Microsoft Workstation/Image
Management
®
Module 0
Outline & Introduction
Session Overview
Day 1
• Built-In Tools
Deployment Options
• File Server Resource Manager (FSRM)
• Home Directory
• Group Policy
• Windows Server Update Services (WSUS)
• Windows Deployment Server (WDS)
• Windows Automated Installation Kit & Assessment
and Deployment Kit (WAIK / WADK)
• Windows Deployment Tool kit
•
Session Overview
Day 2
• System Center Configuration Manager
Overview
• Manage Software Deployments
• Create and Deploy Applications
• Deploy and Manage Software Updates
• Managing Operating System Deployments
• Managing Compliance Settings
•
Microsoft Workstation/Image
Management
®
Module 1
File Server Resource Manager
(FSRM)
Module Overview
• Issues Surrounding Workstation Management
• Overview of FSRM
• Using FSRM to Manage Quotas, File Screens, and
Storage Reports
What Is an In-Place Deployment?
In-place upgrade: upgrade
existing computers to
Windows 7 and maintain
their configurations
Wipe-and-load: replace
the computers’ current
configuration with new ones,
selectively migrating portions
of their previous configurations
Source and
destination computer
Upgrade
Collect user
state
Restore
user state
Intermediate store
Existing computer
What Is a Side-by-Side Deployment?
Deployment scenario where source and destination
computer are two different computers
Destination computer
Source Computer
Intermediate store
Collect
user state
Restore
user state
Determining a Deployment Scenario
When will you use the following deployment scenarios?
1 In-place (upgrade)
2 Wipe-and-load (refresh)
3 Side-by-side (replace)
Determining a Deployment Scenario
When will you use the following deployment scenarios?
1 In-place (upgrade)
2 Wipe-and-load (refresh)
3 Side-by-side (replace)
What Is Lite-Touch Deployment?
What is Lite-Touch Deployment?
What Is Zero-Touch Deployment?
What is Zero-Touch Deployment?
What Is FSRM?
• FSRM Enables the following functionality:
• Storage quota management
• File screening management
• Storage reports management
• Classification management
• File management tasks
What Is File Screening Management?
File screen management provides a method for
controlling the types of files that can be saved on
file servers
• File screen management consists of:
• Creating file screens
• Defining file screen templates
• Creating file screen exceptions
• Creating file groups
What Are Storage Reports?
Storage reports provide information about file
usage on a file server
• Types of storage reports include:
• Duplicate Files
• File Screening Audit
• Files by File Group, Owner, or Property
• Folders by Property
• Large Files
• Quota Usage
• Least and most recently accessed files
Microsoft Workstation/Image
Management
®
Module 2
Deploying and Maintaining Images
Module Overview
• Overview of Windows Deployment Services
• Implementing Deployment with Windows
Deployment Services
• Administering Windows Deployment Services
Tools Used to Support the Planning Phase
Microsoft Assessment and
Planning Toolkit (MAP) 4.0
Microsoft Application Compatibility
Toolkit (ACT) 5.5
Enterprise Learning Framework (ELF)
Microsoft Deployment Toolkit
(MDT) 4.2
Microsoft Desktop Optimization Pack (MDOP)
for Asset Inventory Planning 1.0
System Center Configuration
Manager 2007
P
L
A
N
Tools Used to Support the Building Phase
B
U
I
L
D
MDT Deployment
Workbench
Windows Automated
Installation Kit (WAIK)
User State
Migration Tool (USMT)
Tools Used to Support the Deploying Phase
DEPLOY
MDT Deployment Workbench
Windows Deployment Services
(WDS)
System Center Configuration
Manager
User State
Migration Tool (USMT)
What Is Windows Imaging File Format?
A file-based disk image format that contains compressed files used
to install operating systems
Resource
Resource
(Image 1)
Image 1
File Resource
File Resource
Header
Lookup Table
XML Data
Integrity Table
File Resource
Metadata
File Resource
File Resource
Metadata
File Resource
WIM
(Image 2)
Image 2
Lookup Table
XML Data
Integrity Table
Windows Image (.wim) File
How Windows Uses Modularization
Modularization allows you to:
Add multiple device drivers and updates to the
 image files
 Customize optional Windows features
 Update individual elements in the image files
Deploy multiple language versions of Windows
 using a single image file
The Imaging Process
The Deployment processes
Deploying
Envisioning
Stabilizing
Planning
Developing
Types of Images
Three different type of images:
Thin images
Thick images
• Core application
•
• Language packs
•
• Other files
Few applications
Few language
packs
Hybrid images
Mix thin and thick
image strategies
What Is an Image Strategy?
An image strategy defines the standard configuration of each common
operating system image that is created by an organization.
An image strategy must include the following elements:
 Type of images
 Number of images
 Number of WIM files
 Pre-configured settings in an image
 Additional operating system elements
Image Strategy Flowchart
Are
Multiple Builds
Required?
Yes
SCCM
Available?
No
No
Yes
Is
Storage Cost a
Factor?
No
Thick Image
Yes
Hybrid Image
Is
Network Traffic a
Factor?
Yes
No
Thin Image
Onsite Image Engineering Process
MDT Initial Setup
Create New Deployment Share
Add Operating System (for master image)
Create and stock the
Deployment Share
Add Applications (for master image)
Add Packages (for master image)
Add Drivers (for master image)
Task Sequence
Add Task Sequence to Build and Capture Master Image
Configure Master Image
Settings
Configure Deployment Properties in CS.ini
Build Master Image and
Capture
Build Reference Machine, Sysprep and Capture WIM
Sharing Best Practices for Designing Images
Identify and discuss several best
practices for image-based
deployment.
Sharing Best Practices for Designing Images
The following list outlines several best practices for image-based
deployment:
• Use a single image strategy to reduce the number of images to maintain
and service.
• Use a multilingual strategy to add multiple language packs to your image
to reduce the number of language-specific images that you support.
• Run the sysprep /generalize command when preparing the Windows
image to be captured, even if all computers have the same hardware
configuration.
• Do not deploy the default image (install.wim) file that is included with the
Windows product DVD directly by using ImageX. You can use the default
image only with Windows Setup (setup.exe).
• Use the imagex /flags option when capturing a Windows image to
create the metadata to apply to the image that you are capturing.
• Do not duplicate features for different architecture types in an answer
file, if you are performing cross-platform deployments.
• Create architecture-specific settings for each configuration pass in an
answer file for cross-platform deployments.
What Is Windows Deployment Services?
Windows Deployment Services is a server role that
is provided with Windows Server 2012
• Windows Deployment Services:
• Enables you to perform network-based installations
• Simplifies the deployment process
