client agent is the counterpart to the SCCM server on the user’s side. Residing
in managed client computers, this piece of software acts as an intermediate
between the IT administrator’s actions and the actual policy enforcement and
software deployment actions on the user’s system. So the SCCM client agent
(often simply called “client”—and not to be confused with the client
computer) is essential for managing client computers.
program is also responsible for taking stock of the existing hardware and
software. Admins can compile complete lists and reports of the inventory
present in the organization and generate corresponding requirement and purchase
plans. Without a client agent, a system essentially does not exist for the IT
administration—or at least only as an unmanaged, unknown device within SCCM’s
device collection. That is why it is important for the IT infrastructure as a
whole that SCCM clients are deployed reliably on all the organization’s
endpoint computers—and that the communication between those clients and the
management server is in working order.
systems, there are a number of ways to install the SCCM client on corporate
endpoint computers. All these methods can be automated. No one from IT needs to
produce an USB drive for this purpose.
Microsoft SCCM and Mac
client agent can be retrofitted with enhancements for added functionality. In
addition to distributing software and applying system patches, the agent
program can also be used to patch third-party software. This enables IT to
handle software distribution and update management entirely via SCCM.
There is a
special version of the SCCM client for macOS® systems on the corporate network. But
this includes two alternatives. Microsoft’s SCCM client for macOS is intended
to apply administration procedures from SCCM to Mac® systems. However, these exhibit
major differences compared to Windows systems. On the one hand, SCCM can
natively handle significantly fewer parameters for macOS. On the other, IT is
forced to install the client software for macOS manually on every single Mac in
the organization. Things become much easier with Parallels® Mac Management for Microsoft® SCCM, a plugin for SCCM that adds many
management features to SCCM. Parallels Mac Management enables automated Mac
discovery and client software installation, relieving admins of some of their
Learn more about how to manage Mac devices like PCs with Parallels Mac Management for Microsoft SCCM in our weekly Webinars. Register now for free!
Online training for SCCM | Plural Insights
Ivanti Patch for SCCM | Third Party Patching via SCCM
Verify an SCCM Client is Finished Installing | Interface Technical Training
Install an SCCM Client Manually | Datacenter-Insider
The post SCCM Client Agents Demystified | Managing Mac with SCCM appeared first on Parallels Blog.
Installing Windows SCCM
To manage their clients via SCCM, organizations first need to set up the SCCM infrastructure for Windows. Before the installation can start admins need to do some preliminary work. Admins should use Windows Server 2012 or later. After that is verified, they need to extend the Active Directory Schema. Microsoft supplies a tool, extadsch, that performs this task automatically and documents it in a log file. The third step is to generate a new container, System Management, using the tool ADSIEdit and to specify rights for this container.
Microsoft Windows Assessment and Deployment Kit (ADK)
The Microsoft Windows Assessment and Deployment Kit (ADK) is also required for Windows SCCM. Admins can download this from a Microsoft website. They need two of the kit’s components, the User State Migration tool (USMT) and the Windows Preinstallation Environment (WindowsPE). The Microsoft ADK as a whole is used to provide client systems with Windows images. Windows SCCM works with a database, and an SQL server is essential for this purpose. This SQL server can be installed on the same system as all the other components that make up and help SCCM, if desired. If admins need the SCCM’s reporting functionality, they should activate the Reporting Services when installing the SQL server.
The tool Prerqchk
The tool Prerqchk can verify whether all the requirements for SCCM have been met. The Windows SCCM installation wizard itself asks how SCCM should be installed. Admins can choose “primary site” if SCCM should only manage a single location within the organization. The location code and name to be used for installing are other parameters that need to be entered in the Windows SCCM installation wizard. A link to the SQL server and the choice of whether to install the distribution points along with the application are the final entries.
Managing Mac Clients
The SCCM plug-in, Parallels® Mac Management for Microsoft® SCCM, is an easy way for admins to manage Mac clients as well—directly from the SCCM console.
Learn more in our webinars
Join our webinars to learn how you can manage corporate Mac devices natively within Windows SCCM.
