Jump to content


anyweb

how can I install SCCM 2007 in Windows Server 2008

Recommended Posts

I install the KB941078 update because that's what SCCM prerequisite checker reported, I have NOT even install the SCCM 2007 SP1.

 

 

what peter meant was : You can install this patch on computers(64 Bit) which has SCCM console if you have any issues with software update Addresses brwose Dialog Box otherwise,you may ignore this warning and proceed further installation of SCCM.

Share this post


Link to post
Share on other sites

what peter meant was : You can install this patch on computers(64 Bit) which has SCCM console if you have any issues with software update Addresses brwose Dialog Box otherwise,you may ignore this warning and proceed further installation of SCCM.

 

Correct, that's indeed what I meant. :) So in this case, just ignore the error.

Share this post


Link to post
Share on other sites

Hi

 

I have used this guide to deploy SCCM 2007 R2 + SP2 (then upgraded to R3 afterwards) in Mixed Mode in a test lab environment on a Windows Server 2008 R1 + SP2 (32bit) using MS SQL 2008 R2 STD. We are planning on running it on a Windows Server 2008 R2 (64bit) virtual machine on Hyper-V once we decide to go production. I have also installed FEP 2010 extension to the SCCM site server. I have managed to deploy a basic SCCM agent & FEP 2010 agent. I do have quite a couple of questions that I need answered as accurately as possible:

 

Lab Environment questions:

 

1.) MS SQL: In out organisation we tend to install SQL using Mixed Mode authentication and specifying an SA password in addition to a Windows Authentication Mode account. When I did the prerequisite checks for SCCM, it was not to happy about the mixed mode authentication for SQL and advised that I should switch to Windows authentication only - which I ended up doing.

 

1.1)Why is it a problem for SCCM if one specifies an additional SA authentication?

 

1.2) In your guide you specified the local administrator (%hostname%\administrator) account of the server as the account to use under Database Engine Configuration > Account Provisioning during SQL setup. We usually specify a domain account here - would this be an issue and where else would this change affect SCCM's setup and configuration?

 

Also keep in mind that in Windows Server 2008 R2 the local administrator account is disabled by default. We also have more than one domain/network administrator(s) working on all systems so I do not want to bind it to one of those accounts.

 

We usually create resource accounts under a "Resources" OU specifically targeting each specific service like say Symantec Backup Exec, SCCM, FEP, Sharepoint etc. What is your take/feeling on this?

 

Can we use the %Domain%\SMSAdmin account that is created later in the guide or do you advise on creating another one altogether? If another account is to be created, what do you suggest we call it and what type on roles/rights (domain users, domain admin etc) do we give it under active directory? (keeping in mind the naming convention SMSAdmin, SMSRead etc)

 

1.3) Do I need to open the Firewall for SQL as explained at the bottom/last step in the guide to install SQL?

 

1.4) Should I leave the instance name as default or is it preferred to change it to another named instance?

 

2.) SCCM 2007 prerequisites:

 

2.1) Extend AD schema: When using EXTADSCH.EXE to extend the schema, do I run this on the SCCM server or the domain controller itself? Yes, I am aware that the account used for it must be part of the Schema Admin group

 

2.2) During SCCM prerequisites it is required to either install WebDAV on Server 2008 or add it as a role on Server 2008 R2. Once this is done the guide explains to enable WebDAV in IIS and also create a Authoring Rule to "allow access to" > "All Content" and "allow access to this content to" > "specified roles or groups" > as "ADMINISTRATOR". What "administrator" account and/or role is this referring to? It does not seem to recognize a location type of structure (i.e. %localhost% > users/groups/computers or %domain% > users/groups/computers)?!?!? To be quite honest I can type in any rubbish and it just accepts it - obviously it will cause WebDAV not to work correctly but this is a concerning point for possible error. Should I not specify another account or role? Maybe a domain account or role? Also I noted that later in the guide you added SMSadmin to WebDAV as well? Why not just add SMSadmin only in the first place instead of this "administrator" account?