• Supports deployment to computers with no operating
system
• Provides end-to-end operating system deployment
• Uses existing technologies, such as Windows PE, .wim
and .vhd files, and image-based deployment.
Windows Deployment Services Components
Windows Deployment Services provides several
functions through these components:
Windows Deployment Services PXE Server
• Windows Deployment Services Client
• Additional Server Components
•
•
•
•
•
TFTP server
Shared folder
Image repository
Multicasting Engine
Why Use Windows Deployment Services?
Consider the following scenarios:
1. In a small network consisting of a single server
and around 25 Windows XP computers, you
want to expedite the upgrade process of the
client computers to Windows 8
2. A medium-sized organization wants to deploy
multiple servers in branch offices that are
geographically dispersed. It would be timeconsuming and expensive to send experienced
IT staff to each location to deploy the servers
Understanding Windows Deployment Services
Components
Windows Deployment Services prerequisites
include:
• AD DS
• DHCP
• DNS
• NTFS volume
Use Windows Automated Deployment Tool Kit to
create answer files for automated deployment
Installing and Configuring Windows Deployment
Services
• Install and configure Windows Deployment
Services by:
•
Installing the Windows Deployment Services server role
•
•
Install the Deployment Server or Transport Server role service
Perform post-installation configuration of Windows Deployment
Services by:
• Specifying an image store location
• Configuring the DHCP server options, if required
• Configuring PXE server configuration
Managing Deployments with Windows
Deployment Services
To service client computers with Windows
Deployment Services, you must:
Configure boot settings
• Configure install settings
• Configure transmission settings
• Configure drivers
•
Common Administration Tasks
There are several common administrative tasks and
tools for Windows Deployment Services
Tasks
Configure DHCP
Create and service images
Manage the boot menu
Prestage client computers
Automate deployment
Configure transmission
Tools
Windows Deployment Services
console
WDSUtil.exe
Dism.exe
Sysprep.exe
ImageX.exe
Windows SIM
Automating Deployments
To automate the Windows Setup process:
1. Create the Unattend.xml file
2. Copy the file to the Windows Deployment
Services server
3. View the properties of the appropriate install
image
4. Enable unattended mode and select the answer
file
Demo
• Install the Windows Automated Installation Kit
• Identify resources and tools included with the Windows
Automated Installation Kit
• Build a custom Answer File by using Windows SIM
• Install a reference computer from a DVD using a custom
Answer File
• Generalize a reference computer by using Sysprep
• Add packages to Windows PE
• Create a bootable Windows PE ISO image
• Start the Windows PE Operating System environment
• Capture an image using ImageX
• Apply an image using ImageX
• Service an offline WIM image
Microsoft Workstation/Image
Management
®
Module 3
Implementing Update
Management
Overview of WSUS
• What Is WSUS?
• The WSUS Update Management Process
• Server Requirements for WSUS
What Is WSUS?
Automatic
updates
Microsoft
Update
website
Server running
Windows Server
Update Services
Test clients
LAN
Automatic
updates
Internet
The WSUS Update Management Process
Assess
Deploy
Update
Management
Evaluate
and Plan
Identify
Configuring Automatic Updates
• You must configure the client computers to use
the WSUS server as the source for updates
• You can use Group Policy to configure clients,
including the following settings:
Update frequency
• Update installation schedule
• Automatic restart behavior
• Default computer group in WSUS
•
WSUS Administration
You can use the WSUS Administration console to:
Manage updates
• Configure computer groups
• View computer status
• View synchronization information
• Configure and view WSUS reports
• Configure WSUS settings and options
•
In Windows Server 2012, WSUS also includes
Windows PowerShell cmdlets for administration
What Are Computer Groups?
• You can use computer groups to organize WSUS
clients
• The default computer groups include:
All Computers
Unassigned Computers
• You can create custom computer groups to
control how updates are applied
Approving Updates
• Updates can be approved automatically, but it is
not recommended
• Updates should be tested before they are
approved for production
• Updates can be declined if they are not needed
• Updates can be removed if they cause problems
Microsoft Workstation/Image
Management
®
Module 4
Overview of System Center 2012
Configuration Manager
Overview of the System Center 2012
Family of Products
System Center Product
Usage
System Center 2012
App Controller
• Self-service access for private cloud and public
System Center 2012
Configuration Manager
• Change and configuration management
System Center 2012 Data
Protection Manager (DPM)
• Data protection for application servers
System Center 2012
Endpoint Protection
• Malware protection for client systems
System Center 2012
Operations Manager
• Monitor applications, services, and devices
System Center 2012
Orchestrator
• Automation of IT processes
• Integration with other management solutions
System Center 2012
Service Manager
• Integrated service desk
• Automation of IT processes
System Center 2012
Virtual Machine Manager
• Manage virtualized infrastructures
• Build private clouds
cloud applications
Overview of Configuration Manager 2012
Asset
Management
Deployment
Compliance
Management
Hardware and
Software
Inventory
Application
Management
Compliance
Settings
Role-based
Administration
Asset Intelligence
Software Update
Management
Power
Management
NAP
Client
Health
Endpoint
Protection
Software
Metering
Operating
System
Deployment
Remote
Management
Content
Management
Reporting
Monitoring
Security
Benefits of Implementing System Center 2012
Configuration Manager in an Organization
Key Benefits of Configuration Manager 2012
• Empower user productivity
• Using the application catalog to allow users to
request software when they need it
• Unify management and security infrastructure
• Compliance settings allows you to ensure your
clients are configured in a secure manner
• Simplify IT administration
• Provides a unified infrastructure that gives a
single pane of glass to manage physical, virtual,
and mobile clients
Overview of the Configuration Manager 2012
Hierarchy
Central Administration Site
SQL Database
Primary Site
Primary Site
SQL Database
SQL Database
Primary Site
SQL Database
Secondary
Site
• Each site is identified by a a unique 3-character
code
SQL
Database
• Central administration site can be used for
reporting and management only
• Primary sites can only be parents of secondary
sites
• Secondary sites now have their own database
What Is a Central Administration Site?
A central administration site:
• Is required to use a multi-site hierarchy
• Must be the first site built if you use a multi-site hierarchy
• Is used for administration and reporting
