Uploaded by Jorge B

20696C LABGUIDE

advertisement
O F F I C I A L
M I C R O S O F T
20696C
L E A R N I N G
P R O D U C T
Administering System Center Configuration
Manager and Intune
L1-1
Module 1: Managing computers and mobile devices in the
enterprise
Lab A: Exploring the Configuration Manager
tools
Exercise 1: Searching in the Configuration Manager console
X Task 1: Use console filters
1. Sign in to LON-CFG as Adatum\Administrator with the password Pa$$w0rd.
2. On the taskbar, click the Configuration Manager console icon.
3. In the Configuration Manager console, in the Assets and Compliance workspace, click the Users
node.
Note: At the top of the results pane, the Users indicator shows that there are 404 items in
the results pane.
4. In the search bar, type ch, and then click Search.
The Users indicator shows that there are 45 items.
X Task 2: Use search criteria
1. Click the Devices node.
Note: At the top of the results pane, the Devices indicator shows that 16 items are in the
results pane.
2. Click the Add Criteria link. Note the available criteria for devices.
3. Click Name, and click Add.
4. In the AND Name row, in the Enter valid characters text box, type LON, and then click Search.
5. Verify that the Devices indicator now shows that there are 7 items.
6. Click the Add Criteria link.
7. Scroll down, click Operating System, and then click Add.
8. In the AND Operating System row, in the Enter valid characters text box, type Server, and then
click Search.
Note: Note that the results contain four servers LON-DC1, LON-SVR2, LON-SVR1 and
LON-CFG.
9. In the AND Operating System row, in the Enter valid characters text box, type Windows, and then
click Search.
Note: The results show that all the LON computers run a Windows operating system.
L1-2
Managing computers and mobile devices in the enterprise
X Task 3: Create and save a local node search
1. In the Configuration Manager console, click the Assets and Compliance workspace.
2. Click User Collections.
3. Double-click All Users. This runs a local node search automatically, and displays all the members of
the collection.
4. Next to the Search button, click Add Criteria, select the Name check box, and then click Add.
5. In the AND Name row, click contains, and then note the options available for refining the search.
6. Click starts with, type Adatum\T in the Enter valid characters text box, and then click Search. The
results are now limited to the adatum users whose names begin with T.
7. On the ribbon, in the Save group, click Save Current Search.
8. In the Configuration Manager dialog box, type T users, and then click OK.
X Task 4: Create and save a global search
1. Select the Overview node, and on the ribbon, click All Objects.
2. In the Search text box, type Configuration Manager, and then click Search.
Note: Notice the different Object Types and Workspaces that the search returns.
3. On the ribbon, in the Save group, click Save Current Search.
4. In the Configuration Manager dialog box, in the Search name field, type Configuration Manager
Objects, and then click OK.
5. Close the Configuration Manager console.
X Task 5: Use saved searches
1. On the taskbar, click the Configuration Manager console icon.
Note: You should notice that the sticky nodes from your previous searches were closed
when the console was closed.
2. On the ribbon, click Saved Searches. This displays a drop-down list of the saved searches categories.
Note: The only available option is global searches: Manage Searches for All Objects.
3. In the Configuration Manager console, click the Assets and Compliance workspace.
4. Click the User Collections node.
5. Click Saved Searches, and click Manage Searches for Current Node. Note that no searches are
available, and click Cancel.
6. Double-click the All Users collection.
7. On the ribbon, click the Home tab.
8. Click Saved Searches, and click Manage Searches for Current Node. Note that the T users search is
available, and click Cancel.
Administering System Center Configuration Manager and Intune
L1-3
9. Click the Device Collections node.
10. On the ribbon, click Saved Searches, and then click Manage Searches for All Objects.
11. Click the Configuration Manager Objects search, and click OK.
Note: This displays the same results as before.
Results: At the end of this exercise, you should have performed both local node and global searches. You
also should have refined the local node search and saved the custom local node search for future use.
Finally, you should have observed the differences between saving a global search and saving a local node
search. You can view the expected results in the lab answer key.
Exercise 2: Using Windows PowerShell with Configuration Manager
X Task 1: View all commands related to Configuration Manager
1. In the Configuration Manager console, in the upper-left corner, click the Down Arrow, and then click
Connect via Windows PowerShell.
2. When prompted in the Windows PowerShell window, on the keyboard, press A, and then press Enter.
3. To view all of the cmdlets in the Configuration Manager module for Windows PowerShell, at the
Windows PowerShell command prompt, type the following command, and then press Enter:
Get-Command –Module ConfigurationManager | Out-Gridview
4. Review the commands, and close the Get-Command –Module ConfigurationManager | OutGridview dialog box.
X Task 2: View Configuration Manager information
1. To view a list of devices, in the Windows PowerShell window, type the following command, and then
press Enter:
Get-CMDevice | ft Name, ADSiteName, SiteCode, DeviceOS
2. To view a list of distribution points, in the Windows PowerShell window, type the following command,
and then press Enter:
Get-CMDistributionpoint
3. To view a list of management points, in the Windows PowerShell window, type the following
command, and then press Enter:
Get-CMManagementPoint | ft NetworkOSPath, RoleName, SiteCode, RoleCount
4. To view a list of packages, in the Windows PowerShell window, type the following command, and
then press Enter:
Get-CMPackage | ft Name, Description, PkgSourcePath
L1-4
Managing computers and mobile devices in the enterprise
5. To view a list of applications, in the Windows PowerShell window, type the following command, and
then press Enter:
Get-CMApplication | ft LocalizedDisplayName, SourceSite
6. To view a list of sites, in the Windows PowerShell window, type the following command, and then
press Enter:
Get-CMSite | ft SiteName, SiteCode, ServerName
7. To view a list of users, in the Windows PowerShell window, type the following command, and then
press Enter:
Get-CMUser | ft Name, Domain
8. To view a list of user collections, in the Windows PowerShell window, type the following command,
and then press Enter:
Get-CMUserCollection | ft Name, Comment, MemberCount
9. To view a list of device collections, in the Windows PowerShell window, type the following command,
and then press Enter:
Get-CMDeviceCollection | ft Name, Comment, MemberCount
10. Close the Administrator: Windows PowerShell window.
Results: At the end of this exercise, you will have used Windows PowerShell to determine information
about Configuration Manager devices, distribution and management points, packages, applications, sites,
users, and user and device collections.
Exercise 3: Using Configuration Manager Service Manager to manage
components
X Task 1: Configure the log file size for a single component
1. Click the Monitoring workspace, and expand the System Status folder.
2. Click the Component Status node.
3. On the ribbon, click the Home tab, click the Start drop-down list box, and then click Configuration
Manager Service Manager.
4. Click to expand S01, and click Components.
5. In the right pane, scroll down, right-click SMS_POLICY_PROVIDER, and then click Logging.
6. In the Configuration Manager Component Logging – Single Component dialog box, set the Log
Size (MB): scroll box to 5.
7. From the Log filename field, write down the name of the log file that displays.
8. To close the Configuration Manager Component Logging – Single Component dialog box,
click OK.
Administering System Center Configuration Manager and Intune
L1-5
X Task 2: Manage Configuration Manager components
1. Right-click SMS_POLICY_PROVIDER, and click Select All.
2. Right-click one of the selected components, and click Query.
3. To dismiss the Configuration Manager Service Manager dialog box, click OK. You can dismiss the
messages about error communicating with components. This message indicates that some
components are not configured, which is expected.
4. Scroll through the list of services, and note that some services are not running. To remove the
highlighting, click SMS_POLICY_PROVIDER.
5. Right-click SMS_POLICY_PROVIDER, and click Stop. Note that the status display does not change.
6. Right-click SMS_POLICY_PROVIDER, and click Query.
7. Right-click SMS_POLICY_PROVIDER, and click Start.
8. Right-click SMS_POLICY_PROVIDER, and click Query.
9. Close the Configuration Manager Service Manager.
Results: At the end of this exercise, you should have used Configuration Manager Service Manager to
manage Configuration Manager components by adjusting the log file sizes, and stopping and starting
components.
Exercise 4: Monitoring Site and Component Status
X Task 1: Examine the Site Status node
1. Click the Site Status node.
2. Examine the Site Status node.
Note: All of the icons should have a green circle with a white check mark to indicate that
they are okay. If there are any red circles with a white X (Critical), notify your instructor.
X Task 2: View Site Status messages
1. Under Site System Role, right-click the Site server role, click Show Messages, and then click All.
2. In the Status Messages: Set Viewing Period dialog box, retain the default settings, and then
click OK.
3. In Configuration Manager Status Message Viewer for <S01> <Adatum Site>, click View, and then
click Filter.
4. In the Message ID: text box, type 5104, and then click OK.
5. Double-click the status message for the latest milestone from SMS_POLICY_PROVIDER.
6. Examine the status message, and write down the Process ID information.
7. To close the Status Message Details dialog box, click OK, and then close the Configuration Manager
Status Message Viewer for <S01> <Adatum Site>.
L1-6
Managing computers and mobile devices in the enterprise
X Task 3: View Component Status messages
1. Click the Component Status node, and examine the status of the components.
Note: If any of the components display a red circle with a white X, notify your instructor.
2. Right-click SMS_POLICY_PROVIDER, click Show Messages, and then click All.
3. In the Status Messages: Set Viewing Period dialog box, retain the default settings, and then
click OK.
4. Note the number of entries between the latest 5104 milestone and the previous 5104 milestone.
5. Double-click the latest 5104 status message, and examine the status message.
Note: This is the same status that you reviewed in the previous task.
6. To close the Status Message Details dialog box, click OK.
7. Close Configuration Manager Status Message Viewer for <S01> <Adatum Site>, and close the
Configuration Manager console.
Results: At the end of this exercise, you should have examined the status messages for a site system and a
component.
Exercise 5: Reviewing log files by using the Configuration Manager Trace
tool
X Task 1: Use the Configuration Manager Trace Log tool
1. On the taskbar, click the File Explorer icon.
2. Navigate to the C:\Program Files\Microsoft Configuration Manager\tools folder.
3. Right-click cmtrace.exe, and click Pin to Taskbar.
4. On the taskbar, click the Configuration Manager Trace Log Tool icon.
5. In the Configuration Manager Trace Log Tool, click File, and then click Open.
6. Scroll down, click the Policypv.log file, and then click Open.
7. Click Tools, and click Highlight. In the Highlight text box, type 5104, and then click OK.
8. Click Tools, and click Find. In the Find text box, type the Process ID that you recorded earlier, and
then click Find.
9. To find the next entry, press the F3 key, and repeat until there are no more new responses.
10. Scroll up until you see the previous highlighted entry. Note the number of entries between the two
milestones.
Question: How does the number of events between milestones compare to the number of events
shown in the status message viewer?
Answer: Typically there are more entries in the log file than in the status message viewer.
Administering System Center Configuration Manager and Intune
L1-7
11. Click Tools, and click Filter.
12. In the Filter Settings dialog box, select the Filter when the Entry Text check box.
13. In the Filter when the Entry Text drop-down list box, click contains.
14. In the text box next to the Filter when the Entry Text drop-down list box, type the Process ID that
you recorded earlier, and then click OK.
15. Close the Configuration Manager Trace Log tool.
X Task 2: To prepare for the next lab
Leave the 20696C-LON-DC1-A and 20696C-LON-CFG-A virtual machines running for use in the next lab.
Results: At the end of this exercise, you should have used the Configuration Manager Trace Log tool to
review a component log file.
L1-8
Managing computers and mobile devices in the enterprise
Lab B: Creating queries and configuring
reporting services
Exercise 1: Creating data queries
X Task 1: Create a marketing user’s query
1. On LON-CFG, if the Configuration Manager console is not open already, on the taskbar, click the
Configuration Manager Console icon.
2. Click the Monitoring workspace, and click Queries.
3. Right-click the Queries node, and click Create Query.
4. In the Create Query Wizard, on the General page, in the Name text box, type Marketing Users, and
then click Import Query Statement.
5. In the Browse Query dialog box, in the Queries box, click All Users, and then click OK.
6. In the Create Query Wizard, on the General page, click Edit Query Statement, and then click the
Criteria tab.
7. In the Marketing Users Query Statement Properties dialog box, click New (
).
8. In the Criterion Properties dialog box, click Select.
9. In the Select Attribute dialog box, in the Attribute class drop-down list box, click User Resource.
10. In the Attribute drop-down list box, click User Group Name, and then click OK.
11. In the Criterion Properties dialog box, verify that in the Operator box, the is equal to option is
selected.
12. In the Value text box, use the Value... button to browse to ADATUM\Marketing, and then click OK
twice.
13. In the Marketing Users Query Statement Properties dialog box, click OK.
14. In the Create Query Wizard, on the General page, click Next.
15. On the Summary page, click Next, and then on the Completion page, click Close.
X Task 2: Create a query for sales or research users
1. Right-click the Queries node, and click Create Query.
2. In the Create Query Wizard, on the General page, in the Name text box, type Sales or Research
Users, and then click Import Query Statement.
3. In the Browse Query dialog box, in the Queries box, click All Users, and then click OK.
4. In the Create Query Wizard, on the General page, click Edit Query Statement, and then click the
Criteria tab.
5. In the Sales or Research Users Query Statement Properties dialog box, click New (
).
6. In the Criterion Properties dialog box, click the Criterion Type drop-down list, and then select List
of values.
7. Click Select.
8. In the Select Attribute dialog box, in the Attribute class list, click User Resource.
9. In the Attribute list, click User Group Name, and then click OK.
Administering System Center Configuration Manager and Intune
L1-9
10. In the Criterion Properties dialog box, verify that in the Operator box, the is in option is selected.
11. In the Value to add text box, type ADATUM\Sales, and then click Add.
12. In the Value to add text box, type ADATUM\Research, click Add, and then click OK.
13. In the Sales or Research Users Query Statement Properties dialog box, click OK.
14. In the Create Query Wizard, on the General page, click Next.
15. On the Summary page, click Next.
16. On the Completion page, click Close.
X Task 3: Run the user data queries
1. Right-click the Marketing Users query, and click Run.
2. Review the results, which should include 71 users.
3. Click the Queries node, right-click the Sales or Research Users query, and then click Run.
4. Review the results, which should include 113 users.
Results: After this exercise, you should have created and tested data queries in Configuration Manager.
Exercise 2: Creating subselect queries
X Task 1: Create a query for users who are in the Marketing group
1. Right-click the Queries node, and click Create Query.
2. In the Create Query Wizard, on the General page, in the Name text box, type All Marketing Users.
3. In the Object Type drop-down list box, click User Resource, and then click Edit Query Statement.
4. In the All Marketing Users Query Statement Properties dialog box, on the General tab, click New
( ).
5. In the Result Properties dialog box, click Select.
6. In the Select Attribute dialog box, in the Attribute drop-down list box, click Unique User Name,
and then click OK.
7. In the Result Properties dialog box, click OK.
8. In the All Marketing Users Query Statement Properties dialog box, click the Criteria tab, and then
click New ( ).
9. In the Criterion Properties dialog box, click Select.
10. In the Select Attribute dialog box, in the Attribute Class list, click User Resource.
11. In the Attribute list, click User Group Name, and then click OK.
12. In the Criterion Properties dialog box, verify that in the Operator box, the is equal to option is
selected.
13. In the Value text box, type ADATUM\Marketing, and then click OK.
14. In the All Marketing Users Query Statement Properties dialog box, click OK.
L1-10
Managing computers and mobile devices in the enterprise
15. In the Create Query Wizard, on the General page, click Next.
16. On the Summary page, click Next.
17. On the Completion page, click Close.
X Task 2: Create a query for users who are not in the Marketing group
1. Right-click the Queries node, and click Create Query.
2. In the Create Query Wizard, on the General page, in the Name text box, type Users Not in the
Marketing Group, and then click Import Query Statement.
3. In the Browse Query dialog box, in the Queries box, click All Users, and then click OK.
4. In the Create Query Wizard, on the General page, click Edit Query Statement, and then click the
Criteria tab.
5. In the Users Not in the Marketing Group Query Statement Properties dialog box, click New (
).
6. In the Criterion Properties dialog box, in the Criterion Type drop-down list, click SubSelected
values, and then click Select.
7. In the Select Attribute dialog box, in the Attribute class list, click User Resource.
8. In the Attribute list, click Unique User Name, and then click OK.
9. In the Criterion Properties dialog box, in the Operator list, select is not in.
10. Click the Browse button, browse to and select the All Marketing Users query, and then click OK.
11. In the Criterion Properties dialog box, click OK.
12. In the Users Not in the Marketing Group Query Statement Properties dialog box, click OK.
13. In the Create Query Wizard, on the General page, click Next.
14. On the Summary page, click Next.
15. On the Completion page, click Close.
16. Right-click the Users Not in the Marketing Group query, and click Run.
17. Review the results, which should include 303 users.
18. Minimize the Configuration Manager console.
Results: After this exercise, you should have created and tested a subselected data query in Configuration
Manager.
Exercise 3: Configuring a reporting services point
X Task 1: Configure SSRS
1. On LON-CFG, on the Start screen, click the SQL Server 2014 Reporting Services Configuration
Manager tile.
2. In the Reporting Services Configuration Connection dialog box, click Connect.
3. In Reporting Services Configuration Manager:LON-CFG\MSSQLSERVER, click the Service Account
node.
4. Set the Reporting Services, in the Network Service drop-down list, select the Local System account.
Administering System Center Configuration Manager and Intune
L1-11
5. Click Apply.
6. Click the Web Service URL node, and review the default settings. Click Apply.
7. On the Database page, click Change Database.
8. In the Report Server Database Configuration Wizard, on the Action page, ensure Create a new
report server database is selected, and then click Next.
9. On the Database Server page, click Test Connection. If successful, click OK, and then click Next. If
not successful, contact your instructor.
10. On the Database page, click Next.
11. On the Credentials page, click Next.
12. On the Summary page, click Next.
13. On the Progress and Finish page, click Finish.
14. In Reporting Services Configuration Manager:LON-CFG\MSSQLSERVER, click the Report Manager
URL node. Verify the URL, and click Apply.
15. Click the URL and verify the SQL Server Reporting Services Home page appears. If the Set up
Internet Explorer 11 window appears, click Ask me later.
16. Close Internet Explorer.
17. In Reporting Services Configuration Manager:LON-CFG\MSSQLSERVER, click Exit.
X Task 2: Install and configure the Reporting Services point role
1. Restore the Configuration Manager console.
2. Click the Administration workspace, and expand Site Configuration.
3. Click Servers and Site Systems Roles.
4. Right-click \\LON-CFG.Adatum.com, and click Add Site System Roles.
5. In the Add Site System Roles Wizard, on the General page, click Next.
6. On the Proxy page, click Next.
7. On the System Role Selection page, select the Reporting services point check box, and then click
Next.
8. On the Reporting Services Point page, click Verify.
9. On the Reporting Services Point page, click Set, and then click New Account.
10. In the Windows User Account box, click Browse and type Adatum\Administrator, and then
click OK.
11. In the Password and Confirm password fields, type Pa$$w0rd, and then click OK.
12. On the Reporting services point page, click Next.
13. Review the Summary page, and click Next.
14. On the Completion page, click Close.
15. Open File Explorer, and navigate to and open the C:\Program Files\Microsoft Configuration
Manager\Logs\srsrpsetup.log file.
16. Monitor the reporting services point installation by using the srsrpsetup.log file. Disregard any error
that references the deletion of an old installation directory. This will not affect the installation.
L1-12
Managing computers and mobile devices in the enterprise
X Task 3: Test the reporting services point in the Configuration Manager console
1. In the Monitoring workspace, expand Reporting, and then click Reports.
Note: You may need to refresh the console until all reports display.
2. Expand Reports, and click Users.
3. Right-click the Users in a specific domain report, and click Run.
4. In the Users in a specific domain window, click Values.
5. In the Parameter Value dialog box, click ADATUM, and then click OK.
6. In the Users in a specific domain window, click View Report.
7. Close the Users in a specific domain window, and then minimize the Configuration Manager
console.
X Task 4: Test the reporting services point in the Reporting Services website
1. Open Internet Explorer. In the Address bar, type http://LON-CFG/Reports, and then press Enter.
2. Click the ConfigMgr_S01 link, and click the Users folder.
3. Click the Count users by domain report.
4. View the results, and close Internet Explorer.
Results: After this exercise, you should have configured a reporting services point and tested it by
opening reports both in the Configuration Manager console and on the SSRS website.
Exercise 4: Creating a report by using Report Builder
X Task 1: Create a query to find all the systems with an application
1. Restore the Configuration Manager console.
2. Click the Queries node.
3. Right-click the Queries node, and select Create Query.
4. In the Create Query Wizard, on the General page, in the Name text box, type Applications installed
on a computer, and then click Edit Query Statement.
5. In the Applications installed on a computer Query Statement Properties dialog box, select the
Omit duplicate rows (select distinct) check box.
6. In the Applications installed on a computer Query Statement Properties dialog box, on the
General tab, click New (star icon).
7. In the Result Properties dialog box, click Select.
8. In the Select Attribute dialog box, click the Attribute drop-down list box, click NetBIOS Name, and
then click OK.
9. In the Result Properties dialog box, click OK.
10. In the Applications installed on a computer Query Statement Properties dialog box, on the
General tab, click New.
Administering System Center Configuration Manager and Intune
L1-13
11. In the Result Properties dialog box, click Select.
12. In the Select Attribute dialog box, click the Attribute class drop-down list box, click Installed
Applications, click the Attribute drop-down list box, click Display Name, and then click OK.
13. In the Result Properties dialog box, click OK.
14. In the Applications installed on a computer Query Statement Properties dialog box, on the
General tab, click New.
15. In the Result Properties dialog box, click Select.
16. In the Select Attribute dialog box, click the Attribute class drop-down list box, click Installed
Applications, click the Attribute drop-down list box, click Install Date, and then click OK.
17. In the Result Properties dialog box, click OK.
18. In the Applications installed on a computer Query Statement Properties dialog box, on the
General tab, click New.
19. In the Result Properties dialog box, click Select.
20. In the Select Attribute dialog box, click the Attribute drop-down list box, click Last Logon User
Name, and then click OK.
21. In the Result Properties dialog box, click OK.
22. In the Applications installed on a computer Query Statement Properties dialog box, on the
Criteria tab, click New.
23. In the Criterion Properties dialog box, click Select.
24. In the Select Attribute dialog box, in the Attribute Class list, click Installed Applications.
25. In the Select Attribute dialog box, in the Attribute list, click Display Name, and then click OK.
26. In the Criterion Properties dialog box, in the Operator drop-down list box, click is equal to.
27. In the Value text box, type Microsoft Silverlight, and then click OK.
28. In the Applications installed on a computer Query Statement Properties dialog box, click OK.
29. In the Create Query Wizard, on the General page, click Next.
30. On the Summary page, click Next.
31. On the Completion page, click Close.
X Task 2: Create a query to find all installed applications
1. Right-click the Queries node, and select Create Query.
2. In the Create Query Wizard, on the General page, in the Name text box, type Installed
Applications, and then click Edit Query Statement.
3. In the Installed Applications Query Statement Properties dialog box, select the Omit duplicate
rows (select distinct) check box.
4. In the Installed Applications Query Statement Properties dialog box, on the General tab,
click New.
5. In the Result Properties dialog box, click Select.
6. In the Select Attribute dialog box, click the Attribute class drop-down list box, click Installed
Applications, click the Attribute drop-down list box, click Display Name, and then click OK.
L1-14
Managing computers and mobile devices in the enterprise
7. In the Result Properties dialog box, in the Sort drop-down list box, click Ascending, and then
click OK.
8. Click OK.
9. In the Create Query Wizard, on the General page, click Next.
10. On the Summary page, click Next.
11. On the Completion page, click Close.
X Task 3: Run the queries and view the SMSProv.log
1. Right-click the Applications installed on a computer query, and click Run.
2. Click the Queries node, right-click the Installed Applications query, and click Run.
3. On the taskbar, click the Configuration Manager Trace Log Tool icon.
4. In the Configuration Manager Trace Log Tool, click File, and then click Open.
5. Scroll down, click the Smsprov.log file, and then click Open.
6. Click Tools, and click Find. In the Find text box, type Microsoft Silverlight, and then click Find.
7. Press the F3 key until the line containing the Execute SQL = select distinct
SMS_R_System.Netbios_Name0... statement is selected.
8. Copy everything from select distinct to Microsoft Silverlight and paste it in Notepad.
9. At the end of the query, replace N’Microsoft Silverlight’ with (@AppName), and then set the file
aside for later use.
10. In the Configuration Manager Trace Log Tool, click Tools, and then click Find. In the Find text box,
type DisplayName, and then click Find.
11. Press the F3 key until the line containing the Execute SQL = select distinct
__System_ADD_REMOVE_PROGRAMS0... statement is selected.
12. Copy everything from select distinct to DisplayName00 and paste it in Notepad for later use. Leave
space between the two queries.
X Task 4: Create a custom report using the Report Builder
1. Restore the Configuration Manager console.
2. Click the Reports node.
3. Right-click the Reports node, and select Create Report.
4. In the Create Report Wizard, on the Information page, in the Name field, type Systems with
Installed Applications.
5. Click Browse, select Hardware – General, and then click OK.
Note: The query that is being used for the report is based on the Add Remove Programs
inventory, which is gathered as part of the Hardware Inventory process.
6. In the Create Report Wizard, on the Information page, click Next.
7. On the Summary page, click Next, and then on the Completion page, click Close.
8. In the Application Run – Security Warning dialog box, click Run.
9. Once the Report Builder has completed launching, click Table or Matrix in the Design Surface.
Administering System Center Configuration Manager and Intune
L1-15
10. In the New Table or Matrix Wizard, on the Choose a dataset page, select create a dataset, and then
click Next.
11. On the Choose a connection to a data source page, click Test Connection, and in the Test
Connection Result dialog box, click OK, and then click Next.
12. In the Enter Data Source Credentials security box, type Pa$$w0rd, and then click OK.
13. On the Design a query page, click the Edit as text button.
14. Copy the first query from Notepad, and paste it in the Design a query window.
15. Test the query by clicking the red exclamation point.
16. In the Define Query Parameters box, in the <blank> field, type Microsoft Silverlight, and then
click OK.
17. If the query was successful, click Next. If there was an error, notify the instructor.
18. On the Arrange fields page, drag all four fields into the Values box, and then click Next.
19. On the Choose the layout page, click Next.
20. On the Choose a style page, select one style, and then click Finish.
21. In the Report Data pane, right-click Datasets, and then click Add Dataset.
22. In the Dataset Properties window, in the Name field, type PickList.
23. Choose Use a dataset embedded in my report.
24. Click the Data source drop-down list, and click AutoGen__xxxxxx.
25. Copy the second query from Notepad, and paste it in the query field.
26. Click the Query Designer… button.
27. In the Query Designer window, test the query by clicking the red exclamation point.
28. If the query was successful, click OK. If the query generated an error or did not generate a list of
applications, inform the instructor.
29. In the Dataset Properties window, click Fields, and in the Field Name text box, type Applications.
30. In the Dataset Properties window, click OK.
31. In the Report Data pane, expand Parameters, right-click the AppName parameter, and then click
Parameter Properties.
32. In the Report Parameter Properties dialog box, click Available Values, and then select Get values
from a query.
33. From the Dataset drop-down list, select PickList, and from the Value field drop-down list, select
Applications, and from the Label field drop-down list, select Applications.
34. In the Report Parameter Properties dialog box, click OK.
35. Click the Insert tab, and customize the report layout as desired. Some suggestions are:
o
Resize the width of the report.
o
Resize the table to the width of the report.
o
Drag the @AppName parameter from the Report Data pane to the top of the report, type
Systems with to the left of @AppName, and format it.
