SCCM2012 DesignQuestions

System Center 2012 Configuration
Manager

Design Questionnaire
Prepared for
Client
Client Contact Name
Client Contact Email
Client Contact Phone

Prepared by
RFL Systems Ltd
http://www.rflsystems.co.uk
Raphael Perez

Document Information
Status
Document Status Information
Document Version 0.2
Version Date November 2012
Created By Raphael Perez
Reviewed By
Released by
Release Date

Document Location
This document is a snapshot of an online document that can be found at http://bit.ly/RcjtZk.
Change History
Version Date Author Revision Description
0.1 19/10/2012 RP Initial Version
0.2 19/10/2012 RP Added information about Intended Audience, References and
Contributions, Infrastructure Questions

Approvals
This document was approved by:
Version Date Name Title

Distribution
This document must be distributed to:
Version Name Title

Intended Audience
The intended audience of this document are architects, consultants and technical specialists
required to perform a design workshop. Minimum knowledge of SCCM 2012 and related
software/technologies, including but not limited to Active Directory, SQL Server, Windows Microsoft
Deployment Toolkit, BitLocker, and Windows Client is assumed.
References
This document is part of a series of documents related with SCCM. It is assumed that the reader is
familiar with the content of the following documentation:
File Name Document Location
SCCM2012-Basic Information.docx

Contributions
I have to thanks the following people for helping me to create this document.
Name Contact Info
Niall Brady http://www.windows-noob.com

Contents
Introduction ............................................................................................................................................ 6
Design Process ........................................................................................................................................ 6
Define the Project Scope ........................................................................................................................ 7
Determine Which Features This Project Will Address ........................................................................ 7
Infrastructure .......................................................................................................................................... 9
Questionnaire ..................................................................................................................................... 9
Inventory ............................................................................................................................................... 10
Questionnaire ................................................................................................................................... 11
Hardware Inventory ...................................................................................................................... 11
Software Inventory ....................................................................................................................... 11
Asset Intelligence .......................................................................................................................... 11
Software Distribution ............................................................................................................................ 12
Questionnaire ................................................................................................................................... 12
Software Updates ................................................................................................................................. 12
Questionnaire ................................................................................................................................... 13
Application Virtualization...................................................................................................................... 14
Questionnaire ................................................................................................................................... 14
Software Metering ................................................................................................................................ 14
Questionnaire ................................................................................................................................... 15
Settings Management ........................................................................................................................... 15
Questionnaire ................................................................................................................................... 15
Network Access Protection ................................................................................................................... 16
Questionnaire ................................................................................................................................... 16
Wake On Lan and Power Management ................................................................................................ 16
Questionnaire ................................................................................................................................... 16
Out of Band Management .................................................................................................................... 17
Questionnaire ................................................................................................................................... 17
Remote Tools ........................................................................................................................................ 17
Questionnaire ................................................................................................................................... 17
Operating System Deployment ............................................................................................................. 18
Questionnaire ................................................................................................................................... 18
User State Migration ............................................................................................................................. 19
Questionnaire ................................................................................................................................... 19
Security ................................................................................................................................................. 20
Questionnaire ................................................................................................................................... 20
Remote Consoles .................................................................................................................................. 20
Questionnaire ................................................................................................................................... 20
Discovery ............................................................................................................................................... 21
Questionnaire ................................................................................................................................... 21
Mobile Device Management ................................................................................................................. 23
Questionnaire ................................................................................................................................... 23
Client Installation .................................................................................................................................. 24
Questionnaire ................................................................................................................................... 25
Endpoint Protection .............................................................................................................................. 26
Questionnaire ................................................................................................................................... 26

Date Modified on 01/10/2014 05:53 Version 0.1
Author Raphael Perez Telephone
Document1 Page 6 of 27