• Requires a SQL database
• Does not process client data
• Does not support client assignment
• Has a limited number of site system roles
What Is a Primary Site?
To use Configuration Manager, you must have at least one primary site
Primary sites:
• Can be in a child relationship to a Central Administration site,
which can only be set during installation
• Cannot be a child to another primary site
• Manage clients in well-connected networks
• Require a SQL database
• Replicate their data to a Central Administration site if part of a
hierarchy
• Supports client assignment
• Consist of one or more systems hosting various site system roles
What Is a Secondary Site?
A secondary site:
• Is optional
• Must be in a child relationship to a primary site, which is set in the
secondary site during installation
• Is used when network bandwidth usage needs to be controlled
• Requires SQL Server Express or a SQL Server database to store
configuration information
• Replicates its collected client data to its parent site using filebased replication
• Does not support client assignment
• Consists of one or more systems hosting various site system roles
Configuration Manager Site System Roles
• Default site system roles are installed when System Center
Configuration Manager setup is run
• Optional site systems roles are added post installation to support
specific features
Default Site System Roles
Optional Site System Roles
• Site server
• Distribution point
• Site system
• Management point
• Component site server
• Reporting services point
• Site database server
• Software update point
• SMS Provider – not
displayed in the console
• State migration point
How Data Flows and Replicates in a Hierarchy
• SQL Replication is automatically configured at installation
• Secondary sites receive a subset of global data
• Secondary sites do not generate SQL data
Global data is configuration
information
Site data is operational
information
Central Administration Site
Primary
Site
Primary
Site
Secondary
Site
Parent-child file-based
replication
Secondary
Site
Secondary-to-secondary filebased replication
The Configuration Manager Console Panes
Workspaces
Navigation Pane
Ribbon
Results
Pane
Preview
Pane
The Assets and Compliance Workspace
• Has nodes for the users and devices
discovered in your hierarchy
• Has nodes for the collections used to
organize the users and devices in
your hierarchy
• Has other nodes that are used to
monitor and manage the software
and configuration settings on the
client devices in the hierarchy
The Software Library Workspace
• Is split into three main nodes
• Application Management is used to
create and manage the software
that will be deployed in your
hierarchy
• Software Updates is used to
manage the updates for operating
systems and software
• Operating Systems is used to
mange the operating systems being
deployed through Configuration
Manager
The Monitoring Workspace
• Centralizes all the features used to
extract information from the
database about the operations in
you hierarchy
• Alerts are administrator configurable
and provide pop-up in the
management console
• Queries can find any information
stored in the database
• Reporting helps provide
management friendly reports about
the stored data
• The status based nodes report
information reported by clients and
system processes about ongoing
operations
The Administration Workspace
• Provides management capability for
the Configuration Manager
components
• Hierarchy configuration contains the
settings for discovering users and
devices in your hierarchy
• Site configuration contains the
settings for the sites and the servers
in the sites
• Security contains the settings for the
security applied to you hierarchy
Using Console Organization Features
• Some nodes allow you
to create folders
• Folders can be nested to
create a hierarchy of
objects
• Objects can only be in
one folder
• Configuration Items, Baselines, Drivers,
and Applications can be categorized
• Categories are not stored in a hierarchy
• Categories are used with the Search
feature
• Objects can be tagged with multiple
categories
Monitoring Site and Component Status
Overview of Status Message Queries
• You can view status messages sent to a site from client
devices by using a status message query
• You can run default queries or create customized queries
Microsoft Workstation/Image
Management
®
Module 5
Deploying and Managing Software
Updates
Module Overview
• Overview of Software Updates
• Preparing the Configuration Manager Site for
Software Updates
• Managing Software Updates
• Configuring Automatic Deployment Rules
• Monitoring and Troubleshooting Software
Updates
Lesson 1: Overview of Software Updates
• Overview of the Software Updates Feature
• Prerequisites for the Software Updates Feature
• The Software Update Point Site System Role
• Synchronizing the Software Update Catalog
Metadata
• Scanning for Compliance
• Compliance States
• The Software Updates Deployment Process
Overview of the Software Updates Feature
The software updates feature scans, analyzes, and then deploys
software updates to client computers
Configuration Manager supports the following:
Seamless and flexible update deployment
Automatic deployment rules
Enhanced monitoring and reporting
Wake-On-LAN and power management support
Internet-based client management
Support for NAP
System Center Updates Publisher
Prerequisites for the Software Updates Feature
Prerequisites include:
 WSUS 3.0 SP2 or newer
 WSUS 3.0 Administration Console (SP2 or newer)
 Windows Update Agent 3.0 installed on clients
 Network Load Balancing (for >100,000 clients)
 Reporting services point
 Security permissions
The Software Update Point Site System Role
The Software update point system role works with WSUS for software
update configuration and management
Deployment scenarios:
Installation within a Configuration Manager hierarchy
Installation as an active role in a secondary site
Configuration as an Internet-based software update point
Deployment as an NLB cluster
Synchronizing the Software Update Catalog
Metadata
Microsoft Update
3
2
Site Database
2
3
Site Server
3
1
WSUS Server
2
1
Admin
Console
Management
Point
Software
Update Point
WSUS Database
Distribution
Point
Scanning for Compliance
4
WMI Repository
Reports
6
5
Site Database
Managed
Computer
2
2
Site Server
1
3
4
WSUS Server
1
Admin
Console
Management
Point
Software
Update Point
WSUS Database
Distribution
Point
5
Compliance States
Compliance states include:
Required
Installed
Not Required
Unknown
The Software Updates Deployment Process
Microsoft Update
Software Updates
Local Source
2
2
2
2
6
7
Site Server
Managed
Computer
7
1
4
5
5
4
6
7
Admin
Console
6
Management
Point
Distribution
Point
3
Site Database
Lesson 2: Preparing the Configuration Manager
Site for Software Updates
• Installing the Software Update Point
• Configuring Software Updates Client Settings
• Software Update Client Actions
• Demonstration: Installing and Configuring the
Software Update Point
Installing the Software Update Point
Install WSUS 3.0 SP2

