SCCM 2012 CEP Program – Role-Based Administration & Collections


Tonight I viewed the recording of the CEP Program meeting about Role-Based Administration & Collections. The following information was shared through this session.

The session started with the following Session Takeaways:

After these takeaways the session continued with some slides on Role Based Administration (RBA). RBA let’s you map organizational roles of your admins to security roles. In ConfigMgr 2012 the following building blocks can be used:

  • Security Role = What type of objects can I see and what can I do with them
  • Security Scope = Which instances can I see and interact with
  • Collection limiting = With which resources can I interact
  • Admins can have one or more security roles and scopes

Other improvements on RBA are:

  • Admins only see what they have access too
  • ConfigMgr security management is simplified by defining once for the entire hierarchy. RBA data is global data!

After the slides of Role Based Administration the above information was presented through a demo. It looks very usable and flexible. A great improvement compared to the current security model of SCCM 2007. The second part of the meeting was about collections and the changes on this topic in SCCM 2012. The most important changes are:

  • Two types of collections,  can only contain one of the following resources, not both
    • User Collections
    • Device Collections


  • No more sub collections
    • SCCM 2007:Means to organize collections in a folder-like manner
      • SCCM 2012 Answer = Organizational Folders


    • SCCM 2007:Advertisement reuse and/or staggered deployments
      • SCCM 2012 Answer= Composable Collections


  • Two new member types
    • Include another collection, can be used for staggered deployments
    • Exclude another collection


  • Collection Member Evaluation
    • Faster
    • Every 10 minutes
    • Delta evaluation instead of a Full evaluation
    • Based on R3 implementation


SCCM 2007 SP2: MP Install Error due to WebDAV


Today I run in a very strange issue at a customer site. During the installation of a new Primary Site the Management Point could not be installed due to a incomplete WebDAV configuration.

I was installing the Primary Site on a fresh Windows 2008 Standard Server. I installed all the prerequisites and followed the following technet article to install and configure WebDAV. I started the Configuration Manager installation and when the installation was finished I saw a blue question mark for the installation of the Management Point. I checked the MPSetup.log file in the Logs Directory of the installation and found the following error :Failed to get WebDAV settings on the machine (0x80070002).

I checked the WebDAV configuration for the second time and found out that I was forgotten to Enable WebDAV on my Default IIS Website. So I enabled WebDAV and tried to reinstall the Management Point. The installation still fails with the following log entries in the MPSetup.log:

 checking WebDAV configurations
  WebDAV settings is not setup appropriately
  [Allow property queries with infinite depth] should be true (false)
  [Allow Custom Properties] should be false (true)
  [Allow anonymous property queries] should be true (false)
  Allow [All users read access to All content] authoring rule should exist (exist)

This was very strange because the settings were correct. After some testing I found the solution to this problem. The solution was very simple. I changed the settings back to how they were in the original state. After applying those settings I did the configuration based on the technet article again. After applying again I installed the MP and the installation ended successfully. Very strange but in the end it worked for me.

SCCM 2012 CEP Program – Hierarchy Simplification


A couple months ago on TechEd Europe, the SCCM team presented the new official product name for the upcoming version of SCCM. The name will be System Center Configuration Manager 2012. Last month we had the a CEP session, due to other meetings at the office I couldn’t be there on the live ‘meeting’. So today I saw the recording of this meeting and here are the new things about Hierarchy.

The session started with a introduction from Jeff Wettlaufer. He told us that the Beta 2 release is scheduled for the Spring of 2011. After the short introduction D.C. Trady started his presentation about Hierarchy Simplification. He started with some Infrastructure promises. The following topics about the infrastructure will be improved:

  • Minimizing Infrastructure at remote offices
  • Consolidating Infrastructure a primary sites
  • Scalability and Data latency improvements ( Central site will be used for Administration, System generated data can be configured to flow to CAS directly and file processing occurs once at a Primary Site)
  • Industry Standard SQL Replication will reduce operational costs and simplifies troubleshooting

The picture below shows the improvements/differences about Site-Server Characteristics:

After that he presented the reasons why you need the different site servers:

1. Central Administration Site

  • With more than 1 primary sites you can link them together in 1 hierarchy
  • For offloading the administration and reporting part

2. Primary Site

  • To manage clients
  • Add more Primary sites for the following reasons:
    • Scale (more than 100.000 clients)
    • Reduce impact of Primary site server failure
    • Local point of connectivity for administration
    • Political reasons
    • Content source relating to regulation


3. Secondary Site

  • No Local Administrator
  • If you need to manage upward-flowing WAN traffic
  • If you need tiered content routing for deep network topologies

When you are not concerned about the following topics you can also use a Distribution point instead of a Secondary Site Server:

  • Not concerned with upward-flowing WAN traffic
  • Not concerned about clients pulling data to their primary site location
  • When you need scheduling and throttling for your WAN traffic

Some other improvements about Hierarchy Simplification:

  • Improved Data Replication Model
  • Collections are now globally evaluated at all sites. Clients from any site which meets the requirements will me member of that collection.
  • Improvements on Role Based Administration
    • RBA enables mapping the organizational roles of administration directly to built-in security roles
    • Admins only see what they have access to
    • Management of security is further simplified by enabling administrative security for the entire hierarchy


  • Client Agent settings can be changed based on Collections