SCCM 2012 CEP Program – Role-Based Administration & Collections


Tonight I viewed the recording of the CEP Program meeting about Role-Based Administration & Collections. The following information was shared through this session.

The session started with the following Session Takeaways:

After these takeaways the session continued with some slides on Role Based Administration (RBA). RBA let’s you map organizational roles of your admins to security roles. In ConfigMgr 2012 the following building blocks can be used:

  • Security Role = What type of objects can I see and what can I do with them
  • Security Scope = Which instances can I see and interact with
  • Collection limiting = With which resources can I interact
  • Admins can have one or more security roles and scopes

Other improvements on RBA are:

  • Admins only see what they have access too
  • ConfigMgr security management is simplified by defining once for the entire hierarchy. RBA data is global data!

After the slides of Role Based Administration the above information was presented through a demo. It looks very usable and flexible. A great improvement compared to the current security model of SCCM 2007. The second part of the meeting was about collections and the changes on this topic in SCCM 2012. The most important changes are:

  • Two types of collections,  can only contain one of the following resources, not both
    • User Collections
    • Device Collections


  • No more sub collections
    • SCCM 2007:Means to organize collections in a folder-like manner
      • SCCM 2012 Answer = Organizational Folders


    • SCCM 2007:Advertisement reuse and/or staggered deployments
      • SCCM 2012 Answer= Composable Collections


  • Two new member types
    • Include another collection, can be used for staggered deployments
    • Exclude another collection


  • Collection Member Evaluation
    • Faster
    • Every 10 minutes
    • Delta evaluation instead of a Full evaluation
    • Based on R3 implementation


SCCM 2012 CEP Program – Hierarchy Simplification


A couple months ago on TechEd Europe, the SCCM team presented the new official product name for the upcoming version of SCCM. The name will be System Center Configuration Manager 2012. Last month we had the a CEP session, due to other meetings at the office I couldn’t be there on the live ‘meeting’. So today I saw the recording of this meeting and here are the new things about Hierarchy.

The session started with a introduction from Jeff Wettlaufer. He told us that the Beta 2 release is scheduled for the Spring of 2011. After the short introduction D.C. Trady started his presentation about Hierarchy Simplification. He started with some Infrastructure promises. The following topics about the infrastructure will be improved:

  • Minimizing Infrastructure at remote offices
  • Consolidating Infrastructure a primary sites
  • Scalability and Data latency improvements ( Central site will be used for Administration, System generated data can be configured to flow to CAS directly and file processing occurs once at a Primary Site)
  • Industry Standard SQL Replication will reduce operational costs and simplifies troubleshooting

The picture below shows the improvements/differences about Site-Server Characteristics:

After that he presented the reasons why you need the different site servers:

1. Central Administration Site

  • With more than 1 primary sites you can link them together in 1 hierarchy
  • For offloading the administration and reporting part

2. Primary Site

  • To manage clients
  • Add more Primary sites for the following reasons:
    • Scale (more than 100.000 clients)
    • Reduce impact of Primary site server failure
    • Local point of connectivity for administration
    • Political reasons
    • Content source relating to regulation


3. Secondary Site

  • No Local Administrator
  • If you need to manage upward-flowing WAN traffic
  • If you need tiered content routing for deep network topologies

When you are not concerned about the following topics you can also use a Distribution point instead of a Secondary Site Server:

  • Not concerned with upward-flowing WAN traffic
  • Not concerned about clients pulling data to their primary site location
  • When you need scheduling and throttling for your WAN traffic

Some other improvements about Hierarchy Simplification:

  • Improved Data Replication Model
  • Collections are now globally evaluated at all sites. Clients from any site which meets the requirements will me member of that collection.
  • Improvements on Role Based Administration
    • RBA enables mapping the organizational roles of administration directly to built-in security roles
    • Admins only see what they have access to
    • Management of security is further simplified by enabling administrative security for the entire hierarchy


  • Client Agent settings can be changed based on Collections

SCCM vNext CEP Program Application Management Part 2


This week we had the second CEP meeting on the Application Management Topic. In this post I will describe the most important improvements which were presented in this session.

In Part 1 of the application Management topic we have spoke about setting requirement rules as replacement of collection based rules for application deployment. Requirement rules are used to evaluate if a application can be installed. Beside the requirement rules Global Conditions are also introduced in vNext.