Choose to locally store updates

Choose between the default or custom website

Configure NLB if required

Install the WSUS administration console on the
site server if using a remote WSUS installation
Install the Software Update Point Site System

Choose to create a new site system or modify an
existing site system

Provide the appropriate port configuration if a custom
WSUS website is used

Review SUPSetup.log for details
Configuring Software Updates Client Settings
The Software Updates section provides configuration options
to enable software updates and configure settings on
client computers
Software Update Client Actions
The Configuration
Manager Properties
dialog box provides
actions to manually run
evaluation and scan
cycles
Managing Software Updates
• Methods for Determining Software Update Status
• What are Software Update Groups?
• Downloading Content and Distributing
Deployment Packages
• Demonstration: Creating Software Update Groups
and Deployment Packages
• Deploying Software Updates to Client Computers
• Demonstration: Deploying Software Updates
Methods for Determining Software Update
Status
To identify when software updates are required:
 Sort, filter, or search the All Software Updates list
 Review Software Updates compliance reports
What Are Software Update Groups?
A software update group organizes multiple software updates into a
single object
Advantages to using a
software update
group:
• Easier to track
compliance status
• Provides a method
to delegate software
update
administration
Downloading Content and Distributing
Deployment Packages
Deployment packages are created by using the Download Software
Updates Wizard
Wizard pages include:
Deployment Package
Distribution Points
Distribution Settings
Download Location
Language Selection
Deploying Software Updates to Client
Computers
To deploy software updates:
1
Provide the name and target collection
2 Specify the type of deployment
(Required or Available)
3
Specify the schedule
4 Configure user notifications and
restart behavior
5
Configure alert settings
6 Specify installation behavior based upon
boundary connection type
What Are Automatic Deployment Rules?
Automatic Deployment Rules automate the process of:

Selecting specific software updates based upon criteria

Creating a software update group containing the updates

Distributing the software updates content

Deploying the software updates to clients
Process for Creating Automatic Deployment
Rules
To create and configure an automatic deployment rule:

Specify general settings such as the name, target
collection, software update group, and enabling
deployment

Specify deployment settings such as Wake-On-LAN and
detail level

Define software update filters and search criteria

Define the schedules for the evaluation and deployment

Define the user experience and console alerts

Specify how to run the program according to the type
of boundary the client is connected to

Specify deployment package settings
Monitoring Software Updates Deployments
Methods used to monitor the software update deployment
process include:
Status messages
Alerts
Monitoring workspace
Software Updates Reports
Report categories related to software updates include:
Software Updates – A Compliance
Software Updates – B Deployment Management
Software Updates – C Deployment States
Software Updates – D Scan
Software Updates – E Troubleshooting
Microsoft Workstation/Image
Management
®
Module 6
Managing Operating System
Deployments
Module Overview
• Overview of Operating System Deployment
• Preparing the Site for Operating System
Deployment
• Capturing an Operating System Image
• Deploying an Operating System
What Is Operating System Deployment?
Operating system deployment refers to the combined technologies used
to install a complete operating system to workstations and servers. You
can include additional hardware drivers and software packages in an
operating system deployment task sequence.
Operating system deployment includes the following:
• Operating system image capture
• Windows® Automated Installation Kit (Windows AIK)
• Task sequences
• Operating system image deployment
• User state migration
Operating System Deployment Terminology
Category
Term
Category Term
• Boot image
Image
• Reference computer
• Operating system
image
• Windows Image File
Computer
Format (.wim)
• Source computer
• Target computer
• Unknown computer
• Task sequence step
Task
• Task sequence group
• Operating system
installer
• Task sequence
• Windows device
driver (or driver)
Driver
• Preboot Execution
Other
Environment (PXE)
Boot
• Drivers node
• Windows PE
• Driver package
• Sysprep
Overview of Operating System Deployment Scenarios
The operating system deployment scenarios include:
• Bare-metal installation
• Operating system refresh
• In-place upgrade
• Side-by-side migration
The various methods that initiate an operating system
deployment include:
• Configuration Manager software distribution
• PXE
• Bootable media
• Stand-alone media
• Prestaged media
Server Roles Used in Operating System
Deployment Processes
Systems
Used
for
aSide-by-side
Bare-Metal
Installation
Systems
Used
for
an
In-place
Upgrade
Systems
Used
forfor
an
System
Refresh
Systems
Used
aOperating
Migration
Import computer
information
Uses
existing Client
Uses
or existing clients
Creates
an association
Enable unknown
with
a new support
computer
computer
Management point
Management point
Management point
Distribution point
Distribution point
State
Migration
point
Distribution
point
State migration
point
Primary Site
Primary
Primary Site
Site
Primary Site
Createimage
imagefor
for
Create
installationand
anddistribute
distribute
installation
installation
and
distribute
todistribution
distributionpoint
point
to
to
distribution
point
for
Createdeployment
deploymentfor
Create
for
clients
clients
clients
Client downloads policy from management
Client
downloads
policy
from
point
and
uploads state
information
to
management
point
state
migration
Client
downloads
policy from
Client performs a PXE boot from
management
point
Client
uploads
state information
to
New
computer
perform
PXE boot from
distribution
point
distribution
point
state migration
point
Client
installs
operating
system from
Client reads instructions from
distribution
point
Client
instructions
Clientreads
installs
operatingfrom
system from
management
point
management
and
installs operating
distribution
pointto
Results
reported
management
point
Client installs
operating point
system from
system
from distribution
Client downloads
state information
distribution
point
Client
state information
from
from downloads
state migration
point
state
migration
point
Results
reported
to management point
Results reported to management point
Results reported to management point
Prerequisites for Operating System Deployment
The prerequisites for operating system deployment are :
Prerequisite
Description
• Install the Windows AIK for Windows 7 to:
Primary site server
• Install WinPE boot Images
• Install the Windows User State Migration
Tool (USMT) 4.0
Distribution point
• Enabling PXE and/or Multicast support install
the Windows Deployment Services (WDS) role
State migration point
• Supports User State Migration
DHCP
• Supports PXE and multicast
Firewalls need to allow PXE traffic
Configuration Manager Settings and
Component Requirements
The Network
Drivers
and Access
account:
Driver
Packages
• Allows site-wide setting
You
can import any
• Is used to access
Windows
drivers
distribution point during
• You
must add
a
operating
system
deployment
operations
driver
to a driver
• Must have
to
package
toread
useaccess
it
shares containing the
• You can enable or
images and the drivers
disable
node drivers
• You can categorize
drivers
• You can add drivers
to boot images
•
Preparing the Boot Images
The boot image
properties include:
• Enable prestart
command


