SMS 2003 R2 Update &SMS 2003 R2 Update &Sneak Peak – SMS v4Sneak Peak – SMS v4

Neil HetheringtonNeil HetheringtonAccount Technology SpecialistAccount Technology SpecialistMicrosoft CorporationMicrosoft Corporation

Session OverviewSession Overview

SMS IntroductionSMS Introduction

SMS 2003 R2 Overview and EnhancementsSMS 2003 R2 Overview and Enhancements

Introduction to “SMSv4”Introduction to “SMSv4”

Deployment EnhancementsDeployment Enhancements

Software Update EnhancementsSoftware Update Enhancements

Security EnhancementsSecurity Enhancements

Demos!Demos!

SMS 2003 CapabilitiesSMS 2003 Capabilities

Application Application DeploymentDeployment

AssetAssetManagementManagement

SecuritySecurityPatchPatch

ManagementManagement

LeveragingLeveragingWindows Windows

Management Management ServicesServices

Support forSupport forthe Mobile the Mobile WorkforceWorkforce

OS Deployment Feature PackOS Deployment Feature Pack

Core scenariosCore scenariosIn-Place MigrationIn-Place Migration

Machine Replacement / New MachineMachine Replacement / New Machine

Help Desk Recovery Help Desk Recovery

Key FeaturesKey FeaturesFully integrated with SMS 2003 infrastructureFully integrated with SMS 2003 infrastructureUtilizes advanced Windows imaging formatUtilizes advanced Windows imaging formatEnables sophisticated custom sequencingEnables sophisticated custom sequencing

The end-to-end desktop operating system deployment The end-to-end desktop operating system deployment and upgrade imaging solution for Windowsand upgrade imaging solution for Windows

Device Management Feature PackDevice Management Feature PackExtend change and configuration management to Extend change and configuration management to Windows CE-based and Windows Mobile devicesWindows CE-based and Windows Mobile devices

Device Management Device Management Feature PackFeature Pack

Partner Add-onsPartner Add-ons

SMS 2003 R2 OverviewSMS 2003 R2 Overview

New point release of SMS 2003New point release of SMS 2003

Available for purchase to non-SA customersAvailable for purchase to non-SA customers

SA customers receive it as part of the SA SA customers receive it as part of the SA agreementagreement

Built on SMS 2003 SP2Built on SMS 2003 SP2

Similar to Windows Server 2003 R2Similar to Windows Server 2003 R2Smaller point release with featuresSmaller point release with features

Core changes are in Service Pack 2 so there will be Core changes are in Service Pack 2 so there will be no migration issuesno migration issues

SMS 2003 SP2 EnhancementsSMS 2003 SP2 Enhancements

SMS Setup ChangesSMS Setup ChangesUpdate.exeUpdate.exe

Platform ChangesPlatform ChangesDeprecating AC Support for:Deprecating AC Support for:

Windows 2000 SP3 systemsWindows 2000 SP3 systems

Windows XP RTMWindows XP RTM

Active Directory Security Group DiscoveryActive Directory Security Group Discovery

FQDN SupportFQDN Support

SQL Server Support (SQL 2005)SQL Server Support (SQL 2005)

Performance ImprovementsPerformance Improvements

Integrated ITMU for patch managementIntegrated ITMU for patch management

SMS 2003 SP2 EnhancementsSMS 2003 SP2 Enhancements

R2: Scan Tool for Vulnerability R2: Scan Tool for Vulnerability AssessmentAssessment

Uses MBSA 2.0 for vulnerability Uses MBSA 2.0 for vulnerability assessment (VA)assessment (VA)

Prior to a VA scan, MBSA 2.0 is deployed Prior to a VA scan, MBSA 2.0 is deployed to clientsto clients

Provides VA reporting for common Provides VA reporting for common software mis-configurations defined by the software mis-configurations defined by the MBSA 2.0 VA manifestMBSA 2.0 VA manifest

Administered identically to existing SMS Administered identically to existing SMS 2003 scan tools2003 scan tools

R2: Scan Tool For Vulnerability R2: Scan Tool For Vulnerability Assessment Assessment Reporting for nearly 100 critical software misconfigurationsReporting for nearly 100 critical software misconfigurations

Critical vulnerabilities includeCritical vulnerabilities includeAre unnecessary services installed Are unnecessary services installed and running?and running?

Do file shares have appropriate permissions?Do file shares have appropriate permissions?

Is Windows Firewall enabled?Is Windows Firewall enabled?

Are strong passwords enforced?Are strong passwords enforced?

