Jump to content


anyweb

how can I configure SCCM 2007 in Windows Server 2008 - Part 3

Recommended Posts

This guide assumes you have installed SCCM 2007 SP1 and then configured it as outlined here in Part 1 you must then do the additional configuration outlined in Part 2.

 

Step 1. Configure Client Agents

 

open the SCCM administrator console and expand the site Management/site name/site settings, then select the Client Agents as below:

 

client_agents.jpg

 

Double click on hardware Inventory client Agent on the right side and verify that it is enabled. Set the inventory schedule to 1 day (This is a LAB after all, in production you might want to use something less intensive, the default is 7 days). Click ok to close.

 

hardware_inventory_client_agent.jpg

 

For the Software Inventory agent, verify the schedule is set to 7 days.

 

software_inventory_client_agent.jpg

 

Click on the inventory collection tab, and delete the default scan listed.

 

inventory_collection.jpg

 

Click on the yellow star and add files of type *.exe

 

inventory_file_properties.jpg

 

then click on Set beside location, select Variable or Path name and enter %ProgramFiles%\ as the program path location so that it only scans that area for EXE files, Make sure to remove the tick from the windows directory

 

path_properties.jpg

 

 

software_inventory_client_agent_updated.jpg

 

Next you can enable the Advertised programs client agent , and under the General tab, verify that Enable software distribution to clients is enabled and select New Program notification icon opens Add or Remove Programs as per below screenshot.

 

advertised_programs_client_agent.jpg

 

 

Note: In the R2 release of ConfigMgr you will have an additional choice called Allow virtual application package advertisement

 

Now click on the notification tab and set it accordingly

 

advertised_programs_client_agent_notification.jpg

 

Next we will configure the Computer Client Agent properties,

 

Failure to configure this correctly or failure to configure it will lead to a failure in Operating system deployment with problems such as this one

 

for Network Access Account we need to enter an account to be used by Configuration Manager 2007 client computers to communicate with network resources. We can use the SMSread account we created earlier (in Step 3 of this guide).

 

 

Note: Be careful about what account you use as the Network Access Account, you should specify an account that has the minimum rights required, typically just enough to connect to your distribution point shares. It should never have domain admin rights. To see why, read this post.

 

 

 

computer_client_agent_properties.jpg

 

fill in the text you want displayed to your users in the Customization tab

 

customization_tab.jpg

 

leave the reminders tab as it is and then set our BITS settings like this, if you don't want any BITS throttling enabled, then select Not Configured. Also worth checking if you have any BITS Group Policies enabled as Group Policies will override any throttling settings you define here. Check with your AD Network Team responsible for GPO's.

 

bits.jpg

 

click apply and ok.

 

Set our Desired Configuration Management Agent schedule to 1 day

 

desired_configuration_management_agent.jpg

 

Let's leave Mobile device client agent settings as they are for now, and for Remote Tools client agent, set it as follows

 

remote_tools.jpg

 

add some permitted viewers (blank by default)

 

add_viewers.jpg

 

set your remote assistance settings to full control for both solicited and unsolicited remote assistance

 

remote_assistance.jpg

 

We will leave Network Access Protection, Software Metering and Software updates Client agent as they are for now.

Share this post


Link to post
Share on other sites

Step 2. Client Installation Methods

 

In the left pane of SCCM configmgr, select Client installation methods and double click on Client Push Installation.

place a checkmark in Enable Client Push Installation to assigned resources and take note of the warning

 

client_push_installation_warning.jpg

 

and then set your client push properties as below

 

client_push_properties.jpg

 

for Accounts, set the account to SMSadmin (this is fine for the lab environment, in production you should create a new user account such as SMSAdvCli and use that account for client installation only)

 

To successfully install the Configuration Manager 2007 client, the Windows user account used must have Local Administrative rights on the destination computer. If the install fails with all accounts in the list then the installation will be attempted using the computer account from the Configuration Manager 2007 site server. If the user account does not have Local Administrative permissions on the destination computer then the Client will not install.

 

[To grant a user local administrative permissions on a computer open up computer management, Local Users and Groups, Groups, Administrators and add the user you wish to be the local administrator].

 

user_account_for_client_push.jpg

 

Next click on the Advanced client tab and set your Installation Properties string to something like this

 

SMSSITECODE=WIN SMSCACHESIZE=8000

 

the above sets our SMS site code to WIN and the SMS cache size on the client to approx 8GB.

 

advanced_client_settings.jpg

Share this post


Link to post
Share on other sites

Step 3. Configure Discovery methods

 

discovery.JPG

 

The above table is taken from Technet.

 

Active Directory System Discovery – Discovers computers from the specified locations in Active Directory Domain Services.

 

Active Directory User Discovery - Discovers user accounts from the specified locations in Active Directory Domain Services.

 

Active Directory Security Group Discovery - Discovers security groups, including local, global, and universal groups from the specified locations in Active Directory Domain Services.

 

Active Directory System Group Discovery – Discovers additional information about previously discovered computers from the specified locations in Active Directory Domain Services. This information includes the OU and group membership of the computer. Active Directory System Group Discovery does not discover information about new resources that did not previously exist in the Configuration Manager site database.

 

Heartbeat Discovery – Used by active Configuration Manager clients to update their discovery records in the database. Because it is initiated by an active client, Heartbeat Discovery does not discover new resources.

