Introduction to Configuration Manager

2012 (Part 1)
In this article, I will provide a revision to an article previously published on this site that was
an introduction to an early beta version of what was then known as System Center
Configuration Manager 2012.

Introduction
About a year ago, I published an article here that was an introduction to an early beta version
of what was then known as System Center Configuration Manager 2012# Much information
has changed in the past year, including the products name# In this article, I will provide a
revision to that original piece and in follow up parts, will expand on what can be done with
Configuration Manager#
Advertisement

The name change

Most noticeably, the product name has changed and its no longer available as a standalone
product# Its now sold as a part of the System Center 2012 suite and is officially known as
System Center 2012 Configuration Manager, which places the emphasis on System Center as
a whole# That said, Ill still abbreviate it as SCCM 2012#
SCCM 2012 brings with it a number of changes that make it very different from previous
versions of the product# Im getting pretty involved in the product for a project and will share
my thoughts with you as I go through the paces#
This article and the subsequent pieces are all based on the released version of the product#

SCCM 2012 system requirements

The SCCM 2012 client is supported on the following:

Windows XP Professional SP3

Windows XP Professional 64-bit SP2

Vista Business, Enterprise, Ultimate, SP1, SP2, 32-bit & 64-bit

Windows 7 Enterprise and Ultimate

Windows Server 2003 SP2

Windows Server 2003 R2

Windows Server 2008 Standard, Enterprise & Data Center #Itanium systems are not
supported#

Windows Server 2008 R2, SP1, SP2

Windows Storage Server 2008 R2

Windows Embedded/Thin systems based on Windows XP SP3 and Windows 7

SCCM 2012 does have a few limitations you should understand if you decide to deploy it in
your environment:

Data Center editions of Windows are supported but are not certified for SCCM 2012#
If there is a Data Center-specific problem that arises in SCCM 2012, Microsoft may
not provide a fix#

SCCMs new Application Catalog is not supported in Embedded versions of

Windows#

Endpoint Protection is not supported with versions of Windows Embedded that are
based on Windows XP#

Hardware requirements
Other requirements
Before you install SCCM 2012, make sure that you also install the #NET Framework 4#0#
This will probably require a restart of your system# #NET Framework 4#0 is not included in
Windows Server yet, so youll need to download it from Microsoft#
In addition to the #NET Framework 4#0, youll need to install the following role services and
features from Server Manager:

Remote Differential Compression

Background Intelligent Transfer Service

IIS WMI Compatibility Component

You will most likely have to restart your computer after installing these components. In
Figure 1, youll see an example of what it takes to install these prerequisite components.

Figure 1: Installing the SCCM 2012 prerequisite components

SQL Server requirements

Like its predecessors, SCCM 2012 requires the use of a SQL Server-based data repository
into which all SCCM data will be written. The following versions of SQL Server are
supported for use with SCCM 2012:

SQL Server 2008 SP2 with Cumulative Update 9

SQL Server 2008 SP3 with Cumulative Update 4

SQL Server 2008 R2 with SP1 Cumulative Update 6

In addition, there are some other considerations to keep in mind with regard to SQL Server.

SCCM 2012 requires a dedicated SQL Server instance that doesnt also house other
application data. This doesnt mean that you need a separate, dedicated SQL Server
just for Configuration Manager; you can simply add an instance to an existing SQL
Server that you have running in your organization.

If you choose to use a named instance of SQL Server rather than a default SQL Server
instance, you must use the SQL Server Configuration Manager to configure the
selected named instance to listen on port 1433.

Whichever instance you choose to use for Configuration Manager must use caseinsensitive collation .SQL_Latin1_General_CP1_CI_AS.

Enable named pipes as a communications option on the SQL Server and the restart the
SQL Server service.

Add the computer account to the Local Administrators account in the intended SQL
Server.

Installation process
To get started with the main installation process, browse to the location to which you
downloaded SCCM 2012 and double-click the splash.hta file. Click the Install option to get
started.

Figure 2: The SCCM 2012 installation splash page

Youre next presented with a screen that provides loose prerequisite information. Theres not
much to see here so just click the Next button to move on.

Figure 3: Prerequisite information regarding SCCM 2012

For your initial installation, youre presented with a couple of options with regard to
installation. First, you can choose to install a Primary Site Server. Or, you can choose to
install a Central Administration site. If you choose to do a primary site server installation, you
can also fast-track the process by selecting the checkbox next to Use typical installation
options for a stand-alone primary site. In order to make sure you see all of the options, Im
not going to take this easy route. Figure 4 gives you a look at the setup options.

Figure 4: Choose your setup option

In Figure 5, youll see the next step in the installation process. This is a fun-filled page that
asks you to provide your product key. Once youve done so, click Next to proceed.

Figure 5: Product key and license page

You have to agree to the license terms as they appear in Figures 6 & 7. Figure 6 is the license
agreement for SCCM 2012 while Figure 7 is a series of license agreements covering a
number of the prerequisite components necessary for SCCM to operate. You must agree to all
of the license terms in order to proceed.

Figure 6: License agreement

Figure 7: Component agreements

As a part of the installation, the installer looks for updated prerequisites. In order to store
these files, you must create a directory for this purpose. As you can see in Figure 8, I created
a folder named c:\sccmdl and have specified this folder as the download destination. Ive
already downloaded the necessary files.

Figure 8: Download updated prerequisite components

Both the SCCM server and the SCCM client software support multiple languages. On the
next two screens of the installer, shown in Figures 9 and 10, youre asked to select the
languages that youd like to have supported in your environment.

Figure 9: Select your server language options

Figure 10: Select your client language options

If youve used Configuration Manager in the past, the information requested on the Site and
Installation Settings page .Figure 11. will be familiar. Here, youre asked to provide your
Configuration Manager site code, site name and the location to which you want to install the
product. Ive used a site code of SDL and have opted to install the Administrator Console.

Figure 11: Configure your site and installation settings

You may be adding your new SCCM 2012 site to an existing Configuration Manager
hierarchy. For this installation, I am installing a brand new SCCM 2012 site and have no
plans to expand it, so Im going to install it as a standalone primary site.

Figure 12: What kind of site are you installing?

When you make this selection, you receive a warning indicating that you cant join this site to
a hierarchy later on. If this is ok, click Yes to continue.

Figure 13: A friendly reminder

The database server is an integral component in your SCCM infrastructure. Ive already
installed SQL Server 2008 R2 SP1 with CU6 on the a separate server from SCCM 2012. On
the screen shown in Figure 14, youll notice that Ive provided the name of my SQL server
.SCCMSQL., the name of the database .CM_SDL. and a folder that will be used for SQL
replication snapshot.
If Id decided to use a SQL instance, I would have specified the database as
instancename\CM_SDL instead. In my case, Ive decided to use the default instance.