L1-16
Managing computers and mobile devices in the enterprise
36. To test your customizations without saving them, on the ribbon, click Home tab and then click the
Run button.
37. When your customizations are complete, click the Save button, and close the Report Builder.
X Task 5: Run the custom report
1. In the Monitoring workspace, expand Reporting, and then click Reports.
2. Expand Reports, and click Hardware - General.
3. Right-click the Systems with Installed Applications report, and click Run.
4. Next to the App Name field, click Values.
5. In the Parameter Value dialog box, click Microsoft Silverlight, and then click OK.
6. In the Systems with Installed Applications window, click View Report.
7. Close the Systems with Installed Applications window, and minimize the Configuration Manager
console.
X Task 6: To prepare for the next module
After you finish the lab, revert the virtual machines to their initial state. To do this, complete the following
steps.
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-A, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-A.
Results: After this exercise, you should have created and viewed a custom report.
L2-17
Module 2: Preparing the management infrastructure to
support PCs and mobile devices
Lab A: Configuring boundaries and resource
discovery
Exercise 1: Configuring boundaries and boundary groups
X Task 1: Configure boundaries
1. On LON-CFG, on the taskbar, click the Configuration Manager Console icon.
2. In the System Center Configuration Manager console, click the Administration workspace, and then
expand Hierarchy Configuration.
3. Click Discovery Methods, and then click Active Directory Forest Discovery.
4. On the ribbon, click Properties.
5. In the Active Directory Forest Discovery Properties dialog box, select the following check boxes:
o
Enable Active Directory Forest Discovery
o
Automatically create Active Directory site boundaries when they are discovered
Do not select the Automatically create IP address range boundaries for IP subnets when they
are discovered check box.
6. To close the Active Directory Forest Discovery Properties dialog box, click OK.
7. When you see the Do you want to run full discovery as soon as possible? message, click Yes.
Note: Before continuing, wait approximately one minute for the discovery to complete and
for boundary objects to be created.
8. Click the Boundaries node, and then refresh the details pane. It might take a minute or two for the
results to display.
Note: Do not continue until you see the following boundaries created by the Active
Directory Forest Discovery method:
• Sydney
•
Toronto
X Task 2: Configure boundary groups
1. In the Administration workspace, expand Hierarchy Configuration, and then click the Boundary
Groups node.
Note: Notice the London boundary group in the results pane. This has been preconfigured
for the labs in this course.
2. Right-click London, and then click Properties. Notice that AdatumHQ is the only member of this
group.
L2-18
Preparing the management infrastructure to support PCs and mobile devices
3. Click the References tab.
Note: Notice that the S01-Adatum Site is used for site assignment for all clients that are
part of the boundaries assigned to this boundary group. LON-CFG.Adatum.com is configured
as policy and content location for the boundary group, and its network connection is considered
fast.
4. To close the London Properties dialog box, click OK.
5. Right-click Boundary Groups, and then click Create Boundary Group.
6. In the Name box, type Toronto, and then click Add.
7. In the Add Boundaries dialog box, select Toronto, and then click OK.
8. In the Create Boundary Group dialog box, click the References tab, and then click Add.
9. In the Add Site Systems dialog box, select \\LON-CFG.Adatum.com, and then click OK.
10. Under Server Name, select \\LON-CFG.Adatum.com, and then click Change Connection. Verify
that the connection now is configured as Slow.
11. To close the Create Boundary Group dialog box, click OK.
12. Verify that Toronto now displays in the results pane.
13. Right-click Boundary Groups, and then click Create Boundary Group.
14. In the Name box, type Sydney, and then click Add.
15. In the Add Boundaries dialog box, select Sydney, and then click OK.
16. In the Create Boundary Group dialog box, click the References tab, and then click Add.
17. In the Add Site Systems dialog box, select \\LON-CFG.Adatum.com, and then click OK.
18. Under Server Name, click \\LON-CFG.Adatum.com, and then click Change Connection. Verify that
the connection now is configured as Slow.
19. To close the Create Boundary Group dialog box, click OK.
20. Verify that Sydney now displays in the results pane.
Results: After completing this exercise, you should have created and configured boundary groups.
Exercise 2: Configuring Active Directory discovery methods
X Task 1: Configure the Active Directory System Discovery method
1. Click the Administration workspace, expand Hierarchy Configuration, and then click Discovery
Methods.
2. In the results pane, double-click Active Directory System Discovery. Notice that the Enable Active
Directory System Discovery check box is selected and that several organizational units (OUs) have
been configured.
3. Click New (
).
4. In the Active Directory Container dialog box, click Browse.
Administering System Center Configuration Manager and Intune
L2-19
5. In the Select New Container dialog box, click the Toronto Clients container, and then click OK.
6. Verify that the Recursively search Active Directory child containers check box is selected, and then
click OK.
7. Repeat steps 3 through 6 for Toronto Servers, Sydney Clients, and Sydney Servers.
8. On the Polling Schedule tab, click Schedule, configure the recurrence to take place every 5 days,
and then click OK.
9. Verify that the Enable delta discovery check box is selected and that the interval is configured as
5 minutes, and then click OK.
10. Right-click Active Directory System Discovery, and then click Run Full Discovery Now.
11. To run the discovery as soon as possible, click Yes.
X Task 2: Configure the Active Directory User Discovery method
1. On LON-CFG, in the System Center Configuration Manager console, click the Administration
workspace, and then expand Hierarchy Configuration.
2. Click the Discovery Methods node, and then double-click Active Directory User Discovery.
3. In the Active Directory User Discovery Properties dialog box, verify that the Enable Active
Directory User Discovery check box is selected.
4. Click New
, and then click Browse.
5. In the Select New Container dialog box, click the Adatum container, and then click OK.
6. Verify that the Recursively search Active Directory child containers check box is selected, and then
click OK.
7. On the Polling Schedule tab, click Schedule, configure the recurrence to take place every 3 days,
and then click OK.
8. Verify that the Enable delta discovery check box is selected with an interval of 5 minutes.
9. On the Active Directory Attributes tab, in the Available attributes list, scroll down and click the
department attribute, click Add, and then click OK.
10. Right-click Active Directory User Discovery, and then click Run Full Discovery Now.
11. When Configuration Manager displays the Do you want to run full discovery as soon as possible?
message, click Yes.
X Task 3: Examine the discovered resources
1. Click the Assets and Compliance workspace.
2. In the Assets and Compliance workspace, click the Devices node.
3. In the results pane, right-click TOR-CL2, and then click Properties.
Note: Notice that the client was discovered by using the
SMS_AD_SYSTEM_DISCOVERY_AGENT component and that it resides in the Toronto Clients OU.
4. Click Close.
5. In the Assets and Compliance workspace, click the Users node. Notice the users that have been
discovered in the Adatum domain.
L2-20
Preparing the management infrastructure to support PCs and mobile devices
6. In the Assets and Compliance workspace, click the User Collections node. Notice that the Toronto
Users collection shows a member count of 9.
7. Click Toronto Users, and then on the ribbon, click Update Membership.
8. In the Configuration Manager dialog box, click Yes.
9. After the hourglass icon appears on the Toronto Users collection, with the Toronto Users collection
selected, click Refresh. (You might need to click Refresh additional times until the hourglass icon
disappears.) Notice that the Toronto Users collection now shows a member count of 44.
10. Click the Administration workspace, expand the Hierarchy Configuration node, and then click the
Active Directory Forests node.
11. In the preview pane, click the Domains tab. Notice that the Adatum.com domain has been
discovered.
12. Click the Discovery Status tab, and then verify that the discovery has succeeded.
13. Click the Publishing Status tab, and verify that the publishing has succeeded.
14. In the results pane, right-click Adatum.com, and then click Show Active Directory Sites. Notice that
three sites have been discovered: AdatumHQ, Sydney, and Toronto. Click Back.
15. In the results pane, right-click Adatum.com, and then click Show IP Subnets. Notice that three IP
subnets have been discovered:
o
172.16.0.0/24
o
172.16.1.0/24
o
172.16.2.0/24
X Task 4: To prepare for the next lab
Leave the 20696C-LON-DC1-A and 20696C-LON-CFG-A virtual machines running for use in the next lab.
Results: After completing this exercise, you should have configured discovery methods and viewed the
discovery results.
Administering System Center Configuration Manager and Intune
L2-21
Lab B: Configuring user and device
collections
Exercise 1: Creating a device collection
X Task 1: Create the Toronto Windows 10 Workstations collection
1. If the Microsoft System Center Configuration Manager (Configuration Manager) console is not
already open, on LON-CFG, on the taskbar, click the Configuration Manager Console icon in the
Taskbar.
2. In the System Center Configuration Manager console, click the Assets and Compliance workspace,
and then click the Device Collections node. Notice that several created collections exist.
3. Right-click Device Collections, and then click Create Device Collection.
4. In the Create Device Collection Wizard, in the Name box, type Toronto Windows 10 Workstations.
5. In the Comment box, type Based upon the Active Directory Toronto Clients organizational unit,
and then click Browse.
6. In the Select Collection dialog box, ensure that Device Collections is selected, select the All
Windows 10 Workstations collection, and then click OK.
7. In the Create Device Collection Wizard, click Next.
8. On the Membership Rules page, click the Add Rule list, and then click Query Rule.
9. In the Query Rule Properties dialog box, in the Name box, type Toronto Windows 10
Workstations.
10. In the Query Rule Properties dialog box, ensure that System Resource is listed, and then click Edit
Query Statement.
11. In the Query Statement Properties dialog box, click the Criteria tab.
12. On the Criteria page, click New (
).
13. In the Criterion Properties dialog box, in the Criterion Type box, ensure that Simple value is
selected, and then click Select.
14. In the Select Attribute dialog box, configure the following options, and then click OK:
o
Attribute class: System Resource
o
Alias as: <No Alias>
o
Attribute: System OU Name
15. In the Criterion Properties dialog box, ensure that the Operator value is set to is equal to, and then
in the Value box, type ADATUM.COM/TORONTO CLIENTS.
16. To close the Criterion Properties dialog box, click OK.
17. To close the Query Statement Properties dialog box, click OK.
18. To close the Query Rule Properties dialog box, click OK.
19. In the Create Device Collection Wizard, on the Membership Rules page, ensure that both Use
incremental updates for this collection and Schedule a full update on this collection are
selected, and then click Next.
20. On the Summary page, click Next.
L2-22
Preparing the management infrastructure to support PCs and mobile devices
21. On the Completion page, click Close.
22. Ensure that the Device Collections node is selected, and then in the results pane, select the Toronto
Windows 10 Workstations collection.
23. To refresh the collection, press F5, and then double-click the Toronto Windows 10 Workstations
collection.
24. Verify that TOR-CL1 and TOR-CL2 display.
Note: You might need to refresh the console to view the results.
Results: After this exercise, you should have created device collections based on an Active Directory OU
and on queries.
Exercise 2: Creating a user collection
X Task 1: Create the Toronto Managers collection
1. If the Configuration Manager console is not already open, on LON-CFG, on the taskbar, click the
Configuration Manager Console icon in the Taskbar.
2. In the System Center Configuration Manager console, click the Assets and Compliance workspace,
and then click the User Collections node. Notice that several created collections already exist.
3. Right-click User Collections, and then click Create User Collection.
4. In the Create User Collection Wizard, in the Name box, type Toronto Managers.
5. In the Comment box, type Based upon Membership of the Toronto Users collection and the
Managers OU in Active Directory, and then click Browse.
6. In the Select Collections dialog box, ensure that User Collections is selected, select the Toronto
Users collection, and then click OK.
7. In the Create User Collection Wizard, click Next.
8. On the Membership Rules page, click Add Rule, and then click Query Rule.
9. In the Name box, type Managers, and then click Edit Query Statement.
10. In the Query Statement Properties dialog box, click Criteria, and then click New.
11. In the Criterion Properties dialog box, click Select.
12. In the Select Attribute dialog box, in the Attribute class list, click User Resource.
13. In the Attribute list, click User OU Name, and then click OK.
14. Verify that the Operator displays is equal to, and then click Value.
15. In the Values dialog box, click ADATUM.COM\MANAGERS, and then click OK four times.
16. On the Membership Rules page, click Next twice, and then click Close.
17. In the list of user collections, click Toronto Managers, and then on the ribbon, click Update
Membership.
Administering System Center Configuration Manager and Intune
L2-23
18. In the Configuration Manager dialog box, click Yes.
19. With the User Collections node selected, in the results pane, double-click the Toronto Managers
collection.
20. Verify that only the six Toronto managers are in the collection.
Results: After this exercise, you should have created a user collection that includes and filters members of
other collections.
Exercise 3: Configuring a maintenance window
X Task 1: Configure a maintenance window for Toronto Windows 10 workstations
1. If the Configuration Manager console is not already open, on LON-CFG, on the taskbar, click the
Configuration Manager Console icon in the Taskbar.
2. In the System Center Configuration Manager console, click the Assets and Compliance workspace,
and then click the Device Collections node.
3. Right-click the Toronto Windows 10 Workstations node, and then click Properties.
4. In the Toronto Windows 10 Workstations Properties dialog box, click the Maintenance
Windows tab.
5. On the Maintenance Windows page, click New (
).
6. In the <new> Schedule dialog box, in the Name box, type Deployment Window.
7. Configure the schedule as follows, and then click OK:
o
Start: 8 P.M.
o
End: 4 A.M.
o
Recurrence pattern: Daily
8. On the General tab, in the Comment box, type Maintenance Windows: 8 P.M. to 4 A.M..
9. In the Toronto Windows 10 Workstations Properties dialog box, click OK.
X Task 2: To prepare for the next module
When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-A, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-A.
Results: At the end of this exercise, you should have created a maintenance window.
L3-25
Module 3: Deploying and managing clients
Lab A: Deploying the Microsoft System
Center Configuration Manager client
software
Exercise: Preparing the site for client installation
X Task 1: Install a fallback status point
1. Sign in to LON-CFG as Adatum\Administrator with the password Pa$$w0rd.
2. On the taskbar, click Configuration Manager Console.
3. In the Configuration Manager console, click the Administration workspace, expand Site
Configuration, and then click Servers and Site System Roles.
4. In the results pane, right-click \\LON-CFG.Adatum.com, and then click Add Site System Roles.
5. In the Add Site System Roles Wizard, on the General page, click Next.
6. On the Proxy page, click Next.
7. On the System Role Selection page, select the Fallback status point check box, and then click
Next.
8. Review the Fallback Status Point page, and then click Next.
9. Review the Summary page, and then click Next.
Note: The summary page should list existing settings plus the fallback status point. If there
is an issue, click Previous to change the settings.
10. Review the Completion page, and then click Close.
Note: The completion page should show that everything installed successfully. If it does
not, contact your instructor.
After clicking Close, the details pane should display the fallback status point that you have added
to the LON-CFG server.
11. In the preview pane, right-click the Management point role, and then click Properties.
12. Select the Generate alert when the management point is not healthy check box.
13. In the Management point Properties dialog box, click OK.
14. Right-click Sites, and then click Hierarchy Settings.
15. In the Hierarchy Settings Properties dialog box, select the Use a fallback site check box, and then
click OK.
Results: After completing this exercise, you should have installed and configured a fallback status point.
L3-26
Deploying and managing clients
Exercise 2: Deploying the Configuration Manager client software by using
client push installation
X Task 1: Configure the client push installation properties
1. In the Configuration Manager console, in the Administration workspace, click the Sites node.
2. On the ribbon, click Settings, click the Client Installation Settings drop-down list box, and then
click Client Push Installation.
3. Click the Accounts tab.
4. Verify that Adatum\ClientInstall is configured as a Client Push Installation account.
5. Click the Installation Properties tab.
6. On the Installation Properties tab, in the Installation properties box, after SMSSITECODE=S01
type the following on one line each separated by a space:
FSP=LON-CFG DISABLESITEOPT=True SMSCACHEDIR=Cache SMSCACHEFLAGS=MAXDRIVE
7. In the Client Push Installation Properties dialog box, click OK.
X Task 2: Perform a client push installation
1. Click the Assets and Compliance workspace, and then click Devices.
2. Right-click LON-CL1, and then click Install Client.
3. In the Install Configuration Manager Client Wizard, on the Before You Begin page, click Next.
4. Review the Installation Options page, and then click Next.
5. Review the Summary page, verify that one resource is going to be installed, and then click Next.
6. On the Completion page, click Close.
7. Minimize the Configuration Manager console.
X Task 3: Verify the client installation
1. Switch to LON-CL1, and then click the desktop.
2. Right-click the taskbar, click Task Manager, click More details, and then click Details.
3. Wait for the ccmsetup.exe process to complete, and then verify that CcmExec.exe displays in the list
of processes.
4. After ccmsetup.exe has completed, close Windows Task Manager.
5. In the File Explorer, open the C:\Windows\ccmsetup\logs\ccmsetup.log file.
6. In the log file, click Edit and then click Find, search for Successfully. If the installation was successful,
you will see Installation succeeded near the end of the file.
7. In the ccmsetup.log – Notepad window, search for Installing. Verify that entries for each prerequisite
display as installed by ccmsetup.
8. In the ccmsetup.log – Notepad window, search for Fallback. Verify that entries for the state messages
display as sent by ccmsetup.
9. Close the ccmsetup.log – Notepad window.
10. Right-click the Start button, and then click Control Panel.
11. In Control Panel, click System and Security.
Administering System Center Configuration Manager and Intune
L3-27
12. Click Configuration Manager, and then on the General tab, verify that the Site code shows
SMS: S01.
13. Click the Components tab. Verify that most of the components display as Installed and as Enabled.
Verify that the Software Metering Agent is Enabled.
Note: This indicates that the client has downloaded client settings from a management
point.
14. Click the Site tab. Verify that the DISABLESITEOPT=True that was configured in the installation
properties was applied, and that the Configure Settings button is unavailable.
15. Click the Cache tab, and then click the Configure Settings button.
16. Verify that SMSCACHEDIR=Cache SMSCACHEFLAGS=MAXDRIVE that was configured in the
installation properties was applied, and that the Cache folder is set to C:\Cache\ccmcache.
17. Click OK to close the Configuration Manager Properties dialog box.
Results: After completing this exercise, you should have installed a client using the client push method,
and verified that the client was installed with your custom settings.
X Task: To prepare for the next lab
Keep the virtual machines running for the next lab.
L3-28
Deploying and managing clients
Lab B: Configuring and monitoring client
status
Exercise: Configuring and monitoring client health status
X Task 1: Configure client status settings
1. On LON-CFG, on the taskbar, click Configuration Manager Console.
2. Click the Monitoring workspace, and then click the Client Status folder.
3. Right-click Client Status, and then click Client Status Settings.
4. In the Client Status Settings Properties dialog box, set all of the evaluation periods to 3 days.
5. In the Client Status Settings Properties dialog box, click OK.
X Task 2: Trigger a client health evaluation
1. Switch to LON-CL1, and if necessary, sign in as Adatum\Administrator with the password
Pa$$w0rd.
2. Right-click the Start button, and then click Computer Management.
3. Expand Task Scheduler, expand Task Scheduler Library, expand Microsoft, and then click
Configuration Manager.
4. Right-click Configuration Manager Health Evaluation, and then click Run.
5. Wait for the Last Run Result to change to The operation completed successfully. You might have
to click Refresh to view updated results.
Note: The client health report could take up to 10 minutes before status is reported back
to the site server, stored in the database, and is ready to update the display.
X Task 3: Use Client Check
1. Switch to LON-CFG.
2. Verify that the Configuration Manager console is still open to the Monitoring workspace, and to the
Client Status folder.
3. Right-click Client Status, and then click Refresh Client Status.
4. In the results pane, click the Client Check link.
5. On the Client Check page, review the charts.
6. On the Client Check pie chart, click the green section.
7. In the Clients that passed client check from All Desktops and Server Clients temporary node,
examine the contents of the Summary tab.
8. Click the Client Check Detail tab. Verify whether the client failed any rules.
Administering System Center Configuration Manager and Intune
L3-29
X Task 4: Use Client Activity
1. In the Configuration Manager console, click the Monitoring workspace, and then click the Client
Activity node.
2. Review the charts on the Client Activity page.
3. On the Client Activity pie chart, click the green section.
4. Click the Client Activity Detail tab, and then examine the client summary information.
X Task 5: Configure alerts
1. In the Configuration Manager console, click the Assets and Compliance workspace, click the Device
Collections node.
2. Right-click the All Desktop and Server Clients collection, and then click Properties.
3. In the Properties dialog box, click the Alerts tab, and then click Add.
4. In the Add New Collection Alerts dialog box, under Client status, select the following check boxes,
and then click OK:
o
Client check pass or no results for active clients falls below threshold (%)
o
Client remediation success falls below the threshold (%)
o
Client activity falls below threshold (%)
5. In the All Desktop and Server Clients Properties dialog box, under Conditions, select Client
check, and then in the text box for threshold value, ensure that it is set to 95.
6. Repeat step 5 for both Client remediation and Client activity.
7. In the All Desktop and Server Clients Properties dialog box, click OK.
X Task 6: Test client health automatic remediation
1. Switch to LON-CL1.
2. In Computer Management, expand Services and Applications, and then click Services.
3. Scroll down and double-click Windows Management Instrumentation.
4. In the Windows Management Instrumentation Properties(Local Computer) dialog box, click the
Stop button.
5. In the Stop Other Services dialog box, click Yes.
6. In the Startup Type list, click Disabled.
7. In the Windows Management Instrumentation Properties(Local Computer) dialog box, click OK.
8. Click the SMS Agent Host service.
Question: What is its status?
Answer: Its status is blank (Stopped).
9. Click the IP Helper service.
Question: What is its status?
Answer: Its status is blank (Stopped).
10. Expand Task Scheduler, expand Task Scheduler Library, expand Microsoft, and then click
Configuration Manager.
11. Right-click Configuration Manager Health Evaluation, and then click Run.
L3-30
Deploying and managing clients
12. Wait for the Last Run Result to change to The operation completed successfully. This will take a
few minutes to complete, and you might need to refresh the display.
13. Click Services.
14. Scroll down, and then click Windows Management Instrumentation.
Question: What is the status and startup type for the Windows Management Instrumentation
service?
Answer: The status is Running (Started), and the startup type is Automatic.
Question: What is the status for the SMS Agent Host service?
Answer: The status is Running (Started).
Question: What is the status for the IP Helper service?
Answer: The Status is blank (stopped).
15. Close all open windows, and then sign out of LON-CL1.
Results: After this exercise, you should have configured client status monitoring and verified client
remediation.
X Task: To prepare for the next lab
Keep the virtual machines running for the next lab.
Administering System Center Configuration Manager and Intune
L3-31
Lab C: Managing client settings
Exercise: Configuring client settings
X Task 1: Create a London client collection
1. On LON-CFG, on the taskbar, click Configuration Manager Console.
2. In the Configuration Manager console, click the Assets and Compliance workspace, and then click
the Device Collections node.
3. Right-click Device Collections, and then click Create Device Collection.
4. In the Create Device Collection Wizard, in the Name text box, type London Clients.
5. Next to the Limiting collection field, click the Browse button.
6. Select the All Desktop and Server Clients collection, and then click OK.
7. In the Create Device Collection Wizard, click Next.
8. On the Membership Rules page, in the Add Rule list, click Direct Rule.
9. In the Create Direct Membership Rule Wizard, click Next.
10. In the Attribute name text box, select Name. In the Value text box, type LON-CL1, and then click
Next.
11. On the Select Resources page, select LON-CL1, and then click Next.
12. On the Summary page, click Next.
13. On the Completion page, click Close.
14. In the Create Device Collection Wizard, on the Membership Rules page, click Next.
15. On the Summary page, click Next.
16. On the Completion page, click Close.
17. Click Refresh, and verify that the results pane for the Member Count column displays 1 member
in the London Clients collection. You may need to click Refresh several times over the course of
5 minutes before this information is displayed.
18. Double-click the London Clients collection, and then verify that LON-CL1 is a member.
X Task 2: Configure the Default Client Settings
1. In the Configuration Manager console, click the Administration workspace, and then click the Client
Settings node.
2. Right-click the Default Client Settings policy, and then click Properties.
3. In the Default Settings dialog box, click the Client Policy setting.
4. Set the Client policy polling interval (minutes) to 30 minutes.
5. Click the Power Management setting.
6. Set Allow power management of devices to No.
7. Click the State Messaging setting.
8. Set the State message reporting cycle (minutes) to 10 minutes.
9. Click OK to accept changes.
L3-32
Deploying and managing clients
X Task 3: Create a custom setting for a client device
1. Right-click the Client Settings node, and then click Create Custom Client Device Settings.
2. In the Create Custom Client Device Settings dialog box, in the Name text box, type LON Desktop
Systems.
3. In the Description text box, type Client settings for all LON Desktop Systems.
4. In the Select and then configure the custom settings for client devices section, select the
Software Metering check box.
5. Click the Software Metering node.
6. Set Enable software metering on clients to No.
7. Click OK to accept changes, and close the Create Custom Client Device Settings dialog box.
X Task 4: Deploy a custom client device setting
1. Right-click the LON Desktop Systems client setting, and then click Deploy.
2. In the Select Collection dialog box, click London Clients, and then click OK.
3. In the preview pane, click the Deployments tab to verify the assignment.
X Task 5: Verify client device settings
1. Switch to LON-CL1, and if not already signed in, sign in as Adatum\Administrator with the
password Pa$$w0rd.
2. If the Control Panel is not open, right-click the Start button, and then click Control Panel.
3. In Control Panel, click System and Security, and then click Configuration Manager.
4. Click the Actions tab, click Machine Policy Retrieval & Evaluation Cycle, and then click Run Now.
5. When a message box displays, click OK.
6. In the Configuration Manager Properties dialog box, click the Components tab.
7. Verify that the Power Management Agent is Installed, and that the Software Metering Agent is
Disabled.
8. Close all open windows.
Results: After this exercise, you should have created a collection, and configured Default Client Settings.
You also should have created and assigned a custom client device setting. Additionally, you should have
verified that both settings were applied to a system.
X Task: To prepare for the next module
When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-A, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-A and 20696C-LON-CL1-A.
L4-33
Module 4: Managing inventory for PCs and applications
Lab A: Configuring and managing inventory
collection
Exercise 1: Configuring and managing hardware inventory
X Task 1: Configure the hardware inventory agent for all clients
1. On LON-CFG, on the taskbar, click the Configuration Manager Console icon.
2. In the console, click the Administration workspace, and then click Client Settings.
3. In the results pane, double-click Default Client Settings.
4. In the Default Settings dialog box, in the left pane, click Hardware Inventory.
5. Verify that the Enable hardware inventory on clients option is set to Yes.
6. Click Schedule.
7. In the Configure Client Setting dialog box, verify that the Simple schedule option is selected.
8. To configure the schedule to run the task every two days, in the Run every box, type or select 2, and
then click OK.
9. To close the Default Settings dialog box, click OK.
X Task 2: Configure hardware inventory for the All Windows 10 Workstations
collection
1. Right-click Client Settings, and then click Create Custom Client Device Settings.
2. In the Create Custom Client Device Settings dialog box, in the Name text box, type All Windows
10 Workstations Client Device Settings.
3. In the Description text box, type Client Device Settings for Windows 10 clients.
4. Under the Select and then configure the custom settings for client devices option, select the
Hardware Inventory check box.
5. In the left pane, click Hardware Inventory, and then under Device Settings, verify that the
Hardware Inventory schedule is set to 2 days.
6. Next to Hardware inventory classes, click Set Classes.
7. In the Hardware Inventory Classes dialog box, click Filter by category, and then click Windows
Clients & Server Classes.
