Thursday, 25 October 2012

SCCM Basics & FAQ

SCCM Basics & FAQ

A Short notes on ' SCCM 2007 Basics'


I've been looking for short notes that facilitate quick understanding knowledge on SCCM 2007. I finally put my efforts to bring a short notes on SCCM 2007 to help those who are already familiar with Systems Management Server (SMS) 2003 and who wish to quickly develop understanding knowledge on 'Microsoft System Center Configuration Manager 2007'.


Microsoft SCCM -2007 (ConfigMgr) provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively, Allows IT staff to monitor and manage the hardware & software in a modern distributed environment.



SCCM 2007 Features
  • HW/SW Inventory
  • Software Distribution
  • Software Update
  • Software Metering
  • Operating System Deployment (Image capture/deployment, User State Migration, Task sequence)
  • Manage site accounts tool (MSAC)
  • Asset Intelligence Remote tools

NAP Works with Windows Server 2008 operating system Network Policy Server to restrict computers from accessing the network if they do not meet specified requirements The System Center Family, The products included under the System Center umbrella address the challenges of managing information technology in organizations of different sizes.


What's New


  • Branch distribution point
  • Desired configuration management
  • Wake On LAN
  • Network Access Protection (NAP)


In addition to SCCM 2007, the System Center products include: System Center Operations Manager 2007 -Allows IT staff to monitor and manage the hardware and software in a modern software distributed environment. System Center code name “Service Desk” When it released, “Service Desk” is expected to provide implementations of fundamental IT Service Management processes, including incident management, problem management, and change management.

System Center Data Protection Manager 2006 Provides data backup and restore for Windows file servers. System Center Essentials 2007 Provides tools for less-specialized IT staff in smaller organizations to manage their environments more effectively with the three most important management functions: monitoring distributed systems, automating software updates and installing applications. System Center Virtual Machine Manager Helps management staff with the process of consolidating applications onto virtualized servers. System Center Capacity Planner 2006 Capacity Planner is a tool for determining what hardware resources will be required to run an application, such as Exchange Server 2003, to meet specific performance and availability goals.


For more information about Microsoft System Center,


SCCM Sites

A site consists of a site server, site system roles, clients, and resources. A site always requires access to a Microsoft SQL Server database. There are several types of SCCM 2007 sites. A SCCM 2007 site uses boundaries to determine the clients belonging to the site. Multiple sites can be configured into site hierarchies and connected such that you can manage bandwidth utilization between sites. A SCCM 2007 site is identified by the three-character code and the friendly site name configured during Setup and types of sites as follows.


Primary Sites-A primary site stores SCCM 2007 data for itself and all the sites beneath it in a SQL Server database.

Secondary Site-A secondary site has no SCCM 2007 site database. It is attached to and reports to a primary site. The secondary site is managed by a SCCM 2007 administrator running a Configuration Manager 2007 console that is connected to the primary site. The secondary site forwards the information it gathers from Configuration Manager 2007 clients, such as computer inventory data and Configuration Manager 2007 system status information, to its parent site. The primary site then stores the data of both the primary and secondary sites in the SCCM 2007 site database. The advantages of using secondary sites are that they require no additional SCCM 2007 server license and do not require the overhead of maintaining an additional database. Secondary sites are managed from the primary site it is connected to, so they are frequently used in sites with no local administrator present. The disadvantage of secondary sites is that they must be attached to a primary site and cannot be moved to a different primary site without deleting and recreating the site. Also, secondary sites cannot have sites beneath them in the hierarchy.

Parent Site-A parent site is a primary site that has one ore more sites attached to it in the hierarchy. Only a primary site can have child sites. A secondary site is always a child site. A parent site contains pertinent information about its lower level sites, such as computer inventory data and SCCM 2007 system status information, and can control many operations at the child sites.

Child Sites-A child site is a site that is attached to a site above it in the hierarchy. The site it reports to is its parent site. A child site can have only one parent site. SCCM 2007 copies all the data that is collected at a child site to its parent site. A child site is either a primary site or a secondary site.

Central Site -A central site has no parent site. Typically, a central site has child and grandchild sites and aggregates all of their client information to provide centralized management and reporting. A site with no parent and no child site is still called a central site although it is also referred to as a standalone site. A central site to collect all of the site information for centralized management.


Site Systems

Each site contains one site server and one or more site systems. The site server is the computer where you install SCCM 2007 and it hosts services required for SCCM 2007. A site system is any computer running a supported version of Windows® or a shared folder that hosts one or more site system roles. A site system role is a function required to use SCCM 2007 or to use a feature of SCCM 2007. Multiple site roles can be combined on a single site system, including running all site roles on the site server, but this is usually appropriate only for very small and simple environments.