Windows Pro | How to install System Center Configuration Manager (SCCM) 2016
Prajwal Desai | SCCM 1802 Install Guide using Baseline Media
Microsoft Docs | Install the System Center Configuration Manager console
Microsoft Docs | Client installation methods in System Center Configuration Manager
The post How to Install Windows SCCM | Managing Mac with SCCM appeared first on Parallels Blog.
Here at Parallels, I hear the following from SCCM Admins all the time:
“Hey, I like Parallels Mac Management for SCCM a lot – it’s a great way to manage both Windows and Mac endpoints in SCCM…. BUT my CIO/IT Director/Boss/Team/Board doesn’t think Endpoint management is a priority. It’s a nice to have – we’re going to keep doing what we’re doing and look at this next month/quarter/year/budget cycle.”
The kids nowadays have an acronym that they use in text messages and social media—it’s SMH. It stands for “shaking my head.” When I hear this from an SCCM admin, I’m SMH all over the place.
Here are the facts: According to IDC, 70% of successful breaches begin at the endpoint. As of this writing, the National Institute of Standards and Technology (NIST) is tracking almost 122,000 known Common Vulnerabilities and Exposures (CVEs) in its National Vulnerability Database (NVD), almost 5,000 of which have been opened this year!
So what’s the big deal? Simply patch these systems and you’re good to go, right?
Not so fast. If you’re like most companies, it takes and average of 100 – 120 days to patch a vulnerable application or OS – which is disappointing – because the probability of a vulnerability being exploited hits 90% between 40 – 60 days after discovery. That math adds up to breach.
So…if you’re a normal IT team, you’re already behind on your patching vulnerabilities. But you’re an SCCM admin, so at least you can patch all your devices on your Windows network through SCCM-right?
As of right now, Windows only controls 69% of the desktop market share. Apple OS X controls almost 20%! And whether those Macs are CYOD, BYOD or LMNOP, they’re hanging off your WIFI’s and dialing into your remote sessions and VPNing into your intranets!
You cannot just ignore them!
So you can’t get at these Macs via SCCM. Are you going to ask 20% of your end users to “bring their Macs to IT” to do patch updates?
Don’t take a sip of that coffee yet—because it gets worse.
OK, so let’s say you recognize you need to manage the Macs on your network, and let’s say you convince Mac users to bring their Macs in (you should be buying a lottery ticket if this happens). Now it’s time to update and patch. It should be just as simple as updating a Windows 10 patch, right?
Let me ask you, what’s the percentage of your Windows network that isn’t Windows 10? I’m guessing it’s in the single digits.
Look at the breakout of your Macs.
Which version OS patches are you going to deploy? Only 44% of Mac endpoints have the latest OS—Mojave—running.
Imagine trying to patch Windows 10, Windows 8.1, Windows 8, Windows 7 and Windows Vista! At the same time!
All of a sudden endpoint management doesn’t seem like a project you can just push off because your boss/your team/your board/Santa Claus doesn’t think it’s a “priority.”
Listen I get it—endpoint management isn’t sexy or exciting. It’s not hybrid-cloud, Augmented Reality-enabled, Internet of Things, Sustainable Artificial Intelligent Sharks with laser beams on their foreheads!
It’s just imaging, patch management and endpoint security. Basic vanilla stuff.
It’s stuff you handle right now within SCCM for your Windows devices.
Yeah, it’s boring.
But you know what’s NOT boring?
This: When your CFO calls your IT helpdesk from the Denver airport at 5 p.m. on a Friday and leaves this voicemail “Hey, I left my MacBook in the Uber and I have to catch a flight and all the financials from Merger and Acquisition meeting are on it! Can you, like, delete all that stuff? Because if it gets out, it could tank the company stock and put us all out of work. Gotta go—bye!”
If that were a PC, you could just WIPE/LOCK it in SCCM, turn it into a brick and go home for the weekend.
But it’s not a PC.
Feel that trickle of excitement, the feeling of your weekend being ruined? Nothing like an all-hands fire drill to add some EXCITEMENT to the boring old IT department.
Wouldn’t it be nice (and boring) if you could treat a Mac in SCCM just like you treat a PC?
So here’s my “sales pitch:” Endpoint management IS a priority. As an IT professional, it should be your first priority. If you need help convincing your boss/team/board/Easter bunny otherwise, click the link and I’ll meet with you to help you make your case.