Introduction
This guide leads the reader through the process of planning a System Center Configuration Manager
infrastructure.
The guide addresses the following fundamental decisions and tasks:
Identifying which SCCM capabilities will be needed.
Designing the components, layout, security, and connectivity of the SCCM infrastructure.
Designing the components and the dependencies that are required
Business objectives should be prioritized at the start of the project so that they are clearly
understood and agreed on by IT and business managers.
Following this guide should result in a design that is sized, configured, and appropriately placed to
deliver the stated business benefits, while considering the user experience, security, manageability,
performance, capacity, and fault tolerance of the system.
The guide addresses the scenarios most likely to be encountered by someone designing a SCCM
infrastructure.
Please note that the terms System Center Configuration Manager, ConfigMgr, Configuration
Manager, CM and SCCM all refer to the same Microsoft product, and the terms are used
interchangeably.
Design Process
This guide addresses the following decisions and activities that must occur in planning the design for
SCCM. The following steps that represent the most critical design elements in a well-planned SCCM
design:
Define the Project Scope;
SCCM Infrastructure;
Asset Inventory;
Software Distribution;
Software Updates;
Application Virtualization;
Software Metering;
Compliance Settings;
Network Access Protection;
Wake On Lan;
Power Management;
Endpoint Protection;
Internet-based client;


Mobile device management;
Remote Tools;
Operating System Deployment;
User State Migration;
Security;
Remote Consoles;
Discovery;
Client Installation;
Design Hierarchy/Site.
Define the Project Scope
In this step, the project scope will be defined in order to align the goals of the project with the
business motivation. The appropriate parts of the organization will be identified for inclusion in the
project. Then one or more SCCM features will be selected to meet the business goals. SCCM is a
powerful product with a rich feature set, and so its very important to determine which of its
features to use.
The specific target machines that will become SCCM clients will be identified based on the project
scope and the selected features. Finally, the organizations service level expectations and future
growth plans will be documented to assist in the planning process.
Determine Which Features This Project Will Address
Business Goal Feature Descripton Included?
Inventory Hardware Inventory Collects hardware informaton from
business servers and client systems,
such as available disk space,
processor type, and operatng
system.

Sofware Inventory Collects sofware informaton, such
as fle versions.

Asset Intelligence Recognizes Microsof and third-
party sofware signatures by
checking and verifying informaton
in a databasefor example,
checking executable flenames.

Automate Sofware
Installaton
Operatng System
Distributon
Installs a confgured operatng
system, even on systems that have
no operatng systems (bare metal).

Sofware Distributon Installs and confgures sofware
programs.

Applicaton
Virtualizaton
Streams applicatons that have been
sequenced by Microsof Applicaton
Virtualizaton (App-V).

Sofware Updates Scans servers and workstatons for


sofware updates and deploys those
updates.
Standardize
confguratons and
compliance
Network Access
Protecton
Provides enforcement of sofware
updates on clients before they can
access network resources.

Setngs Management Defnes confguraton standards and
policies, and audits standards
compliance throughout the
enterprise against those defned
confguratons.

Sofware Metering Collects and reports on sofware
that is in use so that this can be
compared against licenses to ensure
sofware license compliance.

Manage machines of
hours
Wake on LAN Can power on a system, even when
its switched of, which is useful for
performing sofware distributon or
sofware updates during of hours.

Out of Band
Management
Can manage systems when they are
turned of, in sleep mode, in
hibernaton mode, or otherwise
unresponsive. The managed
computer must have the Intel V-Pro
chip installed.

Take the Help Desk to
the user
Remote Control Remotely administer client
workstatons. Useful for Help Desk
personnel needing to troubleshoot
individual user issues

Antmalware
protecton, policy-
based security
management, and
reportng
Endpoint Protecton Provides antmalware security for
client computers and servers that
can be integrated directly into
System Center applicatons; also
provides historical reportng of
malware events and client status.

Manage outside the
enterprise
Internet client Enables management of clients that
are beyond the organizatons
frewall boundaryfor example, on
the Internet.