 

Network Discovery – Searches your network infrastructure for network devices that have an IP address. This allows you to discover devices that might not be found by other discovery methods, including printers, routers, and bridges.

 

 

 

In the Discovery Methods section, select Heartbeat Discovery, and set the discovery to 1 hour (as this is a lab, this will discover our clients quickly, obviously in a Production Environment you will want to set the times differently).

 

heartbeat_discovery.jpg

 

For the below options, enable discovery and then set as follows

 

 

* Active Directory System Group Discovery 1 hour

* Active Directory Security Group Discovery 1 hour

* Active Directory System Discovery 1 hour

* Active Directory User Discovery 1 hour

 

 

Note: You may want to set these values to 1 minute in a lab environment.

 

ad_system_discovery.jpg

 

you should also check the Run discovery as soon as possible is ticked for all of the above.

 

We also need to tell SCCM where to look for these computers and that is done in each of the 4 AD options above,

 

So bring up the Active Directory System Group Discovery properties and click on the Yellow star to add an Active Directory container

 

In the New Active Directory Continer window, make sure Local Domain is selected and click ok.

 

browse_for_local_domain.jpg

 

when the Select New Container window comes up, click ok.

 

select_new_container.jpg

 

now your container is selected click ok to exit and do the same actions for each of the 3 remaining AD discovery methods.

 

container_is_selected.jpg

 

That's it you are done !! you can now test your SCCM server by adding clients to your Windows 2008 domain.

Share this post


Link to post
Share on other sites

Screenshots of the Configuration Manager client

 

Below are some screenshots of the Configuration Manager client installed using this guide on a Windows Vista Ultimate machine (test-pc).

 

Here's the control panel with some new icons from SCCM

 

 

configuration_manager_control_panel.jpg

 

and here is the Configuration Manager client General tab

 

configuration_manager_properties.jpg

 

the components tab...

 

configuration_manager_components.jpg

 

the Actions tab...

 

configuration_manager_actions.jpg

 

the Advanced tab...

 

configuration_manager_advanced.jpg

 

 

 

If you have pushed out the client install and you don't see the Configuration Manager listed in control panel, then make sure you are doing the client push installs with a user that has local administrative rights on the client pc, plus for troubleshooting check c:\windows\system32\ccmsetup and look at any LOG files present for errors.

Share this post


Link to post
Share on other sites

Configuring the Clients Firewall:-

 

If the configuration Manager client is NOT INSTALLING on your clients then verify that the firewall rules are set to allow SCCM traffic, or disable the firewall for testing...).

 

 

Next step > Create a package and then a program and advertise it to a collection and then distribute it

 

 

The guide covers:-

 

Creating the Package

Creating a Program for the package

Advertising the Package

Creating and updating distribution point

Share this post


Link to post
Share on other sites

Dear Anyweb,

 

I followed your article but there is something that I cannot understand...

 

For the Active Directory System discovery I specified an OU but the client is being install on all the computers and servers under a given site in Active Directory!!! How come, what I'm doing wrong? Is it related to the Software Update Point Client Installation? It is currently enabled. Client Push Installation is enabled too as per your article...

 

Thanks

 

 

Configuring the Clients Firewall:-

 

If the configuration Manager client is NOT INSTALLING on your clients then verify that the firewall rules are set to allow SCCM traffic, or disable the firewall for testing...).

 

 

Next step > Create a package and then a program and advertise it to a collection and then distribute it

 

 

The guide covers:-

 

Creating the Package

Creating a Program for the package

Advertising the Package

Creating and updating distribution point

Share this post


Link to post
Share on other sites

excellent post it helped me a lot.i installed sccm on a window 2008 server in a test environment.my setup is one server 2008 (domain+dns+dhcp),another server 2008 sccm installed and one client pc running xp is conncted to the domain.i did all the pre reuisite for sccm and sql 2005 and sccm on server 2 and the installation ws successful with out any error.i have configured active directory system management container permission for ccm server.

the site status is showing ok and i can see two folders created in the system management folder in active directory.but those folders are empty.but in my collection i can see only the computer running sccm (there must be three computers including DC) active directory.active directory system discovery is enabled.please help me ,i am diying for the past two weeks on this pleassssssssssssssssssssseeeeeeee

Share this post


Link to post
Share on other sites

Hi,

 

as I have posted to Part 2 of your config, I had problems with the Agents finding the SLP.

now after that is working, I've followed your guide to Advertise a Software Package, but it doesn't reach the Client.

 

I've changed the Organization name on the Computer Client Agent Properties dialog Customization tab but on my test machine (XP SP3) in Control Panel > Advertised Programs (no sure whats the real name my installation is German) the name doesn't change.

 

post-1-1219904081.jpg

 

So it seams that I'm still having some configuration issues here.

Hope someone can provide any hints on how to track this problem down.

 

Regards Stephan

Share this post


Link to post
Share on other sites

Hello. Are you able to see the computer on the collection?

 

If you go on the client computer in Conficuration Manager do you see the correct Assighnment code? Under Actions what do you see? Its the same as the guide?

Share this post


Link to post
Share on other sites

I've changed the Organization name on the Computer Client Agent Properties dialog Customization tab but on my test machine (XP SP3) in Control Panel > Advertised Programs (no sure whats the real name my installation is German) the name doesn't change.

 

Update your bootimage to update the change in there too.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.