Parallels Mac Management for SCCM can be demo’d and trialed in your production or test environment. You can even TRIAL IN A BOX. For $3.75 per Mac/per month, you can manage your Macs in SCCM, where you already have invested IT budget, time and training, so you can stop dreaming and start planning all the other cool sharks with laser beam IT projects we talked about earlier.
Endpoint Management IS a Priority – so let me help you treat it as such.
Active Directory (AD) is one of the key tools that IT teams use to organize corporate network infrastructures. This includes all their assets and users. It helps manage domains, identities, user groups, and protected content for user accounts. For inconsistent IT environments (ones with both Windows and Mac®), it has the disadvantage of being a Windows solution. Because of this, admins face challenges when working with Mac clients—not all features and instructions work for Mac. Apple® uses its own implementation of the Lightweight Directory Access Protocol (LDAP) standard to connect Mac devices to AD servers or domain controllers: Open Directory. This means that admins lack important features of Active Directory. For example, group policies have no effect on Mac computers. Group Policies are a common feature that allows admins to regulate a range of user rights.
Connecting Mac Devices via Active Directory
However, Mac devices can be connected via Active Directory. Apple offers their Directory Utility to accomplish this. It enables administrators to integrate Mac clients into an existing AD environment. Once the Mac clients are integrated via AD, at least some policies take effect for these clients. Examples include policies for domain passwords and identical user and domain login credentials, along with protected resource authorization. Another alternative for connecting a Mac with a domain controller is to choose the „Users & Groups“ option in the system settings under „Login options“ > „Network account server”. In practice, however, configuring Mac clients manually one by one using Active Directory is not ideal.
Integrating Mac clients into an Active Directory network
Using Microsoft SCCM and Parallels® Mac Management for Microsoft® SCCM is a significantly easier way for administrators to integrate Mac clients into an Active Directory network. The SCCM Active Directory System Discovery tool automatically identifies new Mac devices on the network. And then installs the Parallels Mac client software on them. Check out the “Installing Parallels Mac Client Using Discovery Methods” section of the Administrator’s Guide for a detailed description of how this works.
Learn more about how to manage Mac devices like PCs with Parallels Mac Management in our weekly Webinars. Register now for free!
Parallels will be showcasing Parallels Mac Management for Microsoft SCCM at MMS – Midwest Management Summit at Mall of America in Bloomington, Minnesota May 5 – 9, 2019.
The Midwest Management Summit is a 4-day conference purposely capped to just 750 attendees so that nobody gets lost in the crowd.
|Event||MMS Midwest Management Summit|
|Date||Sunday, May 5, 2019 – Thursday, May 9, 2019|
|Booth||Parallels Booth 2|
|Venue||Radisson Blu in Mall of America, 2100 Killebrew Dr Bloomington, Minnesota|
|Presentation||Tuesday, May 7, 2019 – 3:00pm – 4:45pm
“How on EARTH do I Manage This? The Challenge of Windows, Macs and MDM in the Microsoft Ecosystem.”
More Info, click here.
Our team Danny Knox, Ellis Jones, and Cristina Gonzalez are looking forward to seeing you at booth 3 at Midwest Management Summit in Bloomington (Minnesota) on May 5 – 9, 2019 and also at Danny Knox’s presentation about “How on EARTH do I Manage This? The Challenge of Windows, Macs and MDM in the Microsoft Ecosystem.” on May 7 from 3:00 – 4:45pm.
For more information or if you would like to schedule a meeting, please click here.
The post Meet the Parallels Team at MMS Midwest Management Summit appeared first on Parallels Blog.
“You should make a Parallels Desktop for iOS. I want
to be able to run Windows on my iPad.”
As a product manager for Parallels Desktop® for Mac, I receive lots of suggestions from users about features they want to see in Parallels Desktop, as well as requests for Parallels Desktop to run on additional platforms, like Windows or the iPad®.
First of all,
I want to assure you that I really like to receive these suggestions and
requests. They tell me that lots of people like Parallels Desktop and that they
have ideas to make it even better. They’re all looked at by the engineering and
marketing teams here at Parallels—and they often are the inspiration for
features that we explore for future versions.