Figure 14: Point the installer at your database server

In most of its products, Microsoft offers to allow customers to join the Customer Experience
Improvement Program. You arent provided with an opportunity to opt into this program. On
this page, simply click Next to move on with the process after you make your selection.

Figure 15: Do you want to join the program?

The next page of the installation wizard asks you to specify the server to which the SMS
Provider will be installed. The SMS Provider is the component responsible for console to
SCCM database communication. In Figure 16, youll see that Im installing the component to
the server named SCCM2012.

Figure 16: Which server will hold the SMS Provider?

In previous versions of SCCM, administrators had to make a choice between running their
site in either Mixed or Native mode, with Native mode adding additional security. Native
mode also required the use of a Public Key Infrastructure .PKI.. In SCCM 2012, Mixed and
Native mode have been removed in favor of something a bit more flexible. Specifically, you
now decide whether to use HTTP or HTTPS for client computer communication. For my
purposes, Im going to allow clients to use HTTP but make use of HTTPS if its available and
configured. In a later part in this series, well cover whats needed to make HTTPS work.

Figure 17: Specify the mode by which SCCM clients will communicate

Configuration Manager is made up of a number of components that can be distributed across

multiple servers. In the case of the SCCM 2012 installation, youll note that you can install
two roles during the installation process the management point role and the distribution
point role.
The management point role acts as the intermediary between SCCM clients and the SCCM
site server. The distribution point role is used to store packages that are then distributed out to
clients.
On the screen shown in Figure 18, youll see that Ive decided to install both roles on the
server named SCCM2012 and configured both services to communicate using HTTP.

Figure 18: Do you want to install these two site system roles?
On the Settings Summary page .Figure 19., the installer follows up with a summary of all of
the selections youve made throughout the process. Review your selections and click the Next
button to continue.

Figure 19: Here's your installation summary page

Once youve reviewed your settings, the installer reviews your system to ensure that it meets
all of the requirements. If your system has warnings or errors, you will be notified so that
action can be taken, if necessary.
When youre done, youre told that the process was successful .hopefully!.. At this stage, you
also have the option to launch the console right after the installation is complete.

Figure 20: The installation is complete

Summary

At this point, your new SCCM 2012 installation is complete and youre able to start
investigating the new features and the console, which is exactly what well be doing in the
next part of this article series.

The console
Perhaps the most visible change to the SCCM 2012 administrative experience lies in the
complete overhaul of the administrative console. Whereas even SCCM 2007 still carried
remnants of the original SMS product, SCCM 2012 will never be mistaken for an older
version. In all of the System Center 2012 products, Microsoft has implemented a consistent
administrative experience, helping administrators more easily jump between the individual
products in the suite. After all, you shouldnt need to learn a different administrative model
for each part of a group of interrelated products.
Even the consoles foundation has changed and no longer relies on the Microsoft
Management Console framework. SCCM 2012 instead has its own model, which is based on
that of Outlook, as you can see in the figure below.

Figure 1: The SCCM 2012 administrative console

Immediately, the Outlook-like nature of the console becomes apparent. In the lower left
corner of the screen, you can see a series of what Microsoft calls wunderbars, or distinct
administrative areas of the product. Above that, there is the navigation area, which changes
based on which wunderbar is active. At the very top of the screen is the now-familiar Ribbon,
which has replaced Microsofts traditional menu-driven interfaces. Personally, as the Ribbon
makes its way into more and more products, the more useful I find it.
The balance of the screen is consumed by a large informational and detail area that shows
information based on whatever is currently selected or the action thats underway. Because of
this overhaul and due to Microsoft shifting elements around, SCCM 2012s interface enables
administrators to take quicker reactive actions when things start to go south and also provides
more proactive monitoring than was found in earlier versions of the software.

A security overhaul

Although its not as immediately obvious, the console has also undergone a complete security
makeover. Gone are the days when primary sites defined security boundaries. This is a good
thing! It allows administrators to drastically simplify their SCCM architecture. Now, rather
than deploying a bunch of primary sites just to enable granular administration, you can use
SCCM 2012s new Role Based Access Control function to achieve extremely granular
administrative segregation.
Role Based Access Control is found in many System Center 2012 products. In addition to
restricting what users can do, it limits what users can see when theyre in the console. RBAC
hides interface elements based on user profile so that the user is shown only what is relevant.
Security in SCCM is controlled through the application of roles and scopes. A role defines
what a user can do and a scope defines where a user can do it. When these two items are
overlapped, youre left with a look at a users abilities in the SCCM console.
SCCM ships with 14 predefined security roles, but administrators can create additional roles
to meet unique business needs. During the initial installation of SCCM, the administrative
account is added to the Full Administrators role. Heres a look at the list of roles available in
SCCM 2012.
Note:
This information was pulled directly from the SCCM console.

Role

Role description

Application
Administrator

Grants permissions to perform both the Application Deployment

Manager role and the Application Author role. Administrative users who
are associated with this role can also manage queries, view site settings,
manage collections, and edit settings for user device affinity.

Application
Author

Grants permissions to create, modify, and retire applications.

Administrative users who are associated with this role can also manage
applications, packages.

Application
Deployment
Manager

Grants permissions to deploy applications. Administrative users who are

associated with this role can view a list of applications, and they can
manage deployments for applications, alerts, templates and packages,
and programs. Administrative users who are associated with this role
can also view collections and their members, status messages, queries,
and conditional delivery rules.

Grants permissions to manage the Asset Intelligence Synchronization

Asset Manager Point, Asset Intelligence reporting classes, software inventory, hardware
inventory, and metering rules.

Compliance
Settings
Manager

Grants permissions to define and monitor Compliance Settings.

Administrative users associated with this role can create, modify, and
delete configuration items and baselines. They can also deploy

configuration baselines to collections, and initiate compliance

evaluation, and initiate remediation for non-compliant computers.

Endpoint
Protection
Manager

Grants permissions to define and monitor security policies.

Administrative Users who are associated with this role can create,
modify and delete Endpoint Protection policies. They can also deploy
Endpoint Protection policies to collections, create and modify Alerts and
monitor Endpoint Protection status.

Full
Administrator

Grants all permissions in Configuration Manager. The administrative

user who first creates a new Configuration Manager installation is
associated with this security role, all scopes, and all collections.

Infrastructure
Administrator

Grants permissions to create, delete, and modify the Configuration

Manager server infrastructure and to perform migration tasks.