Site System Roles

  • Management Point- The site system role that serves as the primary point of contact between SCCM 2007 clients and the Configuration Manager 2007 site server.
  • Server locator Point -A site system role that locates management points for SCCM 2007 clients.
  • Distribution Point-A site system role that stores packages for clients to install. Software Update Point-A site system role assigned to a computer running Microsoft Windows Server Update Services (WSUS).
  • Reporting Point-A site system role hosts the Report Viewer component for Web-based reporting functionality.
  • Fallback Status Point - A site system role that gathers state messages from clients that cannot install properly, cannot assign to a Configuration Manager 2007 site, or cannot communicate securely with their assigned management point.
  • PXE Service Point-A site system role that has been configured to respond to and initiate operating system deployments from computers whose network interface card is configured to allow PXE boot requests. User
  • State Migration Point-A site system role that stores user state data while a computer is being migrated to a new operating system.



How Site communicates?


Clients communicate with site systems hosting site system roles. Site systems communicate with the site server and with the site database. If there are multiple sites connected in a hierarchy, the sites communicate with their parent, child, or sometimes grandchild sites. Site Boundaries, SCCM 2007 uses boundaries to determine when clients and site systems are in the site and outside of the site. Boundaries can be IP subnets, IP address ranges, IPv6 prefixes, and Active Directory sites. Two sites should never share the same boundaries. Assigning the same IP subnet, IP address range, IPv6 prefix or Active Directory site to two different sites makes it difficult to determine which clients should be managed in the site.

Inter-Site Communication When you have a separate sites, SCCM 2007 uses senders to connect the two sites. Senders have sender addresses that help them locate the other site. When sending data between sites, senders provide fault tolerance and bandwidth management.

Intra-site Communications They use either server message block (SMB), HTTP, or HTTPS, depending on various site configuration choices you make. Because all of these communications are unmanaged, that is, they happen at any time with no consideration for bandwidth consumption, it is beneficial to make sure these site elements have fast communication channels.

Discovery Methods






  • Active Directory System Discovery -Discovers details about the computer
  • Active Directory System Group Discovery - Discovers details such as organizational unit, global groups, universal groups, and nested groups.
  • Active Directory User Discovery-Retrieves Active Directory User Discovery
  • Active Directory Security Group Discovery-Discovers security groups created in Active Directory.
  • Heartbeat Discovery-Refresh Configuration Manager client computer discovery data in the site database.
  • Network Discovery-Searches the network for resources that meet a specific profile, From router's ARP cache, SNMP agent and DHCP Each discovery method creates data discovery records (DDRs) for resources and sends them to the site database, even if the discovered resource is not capable of being a SCCM 2007 client.
Active Directory User Discovery and Active Directory Security Group Discovery allow you to target software distribution packages to users and groups instead of computers.



Client Installation
SCCM 2007 provides several options for installing the client software.

The following table lists the client computer installation methods.

  • Software update point installation -Uses the Automatic Update configuration of a client to direct the client computer to a WSUS computer configured as a SCCM 2007 software update point.

  • Client push installation -Uses an account with administrative rights to access the client computers and install the SCCM 2007 client software.

  • Manual client installation -A user with administrative rights can install the client software by running CCMSetup on the client computer. A variety of switches modify the installation options.

  • Group Policy installation -Uses Group Policy software installation to install CCMSetup.msi.

  • Imaging -The client software can be added to an image, including images created and deployed with SCCM 2007 operating system deployment.

  • Software Distribution -Existing clients can be upgraded or redeployed using SCCM 2007 software distribution.



Mobile devices use different installation methods Client Assignment Clients must be assigned to a site before they can be managed by that site. Clients can be assigned to a site during installation or after installation. Assigning a client involves either telling it a specific site code to use, or configuring the client to automatically assign to a site based on boundaries. If the client is not assigned to any site during the client installation phase, the client installation phase completes, but the client cannot be managed by SCCM 2007.

Clients cannot be assigned to secondary sites; they are always assigned to the parent primary site, but can reside in the boundaries of the secondary site, taking advantage of any proxy management points and distribution points at the secondary site. This is because clients communicate with management points and management points must communicate with a site database. Secondary sites do not have their own site database, They use the site database at their parent primary site. Authenticating Clients Before SCCM 2007 trusts a client, it requires some manner of authentication. In mixed mode, clients must be approved, either by manually approving each client or by automatically approving all clients or all clients in a trusted Windows domain. In native mode, clients must be issued client authentication certificates prior to installing the SCCM 2007 client software.

Blocking Clients- If a client computer is no longer trusted, the Configuration Manager administrator can block the client in the SCCM 2007 console.

Client Agents
Client agents are SCCM 2007 components that run on top of the base client components.


Computer Client Agent Properties-Configures how often client computers retrieve the policy that gives them the rest of their configuration settings.

Device Client Agent Properties-Configures all of the properties specific to mobile device clients. Hardware Inventory Client Agent-Enables and configures the agent that collects a wide variety of information about the client computer.