Specify commands to
run before the task
sequence; for example,
set a Task Sequence
variable
Use to add files to boot
image; for example,
CMTrace
Default x64 and x86
boot images based on
Windows PE
• Set custom background
• Enable command
support to view logs
You can import additional
boot images
Operating System Images and Operating
System Installers
There are two methods to store the operating system files
that will be used for operating system deployment
Image file:
• Is typically used to deploy to
target computers
• Is created from a reference
computer
• Stores as a single .wim file, a
compressed file format
• Can contain captured operating
system images that include
installed applications and
patches
Installer package:
• Is typically used to build a
reference computer
• Copies the installation media
• Does not compress the files
• Does not preinstall applications
and patches in the operating
system image
Additional Packages Used by Operating
System Deployment
• The Configuration Manager client software
•
•
Is created by default during the Configuration Manager site
installation; the name of the software is Configuration Manager
Client Package
Is used in the Setup Windows and ConfigMgr task
• USMT package (optional package)
•
•
Is created by using the Create Package wizard
Can be used with a state migration point
• Application packages (optional)
•
•
Can be included in an operating system deployment task sequence
Must run in the local system context without user intervention
Configuring a Reference Computer
Build Method
Advantages
Disadvantages
• Unattended
• Time required to validate
Automated
automated build
configuration • Reusable task sequence
• Changes often require
• Task sequence can be
revalidation of entire build
modified
• Effort involved in building
packages such as the
operating system install
package
• Does not need to create • Depends on the
Manual
a task sequence
administrator for accuracy
configuration
• Can install directly from • Requires a test and
removable media
verification method
• Cannot reuse the
configuration method
• Requires active user
involvement
Regardless of the method used, the reference computer cannot be a
member of a domain
Task Sequence Overview
A series of steps or tasks that are performed automatically
The following terms are used when
describing task sequences:
• Action
• Built-in action
• Custom action
• Condition
• Step
• Group
Creating a Build and Capture Task Sequence
Some steps in the task sequence are not
exposed in the wizard
Deploying a Build and Capture Task Sequence
When deploying a build and capture task sequence:
1. Determine whether you plan to use PXE boot or boot
media; if using PXE boot, determine how PXE will
respond by using the following options:
•
Enable unknown computer support
•
Import computer information
2. Determine the collection to use; options include:
•
All Unknown Computers
•
Administrator created collection
3. Use the Deploy Software Wizard to deploy the task
sequence:
•
Select the Make available to boot media and PXE check box
Capturing a Reference Computer by Using Task
Sequence Media
• Use capture media from within the reference computer to start
the capture process
The Process for Deploying an Operating System
Image
To deploy an operating system image, perform the following
steps:
1. Import the operating system image metadata to
Configuration Manager:
•
Import the information about the captured .wim file
2. Distribute the operating system image content to
distribution points:
•
The content must be on a distribution point to be usable
3. Create the task sequence to install the operating
system:
•
Select a deployment scenario
4. Deploy the task sequence:
•
Select an initiation method that is congruent with the chosen
scenario
Adding an Operating System Image to
Configuration Manager
• Before you can use an
operating system
image, the metadata
must be imported into
Configuration Manager
•
Includes information
about the source location
• After the operating
system metadata is
imported, the operating
system content can be
distributed to a
distribution point
•
Site database stores
operating system
image metadata
Is copied from the source
location to the distribution
point
Operating
system
.wim file
Content stored on a
distribution point
Creating and Deploying a Task Sequence to
Install an Existing Image
• Start the Create
Task Sequence
Wizard, Wizard
and select
Software
and
select
the collection
to
the Install
an
deploy to
existing image
• Configure one or more
package option
distribution points for
task sequence
•the
Complete
the
wizard with
• Configure
the the
deployment
settings
appropriate
information
• Modify the task
sequence as
necessary
• Start the Deploy
Methods for Running the Installation Task Sequence
The methods for running the installation task sequence are:
• Configuration Manager deployment
•
Deploy to collection with existing clients
• PXE boot
•
Start the system and press the F12 key to start the PXE boot process
• Boot media
•
Create the boot media; CD/DVD set or USB flash drive with the files needed to
start a system and connect to Configuration Manager
• Stand-alone media
•
Create the boot media, CD/DVD set, with all the files needed for operating system
installation
• Prestaged media
•
Used by original equipment manufacturers (OEM) to prestage hard drives for new
systems
Maintaining Updates for System Images
• Use the Update Operating System Image wizard
to schedule updates to keep the images in your
.wim file patched and current
Microsoft Workstation/Image
Management
®
Module 7
Managing Software Deployments
Module Overview
• Configuring Software Distribution
• Configuring Packages and Programs
• Distributing Content to Distribution Points
• Deploying Programs to Configuration Manager
Clients
Benefits of Software Distribution
Software distribution helps reduce total cost of ownership for application
deployment by:
Eliminating the need to provide software CDs/DVDs and
installation instructions to users
Allowing you to control how and when software is
distributed to clients
Providing users the ability to install software without
requiring administrative rights
Offering a mechanism for running any executable or
command on the client
Software distribution does not package the executables
or source files to be delivered
Software Distribution Concepts
Package
Packages
contain
containing
the
Definition
files to be
distributed
Files
Deployments
Distribution
Points
Target
Collections
Programs
Deployments
of a
Distributioninstruct
points members
store packages
to accesstoa clients
package and run one
for distribution
Package collection
Source
the
package’s
programs
Access
accounts
areSource
used to
manage
definitionoffiles
Source
Programs
instruct
MediaMedia
permissions
automate
the
Media
the
computer
how
creation
of the
to
process
packages and
package
programs
“setup exe /silent /unattended”
The Software Distribution Process
1 Prepare site for software distribution
2 Create software distribution objects
Distribution
point
Management
point
Client
3 Client runs deployed
programs and returns
status
4 Monitor and troubleshoot
software distribution
Site Configuration Tasks for Software Deployment
Site configuration tasks may include configuring:
Software Distribution Component to specify concurrent distribution
settings
Network Access Account
Client Settings such as:
• Client policy polling interval
• Notification settings
• State message reporting
Distribution point and content management settings
Package Configuration Options
To create a package, use the Create Package and Program Wizard to
specify:



Package: General and data source information
Program Type: Standard program, Program for device, and
Do not create a program
Standard program\Program for device: Name,
Command Line, and Run options
Run another program first, Platform
 Requirements:
Requirements, Estimated disk space, and Maximum allowed
run time
To create a package and programs from a package
definition file, use the Create Package from Definition
Wizard
Program Configuration Options
To create a program:


Specify a unique name for the program

Define the requirements

Define the environment

Define the advanced settings

Specify the Windows Installer product information

Specify the OpsMgr Maintenance Mode settings
Specify the command line
Process for Installing and Configuring a
Distribution Point
To install a distribution point:
1
2
Provide the name and site code
Select the Distribution point system role
3 On the Distribution Point page,
configure communication settings
4 Configure locations for the content library
and package share
5
Configure PXE and Multicast settings
6 Configure a Content Validation schedule, if
required
7 Configure Boundary Group associations
Monitoring Distribution Point Configuration
Status
Methods to monitor distribution point status
include:
Distribution Point Configuration Status
Distribution Manager component
Distmgr.log
Smsdpprov.log
Content Management Tasks for Distribution Points
Content management tasks include:
Distributing content to distribution points
Updating content on distribution points
Redistributing, validating, or removing content
Prestaging content on distribution points
Monitoring Content Status
Methods to monitor content distribution include:
Content status
Package Transfer Manager
PkgXferMgr.log
Software Distribution – Content reports
Configuring Program Deployments
To create and configure a deployment:


Specify the program and target collection

Define deployment settings such as Purpose and Priority

Define the schedule for the deployment

Define the user experience

Specify how to run the program according to the type
of boundary the client is connected to
Verify content destination
How Clients Run Deployments
Method
Description
Required
Program is run after an event (for example, on
logon or logoff, or at a specific date and time)
Available
Users choose when to run the deployed program
Download content from distribution point and run locally: Client uses
BITS to download the package and then runs the program locally.
Run program from distribution point: Client uses SMB to download the
package.
One method to manually run an available program:

From the Start menu, run Software Center
Monitoring Software Deployment Status
Methods to monitor software deployment include:
Deployment status
Software Distribution – Packages and
Program Deployment
Software Distribution – Packages and
Program Deployment Status
Microsoft Workstation/Image
Management
®
Module 8
Creating and Deploying
Applications
Module Overview
• Overview of Application Management
• Creating Applications
• Deploying Applications
• Configuring the Application Catalog
Overview of the Configuration Manager
Application Model
The Configuration Manager application model is user centric
For Example:
When deploying an application to a
user
Application is installed locally on a
computer with affinity relationship
•
When the user logs on to
another computer, the
application, installed as a virtual
application, follows the user
•
When the user logs off, the
virtual application is not
retained
Applications vs. Packages
• Applications:
• Contain extensive
information about the
software
• Can use multiple
deployment types; the
deployment type used is
determined by rules at run
time
• Packages:
• Contain limited
information about the
software
• Can use multiple
programs, and the one to
deploy has to be
specified at the time of
deployment
Prerequisites for the Application Catalog
• The server role requirements for application management include:
Server Role
If Required
Description
Management
point
Required
Clients download policy and content location
information and upload state messages
Distribution
point
Application
Catalog
website point
Application
Catalog web
service point
Reporting
services point
Required
Clients download deployed content from the
distribution point
Optional
Provides users with a list of available software
Optional
Provides information from Software Library to
the Application Catalog website
Optional
Used for reporting on application management
tasks
• The client system requirement for application management
include:
•
App-V 4.6 SP1 or later if deploying App-V deployment types
Deployment Types
The Create Application Wizard presents you with the
following deployment types when creating an application:
•
•
•
•
Windows Installer (Native)
Microsoft Application Virtualization
Windows Mobile Cabinet
Nokia (SIS or SISx files)
The Create Deployment Type Wizard presents you with the
following deployment type in addition to the other
deployment types:
•
Script Installer (Native)
Application Management Features
Requirement rules:
• Require that client devices match requirements
• Are configured on a deployment type and only apply to that
deployment type
Global conditions:
• Are configured in the Global Conditions node or through a
deployment type when creating a custom requirement rule
• Are used as the basis for requirement rules
User device affinity:
• You can associate users with a specific device or multiple
devices
Deployment action and purpose:
• Specify the deployment action as Install or Uninstall
• Specify the purpose as Available or Required
What Is Software Center?
Software Center is the users’ default interface for managing software
deployments that have been deployed to the computer as Available
• Users can install software
that was:
•
Deployed as Required and
has not reached the
deadline
•
Deployed as Available to a
device-based collection of
which the system is a
member
• Users can configure
personal settings such as
•
•
Business hours
Work days
The Application Catalog
The Application Catalog is an optional website that provides users
with advanced features for software management
Client Settings for Application Management
The Computer Agent settings control many aspects of application
management
The User and Device Affinity settings control the:
The Software Deployment settings control how often
• Automatic affinity assignment settings
deployments are re-evaluated
• User defined affinity
Lesson 2: Creating Applications
• Creating an Application by Using Automatically
Detected Settings
• Demonstration: Creating an Application from an
MSI file
• Creating Applications Manually
• Creating Deployment Types Manually
• What Is a Detection Method?
• Overview of User Experience Settings
• Demonstration: Creating an Application and a
Deployment Type Manually
Creating an Application by Using Automatically
Detected Settings
• Use the Create
Application Wizard
to create a new
application; when using
the automatic
configuration, only some
properties are configured
• Modify the application
after creation to set
Application Catalog
properties and other
settings
• Modify the deployment
type to add requirement
rules
Creating Applications Manually
• Application information
is entered manually on
the General page
• Application Catalog and
Deployment types pages
appear in the wizard
only when manually
creating applications
• Deployment types can
also be created manually
or automatically
Creating Deployment Types Manually
You can add a deployment type by using the automatic method
or the manual method
When manually creating a
deployment type:
• On the General Information page,
you must supply a name
• On the Content page, you must
provide the installation command
line
• On the Detection Method page,
you must specify a detection
method for the deployment type
• On the User Experience page,
there are no mandatory fields
What Is a Detection Method?
A procedure that enables the deployment process to determine
whether or not an application is already present on a system
Detection methods:
• Perform evaluation
before an application
installs
• Are evaluated
periodically on the client
to detect uninstalled
applications
• Can examine the
registry, file system, and
Windows Installer
database
Overview of User Experience Settings
User Experience Settings control what the user is allowed to view
and do when the deployment type is used
Logon requirement depends
on the target
Shows or hides the application
Determines if application
must complete without user
interaction
By default, reboots are
controlled by the return
codes
Lesson 3: Deploying Applications
• Deploying an Application to a User or a Device
• The Process for Deploying Applications
• Demonstration: Distributing Content to
Distribution Points
• Options for Deploying Applications
• Demonstration: Deploying an Application
• Monitoring Application Deployment
Deploying an Application to a User or a Device
You can deploy applications to users or devices
• If you deploy an application
to users, the application
shortcuts are only created for
the targeted users regardless
of who logs onto the system
• If you deploy the application
to a system, the application is
installed for all users of the
system
The Process for Deploying Applications
Management
point
Site server
in a primary
site
The process for deploying
an application is as follows:
•
Distribution
point
•
•
•
•
An administrator creates a new
application and distributes the
content to distribution point
An administrator creates a
deployment for the application
The client system checks for policy
updates
The client system contacts the
management point for content
location
The client system downloads the
content from the distribution point
and installs the application
Options for Deploying Applications
When deploying
applications, you can:
Target a user or device
collection
• Specify an action:
•
•
•
Specify a purpose:
•
•
Install or Uninstall
Required or Available
Specify a schedule:
•
•
Available Time in UTC or
local
Installation Deadline can
be UTC or local; default
is As soon as possible
Monitoring Application Deployment
All devices send state messages about deployments that have run locally
regardless of whether they were deployed to the device or the user
In the Monitoring workspace, under the Deployments node,
there is an object for each deployment
Each state category can have subcategories
Lesson 4: Configuring the Application Catalog
• Overview of the Application Catalog
• System Roles Required for the Application Catalog
• Demonstration: Installing the Application Catalog
System Roles
• Making Applications Appear in the Application
Catalog
• Demonstration: Deploying and Requesting
Applications in the Application Catalog
Overview of the Application Catalog
With the Application Catalog, users can:
Install software that was deployed as Available to a userbased collection
• Request software that was deployed as Available to a
user-based collection; but this requires administrator
approval for installation
• Specify systems as their primary devices
• Wipe their mobile devices
•
System Roles Required for the Application Catalog
Site server in
a primary
•
site
Application Catalog consists of
two roles:
•
Application
Catalog web
service points
Application Catalog website point
•
•
Application Catalog web service point
•
Application
Catalog website
points
HTTP or
HTTPS
HTTPS
only
Users connect to this role
Supports the website point
• Install the roles on a Web Server
with a certificate to provide
HTTPS support
• Customize the Application Catalog
website point with:
• Organization name
• Theme color
Intranet Client
Internet Client
Making Applications Appear in the
Application Catalog
• To deploy applications through the Application Catalog, deploy
the application to user-based collections with the purpose set
as Available; users can then request the applications from the
Application Catalog
• To require administrator approval for a user’s request for an
application, select the Require administrator approval if users request
this application check box
Configuring Requirements and Dependencies for
Deployment Types
• What Are Global Conditions?
• Demonstration: Creating a Global Condition
• What Are Requirement Rules?
• Categories for Requirement Rules
• Demonstration: Adding a Device Requirement
• Dependencies for Deployment Types
What Are Global Conditions?
Global conditions:
• Defines conditions to be tested
• Can be used in multiple deployment types and across multiple
applications
• Allow you to customize the settings you use to determine whether
a deployment type is available to a user or device
• Vary between Windows devices, Windows Mobile devices, and
Nokia devices
Some global conditions available for Windows Devices are:
Setting Type
Description
Active Directory query You can use this type to construct a query to find values in AD DS
File system
Registry key
Registry value
You can use this type to specify a file or folder to assess for
compliance on computers
You can use this type to specify a registry key to assess for
compliance on computers
You can use this type to specify a registry value to assess for
compliance on computers
What Are Requirement Rules?
• Meets requirements?
• Requirement rules specify the
conditions that must be met
before an application can be
installed
• Requirement rules are
defined in a deployment type
• When a deployment type is
evaluated, the requirement
rule must be satisfied to be
run or made available
• Requirement rules can be
created for many different
reasons such as:
• Hardware requirements
• Drive space requirements
Categories for Requirement Rules
Requirement Rules:
• Are classified based on the types of settings they are used to
evaluate
• In general, there are two way to evaluate a rule
• Value. A value based rule allows you to specify a value and an
operator to use for comparison
• Existential. A existential based rule checks the existence of the
specified condition
The categories and some example Requirement Rules:
Category
Conditions
Possible Values
Operators
Custom
Administrator created
Varies
Varies
User
Primary Device
Equals
True
One of
False
One or more Active
Directory site(s)
Device
Active Directory site
None of
Dependencies for Deployment Types
• Dependencies are defined on a
deployment type
• Dependencies allow you to ensure that
application requirements can be
enforced or remediated
• Dependencies define the application
deployment types that must be
installed before the deployed
deployment type can be installed
• After the dependencies are fulfilled, the
application will install
• Dependent applications can be
configured to install automatically
Configuring Multiple Deployment Types and
User Device Affinity
• Reasons for Implementing Multiple Deployment
Types
• The Process for Creating Multiple Deployment
Types
• What Is a Simulated Deployment?
• What Is User Device Affinity?
• Methods for Configuring User Device Affinity
• Demonstration: Configuring User Device Affinity
Reasons for Implementing Multiple Deployment
Types
• Using multiple deployment types
lets you customize the installation
based on the target computer
• The deployment type is
determined by requirements and
priority of deployment types
• For example
One deployment type locally installs
the application on a desktop
computer
• A different deployment type installs
the application as a virtual application
on a laptop
•
The Process for Creating Multiple Deployment Types
Automatic Deployment Type
Creation
Manual Deployment Type
Creation
• Information is imported
• You must provide all
from an installation file
required information