Operating
System
Deployment
Manager

Grants permissions to create operating system images and deploy them

to computers. Administrative users who are associated with this role can
manage operating system installation packages and images, task
sequences, drivers, boot images, and state migration settings.

Operations
Administrator

Grants permissions for all actions in Configuration Manager except for

the permissions that are required to manage security, which includes
managing administrative users, security roles, and security scopes.

Read-only
Analyst

Grants permissions to view all Configuration Manager objects.

Remote Tools
Operator

Grants permissions to run and audit the remote administration tools that
help users resolve computer issues. Administrative users that are
associated with this role can run Remote Control, Remote Assistance
and Remote Desktop from the Configuration Manager console. In
addition, they can run the Out of Band Management console and AMT
power control options.

Security
Administrator

Grants permissions to add and remove administrative users and to

associate administrative users with security roles, collections, and
security scopes. Administrative users who are associated with this role
can also create, modify, and delete security roles and their assigned
security scopes and collections.

Software
Update

Grants permissions to define and deploy software updates.

Administrative users who are associated with this role can manage

Manager

software update groups, deployments, deployment templates, and enable

software updates for Network Access Protection (NAP).

Table 1
As you can see from the table above, these roles all define what users that are members of the
role can do. So, how do you control there where aspect?
Thats where security scopes come into play. SCCM 2012 ships with two default security
scopes:

All. A built-in security scope that contains all securable objects. A Configuration
Manager administrator associated with the All security scope will have the
permissions of their role for every object in the Configuration Manager environment.

Default. A built-in security scope with which securable objects can be associated.

Neither of these security scopes can be changed or deleted.

Appropriate objects in SCCM 2012 are tagged with security scopes and can be added to new
security scopes, where necessary. This is how you can avoid having to create multiple
primary sites to form security boundaries. Now, for example, you can simply change an
existing sites security scope membership. To do so, right-click the site and, from the shortcut
menu, choose Set Security Scopes. You can see this in Figure 2.

Figure 2: Changing a site's security scope

When the Set Security Scopes window appears, you will be shown a list of the security
scopes that exist on the system. Note that there are two shown in Figure 3 Default and
TEST, which I created.

Figure 3: The security scopes in my lab

There are a number of different object types in SCCM 2012 that can be scoped in this way.
So, a security scope secures based on a sort of instance element. You can also use collection
limiting to further restrict what can be done.

Summary
Its clear that Microsoft has gone to great lengths to simplify the SCCM administrative
model. From redesigning the various System Center 2012 consoles to have a similar
experience to implementing granular security controls that negate the need to create complex
architectures in the name of security, SCCM 2012 is a major step in the right direction. In the
next part of this series, we will continue to investigate SCCM 2012s new features.

Discovery
Discovery is an incredibly important process in SCCM. It is through discovery that you
locate resources that can be brought into SCCM for management purposes. Further, some
discovery methods enable the automatic creation of boundaries, virtual boxes in SCCM
that help the system make sure that clients are managed appropriately.
When an object is discovered, SCCM creates what is called a Discovery Data Record (DDR)
that holds the details about the discovered object. This DDR will include information such as
the computer name for a discovered computer or the user name for a discovered user account
in Active Directory. These DDRs are processed by SCCM and entered into the SCCM
database as objects that can be manipulated.
In an out-of-the-box configuration, the only discovery method enabled by default is the
heartbeat discovery method. In order to discover any other resources, an administrator must
proactively decide which discovery methods to enable and then configure the selected
methods.
Beyond just using discovery to identify objects that can be managed with SCCM, you can
also use discovered objects in queries that group similar objects for management purposes,
thus further streamlining the desktop management process in your organization.

Discovery options
There are a number of discovery options available in SCCM 2012. If youre used to older
versions of SCCM, get used to some changes, too, as new methods have been introduced and
some removed.
Among the changes:

Active Directory System Group Discovery is no longer available.

A new discovery method named Active Directory Forest Discovery has been added.
This new discovery method is described later in this article.

Discovery information in one site is replicated to other sites using SCCM 2012s new
database replication processes.

The Active Directory Security Group Discovery method is now known as Active
Directory Group Discovery. Further, this discovery method has been improved and
can now discover the group memberships of discovered resources.

Some Active Directory discovery methods (User, System, Group) now support Delta
Discovery. Delta discovery itself is improved in SCCM 2012 and is a method by
which discovery can locate just objects that have been added or changed since the
previous discovery cycle.

Now, lets explore each of the discovery options that are available to you.

Active Directory Forest Discovery

This discovery method discovers forests, domains, AD sites, and IP subnets. Its a high level
method that is new to SCCM 2012. Objects discovered using this method can be used to
automatically create boundaries, which we will cover later.
For each discovery method, there are settings that can be manipulated, which control how the
discovery method works. In Figure 1, the very few settings that are available for Forest
discovery are displayed.

Figure 1: Forest discovery options

Note that this discovery method is enabled. Ive enabled it for use in my lab, but, be default,
its not enabled.
Once enabled, there are additional options you can configure. You can tell Configuration
Manager that you would like to have boundaries automatically created based on any
discovered Active Directory sites and you can do the same, but based on IP address ranges/IP
subnets. Boundaries are used by SCCM to localize client management.
Finally, you can configure discovery to run every so often so that it can discover new
resources that might make their way into the environment. The default for Active Directory
Forest Discovery is to run every week.

Active Directory Group Discovery

Discovers Active Directory groups and group membership or computers and users. With this
discovery method, you can also discover limited information about group member computers
and users. Because this discovery method isnt as robust as other methods, its recommended
that you not run this discovery method until after youve run either System or User discovery.
Those two methods can create full Discovery Data Records for users and computers while
Group discovery creates a much more limited DDR.

Group discovery is not enabled by default and you need to provide a scope in which SCCM
should look for new group resources.

Figure 2: Group discovery options

When you choose the Add option, you can add an AD location that SCCM will use to look
for new groups. This screen is shown in Figure 3.

Figure 3: Add an AD location

You can also explicitly add Active Directory groups that SCCM will parse to discover group
members. In Figure 4, the Add Groups window is shown. Here, you would provide the name
for an AD group and let SCCM do the rest.

Figure 4: Add an Active Directory group

As was the case for Forest discovery, Group discovery can be configured to run periodically
in order to discover new resources. By default, this discovery method runs every 7 days, as
you can see in Figure 5. In Figure 6, Ive also included the Custom Schedule window so that
you can see the options that you have at your disposal for creating a discovery schedule.
In Figure 5, note also the Enable delta discovery option. When this is enabled, which is the
default setting, new resources that have been added or modified since the previous discovery
will be discovered and added to or updated in the SCCM database.