Software Inventory Client Agent-Enables and configures which files Configuration Manager inventories and collects.

Advertised Programs Client Agent-Enables and configures the software distribution feature.

Desired Configuration Management Client Agent-Enables the client agent that evaluates whether computers are in compliance with configuration baselines that are assigned to them

Remote Tools Client Agent-Enables Configuration Manager remote control

Network Access Protection Client Agent-Enables Configuration Manager Network Access Protection

Software Updates Client Agent-Enables the agent that scans for and installs software updates on client computers.



Administrator Console
You can run the console from the site server or install additional consoles on your desktop or help desk computers to facilitate management. One console can manage many sites or many consoles can manage a single site. The SCCM 2007 console runs as a Microsoft Management Console (MMC) snap-in, although you must run SCCM 2007 Setup on the computer so that the snap-in is available.



Collections
Collections represent groups of resources and can consist not only of computers, but also of Microsoft Windows users and user groups as well as other discovered resources. Collections provide you with the means to organize resources into easily manageable units, enabling you to create an organized structure that logically represents the kinds of tasks that you want to perform.

Inventory
Hardware inventory gives you system information Software inventoried file types and versions present on client computers Queries It uses WBEM query language (WQL) to query the site database. Query results are returned in the SCCM 2007 console, where they can be exported using the MMC export list feature.

Reporting
Reporting is a supporting feature to many other SCCM 2007 features. Reports are returned in Web pages in the browser. With reporting you can create reports that show the inventory you have collected or the software updates successfully deployed. You can also create dashboards, which combine several different views of information. Several pre-created reports are available to support common reporting scenarios. For more information about the reports provided for each feature, see the feature documentation.

Software Distribution
Software distribution allows you to push just about anything to a client computer. Packages in software distribution can contain source files to deploy software applications and commands called programs that tell the client what executable file to run. A single package can contain multiple programs, each configured to run differently. Packages can also contain command lines to run files already present on the client, without actually containing additional source files.

Software updates
The software updates feature provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. Software updates in SCCM 2007 requires a Windows Server Update Services (WSUS) server to be installed and uses that to scan the client computers for applicable software updates. The administrator views which updates are needed in the environment and creates packages and deployments containing the source files for the software updates. Clients then install the software updates from distribution points and report their status back to the site database.

Software Metering
Software metering enables you to collect and report software program usage data. The data provided by these reports can be used by many groups within the organization such as IT and corporate purchasing. Software metering in SCCM 2007 supports the following scenarios: Identify which software applications are being used, and who is using them. Identify the number of concurrent usages of a specified software application. Identify actual software license requirements. Identify redundant software application installations. Identify unused software applications which could be relocated.

Operating System Deployment
Operating system deployment enables you to install new operating systems and software onto a computer. You can use operating system deployment to install operating system images to new or existing computers as well as to computers with no connection your SCCM 2007 site. By using task sequences and the driver catalog operating system deployment streamlines new computer installations by allowing you to install software using one dynamic image that can be installed on different types of computers and configurations. Operating system deployment provides the following solutions for deploying operating system images to computers: Provide a secure operating system deployment environment. Assist with managing the cost of deploying images by allowing one image to work with different computer hardware configurations. Assist with unifying deployment strategies to help provide a solid deployment foundation for future operating system deployment methods.

Desired Configuration Management
Desired configuration management enables you to define configuration standards and policies, and audit compliance throughout the enterprise against those defined configurations. Best practices configurations can be used from Microsoft and vendors in the form of Microsoft System Center SCCM 2007 Configuration Packs. These Configuration Packs can then be refined to meet customized business requirements. Additionally, desired configuration management supports an authoring environment for customized configurations. This feature is designed to provide data for use by many groups within the organization, including IT and corporate security.

Mobile Device Management
Mobile devices are supported as SCCM 2007 clients. For documentation purposes, mobile clients are treated as a separate feature. Mobile clients can run a subset of SCCM 2007 features such as inventory and software distribution, but cannot be managed by remote control and cannot receive operating system deployments like desktop clients.

Remote Tools
Remote tools in SCCM 2007 includes the remote control feature which allows an operator with sufficient access rights the ability to remotely administer client computers in the SCCM 2007 site hierarchy.

Network Access Protection
Network Access Protection (NAP) is a policy enforcement platform built into the Windows Vista and Windows Server® 2008 operating systems that helps you to better protect network assets by enforcing compliance with system health requirements. You can configure DHCP Enforcement, VPN Enforcement, 802.1X Enforcement, IPSec Enforcement, or all four, depending on your network needs.


