System Center Friday (SWE)

Nedan finns nu aktuellt Schema för System Center Friday som vi i SCUG kör, mer info om mötena kommer, mötena kommer vara via Livemeeting och spelas in samt sedan läggas upp på vår youtube kanal.

www.youtube.com/scugse

System Center Friday – What new in SC12 Configuration Manager

Friday, 16 March 2012 at 15:00-16:00

Jörgen Nilsson och Stefan Schörling tar er igenom nyheterna i System Center 2012 Configuration Manager.

System Center Friday – SC12 Configuration Manager design considerations

Friday, 30 March 2012 at 10:00

Jörgen Nilsson och Stefan Schörling tar er igenom vad ni bör tänka på vid design av System Center 2012 Configuration Manager.

System Center Friday – SC12 Building a self-healing IT Infrastructure

Friday, 27 April 2012 at 09:00

Anders Bengtsson tar oss igenom hur man bygger en självläkande IT Infrastruktur med system Center 2012 Operations Manager och Orchestrator

System Center Friday – SC12 Configuration Manager Feature dive

Friday 11 May 10-11

Stefan Schörling och Jörgen Nilsson går igenom Settings Management / Endpoint Protection och Client Health i System Center 2012 Configuration Manager

System Center Friday – SC12 OSD med Johan Arwidmark

Friday, 18 May 2012

Johan Arwidmark tar oss igenom 1 timme operativ systems utrullning med system Center 2012 Configuration Manager. Mer info kommer.

System Center Friday – SC12 Helautomatiserad självbetjäning

Friday, 25 May 2012 at 13:00

Jonas Ullman & Patrik Sundqvist tar oss igenom hur vi bygger automation med System Center 2012 Service Manager / Orchestrator / Configuration Manager. Mer information kommer.

System Center Friday – Upgrading to SC12 Operations Manager

Friday, 1 June 2012 at 09:00

Hur går en uppgradering till System Center 2012: Operations Manager till? Vad skall man tänka på? Anders Bengtsson reder ut begreppen och går igenom möjligheterna att uppgradera till System Center 2012 Operations Manager.

Best of MMS – Sweden

Thanks to everyone that attended mine and Jörgens  session last week. As promised we will post some MBAM (Microsoft Bitlocker and Administration) Blog posts the coming weeks.

To start with here are the links that we had in our presentation. We will post more thing related to MBAM along the way so please stay tuned here for more MBAM information.

General

MBAM MP for Operations Manager
http://www.microsoft.com/download/en/details.aspx?id=26796
Bitlocker FAQ
http://technet.microsoft.com/en-us/library/ee449438(WS.10).aspx
MBAM in WinPE
http://myitforum.com/cs2/blogs/nbrady/archive/2011/09/06/how-can-i-retrieve-my-bitlocker-recovery-key-from-mbam-in-windows-pe.aspx
KBs
http://support.microsoft.com/kb/2612822

Handling of TPM

HP
http://itbloggen.se/cs/blogs/micke/archive/2010/10/18/enable-tpm-via-task-sequence-on-hp-boxes.aspx
Dell
Http://www.nullsession.com/2010/12/02/enable-tpm-in-task-sequence-with-sccm-and-cctk/
Lenovo
http://blog.coretech.dk/mip/enable-lenovo-tpm-security-chip-and-other-stuff-from-a-ts/

FEP 2010 Update Rollup 1

Update Rollup for FEP 2010 has been released so go read about it as it will enhance your FEP expericne with Config Mgr for update management. It also has some new OS uspport

TechNet Whats New ! – http://technet.microsoft.com/en-us/library/hh211541.aspx

Download – http://www.microsoft.com/download/en/details.aspx?id=26583

Handling users uninstalling FEP

If you have local administrators they might uninstall Forefront Endpoint Protection 2010 from their system, to keep track of this and automatically remediating this. Then you have the option to advertise a FEP installation to the built-in collection for FEP called “Locally Removed”.  So if a user uninstalls the client they will get it automatically again.

Don’t forget to set the advertisement to always rerun. Its also a good idea to keep track of the advertisement to make sure you don’t have clients that end up in a loop.

Note: I have seen some cases where there is an issue with clients ending up in this collection without having the client uninstalled. Usually triggering a Hardware Inventory resolves this.

Remediating FEP clients with protection disabled

As some of you might have noticed there is no Tamper protection with Forefront Endpoint Protection 2010. So how would you handle this in your environment ?

Usually the issue comes if you have your users as local administrators on their PCs they have full control over their PC.

So there are different ways to go around this. My first way to handle this is to configure a GPO that controls the Microsoft Antimalware Service. And set the Service to automatically start and only your real administrators to have the Start and Stop Rights.

My option 2 is to have a advertisement with a reoccurring script or startup script to set the service to start automatically and start the service it if its stopped. The target is the Built-in Collection

strComputer = "."
Set objWMIService = GetObject("winmgmts:\" & strComputer & "rootcimv2")

Set colServiceList = objWMIService.ExecQuery _
("Select * from Win32_Service where Name = ‘MsMpSvc’")
For Each objService in colServiceList
objService.ChangeStartMode("Automatic")
Wscript.Sleep 5000
errReturnCode = objService.StartService()
Next

Where do I find information about the latest Forefront definitions ?

Quite frequently the question where do I see what the latest release definition updates are from Microsoft. Sometime you want to compare and check so you have the latest definitions in your environent.

At the url posted below you will find the latest information about definitions and the ability to download them manually.

http://www.microsoft.com/security/portal/Definitions/ADL.aspx

TechDays 2011 Managing FEP with Config Mgr

After the  session I got some questions regarding the MOM Agent for the FCS Client when upgrading. Apparently my tongue slipped and I misstated the behavior of the MOM  Agent uninstallation. My apologies for that.

The intended action is that the MOM Agent should get uninstalled although there has been some minor issues detected with this. But the normal behavior should be that the MOM Agent should get uninstalled! Although if the MOM agent is multihomed uninstallation will prompt  for this. If you encounter the behavior where the client is not uninstalled please contact Microsoft Support.

http://technet.microsoft.com/en-us/library/gg477033.aspx

Below you will find a link with the presentation as promised. At the end you will find the links discussed in the presentation. For those of you who have other question feel free to contact me.

I forgot to mention our Swedish based System Center User Group that is  found @ www.scug.se

Best Regards
Stefan Schörling
stefan@msfaq.se

ALL CODE IS PROVIDED AS IS WITH NO WARRANTIES

Presentation: Managing Forefront Endpoint Protection with System Center Configuration Manager

What URLs are needed for FEP Deifnition Updates ?

Forefont can use Microsoft Update to get definitions and sometime you need to open proxy servers and firewalls for this. It is not a must to use this source but if you are using this method , I have posted a list below of known urls for Microsoft Update that you can exclude or allow in your proxy or firewall.

http://download.windowsupdate.com
https://*.windowsupdate.microsoft.com
http://*.windowsupdate.microsoft.com
http://update.microsoft.com
http://*.windowsupdate.com
http://download.microsoft.com
http://windowsupdate.microsoft.com
http://ntservicepack.microsoft.com
http://wustat.windows.com
https://update.microsoft.com