Jump to content

We use cookies to let you log in, for ads and for analytics. OK


Part 3: SMS 2003 final configuration

  • This topic is locked This topic is locked
No replies to this topic

#1 anyweb



  • Root Admin
  • PipPipPip
  • 7,210 posts
  • Gender:Male
  • Location:Sweden
  • Interests:Deploying Operating systems and more with System Center Configuration Manager

Posted 24 February 2008 - 10:58 PM

This guide assumes that you have first installed and configured IIS and then installed SMS as outlined here. In addition, you should have configured SMS as described here.

Step 1. Make sure the System Management container in Active Directory has the correct permissions for SMS.

In other words we will make sure the local computer (the server SMS is running on, in this case WINDOWS-DOBMTWV) has full access to this particular area in Active Directory. Normally we wouldn't grant Full Access but this is just for the purposes of getting SMS running. For more info on Creating and configuring the AD system management container For SMS see here.

Start up the Active Directory Users and Computers console.

Make sure that Advanced Features is selected under the View option.

Attached File  advanced_features_is_selected_in_view.JPG   52.64KB   37 downloads

Once it is, in the left pane select System, and then scroll down to the System Management Container.

Attached File  system_management_is_selected.JPG   52.38KB   42 downloads

Right-click it and choose properties, then select the Security tab (should be the third TAB in Windows 2003 Server SP1, it may be different in SP2.) Verify your SMS server computer account is listed ini the Group or user names, scroll down to check, if it is not there then add it by clicking on Add.

Click on Object types as in the screenshot below

Attached File  add_computers_to_object_types.JPG   21.39KB   41 downloads

then select computers (by default it's not selected).

Attached File  computer_object.JPG   16.97KB   31 downloads

Click on OK and then click on Advanced to expand the view, then Find now.

When you see your computer listed, highlight it and click OK. click ok again to add it to the Security tab.

Attached File  found_it.JPG   57.78KB   33 downloads

Now that we have added it, we need to edit it's security permissions to make sure that the permissions apply to both the Container and child objects. So let's click on Advanced.

Attached File  advanced_edit.JPG   42.75KB   31 downloads

At this point you should see your computername listed but with read permissions that apply only to This object only. We are going to change that to Full access to This object and all Child objects. to do so highlight our computername and click on Edit.

Attached File  read_only.JPG   61.03KB   33 downloads

In the window that appears click the drop down menu called Apply onto: and select This object and all Child objects.

Once done, click on Full Control for the Allow permissions plus select 'Apply these permissions to onjects and /or containers within this container only.' Click ok when done. In an enterprise, please verify the correct AD permissions for this container and set them accordingly, for advice on this please visit technet.

Attached File  full_permission.JPG   40.3KB   34 downloads

Step 2. Configure Client Agents

Now that we have attended to the 'gotcha' above, open the SMS administrator console and expand the site hierarchy/site name/site settings, then select the Client Agents as below:

Attached File  client_agents.JPG   61.59KB   37 downloads

Double click on hardware Inventory client Agent on the right side and enable it.

Attached File  hardware_inventory_client_agent.JPG   26.21KB   32 downloads

Set the inventory schedule to 1 day. Click ok to close.

For Software Inventory agent, set the schedule to 1 week.

Attached File  software_inventory.JPG   26.72KB   35 downloads

Click on the inventory collection tab, and delete the default scan listed.

Attached File  software_collection.JPG   30.03KB   35 downloads

Click on the yellow start and add files of type *.exe

then click on Set beside location, and enter %ProgramFiles%\ as the location so that it only scans that area for EXE files.

Attached File  search_where.JPG   16.54KB   34 downloads

Make sure to remove the tick from the windows directory

Attached File  exclude.JPG   20.86KB   31 downloads

Next you can enable the Advertised programs client agent , and under the General tab, select Enable software distribution to clients and that the New Program notification icon opens Add or Remove Programs.

Attached File  advertised_program_client_agent_properties.JPG   35.69KB   31 downloads

Now click on the notification tab and set it accordingly

Attached File  notifications.JPG   33.89KB   33 downloads

Next we have the Software Metering Client agent, enable it if you wish and set your schedule.

Attached File  software_agent.JPG   18.23KB   30 downloads

Step 3. Client Installation Methods

In the left pane, select Client installation methods and double click on Client Push Installation Properties.

Attached File  client_push.JPG   31.71KB   39 downloads

Enable it and take note of the warning.

Attached File  client_push_warning.JPG   15.96KB   32 downloads

adjust your settings removing Servers and domain controllers from your choice of installing onto...

Attached File  client_push_settings.JPG   33.33KB   32 downloads

Set your accounts to install software, in this example i used the domain administrator, but you should really setup a separate account and give it the appropriate permissions for SMS in AD by creating a user in your domain called SMSInstall and adding it to the domain admins group, and then adding it to the accounts Tab in the screenshot below.

Attached File  client_push_account.JPG   40.39KB   34 downloads

Next click on the Advanced client tab and set your Installation Properties string to something like this


the above sets our SMS site code to WIN and the SMS cache size on the client to approx 8GB.

Attached File  smssitecode.JPG   25.08KB   32 downloads

Step 4. Configure Discovery methods

In the Discovery section, you'll see 8 possibilities, of which we only need to configure 5, the first 2 are NT related (not needed), we do however need the Heartbeat Discovery setup and enabled, the next option is also not needed (Network discovery).

The final 4 options are all required (AD) so we'll set them accordingly.

Set the discovery methods to the following values:-

* Heartbeat Discovery every 1 hour

Attached File  heartbeat_discovery.JPG   26.37KB   33 downloads

* Active Directory System Discovery 1 hour
* Active Directory User Discovery 1 hour
* Active Directory Security Group Discovery 1 hour
* Active Directory System Group Discovery 1 hour

Note: You may want to set these values to 1 minute in a lab environment.

We also need to tell SMS where to look for these computers and that is done in each of the 4 AD options above,

So bring up the Active Directory System Discovery properties and click on the Yellow star to add an Active Directory container

Attached File  adsd_properties.JPG   25.46KB   34 downloads

In the Browse for Active Directory window, make sure Local Domain is selected and click ok.

Attached File  browse_for_ad.JPG   24.4KB   34 downloads

when the Select New Container window comes up, click ok.

Attached File  select_new_container.JPG   12.28KB   37 downloads

now your container is selected click ok to exit and do the same actions for each of the 3 remaining AD discovery methods.

Attached File  adsproperties.JPG   27.62KB   35 downloads

that's it you are done, next we will create a package and advertise it to a collection and then distribute it !

cool !! :)
Microsoft MVP > Enterprise Client Management
My linkedin profile at > linkedin.com
Follow me on Twitter > ncbrady
Follow windowsnoob.com on Twitter > windowsnoob
My blog

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users