Asset Intelligence
Tracking IT asset & reporting -Is an inventory monitoring capability of SCCM 2007



Wake On LAN

The Wake On LAN feature helps to achieve a higher success rate for scheduled SCCM 2007 activities, reducing associated network traffic during business hours, and helps organizations to conserve power by not requiring computers to be left on for maintenance outside business hours. Wake On LAN in SCCM 2007 supports the following scenarios:

Sending a wake-up transmission prior to the configured deadline for a software update deployment. Sending a wake-up transmission prior to the configured schedule of a mandatory advertisement, which can be for software distribution or a task sequence.


Security Modes
There are two security modes in SCCM 2007.Native mode is the recommended site configuration for new SCCM 2007 sites because it offers a higher level of security by integrating with a public key infrastructure (PKI) to help protect client-to-server communication. PKIs can help companies meet their security and business requirements, but they must be carefully designed and implemented to meet the current and future needs. Installing a PKI solely to support SCCM 2007 operations could fulfill certain short term goals but could hamper a more extensive PKI rollout to support other applications at a later time. If your organization already has a well-designed, industry-standard PKI, SCCM 2007 should be able to use certificates from the existing PKI.


Backup and Recovery
Like any enterprise software, your site should be backed up to provide recoverability in case of unexpected events. Backing up a SCCM 2007 site involves backing up the database, the file system, and the registry all at the same point in time - backing up just one of these elements is not sufficient to restore a working site. SCCM 2007 uses the Volume Shadow Copy Service (VSS) to take small, frequent snapshots of the necessary components, making it easier to restore a failed site. The Site Repair Wizard walks you through the necessary steps to complete the site recovery.


Ports Used by SCCM-2007
  • Port used for client to site system communication -port 80 (HTTP) and default HTTPS port 443
  • Port used for Site Server to Site Server -SMB 445(Server Message Block) and its bi-directional

Wednesday, 10 October 2012

Configuration Manager Site System Planning

Configuration Manager Site System Planning

5 out of 8 rated this helpful - Rate this topic
Updated: December 1, 2008
Applies To: System Center Configuration Manager 2007, System Center Configuration Manager 2007 R2, System Center Configuration Manager 2007 R3, System Center Configuration Manager 2007 SP1, System Center Configuration Manager 2007 SP2
Each Configuration Manager 2007 site contains a site server and one or more site systems. A site system is a server or server share that provides functionality to the Configuration Manager 2007 site. A site system role is a function that a site system performs within a Configuration Manager 2007 site. For example, the management point site system role provides a communication point between the Configuration Manager 2007 site server and Configuration Manager clients.
All Configuration Manager 2007 site systems must be members of an Active Directory domain. It is not supported to change the domain membership or computer name for a Configuration Manager 2007 site system after it is installed.
Although a site server can perform multiple site system roles simultaneously, this configuration is not recommended for production sites with large numbers of resources. To decrease the load on your primary or secondary site server, you might want Configuration Manager 2007 to perform some server tasks on computers other than the site server. Some site system roles are assigned during installation, while others must be assigned after site setup has completed. After setup has been completed, the Configuration Manager console can be used to assign site system roles to the primary site server or distribute them among several different site systems.
noteNote
Configuration Manager site system role servers are often referred to by their site system role name. For example, a server that performs the distribution point role is often called a distribution point.

Basic Site System Roles

The basic site system roles that you can assign to site systems within a site are described in the following table.

 

Site System Description
Configuration Manager component server role
Any site system that runs the SMS Executive service component provides the component server role. A component server can run only selected threads of the SMS Executive. Use this role to lessen the processing burden on the site server or to provide duplicate threads.
This role is required to support other roles, such as a management point, and is installed and removed with the other server roles.
Configuration Manager site server
The site server role is automatically filled by the Windows Server computer where Configuration Manager 2007 Setup has been run.
This role is assigned during Configuration Manager 2007 installation.
Configuration Manager site system
Site systems are computers or server shares that provide Configuration Manager functionality to a site. Each site system hosts one or more site system roles. Some site system roles can be assigned to site systems within the site by using the Configuration Manager console. Other site system roles are automatically assigned to a site system and cannot be configured.
Configuration Manager site database server
The site database server is a computer running a supported version of Microsoft SQL Server that stores information for Configuration Manager 2007 sites, such as discovery data, hardware and software inventory data, and configuration and status information.
noteNote
For a list of supported SQL Server versions, see Configuration Manager Supported Configurations.

Every primary site in the Configuration Manager 2007 hierarchy contains a site database and a server assigned the site database server role. You can install SQL Server on the primary site server, or you can reduce the site server's processing load by installing SQL Server on a computer other than the primary site server.
noteNote
Hosting the site database for more than one Configuration Manager 2007 site on a single SQL Server computer is supported. However, installation of more than one site on the same computer is not supported for the SMS Provider.

The site database can be installed on the default or on a named instance on a single SQL Server computer, or it can be installed on a named instance on a clustered SQL Server instance. For more information about installing Configuration Manager sites using a clustered SQL Server instance, see How to Install Configuration Manager Using a Clustered SQL Server Instance.
noteNote
The only SQL service required to host the Configuration Manager site database is the SQL database service.