8. Select the following inventory classes, and then click OK:
o
BitLocker (Win32_EncryptableVolume)
o
Boot Configuration (Win32_BootConfiguration)
o
Computer System Product (Win32_ComputerSystemProduct)
9. To close the Create Custom Client Device Settings dialog box, click OK.
10. In the results pane, right-click All Windows 10 Workstations Client Device Settings, and then click
Deploy.
L4-34
Managing inventory for PCs and applications
11. In the Select Collection dialog box, click the All Windows 10 Workstations collection, and then
click OK.
12. With the All Windows 10 Workstations Client Device Settings object selected, in the preview
pane, note the information on the Summary and Deployments tabs.
X Task 3: Initiate a policy update for a collection
1. In the Configuration Manager console, click the Assets and Compliance workspace, and then click
Device Collections.
2. Right-click the All Windows 10 Workstations collection, point to Client Notification, and then click
Download Computer Policy.
3. Read the Configuration Manager pop-up, and then click OK.
Note: Wait a minute for the policy update to finish before you proceed to the next task.
X Task 4: Initiate a hardware inventory cycle on the client
1. On LON-CL1, click Start, in Cortana, type Configuration Manager, and then click the Configuration
Manager Control panel item.
2. In the Configuration Manager Properties dialog box, click the Actions tab.
3. Under Actions, click Hardware Inventory Cycle, and then click Run Now.
4. When Configuration Manager displays the message, “The selected cycle will run and might take
several minutes to finish,” click OK.
5. In the Configuration Manager Properties dialog box, click OK.
Note: Wait at least five minutes for the hardware inventory cycle to finish before you
proceed to the next task. You can follow the inventory process as it occurs by viewing the
InventoryAgent.log file on the client, and the Dataldr.log file on the site server.
Administering System Center Configuration Manager and Intune
L4-35
X Task 5: View the hardware inventory by using Resource Explorer
1. On LON-CFG, in the Configuration Manager console, click the Assets and Compliance workspace,
and then click Device Collections.
2. In the results pane, right-click All Windows 10 Workstations, and then click Show Members.
3. In the results pane, right-click LON-CL1, point to Start, and then click Resource Explorer.
4. In Resource Explorer, expand the Hardware node. Verify that the custom inventory classes are visible,
as indicated by the following nodes:
o
BitLocker
o
Boot Configuration
o
Computer System Product
5. Close Resource Explorer.
6. Close the Configuration Manager console.
Results: After this exercise, you should have configured hardware inventory agent for all clients, and
configured a custom hardware inventory agent setting for all Windows 10 clients.
X To prepare for the next lab
Leave the 20696C-LON-DC1-B, 20696C-LON-CFG-B, and 20696C-LON-CL1-B virtual machines running
for use in the next lab.
L4-36
Managing inventory for PCs and applications
Lab B: Configuring software metering
Exercise 1: Configuring software metering
X Task 1: Configure a Software Metering Client Agent
1. On LON-CFG, if the Configuration Manager console is not open, on the taskbar, click the
Configuration Manager Console icon.
2. Click the Administration workspace, and then click Client Settings.
3. Right-click Default Client Settings, and then click Properties.
4. In the Default Settings dialog box, in the left pane, click Software Metering.
5. Under Device Settings, verify that the Enable software metering on clients option is set to Yes.
6. Click Schedule, and verify that the Simple schedule option is selected. To change the schedule to
run every two days, in the Run every box, type or select 2, and then click OK.
7. To close the Default Settings dialog box, click OK.
X Task 2: Create a software-metering rule to meter WordPad
1. Click the Assets and Compliance workspace, and then click Software Metering.
2. In the navigation pane, right-click Software Metering, and then click Create Software Metering
Rule.
3. In the Name text box, type WordPadRule.
4. Click Browse, and then navigate to C:\Program Files\Windows NT\Accessories\wordpad.exe.
5. Click wordpad.exe, and then click Open. Notice that the File name, Original file name, Version,
and Language boxes populate automatically.
6. In the Version text box, delete the existing version text, and then type the asterisk wildcard character
(*).
7. In the Language drop-down list box, click – Any –, and then click Next.
8. On the Summary page, click Next, and then click Close.
X Task 3: Configure autocreation of a software-metering rule
1. In the Configuration Manager console, right-click Software Metering, and then click Software
Metering Properties.
2. In the Software Metering Properties dialog box, ensure that Automatically create disabled
metering rules from recent usage inventory data is enabled.
3. In the Specify the percentage of computers in the hierarchy that must use a program before a
software metering rule is automatically created box, type or select a setting of 5.
4. In the Specify the number of software metering rules that must be exceeded in the hierarchy
before the automatic creation of rules is disabled box, type or select a setting of 30.
5. To close the Software Metering Properties dialog box, click OK.
Note: Wait approximately one minute for processing to finish before continuing.
Administering System Center Configuration Manager and Intune
L4-37
X Task 4: Initiate a policy update on the client
1. On LON-CL1, click Start, in Cortana type Configuration Manager, and then click the Configuration
Manager Control panel item.
2. Click the Actions tab.
3. Under Actions, click Machine Policy Retrieval & Evaluation Cycle, and then click Run Now.
4. In the Machine Policy Retrieval & Evaluation Cycle dialog box, click OK.
5. To close the Configuration Manager Properties dialog box, click OK.
Note: Wait at least two minutes for the policy update to finish before you move to the
next task.
X Task 5: Create test data on the client
1. On LON-CL1, click Start.
2. In Cortana, type Wordpad, and then click WordPad.
3. Close WordPad.
4. Click Start, and then in Cortana, type Notepad.
5. Click the Notepad item.
6. Close Notepad.
7. Repeat steps 1 to 6 several times to generate test-metering data in the log files.
X Task 6: Initiate a usage report cycle on the client
1. On LON-CL1, click Start, in Cortana type Configuration Manager, and then click the Configuration
Manager Control panel item.
2. Click the Actions tab.
3. Under Actions, click Software Metering Usage Report Cycle, and then click Run Now.
4. In the Software Metering Usage Report Cycle dialog box, click OK.
5. To close the Configuration Manager Properties dialog box, click OK.
Note: Wait at least two minutes for the report cycle to finish before you move to the next
task. You also can view the swmproc.log file on the site server to see when the client data has
been processed.
X Task 7: Verify software metering on the client
1. On LON-CL1, on the taskbar, click the File Explorer icon.
2. Browse to C:\Tools.
3. Double-click cmtrace.exe.
4. In the Configuration Manager Trace Log Tool dialog box, click Yes.
5. On the File menu, click Open.
6. Browse to C:\Windows\CCM\logs\, and then double-click mtrmgr.log.
7. Maximize the Configuration Manager Trace Log Tool window.
L4-38
Managing inventory for PCs and applications
8. Click the Tools menu, and then click Find.
9. In the Find what text box, type WordPad, and then click Find.
10. Scroll down, and then verify that the following entries are present for wordpad.exe:
o
Creation event received for process xxx
o
Process ID xxx is for process C:\Program Files\Windows NT\Accessories\wordpad.exe
o
Found match against RuleID S0100yyy
o
Tracked usage for process xxx
Note: The Process ID xxx corresponds to the decimal value that this application has in the
task manager. The RuleID S0100yyy is the rule number that is assigned automatically when you
create each software-metering rule. The Found match and Tracked usage lines indicate that the
client is metering the configured software.
If the entries do not exist, scroll down, and then verify that the following entries are present for
notepad.exe:
o
Creation event received for process xxx
o
Process ID xxx is for process C:\Windows\system32\notepad.exe
o
In addition, notice that there is no matching rule found for Notepad.exe.
11. Close the Configuration Manager Trace Log Tool.
X Task 8: Initiate metering summarization
1. On LON-CFG, on the taskbar, click the Windows PowerShell icon.
2. In Windows PowerShell, type the following command, and then press Enter:
CD “C:\Program Files\Microsoft Configuration Manager\Tools\”
3. Type the following command, and then press Enter:
.\RunMeterSumm.exe CM_S01
4. Review the output of the RunMeterSumm command. Verify that the number of rows added to File
Usage Summary is greater than 0.
5. At the Windows PowerShell prompt, type exit, and then press Enter.
Administering System Center Configuration Manager and Intune
L4-39
X Task 9: View a software-metering report
1. In the Configuration Manager console, click the Monitoring workspace, and then expand Reporting.
2. Expand Reports, and then click the Software Metering folder.
3. Right-click the Computers that have run a specific metered software program report, and then
click Run.
4. In the Rule Name section, click Values.
5. In the Parameter Value dialog box, click WordPadRule, and then click OK.
6. In the Month (1-12) section, click Values.
7. In the Parameter Value dialog box, click the current month, and then click OK.
8. In the Year section, click Values.
9. In the Parameter Value dialog box, click the current year, and then click OK.
10. Click View Report.
11. Review the report, and then close all open windows.
Results: After this exercise, you should have configured software metering, and then viewed softwaremetering information by using a report.
X To prepare for the next lab
Leave the 20696C-LON-DC1-B, 20696C-LON-CFG-B, and 20696C-LON-CL1-B virtual machines running
for use in the next lab.
L4-40
Managing inventory for PCs and applications
Lab C: Configuring and managing Asset
Intelligence
Exercise 1: Preparing the site for Asset Intelligence
X Task 1: Verify that the client settings are enabled
1. On LON-CFG, on the taskbar, click the Configuration Manager Console icon.
2. Click the Administration workspace, and then click the Client Settings node.
3. In the results pane, right-click Default Client Settings, and then click Properties.
4. In the Default Settings dialog box, click Hardware Inventory. Verify that the Enable hardware
inventory on clients option is set to Yes.
5. In the Default Settings dialog box, click Software Metering. Verify that the Enable software
metering on clients option is set to Yes.
6. To close the Default Settings dialog box, click OK.
X Task 2: Configure Windows event log settings
1. On LON-DC1, in the Server Manager console, click Tools, and then click Group Policy Management.
2. In the Group Policy Management console tree, expand Forest: Adatum.com, expand Domains,
expand Adatum.com, and then click Group Policy Objects.
3. In the details pane, right-click Default Domain Policy, and then click Edit.
4. In the Group Policy Management Editor, expand Computer Configuration, expand Policies, expand
Windows Settings, expand Security Settings, expand Local Policies, and then click Audit Policy.
5. In the details pane, double-click Audit logon events.
6. On the Audit logon events Properties page, click Define these policy settings. Verify that the
Success check box is selected, and then click OK.
7. Close the Group Policy Management Editor, and then close the Group Policy Management Console.
8. On LON-CL1, in Cortana, type Windows PowerShell.
9. Right-click Windows PowerShell, and then click Run as administrator.
10. In the Administrator: Windows PowerShell window, at the command prompt, type the following
command, and then press Enter:
gpupdate /force
11. In the Administrator: Windows PowerShell window, at the command prompt, type the following
command, and then press Enter:
exit
Results: After this exercise, you should have prepared the site for Asset Intelligence.
Administering System Center Configuration Manager and Intune
L4-41
Exercise 2: Configuring Asset Intelligence
X Task 1: Enable Asset Intelligence reporting classes
1. On LON-CFG, if necessary, on the taskbar, click the Configuration Manager Console icon.
2. In the Configuration Manager console, click the Assets and Compliance workspace, and then click
the Asset Intelligence node. Notice the information that displays on the Asset Intelligence home
page.
3. Right-click Asset Intelligence, and then click Edit Inventory Classes.
4. In the Edit Inventory Classes dialog box, verify that the Enable only the selected Asset
Intelligence reporting classes option is selected.
5. For the Asset Intelligence reporting classes, select all check boxes except the
SMS_InstalledExecutable and SMS_SoftwareShortcut check boxes.
6. To close the Edit Inventory Classes dialog box, click OK, and then click Yes.
X Task 2: Configure an Asset Intelligence synchronization point
1. In the Configuration Manager console, click the Administration workspace, expand the Site
Configuration node, and then click Servers and Site System Roles.
2. In the results pane, right-click \\LON-CFG.Adatum.com, and then click Add Site System Roles.
3. In the Add Site System Roles Wizard, click Next.
4. On the Proxy page, click Next.
5. On the System Role Selection page, select the Asset Intelligence synchronization point check
box, and then click Next.
6. On the Asset Intelligence synchronization point settings page, click Next.
7. On the Specify the synchronization schedule page, ensure that the option Enable synchronization
on a schedule is selected, and that it is set to run every 7 days, and then click Next.
8. On the Summary page, click Next.
9. On the Completion page, click Close.
10. Click the Assets and Compliance workspace, and then click Asset Intelligence. In the results pane,
under Catalog Synchronization, review the status details. Click Refresh. Notice that the Asset
Intelligence synchronization point status shows that the Sync point has deployed.
Note: Wait for the installation of the Asset Intelligence synchronization point to complete,
and then refresh the console before proceeding to the next task.
L4-42
Managing inventory for PCs and applications
X Task 3: Configure an Asset Intelligence catalog synchronization schedule
1. In the Assets and Compliance workspace, right-click Asset Intelligence, point to Synchronize, and
then click Schedule Synchronization.
Note: If the option is not available, refresh the console, or click on another node, and then
click the Asset Intelligence node again.
2. In the Asset Intelligence Synchronization Point Schedule dialog box, verify that the Simple
schedule option is selected.
3. In the Run every (days) box, type or select 14, and then click OK.
Results: After this exercise, you should have enabled Asset Intelligence reporting classes, configured an
Asset Intelligence synchronization point, and scheduled synchronization.
Exercise 3: Monitoring license agreements by using Asset Intelligence
X Task 1: Customize the Asset Intelligence catalog
1. On LON-CFG, if necessary, on the taskbar, click the Configuration Manager Console icon.
2. In the Configuration Manager console, click the Assets and Compliance workspace, and then click
the Asset Intelligence node.
3. Expand the Asset Intelligence node, and then click Catalog. Take note of the default categories and
families that display in the results pane.
4. Right-click Catalog, and then click Create Software Category.
5. In the Create Software Category Wizard, on the General page, in the Category name text box, type
Adatum Developed.
6. In the Description text box, type Software developed in-house by Adatum, and then click Next.
7. On the Summary page, click Next.
8. On the Completion page, click Close.
9. Right-click Catalog, and then click Create Software Family.
10. In the Create Software Family Wizard, on the General page, in the Family name text box, type
Custom Software.
11. In the Description text box, type Special use, custom application software, and then click Next.
12. On the Summary page, click Next.
13. On the Completion page, click Close.
14. Right-click Catalog, and then click Create Software Label.
15. In the Create Custom Label Wizard, on the General page, in the Label name text box, type
Unsupported. In the Description text box, type Software not supported by Adatum IT, and
then click Next.
16. On the Summary page, click Next.
17. On the Completion page, click Close.
Administering System Center Configuration Manager and Intune
L4-43
X Task 2: Import licensing data
1. In the System Center Configuration Manager console, click the Assets and Compliance workspace,
and then click the Asset Intelligence node.
2. Right-click Asset Intelligence, and then click Import Software Licenses.
3. In the Import Software Licenses Wizard, click Next.
4. On the Import page, click General License Statement (.csv file).
5. In the Path text box, type \\LON-CFG\E$\Licenses\LicenseData.csv, and then click Next.
6. On the Summary page, click Next.
7. On the Completion page, click Close.
Note: LicenseData.csv was created for the lab, and it contains information about Microsoft
Silverlight.
X Task 3: Initiate a policy update on the client
1. On LON-CL1, click Start, in Cortana, type Configuration Manager, and then click the Configuration
Manager Control pane item.
2. Click the Actions tab.
3. Under Actions, select Machine Policy Retrieval & Evaluation Cycle, and then click Run Now.
4. In the Machine Policy Retrieval & Evaluation Cycle dialog box, click OK.
5. To close the Configuration Manager Properties dialog box, click OK.
Note: Wait at least two minutes for the policy update to finish before you proceed to the
next task.
X Task 4: Initiate a hardware inventory cycle on the client
1. On LON-CL1, click Start, in Cortana, type Configuration Manager, and then click the Configuration
Manager Control pane item.
2. In the Configuration Manager Properties dialog box, click the Actions tab.
3. Under Actions, select Hardware Inventory Cycle, and then click Run Now.
4. In the Hardware Inventory Cycle dialog box, click OK.
5. In the Configuration Manager Properties dialog box, click OK.
Note: Be sure to wait several minutes for the hardware inventory cycle to finish before you
proceed to the next exercise.
Results: After this exercise, you should have customized the Asset Intelligence Catalog to reflect a number
of custom software settings, and then created a new software category, a new software family, and a new
software label. You also should have imported a license statement into Asset Intelligence.
L4-44
Managing inventory for PCs and applications
Exercise 4: Viewing Asset Intelligence reports
X Task 1: View Asset Intelligence reports
1. On LON-CFG, on the taskbar, click the Configuration Manager Console icon.
2. In the Configuration Manager console, click the Monitoring workspace, and then click the Reporting
node.
3. Expand the Reporting node, and then expand Reports.
4. Click the Asset Intelligence folder. Notice the various Asset Intelligence reports that display in the
results pane.
5. In the results pane, right-click Hardware 03A - Primary computer users, and then click Run.
6. In the Collection area, click Values.
7. In the Parameter Value dialog box, click the All Systems collection, and then click OK.
8. Click View Report. In the results pane, click adatum\administrator, and then review the results.
9. Close the Hardware 03B - Computer for a specific primary console user window.
10. Close the Hardware 03A - Primary computer users window.
11. In the Configuration Manager console, in the results pane, right-click License 15A - General License
Reconciliation Report, and then click Run.
12. In the License 15A - General License Reconciliation Report window, in the Collection area, click
Values.
13. In the Parameter Value dialog box, click the All Systems collection, and then click OK.
14. Click View Report, and then review the report.
15. Close the License 15A - General License Reconciliation Report window.
16. In the results pane of the Configuration Manager console, right-click Software 01A - Summary of
installed software in a specific collection, and then click Run.
17. In the Software 01A - Summary of installed software in a specific collection window, in the Collection
area, click Values.
18. In the Parameter Value dialog box, click the All Windows 10 Workstations collection, and then
click OK.
19. In the Publisher area, click Values.
20. In the Parameter Value dialog box, click (All), and then click OK.
21. In the maximum rows to return text box, type 100, and then click View Report.
22. Review the report, and then close the Software 01A - Summary of installed software in a specific
collection window.
23. Close the Configuration Manager console.
Results: After this exercise, you should have reviewed Asset Inventory data by using reports.
Administering System Center Configuration Manager and Intune
L4-45
X To prepare for the next module
After you finish the lab, revert the virtual machines to their initial state. To do this, complete the following
steps.
1. On the host computer, start Hyper- V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-B and 20696C-LON-CL1-B.
L5-47
Module 5: Distributing and managing content used for
deployments
Lab: Distributing and managing content for
deployments
Exercise 1: Installing a new distribution point
X Task 1: Add the primary site server computer account to the local Administrators
group
1. On TOR-SVR2, in Server Manager, click Tools, and then click Computer Management.
2. In the Computer Management console, in the navigation pane, expand Local Users and Groups, and
then click Groups.
3. In the results pane, double-click the Administrators group.
4. In the Administrators Properties dialog box, click Add.
5. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Object Types.
6. In the Object Types dialog box, click the Computers check box, and then click OK.
7. In the Select Users, Computers, Service Accounts or Groups dialog box, in the Enter the object
names to select box, type LON-CFG, click Check Names, and then click OK.
8. In the Administrators Properties dialog box, click OK.
9. Close the Computer Management console, and then close Server Manager.
X Task 2: Create a distribution point
1. On LON-CFG, from the taskbar, click the Configuration Manager Console icon.
2. In the Microsoft System Center Configuration Manager console, click the Administration workspace.
3. In the navigation pane, expand Site Configuration, and then click Servers and Site System Roles.
4. On the ribbon, click the Home tab, and then click Create Site System Server.
5. In the Create Site System Server Wizard, on the General page, click Browse.
6. In the Select Computer dialog box, in the Enter the object name to select box, type TOR-SVR2.
7. Click Check Names, and then click OK.
8. On the General page, in the Site Code drop-down list, click S01 – Adatum Site, and then click Next.
9. On the Proxy page, click Next.
10. On the System Role Selection page, select the Distribution point check box, and then click Next.
11. On the Distribution Point page, select both the Install and configure IIS if required by
Configuration Manager and Enable this distribution point for prestaged content check boxes,
and then click Next.
12. On the Drive Settings page, review the default settings, and then click Next.
13. On the Pull Distribution Point page, click Next.
14. On the PXE Settings page, click Next.
15. On the Multicast page, click Next.
L5-48
Distributing and managing content used for deployments
16. On the Content Validation page, select Validate content on a schedule, and then click Next.
17. On the Boundary Groups page, click Next.
18. On the Summary page, review the settings, and then click Next.
19. On the Completion page, click Close.
20. In the Configuration Manager console, verify that \\TOR-SVR2.Adatum.com displays in the
results pane.
X Task 3: Create and populate a distribution point group
1. In the navigation pane, click Distribution Points.
2. In the results pane, click LON-CFG.ADATUM.COM, hold down the Ctrl key, and then click
TOR-SVR2.ADATUM.COM.
3. On the ribbon, click Add Selected Items, and then click Add Selected Items to New Distribution
Point Group.
4. In the Create New Distribution Point Group dialog box, in the Name box, type London
Distribution Points, and then click OK.
5. In the navigation pane, click Distribution Point Groups.
6. Verify that the London Distribution Points group has been created and that the Member Count
displays 2.
Results: After completing this exercise, you should have created a distribution point, created a
distribution point group, and added distribution points to the group.
Exercise 2: Managing content distribution
X Task 1: Distribute content
1. On LON-CFG, while still in the Configuration Manager console, click the Software Library workspace,
expand Application Management, and then click Applications.
2. In the results pane, right-click XML Notepad 2007, and then click Distribute Content.
3. In the Distribute Content Wizard, on the General page, click Next.
4. On the Content page, click Next.
5. On the Content Destination page, click Add, and then click Distribution Point Group.
6. In the Add Distribution Point Groups dialog box, select London Distribution Points, click OK, and
then click Next.
7. On the Summary page, click Next.
8. On the Completion page, click Close.
9. Click the Monitoring workspace, expand Distribution Status, and then click Content Status.
10. In the results pane, click XML Notepad 2007.
11. In the preview pane, click View Status.
Administering System Center Configuration Manager and Intune
L5-49
12. Refresh the status until LON-CFG.ADATUM.COM displays on the Success tab under Asset Details.
13. Write down the date and time in the Last Status Time column. You will use this information in the
next task.
X Task 2: Validate content
1. On LON-CFG, while still in the Configuration Manager console, in the Administration workspace,
click the Distribution Points node.
2. In the results pane, right-click LON-CFG.Adatum.com, and then click Properties.
3. In the LON-CFG.ADATUM.COM Properties dialog box, click the Content tab, click XML Notepad
2007, and then click Validate.
4. In the Configuration Manager dialog box, click OK twice.
5. To close the LON-CFG.ADATUM.COM Properties dialog box, click OK.
6. Click the Monitoring workspace. Under Content Status, click XML Notepad 2007.
7. Verify that the Last Status Time next to LON-CFG.ADATUM.COM has updated, compared to the
value that you recorded in the last task. You might need to refresh the pane for the updated results.
8. Click the Software Library workspace, expand Application Management, and then click
Applications.
9. In the results pane, right-click XML Notepad 2007, and then click Properties.
10. In the XML Notepad 2007 Properties dialog box, click the Content Locations tab.
11. Verify that the \\LON-CFG.Adatum.com, \\TOR-SVR2.adatum.com, and London Distribution
Points display, and then click OK.
X Task 3: Remove content from a distribution point
1. On LON-CFG, while still in the Configuration Manager console, in the Administration workspace,
click the Distribution Points node.
2. Right click TOR-SVR2.ADATUM.COM, and then click Properties.
3. In the TOR-SVR2.ADATUM.COM Properties dialog box, on the Content tab, click XML Notepad
2007, and then click Remove.
4. In the Configuration Manager dialog box, click OK.
5. To close the TOR-SVR2.ADATUM.COM Properties dialog box, click OK.
X Task 4: To prepare for the next module
When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps.
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-B and 20696C-TOR-SVR2-B.
Results: After completing this exercise, you should have distributed, validated, and then removed content
from a distribution point.
L6-51
Module 6: Deploying and managing applications
Lab A: Creating and deploying applications
Exercise 1: Installing and configuring the Application Catalog roles
X Task 1: Install and configure the Application Catalog
1. On LON-CFG, on the taskbar, click Configuration Manager Console.
2. In the System Center Configuration Manager console, click the Administration workspace, expand
the Site Configuration folder, and then click the Servers and Site System Roles node.
3. Click \\LON-CFG.Adatum.com, on the ribbon, click the Home tab, and then click Add Site System
Roles.
4. In the Add Site System Roles Wizard, on the General page, click Next.
5. On the Proxy page, click Next.
6. On the System Role Selection page, select both the Application Catalog web service point and
the Application Catalog website point check boxes, and then click Next.
7. On the Application Catalog web service point page, click Next.
8. On the Application Catalog website point page, click Next.
9. On the Application Catalog Customizations page, in the Organization name text box, type
Adatum, and then click Next.
10. On the Summary page, click Next.
11. On the Completion page, click Close.
X Task 2: Configure default client settings
1. Click the Client Settings node.
2. Click Default Client Settings, and then on the ribbon, click Properties.
3. In the left section, click Computer Agent.
4. Click Set Website.
5. In the Configure Client Setting dialog box, in the Select Application Catalog website point dropdown list box, click LON-CFG.Adatum.com (use intranet FQDN), and then click OK.
6. In the Add default Application Catalog website to Internet Explorer trusted sites zone dropdown list box, click Yes.
7. In the Organization name displayed in Software Center text box, type Adatum HQ.
8. In the left section, click User and Device Affinity.
9. In the Allow user to define their primary devices drop-down list box, click Yes.
10. In the Default Settings dialog box, click OK.
L6-52
Deploying and managing applications
X Task 3: Configure a user-defined primary device
1. Switch to LON-CL1. Sign in as Adatum\Ed with the password Pa$$w0rd.
2. Right-click the Start button and click Control Panel, click System and Security, and then click
Configuration Manager.
3. In the Configuration Manager Properties dialog box, click the Actions tab.
4. Click Machine Policy Retrieval & Evaluation Cycle.
5. Click Run Now, and then in the Machine Policy Retrieval & Evaluation Cycle message box,
click OK.
6. In the Configuration Manager Properties dialog box, click OK.
7. Close the System and Security dialog box.
8. Click Microsoft Edge.
9. In the Microsoft Edge Address bar, type http://LON-cfg.Adatum.com/CMApplicationCatalog. This
will open Internet Explorer. Close Microsoft Edge.
10. If prompted, sign in as Ed with the password Pa$$w0rd.
11. Maximize the browser window, and click the My Devices tab.
12. Select the I regularly use this computer to do my work check box.
13. Wait for the text to change to This computer is set as your primary computer, and then close
Internet Explorer.
14. Sign out of LON-CL1.
Results: After completing this exercise, you should have configured the Application Catalog, Default
Client Settings, and a user-defined device affinity.
Exercise 2: Creating applications with requirements
X Task 1: Create a Microsoft Office Excel Viewer application
1. On LON-CFG, on the taskbar, click Configuration Manager Console.
2. Click the Software Library workspace, expand Application Management, and then click
Applications.
3. Right-click Applications, and then click Create Application.
4. In the Create Application Wizard, on the General page, ensure the Automatically detect
information about this application from installation files option is selected and that the Type list
displays Windows Installer (*.msi file), and then click Browse.
5. Navigate to \\LON-CFG\Software\MSI_Files\ExcelViewer, click xlview.msi, and then click Open.
Note: Be sure to use the Universal Naming Convention for the computer name,
\\LON-CFG\ as the E:\ drive will give you an error when you click Next.
