PKI Blog

What Should a FIM Lab Environment Look Like?

Posted by CSS Technical Team on Jun 17, 2014 6:55:18 AM

This question always brings about a lively discussion during FIM design sessions, as this topic has many different vantage points.

Read More

Topics: Forefront Identity Manager, IT Security, Microsoft Security Partner, Setting up a FIM Lab, FIM production, FIM, Forefront Identity Manager (FIM), Identity Management, FIM Lab Best Practices, SCCM, Blog, what should a fim lab look like, Active Directory (AD), Active Directory, FIM LAB Design, AD, FIM Lab

Pre-Staging a Distribution Point in System Center Configuration Manager (SCCM) 2012

Posted by CSS Technical Team on Apr 10, 2013 4:39:00 AM

I still have a Tandy laptop. It’s not a tablet. It’s not a notebook. It is a LAPtop as in you can sit it on your lap. It runs on four AA batteries, and if I want to upgrade the ram to a screaming 256K I have to find something that looks much like those hex bugs that kids play with. The point is that there was a time when we didn’t have multiple T3s connecting our whole network. Many businesses today still kick it retro style (op, op) with some of their branch locations and inflict these small offices with split Ts or lower. For those of us who look at our System Center Configuration Manager (SCCM) solutions to deliver with optimum efficiency, we used to look at these branches and openly weep because we knew that even if we put distribution points in the branch, there was going to be some late night pushes so we wouldn’t bring the connection to its knees. There were some ways around it (Nomad from 1E is a fine product on any network then and today), but for the most part you were stuck. With the advent of SCCM 2012 there is a little known feature for just such a case and that is what we will be focusing on- Pre-Staging Content.

Read More

Topics: IT Security, Microsoft Security Partner, Microsoft System Center, SCCM 2012, Desktop Security, SCCM Distribution Point, System Center 2012, System Center, SCCM, Blog, Pre-Staging a Distribution Point in System Center, Microsoft System Center Configuration Manager

FIM: When products don’t play nice together...

Posted by CSS Technical Team on Jan 24, 2013 10:17:31 AM

As a consultant, one of the primary responsibilities is to deal with strange problems or issues that arise. And inevitably some obscure issue will come to the surface during a demo… Since I specialize in Microsoft’s Forefront Identity Manager combined with a previous life as a Windows Server Engineer, I run a fairly comprehensive virtual development and demo lab with about every mainstream Microsoft Server product deployed across an average of 80 virtual servers. Given the right set of circumstances you’ll find products that just don’t play nice together.

After my failed SSPR password reset demo, I went through the standard troubleshooting check list including configuration verification. The first thing I found awry was permissions missing for the FIM Service account on WMI's Root/CIMV2 namespace. Since this was a functioning SSPR environment, I know they had been set previously. In addition, the Root/MicrosoftIdentityIntegrationServer namespace was missing from the tree too. My schedule allowed enough time to repair the issue but not fully perform a Root Cause Analysis to the situation.

Read More

Topics: WMI, PWUnrecoverableError, IT Security, Microsoft Security Partner, Infrastructure Management, FIM, Microsoft SCCM, Identity Management, SSPR, System Center Configuration Manager, Information Technologoy, SCCM, Blog

The Outer Rings of the System Center Configuration Manager (SCCM) Inferno

Posted by CSS Technical Team on Oct 23, 2012 5:01:00 AM

Since time draws ever closer to the season of the witch, allow me to start out with an excerpt from a timeless techie classic, the poem titled, “The Ramen.” I know not from whom it came but kudos to them:

Read More

Topics: IT Security, Microsoft Security Partner, SCCM 2012, Configuration Manager, Desktop Security, Microsoft SCCM, ConfigMgr, SCCM 2007, SCCM, System Administrator, The Ramen, Blog, Role Based Security, Microsoft System Center Configuration Manager

Using System Center Orchestrator to Automate Security Tasks

Posted by CSS Technical Team on Aug 6, 2012 6:44:00 AM

With System Center Configuration Manager 2012, customers have the ability to use Endpoint Protection capabilities to provide anti-malware services and security to servers and clients. However, to reduce administrator touch points and mistakes, we can use the flexibility of System Center Orchestrator to augment and automate standard security processes. In this post, I will demonstrate how to create a runbook to automate the triggering of a full Endpoint Protection malwarescan in response to a malware detected alert within Configuration Manager.