A request that
we often receive is for “Parallels
Desktop for the iPad,” with the intended goal of running Windows on an iPad—or
more specifically, to run Windows applications on an iPad.
differentiate between two cases: (1) actually
running Windows and Windows applications on an iPad, and (2) appearing to run Windows and Windows applications
on an iPad.
Case 1 requires the installation of Windows and Windows applications into a virtualization app on the iPad. In this case, you could run Excel for Windows on an iPad without using any network connection. I do not know of any virtualization app that would do this, nor have I heard of anyone trying to build such an app. Some have stated that even if such an app were built, Apple® would not allow it in the App Store. In addition, a Windows installation is about 10-20GB which would make such an iPad app reallylarge.
Case 2, on the other hand, requires an app that would show the Windows desktop on the iPad screen and would translate your touches and gestures on the iPad screen into commands that Windows understands. This app would then send those commands to Windows running on a remote computer—and then bring the Windows screen changes back to the iPad and show them on the iPad screen. There are iPad apps that do this, and I will show you two such apps in this blog post. Such apps require a network connection to this remote computer. Without this connection or without the remote computer, they can’t do very much.
Note: Be careful of what you find if you just search for “iPad virtualization app” or “run Windows on iPad.” When I did so, I found fake videos on YouTube, links to apps that run iOS on Windows PCs or the Mac—the opposite of what this blog post is about—and links to legitimate “Case 2” solutions.
Two solutions from Parallels: Parallels Access and
There are two “Case 2” solutions from Parallels. While they look quite similar, who uses them and how they are set up differ quite a bit.
Parallels Access has an iPad app that enables you to remotely connect to Mac or PC devices that you own or control. Figure 1 shows using the Parallels Access iPad client to remotely access a Windows 10 virtual machine running in Parallels Desktop on my MacBook Pro®.
Video 1 shows this in operation.
When you install the Parallels Access agent on your Mac or PC, Parallels Access will remember how to navigate the firewall that protects both your iPad and your remote computers. I have successfully used Parallels Access to connect to my home iMac and my work iMac from many locations in the US and around the world. I have even used Parallels Access to connect to these two Mac when I was behind the Great Firewall while on a business trip to China.
install the Parallels Access agent on your Mac or PC, that computer can only be
remotely accessed by you. If, instead, you would like to have a remote PC
accessed by several people, read the next section about Parallels®
Remote Application Server (RAS).
Parallels Remote Application Server (RAS)
Parallels RAS has an iPad app “Client” that enables authorized users to connect to a remote Windows PC—either a PC in a Windows cloud–based server farm, or a Windows PC set up and maintained by your company’s IT team. Figure 2 shows me using an iPad to connect to a Windows Server 2016 DataCenter PC in the Microsoft Azure cloud.
Several other people also have access to this server. Parallels RAS does not provide for remote access to Macs or Linux PCs.
Read more about Parallels RAS and see videos of its use in my earlier blog post.
Feel free to download a free trial of Parallels Access or Parallels RAS to see how you achieve the effect of running Windows applications on your iPad. Please let us know in the comments how this works for you.
The post Customer Request: You Should Make Parallels Desktop for iOS appeared first on Parallels Blog.
The bring-your-own-device (BYOD) trend has truly taken off,
largely because business leaders know it’s increasingly something employees
want. IT departments may not always be keen on BYOD—IT managers have to closely
monitor employees’ devices to ensure the business remains protected—but they
know they have to plan for it. Moving from BYOD to choose-your-own-device
(CYOD) can be a good option for companies to minimize risks, while only
introducing a few. (If your company uses Microsoft SCCM, there is an additional
opportunity to make your IT life a little easier…I’ll explain later in this
BYOD is popular—and it
affects the workspace
This dynamic can
be difficult for companies to accommodate. Employees are now less concerned
about the technology that their companies can provide—they’re bringing and
using their own devices anyway.
According to a report by Forrester Research, as many as 53% of employees brought their own devices to work in 2012. By 2018, those numbers increased to 65%. This trend—as well as other requirements of the digital age—means that companies need to invest a significant portion of their revenue on IT and technological infrastructure. In fact, according to a Deloitte study, 57% of companies’ IT budgets are spent on business operations, including employee technology.
your BYOD policy really secure?