 

3.) Prerequisites passed - Now installation of SCCM 2007 R2 + SP2

 

3.1.) During installation of SCCM, one reaches a point "Updated Prerequisites Components". From what I can gather it either tries to download the prerequisites for clients and not SCCM server installation or requires that it be pointed to a directory that contains the latest prerequisites. Is this path extremely important as to what it should be or what structure it should follow? Does all other SCCM packages ect gets stored here? What is this directory used for exactly? I don't want to just thumb-suck a path and later find that I should have placed or structured it better.

 

4.) Installation done - creating boundries

 

It is noted in your give to guide: "You'll need to know your AD site name. The AD site name is by default called Default-First-Site-Name and you can change that in Active Directory sites and services just as long as the site name is the SAME in both AD and SCCM site boundries" Is this really necessary to rename the site in AD Sites & Services from "Default-First-Site-Name" to something else? If one does in fact change it, what impact does it have on any other services?

 

Production Environment:

 

1.) MS SQL: Since the production setup will have Windows Server 2008 R2 64bit as the OS instead of Windows Server 2008 R1 32bit, do I need to install SQL 2008 R2 in a 32bit mode, 32bit + 64bit mode or 64bit mode only?

 

***

 

I would like to take this opportunity to thank anyone for their feedback. I know I am asking a lot questions but I need these answered to understand and action a production plan as soon as possible

 

Thanks

CTV

Share this post


Link to post
Share on other sites

comments are given below :

I have used this guide to deploy SCCM 2007 R2 + SP2 (then upgraded to R3 afterwards) in Mixed Mode in a test lab environment on a Windows Server 2008 R1 + SP2 (32bit) using MS SQL 2008 R2 STD. We are planning on running it on a Windows Server 2008 R2 (64bit) virtual machine on Hyper-V once we decide to go production. I have also installed FEP 2010 extension to the SCCM site server. I have managed to deploy a basic SCCM agent & FEP 2010 agent. I do have quite a couple of questions that I need answered as accurately as possible:

 

Lab Environment questions:

 

1.) MS SQL: In out organisation we tend to install SQL using Mixed Mode authentication and specifying an SA password in addition to a Windows Authentication Mode account. When I did the prerequisite checks for SCCM, it was not to happy about the mixed mode authentication for SQL and advised that I should switch to Windows authentication only - which I ended up doing.

 

1.1)Why is it a problem for SCCM if one specifies an additional SA authentication?-------->Microsoft recommends configuring the SQL Server for Windows Authentication as a best practice, but don't require it. SCCM 2007 will only use Windows Authentication. There's lots of articles and blogs on this topic (SQL auth vs. Windows auth). So yes, you can use SQL 2007 running in mixed mode. http://social.technet.microsoft.com/Forums/en/configmgrsetup/thread/d226de01-d540-4e90-b780-615b07966665

 

1.2) In your guide you specified the local administrator (%hostname%\administrator) account of the server as the account to use under Database Engine Configuration > Account Provisioning during SQL setup. We usually specify a domain account here - would this be an issue and where else would this change affect SCCM's setup and configuration?---->You can specify domain account as well which is should be member of Local admin group on the server.Thsi account is used to connect to Database Engine and a service also created for this (depens on the instances you select Either Default or Named).

 

Also keep in mind that in Windows Server 2008 R2 the local administrator account is disabled by default. We also have more than one domain/network administrator(s) working on all systems so I do not want to bind it to one of those accounts.

 

We usually create resource accounts under a "Resources" OU specifically targeting each specific service like say Symantec Backup Exec, SCCM, FEP, Sharepoint etc. What is your take/feeling on this?--->i didnt get what do you mean by this really ? If i understood correctly ,you have resource records(computer accounts) for SCCM,symantec ,FEP in a OU.Do you want know if you can place all these resource records in One OU or Not ?

 

Can we use the %Domain%\SMSAdmin account that is created later in the guide or do you advise on creating another one altogether? If another account is to be created, what do you suggest we call it and what type on roles/rights (domain users, domain admin etc) do we give it under active directory? (keeping in mind the naming convention SMSAdmin, SMSRead etc) ---->It depends on the organisaiton how they create accounts .we do have se-sa-sms-xxxx but the account which is used here(lab guide) smsadmin has full previliges on SCCM site server (who is member of sms admin group and local admin group as well). No, you do not have to be a domain admin to use the console. The basic rights required are:

**Account should Member of the SMS Admins group ,should have proper DCOM rights and Security rights to the objects trying to access.