6. On the General page, click Next.
Administering System Center Configuration Manager and Intune
L6-53
7. On the Import Information page, click Next.
8. On the General Information page, in the Administrator comments text box, type Excel viewer
program, in the Publisher text box, type Microsoft, and then in the Software version text box, type
12.0.4518.1069.
9. Under Administrative categories, click Select.
10. In the Manage Administrative Categories dialog box, click Create, in the Create Administrative
Category text box, type Viewer, and then click OK.
11. In the Manage Administrative Categories dialog box, click OK.
12. On the General Information page, click Next.
13. On the Summary page, click Next.
14. On the Completion page, click Close.
X Task 2: Modify an application requirement
1. In the Software Library workspace, under the Application Management folder, click the
Applications node.
2. Right-click Microsoft Office Excel Viewer, and then click Properties.
3. Click the Deployment Types tab.
4. Click the Microsoft Office Excel Viewer – Windows Installer (*.msi file) deployment type, and
then click Edit.
5. Click the Requirements tab, and then click Add.
6. In the Category list, click User.
7. Verify that the Condition list is set to Primary device.
8. Verify that the Operator is set to Equals.
9. Verify that the Value field is set to True.
10. In the Create Requirement dialog box, click OK.
11. In the Microsoft Office Excel Viewer – Windows Installer (*.msi file) Properties dialog box,
click OK.
12. In the Microsoft Office Excel Viewer Properties dialog box, click OK.
X Task 3: Create a Microsoft Office Word Viewer application
1. Right-click Applications, and then click Create Application.
2. In the Create Application Wizard, on the General page, click the Manually specify the application
information option.
3. On the General page, click Next.
4. On the General Information page, in the Name text box, type Microsoft Office Word Viewer.
5. In the Administrator comments text box, type Install on Windows 10 only.
6. In the Publisher text box, type Microsoft.
7. In the Software version text box, type 11.6506.6505.
8. To the right of the Administrative categories box, click Select.
L6-54
Deploying and managing applications
9. In the Manage Administrative Categories dialog box, select the Viewer check box, and then
click OK.
10. On the General Information page, click Next.
11. On the Application Catalog page, click Next.
12. On the Deployment Types page, click Add.
13. In the Create Deployment Type Wizard, on the General page, ensure that the Automatically
identify information about this deployment type from installation files option is selected and
that the type is set to Windows Installer (*.msi file).
14. Click the Browse button.
15. Navigate to \\LON-CFG\Software\MSI_Files\WordViewer, click wordview.msi, and then click
Open.
16. On the General page, click Next, and then in the warning message box, click Yes.
17. On the Import Information page, click Next.
18. On the General Information page, click Next.
19. On the Requirements page, click Add.
20. In the Create Requirement dialog box, click the Category drop-down list box, and then click
Device.
21. Click the Condition drop-down list box, and then click Operating system.
22. In the Operator list, select the Windows 10 check box.
23. In the Create Requirement dialog box, click OK.
24. On the Requirements page, click Next.
25. On the Dependencies page, click Next.
26. Review the Summary page, and then click Next.
27. On the Completion page of the Create Deployment Type Wizard, click Close.
28. On the Deployment Types page of the Create Application Wizard, click Next.
29. Review the Summary page, and then click Next.
30. On the Completion page, click Close.
Results: After completing this exercise, you should have created applications and modified requirements.
Exercise 3: Deploying applications
X Task 1: Distribute applications
1. Click the Microsoft Office Excel Viewer application, hold down the Ctrl key, and then click the
Microsoft Office Word Viewer application.
2. Right-click the Microsoft Office Word Viewer application, and then click Distribute Content.
3. In the Distribute Content Wizard, on the General tab, click Next.
4. On the Content page, click Next.
Administering System Center Configuration Manager and Intune
L6-55
5. On the Content Destination page, click Add, and then click Distribution Point.
6. In the Add Distribution Points dialog box, select the LON-CFG.ADATUM.COM check box, and then
click OK.
7. Click the Summary button.
8. On the Summary page, click Next.
9. On the Completion page, click Close.
X Task 2: Deploy an available application
1. Click the Microsoft Office Excel Viewer application, and on the ribbon, in the Deployment section,
click the Deploy button.
Note: Depending on the screen resolution of your system, the Deployment section may be
collapsed into a button. If this is the case, click Deployment, and then click Deploy.
2. In the Deploy Software Wizard, on the General page, near Collection, click Browse.
3. In the Select Collection dialog box, click the All Users collection, and then click OK.
4. On the General page, click Next.
5. On the Content page, click Next.
6. On the Deployment Settings page, verify that the Purpose is set to Available, and then click Next.
7. On the Scheduling page, click Next.
8. On the User Experience page, click Next.
9. On the Alerts page, click Next.
10. On the Summary page, click Next.
11. On the Completion page, click Close.
X Task 3: Deploy a required application
1. Right-click Microsoft Office Word Viewer, and then click Deploy.
2. In the Deploy Software Wizard, on the General page, next to the Collection box, click Browse.
3. In the Select Collection dialog box, in the User Collections drop-down list box, click Device
Collections.
4. Click All Desktop and Server Clients, click OK, and then click Next.
5. On the Content page, click Next.
6. On the Deployment Settings page, in the Purpose list, click Required, and then click Next.
7. On the Scheduling page, under Installation deadline, select the Schedule at option, and in the
Date list, select tomorrow’s date. Change the Time based on to Client local time, and then click
Next.
8. On the User Experience page, click Next.
9. On the Alerts page, click Next.
10. On the Summary page, click Next.
11. On the Completion page, click Close.
L6-56
Deploying and managing applications
X Task 4: Monitor content distribution
1. In the System Center Configuration Manager console, in the Monitoring workspace, click
Deployments.
2. In the preview pane, click the Summary tab, and then click the Content Status link.
3. After the console switches to the Content Status node, click Microsoft Office Excel Viewer.
4. In the preview pane, review the Completion Statistics. The distribution should be either In Progress
or Success. Click the View Status link.
5. On the Success tab, under Asset Details, check to see if LON-CFG.ADATUM.COM is listed. If it is
not listed, click Refresh until it displays.
6. Repeat steps 2 through 5 for Microsoft Office Word Viewer.
X Task 5: Install a required application
1. Switch to the LON-CL1 computer. Sign in as Adatum\Ed with the password of Pa$$w0rd.
2. Right-click the Start button and click Control Panel, click System and Security, and then click
Configuration Manager.
3. In the Configuration Manager Properties dialog box, on the Actions tab, click Machine Policy
Retrieval & Evaluation Cycle, click Run Now, and then click OK.
4. On the Actions tab, click Application Deployment Evaluation Cycle, click Run Now, and then
click OK.
5. In the Configuration Manager Properties dialog box, click OK.
6. Close the System and Security window.
7. Wait one minute for the policy to process. A notification that says Software changes are required
will briefly appear.
8. Click the Start button, and select All Apps in the menu. In the list of apps, scroll down and select
Microsoft System Center, and then select Software Center underneath it.
9. Click the Installation Status tab. If the Microsoft Office Word Viewer application is not listed,
refresh the screen. If the application still does not appear, repeat steps 2 through 7.
10. Click the Microsoft Office Word Viewer application, and review the Installation Status tab. Notice
the properties that you created, such as the Version information and the Description.
11. Click INSTALL, and then monitor the Status column until the status changes to Installed. A
notification that says Software changes are required will briefly appear.
X Task 6: Install an available application
1. Click the Find additional applications from the Application Catalog link, and if prompted, sign in
as Ed with the password Pa$$w0rd.
2. Click the Microsoft Office Excel Viewer application, and then click INSTALL.
3. In the APPLICATION INSTALLATION message box, click Yes.
4. Wait for the notification: Your application installation has started.
5. Close Internet Explorer and Microsoft Edge.
6. In the Software Center window, press the F5 key, and then monitor the installation status of the
Microsoft Office Excel Viewer installation.
Administering System Center Configuration Manager and Intune
L6-57
7. In the Software Center dialog box, click OK.
Note: Be aware that the Software Center (installation complete notification) dialog box
might open behind the Application Catalog webpage.
8. Verify that the Microsoft Office Excel Viewer application status has changed to Installed, and ensure
that you complete this task before proceeding to the next task.
9. Sign out of LON-CL1.
X Task 7: Monitor application deployment
1. Switch to the LON-CFG computer.
2. In the System Center Configuration Manager console, in the Monitoring workspace, click
Deployments.
3. Click Microsoft Office Word Viewer.
4. On the ribbon, click Run Summarization. In the Configuration Manager message box, click OK,
and then on the ribbon, click Refresh. Repeat this step until items appear in Status. This can take
approximately five minutes.
5. Review the information about application deployment completion in the Completion Statistics area.
6. Click the View Status link.
7. Review the information about application deployment status in the Deployment Status area.
8. Repeat steps 3 through 7 for Microsoft Office Excel Viewer.
Results: After completing this exercise, you should have created and deployed two applications, one as
required for systems and one as available to users. You should have installed both of them successfully on
one system.
X To prepare for the next lab
When you finish the lab, keep the virtual machines running because you will need them for the next lab in
this module.
L6-58
Deploying and managing applications
Lab B: Managing application supersedence
and removal
Exercise 1: Managing application supersedence
X Task 1: Create a Microsoft Visio Viewer 2013 application
1. On LON-CFG, on the taskbar, click Configuration Manager Console.
2. Click the Software Library workspace, expand Application Management, and then click
Applications.
3. Right-click Applications, and then click Create Application.
4. In the Create Application Wizard, on the General page, ensure that the Automatically detect
information about this application from installation files option is selected and that the Type list
displays Windows Installer (*.msi file), and then click Browse.
5. Navigate to \\LON-CFG\Software\MSI_Files\VisioViewer, click vviewer.msi, and then click Open.
6. On the General page, click Next.
7. On the Import Information page, click Next.
8. On the General Information page, click Next.
9. On the Summary page, click Next.
10. On the Completion page, click Close.
X Task 2: Modify an existing application
1. On LON-CFG, click the Software Library workspace, expand the Application Management folder,
and then click the Applications node.
2. Click the Microsoft Visio Viewer 2013 application, and then on the ribbon, click Properties.
3. In the Microsoft Visio Viewer 2013 Properties dialog box, click the Deployment Types tab.
4. Click the Microsoft Visio Viewer 2013 – Windows installer (*.msi file) deployment type, and then
click Edit.
5. In the Microsoft Visio Viewer 2013 – Windows installer (*.msi file) Properties dialog box, click
the Requirements tab.
6. On the Requirements tab, click Add.
7. In the Create Requirement dialog box, click the Category drop-down list box, and then click
Device.
8. Click the Condition drop-down list box, and then click Operating system.
9. In the Operator list, select the Windows 10 check box.
10. In the Create Requirement dialog box, click OK.
11. In the Microsoft Visio Viewer 2013 – Windows installer (*.msi file) Properties dialog box,
click OK.
12. Click the Supersedence tab.
13. Click the Add button.
14. In the Specify Supersedence Relationship dialog box, click Browse.
Administering System Center Configuration Manager and Intune
L6-59
15. In the Choose Application dialog box, click Microsoft Office Word Viewer, and then click OK.
16. In the Specify Supersedence Relationship dialog box, click the New Deployment Type drop-down
list box, and then click Microsoft Visio Viewer 2013 – Windows Installer (*.msi file).
17. Select the Uninstall check box for the Microsoft Office Word Viewer 2003 - Windows Installer
(*.msi file) deployment type, and then click OK.
18. In the Microsoft Visio Viewer 2013 Properties dialog box, click OK.
19. Right-click the Microsoft Visio Viewer 2013 application, and then click Revision History.
20. In the Application Revision History: Microsoft Visio Viewer 2013 dialog box, click Revision 1, and
then click View.
Note: Notice that as you review the Microsoft Visio Viewer 2013 Properties, you cannot
make changes.
21. In the Microsoft Visio Viewer 2013 Properties dialog box, click the Supersedence tab.
Note: The Supersedence relationship is not specified.
22. Close the Microsoft Visio Viewer 2013 Properties dialog box and the Application Revision
History: Microsoft Visio Viewer 2013 dialog box.
X Task 3: Deploy the Visio Viewer 2013 application
1. Click Microsoft Visio Viewer 2013. On the ribbon, click Deployment, and then click the Deploy
button.
2. In the Deploy Software Wizard, on the General page, near Collection, click Browse.
3. In the Select Collection dialog box, in the drop-down list box, click Device Collections, click the All
Desktops and Server Clients collection, and then click OK.
4. On the General page, click Next.
5. On the Content page, click Add, and then click Distribution Point.
6. In the Add Distribution Points dialog box, select the LON-CFG.ADATUM.COM check box, and then
click OK.
7. On the Content page, click Next.
8. On the Deployment Settings page, in the Action drop-down list box, click Install. In the Purpose
drop-down list box, click Required, and then click Next.
9. On the Scheduling page, click Next.
10. On the User Experience page, click Next.
11. On the Alerts page, click Next.
12. On the Summary page, click Next.
13. On the Completion page, click Close.
L6-60
Deploying and managing applications
X Task 4: Test the deployment
1. Switch to LON-CL1. Sign in as Adatum\Ed with the password Pa$$w0rd.
2. Right-click the Start button and click Control Panel, click System and Security, and then click
Configuration Manager.
3. In the Configuration Manager Properties dialog box, on the Actions tab, click Machine Policy
Retrieval & Evaluation Cycle, click Run Now, and then click OK.
4. In the Configuration Manager Properties dialog box, click OK.
5. Close the System and Security window.
6. Wait one minute for the policy to process.
7. You should see the Configuration Manager notification, Downloading and installing software. Wait
for the Installation Complete message to display before continuing.
8. Click the Start button, and select All Apps in the menu. In the list of apps, scroll down and select
Microsoft System Center, and then select Software Center underneath it.
9. In the Software Center window, review the Installation Status tab.
Question: What applications are available? What is the status of the applications?
Answer: Microsoft Office Excel Viewer is displayed and has a status of Installed. Microsoft Visio
Viewer 2013 is displayed and has a status of Installed. The Word Viewer application is not displayed.
10. Close Software Center, and then sign out from LON-CL1.
Results: After completing this exercise, you should have replaced the Word Viewer application with the
Visio Viewer application.
Exercise 2: Uninstalling the Excel Viewer Application
X Task 1: Delete the Excel Viewer deployment
1. Switch to LON-CFG. You should still be in the Applications node, under Application Management,
in the Software Library workspace of the System Center Configuration Manager console.
2. Click the Microsoft Office Excel Viewer application, and then in the preview pane, click the
Deployments tab.
3. Click the All Users deployment.
4. On the ribbon, click Delete.
5. In the Configuration Manager message box, click Yes.
6. Click the Deployment Types tab, and then double-click the Microsoft Office Excel Viewer –
Windows Installer (*.msi file) deployment type.
7. Click the Requirements tab, select the existing primary device requirement, and then click Delete.
8. Click OK to close the properties dialog box.
9. Right-click the deployment type Microsoft Office Excel Viewer – Windows Installer (*.msi file)
and then click Update Content.
10. Read the message in the Configuration Manager pop-up window, and then click Yes.
Administering System Center Configuration Manager and Intune
X Task 2: Deploy the uninstall Excel Viewer application
1. Click Microsoft Office Excel Viewer.
2. On the ribbon, click the Home tab, click Deployment, and then click the Deploy button.
3. In the Deploy Software Wizard, on the General page, near Collection, click Browse.
4. In the Select Collection dialog box, click the All Users collection, and then click OK.
5. On the General page, click Next.
6. On the Content page, click Next.
7. On the Deployment Settings page, in the Action drop-down list box, click Uninstall, and then
click Next.
8. On the Scheduling page, click Next.
9. On the User Experience page, click Next.
10. On the Alerts page, click Next.
11. On the Summary page, click Next.
12. On the Completion page, click Close.
X Task 3: Test the deployment for the Adatum\Ed account
1. Switch to LON-CL1, and sign in as Adatum\Ed with the password Pa$$w0rd.
2. Right-click the Start button and click Control Panel, click System and Security, and then click
Configuration Manager.
3. In the Configuration Manager Properties dialog box, on the Actions tab, click User Policy
Retrieval & Evaluation Cycle, click Run Now, and then click OK.
4. In the Configuration Manager Properties dialog box, on the Actions tab, click Application
Deployment Evaluation Cycle, click Run Now, and then click OK.
5. In the Configuration Manager Properties dialog box, click OK.
6. Close the System and Security window.
7. Wait one minute for the policy to process.
8. After the User Policy Retrieval & Evaluation Cycle completes, verify that the Configuration
Manager notification Removal Completed displays.
9. Click the Start button, and select All Apps in the menu. In the list of apps, scroll down and select
Microsoft System Center, and then select Software Center underneath it.
L6-61
L6-62
Deploying and managing applications
10. In the Software Center window, on the Installation Status tab, review the information for the
following question:
Question: What applications are available? What is the status of the applications?
Answer: Excel Viewer is displayed and has a status of not installed. (Depending on the timing, Excel
Viewer may already be removed from the list, and it may no longer display). Microsoft Visio Viewer
has a status of Installed.
11. Close Software Center, and then sign out from LON-CL1.
Results: After completing this exercise, you should have uninstalled Excel Viewer.
X To prepare for the next lab
When you finish the lab, keep the virtual machines running because you will need them for the next lab in
this module.
Administering System Center Configuration Manager and Intune
L6-63
Lab C: Deploying virtual applications by
using Configuration Manager (Optional)
Exercise 1: Configuring support for App-V
X Task 1: Extract the appv51_client_setup.msi file from the Client Setup .exe file
1. On LON-CFG, if not already signed in, sign in as Adatum\Administrator with the password
Pa$$w0rd.
2. Right click the Start icon and select Run. In the Run text box, type cmd and press the Enter key.
3. In the command prompt window, type E: and press Enter.
4. In the command prompt window, type cd “Software\VApps\Client”, and press Enter.
5.
In the command prompt window, type appv51_client_setup.exe /LayOut /LayoutDir=
E:\Software\Vapps\Client and press Enter.
6. Minimize the command prompt window, and on the Taskbar, select File Explorer.
7. Navigate to E:\Software\Vapps\Client, and confirm the two .msi files are there:
appv_client_MSI_x64.msi and appv_client_MSI_x86.msi.
8. If the two .msi files are not there, re-run step 5.
X Task 2: Create an App-V client application
1. On LON-CFG, on the taskbar, click Configuration Manager Console.
2. Click the Software Library workspace, expand Application Management, and then click
Applications.
3. Right-click Applications, and then click Create Application.
4. In the Create Application Wizard, on the General page, verify that the Automatically detect
information about this application from installation files option is selected and that the Type list
displays Windows Installer (*.msi file), and then click Browse.
5. Navigate to \\LON-CFG\Software\VApps\Client, click appv_Client_MSI_x64.msi, and then click
Open.
6. On the General page, click Next.
7. On the Import Information page, click Next.
8. On the General Information page, next to Installation program add AcceptEULA=1 at the end of
the installation command, and then click Next.
9. On the Summary page, click Next.
10. On the Completion page, click Close.
X Task 3: Deploy the App-V client
1. Right-click Microsoft Application Virtualization (App-V) Client x64, and then click Deploy.
2. In the Deploy Software Wizard, on the General page, next to the Collection box, click Browse.
3. In the Select Collection dialog box, in the User Collections drop-down list box, click Device
Collections.
4. Click All Windows 10 Workstations, click OK, and then click Next.
L6-64
Deploying and managing applications
5. On the Content page, click Add, and then click Distribution Point.
6. In the Add Distribution Points dialog box, select the LON-CFG.Adatum.com check box, and then
click OK.
7. On the Content page, click Next.
8. On the Deployment Settings page, click Next.
9. On the Scheduling page, click Next.
10. On the User Experience page, click Next.
11. On the Alerts page, click Next.
12. On the Summary page, click Next.
13. On the Completion page, click Close.
X Task 4: Install the App-V client on LON-CL1
1. Switch to the LON-CL1 computer, and sign in as Adatum\Ed with the password Pa$$w0rd.
2. Right-click Start and select Control Panel.
3. Click System and Security, and then click Configuration Manager.
4. In the Configuration Manager Properties dialog box, on the Actions tab, click Machine Policy
Retrieval & Evaluation Cycle, and then click Run Now.
5. In the Machine Policy Retrieval & Evaluation Cycle pop-up window, click OK.
6. In the Configuration Manager Properties dialog box, click OK.
7. Close the System and Security window.
8. Wait approximately one minute for the policy to process.
9. Click Start, click All Apps, expand Microsoft System Center, and then click Software Center.
10. Select the Microsoft Application Virtualization (App-V) Client x64 application, and then click
INSTALL SELECTED.
11. Monitor the Status column until the status changes to Installed.
12. Sign out of LON-CL1.
Results: After completing this exercise, you should have prepared the London client computers to run
App-V 5.1 applications.
Exercise 2: Deploying virtual applications
X Task 1: Add an App-V deployment type to the Excel Viewer application
1. Switch to LON-CFG. In the Configuration Manager console, click the Software Library workspace,
expand Application Management, and then click Applications.
2. Right-click Microsoft Office Excel Viewer, and then click Properties.
3. In the Microsoft Office Excel Viewer Properties dialog box, click the Deployment Types tab.
4. On the Deployment Types tab, click Add.
Administering System Center Configuration Manager and Intune
L6-65
5. On the General page of the Create Deployment Type Wizard, next to Type, click Windows Installer
(*.msi file), and then click Microsoft Application Virtualization 5.
6. Next to Location, click Browse.
7. In the Open dialog box, navigate to \\lon-cfg\software\VApps\ExcelViewer, click
ExcelViewer.appv, and then click Open.
8. On the General page, click Next.
9. On the Important Information page, click Next.
10. On the General Information page, click Next.
11. On the Requirements page, click Add.
12. On the Create Requirement page, click Device, and then click User.
13. Under Value, click True, then click False, and then click OK.
14. On the Requirements page, click Next.
15. On the Dependencies page, click Add.
16. In the Add Dependency dialog box, in the Dependency group name text box, type App-V Client,
and then click Add.
17. On the Specify Required Application page, click Microsoft Application Virtualization (App-V)
Client, select Microsoft Application Virtualization (App-V) Client x64 - Windows Installer (*.msi
file), and then click OK.
18. In the Add Dependency dialog box, click OK.
19. On the Dependencies page, click Next.
20. On the Summary page, click Next.
21. On the Completion page, click Close.
22. On the Deployment Types tab of the Microsoft Office Excel Viewer Properties dialog box, click
ExcelViewer – Microsoft Application Virtualization 5, and then click Increase Priority.
23. Click OK to close the Microsoft Office Excel Viewer Properties dialog box.
X Task 2: Remove the previous deployment
1. Click the Microsoft Office Excel Viewer application.
2. In the Previews pane, click Deployments.
3. Click All Users, and then on the ribbon, click Delete.
4. On the Configuration Manager dialog box, click Yes.
X Task 3: Deploy the Microsoft Office Excel Viewer application
1. Click the Software Library workspace, expand Application Management, and then click
Applications.
2. Right-click Microsoft Office Excel Viewer, and then click Deploy.
3. In the Deploy Software Wizard, on the General page, next to the Collection box, click Browse.
4. In the Select Collection dialog box, in the User Collections drop-down list box, click User
Collections.
5. In the right pane, click London Users, click OK, and then click Next.
L6-66
Deploying and managing applications
6. On the Content page, click Next.
7. On the Deployment Settings page, click Next.
8. On the Scheduling page, click Next.
9. On the User Experience page, click Next.
10. On the Alerts page, click Next.
11. On the Summary page, click Next.
12. On the Completion page, click Close.
X Task 4: Install the Microsoft Office Excel Viewer application on LON-CL1
1. Switch to the LON-CL1 computer, and sign in as Adatum\Adam with the password Pa$$w0rd.
2. On the taskbar, click Edge.
3. In the Edge Address bar, type http://lon-cfg.adatum.com/CMApplicationCatalog, and then press
Enter.
4. When prompted, sign in as Adatum\Adam with the password Pa$$w0rd.
5. Maximize the browser, and click the Microsoft Office Excel Viewer application, and then click
INSTALL.
6. In the APPLICATION INSTALLATION dialog box, click YES.
7. Wait for the application installation to complete, which could take up to five minutes.
Note: The installation complete notification might open behind the Application Catalog
webpage.
8. In the Software Center dialog box, click OK.
X Task 5: Verify that the Microsoft Office Excel Viewer application installed
1. In the Search bar on the Taskbar, type Excel and select Microsoft Office Excel Viewer. (Because this
is the first time the application has run, it may take up to two minutes to start.)
2. In the User Name dialog box, click OK, and then in the Open dialog box, click Cancel.
3. Sign out of LON-CL1.
Results: After completing this exercise, you should have created a virtual application deployment type for
the Excel Viewer application. In addition, you should have deployed it to Adatum\Ed on LON-CL1.
X To prepare for the next lab
When you finish the lab, keep the virtual machines running because you will need them for the next lab in
this module.
Administering System Center Configuration Manager and Intune
L6-67
Lab D: Using Configuration Manager to
deploy Windows Store apps
Exercise 1: Configuring support for sideloading Windows Store apps
X Task 1: Install the Windows Desktop experience
1. On LON-DC1, in the Server Manager window, click Add roles and features.
2. In the Add Roles and Features Wizard, on the Before You Begin page, click Next.
3. On the Installation Type page, click Next.
4. On the Server Selection page, click Next.
5. On the Server Roles page, click Next.
6. On the Features page, expand User Interfaces and Infrastructure, and then select the Desktop
Experience check box.
7. In the Add Roles and Features Wizard dialog box, click Add Features.
8. On the Features page, click Next.
9. On the Confirmation page, select the Restart the destination server automatically if required
check box.
10. In the Add Roles and Features Wizard dialog box, click Yes.
11. On the Confirmation page, click Install.
Note: Once the feature installation completes, LON-DC1 will restart automatically.
12. On LON-DC1, sign in as Adatum\Administrator with the password Pa$$w0rd.
13. Click to the desktop and then in the Installation progress window, click Close.
X Task 2: Copy a root CA certificate
1. On LON-DC1, on the taskbar, click the File Explorer icon.
2. Double-click Local Disk (C:).
3. Click the Home menu, and then click New folder. In the Name text box, type RootCA.
4. Double-click RootCA.
5. On the taskbar, right-click the File Explorer icon, and then click File Explorer.
6. In the This PC window, in the address box, type \\LON-CFG\Software\LeXProductsGrid, and then
press Enter.
7. Right-click LeXProductsGrid81_1.1.0.2_AnyCPU.cer, and then click Copy.
8. Switch to the RootCA window.
9. Right-click in the RootCA window, and then click Paste.
10. Close all open File Explorer windows.
L6-68
Deploying and managing applications
X Task 3: Open the Group Policy Management Console
1. On LON-DC1, open the Server Manager console.
2. On the Dashboard screen, click Tools, and then click Group Policy Management.
3. In the Group Policy Management Console, expand Forest: Adatum.com, expand Domains, expand
Adatum.com, and then click Group Policy Objects.
X Task 4: Create and configure a sideloading GPO
1. To create a new Group Policy Object (GPO), click the Action menu, and then click New.
2. In the New GPO dialog box, in the Name text box, type Windows 10 Sideloading, and then
click OK.
3. Right-click Windows 10 Sideloading, and then click Edit.
4. Under Computer Configuration, expand Policies, expand Administrative Templates, expand
Windows Components, click App Package Deployment, and then double-click Allow All Trusted
apps to install.
5. In the Allow all trusted apps to install dialog box, click the Enabled option, and then click OK.
6. Under Computer Configuration, expand Policies, expand Administrative Templates, expand
Windows Components, click Store, and then double-click Turn off the Store application.