Read More

Topics: Application Publishing, IT Security, Microsoft Security Partner, Microsoft System Center, SCCM 2012, Configuration Manager, Desktop Security, Sysctr, Infrastructure Management, System Center 2012, SCORCH, workflow, SCCM, System Center Orchestrator, System Center Configuration Manager 2012, Anti-Malware, Blog, SCCM client

How to Perform a Manual System Center Endpoint Protection (SCEP) Client Installation

Posted by CSS Technical Team on May 16, 2012 8:02:00 AM

The following is an excerpt from my book Microsoft System Center 2012 Endpoint Protection Cookbook, 

Read More

Topics: FEP, IT Security, Microsoft Security Partner, Microsoft System Center, Win7, Desktop Security, SCEP, XP End of Life, System Center Configuration Manager, SCCM, Microsoft Forefront Endpoint Protection, Anti-Malware, Blog, System Center Endpoint Protection

Migrate to Forefront Endpoint Protection in conjunction with a Windows 7 Migration using SCCM

Posted by CSS Technical Team on Apr 12, 2012 10:38:00 AM

Let's say you’ve found yourself working against the clock to get Windows 7 rolled out before Windows XP hits end of life, and during the planning phase you realize your current AV solution won’t work on Windows 7 without an upgrade. Now you’re faced with signing a new support contract and adding additional costs to your migration plan. But, like many Microsoft Core CAL and eCAL customers you already own the licenses to use Forefront Endpoint Protection, which works beautifully on Windows 7.

Read More

Topics: Windows 7, FEP, Win7, Microsoft SCCM, SCCM, Microsoft Forefront Endpoint Protection, Microsoft FEP, Blog, Microsoft SCEP, System Center Endpoint Protection, Windows XP

Integrating APP-V and SCCM 2007

Posted by CSS Technical Team on Apr 12, 2012 5:00:00 AM

Some things were just meant to be…

It’s been a long road getting to here I’m sure. You’ve got a perfectly tuned SCCM 2007 infrastructure, you’ve upgraded to R2, and that installation of service pack 2 is now nothing but a quaint memory. Now you’ve decided to take things to the next level by virtualizing some of your applications. The App-V installation that was on the Microsoft Desktop Optimization Pack was a breeze, and then your greatest dreams are realized! App-V integrates with SCCM! Now you can push virtualized applications and stream them from your distribution points! Offline availability? Not a problem here friends. Life is good.

Read More

Topics: Virtualization, Microsoft System Center, SCCM 2012, Sysctr, Microsoft SCCM, App-V SCCM, System Center Configuration Manager, SCCM, App-V and System Center, Blog, Application Virtualization, App-V

MBAM: Real World Information

Posted by CSS Technical Team on Apr 10, 2012 9:16:00 AM

There are number of organizations out there who are discussing or currently testing implementations of Microsoft’s BitLocker Administration and Monitoring (MBAM). There are a number of things that the recently released enterprise management of BitLocker does well, such as compliance reporting, single use key recovery, and trusted platform module (TPM) management. However, the deployment of MBAM does cause some issues for many and I will be discussing some topics in this blog that will hopefully provide some assistance to those currently testing or deploying.

Read More

Topics: Microsoft Bitlocker, System Center, MBAM, SCCM, MDOP, Microsoft Desktop Optimization Pack, Blog, Microsoft Bitlocker Administration and Monitoring

SCCM 2012 - Migration Made Easy - Part 1

Posted by CSS Technical Team on Nov 3, 2011 5:00:00 AM

As we all wait in anticipation for Configuration Manger 2012, there are a number of concerns that present themselves from an administrator’s perspective. One of those primary concerns, and the topic of this post, is the lack of upgrade path from SCCM 2007. At first glance it seems like a show stopper as companies may balk at a whole new infrastructure while already having one already in place for SCCM 2007. However, as Microsoft has made giant strides forward in terms of Systems Management and Hierarchy Simplification with ConfigMgr 2012, they have also reduced the pains of migration immensely. With the release of ConfigMgr 2012 RC some of you may be gearing up for testing, with that in mind the first part of this three part blog will highlight the requirements for preparing a migration along with any caveats and information pertaining to the migration process.

Read More

Topics: IT Security, Microsoft Security Partner, SCCM 2012, Desktop Security, Infrastructure Management, Microsoft SCCM, sccm microsoft, Microsoft Active Directory, SCCM, migrate SCCM 2012, Systems Management, ConfigMgr 2012, Blog, SCCM client, migration to SCCM 2012

Recent Posts

Posts by Topic

see all

Subscribe to Email Updates

Want to Learn more about CSS?