1.3) Do I need to open the Firewall for SQL as explained at the bottom/last step in the guide to install SQL?----->Yes, you need to have these ports open .By default these are open until it is bloked by administrator.

1.4) Should I leave the instance name as default or is it preferred to change it to another named instance? -->If you dont have any other databases installed except SCCM let say for Ex: APP-V OR MEd-V or some other application database ,then you can with default .if the default instance is already used and if you want to have different Log in ,you can go with named and you should provide this(instance name\username) while logging into SQL server Database .More about Instances

 

Named Instance:A named instance is determined by the user during Setup. It is identified by an instance name specified during installation of SQL Server. The client must provide both the computer name and the instance name to connect to SQL Server 2008. There can be multiple named instances running on a computer. The user can install SQL Server as a named instance without installing the default instance first. The default instance could be an installation of SQL Server 2000, SQL Server 2005, or SQL Server 2008. Only one installation of SQL Server, regardless of the version, can be the default instance at one time.

 

 

Default Instance:A default instance does not require a client to specify the name of the instance to make a connection. A default instance is identified solely by the name of the computer on which the instance is running. It does not have a separate instance name. Clients specify only the computer name in their requests to connect to SQL Server. There can be only one default instance on any computer, and the default instance can be any version of SQL Server.

 

 

2.) SCCM 2007 prerequisites:

 

2.1) Extend AD schema: When using EXTADSCH.EXE to extend the schema, do I run this on the SCCM server or the domain controller itself? Yes, I am aware that the account used for it must be part of the Schema Admin group------>You can run from any DC.

 

2.2) During SCCM prerequisites it is required to either install WebDAV on Server 2008 or add it as a role on Server 2008 R2. Once this is done the guide explains to enable WebDAV in IIS and also create a Authoring Rule to "allow access to" > "All Content" and "allow access to this content to" > "specified roles or groups" > as "ADMINISTRATOR". What "administrator" account and/or role is this referring to? It does not seem to recognize a location type of structure (i.e. %localhost% > users/groups/computers or %domain% > users/groups/computers)?!?!? To be quite honest I can type in any rubbish and it just accepts it - obviously it will cause WebDAV not to work correctly but this is a concerning point for possible error. Should I not specify another account or role? Maybe a domain account or role? Also I noted that later in the guide you added SMSadmin to WebDAV as well? Why not just add SMSadmin only in the first place instead of this "administrator" account?

 

3.) Prerequisites passed - Now installation of SCCM 2007 R2 + SP2

 

3.1.) During installation of SCCM, one reaches a point "Updated Prerequisites Components". From what I can gather it either tries to download the prerequisites for clients and not SCCM server installation or requires that it be pointed to a directory that contains the latest prerequisites. Is this path extremely important as to what it should be or what structure it should follow? Does all other SCCM packages ect gets stored here? What is this directory used for exactly? I don't want to just thumb-suck a path and later find that I should have placed or structured it better.------> Yes.the path is required and when the actual SCCM server installation started,it uses these update files and place them under SCCM Drive:\client\i386 which is used for SCCM client instllation prerequisists.

 

You can use the syntax to download the patches to a specific folder using G:\SMSSETUP\BIN\I386\SETUP.EXE /download D:\prereq

 

4.) Installation done - creating boundries

 

It is noted in your give to guide: "You'll need to know your AD site name. The AD site name is by default called Default-First-Site-Name and you can change that in Active Directory sites and services just as long as the site name is the SAME in both AD and SCCM site boundries" Is this really necessary to rename the site in AD Sites & Services from "Default-First-Site-Name" to something else? If one does in fact change it, what impact does it have on any other services?------>If you have only one site(which is usually in LAB) not in produciton usually,then you can provide the default AD site name or IP range can be used as bounadaries.