Are unsecured Guest accounts enabled?Are unsecured Guest accounts enabled?

Are there too many local Administrators on a Are there too many local Administrators on a single machine?single machine?

R2: Inventory Tool for Custom R2: Inventory Tool for Custom UpdatesUpdates

Enables the detection and deployment of third-Enables the detection and deployment of third-party updates, security updates, service packs party updates, security updates, service packs and more to non-Microsoft applicationsand more to non-Microsoft applications

Integrates with existing SMS 2003 software Integrates with existing SMS 2003 software update managementupdate management

Enables importing software update catalogs Enables importing software update catalogs from outside sourcesfrom outside sources

Enables the creation of in-house software Enables the creation of in-house software update catalogs for line-of-business update catalogs for line-of-business applicationsapplications

Up and running in minutesUp and running in minutesSimplified UISimplified UIAdvanced Task SequencingAdvanced Task SequencingReduced SCCM infrastructure costs with branch office supportReduced SCCM infrastructure costs with branch office supportImproved scheduling and greater control including Wake-on-LANImproved scheduling and greater control including Wake-on-LANCommon processes for Windows Mobile and embedded devicesCommon processes for Windows Mobile and embedded devices

SimplicitySimplicity

Knowledge-driven desired configuration management based Knowledge-driven desired configuration management based on the System Definition Model (SDM)on the System Definition Model (SDM)IT policies for analyzing corporate and regulatory compliance IT policies for analyzing corporate and regulatory compliance Out of the box configuration policies for server workloads i.e. Out of the box configuration policies for server workloads i.e. ExchangeExchangeLicense and asset managementLicense and asset managementConfigurationConfiguration

Integration with “Longhorn” Network Access ProtectionIntegration with “Longhorn” Network Access ProtectionSimplified, comprehensive software updating w/ templates for Simplified, comprehensive software updating w/ templates for common taskscommon tasksEnterprise Vulnerability assessmentEnterprise Vulnerability assessmentSecurely managing devices across the InternetSecurely managing devices across the InternetSecure network storage of user state during Operating System Secure network storage of user state during Operating System deploymentdeployment

SecuritySecurity

Unified delivery of Windows operating system for clients and Unified delivery of Windows operating system for clients and serversserversOne worldwide image to manage with VistaOne worldwide image to manage with VistaBuilt on Windows Vista technologies including Windows ImagingBuilt on Windows Vista technologies including Windows ImagingVista and Office 12 upgrade assessment and resolution planningVista and Office 12 upgrade assessment and resolution planningOffline media support for full offline provisioningOffline media support for full offline provisioningDeploymentDeployment

Key Investments InKey Investments InSystem Center Configuration Manager 2007System Center Configuration Manager 2007

SimplicitySimplicity

Easier to get up/runningEasier to get up/runningEverything is in setup! When install is complete, SMS Everything is in setup! When install is complete, SMS is online to service clients!is online to service clients!

Redundant InfrastructureRedundant InfrastructureSupport for SQL clusteringSupport for SQL clustering

Easier to useEasier to useNew UI designed around key work areasNew UI designed around key work areas

Home Pages anchor work areas with latest status for Home Pages anchor work areas with latest status for the featurethe feature

Sizeable dialogs for large datasetsSizeable dialogs for large datasets

Drag-n-drop and multi-select for key Drag-n-drop and multi-select for key workflow scenariosworkflow scenarios

SimplicitySimplicity

Simplified and more cost Simplified and more cost effective infrastructureeffective infrastructure

Ability to use a workstation as a distribution Ability to use a workstation as a distribution point for branch officespoint for branch offices

Easier to mirror operational processEasier to mirror operational processAssociate operational change windows with a Associate operational change windows with a SMS collectionSMS collection

WOL built-inWOL built-inSubnet Directed BroadcastSubnet Directed Broadcast

Unicast (IPv6)Unicast (IPv6)

Non-proxied appraochNon-proxied appraoch

SimplicitySimplicity

Native Support for Device ManagementNative Support for Device ManagementFully Integrated with SMSFully Integrated with SMS

Smartphone supportSmartphone support

Internet Facing Device SupportInternet Facing Device Support

Over-the-air management of devices Over-the-air management of devices

Home Pages and ActionsHome Pages and Actions

Deploying WindowsDeploying Windows

Major upgrade to SMS OS deployment Major upgrade to SMS OS deployment functionalityfunctionality

Significant enhancements compared with SMS 2003 Significant enhancements compared with SMS 2003 OS Deployment Feature PackOS Deployment Feature Pack

Brings in server deployment scenarios from ADSBrings in server deployment scenarios from ADS

Integrated part of SMSv4Integrated part of SMSv4Not a Feature Pack add-onNot a Feature Pack add-on

Great deployments of existing Windows!Great deployments of existing Windows!Even better with Vista/Longhorn!Even better with Vista/Longhorn!