This role is assigned during Configuration Manager 2007 primary site installation.
SMS Provider
The SMS Provider is the interface between the Configuration Manager console and the site database. The SMS Provider can be installed on the site server, the site database server (unless the site database is hosted on a clustered SQL Server instance), or on another computer. The SMS Provider can also be moved to another computer after installation by running Setup again.
noteNote
It is not supported for the SMS Provider for more than one site to be installed on the same computer.

This role is assigned during Configuration Manager 2007 primary site installation.
ImportantImportant
The SMS Provider must be installed on a computer with the same operating system language as the site server's operating system language when a site contains site servers or clients with different language operating systems installed.

For more information about the SMS Provider, see SMS Provider Overview. For more information about choosing where to install the SMS Provider, see Choose the SMS Provider Installation Location.
Management point
The management point is the primary point of contact between Configuration Manager clients and the site server. Management points can provide clients with installation prerequisites, client installation files, configuration details, advertisements, and distribution point locations. Additionally, management points receive inventory data, software metering information, and status and state messages from clients.
A Configuration Manager 2007 site can have only one default management point that intranet-based clients will use to communicate with the site server. When clients are managed on the Internet, they do not locate a default management point but connect directly to a specified management point that is configured to accept connections over the Internet.
Multiple site systems hosting the management point site server role can be configured with the Windows Network Load Balancing (NLB) Service to provide high availability and can then be designated as the default management point for the site.
This role can be assigned during Configuration Manager 2007 primary site installation or at any time after setup has completed.
noteNote
By default, management points are automatically registered in WINS and can also be registered in DNS. If you are using WINS to register the default management point as an NLB cluster, you must manually register this in WINS. For more information about registering management points configured as members of an NLB cluster in WINS, see How to Manually Add Configuration Manager Site Information to WINS. For more information about registering management points in DNS, see Determine If You Need to Publish to DNS.

Server locator point
The server locator point stores site information and locates management points for Configuration Manager clients. The primary purpose of the server locator point is to support client deployment. Only one server locator point is required for a Configuration Manager site hierarchy, and this site role is typically installed on the central site server. The server locator point performs the following functions:
  • Provides client site assignment information when this information is not available in Active Directory Domain Services.
  • Locates a management point for clients if this information is not available in Active Directory Domain Services, DNS, or WINS.
This role can be assigned at any time after setup has completed.
noteNote
By default, server locator points are not automatically registered in WINS. If the Active Directory schema has not been extended for Configuration Manager, you must manually add the server locator point information into WINS. For more information about registering server locator points in WINS, see How to Manually Add Configuration Manager Site Information to WINS.

Reporting point
A reporting point is a site server that hosts the site's reporting Web site. A reporting point obtains report information from its Configuration Manager 2007 site database server. Before you can begin using reports in Configuration Manager, you must enable one or more of your site systems as a reporting point.
This role can be assigned at any time after setup has completed.
Fallback status point
A fallback status point is an optional site system role that receives state messages from Configuration Manager 2007 client computers. State messages are primarily sent to a fallback status point when a client installation or site assignment failure has occurred but are also sent when the client initially installs or assigns to the Configuration Manager 2007 site. The fallback status point also receives state messages from clients when they fail to communicate with their assigned management point. State messages received by the fallback status point are forwarded to the site server and can be reviewed by running client deployment success and failure reports from the Configuration Manager reporting point configured for the site.
The fallback status point site system role can be assigned to multiple site systems within a Configuration Manager 2007 site; however, both computer and mobile device client computers will send state messages only to their assigned fallback status point. For more information about the fallback status point, see About the Fallback Status Point in Configuration Manager. For more information about assigning a fallback status point to client computers, see How to Assign the Fallback Status Point to Configuration Manager Client Computers.

Feature-Specific Site System Roles

In addition to the basic site system roles, some site system roles are required only when specific Configuration Manager features are used.

Device Management

 

Site System Description
Device management point
The device management point is the primary point of contact between Configuration Manager 2007 mobile device clients and the site server. Device management points provide mobile device clients with policy. Additionally, device management points receive inventory data, software metering information, and status and state messages from clients.
Mobile device clients are configured with their device management point during installation. Administrators can configure the mobile device client to allow users to change the device management point. For more information about how to enable device management points, see How to Enable a Mobile Device Management Point.
For more information about the device management feature, see Mobile Device Management in Configuration Manager.

Network Access Protection for Configuration Manager

 

Site System Description
System Health Validator point
This site system must be installed in sites where you have a Windows Network Policy Server installed and configured with policies for Network Access Protection to enforce compliance with software updates.
For more information about Network Access Protection for Configuration Manager, see Network Access Protection in Configuration Manager.