Mobile device
management
Mobile devices, such as phones, can
run a capabilites subset, such as
inventory and sofware distributon
(cannot be managed by remote
control or receive operatng system
deployments like desktop clients).


Infrastructure
Now that the scope has been identified, there are many constraints of its own that would affect a
SCCM Infrastructure. The following questions will help to identify the various elements and
components that will make up the base SCCM hierarchy.
Questionnaire
1. Physical locations
Locaton IP Range / Subnet / AD Site

2. Network connectivity
Locaton 1 Locaton 2 Connecton Utlized Bandwidth

3. What are the company expectations for growth or contraction?

4. Server location
Manufacture Model Locaton Number

5. Client (desktop & laptop) location
Manufacture Model Locaton Number

6. Client Connectivity
Connecton Number

7. Will clients move between locations?

8. Are any acquisitions or divestitures planned in the environment in which SCCM will be
implemented?

9. Is Active Directory Schema extension allowed to SCCM?

10. Is this solution should be fault-tolerance or high availability?

11. Can this solution be totally virtualized? If yes, which virtualization platform will be used?

12. Which locations virtual servers cannot be used?
Locaton

13. Should a DR planning be part of the project?


14. If the solution is totally virtualized, can the DR planning be held as part of the
virtualization solution (ie. Server replication, VMotion, etc)

15. Are there any non-Domain clients that should be managed?

16. Should SQL Server (Installation and Configuration) be part of the project?

17. Should SQL Reporting Services (Installation and Configuration) be part of the project?

18. Does your company have Windows Intune Subscription?

19. Does your company have any Windows Azure Subscription?

20. If yes, would you consider using Distribution Point in the cloud?

21. Can servers be installed on a Remote site? If yes, any exception?
Locaton

22. Does your company use Microsoft Direct Access?

23. If not, would use Distribution Point in the cloud for locations where a server cannot be
installed?

24. Will 3
rd
Party Software be considered as part of the project? (ie. 1E Nomad)

25. If required, Should Public Key Infrastructure (Design, Installation and Configuration) be
part of the project?

26. If required, Should configuration of the Active Directory for Bitlocker be part of the
project?

27. List of languages the solution should support
Locaton Language

Inventory
Inventory is responsible for collecting information about the clients machines hardware and
software resources. This information includes installed hardware, memory statistics, hard disk space
usage as well installed software patches.


The inventory information is often used to effectively target the installation of new software
packages. For example, when deploying Microsoft Office 2007; it is possible to use the inventory to
generate a report of the clients that meets the required installation prerequisites.
The following questions will help to identify the various elements and components that will make up
the base SCCM hierarchy.
Questionnaire
Hardware Inventory
1. How often should it be updated?

2. Classes that should be collected
Class Name Field Name Computers

3. New classes that should be created/collected
Class Name Source Fields Computers

Software Inventory
1. How often should it be updated?

2. List all files/extensions that will be inventoried
File name / Extension Locaton Computers

3. List all files/extensions that will be collected
File path / File name /
Extension
Locaton Computers

Asset Intelligence
1. Should Asset Management manage Microsoft Volume License licenses?

2. Should Asset Management manage non-Microsoft licenses?

3. Should it synchronize its database with Microsoft online? If yes, how often?

4. Which classes should be enabled? (http://bit.ly/UOWNnc)


Software Distribution
Software distribution feature provides a set of tools and resources that help you create and manage
applications and packages used to distribute software to client resources within your enterprise.
Questionnaire
1. List all applications (Manufacture, name, version, service pack, size, deployment type) that
you believe will be deployed to your organisations client resources using SCCM.
Manufacturer Name Version Service Pack Size Deployment
Type (OSD,
Client, Base
Image)

2. Should a message be displayed to the end-user when installing application?

3. If yes, should this be customized?

4. If a restart is needed, what should be restart countdown (in minutes)?

5. List of software that can be deployed to a user
Name Type (App-v, MSI, exe, etc) Primary Machine only?

6. List of software that can be distributed to a Distribution Point in the Cloud

Manufacturer Name Version Service Pack Size

7. How often a re-evaluation of the system should happen for software that is required to be
installed?

8. Will users be able to request software installation via web portal?

9. When requesting software via web portal that requires approval, should an e-mail be sent
to his/her manager? If yes, is this information populated into Active Directory?