Basically AD site is One or more IP subnets. Generally this refers to a physical site such as a portion of the organization in particular city or part of a city which is linked by leased lines or other media to other parts of the organization

If default site is changed whcih is already configured in SCCM(default site),systems will be be unmanageble there by,wont recieve any policies /information from Management point.

Advantages of AD site Boundaries--- http://technet.micro...y/bb633084.aspx

 

Production Environment:

 

1.) MS SQL: Since the production setup will have Windows Server 2008 R2 64bit as the OS instead of Windows Server 2008 R1 32bit, do I need to install SQL 2008 R2 in a 32bit mode, 32bit + 64bit mode or 64bit mode only? ---->I would go with SQL server 64 Bit only

 

***

 

I would like to take this opportunity to thank anyone for their feedback. I know I am asking a lot questions but I need these answered to understand and action a production plan as soon as possible

Share this post


Link to post
Share on other sites

comments are given below :

I have used this guide to deploy SCCM 2007 R2 + SP2 (then upgraded to R3 afterwards) in Mixed Mode in a test lab environment on a Windows Server 2008 R1 + SP2 (32bit) using MS SQL 2008 R2 STD. We are planning on running it on a Windows Server 2008 R2 (64bit) virtual machine on Hyper-V once we decide to go production. I have also installed FEP 2010 extension to the SCCM site server. I have managed to deploy a basic SCCM agent & FEP 2010 agent. I do have quite a couple of questions that I need answered as accurately as possible:

 

Lab Environment questions:

 

1.) MS SQL: In out organisation we tend to install SQL using Mixed Mode authentication and specifying an SA password in addition to a Windows Authentication Mode account. When I did the prerequisite checks for SCCM, it was not to happy about the mixed mode authentication for SQL and advised that I should switch to Windows authentication only - which I ended up doing.

 

1.1)Why is it a problem for SCCM if one specifies an additional SA authentication?-------->Microsoft recommends configuring the SQL Server for Windows Authentication as a best practice, but don't require it. SCCM 2007 will only use Windows Authentication. There's lots of articles and blogs on this topic (SQL auth vs. Windows auth). So yes, you can use SQL 2007 running in mixed mode. http://social.technet.microsoft.com/Forums/en/configmgrsetup/thread/d226de01-d540-4e90-b780-615b07966665

 

1.2) In your guide you specified the local administrator (%hostname%\administrator) account of the server as the account to use under Database Engine Configuration > Account Provisioning during SQL setup. We usually specify a domain account here - would this be an issue and where else would this change affect SCCM's setup and configuration?---->You can specify domain account as well which is should be member of Local admin group on the server.Thsi account is used to connect to Database Engine and a service also created for this (depens on the instances you select Either Default or Named).

 

Also keep in mind that in Windows Server 2008 R2 the local administrator account is disabled by default. We also have more than one domain/network administrator(s) working on all systems so I do not want to bind it to one of those accounts.

 

We usually create resource accounts under a "Resources" OU specifically targeting each specific service like say Symantec Backup Exec, SCCM, FEP, Sharepoint etc. What is your take/feeling on this?--->i didnt get what do you mean by this really ? If i understood correctly ,you have resource records(computer accounts) for SCCM,symantec ,FEP in a OU.Do you want know if you can place all these resource records in One OU or Not ?

 

Can we use the %Domain%\SMSAdmin account that is created later in the guide or do you advise on creating another one altogether? If another account is to be created, what do you suggest we call it and what type on roles/rights (domain users, domain admin etc) do we give it under active directory? (keeping in mind the naming convention SMSAdmin, SMSRead etc) ---->It depends on the organisaiton how they create accounts .we do have se-sa-sms-xxxx but the account which is used here(lab guide) smsadmin has full previliges on SCCM site server (who is member of sms admin group and local admin group as well). No, you do not have to be a domain admin to use the console. The basic rights required are:

**Account should Member of the SMS Admins group ,should have proper DCOM rights and Security rights to the objects trying to access.

1.3) Do I need to open the Firewall for SQL as explained at the bottom/last step in the guide to install SQL?----->Yes, you need to have these ports open .By default these are open until it is bloked by administrator.