7. In the Turn off the Store application dialog box, click the Enabled option, and then click OK.
X Task 5: Add a root CA certificate to a GPO
1. Under Computer Configuration, expand Policies, expand Windows Settings, expand Security
Settings, and then click Public Key Policies.
2. Right-click Trusted Root Certification Authorities, and then click Import.
3. In the Certificate Import Wizard, on the Welcome to the Certificate Import Wizard page, click
Next.
4. On the File to Import page, click Browse, and then browse to C:\RootCA.
5. Click LeXProductsGrid81_1.1.0.2_AnyCPU.cer, and then click Open.
6. On the File to Import page, click Next.
7. On the Certificate Store page, click Next.
8. On the Completing the Certificate Import Wizard page, click Finish.
9. Wait approximately one minute for the Certificate Import Wizard pop-up window to display, and
then click OK.
10. Close the Group Policy Management Editor.
X Task 6: Link the sideloading GPO to the Windows 10 OU
1. In the Group Policy Management Console, click the London Clients organizational unit (OU).
2. Right-click the London Clients OU, and then click Link an Existing GPO.
3. In the Select GPO dialog box, click Windows 10 Sideloading, and then click OK.
4. Close the Group Policy Management Console.
Administering System Center Configuration Manager and Intune
L6-69
X Task 7: Refresh policy on LON-CL1
1. Sign in to LON-CL1 as Adatum\Administrator with the password Pa$$w0rd.
2. Right-click the Start button and click Command Prompt (Admin).
3. At the administrator command prompt, type the following command, and then press Enter:
GPUpdate /Force
4. Wait until the policy update completes successfully, and then sign out of LON-CL1.
Results: After completing this exercise, you should have configured Group Policy to support sideloading a
Windows Store app on Windows 10 Enterprise systems.
Exercise 2: Configuring a Windows Store App
X Task 1: Create the Windows Store app
1. On LON-CFG, switch to the Configuration Manager console.
2. Click the Software Library workspace, expand Application Management, and then click
Applications.
3. Right-click Applications, and then click Create Application.
4. In the Create Application Wizard, on the General page, verify that the Automatically detect
information about this application from installation files option is selected.
5. In the Type list, click Windows app package (*.appx, *.appxbundle), and then click Browse.
6. Navigate to \\LON-CFG\Software\LexProductsGrid, click
LeXProductsGrid81_1.1.0.2_AnyCPU.appx, and then click Open.
7. On the General page, click Next.
8. On the Import Information page, click Next.
9. On the General Information page, click Next.
10. On the Summary page, click Next.
11. On the Completion page, click Close.
Results: After completing this exercise, you should have configured a Windows Store app for deployment
on Windows 10–based computers.
L6-70
Deploying and managing applications
Exercise 3: Deploying Windows 10 apps to users
X Task 1: Distribute the Windows Store app content
1. Right-click the TestAppTKL1 application, and then click Distribute Content.
2. In the Distribute Content Wizard, on the General tab, click Next.
3. On the Content page, click Next.
4. On the Content Destination page, click Add, and then click Distribution Point.
5. In the Add Distribution Points dialog box, select the LON-CFG.Adatum.com check box, and then
click OK.
6. Click Summary.
7. On the Summary page, click Next.
8. On the Completion page, click Close.
X Task 2: Monitor content distribution
1. In the preview pane, click the Summary tab, and then click the Content Status link.
2. After the console switches to the Content Status node, click TestAppTKL1.
3. In the preview pane, review the Completion Statistics. The distribution status should be either
In Progress or Success.
4. Click the View Status link.
5. On the Success tab, verify that LON-CFG.Adatum.com is listed in the Asset Details section. If
LON-CFG.Adatum.com is not listed, click Refresh until LON-CFG.Adatum.com displays on the
Success tab in the Asset Details section.
X Task 3: Deploy the Windows Store app to users
1. Click the Software Library workspace, expand Application Management, and then click
Applications.
2. Right-click TestAppTKL1, and then click Deploy.
3. In the Deploy Software Wizard, on the General page, next to the Collection box, click Browse.
4. In the Select Collection dialog box, in the User Collections drop-down list box, click User
Collections.
5. In the right pane, click London Users, click OK, and then click Next.
6. On the Content page, click Next.
7. On the Deployment Settings page, click Next.
8. On the Scheduling page, click Next.
9. On the User Experience page, click Next.
10. On the Alerts page, click Next.
11. On the Summary page, click Next.
12. On the Completion page, click Close.
Administering System Center Configuration Manager and Intune
L6-71
X Task 4: Monitor application deployment
1. Switch to the LON-CL1 computer.
2. Sign in as Adatum\Ed with the password Pa$$w0rd.
3. Click Microsoft Edge.
4. In the Microsoft Edge Address bar, type http://LON-cfg.Adatum.com/CMApplicationCatalog. This
will open Internet Explorer. Close Microsoft Edge.
5. Sign in as Ed with the password Pa$$w0rd. Click the TestAppTKL1 application, and then click
INSTALL.
6. In the APPLICATION INSTALLATION dialog box, click YES.
7. Wait for the application installation to complete, and then click OK to close the Installation
Complete notification dialog box.
Note: The installation complete notification can take up to five minutes to appear and
might open behind the Application Catalog webpage.
X Task 5: Validate the application deployment
1. On LON-CL1, open a File Explorer window and navigate to C:\Windows\CCM\Logs.
2. Double-click the AppEnforce.log file.
3. Review the log file for the application information and the time for the deployment to complete.
Note: There should be approximately six entries, and the last one should display as App
enforcement completed (xx seconds) for App DT “TestAppTKL1 – Windows app package
(*.appx, *.appxbundle)”.
4. Close all open windows on LON-CL1, and sign out.
5. Switch to LON-CFG. In the Configuration Manager console, in the Monitoring workspace, click
Deployments.
6. Click TestAppTKL1.
7. On the ribbon, click Run Summarization.
8. In the Configuration Manager message box, click OK, and then on the ribbon, click Refresh. Repeat
this step until the status changes.
Note: This process could take up to 15 minutes.
9. Review the information for the application deployment completion in the Completion Statistics
area.
L6-72
Deploying and managing applications
10. Click the View Status link.
11. Review the information about the application deployment status in the Deployment Status area.
Results: After completing this exercise, you should have deployed a Windows 10 app to your London
users.
X To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 to 3 for 20696C-LON-CFG-B and 20696C-LON-CL1-B.
L7-73
Module 7: Maintaining software updates for managed PCs
Lab A: Configuring the site for software
updates
Exercise 1: Configuring and synchronizing the software update point
X Task 1: Configure site system prerequisites
1. On LON-SVR1, in the Server Manager console, click Tools, and then click Computer Management.
2. Expand System Tools, expand Local Users and Groups, and then click Groups.
3. In the details pane, double-click Administrators.
4. In the Administrators Properties dialog box, click Add.
5. In the Select Users, Computers, Service Accounts, or Groups dialog box, click Object Types.
6. In the Object Types dialog box, select Computers, and then click OK.
7. In the Select Users, Computers, Service Accounts, or Groups dialog box, type LON-CFG, click
Check Names, and then click OK.
8. To close the Administrators Properties dialog box, click OK. Close Computer Management.
9. In the Server Manager console, in the navigation pane, click WSUS. Verify that LON-SVR1 is listed in
the SERVERS section. This will indicate that WSUS is installed.
10. Close Server Manager.
X Task 2: Add a new site system with the software update point role
1. On LON-CFG, on the taskbar, click the Configuration Manager Console icon.
2. In the Configuration Manager console, click the Administration workspace, expand Site
Configuration, and then click Servers and Site System Roles.
3. Right-click Servers and Site System Roles, and then click Create Site System Server.
4. In the Create Site System Server Wizard, on the General page, configure the following settings, and
then click Next:
o
Name: LON-SVR1.Adatum.com
o
Site code: S01 – Adatum Site
5. On the Proxy page, click Next.
6. On the System Role Selection page, select Software update point, and then click Next.
7. On the Software Update Point page, click WSUS is configured to use ports 8530 and 8531 for
client communications (default settings for WSUS on Windows Server 2012).
8. Under Client Connection Type, verify that Allow intranet-only client connections is selected, and
then click Next.
9. On the Proxy and Account Settings page, click Next.
10. On the Synchronization Source page, select Do not synchronize from Microsoft Update or
upstream data source, and then click Next.
L7-74
Maintaining software updates for managed PCs
11. On the Synchronization Schedule page, configure the following settings, and then click Next:
o
Enable synchronization on a schedule is selected
o
Simple schedule is selected
o
Run every: 5 days
o
Alert when synchronization fails on any site in the hierarchy is not selected
12. On the Supersedence Rules page, click Immediately expire a superseded software update, and
then click Next.
13. On the Classifications page, select Critical Updates and Security Updates, clear all other check
boxes, and then click Next.
14. On the Products page, clear all selections, and then click Next.
Note: You do not select any products now because Windows 10 and Microsoft Office 2016
will first be available after the initial synchronization. You will select them later in the lab exercise.
15. On the Languages page, ensure that only English is selected. Clear all other selected languages, and
then click Next.
16. On the Summary page, click Next.
17. On the Completion page, click Close.
18. In the Configuration Manager console, click the Monitoring workspace, expand System Status, and
then click Component Status.
19. In the results pane, scroll down, and then click SMS_WSUS_CONTROL_MANAGER.
20. Right-click SMS_WSUS_CONTROL_MANAGER, point to Show Messages, and then click All.
21. In the Status Messages: Set Viewing Period dialog box, click OK.
22. Browse through the status messages, and verify that the component has installed successfully on
LON-SVR1.Adatum.com.
23. Refresh the display until status message 1015 displays.
24. Close Status Message Viewer.
X Task 3: Configure a software update point
1. On LON-CFG, in the Configuration Manager console, click the Software Library workspace, expand
Software Updates, and then click All Software Updates.
2. Right-click All Software Updates, and then click Synchronize Software Updates.
3. In the message box, click Yes.
Note: Wait approximately one minute before continuing.
4. Click the Administration workspace, expand Site Configuration, and then click Sites.
5. In the results pane, right-click S01 – Adatum Site, point to Configure Site Components, and then
click Software Update Point.
Administering System Center Configuration Manager and Intune
L7-75
6. In the Software Update Point Component Properties dialog box, click the Sync Settings tab, and
then verify that Do not synchronize from Microsoft Update or upstream data source is selected.
Note: Note that you do this for the lab environment because there is no Internet
connection for the virtual machines.
7. Click the Products tab, and then select both Office 2016 and Windows 10.
8. To close the Software Update Point Component Properties dialog box, click OK.
X Task 4: Synchronize the software update point
1. In the Configuration Manager console, click the Software Library workspace, expand Software
Updates, and then click All Software Updates.
2. Right-click All Software Updates, click Synchronize Software Updates, and then click Yes.
3. Click the Monitoring workspace, and then click Software Update Point Synchronization Status.
4. In the preview pane, note the synchronization status. It will take approximately 10 to 15 minutes for
this to complete. Refresh the console to view the updated status. You also can view the
wsyncmgr.log file to monitor the synchronization status.
Note: The wsyncmgr.log file is located in <Drive>:\Program Files\Microsoft Configuration
Manager\Logs.
5. Continue to monitor and refresh the Software Update Point Synchronization Status until the
Synchronization Status displays Completed.
6. Click the Software Library workspace, expand Software Updates, and then click All Software
Updates. In the preview pane, verify that the updates are listed.
X Task 5: Configure the software update client settings
1. In the Configuration Manager console, click the Administration workspace, and then click Client
Settings.
2. In the results pane, right-click Default Client Settings, and then click Properties.
3. In the Default Settings dialog box, click Software Updates. Verify that Enable software updates
on clients is configured as Yes.
4. Next to Software update scan schedule, click Schedule. Configure a Simple schedule to run every
3 days, and then click OK.
5. In the Default Settings dialog box, click State Messaging. Next to State message reporting cycle
(minutes), verify that the value is 5 minutes.
6. To close the Default Settings dialog box, click OK.
L7-76
Maintaining software updates for managed PCs
X Task 6: Run the software updates scan on a client
1. Switch to LON-CL1.
2. Right-click the Start button and then click Control Panel.
3. In Control Panel, click System and Security.
4. In System and Security, click Configuration Manager.
5. In the Configuration Manager Properties dialog box, click the Actions tab.
6. On the Actions tab, click Machine Policy Retrieval & Evaluation Cycle, click Run Now, and then
click OK.
7. On the Actions tab, click Software Updates Scan Cycle, click Run Now, and then click OK.
8. To close the Configuration Manager Properties dialog box, click OK.
9. Close Control Panel.
Note: You also can view the WUAHandler.log file to monitor the scan status. This log file
is located in C:\Windows\CCM\Logs.
Note: You will review the results of the scan in the next lab.
X Task 7: To prepare for the next lab
Leave all the virtual machines running for the next lab.
Results: After completing this exercise, you should have configured and synchronized the software
update point and verified the client settings for software updates.
Administering System Center Configuration Manager and Intune
L7-77
Lab B: Deploying and managing software
updates
Exercise 1: Determining software update compliance
X Task 1: Determine required software updates
1. On LON-CFG, on the taskbar, click the Configuration Manager Console icon.
2. In the Configuration Manager console, click the Software Library workspace, expand Software
Updates, and then click the All Software Updates node.
3. On the ribbon, click Run Summarization, and then click OK.
4. Refresh the results pane, and then scroll down to view the latest compliance statistics.
5. In the results pane, click the column heading of the Required column. Scroll to the bottom of the
pane to view all updates that at least one device requires. This is indicated by the number 1 in the
Required column.
Note: If you do not see any required updates, repeat Lab A, Exercise 1, task 6 (“Run the
software updates scan on a client”). Then repeat this current task (“Determine required software
updates”). It may take as long as 15 minutes for the compliance statistics to display.
X Task 2: Create a saved search
1. In the Configuration Manager console, click the Software Library workspace, expand Software
Updates, and then click the All Software Updates node.
2. In the search pane, click Add Criteria.
3. In the Add Criteria box, select the check boxes next to the following, and then click Add:
o
Required
o
Product
o
Update Classification
4. In the search pane, click Active Directory Rights Management Services Client 2.0, and then click
Windows 10.
5. In the search pane, click is less than or equal to, click is greater than or equal to, and then in the
text box, type 1.
6. In the search pane, verify that Critical Updates displays next to Update Classification, and then click
Search.
7. Verify that the list now displays only the required critical updates for Windows 10. You should see two
required critical updates.
8. In the ribbon, click Save Current Search As.
9. In the Configuration Manager dialog box, in the Search name text box, type Windows 10 Critical
Updates - Required, and then click OK.
10. On the ribbon, click Saved Searches, and then click Manage Searches for Current Node.
11. Click Windows 10 Critical Updates – Required, and then click OK.
12. To clear the search filter, on the ribbon, click Close.
L7-78
Maintaining software updates for managed PCs
X Task 3: Use reports to determine update compliance
1. In the Configuration Manager console, click the Monitoring workspace, expand Reporting, and then
expand the Reports node.
2. In the navigation pane, scroll down, and then click Software Updates – A Compliance.
3. Verify that in the results pane, eight compliance reports display.
4. In the results pane, right-click Compliance 5 – specific computer, and then click Run.
5. In the Compliance 5 – Specific computer dialog box, configure the following, and then click View
Report:
o
Device Name: LON-CL1.ADATUM
o
Vendor: Microsoft
o
Update Class: Critical Updates
6. Take note of the critical updates that LON-CL1 requires, verify that updates display, and then close
the Compliance 5 – Specific computer window.
7. In the navigation pane, scroll down, and then click Software Updates – B Deployment
Management.
8. In the results pane, verify that eight reports display.
9. In the results pane, right-click Management 2 – updates required but not deployed, and then
click Run.
10. In the Management 2 – updates required but not deployed window, configure the following, and
then click View Report:
o
Collection: SMS00001 – All Systems
o
Vendor: Microsoft
o
Update Class: Critical Updates
11. Notice the updates that are required but not deployed.
12. Close the Management 2 – updates required but not deployed window.
Results: After completing this exercise, you should have determined compliance of the client computer
with software updates.
Exercise 2: Deploying software updates to clients
X Task 1: Create a software update group
1. On LON-CFG, if necessary, on the taskbar, click the Configuration Manager Console icon.
2. In the Configuration Manager console, click the Software Library workspace, expand Software
Updates, and then click All Software Updates.
3. On the ribbon, click Saved Searches, and then click Manage Searches for Current Node.
4. Click Windows 10 Critical Updates – Required, and then click OK.
5. In the preview pane, select the following update:
o
Cumulative Update for Windows 10 Version 1511 for x64-based Systems (KB3124262))
Administering System Center Configuration Manager and Intune
L7-79
6. On the ribbon, on the Home tab, click Create Software Update Group.
7. In the Create Software Update Group dialog box, in the Name text box, type Critical Updates –
Windows 10, in the Description text box, type Critical Updates for Windows 10, and then click
Create.
8. In the Software Library workspace, under Software Updates, click Software Update Groups. Verify
that the Critical Updates – Windows 10 software update group displays in the results pane.
9. Click Critical Updates – Windows 10, and then on the ribbon, click Show Members. Verify that the
update that you added displays.
10. Under Software Updates, click Software Update Groups.
11. On the ribbon, click Run Summarization, and then in the Configuration Manager dialog box,
click OK.
12. Refresh the results pane.
13. Verify that the preview pane displays the compliance statistics for the Critical Updates –
Windows 10 software update group.
X Task 2: Create a deployment package
1. In the navigation pane, expand Software Updates, and then click Software Update Groups.
2. In the results pane, right-click Critical Updates – Windows 10, and then click Download.
3. In the Download Software Updates Wizard, on the Deployment Package page, verify that Create a
new deployment package is selected. Configure the following settings, and then click Next:
o
Name: Critical Updates – Windows 10
o
Package source: \\LON-CFG\E$\Source\Updates
4. On the Distribution Points page, click Add, and then click Distribution Point.
5. In the Add Distribution Points dialog box, select LON-CFG.ADATUM.COM, click OK, and then click
Next.
6. On the Distribution Settings page, click Next.
7. On the Download Location page, click Download software updates from a location on my
network, in the text box, type \\LON-CFG\E$\Software\Updates, and then click Next.
8. On the Language Selection page, verify that only English is selected, and then click Next.
9. On the Summary page, click Next.
10. On the Completion page, verify that the package and software updates show success as indicated by
a green circle icon and a check mark icon, and then click Close.
11. In the navigation pane, under Software Updates, click Deployment Packages.
12. In the preview pane, verify that the Distribution Point Status shows Success.
X Task 3: Deploy software updates
1. Click the Software Library workspace, expand Software Updates, and then click Software Update
Groups.
2. In the results pane, select Critical Updates – Windows 10.
3. On the ribbon, click Deploy.
L7-80
Maintaining software updates for managed PCs
4. In the Deploy Software Updates Wizard, on the General page, configure the following, and then click
Next:
o
Deployment Name: Critical Updates – Windows 10
o
Collection: All Windows 10 Workstations
5. On the Deployment Settings page, next to Type of deployment, click Required, and then click
Next.
6. On the Scheduling page, configure the following, and then click Next:
o
Schedule evaluation: Client local time
o
Software available time: As soon as possible
o
Installation deadline: As soon as possible.
7. On the User Experience page, configure the following, and then click Next:
o
User notifications: Display in Software Center and show all notifications
8. On the Alerts page, select Generate an alert when the following conditions are met, and then
click Next.
9. On the Download Settings page, click Next.
10. On the Summary page, verify that the settings are correct, and then click Save As Template.
11. In the Save As Template dialog box, in the Name text box, type Critical Updates – Windows 10,
and then click Save.
12. On the Summary page, click Next
13. On the Completion page, click Close.
14. In the preview pane, click the Deployment tab. Verify that the Critical Updates – Windows 10
deployment targets the All Windows 10 Workstations collection, and that it is enabled.
X Task 4: Run software updates deployment on a client
1. Switch to LON-CL1.
2. Right-click the Start button, click Control Panel, and then click System and Security.
3. Click Configuration Manager.
4. In the Configuration Manager Properties dialog box, click the Actions tab.
5. On the Actions tab, click Machine Policy Retrieval & Evaluation Cycle, click Run Now, and then
click OK.
6. On the Actions tab, click Software Updates Deployment Evaluation Cycle, click Run Now, and
then click OK.
7. To close the Configuration Manager Properties dialog box, click OK.
8. Close Control Panel.
Note: In approximately one minute, an icon displays in the notification area.
9. When the Software changes are required notification displays in the lower left corner, open
Software Center by clicking the up-arrow in the taskbar next to then network icon. Click
Downloading and installing software, and then click Open Software Center.
Administering System Center Configuration Manager and Intune
L7-81
10. In the Software Center, on the Installation Status tab, take note of the installation status and details
for the software update.
11. Wait for the installation to complete, and then click Restart in the bottom-right corner of Software
Center. When prompted, click Restart.
12. When LON-CL1 has restarted, sign in by using the following credentials:
o
User name: Adatum\Administrator
o
Password: Pa$$w0rd
13. Right-click Start, click Control Panel, and then click System and Security.
14. Click Configuration Manager.
15. In the Configuration Manager Properties dialog box, click the Actions tab.
16. On the Actions tab, click Machine Policy Retrieval & Evaluation Cycle, click Run Now, and then
click OK.
17. On the Actions tab, click Software Updates Deployment Evaluation Cycle, click Run Now, and
then click OK.
18. To close the Configuration Manager Properties dialog box, click OK.
19. Close Control Panel.
X Task 5: View the deployment status of software updates
1. On LON-CFG, in the Configuration Manager console, click the Monitoring workspace, and then in
the navigation pane, click Deployments.
2. In the results pane, right-click Critical Updates – Windows 10, and then click View Status.
3. In the results pane, click Run Summarization, and then click OK.
4. Click the In Progress tab. View the status information, and refresh as required. When status
information is reported, the status of the software update group changes to compliant. This is
indicated by a full green circle next to the Refresh Button.
Note: It may take between 5 and 10 minutes for compliance reporting to conclude. If you
do not receive status information, repeat step 3 to run a summarization, and then refresh the
results pane.
Results: After completing this exercise, you should have deployed software updates to clients.
Exercise 3: Configuring automatic deployment rules
X Task 1: Create an automatic deployment rule
1. On LON-CFG, if necessary, on the taskbar, click the Configuration Manager console icon.
2. In the Configuration Manager console, click the Software Library workspace, expand Software
Updates, and then click Automatic Deployment Rules.
3. On the ribbon, click Create Automatic Deployment Rule.
L7-82
Maintaining software updates for managed PCs
4. In the Create Automatic Deployment Rule Wizard, on the General page, configure the following, and
then click Next:
o
Name: Required Critical Updates for Windows 10
o
Template: Patch Tuesday
o
Collection: All Windows 10 Workstations
o
Add to an existing Software Update Group: selected
o
Enable the deployment after this rule is run: selected
5. On the Deployment Settings page, click Next.
6. On the Software Updates page, deselect Date Released or Revised and then select Product and
Required.
7. Configure the selected Property filters as follows:
o
Product: Windows 10
o
Required: >=1
o
Update Classification: Critical Updates
8. Click Preview to determine which updates apply from the most recent synchronization, and then
click Close.
9. On the Software Updates page, click Next.
10. On the Evaluation Schedule page, verify that the Run the rule on a schedule option is selected,
and then click Next.
11. On the Deployment Schedule page, verify that the template settings are configured as follows:
o
Schedule evaluation: Client local time
o
Software available time: 4 Hours
12. On the Deployment Schedule page, click Next.
13. On the User Experience page, verify the following template setting:
o
User notifications: Display in Software Center and show all notifications
14. On the User Experience page, click Next.
15. On the Alerts page, verify that Generate an alert when the following conditions are met is
selected, and then click Next.
16. On the Download Settings page, click Next.
17. On the Deployment Package page, click Create a new deployment package, and use the following
settings:
o
Name: AutoDeployment
o
Package source: \\LON-CFG\E$\source\autoupdate
18. On the Deployment Package page, click Next.
19. On the Distribution Points page, click Add, and then click Distribution Point.
20. In the Add Distribution Points dialog box, select LON-CFG.ADATUM.COM, and then click OK.
21. On the Distribution Points page, click Next.
Administering System Center Configuration Manager and Intune
L7-83
22. On the Download Location page, click Download software updates from a location on my
network. In the text box, type \\LON-CFG\E$\Software\Updates, and then click Next.
23. On the Language Selection page, ensure that only English is selected, and then click Next.
24. On the Summary page, verify that the settings are correct, and then click Next.
25. On the Completion page, click Close.
X Task 2: Run an automatic deployment rule
1. In the navigation pane, click Automatic Deployment Rules, and then in the results pane, click
Required Critical Updates for Windows 10.
2. On the ribbon, click Run Now.
3. In the Configuration Manager dialog box, click OK.
4. In the navigation pane, click Software Update Groups.
5. Refresh the results pane.
6. In the results pane, click the software update group named Required Critical Updates for
Windows 10. Notice that the Created By column displays AutoUpdateRuleEngine.
7. In the preview pane, click the Deployment tab. Notice that a deployment is created and enabled
automatically.
8. In the results pane, right-click Required Critical Updates for Windows 10, and then click Show
Members. Notice the list of software updates that have been added automatically to the software
update group.
X Task 3: To prepare for the next module
Leave all the virtual machines running for use in the next module.
Results: After completing this exercise, you should have created an automatic deployment rule.
L8-85
Module 8: Implementing Endpoint Protection for
managed PCs
Lab: Implementing Microsoft System Center
Endpoint Protection
Exercise 1: Configuring the System Center Endpoint Protection point and
client settings
X Task 1: Add the Endpoint Protection point role
1. On LON-CFG, on the taskbar, click Configuration Manager Console.
2. In the Microsoft System Center Configuration Manager console, click the Administration workspace,
expand Site Configuration, and then click Servers and Site System Roles.
3. In the results pane, click \\LON-CFG.Adatum.com.
4. On the ribbon, click the Home tab, and then click Add Site System Roles.
5. In the Add Site System Roles Wizard, on the General page, verify the following settings, and then
click Next:
o
Name: LON-CFG.Adatum.com
o
Site code: S01 – Adatum Site
o
Active Directory Forest: Adatum.com
o
Active Directory Domain: Adatum.com
6. On the Proxy page, click Next.
7. On the System Role Selection page, select the Endpoint Protection point check box.
8. In the message box, click OK, and then click Next.
9. On the Endpoint Protection page, select the I accept the Endpoint Protection license terms
check box, and then click Next.
10. On the Microsoft Active Protection Service page, click the Do not join MAPS option, and then
click Next.
11. On the Summary page, click Next.
12. On the Completion page, click Close.
13. In the Configuration Manager console, click the Monitoring workspace. Expand System Status, and
then click Component Status.
14. In the results pane, scroll down, and then click SMS_ENDPOINT_PROTECTION_MANAGER.
15. Right-click SMS_ENDPOINT_PROTECTION_MANAGER, point to Show Messages, and then click All.
16. In the Status Messages: Set Viewing Period dialog box, click OK.
17. Browse through the status messages and verify that Message ID 500 displays. This message indicates
that the component has started.
18. Close the Status Message Viewer.
L8-86
Implementing Endpoint Protection for managed PCs
X Task 2: Configure the software update point to synchronize definition updates
1. On LON-CFG, in the System Center Configuration Manager console, click the Administration
workspace, expand Site Configuration, and then click Sites.
2. In the results pane, right-click S01 – Adatum Site, point to Configure Site Components, and then
click Software Update Point.