Operating System Deployment

 

Site System Description
State Migration Point
The state migration point (SMP) is a Configuration Manager 2007 site role that provides a secure location to store user state information before an operating system deployment. You can store the user state on the SMP while the operating system deployment proceeds and then restore the user state to the new computer from the SMP. Each SMP site server can only be a member of one Configuration Manager 2007 site.
PXE Service Point
This site system must be installed to initiate the operating system deployment process for PXE deployments. The PXE service point must be configured to respond to PXE boot requests made by Configuration Manager 2007 clients on the network and then interact with Configuration Manager 2007 infrastructure to determine the appropriate deployment actions to take.
For more information about the Operating System Deployment feature, see Operating System Deployment in Configuration Manager.

Software Distribution

 

Site System Description
Distribution point
A site system that stores package source files received from a site server performs the distribution point role. Client computers contact distribution points to obtain programs and files after they have received software distribution advertisements. A distribution point can be a Windows Server or a Windows Server share. If you plan to provide a large number of packages to a site's client computers, consider assigning this role to one or more computers other than the site server.
Server distribution point site systems can be BITS-enabled to allow Configuration Manager 2007 clients to throttle network usage during package downloads. To install a BITS-enabled distribution point, IIS must first be installed on the site system computer and BITS-enabled in IIS.
noteNote
It is not supported for the same computer to be assigned the distribution point site system role for more than one Configuration Manager 2007 site.

This role can be assigned at any time after Configuration Manager Setup has completed.
noteNote
A distribution point site system role is automatically created during primary or secondary site setup. To install a site without a distribution point site system role, you can use a scripted installation method and specify the DistributionPoint=0 parameter.

Mobile device clients contact distribution points to obtain programs and files after they have received policy indicating content is available.
For more information about enabling distribution point support of mobile devices, see How to Enable Distribution Points to Support Mobile Devices
Branch distribution point
The branch distribution point site system role allows smaller or distributed offices to host a distribution point on an existing client computer without requiring a secondary site to be set up. Branch distribution points provide an option for efficient package distribution to a small office with limited bandwidth. Branch distribution points function like standard distribution points, but can be installed on workstation-class computers and usually have a very limited number of client computers (often 10 or less).
For more information about the software distribution feature, see Software Distribution in Configuration Manager.

Software Updates

 

Site System Description
Software update point
The software update point site system role is created on a server that has Windows Server Update Services (WSUS) 3.0 installed. The software update point is required before software updates can be synchronized, assessed for compliance on clients, and deployed. There can be multiple site system servers with the software update point site system role, but only one site system server can be configured as the active software update point. When the site is in native mode, an additional active Internet-based software update point can be assigned to a remote site system server that allows communication from only Internet-based client computers.
This role can be assigned at any time after Configuration Manager Setup has completed. For more information about planning for and configuring the software update point, see Planning for the Software Update Point Installation.
For more information about the Software Updates feature, see Software Updates in Configuration Manager.

Out of Band Management

 

Site System Description
Out of band service point
Applies only to Configuration Manager 2007 SP1 and later.
A site system role that discovers, provisions, and manages desktop computers that have management controllers (such as AMT-based computers). This site system role works in concert with the out of band management component.
This role can be assigned at any time after Configuration Manager Setup has completed. For more information about planning for and configuring the out of band service point, see the following topics:
For more information about the out of band management feature, see Out of Band Management in Configuration Manager 2007 SP1 and Later.

Asset Intelligence

 

Site System Description
Asset Intelligence synchronization point
Applies only to Configuration Manager 2007 SP1.
Using this site system role, Microsoft Software Assurance license customers can request on-demand Asset Intelligence catalog synchronization with System Center Online or schedule automatic catalog synchronization to occur.
The Asset Intelligence synchronization point site system role must be installed at the central site of a Configuration Manager 2007 SP1 site hierarchy and on a computer in the same forest as the central site server computer.
For more information about the Asset Intelligence synchronization point site system role, see About the Asset Intelligence Synchronization Point.

SQL Reporting Services

 

Site System Description
Reporting services point
Applies only to Configuration Manager 2007 R2.
A site system role that is installed on a server running Microsoft SQL Server with the Reporting Services component installed. A reporting services point must be configured in order to use SQL Reporting Services with Configuration Manager 2007 R2.
This role can be configured at any time after Configuration Manager R2 setup has been completed. For more information about the reporting services point site system role, see How to Create a Reporting Services Point for SQL Reporting Services.

Thursday, 16 August 2012

SCCM 2007 R2: Installation in Windows Server 2008 - SCCM Installation




Before we are able to install SCCM 2007 R2 on the operating system platform Windows Server 2008 and to have Active Directory integration we need to fulfill some pre-requisites.
Following are the pre-requisites for SCCM 2007 R2:
§  Active Directory Schema has to be extended;
§  SCCM System Management Container has to be created in Active Directory;
§  Microsoft Remote Differential Compression feature has to be installed;
§  WebDAV has to be installed and configured in IIS;
§  BITS Server Extensions feature has to be installed;
§  WSUS Server 3.0 SP1 has to be installed.