1.4) Should I leave the instance name as default or is it preferred to change it to another named instance? -->If you dont have any other databases installed except SCCM let say for Ex: APP-V OR MEd-V or some other application database ,then you can with default .if the default instance is already used and if you want to have different Log in ,you can go with named and you should provide this(instance name\username) while logging into SQL server Database .More about Instances

 

Named Instance:A named instance is determined by the user during Setup. It is identified by an instance name specified during installation of SQL Server. The client must provide both the computer name and the instance name to connect to SQL Server 2008. There can be multiple named instances running on a computer. The user can install SQL Server as a named instance without installing the default instance first. The default instance could be an installation of SQL Server 2000, SQL Server 2005, or SQL Server 2008. Only one installation of SQL Server, regardless of the version, can be the default instance at one time.

 

 

Default Instance:A default instance does not require a client to specify the name of the instance to make a connection. A default instance is identified solely by the name of the computer on which the instance is running. It does not have a separate instance name. Clients specify only the computer name in their requests to connect to SQL Server. There can be only one default instance on any computer, and the default instance can be any version of SQL Server.

 

 

2.) SCCM 2007 prerequisites:

 

2.1) Extend AD schema: When using EXTADSCH.EXE to extend the schema, do I run this on the SCCM server or the domain controller itself? Yes, I am aware that the account used for it must be part of the Schema Admin group------>You can run from any DC.

 

2.2) During SCCM prerequisites it is required to either install WebDAV on Server 2008 or add it as a role on Server 2008 R2. Once this is done the guide explains to enable WebDAV in IIS and also create a Authoring Rule to "allow access to" > "All Content" and "allow access to this content to" > "specified roles or groups" > as "ADMINISTRATOR". What "administrator" account and/or role is this referring to? It does not seem to recognize a location type of structure (i.e. %localhost% > users/groups/computers or %domain% > users/groups/computers)?!?!? To be quite honest I can type in any rubbish and it just accepts it - obviously it will cause WebDAV not to work correctly but this is a concerning point for possible error. Should I not specify another account or role? Maybe a domain account or role? Also I noted that later in the guide you added SMSadmin to WebDAV as well? Why not just add SMSadmin only in the first place instead of this "administrator" account?

 

3.) Prerequisites passed - Now installation of SCCM 2007 R2 + SP2

 

3.1.) During installation of SCCM, one reaches a point "Updated Prerequisites Components". From what I can gather it either tries to download the prerequisites for clients and not SCCM server installation or requires that it be pointed to a directory that contains the latest prerequisites. Is this path extremely important as to what it should be or what structure it should follow? Does all other SCCM packages ect gets stored here? What is this directory used for exactly? I don't want to just thumb-suck a path and later find that I should have placed or structured it better.------> Yes.the path is required and when the actual SCCM server installation started,it uses these update files and place them under SCCM Drive:\client\i386 which is used for SCCM client instllation prerequisists.

 

You can use the syntax to download the patches to a specific folder using G:\SMSSETUP\BIN\I386\SETUP.EXE /download D:\prereq

 

4.) Installation done - creating boundries

 

It is noted in your give to guide: "You'll need to know your AD site name. The AD site name is by default called Default-First-Site-Name and you can change that in Active Directory sites and services just as long as the site name is the SAME in both AD and SCCM site boundries" Is this really necessary to rename the site in AD Sites & Services from "Default-First-Site-Name" to something else? If one does in fact change it, what impact does it have on any other services?------>If you have only one site(which is usually in LAB) not in produciton usually,then you can provide the default AD site name or IP range can be used as bounadaries.

Basically AD site is One or more IP subnets. Generally this refers to a physical site such as a portion of the organization in particular city or part of a city which is linked by leased lines or other media to other parts of the organization

If default site is changed whcih is already configured in SCCM(default site),systems will be be unmanageble there by,wont recieve any policies /information from Management point.

