Archive

Archive for the ‘System Center’ Category

Configuration Manager current branch 2509 available as baseline

December 9, 2025 Leave a comment

With the latest update to Configuration Manager (CM) current branch (version 2509) we’ve finally received new baseline version we can use for new site deployments. Previous baseline version is 2403 and was supported until 22nd of October, 2025. If we had any new site deployments in the last month or two, we had to go first through the deployment of an unsupported product and later on update it to the supported version (2409 and/or 2503). Since CM evaluation links are not yet updated with new baseline version, we still have to do this type of double deployment for evaluation deployments (if we want to use up-to-date systems). The same applies as well to the Windows 11 and Microsoft 365 Deployment Lab Kit download – it was updated in November 2025 with Windows 11 25H2 images, but the Configuration Manager current branch version preinstalled is as of this writing still at version 2403.

Version 2509 is currently available as an in-console update to those that are already running Configuration Manager current branch in their environment. If not, we can find baseline media on the Volume License Service Center or on Microsoft Visual Studio Download center.

General enhancements in version 2509:

  • version 2509 of Configuration Manager focuses on security and quality updates (KB35877153)
  • Windows 11 25H2 support
  • Boot images can be automatically updated to use latest Windows Boot Loader (signed with Windows UEFI CA 2023) – only works on WDS-Less PXE-enabled Distribution Points
  • Service Connection Tool improvements (better logging and error handling)
  • minimum SQL 2016 or later version
  • more info available at: What’s new in version 2509

More information about Configuration Manager versions, support end dates, baselines, hotfixes and more, we can find at Updates and servicing for Configuration Manager.

Categories: Download, MECM, Microsoft, SCCM, System Center Tags: , ,

Windows Server 2025 and System Center 2025 are GA

November 28, 2024 Leave a comment

Windows Server 2025 has officially launched, marking a significant advancement in the Windows Server platform. This release aims to provide a secure, high-performance environment tailored to meet an array of customer requirements. With Windows Server 2025, organizations can deploy applications in various settings, including on-premises, hybrid, and cloud environments.

Enhanced Security Features

In today’s landscape where cybersecurity is paramount, Windows Server 2025 introduces a comprehensive suite of security features designed to protect both data and infrastructure. Significant security enhancements include:

  1. Active Directory Improvements: Active Directory, recognized for its identity and authentication capabilities, now incorporates new security features to enhance resilience against evolving threats. Improvements include updated protocols, encryption mechanisms, hardening techniques, and new cryptographic support, all aimed at increasing scalability and robustness.
  2. SMB Hardening: The inclusion of SMB (Server Message Block) over QUIC facilitates secure access to file shares via the internet. Additional security measures within SMB have been implemented, such as hardened firewall defaults, mechanisms to prevent brute force attacks, and defenses against man-in-the-middle, relay, and spoofing attacks.
  3. Delegate Managed Service Accounts: With Delegate Managed Service Accounts (dMSAs), manual password management is no longer necessary as Active Directory automates this process. This feature allows for specific permissions to be delegated for resource access within the domain, which mitigates security risks and enhances accountability through better visibility and logging of service account activities.

These advancements position Windows Server 2025 as a formidable platform for IT infrastructure, making it an imperative for organizations to commence evaluations immediately.

Hybrid Cloud Capabilities for Greater Agility

Windows Server 2025 also brings forth new hybrid cloud capabilities that significantly boost operational flexibility and connectivity. Key features include:

  • Hotpatching via Azure Arc: This feature introduces a subscription service that allows on-premises customers to benefit from cloud-like advantages, such as automatic updates and minimized disruptions. Hotpatching ensures security updates can be applied with fewer reboots, catering to Azure Arc-enabled Windows Server 2025 deployments.
  • Simplified Azure Arc Onboarding: Integration with Azure Arc allows organizations to leverage Azure’s functionality directly within their data centers. This seamless onboarding enhances the management of hybrid and multicloud environments, improving security and operational versatility.
  • Software-Defined Networking (SDN) Multisite Features: Windows Server 2025 includes L2 and L3 connectivity options that facilitate seamless workload migration. This includes unified management of network policies to maintain consistent security and performance standards across diverse cloud environments.