This may sound like an obvious
thing to ensure, but a surprisingly large number of organizations falter here. Many
of the everyday tasks performed by your employees are inherently insecure.
If your BYOD security program only covers a specific operating system (for example, Windows), many devices (including the ever-popular iPhone®) are automatically out of scope. If you have Mac® computers on premise and don’t manage them, you leave them vulnerable to Meltdown and Spectre.
I highly recommend this exceptional 10-minute read from TechGenix about how to check your BYOD policy for consistency and security by asking yourself the right questions and aligning with your IT department and company goals.
CYOD is a smart move in 2019
BYOD brings up new problems that companies have to mitigate. It’s difficult to manage employee-owned devices, so you can’t account for things like software updates, malware protection, and other protective strategies that can secure companies’ sensitive information. Employees are also more likely to use their personal devices on unsecured wireless networks, allow other people to use them, or leave company information on the device when they ultimately get rid of it.
these reasons, CYOD is a step forward from a traditional BYOD policy. With
CYOD, IT departments define a lineup of desktop and mobile devices that employees
can get from their employer. Because they are technically company-owned
devices, this mitigates the risks associated with BYOD. Employees can also get
the type of device they like. People
tend to have specific tastes and desires when it comes to their technology.
Some employees are adamantly “Apple® people,” while others will always prefer a
to implement CYOD, companies need an enterprise-level device management
solution to effectively manage the offered devices. Do you know how many Mac computers have access
to your company’s sensitive data?
If your company already uses Microsoft SCCM for managing Windows endpoints, consider Parallels® Mac Management for Microsoft® SCCM, an SCCM plug-in that allows IT admins to manage Mac devices like Windows PCs. Having Windows and Mac managed in Microsoft SCCM (in a single pane of glass) is a good strategy. It’s backed by Microsoft’s experience in Windows endpoint management and its commitment to providing tools like SCCM and Intune for enterprise-level device management.
decision you and your stakeholders make, it’s important to make note of the
points made here to ensure the viability and longevity of your solution.
While large enterprises tend to use Windows, small agencies, offices, and owner-operated companies tend to opt for Mac®. If the proprietor is the one responsible for the company’s IT equipment, then personal preference and experience influence decisions along with financial aspects. Case in point: TravelEssence, a tour operator based in Utrecht, Netherlands. This company exclusively uses Mac computers because co-founder Andrew Morten has a personal propensity for Apple ®. All of the staff works with Mac and mainly uses the preinstalled Apple software, such as Numbers, Mail, and Photos.
But not all business sectors have all of the productivity software they need available on macOS®. That’s true for the travel industry, too. In spite of the company’s dedication to Apple hardware, TravelEssence needs to use Windows for essential tour-planning tools. Because of this, Andrew faced the challenge of finding the best solution for integrating Windows software into the Apple environment as smoothly as possible. “For me, a computer is only a good computer if it doesn’t present an IT amateur like me with inexplicable puzzles,” Andrew said. “That is why I have always loved Apple Macs for their straightforwardness and user-friendliness. And I expect the same from a piece of software.”
Andrew finally found the answer to his predicament with Parallels Desktop® for Mac Business Edition. This solution enables employees to switch between native Mac software and the virtualized Windows environment while talking to a customer—without rebooting. This helps keep messages and route-planning details always in view. Copy and paste can even be used to share information between Windows and macOS. There are no boundaries between the operating systems—and what’s more, Coherence Mode in Parallels Desktop lets Windows fade into the background so employees only see the needed program windows.
Read the complete case about how TravelEssence bridged the gap between Mac clients and Windows software.
Learn more about all the features in Parallels Desktop for Mac Business Edition and download a free trial!
The post How Small Companies with Pure Mac IT Use Windows Software appeared first on Parallels Blog.
“You should make a Parallels Desktop for Windows.”
I have received
this suggestion many, many times.
The short answer is, “I have done that. Several times.”
The long answer is I have been involved with three different efforts to create a virtualization product for Windows desktops: Connectix Virtual PC for Windows, Microsoft Virtual PC (also known as Windows Virtual PC), and Parallels Workstation for Windows (also known as Parallels Workstation Extreme). See Figure 1.