3. In the Software Update Point Component Properties dialog box, click the Sync Settings tab.
4. Verify that Do not synchronize from Microsoft Update or upstream data source is selected.
Note: Note that you do this for the lab environment because is the virtual machines have
no Internet connection.
5. Click the Classifications tab, and then select Definition Updates.
6. Click the Products tab, and then select both the Forefront Endpoint Protection 2010 (Forefront
category) and Windows Defender (Windows category) check boxes.
7. To close the Software Update Point Component Properties dialog box and save your settings,
click OK.
8. In the Configuration Manager console, click the Software Library workspace, expand Software
Updates, and then click All Software Updates.
9. Right-click All Software Updates, click Synchronize Software Updates, and then click Yes.
10. Click the Monitoring workspace, and then click Software Update Point Synchronization Status.
11. In the preview pane, notice the synchronization status. Wait approximately 3 to 5 minutes for this
synchronization to complete.
Note: You also can view the wsyncmgr.log file to monitor the synchronization status. The
wsyncmgr.log file is located in <Drive>:\Program Files\Microsoft Configuration Manager\Logs.
12. Click Refresh periodically to refresh the Software Update Point Synchronization Status. Continue to
monitor the Software Update Point Synchronization Status until the Synchronization Status displays
Completed.
13. Click the Software Library workspace, expand Software Updates, and then click All Software
Updates.
14. Right-click All Software Updates, and then click Run Summarization. In the Configuration
Manager dialog box, click OK.
15. Click Refresh periodically to refresh the All Software Updates node until definition updates for
Microsoft Endpoint Protection and definition updates Windows Defender are visible in the details
pane.
X Task 3: Create Automatic Deployment Rule for definition updates
1. On LON-CFG, if necessary, on the taskbar, click the Configuration Manager Console icon.
2. In the Configuration Manager console, click the Software Library workspace, expand Software
Updates, and then click Automatic Deployment Rules.
3. On the ribbon, click Create Automatic Deployment Rule.
Administering System Center Configuration Manager and Intune
L8-87
4. In the Create Automatic Deployment Rule Wizard, on the General page, configure the following
settings, and then click Next:
o
Name: Definition Updates
o
Template: Definition Updates
o
Collection: All Desktop and Server Clients
o
Add to an existing Software Update Group: selected
o
Enable the deployment after this rule is run: selected
5. On the Deployment Settings page, click Next.
6. Click the Preview button. Verify that definition updates for both Forefront Endpoint Protection
and Windows Defender are visible, and then click Close.
7. On the Software Updates page, click Next.
8. On the Evaluation Schedule page, select Run the rule on a schedule, and then click Next.
9. On the Deployment Schedule page, configure the following settings:
o
Schedule evaluation: Client local time
o
Software available time: As soon as possible
o
Installation deadline: As soon as possible
10. On the Deployment Schedule page, click Next.
11. On the User Experience page, verify that the User notifications template setting is set to Hide in
Software Center and all notifications.
12. On the User Experience page, click Next.
13. On the Alerts page, verify that the Generate an alert when this Rule fails check box is selected, and
then click Next.
14. On the Download Settings page, click Next.
15. On the Deployment Package page, click Create a new deployment package, and use the following
settings:
o
Name: Definition Updates
o
Package source: \\LON-CFG\E$\source\DefUpdatesSource
16. On the Deployment Package page, click Next.
17. On the Distribution Points page, click Add, and then click Distribution Point.
18. In the Add Distribution Points dialog box, select the LON-CFG.ADATUM.COM check box, and then
click OK.
19. On the Distribution Points page, click Next.
20. On the Download Location page, click Download software updates from a location on my
network.
21. In the text box, type \\LON-CFG\E$\Software\Updates\DefinitionFiles, and then click Next.
22. On the Language Selection page, ensure that only English is selected, and then click Next.
23. On the Summary page, verify that the settings are correct, and then click Next.
24. On the Completion page, click Close.
L8-88
Implementing Endpoint Protection for managed PCs
25. In the navigation pane, click Automatic Deployment Rules, and then in the results pane, click
Definition Updates.
26. On the ribbon, click Run Now.
27. In the Configuration Manager dialog box, click OK.
28. In the navigation pane, click Software Update Groups. Refresh the results pane.
Note: It will take approximately two minutes before the Software Update Group is created.
29. In the results pane, under Software Update Group, click Definition Updates. Notice that the
Created By column displays AutoUpdateRuleEngine.
30. In the preview pane, click the Deployment tab. Notice that a deployment is created and enabled
automatically.
31. In the results pane, right-click Definition Updates, and then click Show Members. Notice the list of
definition updates that have been added automatically to the Software Update Group.
X Task 4: Configure custom client device settings for Endpoint Protection
1. Click the Administration workspace, and then click Client Settings.
2. Right-click Client Settings, and then click Create Custom Client Device Settings.
3. In the Create Custom Client Device Settings dialog box, in the Name text box, type Endpoint
Protection, and then click Endpoint Protection.
4. Under General, click the Endpoint Protection item.
5. Configure the Endpoint Protection component as follows:
o
Manage Endpoint Protection client on client computers: Yes
o
Install Endpoint Protection client on client computers: Yes
o
Automatically remove previously installed antimalware software before Endpoint Protection is
installed: Yes
o
Suppress any required computer restarts after the Endpoint Protection client is installed: Yes
o
Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows Server Update
Services, or UNC shares) for the initial definition update on client computers: Yes
6. To close the Custom Device Settings dialog box, click OK.
7. Right-click Endpoint Protection, and then click Deploy.
8. In the Select Collection dialog box, click Endpoint Protection Pilot, and then click OK.
Results: After completing this exercise, you should have installed the Endpoint Protection point and
configured a Custom Device Settings object to deploy the Endpoint Protection client to computers in the
pilot collection.
Administering System Center Configuration Manager and Intune
L8-89
Exercise 2: Configuring and deploying Endpoint Protection policies
X Task 1: Create an antimalware policy
1. On LON-CFG, if necessary, on the taskbar, click Configuration Manager Console.
2. In the Configuration Manager console, click the Assets and Compliance workspace. Expand
Endpoint Protection, and then click Antimalware Policies.
3. On the ribbon, click Create Antimalware Policy.
4. In the Create Antimalware Policy dialog box, click General, and then configure the following
settings:
o
Name: All Workstations
o
Scheduled scans: selected
o
Scan settings: selected
o
Real-time protection: selected
o
Advanced: selected
o
Definition updates: selected
5. Click Scheduled scans. On the Scheduled scans tab, configure the following settings, and leave all
other options as the default setting:
o
Run a scheduled scan on client computers: Yes
o
Scan day: Thursday
o
Scan time: 3 AM
o
Check for the latest definition updates before running a scan: Yes
6. Click Scan settings. On the Scan settings tab, configure the following settings, and leave all other
options as the default setting:
o
Scan email and email attachments: Yes
o
Scan removable storage devices such as USB drives: Yes
7. Click Real-time protection. On the Real-time protection tab, configure the following settings, and
leave all other options as the default setting:
o
Enable real-time protection: Yes
o
Scan system files: Scan incoming files only
o
Enable behavior monitoring: No
8. Click Advanced. On the Advanced tab, configure the following setting, and leave all other options as
the default setting:
o
Delete quarantined files after (days): 5
9. Click Definition updates, and then click Set Source.
10. In the Configure Definition Update Sources dialog box, clear the check boxes for both Updates
distributed from Microsoft Malware Protection Center and Updates distributed from WSUS.
11. With Updates distributed from Microsoft Update selected, click the Up button until the selection
is second in the list, and then click OK.
L8-90
Implementing Endpoint Protection for managed PCs
12. On the Definition updates page, configure the following settings, and leave all other options as the
default setting:
o
Force a definition update if the client computer is offline for more than two consecutive
scheduled updates: Yes
o
If Configuration Manager is used as a source for definition updates, clients will only update from
alternative sources if definition is older than (hours): 16
13. Click OK to close the Create Antimalware Policy dialog box.
X Task 2: Deploy an antimalware policy to clients
1. Click the Assets and Compliance workspace, expand Endpoint Protection, and then click
Antimalware Policies.
2. In the results pane, click the All Workstations policy, and then on the ribbon, click Deploy.
3. In the Select Collection dialog box, click Endpoint Protection Pilot, and then click OK.
4. Wait for several minutes for the policy to apply.
X Task 3: Run a machine policy retrieval and evaluation cycle on a client
1. Switch to LON-CL1.
2. Right-click the Start button, and then click Control Panel.
3. Click System and Security, and then click Configuration Manager.
4. In the Configuration Manager Properties dialog box, click the Actions tab.
5. On the Actions tab, click Machine Policy Retrieval & Evaluation Cycle, and then click Run Now.
6. In the Machine Policy Retrieval & Evaluation Cycle message box, click OK.
Note: Wait for two minutes in order for the Machine Policy Retrieval & Evaluation Cycle to
complete.
7. On the Actions tab, click Software Updates Deployment Evaluation Cycle, and then click
Run Now.
8. In the Software Updates Deployment Evaluation Cycle message box, click OK.
9. On the Actions tab, click Software Updates Scan Cycle, and then click Run Now.
10. In the Software Updates Scan Cycle message box, click OK.
Note: Wait for four minutes in order for both the Software Updates Deployment Evaluation
Cycle and the Software Updates Scan Cycle to complete.
11. Click OK to close the Configuration Manager Properties dialog box, and then close Control Panel.
12. On the Start screen, on the taskbar, click the Start button, and then click Settings.
13. In Settings, click Update & security, and then click Windows Defender.
14. In Windows Defender, verify that both Real-time protection and Cloud-based Protection are
unavailable, and that the Some Settings are managed by your organization message displays at
the top.
15. Click the Start button, and then type defen.
Administering System Center Configuration Manager and Intune
L8-91
16. Click Windows Defender, and then click the Update tab. Notice that the version of the virus and
spyware definitions is 1.213.7211.0.
Note: If the version of the virus and spyware definitions is not showing 1.213.7211.0,
repeat steps 5 through 10.
17. Click the down arrow next to Help, and then click About. Notice that All Workstations is listed next
to Policy Name.
18. Switch to LON-CL2, click the Start button, and then click Control Panel. Repeat steps 3 through 10.
19. Click the Start button, type end, and then click System Center Endpoint Protection. Click the
Update tab and notice that the version of the virus and spyware definitions is 1.213.7211.0.
20. Click the down arrow next to Help, and then click About. Notice that All Workstations is listed next
to Policy Name.
21. Close the System Center Endpoint Protection window.
X Task 4: Implement real-time actions to test malware detection
1. Switch to LON-CL1.
2. On the taskbar, click the File Explorer icon.
3. In File Explorer, expand drive C, expand Files, and then double-click sample.txt.
Note: The sample.txt file that opens in Notepad contains a text string that you can use to
test antivirus software.
4. In Notepad, in the sample.txt file, delete both instances of <remove>, including the brackets.
5. Click File, click Save, and then close the file.
6. Verify that Windows Defender detects a potential threat immediately. This is indicated by a Found
some malware notification.
Note: After a few minutes, a message displays stating that the computer is now clean.
7. Switch to LON-CL2
8. On the taskbar, click the Windows Explorer icon.
9. In Windows Explorer, expand drive C, expand Files, and then double-click sample.txt.
Note: The sample.txt file contains a text string that you can use to test antivirus software.
10. In Notepad, in the sample.txt file, delete both instances of <remove>, including the brackets.
11. Click File, click Save, and then close the file.
12. Verify that Endpoint Protection detects a potential threat immediately. This is indicated by a
Defected threats are being cleaned notification.
L8-92
Implementing Endpoint Protection for managed PCs
X Task 5: Create a Windows Firewall policy
1. On LON-CFG, in the Configuration Manager console, click the Assets and Compliance workspace.
Expand Endpoint Protection, and then click Windows Firewall Policies.
2. On the ribbon, click Create Windows Firewall Policy.
3. In the Create Windows Firewall Policy Wizard, on the General page, in the Name field, type All
Workstations, and then click Next.
4. On the Profile Settings page, configure the following settings, and then click Next:
o
Enable Windows Firewall – Domain profile: Yes
o
Notify the user when Windows Firewall blocks a new program – Domain profile: Yes
5. On the Summary page, click Next.
6. On the Completion page, click Close.
X Task 6: Deploy a Windows Firewall policy to clients
1. Click the Assets and Compliance workspace, expand Endpoint Protection, and then click Windows
Firewall Policies.
2. In the results pane, select All Workstations, and then on the ribbon, click Deploy.
3. In the Deploy Windows Firewall Policy dialog box, click Browse, click Endpoint Protection pilot,
and then click OK.
4. Verify that the Simple schedule is configured to run every 7 days, and then click OK.
Results: After this exercise, you should have configured and deployed Endpoint Protection policies to
clients.
Exercise 3: Monitoring Endpoint Protection
X Task 1: Configure email settings for alerts
1. On LON-CFG, in the Configuration Manager console, click the Administration workspace, expand
Site Configuration, and then click Sites.
2. In the results pane, select S01-Adatum Site.
3. Click the Home tab, click Settings, click Configure Site Components, and then click Email
Notification.
4. In the Email Notification Component Properties dialog box, configure the following settings, and
then click OK:
o
Enable email notification for alerts: selected
o
FQDN or IP Address of the SMTP server to send email alerts: SMTP1.Adatum.com
o
SMTP Server Connection Account: Use the computer account of the site server
o
Sender address for email alerts: ConfigMgr@Adatum.com
Administering System Center Configuration Manager and Intune
L8-93
X Task 2: Configure alerts and subscriptions
1. Click the Assets and Compliance workspace, and then click Device Collections.
2. In the results pane, click the Endpoint Protection Pilot collection.
3. On the ribbon, click Properties.
4. In the Endpoint Protection Properties dialog box, click the Alerts tab, select the View this
collection in the Endpoint Protection dashboard check box, and then click Add.
5. In the Add New Collection Alerts dialog box, under the Endpoint protection section, select the
following conditions, and then click OK:
o
Malware is detected
o
The same type of malware is detected on a number of computers
o
The same type of malware is repeatedly detected within the specified interval on a
computer
o
Multiple types of malware are detected on the same computer with the specified interval
6. On the Alerts tab, in the Conditions list, click Malware detection, and then configure the following
settings:
o
Alert Name: Malware detection alert for collection: Endpoint Protection pilot
o
Alert Severity: Critical
o
Malware detection threshold: High-All detections
7. In the Conditions list, click Malware outbreak, and then configure the following settings:
o
Alert Name: Malware outbreak alert for collection: Endpoint Protection pilot
o
Alert Severity: Critical
o
Percentage of computers with malware detected: 5
8. In the Conditions list, click Repeated malware detection, and then configure the following settings:
o
Alert Name: Repeated malware detection alert for collection: Endpoint Protection pilot
o
Alert Severity: Critical
o
Number of times malware has been detected: 2
o
Interval for detection (hours): 24
9. In the Conditions list, click Multiple malware detection, and then configure the following settings:
o
Alert Name: Multiple malware detection for collection: Endpoint Protection pilot
o
Alert Severity: Critical
o
Number of types of malware that have been detected: 2
o
Interval for detection (hours): 4
10. In the Endpoint Protection pilot Properties dialog box, click OK.
11. Click the Monitoring workspace, expand Alerts, and then click All Alerts.
12. In the results pane, take note of the four new alerts that have been configured.
13. In the results pane, right-click the Malware detection alert, and then click Create subscription.
L8-94
Implementing Endpoint Protection for managed PCs
14. In the New Subscription dialog box, configure the following settings, and then click OK:
o
Subscription name: Malware Detection Alert
o
Email address: Administrator@Adatum.com
o
Email language: English (United States)
X Task 3: View Endpoint Protection status
1. Click the Monitoring workspace. Expand Endpoint Protection Status, and then click System Center
Endpoint Protection Status.
2. On the ribbon, click the Home tab, and then click Run Summarization.
3. In the results pane, click the Collection drop-down list box, and then click the Endpoint Protection
pilot collection.
4. Review the Endpoint Protection Status details. Verify that one client was at risk from active malware
and that it was remediated within the last 24 hours. You might need to refresh the console to view
the information.
X Task 4: View Endpoint Protection reports
1. Click the Monitoring workspace, expand Reporting, and then expand Reports.
2. In the navigation pane, click Endpoint Protection. Verify that a number of reports now display.
3. In the results pane, click the Antimalware activity report.
4. On the ribbon, click Run.
5. In the Antimalware activity report dialog box, next to Collection Name, click the Values link.
6. In the Parameter Value dialog box, click Endpoint Protection Pilot, and then click OK.
7. Click View Report.
8. Take note of the structure of the report. Verify that there was one computer that reported an
incident, and that the malware was removed.
Results: After this exercise, you should have performed the tasks to monitor Endpoint Protection.
X Task: To prepare for the next module
When you finish the lab, revert the virtual machines back to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-B, 20696C-LON-SVR1-B, 20696C-LON-CL1-B, and
20696C-LON-CL2-B.
L9-95
Module 9: Managing compliance and secure data access
Lab: Managing compliance settings
Exercise 1: Managing configuration items and baselines
X Task 1: Create a registry-based configuration item
1. On LON-CFG, on the taskbar, click Configuration Manager Console.
2. In the Configuration Manager console, in the Assets and Compliance workspace, expand the
Compliance Settings folder, and then click the Configuration Items node.
3. On the ribbon, click Create Configuration Item.
4. In the Create Configuration Item Wizard, on the General page, in the Name text box, type Validate
Remote Desktop is Enabled.
5. Click Categories.
6. Select the Client check box, and click OK.
7. On the General page, click Next.
8. On the Supported Platforms page, click Next.
9. On the Settings page, click New.
10. In the Create Setting dialog box, on the General tab, click Browse.
11. In the Browse Registry dialog box, in the Computer name text box, type LON-DC1, and then click
Connect.
12. In the Registry tree area, expand the LON-DC1 computer, and then navigate to
HKEY_LOCAL_MACHINE\SYSYTEM\CurrentControlSet\Control\Terminal Server.
13. In the Browse Registry dialog box, in the Registry Value area, click fDenyTSConnections.
14. Select the This registry value must satisfy the following rule if present check box, and click OK.
15. In the Create Setting dialog box, click OK.
16. On the Settings page, click Next.
17. On the Compliance Rules page, under the Name heading, click the fDenyTSConnections Equals 0
condition (expand the name column if necessary), and then click Edit.
18. Select the Remediate noncompliant rules when supported check box.
19. In the Noncompliance severity for reports list, click Critical, and then click OK.
20. On the Compliance Rules page, click Next.
21. On the Summary page, click Next.
22. On the Completion page, click Close.
L9-96
Managing compliance and secure data access
X Task 2: Create a file-based configuration item
1. On the ribbon, click Create Configuration Item.
2. In the Create Configuration Item Wizard, on the General page, in the Name text box, type Validate
Configuration Manager Trace Log Tool is Present.
3. Click Categories, and in the Manage Administrative Categories dialog box, click Create.
4. In the Create Administrative Category text box, type IT Tools, and then click OK.
5. In the Manage Administrative Categories dialog box, click OK.
6. On the General page, click Next.
7. On the Supported Platforms page, click Next.
8. On the Settings page, click New.
9. In the Create Setting dialog box, on the General tab, in the Setting type list, click File system.
10. In the Name text box, type cmtrace.exe.
11. In the Path text box, type C:\Tools.
12. In the File or folder name text box, type cmtrace.exe.
13. Click the Compliance Rules tab, and click New.
14. In the Create Rule dialog box, configure the following and then click OK:
o
Name: CMTrace
o
Rule type: Existential
o
File must exist on client devices: selected
o
Noncompliance severity for reports: Warning
15. In the Create Setting dialog box, click OK.
16. In the Create Configuration Item Wizard, on the Settings page, click Next.
17. On the Compliance Rules page, click Next.
18. On the Summary page, click Next.
19. On the Completion page, click Close.
X Task 3: Create a configuration baseline
1. Click the Configuration Baselines node.
2. On the ribbon, click Create Configuration Baseline.
3. In the Create Configuration Baseline dialog box, in the Name text box, type IT Support
Configuration Settings.
4. Click Add, and click Configuration Items.
5. Click Validate Remote Desktop is Enabled, and click Add.
6. Click Validate Configuration Manager Trace Log Tool is Present, and click Add.
7. In the Add Configuration Items dialog box, click OK.
Administering System Center Configuration Manager and Intune
L9-97
8. Click Categories.
9. Select the IT Infrastructure check box, and click OK.
10. In the Create Configuration Baseline dialog box, click OK.
X Task 4: Deploy the configuration baseline
1. Click IT Support Configuration Settings.
2. On the ribbon, click Deploy.
3. In the Deploy Configuration Baselines dialog box, click Browse.
4. In the Select Collection dialog box, click the User Collections list, and then click Device Collections.
5. Click All Windows 10 Workstations, and click OK.
6. In the Deploy Configuration Baselines dialog box, click OK.
7. In the preview pane, click the Deployments tab to verify that the deployment is configured and
assigned to the All Windows 10 Workstations collection.
Results: After this exercise, you should have created and deployed configuration items and a
configuration baseline.
Exercise 2: Viewing compliance settings and reports
X Task 1: Evaluate the baseline on a client
1. Switch to the LON-CL1 computer.
2. Right-click the Start button and then click Control Panel.
3. Click System and Security, and click Configuration Manager.
4. Click the Actions tab.
5. Click Machine Policy Retrieval & Evaluation Cycle, and then click Run Now.
6. In the Machine Policy Retrieval & Evaluation Cycle message box, click OK. Wait for the policy to
process.
7. Click the Configurations tab.
8. If the configuration baseline is not present, click Refresh. If necessary, repeat steps 4 through 7.
9. Click IT Support Configuration Settings, and click Evaluate. Wait for the evaluation to complete.
Question: What are the values that display in the Last Evaluation and Compliance columns for the
IT Support configuration baseline?
Answer: The Last Evaluation and the Compliance columns for the client shows a status of
Non-Compliant.
10. Click View Report, click Yes, and review the evaluation report.
Question: What is the noncompliance severity level, and which configuration item is reporting this
severity level?
Answer: The noncompliance severity level is Critical. The Validate Remote Desktop is Enabled
configuration item is reporting this severity level.
L9-98
Managing compliance and secure data access
11. Close the report.
12. On the Actions tab of the Configuration Manager Properties dialog box, click Machine Policy
Retrieval & Evaluation Cycle, and then click Run Now.
13. In the Machine Policy Retrieval & Evaluation Cycle box, click OK.
X Task 2: View the compliance results in the Monitoring workspace
1. Switch to LON-CFG.
2. In the Configuration Manager console, click the Monitoring workspace, and then click the
Deployments node.
3. Click the IT Support Configuration Settings deployment, and click Run Summarization.
4. In the Configuration Manager message box, click OK. Refresh the results pane as needed. It might
take several minutes for the results to display.
Question: What are the compliance statistics for the IT Support Configuration Settings deployment?
Answer: The compliance statistics show one system noncompliant.
5. Click View Status.
Question: What information does the Non-Compliant tab of the Deployment Status view report?
Answer: The Non-Compliant tab shows that LON-CL1 is not compliant with two configuration items:
o
Validate Configuration Manager Trace Log Tool is Present
o
Validate Remote Desktop is Enabled
X Task 3: View a compliance report on the SSRS website
1. Open Internet Explorer. In the Address bar, type http://LON-CFG/Reports, and then press Enter.
2. Click the ConfigMgr_S01 link, click the Compliance and Settings Management link, and then click
the Compliance history of a configuration baseline link.
3. In the Baseline Name list, click IT Support Configuration Settings.
4. In the Start Date and End Date text boxes, enter today’s date.
5. Click View Report.
6. Review the Compliance history of a configuration baseline report. This report might not contain
any entries.
7. Minimize the Internet Explorer window.
Results: After this exercise, you should have evaluated the baseline on the client computer and viewed
the reports on the client computer through both the Microsoft SQL Server Reporting Services (SSRS)
website and the Monitoring workspace.
Administering System Center Configuration Manager and Intune
L9-99
Exercise 3: Configuring remediation in compliance settings
X Task 1: Reconfigure the deployment for remediation
1. On LON-CFG, in the Configuration Manager console, click the Assets and Compliance workspace,
expand the Compliance Settings folder, and then click the Configuration Baselines node.
2. Click IT Support Configuration Settings, and then on the ribbon, click Properties.
3. Click the Deployments tab.
4. Click All Windows 10 Workstations, and then click Edit.
5. In the Configuration Baseline Deployment Properties dialog box, select the Remediate
noncompliant rules when supported check box, and then click OK.
6. In the IT Support Configuration Settings Properties dialog box, click OK.
X Task 2: Reevaluate a baseline on a client
1. Switch to the LON-CL1 computer.
2. In the Configuration Manager Properties dialog box, click the Actions tab.
3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Run Now.
4. In the Machine Policy Retrieval & Evaluation Cycle message box, click OK.
5. Wait two minutes for the policy to be processed.
6. Click the Configurations tab, and then click Refresh.
7. Click Evaluate, and then click View Report.
8. In the report, verify that Validate Remote Desktop is Enabled is in a Compliant state.
9. Close Internet Explorer.
X Task 3: Verify remediation
1. Right-click Start, click System, and then click Advanced systems settings.
2. Click the Remote tab.
3. Note that Remote Desktop is configured to Allow connections only from computers running
Remote Desktop with Network Level Authentication (recommended).
Results: After this exercise, you should have enabled remediation on a baseline and verified that
remediation has occurred.
Exercise 4: Using compliance information to create collections
X Task 1: Configure a collection for noncompliant systems
1. Switch to LON-CFG.
2. In the Configuration Manager console, click the Assets and Compliance workspace, expand
Compliance Settings, and then click the Configuration Baselines node.
3. Click the IT Support Configuration Settings configuration baseline, and then click the
Deployments tab.
4. Click All Windows 10 Workstations.
L9-100
Managing compliance and secure data access
5. On the ribbon, click Create New Collection, and then click Non-compliant.
6. In the Create Device Collection Wizard, on the General page, in the Name text box, type IT Support
Non-Compliant Systems, and then click Next.
7. On the Membership Rules page, click Next.
8. On the Summary page, click Next.
9. On the Completion page, click Close.
X Task 2: View the collection membership
•
Click the Device Collections node, click the IT Support Non-Compliant Systems collection, and
then click Refresh.
Question: Why does the Member Count column display 1 for the Member count?
Answer: The client is still non-compliant issue with “Validate Configuration Manager Trace Log Tool is
Present”.
X Task 3: To prepare for the next module
When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-B and 20696C-LON-CL1-B.
Results: After this exercise, you should have created a collection from the compliance settings results.
L10-101
Module 10: Managing operating system deployment
Lab A: Preparing the site for operating
system deployment
Exercise 1: Managing the site system roles used to support operating
system deployment
X Task 1: Enable PXE on the Distribution Point
1. On LON-CFG, on the taskbar, click the Configuration Manager console.
2. Click the Administration workspace, expand the Site Configuration folder, and then click the
Servers and Site System Roles node.
3. In the details pane, select \\LON-CFG.adatum.com, and then in the preview pane, right-click the
Distribution point role, and then click Properties.
4. In the Distribution point Properties dialog box, on the PXE tab, select the Enable PXE support for
clients check box. In the Review Required ports for PXE dialog box, click Yes.
5. Select the Allow this Distribution Point to respond to incoming PXE requests and Enable
unknown computer support check boxes.
6. In the Configuration Manager message box, click OK.
7. In the Password and Confirm password fields, under Require a password when computers use
PXE, type Pa$$w0rd.
8. Next to the User device affinity field, select Allow user device affinity with manual approval.
9. In the Distribution point Properties dialog box, click OK.
10. Click the Monitoring workspace, expand Distribution Status, and then click Distribution Point
Configuration Status.