Advantages of AD site Boundaries--- http://technet.micro...y/bb633084.aspx

 

Production Environment:

 

1.) MS SQL: Since the production setup will have Windows Server 2008 R2 64bit as the OS instead of Windows Server 2008 R1 32bit, do I need to install SQL 2008 R2 in a 32bit mode, 32bit + 64bit mode or 64bit mode only? ---->I would go with SQL server 64 Bit only

 

***

 

I would like to take this opportunity to thank anyone for their feedback. I know I am asking a lot questions but I need these answered to understand and action a production plan as soon as possible

 

Hi

 

Thank you for your responces. On the specific questions:

 

We usually create resource accounts under a "Resources" OU specifically targeting each specific service like say Symantec Backup Exec, SCCM, FEP, Sharepoint etc. What is your take/feeling on this?--->i didnt get what do you mean by this really ? If i understood correctly ,you have resource records(computer accounts) for SCCM,symantec ,FEP in a OU. Do you want know if you can place all these resource records in One OU or Not ? Yes you did understand the situation correctly but not the question. Yes we put resource domain user accounts into an OU called "Resources". The question however is if this is good practice in the sense of having domain accounts specifically created as resources for specific services, say SCCM (SMS), FEP etc? Especially SCCM (SMS) as I am in the process of testing etc.

 

Furthermore, I am now totally lost on all the accounts that I may or may not need:

 

From what I can gather in the guide it's recommended to have 3 accounts, 1 SMSadmin, 2 SMSread, 3 preferably another account than SMSadmin to deploy agents (say SMSagent)? Am I getting this part correct?

 

Secondly, provided my understanding of the above mentioned accounts are correct, should I perhaps install SQL using Windows Authentication (as recommended by MS), but using the SMSadmin account specifically? or server a new one SMSsql or SMSdb? Would there be harm in using one account (say SMSadmin) for most things (including SQL) or do you suggest another account? I would prefer NOT to specify a local account ONLY on the site/sql server.

 

The reason I am asking all these questions is that I do not want to end up with too many accounts doing to many different things.

 

On the site server it automatically created a local group called "SMS Admins". It "appears" that I (my own domain account "domain\cvisser") was automatically added to this group? Is this due to the fact that I installed SCCM whilst being logged onto the site server's operating system using my credentials?

 

Who else needs to be part of this "SMS Admins" group? As mentioned earlier, we have more than one network/domain administrator that administers everything, we actually have a security group under AD created as "domain\ITC Admin" having our administrators individually added as members to it. Does this mean I need to specify "domain\ITC Admin" as part of this local "SMS Admins" group on the site server?

 

Lastly on my point 2.2 i asked the following but did not get your response or input on it:

 

"During SCCM prerequisites it is required to either install WebDAV on Server 2008 or add it as a role on Server 2008 R2. Once this is done the guide explains to enable WebDAV in IIS and also create a Authoring Rule to "allow access to" > "All Content" and "allow access to this content to" > "specified roles or groups" > as "ADMINISTRATOR". What "administrator" account and/or role is this referring to? It does not seem to recognize a location type of structure (i.e. %localhost% > users/groups/computers or %domain% > users/groups/computers)?!?!? To be quite honest I can type in any rubbish and it just accepts it - obviously it will cause WebDAV not to work correctly but this is a concerning point for possible error. Should I not specify another account or role? Maybe a domain account or role? Also I noted that later in the guide you added SMSadmin to WebDAV as well? Why not just add SMSadmin only in the first place instead of this "administrator" account?"

 

***

 

Thank you again for all your help! You have no idea how much its helping me as my deadline for production is looming around the next couple of days :(

Share this post


Link to post
Share on other sites

Thank you for your responces. On the specific questions:

 

We usually create resource accounts under a "Resources" OU specifically targeting each specific service like say Symantec Backup Exec, SCCM, FEP, Sharepoint etc. What is your take/feeling on this?--->i didnt get what do you mean by this really ? If i understood correctly ,you have resource records(computer accounts) for SCCM,symantec ,FEP in a OU. Do you want know if you can place all these resource records in One OU or Not ? Yes you did understand the situation correctly but not the question. Yes we put resource domain user accounts into an OU called "Resources". The question however is if this is good practice in the sense of having domain accounts specifically created as resources for specific services, say SCCM (SMS), FEP etc? Especially SCCM (SMS) as I am in the process of testing etc.----OU are basically created to segregate the account when it is required in applying Group polocies together.If you do not have any type of group polocies affecting to these Resources,I dont think ,it will harm to have all resources in one OU.