Name

Name

Installation program

Installation program

Installation behavior

Detection method

Detection method

Uninstall program
• Optional information:
• Optional information

Installation behavior

Uninstall program

Requirements

Requirements

Dependencies

Dependencies

Additional information

Additional information
What Is a Simulated Deployment?
Simulated deployment allows you to test a deployment without
distributing files
A simulated deployment is treated like a normal deployment
for evaluation purposes
The results of the simulation are found in the Monitoring
workspace under the Deployments node with other deployments
The status shows you the number of systems that would have
attempted to install a deployment type and which one it would have
attempted to use for the installation
The status also shows which systems did not meet the requirements
such as detection rules and dependencies including the requirements
they did not meet
Deploy to device collections for best results when using
device based requirements
What Is User Device Affinity?
• User device affinity allows a user to
be associated with a device
• Users can have an affinity with
multiple devices
• User device affinity can be used as
a requirement in an application so
that applications are automatically
installed on users’ systems if the
system meets any other requirement
rules
• When a user accesses a device
without an affinity relationship:
•
•
Applications could be configured not
to install
Applications could use a different
deployment type such as deploying
a virtualized application
Methods for Configuring User Device Affinity
• Client Settings:
• If Automatically configure user device
• If Allow user to define their primary
devices is set to True, users use
Application Catalog to set the UDA
relationship
affinity from user data is set to False, the
usage data is still recorded and
administrators can approve or deny the
request for relationship
Managing Applications
• What Is Application Revision History?
• Retiring Applications
• Uninstalling Applications
• What Is Application Supersedence?
• Demonstration: Configuring Application
Supersedence
What Is Application Revision History?
• Whenever an application is
modified, the changes are
tracked and stored in the
Configuration Manager
database
• You can view a previous
version using the View
button
• You can restore previous
versions of an application if
you need to
• Restoring a previous version
creates a new revision of
the application
Retiring Applications
• You cannot create new
deployments with retired
applications
• You cannot modify a
retired application
• You can reinstate a
retired application at any
time
Uninstalling Applications
• You can uninstall an application by
creating a deployment with the uninstall
action
• An uninstall will not execute if the client
is the target of a deployment with the
install action
What is Application Supersedence?
• Application supersedence allows
you to specify an upgrade path for
applications
• When you configure application
supersedence, the old application
is no longer available
• You can leave the old application
on the system, upgrade it, or
completely uninstall it
• You can view the relationships with
the View Relationships button in
the ribbon
Microsoft Workstation/Image
Management
®
Module 9
Managing Compliance Settings
Overview of Compliance Settings
• Introduction to Compliance Settings
• What Are Configuration Items?
• What Are Configuration Baselines?
• What Are Configuration Packs?
• The Process for Deploying Compliance Settings
• Scenarios for Using Compliance Settings
Introduction to Compliance Settings
Compliance settings:
• Provide an interface to monitor client
configuration and remediate noncompliant
settings
• Can be used for business requirements such as:
•
•
•
Verifying configuration of devices
Identifying compliance issues
Reporting compliance for regulatory reasons
What Are Configuration Items?
Configuration items define one or more settings that you wish to
assess for compliance
In a configuration item, you can:

Specify the compliance rule

Define the severity levels for noncompliance

Specify remediation, if supported

A child configuration item is a linked copy
of a parent configuration item

An administrator cannot edit copied settings
but can add additional settings
Configuration
Item
What Are Configuration Baselines?
A configuration baseline is a group of configuration items
Configuration baselines:
• Can contain:

Configuration items

Software updates

Other configuration baselines
• Can be configured for remediation
• Are deployed to collections
• Use a default schedule for evaluations; you
can customize the schedule
• You can deploy multiple configuration baselines
to a single collection
Configuration
Baseline
What Are Configuration Packs?
Configuration packs are preconfigured configuration items
or configuration baselines
You can import configuration packs from:
• Microsoft System Center Management Pack Catalog
• Existing Configuration Manager 2007 Packs
• Microsoft or third-party sources that define
best practices
• Online communities on the Internet
• Custom configuration baselines from your organization
• Another Configuration Manager site
The Process for Deploying Compliance Settings
1
Configuration items
imported or created
Configuration
Manager
Database
Configuration
Management Packs
2
7
Configuration baseline
imported or created
Compliance reports
are run
Compliance
data stored
in database
Configuration
Baseline
Configuration Manager
Server
Managed Client
4
Configuration baseline
downloaded with
policy
5
Evaluation run on
schedule
6
3
Compliance state
messages sent from
the client
Configuration
baseline deployed
Scenarios for Using Compliance Settings
The Compliance Settings feature can help you solve different kinds
of issues such as:
• To find misconfigured systems, you can:
1.
2.
3.
Download best practice baseline
Evaluate systems against best practices
Remediate identified issues
• To remediate noncompliance of settings, you
can:
1.
2.
3.
Configure compliance checking
Create configuration items for autoremediation of settings
Configure applications with requirements rules and
dependencies
Configuring Client Settings to Support Compliance
• Default settings allows you to:
•
•
Enable or disable compliance evaluation
Configure the schedule
• Custom setting allows you only to:
•
Enable or disable compliance evaluation
Creating Configuration Items
Specify a name and
description for the
Specify
all or
specific
configuration
item
Create
compliance
rules
Create settings that need
for the configuration
versions
of supported
to be monitored
item
clients
Specify
the type of
configuration item:
• Windows clients
• Mobile devices
Types of Configuration Item Settings
The operators in a compliance rule: Equals, Not equal to,
Greater
than,
Greater
thangroups
or Windows
equal
to, Less
than,
The
mobile
device
setting
include:
There
are
10
setting
types
for
configuration
items:
Less than or equal to, Between, One of or None of.
Configuring Remediation
• Remediation is only available for the following settings:
• Registry values
• Scripts
• WMI Query Language (WQL) Query configuration items
• All mobile phones
• Remediation can be in the form of:
• Create the value if it doesn’t exist
• Set the value if it exists but is not compliant
• Run a remediation script
• Set the value for the phone settings if supported
• For remediation to occur, you need to configure
remediation on both the configuration item and the
deployment
Creating Configuration Baselines
Create a configuration
baseline in one of the
following ways:
• Use the Create
Configuration Baseline
dialog box (most
common method)
• Import configuration
data
• Copy an existing
configuration baseline
Deploying Configuration Baselines
• Select this option to allow
configuration items with
remediation enabled to
apply the appropriate
remediation action
• Select the user or device
collection in which this
baseline will be deployed
• Use the default schedule
as in the Client Agent
settings or create a
custom schedule
Viewing Compliance in the Configuration
Manager Client
You can perform the
following actions on the
Configurations tab:
• Evaluate. This option
causes the selected
baseline to be evaluated on
demand
• View Report. This option
generates a report of the
selected baseline if you
have local administrator
rights
• Refresh. This option causes
the view to be refreshed
Viewing Compliance Results in the Configuration
Manager Console
You can use the
compliance results
reported by the client
for:
• Monitoring. View
and monitor results
in the Deployments
node
• Creating collections.
Create collections
by using the
compliance state of
configuration items
• Viewing reports.
There are several
reports for viewing
compliance results
Bob.Tichelman@steeves.net