10. Will Windows Intune be used to distribute content for Internet clients?
Software Updates
The software updates feature provides a set of tools and resources that can help manage the
complex task of tracking and applying software updates to client computers in the enterprise.


Questionnaire
1. List of existing Windows Software Update Service in use
Server Name / OS WSUS Version Locaton

2. List of the Categories that will be used
Categories Included?
Critcal Updates
Defniton Updates
Drivers
Feature Packs
Service Packs
Tools
Update Rollups
Updates
3. List of Microsoft Software to be patched
Name Version Service Pack Size

4. List of non-Microsoft Software to be patched
Manufacture Name Version Service Pack Size

5. When the Software Update can be applied to clients? (maintenance window)
Start Time End Time Computer

6. List of Scan/evaluation
Date/Time Computer

7. How often the synchronization with Microsoft will happen?

8. Enforce mandatory deployment?

9. Will Software Update be used to patch non-Microsoft software? If yes, can 3
rd
party
software be used?

10. Display message to the end user when applying patches?


11. How often the re-evaluation of installed updates happen?

12. List of automatic deployment rules

Rule (Product, classifcaton,
etc.)
Computers Deadline

Application Virtualization
Application virtualization is at the heart of Microsoft Application Virtualization (App-V). It decouples
applications from the operating system and enables them to run as network services. Application
virtualization can be layered on top of other virtualization technologiesnetwork, storage,
machineto create a fully virtual IT environment where computing resources can be dynamically
allocated in real-time based on real-time needs. App-V's patented application virtualization, dynamic
streaming delivery, and centralized management technologies make everything from deployments
and upgrades to migrations and business continuity initiatives easier and faster with better agility:
Questionnaire
1. Does your company SA gives you access to the MDOP package?

2. What App-v client version will be integrated?

3. List all applications (Manufacture, name, version, service pack, size that you believe will be
deployed to your organisations client resources using SCCM.
Manufacture Name Version Service Pack Size

4. App-v Virtual Environment (App-v 5 only)
Applicaton Middleware

Software Metering
Software metering in SCCM allows you to monitor and collect software usage data on SCCM clients.
The collection of this usage data is based on software metering rules that can be configured by the
administrator in the SCCM console, or by the automatic generation of rules based on usage data
collected by SCCM inventory. These rules are evaluated by the software metering client agent on
SCCM client computers, which collects metering data and reports this back to the site database.


Questionnaire
1. How often Software Metering should be reported?

2. List of Application to be monitored
Manufacture Applicaton
Name
File Name Version Language Locaton

Settings Management
The SCCM desired configuration management (DCM) feature provides a set of tools and resources
that can help assess and track configuration compliance of client computers in the enterprise.
Desired configuration management in SCCM allows you to assess the compliance of computers with
regard to a number of configurations, such as whether the correct Microsoft Windows operating
system versions are installed and configured appropriately, whether all required applications are
installed and configured correctly, whether optional applications are configured appropriately, and
whether prohibited applications are installed. Additionally, you can check for compliance with
software updates and security settings.
Questionnaire
1. Will Settings be used for Servers (Application Monitoring)?, if Yes, List all applications that
will be monitored
Manufacture Applicaton
Name
Version Service Pack Language

2. List of Items to be monitored
Item Name Rule Expected Value Auto-remediaton

3. User data and Profiles
Type (Folder Redirecton,
Ofine, Roaming profle)
Where Confguraton


Network Access Protection
The SCCM Network Access Protection (NAP) feature provides a set of tools and resources that can
enforce compliance of software updates on client computers to help protect the integrity of your
enterprise network.
Network Access Protection (NAP) is a policy enforcement platform built into Windows 7, Windows
Vista, and Windows Server 2008 operating system that lets you better protect network assets by
enforcing compliance with system health requirements.
Questionnaire
1. Is the Windows 2008 Network Access Protection in place?