11. Right-click \\LON-CFG.ADATUM.COM, and then click Refresh. Repeat periodically until the PXE
column displays Yes.
X Task 2: Configure the Network Access account
1. Click the Administration workspace, and then click Sites. In the results pane, right-click
S01 - Adatum Site.
2. Select Configure Site Components, and then click Software Distribution.
3. In the Software Distribution Component Properties dialog box, click the Network Access
Account tab.
4. Click the Specify the account that accesses network locations option.
5. Click New (the sun icon), and then click New Account.
6. In the Windows User Account dialog box, in the User name box, type Adatum\NetworkAccess, in
the Password box, type Pa$$w0rd, and then in the Confirm password box, type Pa$$w0rd.
7. Click Verify, in the Network share field, type \\LON-CFG\SMS_S01, and then click Test connection.
L10-102
Managing operating system deployment
8. In the Configuration Manager dialog box, click OK, and then in the Windows User Account dialog
box, click OK.
9. In the Software Distribution Components Properties dialog box, click OK.
Results: After this exercise, you should have enabled PXE on the Distribution Point and configured the
Network Access Account to support Configuration Manager operating system deployment.
Exercise 2: Managing packages to support operating system deployment
X Task 1: Import Hyper-V drivers
1. In the navigation pane, click Software Library, expand Operating Systems, click and then right-click
Drivers, and then click Import Driver.
2. In the Import New Driver Wizard, on the Locate Driver page, click Browse.
3. In the Select Folder dialog box, in the Folder box, type \\LON-CFG\Software\Drivers\HyperVx64,
and then click Select Folder.
4. On the Locate Driver page, click Next. Wait for the driver validation to complete.
5. On the Driver Details page, clear the Hide drivers that are not digitally signed option.
6. Click Categories, and then in the Manage Administrative Categories dialog box, click Create.
7. In the Create Administrative Category dialog box, type 64-bit Drivers, and then click OK.
8. In the Manage Administrative Categories dialog box, click Create.
9. In the Create Administrative Category dialog box, type Hyper-V Drivers, and then click OK.
10. In the Manage Administrative Categories dialog box, click OK.
11. On the Driver Details page, click Next.
12. On the Add Driver to Packages page, click New Package.
13. In the Create Driver Package dialog box, in the Name box, type Hyper-V Drivers, in the Path box,
type \\LON-CFG\E$\Source\Drivers, and then click OK.
14. On the Add Driver to Packages page, click Next.
15. On the Add Driver to Boot Images page, click Next.
16. On the Summary page, click Next, and on the Completion page, click Close.
X Task 2: Distribute a driver package
1. In the navigation pane, click Software Library, expand Operating Systems, and then click Driver
Packages.
2. Right-click the Hyper-V Drivers package, and then click Distribute Content.
3. In the Distribute Content Wizard, on the General page, click Next.
4. On the Content Destination page, click Add, and then click Distribution Point.
5. In the Add Distribution Points dialog box, select the LON-CFG.ADATUM.COM check box, and then
click OK.
6. On the Content Destination page, click Next.
Administering System Center Configuration Manager and Intune
L10-103
7. On the Summary page, click Next, and then on the Completion page, click Close.
8. Right-click the Hyper-V Drivers package, and then click Refresh. Repeat this step periodically until
the Content Status shows Success: 1. This will be indicated by a full green circle and should take
about 1 minute.
X Task 3: Modify boot images
1. In the navigation pane, click Boot Images, right-click Boot image (x86), and then click Properties.
2. Click the Customization tab, and then select the Enable command support (testing only)
check box.
3. Click the Optional Components tab, and in the Components section, click new (the sun symbol).
4. In the Select optional components window, select Windows PowerShell (WinPE-PowerShell), and
when prompted, click OK. Then click OK to close the Select optional Components dialog box.
5. Click the Data Source tab, and then verify that the Deploy this boot image from the PXE-enabled
Distribution Point check box is selected.
6. In the Boot Image (x86) Properties dialog box, click OK.
7. In the Configuration Manager dialog box, click Yes.
8. In the Update Distribution Points Wizard, on the Summary page, click Next. Wait for completion and
then on the Completion page, click Close.
9. In the navigation pane, click Boot Images, right-click Boot image (x64), and then click Properties.
10. Click the Customization tab, and then select the Enable command support (testing only)
check box.
11. Click the Optional Components tab, and in the Components section, click new (the sun symbol).
12. In the Select optional components window, select Windows PowerShell (WinPE-PowerShell), and
when prompted, click OK. Then click OK to close the Select optional Components dialog box.
13. Click the Data Source tab, and then verify that the Deploy this boot image from the PXE-enabled
Distribution Point check box is selected.
14. Click the Drivers tab, and then click New (the sun icon).
15. In the Select a driver dialog box, clear the Hide drivers that are not digitally signed option, select
Microsoft Hyper-V Network Adapter, and then click OK.
16. In the Boot Image (x64) Properties dialog box, click OK.
17. In the Configuration Manager dialog box, click Yes.
18. In the Update Distribution Points Wizard, on the Summary page, click Next, and then on the
Completion page, click Close.
L10-104
Managing operating system deployment
X Task 4: Distribute boot images
1. Click Boot image (x64), hold down the Ctrl key, click Boot image (x86), right-click Boot image
(x64), and click Distribute Content.
2. In the Distribute Content Wizard, on the General page, click Next.
3. On the Content Destination page, click Add, and then click Distribution Point.
4. In the Add Distribution Points dialog box, select LON-CFG.ADATUM.COM, and then click OK.
5. On the Content Destination page, click Next.
6. On the Summary page, click Next, and then on the Completion page, click Close.
7. Right-click one of the packages, and then click Refresh. Perform this step for the other package.
Repeat this step periodically until both packages show a Content Status of Success: 1. This will be
indicated by a full green circle and might take several minutes.
X Task 5: To prepare for the next lab
Leave all the virtual machines running for use in the next lab.
Results: After this exercise, you should have configured the boot images and created the driver package
that are required for operating system deployment.
Administering System Center Configuration Manager and Intune
L10-105
Lab B: Deploying operating system images
for bare-metal installations
Exercise 1: Preparing the operating system image
X Task 1: Import the reference image
1. On LON-CFG, in the Configuration Manager console, click the Software Library workspace, expand
Operating Systems, and then click Operating System Images.
2. On the ribbon, in the Create group, click Add Operating System Image.
3. In the Add Operating System Image Wizard, on the Data Source page, in the Path box, type
\\LON-CFG\e$\Capture\Win10EntX64Eval.wim, and then click Next.
4. On the General page, in the Name field, type Windows 10 Enterprise X64 Eval, and then
click Next.
5. On the Summary page, click Next, and then on the Completion page, click Close.
X Task 2: Distribute the image to the LON-CFG Distribution Point
1. Right-click the Windows 10 Enterprise X64 Eval image, and select Distribute Content.
2. In the Distribute Content Wizard, on the General page, click Next.
3. On the Content Destination page, click Add, and then select Distribution Point.
4. In the Add Distribution Points dialog box, select the LON-CFG.ADATUM.COM check box, and then
click OK.
5. On the Content Destination page, click Next.
6. On the Summary page, click Next, and then on the Completion page, click Close.
7. Right-click the Windows 10 Enterprise X64 Eval image and then click Refresh. Repeat periodically
until the Content Status shows Success: 1. This will be indicated by a full green circle and should
take around 5 minutes.
X Task 3: Import a computer object
1. In the Hyper-V Manager on your host computer, right-click the 20696C-LON-IMG virtual machine
and select Start.
2. Wait 5 seconds, right-click the 20696C-LON-IMG virtual machine again and select Turn Off. If
prompted by the Turn Off Machine dialog box, click Turn Off.
Note: You need to start the LON-IMG virtual machine in order to assign a MAC address
to it.
3. In the details pane for the 20696C-LON-IMG virtual machine, click the Networking tab, and in the
Adapter column, find the MAC address. You may need to expand the Adapter Column to see the
MAC address fully. Write down the MAC address.
4. On LON-CFG, open the Configuration Manager console.
5. Click the Assets and Compliance workspace, right-click the Devices node, and then select Import
Computer Information.
L10-106
Managing operating system deployment
6. On the Select Source page of the Import Computer Information Wizard, select Import single
computer, and then click Next.
7. On the Single Computer page, enter the following information, and then click Next:
o
Computer Name: LON-IMG
o
MAC address: <The MAC address you wrote down>
8. On the Data Preview page, verify the name and MAC address, and then click Next.
9. On the Choose Target Collection page, select Add computers to the following collection, and
then click Browse.
10. In the Select Collection window, select the Adatum production image collection, and then click OK.
11. On the Choose Target Collection page, click Next.
12. On the Summary page, verify your selections, and then click Next.
13. On the Confirmation page, click Close.
14. Click the Device Collections node, right-click the All Systems collection, and then select Update
Membership. When prompted, click Yes.
15. Right-click the Adatum production image collection, and select Update Membership. When
prompted, click Yes.
16. Click the Adatum production image collection, and then after 10 seconds, press F5.
17. When the Member Count column changes to 1, right-click the Adatum production image
collection, and then select Show Members. You should now see the computer you have added.
Results: After completing this exercise, you should have imported a precreated image into Configuration
Manager and distributed that image to the Distribution point. You should have created a computer object
for the LON-IMG machine and placed it in the Adatum production image collection.
Exercise 2: Creating a task sequence to deploy an image
X Task 1: Create a task sequence to install an existing image
1. On LON-CFG, in the Configuration Manager console, click the Software Library workspace, and then
expand Operating Systems.
2. Right-click Task Sequences, and select Create Task Sequence.
3. In the Create Task Sequence Wizard, on the Create New Task Sequence page, click the Install an
existing image package option, and then click Next.
4. On the Task Sequence Information page, in the Task sequence name box, type Deploy Windows
10 Enterprise X64 Eval, and then click Browse.
5. In the Select a Boot Image dialog box, click Boot image (x64) 10.0.10240.16384 en-US, and then
click OK.
6. On the Task Sequence Information page, click Next.
7. On the Install Windows page, click Browse.
8. In the Select an Operating System Image dialog box, click Windows 10 Enterprise X64 Eval enUS, and then click OK.
Administering System Center Configuration Manager and Intune
L10-107
9. Clear the check mark next to Configure task sequence for use with BitLocker.
10. Select the Enable the account and specify the local administrator password option, in the
Password box, type Pa$$w0rd, in the Confirm password box, type Pa$$w0rd, and then click Next.
11. On the Configure Network page, select the Join a domain option.
12. In the area next to Domain, select Browse, click Adatum.com, and then click OK.
13. In the area next to Domain OU, click Browse, select London Clients, and then click OK.
14. Click Set.
15. In the Windows User Account dialog box, in the User name box, type Adatum\Administrator,
in the Password box, type Pa$$w0rd, in the Confirm password box, type Pa$$w0rd, and then
click OK.
16. On the Configure Network page, click Next.
17. On the Install Configuration Manager page, click Next.
18. On the State Migration page, clear all check marks and then click Next.
19. On the Include Updates page, click Next.
20. On the Install Applications page, click Next.
21. On the Summary page, click Next.
22. On the Completion page, click Close.
X Task 2: Edit a task sequence
1. Right-click the Deploy Windows 10 Enterprise X64 Eval task sequence, and click Edit.
2. Select the Apply Windows Settings step.
3. In the User name field, type A. Datum IT Services, and in the Organization name field, type
A. Datum.
4. In the Deploy Windows 10 Enterprise X64 Eval Task Sequence Editor window, click OK.
Results: After this exercise, you should have created and edited a task sequence to deploy an existing
image.
Exercise 3: Deploying an image
X Task 1: Deploy an image installation task sequence by using PXE
1. Right-click the Deploy Windows 10 Enterprise X64 Eval task sequence, and then click Deploy.
2. In the Deploy Software Wizard, on the General page, in the area next to Collection, click Browse.
When prompted, click OK.
3. In the Select Collection dialog box, select Adatum production image, and then click OK.
4. On the General page, click Next.
5. On the Deployment Settings page, next to Purpose, verify that Available is selected, and under
Make Available to the following, select Only media and PXE, and then click Next.
6. On the Scheduling page, click Next.
L10-108
Managing operating system deployment
7. On the User Experience page, click Next.
8. On the Alerts page, click Next.
9. On the Distribution Points page, click Next.
10. On the Summary page, click Next.
11. On the Completion page, click Close.
X Task 2: Start 20696C-LON-IMG
1. On the host computer, in Hyper-V Manager, click 20696C-LON-IMG, and in the Actions pane, click
Connect.
2. In the Virtual Machine Connection window, select Action, and then click Start.
3. When LON-IMG boots, click inside the Virtual Machine Connection window. Wait until the message
Press F12 for network service boot appears and then press F12. It will take approximately 10
seconds before you see the message.
Note: Wait for the boot image to be staged and for the machine to boot into Windows PE.
4. In the Welcome to the Task Sequence Wizard, in the password field, type Pa$$w0rd, and then click
Next.
5. In the Select a task sequence to run window, verify that the task sequence you created earlier is
displayed and selected, and then click Next.
6. Monitor the deployment. The task sequence will take between 15-25 minutes to complete depending
on the performance of the Hyper-V host.
7. After the deployment is complete, sign in to LON-IMG as Adatum\Administrator with the password
Pa$$w0rd, and then verify that the machine is named LON-IMG.
Note: It will take approximately 30 seconds before the desktop appears because a profile
must be created for the user.
X Task 3: To prepare for the next module
When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-B and 20696C-LON-IMG.
Results: After this exercise, you should have deployed the task sequence and installed the operating
system image on LON-IMG.
L11-109
Module 11: Mobile device management using Configuration
Manager and Microsoft Intune
Lab: Managing mobile devices with an
on-premises infrastructure
Exercise 1: Preparing Configuration Manager prerequisites for On-Premises
Mobile Device Management
X Task 1: Sign up for an Intune trial account
Note: Some Microsoft Online services, such as Intune, are not available in all regions
worldwide. While it is the goal of Microsoft to have Intune—in addition to other online services—
available worldwide, at this time not every service is available in every country or region. Ensure
that you check the country and region list for Office product availability at http://aka.ms/p5vyl7.
If you do not find your own country or region for Microsoft Office 365, Microsoft Azure, and
Intune, select United States as your country or region in this lab, and in any future labs that
involve creating online accounts.
1. On LON-CFG, open Internet Explorer and go to http://aka.ms/ymo1j0, and then click Try now.
Note: If a dialog box opens, asking you to Please help us improve, click No thanks.
2. On the Welcome, Let’s get to know you page, fill in the following values, and then click Next:
a. In the Select drop-down list box, select your country (see note above).
b. In the First name field, enter the first two letters of your first name.
c. In the Last name field, enter the first two letters of your last name.
d. In the Business email address field, enter your email address (this can be any email address you
have that is not already bound to Intune).
e. In the Business phone number field, enter your phone number.
f.
In the Company name field, type Adatum.
g. In the Your organization size drop-down list box, select 25-50 people.
3. On the Create your user ID page, enter the following values, and then click Next:
a. In the Enter a user name field, enter the first two initials of your first name, followed by the first
two initials of your last name.
b. In the Yourcompany text box, type a company domain name in the following format:
AdatumDATE(ddMMYY)YourInitials.onmicrosoft.com (for example,
Adatum200216DJ.onmicrosoft.com).
c. In the Create a password and Confirm password fields, type Pa$$w0rd.
4. On the Prove. You’re. Not. A. Robot. page, enter your text capable phone number, and area code
as applies to your location, and then click Text me.
L11-110
Mobile device management using Configuration Manager and Microsoft Intune
5. When the verification code is texted to your phone, enter the verification code into the Enter your
verification code field, and then click Create my account.
6. After your account is created, make a note of the account name, and then click You’re ready to
go….
7. Under STEP1 Create your users, click Start. You do not have to actually create another user, but you
must click this to get to the Office 365 Admin page.
8. On the Office 365 Admin center page, select Intune.
9. The Microsoft Intune dashboard loads; close all open browser windows. Note that you can type
http://portal.office.com to return to this page.
X Task 2: Create a CRL
1. On LON-DC1, in Server Manager, click Tools, and then select Certification Authority.
2. In the Certification Authority console, expand and right-click AdatumCA, and then click Properties.
3. In AdatumCA properties, click the Extensions tab, and in the Select extension field, ensure CRL
Distribution Point (CDP) is selected, and then click Add.
4. In the Location text box, type http://crl.Adatum.com/crldist/.
5. In the Variable name drop-down list box, ensure <CaName> is selected, click Insert; and then
change the Variable name drop-down list box to <CRLNameSuffix>. Click Insert, change the
Variable name drop-down list box to <DeltaCRLAllowed>, and then click Insert. You should have
three values appended to the location, as follows:
http://crl.Adatum.com/crldist/<CaName><CRLNameSuffix><DeltaCRLAllowed>
6. In the Location text box, type .crl at the end of the Location string so that it appears as follows:
http://crl.Adatum.com/crldist/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl. Click OK.
7. While still in the Extensions tab, with http://crl.Adatum.com/crldist
/<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl still selected in the Specify locations
from which users can obtain a certificate revocation list (CRL) list, select the following three
options:
a. Include in CRLs. Clients use this to find Delta CRL locations
b. Include in the CDP extension of issued certificates
c. Include in the IDP extension of issued CRLs
8. Click Add.
9. In the Location text box, type \\LON-DC1.adatum.com\crldist$\.
10. In the Variable area, ensure <CaName> is selected, and then click Insert. In the Variable area, click
<CRLNameSuffix>, and then click Insert; In the Variable area, click <DeltaCRLAllowed>, and then
click Insert.
11. In the Location text box, type .crl at the end of the Location string, and then click OK.
12. Select Publish CRLs to this location and select Publish Delta CRLs to this Location.
13. On the Exit Module tab, click Properties…, and then select Allow certificates to be published to
the file system.
Administering System Center Configuration Manager and Intune
L11-111
14. Click OK, and when the Active Directory Certificate Services must restarted for these changes to
take effect message appears, click OK.
15. Click OK, and to close AdatumCA Properties, click Yes.
16. Minimize but do not close the Certification Authority console.
X Task 3: Create a CRL share
1. On the taskbar, open File Explorer.
2. Expand the console tree, select and right-click Local Disk (C:), and then select New and then click
Folder. Type CRLdist and press Enter on the keyboard.
3. Right-click CRLdist, and select Properties.
4. In the CRLdist Properties, select the Sharing tab, and then click Advanced Sharing.
5. In the Advanced Sharing dialog box, click the Share this folder check box, and in the Share name
field, add a $ sign to the CRLdist name so it appears as CRLdist$.
6. Click the Permissions for CRLdist$ button, and in the Permissions dialog box, click Add, and then
click Object Types.
7. Select Computers, and click OK.
8. In the Enter the object names to select text box, type LON-DC1, and then click OK.
9. Select Full control, select Allow, and then click OK.
10. To close the Advanced Sharing dialog box, click OK.
11. Select the Security tab. Click Edit, click Add, and then click Object Types.
12. Select Computers, and click OK.
13. In the Enter the object names to select text box, type LON-DC1, and then click OK.
14. Select Full control, select Allow, and then click OK. In the CRLdist Properties window, click Close.
Close File Explorer.
X Task 4: Create a CRL website
1. In Server Manager, click Tools, and then click Internet Information Services (IIS) Manager.
2. In the console tree, open the server nameLON-DC1(ADATUM\Administrator), and then expand
Sites. If a dialog box appears with a prompt of Do you want to get started with Microsoft Web
platform to stay connected with latest Web Platform Components?, click No.
3. Right-click Default Web Site, and click Add virtual directory.
4. In the Alias text box, type the CRLdist.
5. In the Physical path item, click the ellipsis (…).
6. Expand the Local Disk (C:), select CRLdist, and then click OK twice.
7. In the contents pane, double-click Directory Browsing.
8. In the Actions pane, click Enable.
9. In the console tree, click the CRLdist folder (you may need to press F5 on the keyboard to refresh the
console tree)
10. In the contents pane, double-click Configuration Editor.
11. In the Section drop-down list box, open system.webServer\security\requestFiltering.
L11-112
Mobile device management using Configuration Manager and Microsoft Intune
12. In the contents pane, double-click allowDoubleEscaping to change it from False to True.
13. In the Actions pane, click Apply.
14. Close Internet Information Services (IIS) Manager.
X Task 5: Create a DNS alias to the CRL and add an email address to the Amr Zaki
account
1. In Server Manager, click Tools, and then click DNS.
2. In the DNS Manager console, expand LON-DC1, expand Forward Lookup Zones, select and then
right-click Adatum.com, and then select New Alias (CNAME).
3. In the New Resource Record window, in the Alias name (users parent domain if left blank) field,
type CRL, and in the Fully qualified domain name (FQDN) for target host text box, type
LON-DC1.adatum.com, and then click OK. Close the DNS Manager console.
4. In Server Manager, click Tools, and then click Active Directory Users and Computers.
5. Expand Adatum.com and select the IT organizational unit.
6. In the details pane, double-click the Amr Zaki user account.
7. In the Amr Zaki Properties window, in the E-mail text box, type amr@adatum.com, and then
click OK.
8. Close Active Directory Users and Computers.
X Task 6: Publish the CRL
1. Maximize the Certification Authority console.
2. In the console tree on the left, expand AdatumCA, right-click Revoked Certificates, click All Tasks,
and then click Publish.
3. In the Publish CRL dialog box, select New CRL, and then click OK. Leave the Certification Authority
console open.
4. On the taskbar, open File Explorer. Navigate to the C:\CRLdist folder, and verify that the
AdatumCA.crl (the full CRL) and AdatumCA+.crl (the Delta CRL) are there. Close File Explorer.
X Task 7: Create Configuration Manager enrollment certificates
1. Return to the Certification Authority console. Right-click Certificate Templates, and click Manage.
2. Right-click the Authenticated Session template, and select Duplicate Template.
3. On the General tab, in the Template display name text box, type ConfigMgrDevice, select Publish
Certificate in Active Directory.
4. On the Security tab, configure Allow for the Enroll permission for Authenticated Users and on the
Cryptography tab, change the Minumum key size to 1024. Click OK.
5. Right-click the Web Server template, and select Duplicate Template.
6. On the General tab, in the Template display name text box, type ConfigMgrWebServer, select
Publish Certificate in Active Directory.
7. On the Subject Name tab, select Build from this Active Directory information, in Subject name
format drop-down list box select Common name, and then select User principal name (UPN).
8. On the Security tab, click Add.
9. In the Select, Users, Computer Service accounts or Groups dialog box, click Object types, click
Computers, and then click OK.
Administering System Center Configuration Manager and Intune
L11-113
10. In the Enter the object names to select text box, type LON-CFG, and then click Check names.
When LON-CFG appears underlined, click OK.
11. On the Security tab, select LON-CFG (ADATUM\LON-CFG$), and in the Allow column, select
Enroll. In ConfigMgrWebServer Properties, click OK.
12. In the Certificate Template console, right-click the Workstation Authentication template, and then
select Duplicate Template.
13. On the General tab, in the Template display name text box, type ConfigMgrClientDP, and then
select Publish Certificate in Active Directory.
14. Click the Request Handling tab, and select Allow private key to be exported.
15. On the Security tab, click Add.
16. In the Select, Users, Computer Service accounts or Groups dialog box, click Object types, click
Computers, and then click OK.
17. In the Enter the object names to select text box, type LON-CFG, and then click Check names.
When LON-CFG appears underlined, click OK.
18. On the Security tab, select LON-CFG (ADATUM\LON-CFG$), and in the Allow column, select
Enroll. In ConfigMgrClientDP Properties, click OK.
19. Close the Certificate Templates Console.
20. In the Certificate Authority console, right-click the Certificate Templates node, select New, and then
click Certificate Template to Issue.
21. In the Enable Certificate Templates dialog box, select ConfigMgrClientDP, press the Shift key on
the keyboard, and select ConfigMgrWebServer so that ConfigMgrClientDP, ConfigMgrDevice,
and ConfigMgrWebServer are all highlighted, and then click OK.
X Task 8: Request the web server certificate for site system role
1. Return to LON-CFG.
2. Click Start, and on the Start screen, type MMC. In the Search area, right-click MMC, and then select
Run as administrator.
3. In the MMC, click File, and then select Add/Remove Snap-in.
4. In the Add/Remove Snap-ins dialog box, select Certificates, click Add, select Computer account,
click Next, click Finish, and then to exit the Add or Remove Snap-ins window, click OK.
5. Expand Certificates (Local Computer), right-click Personal, click All Tasks, and then click Request
New Certificate.
6. In the Certificate Enrollment window, click Next, if not selected, select Active Directory Enrollment
Policy, and then click Next.
7. Select the web server certificate (ConfigMgrWebServer), and click Enroll.
8. When the certificate is enrolled, click Finish.
9. Repeat steps 5 through 8 for the ConfigMgrClientDP, certificate.
10. In the Certificates console tree, under Certificates (Local Computer), expand Personal, and then
select Certificates.
11. In the details pane, select the certificate that is listed in the Intended Purposes column as Client
Authentication, right-click it, and then select All Tasks, Export.
12. In the Certificate Export Wizard, click Next.
L11-114
Mobile device management using Configuration Manager and Microsoft Intune
13. On the Export Private Key page, select the Yes, export the private key item, and then click Next.
14. On the Export File Format page, click Next.
15. On the Security page, click the Password check box, and in the Password and Confirm password
text boxes, type Pa$$w0rd, and then click Next.
16. On the File to Export page, click the Browse button, and in the Save As window, select Allfiles (E:),
type DPCert.pfx as the file name, and then click Save.
17. Click Next, and click Finish. In the dialog box, click OK.
18. Close the Certificates console without saving it.
19. On the taskbar, click Server Manager.
20. In Server Manager, click Tools, and then select Internet Information Services (IIS) Manager.
21. Expand LON-CFG (Adatum\Administrator), and if an Internet Information Services (IIS)
Manager dialog box appears, select No.
22. Expand Sites, and select Default Web Site. In the Actions pane, click Bindings.
23. In the Site Bindings dialog box, select https, and then click Edit.
24. In the SSL certificate drop-down list box, select LON-CFG.Adatum.com, and then click OK.
X Task 9: Export the root of the web server certificate
1. While still in IIS Manager, in the Site Bindings dialog box, click https, and then click Edit….
2. Ensure the LON-CFG.Adatum.com certificate is selected, and click View….
3. In the Certificate properties , click the Certification Path tab, click AdatumCA at the top of the
certification path, and then click View Certificate.
4. In the properties of the root certificate, click the Details tab, and then click Copy to File….
5. In the Certificate Export Wizard, click Next.
6. Ensure DER encoded binary X.509 (.CER) is selected for format, and click Next.
7. For the file name, click Browse… and in the Save As window, select Allfiles (E:), type RootCert.cer as
the file name, and then click Save.
8. Click Next.
9. Review the settings, and click Finish.
10. Click OK twice, click Cancel in Edit Site Bindings, and then in Site Bindings, click Close.
11. Close all open windows.
X Task 10: Deploy Microsoft Intune to Configuration Manager
1. On LON-CFG, on the taskbar, click the Configuration Manager Console icon.
2. In the Administration workspace, expand the Cloud Services folder, and then click Microsoft
Intune Subscriptions.
3. On the ribbon, click Add Microsoft Intune Subscription.
4. On the Introduction page of the Create Microsoft Intune Subscription Wizard, click Next.
5. On the Subscription page, click Sign In.
Administering System Center Configuration Manager and Intune
L11-115
6. On the Set the Mobile Device Management Authority dialog box, select I understand that after I
complete the sign-in process, the mobile device management authority is permanently set to
Configuration Manager and cannot be changed, and then click OK.