1. Installation Pre-Requisites for SCCM 2007 R2 
In this part we are going to full fill the pre-requirements for installation of SCCM 2007 R2

1.1 Extend the Active Directory Schema
This task can only be executed whilst logged on with a user account that is member of the "Schema Admins” group in Active Directory. The account “Domain Admin” is member of this group.
Place the installation medium for SCCM 2007 SP1 and open a Windows Explorer.

Follow the path to:
%CD-ROM%\Z:\SMSSETUP\BIN\I386
In this location you will find the file:
EXTADSCH.exe
Start the extension of the Active Directory by double clicking the file "EXTADSCH.exe”
When the DOS Box disappears the extending part is done. Verify the extension by opening the file:
C:\ ExtADSch.log
If the actions was successful the .log file should contain the lines:

Successfully extended the Active Directory Schema

1.2 Create the Systems Management Container in Active Directory
For creating the System Management Container we need to be logged on to an Active Directory Domain Controller or need to have to "Remote Administration Tools" installed.

On a Domain Controller open the ADSI Edit snap-in.

§  Browse to the following location:
Domain\DC\CN=System
§  Right click the container “System” and select the option:
System\New\Object
The  "Create Object Wizard” appears. In the “Create Object” wizard select the option:

Container
Click on à Next
§  Enter the following values:
Value:                  System Management

Click on à Next


Click à Finish
The “System Management “container is now created.



1.2.1 Permissions on the System Management Container

To have SCCM being able to access the created container we need to change the permissions in this container.

§  Open the “Active Directory Users and Computers” snap-in.
§  Click on the menu option "View" and select “Advanced Features”. The "System" OU will now be visible.
§  Open the “System” OU and browse to “System Management”
§  Right click the “System Management” container and select the option:
Properties
Select the tab “Security”

§  Click on à Add
§  Click on à Object Types
§  Select the following “Object Types”:
(X)          Computers
(X)          Users

Click on à OK

§  Click on à Advanced

§  Click on à Find Now
Select the accounts of:
§  SCCM-Admin
§  %SCCM Server Account%
Click on à OK



Click on à OK


§  Grant the following permissions to the two selected accounts:
§  Read
§  Write
§  Create All Child Objects
§  Delete All Child Objects
Click on à Advanced


Select the account “SCCM-Admin” and click à Edit


Select the following options:
Apply to:             This object and all descendant objects
(X)          Apply these permissions to object and/or containers within this container
Click on à OK

Repeat these steps for the account “%SCCM Server Account%”



Click on à OK
  

Click on à OK to save the changes.
Now we have finished the creation of the System Management Container and setting the correct permissions,



1.3 Installation of Windows Server 2008 feature Remote Differential Compression

Logon to the SCCM Server to be and open the “Server Manager” snap-in. Select the "Features” option.

§  Click on à Add Features
§  Select the option:
(X)          Remote Differential Compression

Click on à Next
Click on à Install
Click on à Close when the installation is finished


1.4 Installation of the WebDAV extensions for IIS
The WebDAV extensions for IIS Server are not available in Windows Server 2008. You have to download the installation files separately and install them.     Download
§  Start the installation by double clicking on the file:     webdav_x86_rtw.msi
§  The installation wizard appears
Select the option:
(X)          I accept the terms in the License Agreement

Click on à Install
Click on à Finish when the installation is done.



1.4.1 Configuration of the WebDAV extensions in IIS Server Manager

To configure the WebDAV extensions for use with SCCM 2007 R2 follow the instructions in Microsoft's TechNet Document:



1.5 Installation of Windows Server 2008 BITS Extensions feature

Logon to the SCCM Server to be and open the “Server Manager” snap-in and select the option “Features”

§  Click on à Add Features
§  Select the option:

(X)          BITS Server Extensions

An additional feature component installation screen appears.

§  Click on à Add Required Role Services
§  Click on à Next
§  Click on à Next
§  Click on à Next
§  Click on à Install



1.6 Installation of WSUS Server 3.0 SP1

In this part of the article I will describe the installation of WSUS Server 3.0 SP1. WSUS Server 3.0 SP1 is being used by SCCM to deploy Windows Updates to managed systems. Also we will install update Kb954960 for WSUS Server 3.0 SP1. This update adds the latest product information which can be downloaded from the Microsoft Website.