These features make Windows Server 2025 a suitable choice for organizations aiming to maximize their IT infrastructures while harnessing both on-premises and cloud capabilities.

Performance and Scalability for Advanced Workloads

Tailored to accommodate demanding workloads, including AI and machine learning, Windows Server 2025 boasts several performance-oriented features:

  • Enhanced Hyper-V Capabilities: The platform supports GPU partitioning and can process substantial data sets efficiently, offering a high-performance environment conducive for AI and traditional applications alike. Features such as live migration and high availability ensure operational continuity.
  • Improved Storage Performance: Windows Server 2025 delivers up to 60% more storage IOPS performance compared to its predecessor. This significant enhancement in storage capabilities is particularly beneficial for applications that rely on fast data access.
  • Storage Innovations: The release continues Windows Server’s legacy of supporting various storage solutions, while introducing innovative features like Native ReFS deduplication, compression, thinly provisioned Storage Spaces, and Storage Replica Compression, now available in all editions.
  • Scalability in Hyper-V: With advancements inherited from Azure, Windows Server 2025 significantly increases Hyper-V virtual machine capacities, including a maximum memory configuration of 240 Terabytes and 2048 virtual processors per VM.

These developments position Windows Server 2025 as an exceptional option for organizations seeking a robust virtualization solution while also delving into AI and machine learning capabilities with high efficiency.

System Center 2025 Availability

System Center 2025 is now generally available! This release marks a significant milestone in enhancing datacenter operations, focusing on infrastructure modernization and security. Released alongside Windows Server 2025, it allows you to leverage the newest Windows Server features with integrated management tools.

Security is paramount in today’s threat landscape. System Center 2025 bolsters security with reductions in scenarios using CredSSP and NTLM, TLS 1.3 support, and enhanced data security features on Microsoft Azure. Flexible data protection strategies include virtual TPM (vTPM) support and optimizing backup processes in Hyper-V environments.

Service Provider Foundation (SPF) is discontinued, with SPF 2022 remaining compatible for a transition period. Users are encouraged to switch to Azure Arc-enabled SCVMM, enhancing virtual machine management with unified operations like start, stop, and resize, under Azure’s RBAC.

System Center Operations Manager 2025 offers full support for Windows Server 2025, embraces OpenSSL 3.1 to 3.3 for cryptographic security, and improves browser compatibility, all enhancing system management and security.

Data Protection Manager (DPM) 2025 supports Windows Server 2025, employs Azure Key Vault for passphrase storage, and ensures vTPM settings continuity in VM restorations, integrating advanced cloud security to bolster protection strategies. New in DPM 2025 is also support for protection of SharePoint Subscription Edition and virtual TPM (vTPM) support for VMware.

Virtual Machine Manager 2025 leverages Windows Server 2025, extends management to Azure Stack HCI 23H2 clusters, adopts TLS 1.3 for enhanced security, and supports latest Linux distributions, optimizing complex environments’ management.

System Center 2025 is a comprehensive upgrade addressing modern IT needs with elevated security, cloud capabilities, and user-centric innovations. It enables efficient and secure infrastructure management for both on-premises and cloud environments.

Ready to upgrade? Explore the System Center product site, try a free trial at the Evaluation Center, and learn about Windows Server 2025.

More information and download links:

Categories: Download, SCVMM, System Center, System Center 2025, Windows, Windows Server, Windows Server 2025 Tags: , , , , ,

On-premises BitLocker management using System Center Configuration Manager

May 13, 2019 Leave a comment

Beginning in June 2019, System Center Configuration Manager (SCCM) will release a product preview for BitLocker management capabilities, followed by general availability later in 2019.

Configuration Manager will support BitLocker for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education editions. It will also support Windows 7, Windows 8, and Windows 8.1 during their respective support lifecycles.

SCCM will provide the following BitLocker management capabilities:

Provisioning
Our provisioning solution will ensure that BitLocker will be a seamless experience within the SCCM console while also retaining the breadth of MBAM.