Figure 5: Group discovery polling schedule

Figure 6: Create a custom schedule

The Group discovery method also carries with it some additional options, which are shown in
Figure 7. You can choose to have computers discovered only if they have logged in within,
for example, the past 90 days. Remember, once a group is discovered, the members of that
group are also discovered and computers can be members of groups, hence the computer
login option.
You can also choose to include only computers that have had their password updated within a
certain period of time and can specify that Group discovery should also attempt to discover
the membership of distribution groups rather than just security groups.

Figure 7: Group discovery additional options

Active Directory System Discovery

System discovery is one of the two possible discovery methods (the other being Network
Discovery) that you might use to discover client computers in the environment and to which
the SCCM client might be installed. System discovery discovers a number of details about
systems, including:

Computer name

Operating system and version

Active Directory container name

IP address

Active Directory site

Last Logon Timestamp

System discovery is one of the most common methods that you will use. As is the case for
most of the discovery methodswith the only exception being Heartbeat discoverythe
administrator must proactively enable the discovery option. With System discovery, the
administrator also needs to specify the Active Directory container that should be searched for
new system resources. In my example, Im searching at the root and have enabled recursion
so that SCCM will be able to look in subcontainers, too.

Figure 8: System discovery settings

With the System discovery method, you can also tell SCCM to retrieve additional Active
Directory attributes for discovered resources. You might want to gather additional
information to use in queries, for example.

Figure 9: System discovery additional Active Directory attributes

As was the case with Group discovery, System discovery also provides you with some
additional configuration options, which are shown in Figure 10.

Figure 10: System discovery additional options

Active Directory User Discovery

This discovery method discovers user objects from Active Directory. Again, you need to
enable the discovery method and specify Active Directory containers that should be searched
for new user objects.

Figure 11: User discovery settings

Theres not much else to say about User discovery. The other tabs Polling Schedule and
Active Directory Attributes are the same as tabs that weve seen in other discovery
methods.

Network Discovery
Sometimes, you might have network objects that cant be discovered via Active Directory
discovery methods. The Network Discovery option allows you to go directly to the network
to find new objects, such as computers, printers and network devices. Network discovery
does have some downsides, though. Its quite noisy meaning that it generates a lot of
network traffic and can be extremely resource intensive. As such, you should use other
discovery methods before resorting this one.

That said, you sometimes have to use Network Discovery. You may have systems that arent
in Active Directory, such as workgroup computers, switches and other network devices.
In Figure 12, you can see the general options that are available, including the ability to enable
the discovery method. You will also see that there are three options available in the Type of
discovery area:

Topology. Discovers network topology by discovering subnets and routers.

Topology and client. Adds to the mix by discovering clients.

Topology, client and client operating system. Takes things a step further by attempting
to also determine the client operating system and version.

Figure 12: Network discovery general settings

Every network has subnets. In this spirit, SCCM provides you with a way to tell SCCM
which subnets should be searched for resources (Figure 13). My lone subnet in my lab is
192.168.0.0/16.

Figure 13: Network discovery subnets

Likewise, you can tell SCCM to look in a domain.

Figure 14: Network discovery domain settings

For SNMP devices, you need to tell SCCM about any community names that you might be
using in your environment. As you can see in Figure 15, my lab domain uses the default of
public as an SNMP community name.

Figure 15: Network discovery SNMP community names

You can also indicate to SCCM specific SNMP devices that should be used to discover
resources.

Figure 16: Network discovery SNMP devices

If you are using Microsofts DHCP server in your environment, you can leverage that system
to enable SCCM to use it to discover resources that can be brought into SCCM for
management. Im not using a Microsoft DHCP server in my lab, so I cannot test this scenario
right now.

Figure 17: Network discovery DHCP features

Heartbeat Discovery
Heartbeat discovery is different from all of the other discovery methods in that it doesnt
actually discovery any new resources at all. Instead, heartbeat discovery is a client-initiated
process that informs SCCM that the client is still alive and kicking.
You can see in Figure 18 that there are just two options for Heartbeat discovery. Do you want
to enable this discovery method and how often should clients check in?

Figure 18: Heartbeat discovery options

Summary
Discovery is a foundation SCCM process. Its absolutely required in order for you to move
forward with your use of the product. In this article, you learned about the various discovery
options at your disposal. In the next part of this series, well continue implementing SCCM
2012.

Client Settings
Client settings are a crucial aspect of System Center Configuration Manager 2012. In older
versions of SCCM, these were called client agents, but they still serve the same purpose in
SCCM 2012. These settings control how the managed clients in SCCM 2012 will operate. In
this article series, well go through each and every client setting and explain in detail the
parameters that you can adjust.

Background Intelligent Transfer

Background Intelligent Transfer Service (BITS) is a Windows service that

Figure 1: Background Intelligence Transfer Service settings

Limit the maximum network bandwidth for BITS background transfers. Limits the
amount of bandwidth that BITS will use for background transfers. This can be useful
in slow link scenarios or when bandwidth is at a premium.

Throttling window start time. Provide the time of day at which throttling should start.

Throttling window end time. Provide the time of day at which throttling should cease.

Maximum transfer rate during throttling window (Kbps). Determine the maximum
transfer rate that is allowed during the throttling window. For example, 1 Mb would
be 1,000 Kb.

Allow BITS downloads outside the throttling window. Decide whether or not BITS
transfers are allowed outside the defined throttling window.

Maximum transfer rate outside the throttling window (Kbps). Determine how fast
transfers can take place outside the throttling window.

Client Policy
Think of the client policy as a meta policy. This is the policy that determines how clients will
handle receiving and updating their individual policies. The configuration for this client
setting is pretty important as other SCCM functions often require machines to retrieve an
updated client policy before they can work their own magic.

Figure 2: Client Policy settings

Client policy polling interval (minutes). This value indicates to SCCM the interval by
which clients should check in with the SCCM server to retrieve any policy updates
that may have been made since the last check in.

Enable user policy polling on clients. When SCCM is appropriately configured,

enabling this parameter users logged in to managed clients are able to have programs
targeted at them. Note that disabling this parameter will mean that applications
targeted at users will not be deployed, even if they are required, and users may not see
applications in the Application Catalog.

Enable user policy requests from Internet clients. For sites that support Internet
clients, when this parameter is set to True, endpoints on the Internet will receive both
machine and user policy updates.

Compliance Settings
Compliance Settings are an updated form of Desired Configuration Management, which was
included in older versions of SCCM. With Compliance Settings, administrators can determine
when a managed client has deviated from established baselines.