Global Definitions are a foundation of requirement rules. Global Definitions can be properties of a User or Device object. In the presentation the following examples are given:

  • Default Global Condition: Memory is greather then 512MB
  • Default Global Condition: Windows Operaing System equals Windows 7
  • Custom Global Condition: Machine is Corporate Device maps to a register key attribute

In ConfigMgr vNext it’s possible to group global definitions in logical group. In these groups you can use expressions. An example of a Group Definitions group can be:

Corporate Primary Device:

  • Memory = 1GB
  • AND Free DiskSpace = 500MB
  • AND Operating System = Windows 7
  • AND Primary Device = TRUE

Grouping Global Definitions is a very powerful way of defining global requirements for applications.
In beta 2 version of ConfigMgr vNext two other great new features are introduced: Application Uninstall and Application Supersedence.  With these new functionality Beta 2 has a complete Application Lifecycle.

The goals for Application Uninstall functionality are:

  • Provide Uninstall feature as part of the Application Model
  • Consistent, reliable and predicable experience across all deployment types
  • Ensure that state-based application deployment includes removal of software in addition to installation.

In one of my next blogs, when Beta2 is public available, I hope to post a video tutorial about application uninstall functionality. The last thing what was introduced during this session was the supersedence functionality. Supersedence is the ability for an admin to create a relationship and declare one application new then another precious application. The overall goal is to halt installations of older application versions and migrate users to the newer version. The following key scenarios where given during this session:

  • Ability to create a new application and make sure we do not get a ‘Race Condition’  between conflicting detection methods
  • Ability to automatically upgrade or replace an application with a new superseding application
  • Ability to offer users only the latest release of an app in the sofwate catalog or software center.

The supersedence functionality is also introduced in Beta 2. So we have to wait for this version. Yesterday we had a presentation on the ExpertsLive event and heared that  Beta 2 of ConfigMgr vNext will be released around MMS 2011

SCCM vNext CEP Program Application Management Part 1


Last week we had the first part of the Application Management meetings from the CEP program. The primary takeaways from these session were:

  • Mainstream software distribution is made better, easier and faster
  • vNext Software Distribution enables: User Centric Client Management is introduced, Ability to deploy software to devices and new advanced application technologies and screnarios

In this meeting the team focused on the Empower Part of User Centric Client Management in vNext.

The following topics are covered in this ‘Empower Part’:

  • Enables IT to provide a flexible environment.
  • Users must have the ability to connect from anywhere on any device the choose
  • Automatically detects network conditions and device configuration to determine the most appropriate services.

Configuration Manager vNext does have the following new features  for Software Distribution:

  • Improvements on the application Model
    • Incorporates all supported software types such as MSI, Scripted Install Software, App-V Applications and mobile applications
    • Better dependency handling
    • It’s now possible to add installation requirement rules for software
    • User device Affinity. This is the ability to say on software installs on certain computers and don’t install on other computers.
    • The monitoring part of deploying software is improved. The in-console monitoring is improved.
    • New End user features as Software Catalog (Webportal where users can search for software and install it) and a Software Center
    • Beter Content Management on distribution points
      • State Based Distribution Groups; the ability to group Distribution points and deploy software through these distribution groups
      • Improved placing of software on the distribution points, such as single instance content store

See below the comparison diagram  of the changing names and functionalities:

In the 2007 version of Configuration Manager the App-V integration is not the most optimal integration. In vNext there are some imporovement which are needed:

  • Integration requires the App-V 4.6 Client
  • Also new improved User Centric features
    • Enable support for application dependencies
    • Improved Update behaviors
    • Selective publishing of components
    • Dynamic Suite Support
    • Integration with Remote Desktop Services
    • Content Impovements
      • Streaming improvements
      • Reduce virtual App Footprint when using Download and execute

So thankfully there are some improvements on the App-V integration. In the next weeks I will test the new integration and will come back on this topic

As said earlier one of the new things is the Software Catalog. The Software catalog is there for end-users to:

  • Browse and search for software
    • Fully localized for site and applications
    • Search via category or name
    • Install Software
      • Direct self-installation from software catalog
      • Automatic installation after approval
      • Request Application
        • Request approval for software
        • View request history


Participation of the Opalis Community Evaluation Program


Today my application for the Opalis Community Evaluation Program(CEP) is accepted by Microsoft. I am verry happy being a part of this program. What can you expect from me as being a part of the Opalis CEP program?
Well I hope that I can blog about several topics which are discussed inside the program. My first blog about Opalis will be about installing your own Opalis Test Environment.

More information about the program can be found here

Do you want to know more about Opalis, check one of these movies:

8 Minute Demo – Opalis Product Overview 
Opalis 8 minute video demo: Why Opalis?
Opalis 8 minute video demo: Opalis Incident Remediation
Opalis 8 Minute Video Demo : Opalis CMDB Federation and Event Remediation