7. In the Subscription dialog box, enter credentials with user name
AdatumDATE(ddMMYY)YourInitials.onmicrosoft.com, where AdatumDATE(ddMMYY)YourInitials
is your Intune organization name, and the password is Pa$$w0rd. Select Keep me signed in, and
click Sign in. If you get a Configuration Manager window that says “The operation cannot be
completed at this time.”, click OK and Sign in again.
8. On the Subscription page of the Create Microsoft Intune Subscription Wizard, click Next.
9. On the General page, click Browse.
10. On the Select Collection dialog box, click All Users, and then click OK.
11. On the General page, enter the following information, and then click Next:
o
Company Name: Adatum
o
Configuration Manager site code: S01
12. On the Company Contact Information page, click Next.
13. On the Company Logo page, click Next.
14. On the Device Enrollment Manager page, select the Add/Remove button, and in the Search bar at
the top, type Amr, and then click Search. In the filter list, select ADATUM\Amr (Amr Zaki), click
Add, and then click OK. Click Next.
15. On the Multi-Factor Authentication page, click Next.
16. On the Summary page, click Next.
17. On the Completion page, click Close.
X Task 11: Configure site system roles
1. In the Configuration Manager console, go to the Administration workspace, and then expand the
Site Configuration node.
2. Under the Site Configuration node, select the Servers and Site System Roles node.
3. In the top details pane, select \\LON-CFG.Adatum.com.
4. In the Site System Roles details pane, select and right-click Distribution point, and then click
Properties.
5. On the Distribution point Properties, on the General tab, ensure HTTPS is selected, and then,
under Requires computers to have a valid PKI client certificate, select Allow intranet and
Internet connections.
6. Select the Allow mobile devices to connect to this distribution point option.
7. Under the Create a self-signed certificate or import a PKI client certificate, select the Import
certificate option, and then click Browse.
8. In the Open window, navigate to Allfiles (E:), and select the DPCert.pfx document, and then click
Open.
9. In the Password text box, type Pa$$w0rd, and then click OK.
10. In the Site System Roles details pane, select and right-click Management point, and then click
Properties.
L11-116
Mobile device management using Configuration Manager and Microsoft Intune
11. In the Management point Properties, on the General tab, ensure HTTPS is selected, and then, under
This option requires computers to have a valid PKI client certificate, select Allow intranet and
Internet connections.
12. Select the Allow mobile devices and Mac computers to use this Management point option, and
click OK.
13. In the top details pane, right-click \\LON-CFG.Adatum.com, and on the context menu, click Add
Site System Roles.
14. In the Add Site System Role Wizard, on the General page, click Next.
15. On the Proxy page, click Next.
16. On the System Role Selection page, select the Enrollment Point and Enrollment Point Proxy
roles, and then click Next.
17. On the Enrollment Point page, click Next.
18. On the Enrollment Proxy Point page, click Next.
19. On the Add Site System Role Wizard, Summary page, click Next.
20. On the Add Site System Role Wizard, Completion page, click Close.
21. In the Configuration Manager console, while still in the Administration workspace, expand Site
Configuration, and then select Sites.
22. In the details pane, right-click S01 – Adatum Site, and then select Properties.
23. Select the Client Computer Communication tab.
24. Select the Use PKI client certificate (client authentication capability) when available check box.
25. Under Trusted Root Certification Authorities, click the Set button.
26. In the Set Root CA Certificates dialog box, select the new button (it looks like a star).
27. In the Open window, navigate to Allfiles (E:), select the RootCert.cer document, click Open, and
then click OK twice.
X Task 12: Configure Platforms and add Enrollment Profiles
1. On LON-CFG, on the taskbar, click the Configuration Manager Console icon.
2. In the Administration workspace, expand the Cloud Services folder, and then click Microsoft
Intune Subscriptions.
3. On the details pane, right-click Microsoft Intune Subscription, select Configure Platforms, and
then select Windows.
4. In the Microsoft Intune Subscription Properties window, select Enable Windows enrollment, and
then click OK.
5. While still in the Administration workspace, click the Client Settings node, and in the details pane,
double-click Default Client Settings.
6. In the Default Settings window, click the Enrollment node, in the User Settings section of the details
pane, under the Allow users to enroll mobile devices and Mac computers drop-down control,
change the No to Yes, and then click the Set Profile button beside it.
7. In the Enrollment Profile window, click Create.
8. In the Create Enrollment Profile window, in the Name text box, type Adatum Enrollment Profile.
Administering System Center Configuration Manager and Intune
L11-117
9. Ensure that the Management site code is set to S01, and then in the Certificate Configuration
area, click Add.
10. In the Add Certification Authority for Mobile Devices window, ensure LON-DC1.adatum.com and
AdatumCA are selected, and then click OK.
11. In the Certificate template for mobile device or Mac computer drop-down list box, select
ConfigMgrDevice, and then click OK twice.
12. In Default Settings, in the User Settings area, under the Allow users to enroll modern devices
drop-down control, change the No to Yes, and then click the Set Profile button beside it.
13. In the Enrollment Profile window, in the Filter list, select the Adatum Enrollment Profile, and click
OK. If the Adatum Enrollment Profile does not show in the list, click Create. In the Create Enrollment
Profile window, in the Name text box, type Adatum Enrollment Profile and ensure that the
Management site code is set to S01. There is no need to set the certificate. Click OK three times.
Results: At the end of this exercise, you will have configured prerequisites for On-premises Mobile Device
Management.
Exercise 2: Enrolling a standalone Windows 10 device as a mobile client
X Task 1: Remove LON-CL1 as a Configuration Manager client and domain member
1. Sign in to LON-CL1 as Adatum\Administrator with the password Pa$$w0rd.
2. Right-click the Start button and select Computer Management.
3. In the Computer Management console, expand Local Users and Groups. Right-click the Users node,
and click New User.
4. In the New User dialog box, enter the following information, click Create, and then close New User:
o
User name: AmrLocal
o
Password: Pa$$w0rd
o
Confirm password: Pa$$w0rd
5. Clear the User must change password at next logon option.
6. In the Computer Management console, select Groups, and then double-click Administrators.
7. In Administrators Properties, click Add.
8. In the Select Users, Computers, Service Accounts or Groups dialog box, select the Locations
button, and in the Locations dialog box, select LON-CL1, and then click OK.
9. In the Select Users, Computers, Service Accounts or Groups dialog box, in the Enter the object
names to select list, type AmrLocal, and then click OK.
10. In Administrators Properties, click OK.
11. Close Computer Management.
12. Right-click the Start button, and select Command Prompt (Admin). If the User Account Control
window opens, click Yes.
13. In the command prompt window, type Cd .. (dot, dot) and press Enter.
14. Type Cd CCMsetup and press Enter.
L11-118
Mobile device management using Configuration Manager and Microsoft Intune
15. Type ccmsetup.exe /uninstall, and press Enter.
Note: The Configuration Manager Agent (CCMSetup) uninstalls silently. It will take
approximately 3 to 5 minutes to uninstall. You can check the ccmsetup.log log file in
C:\Windows\CCMSetup\Logs for the line Uninstall succeeded.
16. On the taskbar, open File Explorer.
17. In File Explorer, right-click This PC, and then select Properties.
18. On the View basic information about your computer page, click the Change settings hyperlink.
19. In the System Properties window, on the Computer name tab, click the Change button.
20. In the Computer Name/Domain Changes dialog box, under Computer name text box, change
LON-CL1 to LON-BYOD, select Workgroup, and in the Workgroup name text box, type BYOD, and
then click OK. Provide the credentials Adatum\Administrator with the password of Pa$$w0rd if
prompted.
21. In the next three pop-up dialog boxes, click OK, in System Properties, click Close, and in the
Microsoft Windows dialog box, click Restart Now..
22. Return to LON-CFG. In the Configuration Manager console, select the Assets and Compliance
workspace.
23. In the console tree, select Devices, in the details pane, right-click LON-CL1, and then select Delete.
24. In the Confirm Deletion window, select LON-CL1, and then click Delete.
X Task 2: Prepare a mobile device that is running Windows 10 and join to the
On-premises Mobile Device Management
1. On the virtual machine previously named LON-CL1, sign in as AmrLocal with a Password of
Pa$$w0rd.
2. In the Networks window, click Yes.
Note: It might take a few minutes to create the AmrLocal profile.
3. Right-click the Start button and select Run. In the Run text box, type MMC, and then press Enter.
4. In the User Account Control window, click Yes.
5. In the empty console, under File, select Add/Remove Snap-in.
6. In the Add or Remove Snap-ins page, in the Available snap-ins list, select Certificates, and then
click Add.
7. In the Certificates snap-in window, select Computer account, click Next, select Local computer, and
then click Finish. Click OK and then close the Add/Remove Snap-ins page.
8. In the console tree, expand Certificates (Local Computer), expand Trusted Root Certification
Authorities, right-click Certificates, select All Tasks, and then click Import.
9. In the Certificate Import Wizard, click Next.
10. On the File to Import page, click Browse.
11. In the Open window, in the address bar, type \\LON-CFG\E$, and press Enter.
Administering System Center Configuration Manager and Intune
L11-119
12. On the Enter network credentials page, type Adatum\administrator and Pa$$w0rd, and then
click OK.
13. In the Open window, select RootCert, click Open, and then click Next.
14. On the Certificate Store page, ensure that in the Place all certificates in the following store page,
the Trusted Root Certification Authorities item list is selected and click Next, and then click
Finish. Click OK and then close the console without saving the changes.
15. Click the Start button, and select Settings.
16. In the Settings app, open the Accounts item, and then select Work access.
17. Click the Plus sign labeled Enroll in to device management.
18. In the Connect to work or school dialog window, in the text box, type Amr@adatum.com, and then
click Continue.
19. The dialog box displays a text line stating, “We could not find your work or school.” and adds a
Server address text box. Type lon-cfg.adatum.com in this text box, and click Continue.
20. In the Connecting to a service dialog box, enter the credentials Amr@adatum.com and Pa$$w0rd
for password, and then click Sign in. Click Yes when prompted.
21. After a moment, the dialog box window displays Well done! You’re connected to work or school.
Click Done.
22. While still in the Settings app under Accounts and the Work access node, under the Enroll in to
device management area, you should see Amr@Adatum.com. Click it.
23. In the dialog box that opens, click Sync, and then click Info.
24. Confirm that Last Successful Sync has a date/time entry.
25. Return to LON-CFG. In the Configuration Manager console, select the Assets and Compliance
workspace.
26. In the console tree, select Devices,
27. LON-BYOD should now be listed in the details pane. If LON-BYOD does not appear, refresh the
screen by clicking the Refresh icon on the ribbon.
28. Close all open windows.
X Task 3: To prepare for the next module
When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-B and 20696C-LON-CL1-B.
Results: At the end of this exercise, you will have enrolled and configured a Windows 10 mobile device to
On-premises Mobile Device Management.
L12-121
Module 12: Managing and maintaining a Configuration
Manager site
Lab A: Configuring role-based
administration
Exercise 1: Configuring a new scope for Toronto administrators
X Task 1: Configure the Toronto scope
1. If the Microsoft System Center Configuration Manager (Configuration Manager) console is not open,
on LON-CFG, on the taskbar, click the Configuration Manager icon.
2. In the Configuration Manager console, click the Administration workspace, expand the Security
folder, and then click the Security Scopes node.
3. Right-click Security Scopes, and then click Create Security Scope.
4. In the Create Security Scope dialog box, under Security scope name, type Toronto
Administration, and then click OK.
5. In the Configuration Manager console, click the Software Library workspace, expand the
Application Management node, and then click the Applications node.
6. Right-click the XML Notepad 2007 app, and then click Set Security Scopes.
7. In the Set Security Scopes for XML Notepad 2007 dialog box, select the Toronto Administration
check box. Ensure that the Default check box also is selected, and then click OK.
8. In the Configuration Manager console, click the Packages node.
9. Right-click Configuration Manager Client Package, and then click Set Security Scopes.
10. Ensure that only the Default security scope is selected, and then click OK.
Results: After completing this exercise, you should have configured a new security scope to use with rolebased administration.
Exercise 2: Configuring a new administrative user
X Task 1: Configure the Toronto administrators’ access control
1. If the Configuration Manager console is not open, on LON-CFG, on the taskbar, click the
Configuration Manager icon.
2. In the Configuration Manager console, click the Administration workspace, expand the Security
folder, and then click the Administrative Users node.
3. Right-click Administrative Users, and then click Add User or Group.
4. In the Add User or Group dialog box, click Browse.
5. In the Select User, Computer, or Group dialog box, type Toronto Administrators, and then
click OK.
6. In the Assigned security roles area, click Add.
L12-122
Managing and maintaining a Configuration Manager site
7. In the Add Security Role dialog box, select the Application Deployment Manager check box, and
then click OK.
8. In the Security scopes and collections area, click Add, and then click Security Scope.
9. In the Add Security Scope dialog box, select the Toronto Administration check box, and then
click OK.
10. In the Security scopes and collections area, click Add, and then click Collection.
11. In the Select Collections dialog box, ensure that User Collections is selected. Select the Toronto
Users check box, and then click OK.
12. In the Security scopes and collections area, click Add, and then click Collection.
13. In the Select Collections dialog box, click the drop-down arrow, click Device Collections, select the
Toronto Windows 10 Workstations check box, and then click OK.
14. In the Security scopes and collections list, press and hold the Ctrl key to select the All Systems
collection, the All Users and User Groups collection, and the Default security scope, and then click
Remove.
15. Verify that only Toronto Administration, Toronto Users, and Toronto Windows 10 Workstations
are listed.
16. To close the Add User or Group dialog box, click OK.
X Task 2: Confirm administrative permissions
1. Close the Configuration Manager console.
2. Press and hold the Shift key, on the taskbar, right-click the Configuration Manager console icon,
and then click Run as different user.
3. In the Windows Security dialog box, in the User name text box, type Tony. In the Password text
box, type Pa$$w0rd, and then click OK.
4. When the Configuration Manager console opens in Tony’s user context, click the Software Library
workspace, and then expand Application Management.
5. In the Configuration Manager console, click the Applications node, and then notice that the XML
Notepad 2007 app displays.
6. In the Configuration Manager console, click the Packages node. Notice that you cannot see the
Configuration Manager Client Package because it is assigned to the default scope only.
7. In the Configuration Manager console, click the Assets and Compliance workspace. Verify that you
only can see Toronto resources in the following nodes:
o
Users
o
Devices
o
User Collections
o
Device Collections
o
Close all open windows.
Administering System Center Configuration Manager and Intune
L12-123
X Task 3: To prepare for the next lab
When you finish the lab, leave the virtual machines running and do not revert them. You will need them
for the next lab in this module.
Results: After completing this exercise, you should have configured role-based administration for the
Toronto administrators.
L12-124
Managing and maintaining a Configuration Manager site
Lab B: Configuring Remote Tools
Exercise 1: Configuring the Remote Tools client settings and permissions
X Task 1: Configure Remote Tools client settings
1. On LON-CFG, on the taskbar, click the Configuration Manager Console.
2. In the Configuration Manager console, click the Administration workspace, and then click the Client
Settings node.
3. In the results pane, right-click Default Client Settings, and then click Properties.
4. In the Default Settings dialog box, click Remote Tools.
5. In the Device Settings section, click Configure.
6. In the Remote Control and Windows Firewall Client Settings dialog box, select the Enable
Remote Control on client computers check box.
7. To configure the Remote Control port requirements, select the Domain check box, and then click OK.
8. Under Device Settings, click Set Viewers.
9. In the Configure Client Setting dialog box, click New (
).
10. In the New Permitted Viewer dialog box, click Browse. In the Enter the object name to select box,
type Desktop Admins, and then click OK.
11. In the New Permitted Viewer dialog box, click OK.
12. In the Configure Client Setting dialog box, click OK.
13. Under Device Settings, verify and configure the following if needed:
o
Users can change policy or notification settings in Software Center: No
o
Prompt user for Remote Control permission: Yes
o
Grant Remote Control permission to local Administrators group: Yes
o
Access level allowed: Full Control
o
Manage unsolicited Remote Assistance settings: No
o
Manage solicited Remote Assistance settings: No
o
Manage Remote Desktop settings: Yes
o
Allow permitted viewers to connect by using Remote Desktop connection: Yes
o
Require network level authentication on computers that run Windows Vista operating system and
later versions: Yes
14. To close the Default Settings dialog box, click OK.
15. Switch to LON-CL1. If necessary, sign in as Adatum\Administrator with the password Pa$$w0rd.
16. Right-click the Start button, and then click Control Panel.
17. In Control Panel, click System and Security.
18. In the System and Security window, click Configuration Manager.
19. In the Configuration Manager Properties dialog box, click the Actions tab.
20. On the Actions tab, click Machine Policy Retrieval & Evaluation Cycle, and then click Run Now.
Administering System Center Configuration Manager and Intune
L12-125
21. In the message box, click OK.
22. Click OK to close the Configuration Manager Properties dialog box.
23. Close Control Panel.
X Task 2: Configure security
1. Switch to LON-CFG.
2. In the Configuration Manager console, click the Administration workspace, and then expand the
Security node.
3. Under the Security node, click Security Scopes.
4. On the ribbon, click Create Security Scope.
5. In the Create and assign a security scope dialog box, in the Security scope name box, type
Desktop Administration, and then click OK.
6. Under the Security node, click Administrative Users.
7. On the ribbon, click Add User or Group.
8. In the Add User or Group dialog box, click Browse.
9. In the Enter the object name to select box, type Desktop Admins, and then click OK.
10. Next to Assigned security roles, click Add.
11. In the Add Security Role dialog box, select the Remote Tools Operator check box, and then
click OK.
12. In the Security scopes and collections section, click Add, and then click Security Scope.
13. In the Add Security Scope dialog box, select the Desktop Administration check box, and then
click OK.
14. In the Security scopes and collections section, click Add, and then click Collection.
15. In the Select Collections dialog box, click the drop-down list box, and then click Device Collections.
Select the All Windows 10 Workstations check box, and then click OK.
16. Under Security scopes and collections, select each of the following objects, and then click Remove:
o
All Systems
o
All Users and User Groups
o
Default
17. To close the Add User or Group dialog box, click OK.
18. Close the Configuration Manager console.
Results: After completing this exercise, you should have configured the Remote Tools Client Settings and
permissions.
L12-126
Managing and maintaining a Configuration Manager site
Exercise 2: Managing desktops by using Remote Control
X Task 1: Connect by using Remote Control
1. Press and hold the Shift key, on the taskbar, right-click the Configuration Manager console icon,
and then click Run as different user.
2. In the Windows Security dialog box, in the User name text box, type ADATUM\Ed. In the
Password text box, type Pa$$w0rd, and then click OK.
3. In the Assets and Compliance workspace, click the Device Collections node.
4. In the results pane, double-click the All Windows 10 Workstations collection.
5. In the results pane, right-click LON-CL1, click Start, and then click Remote Control. The Contacting
Remote Control Agent on client LON-CL1 dialog box opens.
6. Switch to LON-CL1.
7. In the Configuration Manager Remote Control dialog box, click Approve. Notice that the title bar
displays Connected with “ADATUM\ed”.
8. Switch to LON-CFG.
9. Close the LON-CL1 – Configuration Manager Remote Control window, and then close the
Configuration Manager console.
X Task 2: To prepare for the next lab
When you finish the lab, leave the virtual machines running and do not revert them. You will need them
for the next lab in this module.
Results: After completing this exercise, you should have managed desktops by using Remote Control.
Administering System Center Configuration Manager and Intune
L12-127
Lab C: Maintaining a Configuration
Manager site
Exercise 1: Configuring maintenance tasks in Configuration Manager
X Task 1: Verify the default settings for maintenance tasks
1. On LON-CFG, on the taskbar, click the Configuration Manager console icon.
2. In the Microsoft Configuration Manager console, click the Administration workspace.
3. In the navigation pane, expand Site Configuration, click Sites, and then in the results pane, click
S01 – Adatum Site.
4. On the ribbon, in the Settings group, click Site Maintenance.
5. In the Site Maintenance dialog box, review the tasks that are enabled by default.
Note: Notice that most tasks pertain to deleting data from the database. This keeps your
database from growing uncontrolled.
6. Double-click the Delete Aged Discovery Data task.
7. In the Delete Aged Discovery Data Properties dialog box, notice that the task is configured to
delete data that has been inactive for more than 90 days, and the task is configured to run every
Saturday.
8. After reviewing the Delete Aged Discovery Data Properties dialog box, click OK.
Note: You might need to change the aged period for some tasks depending on your
organization’s data retention policies.
X Task 2: Configure the Delete Aged Inventory History task
1. In the Site Maintenance dialog box, double-click the Delete Aged Inventory History task.
2. In the Delete Aged Inventory History Properties dialog box, in the Delete data that has been
inactive for (days) numeric text box, type 365.
3. In the Start after text box, type 1:00 AM.
4. In the Latest start time text box, type 3:00 AM.
5. In the list of days, select the Sunday check box, clear the Saturday check box, and then click OK.
X Task 3: Configure the Delete Aged Software Metering Data tasks
1. In the Configuration Manager console, double-click the Delete Aged Software Metering Data task.
2. In the Delete Aged Software Metering Data Properties dialog box, in the Delete data that has
been inactive for (days) numeric text box, type 7.
3. In the Start after text box, type 1:00 AM.
4. In the Latest start time text box, type 3:00 AM.
5. In the list of days, ensure that all days are selected, and then click OK.
L12-128
Managing and maintaining a Configuration Manager site
6. In the Configuration Manager console, double-click Delete Aged Software Metering Summary
Data.
7. In the Delete Aged Software Metering Summary Data Properties dialog box, in the Delete data
that has been inactive for (days) numeric text box, type 120.
8. In the Start after text box, type 1:00 AM.
9. In the Latest start time text box, type 3:00 AM.
10. In the list of days, clear the Sunday check box, select the Saturday check box, and then click OK
twice.
Results: After completing this exercise, you should have configured maintenance tasks in Configuration
Manager.
Exercise 2: Configuring the Backup Site Server task
X Task 1: Configure the Backup Site Server task
1. On LON-CFG, on the taskbar, click the Configuration Manager console icon.
2. In the Configuration Manager console, click the Administration workspace.
3. In the navigation pane, expand Site Configuration, and then click Sites.
4. In the results pane, click S01 – Adatum Site.
5. On the ribbon, click Settings, and then click Site Maintenance.
6. In the Site Maintenance dialog box, click Backup Site Server, and then click Edit.
7. In the Backup Site Server Properties dialog box, select the Enable this task check box, and then
click Set Paths.
8. In the Set Backup Paths dialog box, verify that the Local drive on site server for site data and
database option is selected, and then click Browse.
Note: In practice, you should use the Network path (UNC name) for site data and
database option to save the backup on a network share, or if the database is on a separate
server, use the Local drives on site server and SQL Server option.
9. In the Select Folder dialog box, browse to drive E, create a new folder named Backup, and then click
Select Folder.
10. In the Set Backup Paths dialog box, verify that E:\Backup displays in the box, and then click OK.
11. In the Backup Site Server Properties dialog box, in the Start after box, set the time to start three
minutes from now, you might need to adjust the Latest start time so that it is at least one hour after
the time that you enter in the Start after box. Click OK to close the Backup Site Server Properties
dialog box.
12. In the Site Maintenance dialog box, in the Enabled column next to the Backup Site Server task,
verify that the word “Yes” displays, and then click OK.
Administering System Center Configuration Manager and Intune
L12-129
X Task 2: Trigger the site backup and verify its completion
1. From the taskbar, click Server Manager.
2. In the Server Manager window, click Tools, and then click Services.
3. In the Services console, in the details pane, click the SMS_SITE_BACKUP service, and then on the
toolbar, click Start Service.
4. Close the Services window.
5. Browse to C:\Program Files\Microsoft Configuration Manager\Logs, and then open the
Smsbkup.log file.
6. Wait until the Smsbkup.log displays “SMS_SITE_BACKUP service stopped.”
7. To verify the backup occurred successfully, find the log entry that begins with “STATMSG: ID=5035.”
8. Browse to the E:\Backup\S01Backup\CD.Latest folder, and then verify that the installation files
backed up to the folder.
9. Browse to the E:\Backup\S01Backup\SiteDBServer folder, and then verify that it contains the
database files.
10. Browse to the E:\Backup\S01Backup\SiteServer folder, double-click the SMSServer folder, and
then note that it contains the data, inboxes, Logs, and srvacct folders.
11. In the Configuration Manager console, click the Monitoring workspace.
12. In the navigation pane, expand System Status, and then click the Component Status node.
13. In the results pane, click the SMS_SITE_BACKUP component.
14. On the ribbon, click Show Messages, and then click All.
15. In the Status Messages: Set Viewing Period dialog box, accept the default of one day ago, and
then click OK.
16. In Configuration Manager Status Message Viewer, search for a message with a message ID of “5035.”
Note: When the site backup completes successfully, message ID 5035 displays. This
indicates that the site backup completed without any errors.
17. Close the Configuration Manager Status Message Viewer and the Configuration Manager console.
Results: After completing this exercise, you should have performed a backup for the Configuration
Manager site.
L12-130
Managing and maintaining a Configuration Manager site
Exercise 3: Recovering a site from a backup
X Task 1: Use the Configuration Manager Setup Wizard to recover a site from a backup
1. On LON-CFG, run E:\Backup\S01Backup\CD.Latest\SMSSETUP\BIN\X64\setup.exe.
2. In the Configuration Manager Setup Wizard, on the Before You Begin page, click Next.
3. On the Getting Started page under Available Setup Options, click Recover a site, and then click
Next.
4. On the Site Server and Database Recovery Options page, click Recover the site database using
the backup set at the following location, and then click Browse.
5. In the Browse For Folder dialog box, click the E:\Backup\S01Backup folder, and then click OK.
6. On the Site Server and Database Recovery Options page, click Next.
7. On the Site Recovery Information page, verify that the Recover primary site option is selected,
and then click Next.
8. On the Product Key page, click Install the evaluation edition of this product, and then click Next.
9. On the Microsoft Software License Terms page, select the I accept these license terms check box,
and then click Next.
10. On the Prerequisite Licenses page, under Microsoft SQL Server Express, select the I accept these
License Terms check box. Under Microsoft SQL Server Native Client, select the I accept these
License Terms check box. Under Microsoft Silverlight 5, select the I accept these License Terms
and automatic updates of Silverlight check box, and then click Next.
11. On the Prerequisite Downloads page, click Use previously downloaded files, and then click
Browse.
12. In the Browse For Folder dialog box, click the E:\ConfigMgrV1511\Redist folder, and then
click OK.
13. On the Prerequisite Downloads page, click Next.
14. In the Configuration Manager Setup Downloader dialog box, wait for the prerequisite validation to
finish.
15. On the Site and Installation Settings page, click Next.
16. On the Database Information page, click Next twice.
17. On the Usage Data page, click Next.
18. On the Customer Experience Improvement Program configuration page, click I don’t want to
join the program at this time, and then click Next.
19. On the Settings Summary page, click Next.
20. In the Prerequisite Check dialog box, click Cancel, and then click Yes.
Note: It takes time to restore the site. Therefore, for expediency in this lab, you cancelled
the restoration process.
Administering System Center Configuration Manager and Intune
L12-131
X Task 2: To prepare for the end of the course
When you finish the lab, revert the virtual machines to their initial state. To do this, complete the
following steps:
1. On the host computer, start Hyper-V Manager.
2. In the Virtual Machines list, right-click 20696C-LON-DC1-B, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
4. Repeat steps 2 and 3 for 20696C-LON-CFG-B and 20696C-LON-CL1-B.
Results: After completing this exercise, you should have recovered the Configuration Manager primary
site.
Download