The installation source for WSUS Server 3.0 SP1 can be downloaded here  
§  Start the installation of WSUS Server 3.0 SP1 by double clicking the file:     WSUSSetup_30SP1_x86.exe
§  The installation wizard appears:
§  Click on à Next
§  In the screen that appears select the option:
(X)         Full server installation including Administration Console

Click on à Next
§  In the screen that appears select the option:
(X)         I accept the terms of the License agreement

Click on à Next
§  In the screen that appears select the option:
(X)         Store updates locally
Location:     D:\WSUS\

Click à Next
§  In the sreen that appears select the option:
(X)         Use an existing database server in this computer

Click on à Next

Click on à Next
§  In the screen that appears select the option:
(X)         Create a Windows Server Update Services 3.0 SP1 Web site

This is because the “default website” will be used by SCCM 2007 R2

Click on à Next

Click on à Next

Click on à Finish
The configuration wizard for WSUS Server 3.0 SP1 appears automatically

 
§  Click on à Cancel
To stop the wizard. Configuration of WSUS Server will be done from the SCCM Console.



1.6.1 Installation WSUS Server 3.0 SP1 update Kb954960

This update can be downloaded from the Microsoft Website:     Download

Start the installation by double clicking on the file:     WSUS_30SP1_KB954960_x86.exe

The installation wizard appears:

§  Click on à OK
 Reboot the Server to initialize components


2. Installation SCCM 2007 SP1
In this part of the article I will describe the installation of Microsoft SCCM 2007 SP1. After this installation the update SCCM 2007 R2 will be installed.
Make sure that the server is connected to the internet as during the installation updates are downloaded from the Microsoft Website.

§  Place the installation medium for SCCM 2007 SP1.
The installation wizard will appear:

§  Click on à Run the prerequisite checker
§  In the screen that appears enter the following values:
(X)         Primary Site
SQL Server and instance, if applicable:                                %SCCM Server name%
SDK Server:                                                                                      %SCCM Server name%
Management point computer FQDN on the internet:   %SCCM Server name%. Domain name

Click on à OK

If the server passes all pre-requisites for installation of SCCM 2007 R2 close the pre-requisites check and restart the installation


2.2 Installation SCCM 2007 SP1

From the Welcome Screen select the option:

§  Click on à Install\Configuration Manager 2007 SP1
The installation wizard appears:
§  Click on à Next
§  In the screen that appears select the option:
(X)         Install a Configuration Manager site server

Click on à Next
§  From the screen that appears select the option:
(X)         I accept the license terms

Click on à Next
§  From the screen that appears select the option:
(X)         Custom Settings

Click on à Next
§  From the screen that appears select the option:
(X)         Primary Site

Click on à Next
§  From the screen that appears select the option:
(X)         No, I don’t want to participate right now

Click on à Next
§  From the screen that appears enter the license key if none is present and click on à Next
§  From the screen that appears enter the following value:
Installation path:      D:\Microsoft Configuration Manager

Click on à Next
§  From the screen that appears enter the following values:
Site Code:                          001
Site name:                         %Site name%

Click on à Next
§  From the screen that appears select the option:
(X)         Configuration Manager Mixed Mode

Click on à Next
§  From the screen that appears select the option:
(X)         Software Inventory
(X)         Hardware Inventory
(X)         Advertised programs
(X)         Software Updates
(X)         Software metering
(X)         Desired configuration management
(X)         Remote tools

Click on à Next
§  From the screen that appears enter the values:
SQL  Server and Instance, if applicable:               %SCCM Server name%
ConfigMgr site database:                                           SCCMDB

Click on à Next
§  From the screen that appears enter the correct value if not already entered:
Enter the appropriate location for the provider:                              %SCCM Servername%

Click on à Next
§  From the screen that appears select the following options:
(X)         Install a management point
%SCCM Server name%.%domain name%

Click on à Next
§  From the screen that appears select the option:
(X)         Use default port (80)

Click on à Next
§  From the screen that appears select the option:
(X)         Check for updates and download newer versions to an alternate path

Click on à Next
§  From the screen that appears enter the values:
Alternate path:                               D:\Temp\SCCM Updates

Note:     Make sure this path exists and/or create it in the background before clicking next

Click on à Next


Updates are downloaded from the Microsoft website.

Click on à OK
Click on à Next

Click on à Begin Install
§  After the installation has completed verify if all components have installed succesfully.
If so Click on à Next

§  Click on à Finish
This concludes the installation of SCCM Server 2007 SP1. Now continue with the installation of R2


2.3 Installation SCCM 2007 R2
In this part I will describe the installation of SCCM 2007 R2. The R2 additions of SCCM 2007 is an update to the already installed version SCCM 2007 SP1.

Start the installation by double clicking the file:
§  Installation media\Splash.hta
The installation wizard appears:
 
§  Click on à Install\Configuration Manager 2007 R2
§  Click on à Next
§  From the screen that appears select the option:
(X)         I accept the license agreement

Click on à Next
§  From the screen that appears enter the correct values for:
Name:
Organization:

Enter the license key of not already entered en click on à Next
§  From the screen that appears click on àNext
§  After the completion of the installation click on à Finish