Figure 3: Compliance settings

Enable compliance evaluation on clients. Decide whether or not clients will use their
compliance evaluation capabilities.

Schedule compliance evaluation. Determine the schedule by which compliance

evaluation should take place.

Computer Agent
The computer agent is another set of settings that are pretty core to how SCCM manages
clients. The items here define some general settings that dictate how a wide swath of SCCM
functionality will operate.

Figure 4: Computer Agent settings

Deployment deadline greater than 24 hours, remind user every (hours). When a
software deployment action is pending and is more than 24 hours out, choose the
interval by which users will be reminded about the deployment.

Deployment deadline less than 24 hours, remind user every (hours). For deployments
that have a deadline that takes place within the next 24 hours, notify users about the
deployment every X number of hours.

Deployment deadline less than 1 hour, remind user every (minutes). Likewise, for
deadlines in the next hour, choose the interval (in minutes) by which users should be
notified of the deployment.

Default Application Catalog website point. Define the address at which the client can
find the Application Catalog. By default SCCM clients are configured to
automatically detect the Application Catalog. Administrators can choose instead to
force clients to use an automatically created intranet fully qualified domain name or
the NetBIOS name for the server holding the Application Catalog. Administrators
may choose instead to specify a custom URL.

Add default Application Catalog website to Internet Explorer trusted sites zone. By
setting this option to True, an administrator can direct clients to ensure that IE
protected mode doesnt interfere with a client attempting to browse to the Application
Catalog.

Organization name displayed in Software Center. The Software Center is a part of a

client installation and is one of the locations at which users can choose to install
software that has ben deployed. This client setting is often populated with the name of
the company.

Install permissions. Specifies the users that are allowed to start the installation of
deployed software.
o All Users. Any user logged in to a managed client can initiate a deployed
software installation.
o Only Administrators. Only users that are members of the local administrators
group can initiate a software installation.
o Only Administrators and primary users. This is the same as the previous
option with one exception. If the device has been associated with a user
through user/device affinity, the primary computer user can also initiate a
software installation.
o No Users. Users can never initiate software installations. Only software
marked as required will be installed.

Suspend BitLocker PIN entry on restart. If a software installation requires a reset,

should any configured BitLocker PIN be respected (Never) or should it be skipped
(Always)? If the PIN is not suspended, the software installation process may await a
users input of the PIN before proceeding.

Agent extensions manage the deployment of applications and software updates. This
setting should never be enabled unless you are using a third party software
deployment solution that requires it. Enabling this setting can break SCCM 2012s
ability to deploy software.

PowerShell execution policy. If a deployment uses PowerShell, setting this option to

Bypass overrides a clients configured PowerShell execution policy, which may be set
to Restricted.

Show notifications for new deployments. Enables or disables the display of new
deployment notifications to a user.

Computer Restart
If SCCM initiates an action that requires a computer restart, the settings here help to define
what will happen when that restart takes place. After all, you dont want users to just have
their PC all of a sudden restart with no warning whatsoever. That would result in lost work
and a frustrated user base!

Figure 5: Computer Restart settings

Display a temporary notification to the user that indicates the interval before the user
is logged off or the computer restarts (minutes). The user is able to close this window
and continue working, but the countdown to restart continues for the interval shown.

Display a dialog box that the user cannot close, which displays the countdown interval
before the user is logged off or the computer restarts (minutes). This is where SCCM
means business. The user cannot close the display window and the countdown
continues.

Summary
As you can probably see, there are a number of options associated with each client setting.
Administrators can adjust these options to control client behavior in the environment. In the
next part of this series, well continue our look at client settings.

Client Settings
Client settings are a crucial aspect of System Center Configuration Manager 2012. In older
versions of SCCM, these were called client agents, but they still serve the same purpose in
SCCM 2012. These settings control how the managed clients in SCCM 2012 will operate. In
this article series, well go through each and every client setting and explain in detail the
parameters that you can adjust.

Endpoint Protection
In previous versions of SCCM, adding support for what used to be called Forefront Endpoint
Protection involved a series of steps that extended SCCM to be able to act as the central
monitoring host for the Forefront Endpoint Protection antimalware tool. In SCCM 2012,
support for the renamed System Center Endpoint Protection antimalware tool is built right
into the product and there is a client setting providing administrators with a means to control
how the Endpoint Protection installation will take place.

Figure 6: Endpoint Protection settings

Manage Endpoint Protection on client computers. Selecting this option indicates that
you wish to centrally manage Endpoint Protection from within the SCCM console.

Install Endpoint Protection client on client computers. If System Center Endpoint

Protection is not yet installed, changing this option to True will install Endpoint
Protection on client computers.

Automatically remove previously installed antimalware software before Endpoint

Protection is installed. Endpoint Protection has the ability to uninstall some third party
antimalware tools, including:
o Symantec AntiVirus Corporate Edition version 10
o Symantec Endpoint Protection version 1
o Symantec Endpoint Protection Small Business Edition version 12
o McAfee VirusScan Enterprise version 8
o Trend Micro OfficeScan
o Microsoft Forefront Codename Stirling Beta 2 or Beta 3
o Microsoft Forefront Client Security v1
o Microsoft Security Essentials v1 or 2010
o Microsoft Forefront Endpoint Protection 2010
o Microsoft Security Center Online v1

Suppress any required computer restarts after the installed Endpoint Protection client
is installed. The Endpoint Protection installation does not respect maintenance
windows established for clients. Therefore, if the Endpoint Protection installation
requires a system restart, the system will restart at any time of day. To prevent this,
enable this option.

Allowed period of time users can postpone a required restart to complete the Endpoint
Protection installation (hours). If the previous option is set to False, administrators can
allow users to postpone a restart for a number of hours configured here.

Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows

Server Update Services, or UNC shares) for the initial definition update on client
computers. The initial Endpoint Protection deployment can be an impactful event
since the software needs to be deployed and new definitions downloaded immediately.
You can configure this option to reduce the overall impact by forcing clients to use
just the SCCM server for initial definition updates.

Hardware Inventory
The hardware inventory client setting controls how clients perform local hardware
inventories and submit the information back to SCCM. Before discussing the hardware
inventory, make sure you understand what is meant by the term MIF file.
Management Information Files (MIF) are used by SCCM and clients to exchange hardware
information. Administrators can extend SCCMs hardware collection capabilities by using
MIF files to supplement what SCCM captures by default. However, you can also use the
SCCM client settings configuration area to extend the information that SCCM captures by
default.
To learn more about MIF, visit this page.