All of these
products worked well and did exactly what you would expect a desktop
virtualization app to do: run another operating system (OS) in a window on your
computer. They all had the integration features you would expect: drag and drop
from one OS to another, run applications in the virtualized OS, use the network
connection of your computer to give the virtualized OS a network connection, and
And these products all had their fans. One particular example is rather interesting. I gave a demo of Connectix Virtual PC for Windows to Henry Norr, then a technology columnist for the San Francisco Chronicle. At the beginning of the meeting, Norr said, “I only took this meeting because of your reputation, but I have to tell you that the idea of a Virtual PC for Windows is one of the silliest ideas I have ever heard. Who would want such a product?”
I gave Henry a demo of the basics of Connectix Virtual PC for Windows, and everything worked well—but he was not at all impressed. Then I gave a demo of the Undo Drives feature. (See sidebar on Undo Drives, a feature that is in today’s Parallels Desktop® for Mac, as well as the three products mentioned at the beginning of this blog post.)
Sidebar: Undo Drives
Undo Drives is an advanced feature of most desktop virtualization products. Turn on Undo Drives, and then do anything you want in the system. Install applications, add files, get a virus by visiting a dodgy website, delete a file, uninstall an application, change any system preferences you want—even over several days of use. Then push the “Undo” button, and it’s as if none of these things ever happened. The Undo Drives tool is even more powerful than Windows Restore Points because restore points can fail. Undo Drives never fail.
immediately saw how Undo Drives would be a great feature for any technology
columnist. “I always worry when I install a beta of something on my system, and
a few times that beta software has really messed up my system. Undo Drives
would take that worry away completely.” Henry installed and used Connectix
Virtual PC for Windows and wrote a very favorable review of the product.
fans did not translate into significant sales for Connectix Virtual PC for
Windows, Microsoft Virtual PC, and Parallels Workstation for Windows. Eventually,
these products were all cancelled.
“But with a Parallels Desktop for Windows, I could run
macOS on my PC!”
Well, no, you
couldn’t—at least not legally. The macOS® end user
license agreement does not allow macOS to be run on non-Apple®
hardware. If my many years in the software industry have taught me anything, it’s
that you never want the Apple lawyers mad at you. (Or the Microsoft lawyers
either, but that’s another story.)
“Maybe a virtualization app for Windows makes sense,
but you messed up each time. Maybe you are a software jinx.”
OK, I left
myself open on that one.
Try Parallels Desktop for free for 14 days!
The post Customer Request: You Should Make Parallels Desktop for Windows! appeared first on Parallels Blog.
Andrew Morten has always been a fervent Mac® aficionado, and he imbued his own business, TravelEssence, with this propensity for Mac computers. The company is also a result of personal interests: custom tours (away from the usual tourist traps) specializing in Australia and New Zealand. TravelEssence relies on Mac as part of its company philosophy. The tour operator’s staff (around 60) uses Mac exclusively for their work—15 Mac mini® and 50 MacBook® computers.
TravelEssence uses the applications that come with macOS® to handle day-to-day chores and correspondence: Mail, Pages, Photos, and more. This helps save license expenses and minimizes the IT teams’ internal workload. But the travel agency faced a challenge. Two essential travel-handling tools are only available on Windows: the airline reservation system, Galileo, and the travel planning tool, Tourwriter.
Whenever a company resolves to use only Mac but finds that essential software is only available for Windows, IT must come up with a solution—preferably a user-friendly one. The agency’s Mac computers needed to provide Windows as a secondary system in order to make flight reservations. The Apple® solution, Boot Camp®, requires the user to reboot the computer to change operating systems, making it a less-than-ideal solution for switching between macOS and Windows.
TravelEssence needed to use the Windows-based tour-operator tools alongside native Mac applications—so Andrew Morten saw Parallels Desktop® for Mac Business Editions as the perfect solution. After a trial period, it was clear: Parallels Desktop enables employees to switch seamlessly between macOS and Windows applications. There’s no reboot needed, and users can even copy and paste between the two worlds. And with Coherence Mode, Windows remains in the background, leaving the running programs in the user’s focus.
Read more about how TravelEssence managed to use Windows and macOS side by side by using Parallels Desktop for Mac Business Edition.
Learn more about all the features in Parallels Desktop for Mac Business Edition and download a free trial!