2. How often the evaluation cycle will happen? Will it be a fresh scan every time?

3. Will it use the same Active Directory Forest? If not, what is the other domain suffix
Wake On Lan and Power Management
Configure scheduled SCCM activities to take place outside business hours using the Wake On LAN or
Power Management feature, which has the following benefits:
Helps to achieve a higher success rate for SCCM activities.
Reduces the associated network traffic during business hours.
Helps to conserve power by not requiring computers to be left on outside business hours.
Questionnaire
1. Will Wake On Lan be used?

2. Will wake up be used? When will the wake up occur?

3. Are users allowed to exclude their devices from power management? If no, any exception?
User / Group


Out of Band Management
Out of band management in SCCM provides powerful management control for computers that have
the Intel vPro chip set and a version of the Intel Active Management Technology (Intel AMT) that is
supported by SCCM.
Questionnaire
1. Are all machines v-pro capable?

2. Is there any Microsoft Enterprise Certificate Authority in place?
Remote Tools
SCCM remote tools allow you to remotely access and operate client computers in the SCCM site
which have the remote tools client agent components installed.
Questionnaire
1. Will users be able to change the local settings?

2. Automatic grant permissions to local Administrators Groups?

3. Who will have rights to remote access client machines?
User / Group Computer Name Reason

4. Prompt for users permissions? If yes, any exception?

5. Display remote access notification? If yes, any exception?

6. List of remote tools to be used
Type Level Of Access Extra Informaton
Remote Tools Full/View only/No Access
Remote Assistance None/Remote Viewing/Full
Control
Solicited/unsolicited
Remote Access Require network level


authentcaton
Operating System Deployment
Operating System Deployment allows you to create operating system images and deploy those
images to target computers. Operating System Deployment also provides task sequences which help
facilitate the deployment of operating system images, and other SCCM software
applications/packages.
Questionnaire
1. Will OS Deployment be integrated with MDT?

2. Will Bare Metal OS Deployment be used?

3. Will OS migration be used? (ie: from XP to Windows 7, from Windows 7 to Windows 7).

4. If Question 3 is yes, will the Migration be responsible for saving users profile?

5. Will Multicast be used?

6. If question 5 is yes, does your network (switches/routers) support Multicast? If yes, any
exception
Locaton

7. List of Operating Systems
Locaton OS Name / Version

8. Where OS Deployment be used?
Locaton Type (Migraton, Bare Metal,
Both)
Data Access (Media, Network)

9. What windows activation method will be used? MAK/KMS

10. How many partitions should be used?

11. Does your organization need deploy OS to any computer that SCCM do not know?
(Unknown computer support), if yes, should it use password?


12. Does the OS refresh/migration need install application that was already installed?

13. Is there any disk encryption used?

14. Will UEFI be used instead Bios? If yes, exceptions?
Computer / Computer Model

15. Will BitLocker be used? If yes, will recovery key be stored in active directory?
Computer / Computer Model Bitlocker key management (TPM, USB, TPM +
USB, TPM + PIN)

16. Will Windows To Go be used? (Apply only to Windows 8 OS)
Computer / Computer Model Bitlocker key management (TPM, USB, TPM +
USB, TPM + PIN)

User State Migration
A key goal of the project is to ensure that the users do not lose their locally stored files or settings
during the deployment process.

As such, the locally stored user data will be preserved using the Microsoft User State Migration Tool
(USMT).
Questionnaire
1. Should OS Deployment save user profile?

2. Should Offline capture be used? If yes, should BitLocker be disabled before installing new
OS (if applicable)?

3. Should users profile be saved on the local hard drive?

4. Should users profile be saved on a remote server? If yes, for how long it should be kept
there?

5. Should users profile be saved locally/on a USB disk when no remote server available or on
a remote site with unreliable/slow network connectivity?

