 10MB file is a waste of bandwidth that will mean a
A. Windows 7 and Windows Server 2008 R2 introduced a poor end-user experience. With BranchCache enabled, the file
new feature that allowed data downloaded by one person to would be downloaded by the first person to access the file, and
be shared with peers on the same local subnet, a feature known the other 49 people will pull it from the machine that already
as distributed mode BranchCache. (An alternative is dedicated downloaded it.
mode, which is where a Server 2008 R2 server is specified to
To use BranchCache, you need Windows Server 2008 R2 to host
cache content for an entire group of computers). It looks some-
your content. Your clients must be running Windows 7 or Server
thing like this (diagram courtesy of Microsoft):
2008 R2, and BranchCache must be enabled on both the server
and clients.

The good news is that SCCM can take advantage of this func-
tionality, providing you’re running SCCM 2007 SP2 or above.
You must check the option to allow clients to transfer content
from this distribution point using BITS, HTTP and HTTPS on
the distribution point properties in the General tab of SCCM.
You also need to configure the advertisements to download
and execute, instead of running directly from the distribution
point.

Here’s a great MSDN blog that goes into more detail on this topic:
http://tinyurl.com/win7branchcache

Brought to you by Windows IT Pro


Tech Advisor • Windows IT Pro | p. 12

Windows 7 boosts SCCM BDP Connections from 10 to 20


By John Savill

Q. If I use a Windows 7 client as a information using a file share, the server service must be running
on the BDP computer.
System Center Configuration Manager
(SCCM) 2007 branch distribution point,
can I have 20 simultaneous connections
A. Windows XP SP2 client OS only supports a maximum of
10 concurrent connections to its file shares, so if you have more
instead of 10? than 10 machines at a location, understand that only 10 will

A. BDPs are a new feature in SCCM 2007 that enable a non- be able to connect at any one time. Windows 7 increases the
number of simultaneous connections to a file share from five or
server OS (you can still use a server OS) to act as a distribution
10 (depending on your OS version) in previous versions of Win-
point for a location. Windows XP SP2 and above were originally
dows to 20 in all versions of Windows 7. This means if you use a
supported as BDPs, provided the computer is part of an Active
Windows 7 client as a branch distribution point with SCCM 2007,
Directory domain, is an SCCM client, and isn’t configured to use
it will support 20 simultaneous connections instead of the five or
an Internet-based management point. Because the BDP shares
10 you received with previous versions.

Next version of SCCM embraces Role Based Access


Control and BranchCache
By Orin Thomas

Following on from Exchange Server 2010, the next version of SCCM, a peer-caching technology that allows organizations running
SCCM 2012 due out in 2012 H1, embraces the concept of Role Windows 7 to more effectively use WAN bandwidth. In the case
Based Access Control (RBAC). RBAC is a more advanced model for of the next version of SCCM, deployed files will be peer cached
allocating administrative permissions. Not only do you designate out at the branch office on the clients—meaning that you will be
what the permission is (for example, the right to meter software able to efficiently get software out to branch offices without hav-
usage) you designate where the permission applies (in the case of ing to go through the rigmarole of configuring a branch office
SCCM this might be to a particular collection of computers). deployment point.

The next version of SCCM brings a significant number of ad- Find out more about SCCM 2012 at Microsoft’s System Center
vancements, including full integration with Windows Server 2008 2012 Release Candidate portal: www.microsoft.com/en-us/
R2 and Windows 7 BranchCache technologies. BranchCache is server-cloud/system-center.

Brought to you by Windows IT Pro

You might also like