Deploying Windows GoalsDeploying Windows Goals

““Hands-off deployment”Hands-off deployment”

End-to-end, secure and flexible processesEnd-to-end, secure and flexible processes

Make upgrading to Vista/LH seamlessMake upgrading to Vista/LH seamless

Build on core Vista/Longhorn functionalityBuild on core Vista/Longhorn functionality

Unified client and server deploymentUnified client and server deployment

Fully automate the deployment process in a Fully automate the deployment process in a secure and highly flexible mannersecure and highly flexible manner

Deploying WindowsDeploying Windows

Vista and Office 12 centralized upgrade Vista and Office 12 centralized upgrade assessment and resolution planningassessment and resolution planning

Application Compatibility Toolkit 5.0Application Compatibility Toolkit 5.0Office 12 Migration ToolkitOffice 12 Migration Toolkit

Deployments driven by customizable task Deployments driven by customizable task sequencessequences

Wizards to generate standard task sequencesWizards to generate standard task sequencesGUI task sequence editor gives full control of the GUI task sequence editor gives full control of the deployment processdeployment process

Drive toward single worldwide imageDrive toward single worldwide imageIntegrated device driver catalogIntegrated device driver catalog

Deploying WindowsDeploying Windows

Side-by-side computer replacement with Side-by-side computer replacement with secure user state migrationsecure user state migration

Automation of build and capture Automation of build and capture reference machinereference machine

Deploy from offline media (CD/DVD/USB) Deploy from offline media (CD/DVD/USB) in locations with limited or no in locations with limited or no network connectivitynetwork connectivity

Integration with Windows Deployment Integration with Windows Deployment Services PXE server to handle bare-metalServices PXE server to handle bare-metal

SecuritySecurity

Raising the bar on security in the Raising the bar on security in the SMS infrastructureSMS infrastructure

Full mutual authentication between client/serverFull mutual authentication between client/server

https from client to serverhttps from client to server

Location awareness for client machines moving Location awareness for client machines moving between intranet and Internetbetween intranet and Internet

Securing WindowsSecuring WindowsNetwork Access Protection (NAP) integrationNetwork Access Protection (NAP) integration

Rebuilt Software Update ExperienceRebuilt Software Update Experience

SMS 2003 R2 – nativeSMS 2003 R2 – nativeInventory Tool for Custom UpdatesInventory Tool for Custom Updates

Scan Tool for Vulnerability AssessmentScan Tool for Vulnerability Assessment

Securing WindowsSecuring WindowsSoftware Updates ManagementSoftware Updates Management

Scope of updates extended to include all Scope of updates extended to include all Microsoft Update contentMicrosoft Update content

Simplified user experience thru template Simplified user experience thru template concepts (18 dialogs down to 6 clicks)concepts (18 dialogs down to 6 clicks)

Key compliance data presented on the Key compliance data presented on the home pagehome page

Improved client experience – support for both Improved client experience – support for both mandated and optional updates mandated and optional updates

Extensible to support third party and in house Extensible to support third party and in house LOB application updatesLOB application updates

Integrated with the Inventory Tool for Custom UpdatesIntegrated with the Inventory Tool for Custom Updates

Software Updates Software Updates ManagementManagement

Securing WindowsSecuring WindowsSoftware Updates ManagementSoftware Updates Management

Integrates with Service Windows Integrates with Service Windows

Task Sequence can install updatesTask Sequence can install updates

More efficient infrastructureMore efficient infrastructureState based for improved visibility of update State based for improved visibility of update installation lifecycle installation lifecycle

Updates are defined as CIs and rely on DCM Updates are defined as CIs and rely on DCM rather than standard software distributionrather than standard software distribution

Update synch as a core site role Update synch as a core site role

Support for custom severity definitionsSupport for custom severity definitions

How NAP And SMS How NAP And SMS Work TogetherWork Together

IAS ServerClient Network

Access Device(DHCP,

VPN)

SMS ServerSMS Server

May I have access?I don’t have any patches installed.

Should this client be restrictedbased on it’s health?

Can you vouch for this client? Is it up to date?

I can vouch for the client. It’s not up to date. Tell it to install

patches

You are being given restrictedaccess until patches are installed.

Requesting patch package.

Here is your patchpackage.

Requesting access.Patches are installed.

