Example Scenarios for Using Out of Band Management in Configuration Manager

 

Updated: May 14, 2015

Applies To: System Center 2012 Configuration Manager, System Center 2012 Configuration Manager SP1, System Center 2012 Configuration Manager SP2, System Center 2012 R2 Configuration Manager, System Center 2012 R2 Configuration Manager SP1

The following sections in this topic provide example scenarios of how you can manage computers out of band in System Center 2012 Configuration Manager:

  • Powering on Computers to Install Applications

  • Powering off Computers to Protect Against a Security Attack

  • Re-imaging a Nonfunctioning Computer

  • Configuring BIOS Settings

  • Troubleshooting a Nonfunctional Computer

  • Achieving Compliance for Software Updates by Using Wake on LAN and Power on Commands

In all these scenarios for Trey Research, Adam, the Configuration Manager administrative user, has implemented out of band management throughout the Configuration Manager hierarchy. The desktop computers are AMT-based, meet all the prerequisites for out of band management, and are successfully provisioned for AMT.

Powering on Computers to Install Applications

The following scenario demonstrates how you can use out of band management to power on computers to install applications (or perform routine maintenance) without using traditional wake-up packets.

The marketing department at Trey Research has approved a request to install a nonstandard application on five computers. Adam has already created a collection for these five computers and a deployment to install the application as soon as possible. After he establishes a time period when no users have their computers turned on and will not be unduly inconvenienced, he performs the actions in the following table to power on the computers so that the application can be installed.

Process

More information

Adam locates the computers in the Assets and Compliance workspace of the Configuration Manager console, and then performs the following actions:

  • Selects the five computers and right-clicks them.

  • Clicks Manage Out of Band, and then clicks Power Control.

  • Selects Power on.

  • Confirms the action by clicking OK.

He then monitors the progress of the application installation.

Section How to Power on and Restart Computers in the How to Manage AMT-based Computers Out of Band in Configuration Manager topic.

If required, after the installation is completed, Adam can shut down each computer individually by using the Configuration Manager Remote Control and select the Shut down command in Windows.

Note

The out of band management power-off command is not appropriate here because this does not perform a graceful shutdown of the operating system.

How to Remotely Administer a Client Computer by Using Configuration Manager

As a result of the preceding course of action, the application is installed outside business hours without sending wake-up packets over the network, without requiring that the computers remain turned on, or without requiring local access to the computers.

Powering off Computers to Protect Against a Security Attack

The following scenario demonstrates how you can use out of band management to power off computers when it is imperative that they do not remain running, but you cannot shut them down by normal means. Powering off computers should always be considered a last resort because it has the same effect as removing the power cable from the computer: the operating system does not shut down correctly, unsaved work is lost, and logged-on users do not receive any notice of the power off action.

Trey Research has an intrusion detection system that monitors suspicious activity on servers and the network. In the early hours of the morning, an alert is generated that indicates a security attack has occurred on one of the servers. Although the desktop computers are usually turned off at night, some users leave their computers turned on. These computers must be turned off immediately to safeguard them against the security threat.

To help protect the desktop computers from the security threat, a security administrator performs the actions that are outlined in the following table.

Process

More information

The security administrator identifies the desktop computers that are turned on and at risk and locates them in the Assets and Compliance workspace in the Configuration Manager console.

He performs the following actions:

  • Selects the computers and right-clicks them.

  • Clicks Manage Out of Band, and then clicks Power Control.

  • Selects Power off.

  • Confirms the action by clicking OK.

Section How to Power off Computers in the How to Manage AMT-based Computers Out of Band in Configuration Manager topic.

As a result of the preceding course of action, the risk of these computers being vulnerable to the security attack is greatly reduced.

Re-imaging a Nonfunctioning Computer

The following scenario demonstrates how you can use out of band management to re-image a nonfunctioning computer when other troubleshooting steps have failed.

Trey Research has a help desk policy that computer desktop issues that prevent business continuity must be resolved within a set period. No data is stored locally on the computers, so re-imaging these computers is the most efficient way to resolve these types of reported problems. However, in the past this has meant that a help desk engineer must visit the site, or the computer must be transported to and from the help desk location.

To more efficiently re-image a nonfunctioning computer, the help desk engineer proceeds with the course of action that is outlined in the following table.

Process

More information

The help desk engineer locates the computer in question in the Configuration Manager console and confirms that he cannot use Configuration Manager Remote Tools to connect to the client computer.

He connects to it by using the out of band management console.

Section How to Run the Out of Band Management Console in the How to Manage AMT-based Computers Out of Band in Configuration Manager topic.

The help desk engineer then performs the following actions:

  • He clicks Power Control, selects the boot option for IDE redirection, and enters the network path to the image to reinstall the operating system, custom applications and settings, and the Configuration Manager client. Then he clicks Restart Computer.

Section How to Power on and Restart Computers in the How to Manage AMT-based Computers Out of Band in Configuration Manager topic.

Later that day, the engineer checks the status of the computer and confirms that it is working again as required. He closes the help desk ticket within the specified time limit.

Company-specific process.

As a result of the preceding course of action, the computer is efficiently re-imaged without requiring local access, although the operating system was not responding. This level of control helps resolve critical issues in a timely manner that ensures higher levels of business continuity for the company.

Configuring BIOS Settings

The following scenario demonstrates how you can use out of band management to configure BIOS settings for a desktop computer without requiring local access to the computer.