 

Furthermore, I am now totally lost on all the accounts that I may or may not need:

 

From what I can gather in the guide it's recommended to have 3 accounts, 1 SMSadmin, 2 SMSread, 3 preferably another account than SMSadmin to deploy agents (say SMSagent)? Am I getting this part correct? ----Yes,you would basically requires 3 types of Accounts (SCCM installation,Netowrk Acces Accoutnt and client push installation and Domain join Account if you use OSD).

 

Secondly, provided my understanding of the above mentioned accounts are correct, should I perhaps install SQL using Windows Authentication (as recommended by MS), but using the SMSadmin account specifically? or server a new one SMSsql or SMSdb? Would there be harm in using one account (say SMSadmin) for most things (including SQL) or do you suggest another account? I would prefer NOT to specify a local account ONLY on the site/sql server.----->Yes,I would prefer to go with Windows Authentication rather Other and use an account which has admin previliages locally usually it should be administator.If you want to do this with Smsadmin,you can make this as mem of Local admin but in production accounts will be created differently I suppose.

The reason I am asking all these questions is that I do not want to end up with too many accounts doing to many different things.

 

On the site server it automatically created a local group called "SMS Admins". It "appears" that I (my own domain account "domain\cvisser") was automatically added to this group? Is this due to the fact that I installed SCCM whilst being logged onto the site server's operating system using my credentials? --->Yes,You can correct,the account which is used to install SCCM on server,will be automatically added to SMS admin Group.

 

Who else needs to be part of this "SMS Admins" group? As mentioned earlier, we have more than one network/domain administrator that administers everything, we actually have a security group under AD created as "domain\ITC Admin" having our administrators individually added as members to it. Does this mean I need to specify "domain\ITC Admin" as part of this local "SMS Admins" group on the site server?------>its up to the organisation who want to adminster the SCCM console,You can create a sec group and this to SMS admin group later,you can add the users to sec group if they want to have access to SCCM console more about SCCM sec rights http://technet.microsoft.com/en-us/library/bb680788.aspx

 

Lastly on my point 2.2 i asked the following but did not get your response or input on it:

 

"During SCCM prerequisites it is required to either install WebDAV on Server 2008 or add it as a role on Server 2008 R2. Once this is done the guide explains to enable WebDAV in IIS and also create a Authoring Rule to "allow access to" > "All Content" and "allow access to this content to" > "specified roles or groups" > as "ADMINISTRATOR". What "administrator" account and/or role is this referring to? It does not seem to recognize a location type of structure (i.e. %localhost% > users/groups/computers or %domain% > users/groups/computers)?!?!? To be quite honest I can type in any rubbish and it just accepts it - obviously it will cause WebDAV not to work correctly but this is a concerning point for possible error. Should I not specify another account or role? Maybe a domain account or role? Also I noted that later in the guide you added SMSadmin to WebDAV as well? Why not just add SMSadmin only in the first place instead of this "administrator" account?"---->i think you dont have to specify the administrator or someother user account name.You can select all users and read permission to all.It doesnt make any issues if you do it so.This how it works in my LAB

 

***

 

Thank you again for all your help! You have no idea how much its helping me as my deadline for production is looming around the next couple of days :(

 

If you still miss something else which i couldn't answer ,someone can asssit you on this,.

Share this post


Link to post
Share on other sites

wow...many many thanks!

I've tried to install sccm and I failed 4-5 times :-/

finally I found your toturial, I followed it, and I was able to install SCCM 2007 SP2 on my Windows Server 2008 SP2 machine exactly same way! The only TRICKs was adding BITS Extension feature and installing WebDAV Extension (from here: http://learn.iis.net/page.aspx/350/installing-and-configuring-webdav-on-iis-7/)!

 

many thanks! :)

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.