6. What files/extensions should be saved?
File Path Extension


7. What applications should have their user settings saved?
Applicaton Setngs

8. Which user settings should be discarded?
Setngs

9. Regional Settings
Locaton Regional Setngs

10. Which users should have their profile excluded?

11. Exclude user profile on last logon? If yes, since when (Number of days / specific date time)
Security
By default, only administrators have access to all SCCM features. Non-administrators may need
access to only a subset of features and this access should be controlled.
Questionnaire
1. List of user/group with their respective access
User / Group Access Computer

2. Is there any requirement to split the management in more than one SCCM infrastructure?
Remote Consoles
The SCCM console is the primary interface to configure, run, and access SCCM features and tools and
it is required to accomplish the day-to-day tasks required to configure sites, maintain SCCM site
database, and monitor the status of a SCCM hierarchy.
Questionnaire
1. How many concurrent consoles will be used?
2. List of connections


User / Group Locaton

Discovery
An important concept to understand in SCCM is that of resource discovery. Before a client machine
can be controlled and managed by SCCM it must be discovered.
The discovery process is important to initially find all resources, and also on an on-going basis so that
newly built machines can be discovered quickly and added to the SCCM site database. Discovering
resources is the first phase of the client deployment process.
Once a resource has been discovered a Discovery Data Record, or DDR, is created and recorded in
the SCCM site database.
A DDR contains resource properties such as:
SCCM unique identifier (GUID)
NetBIOS name
IP addresses
IP subnets
Operating system name and version
Domain or workgroup
Last logon user name
Name of discovery agent that generated the DDR
Active directory service container.
Active directory group.
Questionnaire
1. Which of the following Discovery methods will be used?
Discovery
method
Discover
Resources
Source of
Data
How ofen Included? Observatons
Actve
Directory
Forest
Discovery
Domain, IP
Address,
Actve
Directory
Sites
Domain
Controllers


Actve
Directory
System
Discovery
Computers Domain
Controllers

Actve
Directory
User
Discovery
Users Domain
controllers

Actve
Directory
Group
Discovery
Groups Domain
controllers

Heartbeat
discovery
Computers The
discovered
computer

Network
Discovery
Computers,
routers and
devices that
respond to
network
requests
Network
devices

2. Should the membership of distribution groups be discovered? (applicable to Active
Directory Group Discovery)

3. Only discover computer that have logged on to a domain recently? If yes, what is the time
since last logon (days)? (applicable to Active Directory System Discovery and Group
Discovery)

4. Only discover computer that updated their computer account password recently? If yes,
what is the time since last password update (days)? (applicable to Active Directory System
Discovery and Group Discovery)

5. Forest Discovery
Domain Sufx Account

6. Active Directory System Discovery
AD Container Account Observatons

7. Active Directory User Discovery
AD Container Account Observatons

8. Active Directory Group Discovery


Locaton / Group Account Observatons

9. Network Discovery
Data Value
Type of Discovery
Slow network awareness
Subnets
Domains
SNMP
SNMP Devices
DHCP
Mobile Device Management
Organizations with mobile devices, such as smart phones and tables that operate beyond firewalls
but must be managed centrally.
Questionnaire
1. List of mobile device types
Manufacturer OS Name Version

2. How often should the pooling interval (Windows CE only) be?

3. Will users be able to enrol mobile devices? If yes, list users and groups
User / Group

4. If answer of question 3 is yes, what are the Issuing Certification Authorities and the Mobile
device template to be used?
Certfcaton Authority Mobile device template

5. Should Exchange Active Sync be used to manage mobile devices? If yes, list the exchange
servers and accounts
Exchange server Account