The help desk at Trey Research receives notification that two newly deployed computers do not start successfully. This is a custom build, and the engineer suspects that the BIOS settings are not correctly configured.

To check the BIOS settings without local access to the computer, the help desk engineer proceeds with the course of action outlined in the following table.

Process

More information

The help desk engineer locates the computer in question in the Assets and Compliance workspace of the Configuration Manager console, and connects to it by using the out of band management console.

Section How to Run the Out of Band Management Console in the How to Manage AMT-based Computers Out of Band in Configuration Manager topic.

The help desk engineer then performs the following actions for each computer in turn:

  • He clicks Power Control, selects the boot option for BIOS Setup, and then clicks Power On.

  • He clicks Serial Connection and waits for the BIOS settings to appear. When they do, he discovers that the wrong disk is configured for booting the computer. He makes the required change, and then saves the new BIOS settings.

The computer automatically restarts and successfully loads the operating system from the correct disk.

Section How to Configure BIOS Settings for a Computer in the How to Manage AMT-based Computers Out of Band in Configuration Manager topic.

The engineer confirms that the two computers are now operational and closes the help desk ticket.

Company-specific process.

As a result of the preceding course of action, the mean time to resolution for these computers is dramatically reduced because local access to the computers is not required.

Troubleshooting a Nonfunctional Computer

The following scenario demonstrates how you can use out of band management to run diagnostic commands and tools for a desktop computer that is not functioning (for example, the operating system stops responding or does not load) without requiring local access to the computer.

The help desk at Trey Research receives notification that a computer has stopped responding. To troubleshoot the computer, the help desk engineer proceeds with the course of action outlined in the following table.

Process

More information

The help desk engineer locates the computer in question in the Assets and Compliance workspace of the Configuration Manager console, and connects to it by using the out of band management console.

Section How to Run the Out of Band Management Console in the How to Manage AMT-based Computers Out of Band in Configuration Manager topic.

The help desk engineer then performs the following actions:

  • He clicks Power Control, selects the boot option for IDE redirection, specifies the path and file for a diagnostic tool in the IDE redirection path, and then clicks Restart Computer.

  • He clicks Serial Connection and waits for the computer to boot from the image that contains the diagnostic tool. By using the diagnostics, he discovers that the disk has a number of bad sectors. He selects the option to repair the bad sectors, and then exits the tool.

  • He clicks Power Control, clicks Restart Computer, and closes the out of band management console.

Section How to Run Commands, Repair Tools, and Diagnostic Applications for a Computer in the How to Manage AMT-based Computers Out of Band in Configuration Manager topic.

The engineer confirms that the computer restarts and loads the operating system successfully.

Because the computer is operational again, he closes the ticket, but he puts in a request to replace the hard drive to safeguard against the same problem in the future.

Company-specific process.

As a result of the preceding course of action, the time-to-resolution for this computer is dramatically reduced because local access to the computer is not required.

Achieving Compliance for Software Updates by Using Wake on LAN and Power on Commands

The following scenario demonstrates how you can use out of band management with software updates in Configuration Manager to help achieve higher success rates for installing software updates within a specified time frame.

Trey Research has a security policy that requires that all computers on the network running Windows have critical security software updates installed within two weeks of release. The installation of these software updates on servers has a 100 percent success rate, but the success rate on desktops is only 80 percent, although the Configuration Manager administrative user deployed them within one week after release. On investigation, the computers that do not have the software updates installed are turned off for various reasons—for example, because users are on vacation or sick leave or because the computers are not in everyday use and are turned on only when required for a specific application or process.

The security policy also prohibits sending wake-up packets over the network, but there is often not enough time to track down each computer, turn it on, and install the required software updates to meet the compliance deadline.

To help achieve the compliance levels in a timely and efficient fashion, Adam decides on the course of action outlined in the following table.

Process

More information

Adam enables Wake on LAN for the primary sites in the hierarchy and selects the Use AMT power on commands only option.

Step Step 6: Configuring the Site to Send Power on Commands for Scheduled Wake-Up Activities in the How to Provision and Configure AMT-Based Computers in Configuration Manager topic.

He checks the packet transmission settings in the out of band service point properties and makes some minor changes.

Step Step 4: Configuring the Enrollment Point and Out of Band Service Point for AMT Provisioning in the How to Provision and Configure AMT-Based Computers in Configuration Manager topic.

He reads the information in the documentation about the additional time that might be required to power on multiple computers and plans accordingly by creating different collections of computers so that software update deployments can be configured in batches.

 How to Create Collections in Configuration Manager

Adam closely monitors the installation of the critical software updates. For the computers that have not yet installed them, he creates a new deployment that contains the software updates, but this time it is also configured for Wake on LAN. He targets this software update deployment in batches to the collections that he created.

Operations and Maintenance for Software Updates in Configuration Manager

As a result of the preceding course of action, critical software updates are installed on the majority of computers within one week. This leaves a comfortable margin of one more week to track down and correct the few desktop computers that still require the software update, perhaps because the computer was put into hibernation before it received the software update deployment or because there was no power for the computer.

By using the combination of software updates with a deadline for the majority of computers, Wake on LAN with power-on commands for the few computers that are turned off, and manual intervention for the minority of computers that remain noncompliant, Trey Research can now meet its compliance levels every month.