Figure 7: Software Inventory settings

Enable hardware inventory on clients. Directs clients to begin collecting local

hardware information based on information configured here.

Hardware inventory schedule. How often should a client perform a hardware scan and
return information to an SCCM server?

Maximum custom MIF file size (KB). A range of 1 KN to 5,000 KB is required here.
This field indicates the maximum MIF file size that SCCM will process. If a file is
returned from a client and its larger than this setting, the file will be ignored.

Hardware inventory classes. Administrators can choose to collect all kinds of

information from client hardware. You can see some of these in the screenshot above.
Simply select the hardware classes that youd like to collection. The next time that the
client performs a policy retrieval, it will be updated to include the new classes.

Collect MIF files.

o None. Do not collect any MIF files from clients.
o Collect IDMIF files. IDMIF files are ones that contain inventory information
from devices that are not managed by Configuration Manager. Select this
option to collect IDMIF files from clients.
o Collect NOIDMIF files. NOIDMIF files are ones that contain hardware
information that cant be inventoried directly by Configuration Manager.
Select this option to collect NOIDMIF files from clients.
o Collect IDMP and NOIDMIF files. Collect both kinds of files from clients.

Network Access Protection (NAP)

The Network Access Protection client agent scans a local machine and sends the results of the
scan to a System Health Validator Point. This SCCM capability requires that organizations
have an existing Network Access Protection architecture already in place. Systems that do not
comply with baselines may not be able to connect to the network until the situation is
remediated.

Figure 9: Network Access Protection settings

Enable Network Access Protection on clients. When enabled, client software updates
are scanned and the results sent to a System Health Validator Point (SHVP).

Use UTC (Coordinated Universal Time) for evaluation time. Indicate whether local
time and UTC time should be used for evaluation.

Require a new scan for each evaluation. A False setting allows a client to return to the
SHVP the cached result from the most recent scan while a True setting requires a new
and current full scan.

NAP re-evaluation schedule. Determines how often the clients status should be reevaluated.

Power Management
Power management capabilities were added to SCCM in a recent edition of a previous
version, but theyre included in full force in SCCM 2012. Power management can be used to
create policies, which, once applied to clients, can begin to save the company money.

Figure 10: Power Management settings

Allow power management of devices. Allows SCCM to manage power settings in

managed devices.

Allow users to exclude their device from power management. SCCM is a userfocused product. As such, administrators can choose to allow users to opt out of
centrally-enforced power management by changing this setting to True.

Summary
As you are continuing to see, there are a number of options associated with each client
setting. Administrators can adjust these options to control client behavior in the environment.
In the next part of this series, well continue our look at client settings.

Client Settings
Client settings are a crucial aspect of System Center Configuration Manager 2012. In older
versions of SCCM, these were called client agents, but they still serve the same purpose in
SCCM 2012. These settings control how the managed clients in SCCM 2012 will operate. In
this article series, well go through each and every client setting and explain in detail the
parameters that you can adjust.

Endpoint Protection
In previous versions of SCCM, adding support for what used to be called Forefront Endpoint
Protection involved a series of steps that extended SCCM to be able to act as the central

monitoring host for the Forefront Endpoint Protection antimalware tool. In SCCM 2012,
support for the renamed System Center Endpoint Protection antimalware tool is built right
into the product and there is a client setting providing administrators with a means to control
how the Endpoint Protection installation will take place.

Figure 6: Endpoint Protection settings

Manage Endpoint Protection on client computers. Selecting this option indicates that
you wish to centrally manage Endpoint Protection from within the SCCM console.

Install Endpoint Protection client on client computers. If System Center Endpoint

Protection is not yet installed, changing this option to True will install Endpoint
Protection on client computers.

Automatically remove previously installed antimalware software before Endpoint

Protection is installed. Endpoint Protection has the ability to uninstall some third party
antimalware tools, including:
o Symantec AntiVirus Corporate Edition version 10
o Symantec Endpoint Protection version 11
o Symantec Endpoint Protection Small Business Edition version 12
o McAfee VirusScan Enterprise version 8
o Trend Micro OfficeScan
o Microsoft Forefront Codename Stirling Beta 2 or Beta 3
o Microsoft Forefront Client Security v1
o Microsoft Security Essentials v1 or 2010
o Microsoft Forefront Endpoint Protection 2010
o Microsoft Security Center Online v1

Suppress any required computer restarts after the installed Endpoint Protection client
is installed. The Endpoint Protection installation does not respect maintenance
windows established for clients. Therefore, if the Endpoint Protection installation

requires a system restart, the system will restart at any time of day. To prevent this,
enable this option.

Allowed period of time users can postpone a required restart to complete the Endpoint
Protection installation (hours). If the previous option is set to False, administrators can
allow users to postpone a restart for a number of hours configured here.

Disable alternate sources (such as Microsoft Windows Update, Microsoft Windows

Server Update Services, or UNC shares) for the initial definition update on client
computers. The initial Endpoint Protection deployment can be an impactful event
since the software needs to be deployed and new definitions downloaded immediately.
You can configure this option to reduce the overall impact by forcing clients to use
just the SCCM server for initial definition updates.

Hardware Inventory
The hardware inventory client setting controls how clients perform local hardware
inventories and submit the information back to SCCM. Before discussing the hardware
inventory, make sure you understand what is meant by the term MIF file.
Management Information Files (MIF) are used by SCCM and clients to exchange hardware
information. Administrators can extend SCCMs hardware collection capabilities by using
MIF files to supplement what SCCM captures by default. However, you can also use the
SCCM client settings configuration area to extend the information that SCCM captures by
default.
To learn more about MIF, visit this page.

Figure 7: Software Inventory settings

Enable hardware inventory on clients. Directs clients to begin collecting local

hardware information based on information configured here.

Hardware inventory schedule. How often should a client perform a hardware scan and
return information to an SCCM server?

Maximum custom MIF file size (KB). A range of 1 KN to 5,000 KB is required here.
This field indicates the maximum MIF file size that SCCM will process. If a file is
returned from a client and its larger than this setting, the file will be ignored.

Hardware inventory classes. Administrators can choose to collect all kinds of

information from client hardware. You can see some of these in the screenshot above.
Simply select the hardware classes that youd like to collection. The next time that the
client performs a policy retrieval, it will be updated to include the new classes.

Collect MIF files.

o None. Do not collect any MIF files from clients.
o Collect IDMIF files. IDMIF files are ones that contain inventory information
from devices that are not managed by Configuration Manager. Select this
option to collect IDMIF files from clients.
o Collect NOIDMIF files. NOIDMIF files are ones that contain hardware
information that cant be inventoried directly by Configuration Manager.
Select this option to collect NOIDMIF files from clients.
o Collect IDMP and NOIDMIF files. Collect both kinds of files from clients.

