Microsoft System Center 2012 Configuration Manager
By ,
1. Why Configuration Management?

At a small enough company, keeping an inventory of computers and devices is easy enough. Deploying software and managing those devices isn’t much tougher. A Monday morning meeting might sound like, “We need to update the software on David, Nancy, Justin and Lisa’s machines, so let’s plan to stay late on Tuesday and get it done after close of business. Oh, and don’t forget that PC in the mail room. Also, someone needs to catch Ralph when he is in the office so we can update his laptop.”

As a business grows, this process gets increasingly difficult. Spreadsheets are started to keep track of PCs that get updated by multiple people, resulting in duplicates, or omissions. Soon, there is more than one spreadsheet and no one really trusts that any one of them is accurate. The same meeting starts to sound very different. “We’ll start by updating the accounting machines this weekend. My spreadsheet says there are 17 computers in the main office and six out at the north office.”

“Didn’t they hire a new guy?”

“Oh, yeah, the tall guy that always wears a tie. So, that’s 18 PCs, plus he has a laptop. And, there are also those three old machines against the back wall. Do they have enough memory to even take the upgrade?”

Of course, this is a walk in the park compared to a big enterprise inventorying and managing devices across thousands of employees and hundreds of locations. At this level, using tracking spreadsheets and having a couple of IT people stay late to install software updates is completely fruitless. Enterprises need a tool that can automatically detect and track hardwareand remotely push software and updates without someone walking around to each computer.

Microsoft System Center Configuration Manager (SCCM) is designed to bring companies the ability to seamlessly install, track, update, and manage hardware and software across the entire enterprise by automating the collection of inventory data and distributing software and upgrades without ever having to have physically touch a machine.

MORE: What is Microsoft Cloud OS?
MORE: System Center 2012 R2: Worth The Upgrade?

2. SCCM And The Enterprise

Originally released as Systems Management Server (SMS), these days SCCM allows the IT department to remotely administer the software, configuration, settings and security of both locally installed and remote, desktop PCs, laptops, tablets and other mobile devices. The latest advanced client software provided detailed inventory, hardware and status monitoring, as well as software distribution. Additionally, advanced SCCM clients allow for complex configurations, including taking into account the speed of a network, or the location of the client before implementing large packages.

For an enterprise, managing devices starts with having a usable inventory. There is no point in trying to update or manage “all” of a company’s devices, if you don’t know about all the devices that exist, or where to find them. SCCM 2012 SP1 collects a complete inventory on more hardware than ever, including not only Windows systems, but Mac OS X clients and popular versions of Linux and UNIX. Inventory consists of more than just a list of hardware specifications. Hardware data collected includes the amount of installed memory, hard disk size, processor and network connection, as well as what peripherals are attached including printers and scanners, which always seem to get lost in the shuffle of enterprise life. Inventory also includes installed software, drivers, and configuration. In a large enterprise, this information can be used by IT for many purposes, including preparing budget requests and licensing compliance.

Once IT has a solid inventory, the possibility for proactively and remotely managing devices throughout the enterprise becomes a reality. One of the most common uses of SCCM in the enterprise is the distribution of software and applications. With the release of SCCM 2012, Microsoft has shifted the focus from a device-centric paradigm to a user-centric paradigm. That is, rather than installing software based upon the device in question, IT can now target software based upon the users who need it. Thus, rather than installing software on “accounting PCs,” IT can target software to the specific accounting department users who actually need it.

With SCCM 2012 SP1, administrators do not have to build a group to distribute software or updates to. Rather, IT may target users in existing ways, including via Active Directory integration. In this manner, administrators can use existing groups, that have already been carefully constructed and culled, which can be a life-saver in a large enterprise environment where creating groups from scratch often requires making potentially dangerous assumptions about who should or should not belong. Even better, users that work on more than one device will have the required packages installed on all those devices. Otherwise, it is all too possible that an administrator-configured group will include only the user’s primary device and miss that second, or even third, device.

With a large IT enterprise, making sure everyone has the applications needed to do their job can be tough, even with a solid inventory and distribution system. Typically, allowing users to install their own software is a recipe for a mass quantity of help desk tickets. However, offering quick, administrator configured installation of software in a large enterprise is difficult, and can result in just as many help desk tickets when users beg for software they need now to do their jobs. Fortunately, with the infrastructure provided by SCCM, there is a solution.

System Center Configuration Manager includes an application catalog feature that is accessible by end users and lets them install software themselves, without any of the usual headaches caused by users making best guesses about how to install. Administrators choose which applications to publish to the web-based catalog. Admins build application packages, just like the ones distributed by IT via SCCM. These packages ensure that the software is installed properly when chosen by the end user. Then, they can set various conditions on either the user, or the hardware, before allowing the installation to proceed. For example, certain software may require a minimum amount of RAM, or even that other software be already installed. In fact, when configured, the application directory won’t even show software the user is not allowed to install, which reduces complaints when someone sees something they want, but does not need. Finally, users easily access the catalog on an IIS server via their web browser, and install the software they need, when they need it, all without a single help desk ticket. SCCM closes the loop by updating the software inventory for the system.

MORE: System Center 2012 Data Protection Manager
MORE: System Center 2012 Operations Manager
MORE: System Center 2012 Configuration Manager

3. SCCM Compliance And Security

Microsoft System Center Manager 2012, also offers administrators a key tool in maintaining security and standards across a large enterprise. Minimum, or baseline configurations defined within SCCM ensure that users do not accidentally, or purposely, alter the configuration or status of their devices in a way that degrades security or stability. For example, administrators can configure SCCM to ensure that antivirus software is installed AND running on all devices connected to the network, or to ensure that certain configurations or defaults are not altered. Smaller environments can set alerts to notify administrators when something is amiss, and they can contact the user or manually correct issues.

In a large enterprise, administrators have more than enough alerts to chase down. Fortunately, SCCM allows for auto remediation. When SCCM detects that antivirus isn’t running, for example, it can restart it automatically. If a user changes the default printer, SCCM can put it back where it belongs without yet another help desk ticket, and without any more alerts.

SCCM also provides the backbone infrastructure for Endpoint Protection as well. This allows not only installation of antivirus and malware detection software, but also the ability to continuously keep the protection up to date, and take action if it should fail or become corrupt.

Cornerstone Of Windows System Center

Microsoft Windows System Center Configuration Manager is the cornerstone of large enterprise IT management. Together with the powerful user management provided by Active Directory, SCCM ensures that users have hardware, software and data that is ready to go so that they can do their jobs without compromising data or security.

The inventory and alerts provided by SCCM allow administrators to focus on making the environment faster, better and more stable rather than chasing down all the possibilities of hardware configurations and user locations, making SCCM an indispensable tool for large enterprise environments.