Sign in to follow this  
anyweb

Part 3: SMS 2003 final configuration



1 post in this topic

anyweb    397

This guide assumes that you have first installed and configured IIS and then installed SMS as outlined here. In addition, you should have configured SMS as described here.

 

 

Step 1. Make sure the System Management container in Active Directory has the correct permissions for SMS.

 

In other words we will make sure the local computer (the server SMS is running on, in this case WINDOWS-DOBMTWV) has full access to this particular area in Active Directory. Normally we wouldn't grant Full Access but this is just for the purposes of getting SMS running. For more info on Creating and configuring the AD system management container For SMS see here.

 

Start up the Active Directory Users and Computers console.

 

Make sure that Advanced Features is selected under the View option.

 

advanced_features_is_selected_in_view.JPG

 

Once it is, in the left pane select System, and then scroll down to the System Management Container.

 

system_management_is_selected.JPG

 

Right-click it and choose properties, then select the Security tab (should be the third TAB in Windows 2003 Server SP1, it may be different in SP2.) Verify your SMS server computer account is listed ini the Group or user names, scroll down to check, if it is not there then add it by clicking on Add.

 

Click on Object types as in the screenshot below

 

add_computers_to_object_types.JPG

 

then select computers (by default it's not selected).

 

computer_object.JPG

 

Click on OK and then click on Advanced to expand the view, then Find now.

 

When you see your computer listed, highlight it and click OK. click ok again to add it to the Security tab.

 

found_it.JPG

 

Now that we have added it, we need to edit it's security permissions to make sure that the permissions apply to both the Container and child objects. So let's click on Advanced.

 

 

advanced_edit.JPG

 

 

At this point you should see your computername listed but with read permissions that apply only to This object only. We are going to change that to Full access to This object and all Child objects. to do so highlight our computername and click on Edit.

 

read_only.JPG

 

In the window that appears click the drop down menu called Apply onto: and select This object and all Child objects.

 

Once done, click on Full Control for the Allow permissions plus select 'Apply these permissions to onjects and /or containers within this container only.' Click ok when done. In an enterprise, please verify the correct AD permissions for this container and set them accordingly, for advice on this please visit technet.

 

full_permission.JPG

 

 

 

 

 

Step 2. Configure Client Agents

 

Now that we have attended to the 'gotcha' above, open the SMS administrator console and expand the site hierarchy/site name/site settings, then select the Client Agents as below:

 

client_agents.JPG

 

Double click on hardware Inventory client Agent on the right side and enable it.

 

hardware_inventory_client_agent.JPG

 

Set the inventory schedule to 1 day. Click ok to close.

 

 

For Software Inventory agent, set the schedule to 1 week.

 

software_inventory.JPG

 

Click on the inventory collection tab, and delete the default scan listed.

 

software_collection.JPG

 

Click on the yellow start and add files of type *.exe

 

then click on Set beside location, and enter %ProgramFiles%\ as the location so that it only scans that area for EXE files.

 

search_where.JPG

 

Make sure to remove the tick from the windows directory

 

exclude.JPG

 

Next you can enable the Advertised programs client agent , and under the General tab, select Enable software distribution to clients and that the New Program notification icon opens Add or Remove Programs.

 

advertised_program_client_agent_properties.JPG

 

Now click on the notification tab and set it accordingly

 

notifications.JPG

 

Next we have the Software Metering Client agent, enable it if you wish and set your schedule.

 

software_agent.JPG

 

Step 3. Client Installation Methods

 

In the left pane, select Client installation methods and double click on Client Push Installation Properties.

 

client_push.JPG

 

Enable it and take note of the warning.

 

client_push_warning.JPG

 

adjust your settings removing Servers and domain controllers from your choice of installing onto...

 

client_push_settings.JPG

 

Set your accounts to install software, in this example i used the domain administrator, but you should really setup a separate account and give it the appropriate permissions for SMS in AD by creating a user in your domain called SMSInstall and adding it to the domain admins group, and then adding it to the accounts Tab in the screenshot below.

 

 

client_push_account.JPG

 

Next click on the Advanced client tab and set your Installation Properties string to something like this

 

SMSSITECODE=WIN SMSCACHESIZE=8000

 

the above sets our SMS site code to WIN and the SMS cache size on the client to approx 8GB.

 

smssitecode.JPG

 

 

Step 4. Configure Discovery methods

 

In the Discovery section, you'll see 8 possibilities, of which we only need to configure 5, the first 2 are NT related (not needed), we do however need the Heartbeat Discovery setup and enabled, the next option is also not needed (Network discovery).

 

The final 4 options are all required (AD) so we'll set them accordingly.

 

Set the discovery methods to the following values:-

 

* Heartbeat Discovery every 1 hour

 

heartbeat_discovery.JPG

 

* Active Directory System Discovery 1 hour

* Active Directory User Discovery 1 hour

* Active Directory Security Group Discovery 1 hour

* Active Directory System Group Discovery 1 hour

 

Note: You may want to set these values to 1 minute in a lab environment.

 

We also need to tell SMS where to look for these computers and that is done in each of the 4 AD options above,

 

So bring up the Active Directory System Discovery properties and click on the Yellow star to add an Active Directory container

 

adsd_properties.JPG

 

In the Browse for Active Directory window, make sure Local Domain is selected and click ok.

 

browse_for_ad.JPG

 

when the Select New Container window comes up, click ok.

 

select_new_container.JPG

 

now your container is selected click ok to exit and do the same actions for each of the 3 remaining AD discovery methods.

 

adsproperties.JPG

 

that's it you are done, next we will create a package and advertise it to a collection and then distribute it !

 

cool !! :)

Share this post


Link to post
Share on other sites


Guest
This topic is now closed to further replies.
Sign in to follow this