Network Access Protection (NAP)

The Network Access Protection client agent scans a local machine and sends the results of the
scan to a System Health Validator Point. This SCCM capability requires that organizations
have an existing Network Access Protection architecture already in place. Systems that do not
comply with baselines may not be able to connect to the network until the situation is
remediated.

Figure 9: Network Access Protection settings

Enable Network Access Protection on clients. When enabled, client software updates
are scanned and the results sent to a System Health Validator Point (SHVP).

Use UTC (Coordinated Universal Time) for evaluation time. Indicate whether local
time and UTC time should be used for evaluation.

Require a new scan for each evaluation. A False setting allows a client to return to the
SHVP the cached result from the most recent scan while a True setting requires a new
and current full scan.

NAP re-evaluation schedule. Determines how often the clients status should be reevaluated.

Power Management
Power management capabilities were added to SCCM in a recent edition of a previous
version, but theyre included in full force in SCCM 2012. Power management can be used to
create policies, which, once applied to clients, can begin to save the company money.

Figure 10: Power Management settings

Allow power management of devices. Allows SCCM to manage power settings in

managed devices.

Allow users to exclude their device from power management. SCCM is a userfocused product. As such, administrators can choose to allow users to opt out of
centrally-enforced power management by changing this setting to True.

Summary
As you are continuing to see, there are a number of options associated with each client
setting. Administrators can adjust these options to control client behavior in the environment.
In the next part of this series, well continue our look at client settings.
Adding the management pack

One great feature of Operations Manager is its extensibility. Through the addition of
management packs, which are often free, you can massively extend the breadth and depth of
the product and add to it the ability to monitor just about everything in your environment.
To get started, we need to add management packs that enable the discovery of Active
Directory domain controllers. Navigate to the Administration workspace. Expand
Administration > Device Management and choose Management Packs. Right-click
Management Packs and from the shortcut menu, choose Import Management Packs.

Figure 1: Choose Import Management Packs

When the Import Management Packs window appears, click the Add button and choose Add
from catalog. The catalog is a central repository of management packs that Microsoft keeps
updated and that contains, literally, hundreds of management packs that you can use.

Figure 2: Add a management pack from the catalog

Because there are so many management packs from which to choose, you can narrow down
your parameters by searching for management packs that match your needs. In Figure 3, Ive
searched for Active Directory since Im interested in monitoring domain controllers. Note
that there are four management packs returned that I need.

Figure 3: Select the management packs you wish to install

You will note in Figure 4 that there are some issues with the selections previously made.
Another great thing about Operations Manager presents itself here. If there are additional
management packs upon which your selected management packs depend, youre notified of
this fact and given an opportunity to resolve the issue. To add dependency management
packs, click the Resolve button next to each listed item.

Figure 4: Satisfy management pack dependencies

When you click the Resolve button, youre told which management pack is necessary to
satisfy the dependency, as shown in Figure 5. Again, click the Resolve button to validate the
selection.

Figure 5: The management pack that needs to be added

You will continue this process until there is nothing in the Status column. In Figure 6, note
that three management packs have been added to satisfy dependencies.

Figure 6: Everything checks out now

Once you click the Install button, the selected management packs are downloaded and
imported into Operations Manager.

Figure 7: The selected management packs are being installed

Monitor Active Directory

This is the point at which patience is a virtue as it can take Operations Manager a little while
to discover the domain controller role that might exist on managed systems. However, you
will immediately notice that some new items are added to the Monitoring workspace.

Figure 8: An Active Directory entry now appears in the Monitoring workspace

Well go through each of these items below.
DC Active Alerts

Bearing in mind that the alerts that youre seeing are from a test lab, the DC Active Alerts
section displays any Operations Manager alerts that are raised by monitoring rules in the
newly installed management pack. In Figure 9, you can see these alerts shown on the screen.
One of the critical alerts is selected and you can see some additional details about the alert.

Figure 9: DC Active Alerts

You can get additional information about the alert by opening its properties page, which is
shown in Figure 10. Ive shown an additional screen of information in Figure 11, which
shows you quite a bit more detail about a different alert.

Figure 10: Additional information about the alert

Figure 11: Information about a separate alert

DC Events

The alerts that were shown in the previous section are the ones raised by virtue of rules in the
management pack that was installed. However, theyre only a part of the bigger picture when
it comes to troubleshooting Active Directory domain controllers. The old standbythe
Windows Event Logstill contains a lot of information. The management pack that we just
installed pulls AD-related events for your perusal and, when combined with the other data
sources, provides you with a bigger picture view of the environment.

Figure 12: Events from the event log

DC Performance Data

The newly installed management pack adds to the monitored system a number of
performance gathering features that you will see in action. In Figure 13 below, you can see a
graph that shows a single statistic on display for a particular time period. This information is
constantly gathered so you can gain some insight into how a particular aspect of the
monitored item is performing. If you want to see information about something else, simply
select the checkbox in the Show column for the statistic youd like to see.

Figure 13: A performance graph

DC State

Perhaps the most important piece of information you need to know is whether or not your
domain controllers are operational or if theyre experiencing serious issues. The DC State
area gives you a look at the domain controllers in your environment and identifies their state.
This is shown in Figure 14.

Figure 14: The domain controller state

If you do have a domain controller in a critical state, you need to understand exactly whats
going on. You can use the Health Explorer to accomplish this task. Simply right-click the
state area and choose to open the Health Explorer. In Figure 15, you can see exactly which
rule is not working and when it went bad.

Figure 15: The Health Explorer

DC Server 2008 entries

These are pretty much repeats of what we just saw, but will show just Windows Server 2008
domain controller information.
AD DIT/Log Free Space

Active Directory servers need to have enough disk space to store log files. This graph
displays how much space is available on the file on the drive on which the log files are
stored, which is generally the system drive. The value shown on the Y axis is in bytes.

Figure 16: The amount of free space on the log file drive
All Performance Data

If youre looking for something a bit more granular, you can choose whatever performance
statistics youd like to see graphed by selecting that graph from the All Performance Data
section.

Figure 17: Choose a graph... any graph

Database and Log Overview

Not every option here displays a single graph. The Database and Log Overview section
displays information pertinent to the database and log files themselves. There is less clutter
here, making it easier for the administrator to get necessary details for corrective purposes.