Quarantine client, requestit to install patches

Corporate Network

Restricted Network

I can vouch for the client. Yes, meets policy.

Grant access.

Client is granted access to full intranet.

Desired Configuration Desired Configuration ManagementManagementManage the configuration of Windows environments Manage the configuration of Windows environments and ensure system configuration compliance and ensure system configuration compliance against defined corporate standardsagainst defined corporate standards

Detect server configuration “drift”Detect server configuration “drift”

Improve Helpdesk (HD) troubleshooting Improve Helpdesk (HD) troubleshooting and “time-to-resolve” (TTR)and “time-to-resolve” (TTR)

Regulatory compliance reportingRegulatory compliance reporting

Change verificationChange verification

Desired Configuration Desired Configuration ManagementManagement

Built on System Definition Model (SDM)Built on System Definition Model (SDM)A modeling language that is used to capture A modeling language that is used to capture a model of a system including:a model of a system including:

Structure of the systemStructure of the system

Relationships between system’s componentsRelationships between system’s components

Relationships between the system and its Relationships between the system and its environmentenvironment

Configuration constraints and invariants Configuration constraints and invariants

SMS v4 will consume the configuration SMS v4 will consume the configuration portion of SDM modelsportion of SDM models

Desired Configuration Desired Configuration ManagementManagement

Tight integration with Software Updates Management Tight integration with Software Updates Management (SUM)(SUM)

Software Updates as configuration itemsSoftware Updates as configuration itemsSUM built over DCM infrastructureSUM built over DCM infrastructure

Flexible settings provider model with built-in support for:Flexible settings provider model with built-in support for:Installed Applications (MSI)Installed Applications (MSI)File system settingsFile system settingsSecurity settingsSecurity settingsRegistry settingsRegistry settingsWMIWMISQLSQLXMLXMLIIS MetabaseIIS MetabaseScriptsScripts

Get ready for SCCM 2007, deploy SMS 2003 SP2 today!Get ready for SCCM 2007, deploy SMS 2003 SP2 today!

Driven by feedback from customers and partnersDriven by feedback from customers and partners

Enterprise feature focus emphasizing operational simplicity, enterprise scale, Enterprise feature focus emphasizing operational simplicity, enterprise scale, security and corporate compliancesecurity and corporate compliance

Continued long-term commitments to investment in the following areas:Continued long-term commitments to investment in the following areas:

Lowest cost and best solution for deploying Windows and OfficeLowest cost and best solution for deploying Windows and Office

Continued investments in partner ecosystemContinued investments in partner ecosystem

Key component of the Dynamic Systems Initiative w/ support for SDMKey component of the Dynamic Systems Initiative w/ support for SDM

Download Systems Management Server v4 Open Beta 1 todayDownload Systems Management Server v4 Open Beta 1 today

http://connect.microsoft.comhttp://connect.microsoft.com

Request entry into the TAP or Rapid Deployment ProgramsRequest entry into the TAP or Rapid Deployment Programs

https://www.surveymonkey.com/s.asp?u=97751006343 https://www.surveymonkey.com/s.asp?u=97751006343

Feb 2006Beta 1

June/July 2006

Beta 1 Refresh

Q1 2007Beta 2

1H 20071H 2007Public Public

AvailabilityAvailability

System Center Configuration Manager 2007System Center Configuration Manager 2007Helping IT Drive Business ValueHelping IT Drive Business Value

ResourcesResourcesSMS Home PageSMS Home Pagewww.microsoft.com/smswww.microsoft.com/sms

System Center Family of productsSystem Center Family of productswww.microsoft.com/systemcenterwww.microsoft.com/systemcenter

Community SitesCommunity Siteshttp://www.microsoft.com/smserver/community/default.mspx http://www.microsoft.com/smserver/community/default.mspx MyITForum.comMyITForum.com

SMS 2003 Scripting CenterSMS 2003 Scripting Centerhttp://www.microsoft.com/technet/scriptcenter/default.mspx http://www.microsoft.com/technet/scriptcenter/default.mspx

SMS Download CenterSMS Download Centerhttp://www.microsoft.com/smserver/downloads/default.mspx http://www.microsoft.com/smserver/downloads/default.mspx

Partner Resources – SMS AlliancePartner Resources – SMS Alliancehttp://www.sms-alliance.com/http://www.sms-alliance.com/

WebcastsWebcastshttp://www.microsoft.com/events/webcasts/upcoming.mspxhttp://www.microsoft.com/events/webcasts/upcoming.mspx

© 2006 Microsoft Corporation. All rights reserved.This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.