Module 8 (continued) Windows Patch push
1.WSUS have a "Patch list" (WSUS DB)
↑ ↓
Configuration Role synchronization list (Overwrite)
↑ ↓
SUP (Role) there is a "Patch list" (SCCM DB)
Synchronization can set up automatic synchronization schedule
2. Check the list corresponding to the OS, the patch can be made WSUS download list (list only non patch installation package)
Configuration Manager on 3.Client -> Software Updates Scan Cycle -> Client is used to scan the patch has been installed.
4. Patch - (part) -> software update group -> "download" Package Deployment -> pushed to the DP -> From "Software Update Group" to the Deploy Agent.
Module 9 Implement Endpoint Protection
official Microsoft antivirus software, nothing can be recorded
10 the Compliance and Secure the Data Module Access
1. compliance checks of settings, not only can check, but also have corrected Regedit, the repair option on Client RDP settings.
Step 2. Configure compliance check
Configuration Items -> Baseline -> Client and for comparison -> Report generation
3.Client Settings -> Default Client Settings -> Compliance Settings where you can configure the Configuration Items and Baseline.
4. Compliance can detect feasibility for the Windows 10 Upgrade
11 OSD Module
1.WDS Service (add components) -> DP
DHCP Service (add components) -> DHCP Server (DHCP server can be any)
to meet the conditions of the OSD, DHCP option in the need to add "066", "067 "," 060 "
2.Category of OSD terminology
1)Image (Boot Image,OS image,Windows image file format(wim))
2)Task (Task sequence step,Task sequence group, Task sequence)
3)Driver (Windows device driver etc.)
4)Computer (Reference, Source, Destination, Unknown Computer)
5)Other (OS installer, PXE boot, Windows PE, Sysprep)
3. Enable OSD, will appear on the Site Server Remote Install folder
Image 4.Boot
. 1) whether to bind different types of drive
2) can be supported PE (WinPE-Powershell)
. 3) the Enable Command Support
. 4) the Deploy the this-the PXE Boot Image The Enabled from the DP.
Boot Image is ultimately pushed to the DP.
5. Import on Site Server OS Image, also pushed DP
6. Create Task Sequence -> Here you can configure automatic domain
7.整个配置过程为:
1)Enable PXE on DP
2) Configure the Network Access Account
3) Import Drivers
4) Distribute a driver package
5) Modify boot images
6) Distribute boot images
7) Import the reference OS image
8) Distribute the image to the Distribution Point
9) Import a computer object (即将被部署的Bare-metal installtions)
10) Creating a task sequence to deploy an image
11) Deploy an image installation task sequence by using PXE
12) Monitor the client to see the result.
Module 12 SCCM maintenance (include decentralized management, remote management tools, backup)
- Decentralization
Management User <- security role, security scoped
security roles (what can be done, power)
security scope (the scope of management, may be Driver, OSD push, Collection settings, etc.)
After the setup is complete, the corresponding "Manage Users" that the administrator can only have a limited field of vision.
2. Remote Administration Tool
1) can initiate remote control functions from SCCM
2) may authorize the direct control without Client
3) Client needs to confirm the default control to initiate the connection
3. Backup
1) can be backed up DB and Config, depot does not backup
2) will be backed up to a directory
4. Restore
1) Site Recovery CD required. CD has the option whether to restore.