Deploying the Windows Intune Client Software
Since my article on Windows Intune, I have gotten a lot of questions. So I am going to start a series of Windows Intune blog post. More on Windows Intune can be found at:http://technet.microsoft.com/en-us/windows/hh781469
To view the Help for the latest release of Windows Intune, see the Windows Intune October 2011 Release Help Home
Windows Intune™ is an Internet-based management service that lets you centrally manage client computers in your organization. Windows Intune helps reduce the total cost of managing software by providing a categorized view of key data about client computers (such as software updates and malicious software, or malware, that was detected or recently resolved) and by translating the data into usable information.
Windows Intune consists of two parts:
- A web-based administration console, onto which subscribers can log to view data about managed computers in their organization and perform relevant management tasks
- Client software that communicates with the web-based console and supplies it with data about managed computers
The Windows Intune service collects information about programs installed on computers that have the Windows Intune client software installed. This guide describes how to install and remove the client software.
In This Guide
- Client Software Requirements
- How Client Software Deployment Works
- Plan for Client Computer Bandwidth Usage
- Plan for Deployment in Enterprises that are Managed by Using Group Policy
- Deploy the Client Software
- Verify Client Software Installation
- Agents, Applications, and Components
- Remove the Client Software
- Appendix A: Preparing Client Computers for Endpoint Protection
- Appendix B: Firewall and Proxy Server Settings for Client Computers
- Appendix C: Troubleshoot Deployment Errors
Client Software Requirements
Computers on which you want to install the Windows Intune client software must satisfy requirements in this section.
Operating System Requirements
You can install the Windows Intune client software on computers that are running any of the following Windows operating systems:
Windows XP Professional, Service Pack (SP) 2 or Windows XP SP 3
Windows XP SP 2 is not supported on client computers that run the Windows Intune July Beta release or the Windows Intune October 2011 release.
Windows Vista Enterprise, Ultimate, or Business editions
Windows 7 Enterprise, Ultimate, or Professional editions
The Windows Intune client software is supported on both x86-based and x64-based editions of the previous operating systems. Itanium-based (IA-64) systems are not supported by the Windows Intune client software.
If client computers that you want to manage by using Windows Intune are behind firewalls or proxy servers, you must configure the firewall or proxy server to let Windows Intune communicate with client computers. For more information, see Appendix B: Firewall and Proxy Server Settings for Client Computers.
If the client computers run anti-malware software that is not manufactured by Microsoft, see Appendix A: Preparing Client Computers for Endpoint Protection.
To use Windows Intune to manage client computers that are running Windows XP Professional SP 2, you must install the following updates:
- Forefront Client Security Filter Manager QFE for Windows XP SP2 (http://go.microsoft.com/fwlink/?LinkId=155100)
- MSXML 6.0. For more information about MSXML 6.0 and how to download it, see the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=169475). We recommend that you also download and install the latest security update, MSXML 6.0 SP2 (http://go.microsoft.com/fwlink/?LinkId=169448).
Hardware and Memory Requirements
To install the Windows Intune client software, a computer must satisfy any hardware requirements for the operating system and have the following, at minimum:
- Internet connectivity
- For Windows XP, CPU clock speed of 500 MHz and 256 MB RAM at minimum
- 200 MB disk space
You must be a member of the Administrators group on the computer on which you want to install the Windows Intune client software.
Client Computer Updates
You should verify that all client computers have the latest Windows updates and service packs installed before you install the Windows Intune client software.
How Client Software Deployment Works
When you download and run the Windows Intune client software package as described in Download the client software, the software performs two tasks, in the following order:
- The software authenticates and enrolls the client computer in the Windows Intune service, and the first agent, Windows Intune Client, is installed.
- The software schedules the remaining agents and programs for download and installation. The agents collect information about client computers that is displayed in the Windows Intune service workspaces. The Windows Intune Center program lets client users request remote assistance from administrators, manage how some updates are deployed to their computers, and start unscheduled scans for malware. The client software schedules installation of the following remaining agents and programs:
- Windows Intune Center
- Microsoft Policy Platform
- Microsoft Online Management Policy Agent
- Windows Firewall Configuration Provider
- Windows Intune Endpoint Protection
- Windows Intune Endpoint Protection Agent
- System Center Operations Manager 2007 R2 Agent
- Windows Intune Monitoring Agent
After the enrollment process is complete, you must restart computers that are running Windows Vista or Windows 7. As remaining agents are downloaded and installed, they report their status to the service. Agents that are not properly installed or enrolled correctly are shown to administrators in the Windows Intune console as alerts.
Windows Intune client software installation is typically complete and working with the service within 30 minutes.
To start to deploy the client software, plan how you will organize computers that you want to manage by using Windows Intune, to help avoid conflicts with domain-level Group Policy. For more information, see Plan for Deployment in Enterprises that are Managed by Using Group Policy.