6. Will Windows Intune be used to manage Mobile Devices?


Client Installation
The next phase is to install the SCCM client software on the clients. The following section details the
various installation methods available in SCCM.
Client Installaton method Advantage Disadvantage
Client push installaton Can be used to push to a
single computer, a collecton
or the results from a query.
Can be used to automatcally
install the client on discovered
computers.
Automatcally uses client
installaton propertes defned
on the Client tab of the Client
Push Installaton Propertes
dialog box.
Can cause high network trafc
when pushing to large
collectons.
Can only be used on
computers that have been
discovered.
Cannot be used to install
clients in a workgroup.
A client push installaton
account must be specifed
which has administratve
rights to the intended client
computer.
The Windows frewall must be
confgured on client
computers with exceptons to
allow client push installaton
to complete.
Sofware update point based
installaton
Can use your existng sofware
updates infrastructure to
manage the client sofware.
Can automatcally install the
client sofware on new
computers if WSUS and Actve
Directory Group Policy are
confgured correctly.
Does not require computers to
be discovered before the
client can be installed.
If the Actve Directory schema
has been extended,
computers can read
installaton propertes
published to Actve Directory
Domain Services.
Will reinstall the client
sofware if it is removed.
Requires functoning sofware
updates infrastructure as a
prerequisite.
Must use the same server for
client installaton and sofware
updates, and this server must
reside in a primary site.
To install new clients, you
must confgure an Actve
Directory Group Policy object
with the client's actve
sofware update point and
port.
is not extended, you must use
Group Policy to provision
computers with client
installaton propertes.
Group Policy installaton Does not require computers to
Can be used for new client
installatons or for upgrades.
if a large number of clients are
being installed.
is not extended, you must use
Group Policy to add client


has been extended,
computers can read
installaton propertes
published to Actve Directory.
installaton propertes to
computers in your site.
Logon script installaton Does not require computers to
Supports using command line
propertes for CCMSetup.
if a large number of clients are
being installed.
Manual installaton Does not require computers to
Can be useful for testng
purposes.
No automaton, therefore tme
consuming.
Upgrade installaton
(sofware distributon)
Can leverage the features to
upgrade the client by
collecton, or to a defned
tmescale.
when distributng the client to
large collectons.
Can only be used to upgrade
the client sofware on
discovered and assigned to the
site.
Upgrade installaton
(automatc upgrade)
Can leverage the features to
upgrade the client by
collecton, or to a defned
tmescale.
when distributng the client to
large collectons.
Can only be used to upgrade
the client sofware on
discovered and assigned to the
site.

Questionnaire
1. Client Installation method
Method Included? Comments

2. If client push enabled, will Client installation be automatic or manual after initial
discovery?


Endpoint Protection
Endpoint Protection uses SCCMs capabilities to perform tasks such as deploying antimalware clients,
enforcing security policies on endpoints, managing devices, and alerting administrators to events.
Questionnaire
1. Automatically install Endpoint Protection on client computers? If yes, any exception?
Computer

2. Automatically remove previously installed antimalware software before installing
Endpoint Protection? If yes, any exception?
Computer

3. Allow Endpoint Protection client installation and restart outside maintenance windows? If
yes, any exception?
Computer

4. Supress any required computer restarts after Endpoint Protection installation? If yes, any
exception?
Computer

5. Allow users to postpone restart after Endpoint Protection installation? If yes, any
exception?
Computer How long (hours)

6. Allow 1
st
definition update download only from SCCM infrastructure? If yes, any
exception?
Computer

7. Anti-malware policy
Computer Policy Data
Scheduled Scans
Scan Setngs
Default Actons
Real-tme protecton


Exclusion Setngs
Advanced
Threat overrides
Microsof Actve Protecton
Services

Defniton updates
8. Windows Firewall Policies
Computer Policy Enabled Incoming
connectons
Notfy blocks
Domain Profle
Private Profle
Public Profle

SCCM2012 DesignQuestions

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

SCCM2012 DesignQuestions

Încărcat de

Drepturi de autor:

Formate disponibile

System Center 2012 Configuration

S-ar putea să vă placă și