Prepare Trusted Platform Module (TPM)
Admins can open the TPM management console for TPM versions 1.2 and 2.0. Additionally, SCCM will support TPM+PIN for log in. For those devices without a TPM, we also permit USBs to be used as authenticators on boot.

Setting BitLocker Configuration
All MBAM configuration specific values that you set will be available through the SCCM console, including: choose drive encryption and cipher strength, configure user exemption policy, fixed data drive encryption settings, and more.

Encryption
Encryption allows admins to determine the algorithms with which to encrypt the device, the disks that are targeted for encryption, and the baselines users must provide in order to gain access to the disks.

Policy enactment / remediation on device
Admins can force users to get compliant with new security policies before being able to access the device.

New user can set a pin / password on TPM & non-TPM devices
Admins can customize their organization’s security profile on a per device basis.

Auto unlock
Policies to specify whether to unlock only an OS drive, or all attached drives, when a user unlocks the OS drive.

Helpdesk portal with auditing
A helpdesk portal allows other personas in the organization outside of the SCCM admin to provide help with key recovery, including key rotation and other MBAM-related support cases that may arise.

Key rotation
Key rotation allows admins to use a single-use key for unlocking a BitLocker encrypted device. Once this key is used, a new key will be generated for the device and stored securely on-premises.

Compliance reporting
SCCM reporting will include all reports currently found on MBAM in the SCCM console. This includes key details like encryption status per volume, per device, the primary user of the device, compliance status, reasons for non-compliance, etc.

If you are familiar with Microsoft BitLocker Administration and Monitoring (MBAM), you probably noticed that above listed BitLocker-related SCCM improvements to come look a lot like MBAM features – and you would be correct to think that. The reason for that is in Microsoft’s announcement for the MBAM support – MBAM will end mainstream support on July 9, 2019 and will enter extended support until July 9, 2024.

Regardless of the MBAM situation, I sure am happy to see this new feature set is coming to SCCM.

More info at: Microsoft expands BitLocker management capabilities for the enterprise

Categories: BitLocker, Microsoft, SCCM, Security, System Center, Windows, Windows 10, Windows 7, Windows 8.1 Tags: , , ,

System Center 2019 is here

March 15, 2019 Leave a comment

For all of us that started playing with Windows Server 2019 at the end of last year, we also wanted to start playing with System Center 2019 ASAP. That day has come – Microsoft just started releasing System Center 2019 products.

On Microsoft Download Center you can find System Center 2019 Evaluation VHDs:

and

Downloads for the installers are also available on Microsoft Evaluation Center.

If you have MSDN subscription or if you are active MCT, you can also download all the DVDs for System Center 2019 Products at https://my.visualstudio.com.

If you have access to Volume Licensing Service Center (VLSC), you can find new System Center 2019 product DVDs available for download at https://www.microsoft.com/Licensing/servicecenter/.

For those of you that just want to check out System Center 2019 products, downloading pre-build environment is a good option – fast and easy way to test the product without deploying it into your environment. Here you can find short PowerShell script that will help you automate the download part of this endeavor (Download SC2019 GA VHD Eval.ps1).

I’ve also put together PowerShell script that can download all System Center 2019 evaluation EXEs from Microsoft Evaluation Center: Download SC2019 GA Eval.ps1.

If you ponder about System Center 2019 products and can’t really put your finger on why you might want them, you can check this blog for short overview ( Windows Server Blog  – Now available: Microsoft System Center 2019!).

One big news that came with System Center 2019 is that Microsoft will no longer release SAC (Semi-Annual Channel) versions of System Center products. They decided to go back to the “old” model of “LTSC” (Long-Term Servicing Channel) that provides five years of mainstream support and five years of extended support (with Update Rollups providing the incremental fixes and updates).

System Center Configuration Manager (SCCM) is not impacted by the 2019 release change and will continue current branch release cadence of three times per year as noted in the documentation, “Support for Configuration Manager current branch versions”.

Categories: Download, GitHub, Microsoft, PowerShell, System Center Tags: , , ,