Figure 18: AD database and log information

Database Size

This graph displays the current size of the AD database. Note that only one domain controller
is available for selection because only one DC in my lab domain currently has the SCOM
client installed on it. If I add the second DC, it will become available as a selection.

Figure 19: Database size details

DC OS Metrics Overview

As was the case with the database and log file section before, this section allows you to see
information about the status of some key metrics important in managing Active Directory. In
Figure 20, you can see how much RAM is available and how much is committed and you
also get information about the Local Security Authority Subsystem Service (LSASS).

Figure 20: More pertinent rollup information

DC Response Time

A domain controller that isnt responsive will result in users calling the help desk
complaining about poor performance. You can see how quickly your domain controllers are
responding to user requests using the graph below.

Figure 21: Domain controller response time

DC/GC Response

That single graph showing DC response time may not be enough. You may also want to see
how quickly your global catalog servers are responding. You can see both stats on this page.

Figure 22: DC/GC response time

GC Response Time

And, if you want to see just global catalog information, you can do so on the GC Response
Time page, shown in Figure 23.

Figure 23: Global catalog response time

Log File Size

You saw log file size information earlier, but this is a page with just that information
displayed.

Figure 24: Current log file size

LSASS Processor Time

The Local Security Authority Subsystem Service is responsible for enforcing the security
policy on the system and it can eat up a lot of processor capacity. If it does, it can result in
poor performance. In Figure 25, you can see granular information for how much processor
time is being used by this service.

Figure 25: LSASS statistics

Memory Metrics

You saw memory information displayed earlier on one of the aggregate graphs. Here, you can
see just memory statistics related to your domain controller.

Figure 26: Memory stats

OpMaster Performance

Finally, you can get some information about the performance of your domains operations
master, shown below in Figure 27.

Figure 27: OpMaster performance graph

Summary

And that, folks, is the Active Directory management pack for SCOM 2012. As you can see, it
adds a ton of information to the SCOM framework and allows administrators to delve deeply
into systems to see what is happening under the hood.

Using Health Explorer

Before you attempt to customize a management pack, lets first take a look at some of the
methods by which you can gain granular knowledge regarding the state of your existing
environment. This is where the Operations Manager Health Explorer comes in handy.
With this tool, you can get at a glance status for every monitored item in the environment. To
access the Health Explorer, from the Monitoring area, right click one of the health indicators
and, from the shortcut menu, choose Open > Health Explorer. See Figure 1 for a look at how
this should appear in your environment.

Figure 1: Open the Health Explorer

Once you open the Health Explorer, youll see a screen like the one shown in Figure 2.
Believe it or not, you want to see as little as possible on this screen. By default, along with

the primary health of the entity, only unhealthy child items are displayed. So, since there is
nothing wrong with this server at present, you see a green circle with checkmark indicating
that the entity is health. Immediately above that, you will see a yellowish bar that reads
Scope is only unhealthy child monitors.
Basically, this means that SCOM is going to display only those metrics that are not in
alignment with their established parameters. To show everything click the X in the yellow
bar.

Figure 2: You are first presented with (hopefully) very little information abut the selected
entity
Once you click the X, youre shown everything there is to see with regard to this entity
(Figures 3 and 4). You can see that I have expanded the Entity Health nodes until Logical
Disk Free Space (C:) was visible. By clicking on that metric, Operations Manager now
displays a whole lot of information about the selected metric. In this case, youre shown
knowledge about Drive C: on the selected server. Knowledge is information that is
included in the management pack to help administrators identify and correct issues that may
arise in the environment.
What you will notice immediately is that the Knowledge pane also provides you with the
point at which Operations Manager determines that the selected disk drive is too low on disk
space. Further, you will see that there are two different criticality levels:

Warning. A warning will be raised on the C: drive when it gets below either 500 MB
of free space or when it goes below 10% of available space.

Error. An error will be raised on the C: drive when it gets below either 300 MB of free
space or when it goes below 5% of available space.

For a system drive, the parameters are a little more restrictive:

Warning. A warning will be raised on the C: drive when it gets below either 2 GB of
free space or when it goes below 10% of available space.

Error. An error will be raised on the C: drive when it gets below either 1 GB of free
space or when it goes below 5% of available space.

Figure 3: Information about the free space available on drive C:

Figure 4: More information about the C: drive

Note also that the Knowledge tab provides you with a list of potential causes for a warning or
error along with possible resolutions. While the resolution for correcting a disk space issue is
pretty simple, when it comes to resolving more complex issues, the cause and resolution
sections of the knowledge tab can be extremely valuable.

Get yet more information

The information youre shown in the main screen is just the beginning. To see extremely
detailed information about the monitored item, click the Properties button in the menu
bar. This opens the General tab that you see below in Figure 5.
The General tab provides the name of the monitor as well as a description of such. It also
identifies the management pack from which the monitor originates and tells you the kind of
resource that is targeted by the monitor. Finally, youre told to which parent monitor the
monitor rolls up. If the C: drive shows a warning or error, then the main Availability monitor
for the server will also show a warning or error state.

Figure 5: General information about the monitor

On the schedule tab, youre able to see how often the monitor is configured to gather
information to be reported back to Operations Manager. In Figure 6, you can see that
information is gathered, by default, every 15 minutes.

Figure 6: The interval at which the information is gathered

The next few tabs are like the one shown in Figure 7 and provide you with a way to see the
levels at which a warning or error alert will be raised. You saw these values earlier, so I wont
repeat them here.

Figure 7: The percentages that you saw earlier

The Health tab allows you to see which statuses trigger which health states.

Figure 8: The health status that will be set on a per monitoring condition basis
When the monitored item enters a state that requires a warning or error to be issued, an alert
is raised in the Operations Manager console. The Alerting tab is the place to go to see what
the text of this message will look like. Further, on this tab, you can see the default priority
level for the alert.

Figure 9: The text of the alert that will be raised for this item
When used properly, the Diagnostics and Recovery tab can be used to automate the resolution
to a problem. For disk space, issue, however, you dont want the system to automatically
delete files, so no actions are listed.

Figure 10: Actions that will be taken to attempt diagnostics and recovery related to the
monitor
Once you close the Properties windows. Click OK to go back to the view of the monitor and
choose the State Change Events tab. You will see a screen like the one shown in Figure 11.
This screen lets you know the date and time at which an alert condition is raised. This can aid
response and help you more quickly understand when something went wrong and streamline
your support efforts.

Figure 11: State Change Events tab

Summary
Thats a look at how you can manage monitors in SCOM 2012. The Health Explorer
powerful insights about the health of your system. You may be wondering how you can
change these metrics since they were all grayed out. That is the topic for the next part of this
series.