Jump to content


how can I configure SCCM 2007 in Windows Server 2008 - Part 1

Recommended Posts

Please note that this guide is designed to get you up and running with SCCM in a LAB Environment as quickly as possible, so server roles are not going to be separated unless otherwise stated. This guide is provided as is, if you find any errors please report them in the forums.




In a production environment please consult Technet for best practise, see below links:



Checklist for Required Post Setup Configuration Tasks

System Center Configuration Manager 2007


Best Practices:


Configuring Configuration Manager Sites for Best Performance

Checklist for Security Best Practices

Best Practices for Central and Primary Site Hardware and Software Configuration





This guide assumes you have first installed SCCM 2007 SP1. I would recommend that you do the Firefox application deployment test after completing these 3 parts, and then go through the Deploy Vista guide even if you are only going to Deploy Windows XP.

  • Like 2

Share this post

Link to post
Share on other sites

Step 1. Set site boundaries and verify site name is configured for Active Directory


Note: Configuration Manager 2007 sites are defined by boundaries. Boundaries are defined by IP subnets, Active Directory site names, IPv6 prefixes or Internet Protocol (IP) ranges. Clients are assigned to a specific Configuration Manager 2007 site based on the boundaries you specify. When adding boundaries to a site, you should ensure that each site has been assigned a unique set of boundaries. When more than one Configuration Manager site has been assigned the same boundary a situation known as overlapping boundaries occurs. Overlapping boundaries can cause errors in Configuration Manager client operations, and should be avoided.


You need boundaries or the clients will not find the nearest Distribution Point when they make a Client Location Request. The boundaries help them find the content at the nearest Distribution Point.



Open the SCCM Configmgr console to check the site boundaries and verify the the SCCM server site name is configured for active directory instead of the IP address (as it is by default). Configuration Manager 2007 clients are assigned to Configuration Manager 2007 sites based on the boundaries defined for the site. Boundaries are defined by IP subnets, Active Directory site names, IPv6 prefixes, IP ranges or a combination of these. We need to configure the Site Boundaries in order for auto-site assignment to succeed (the clients network location must fall within one of the configured boundaries for site assignment to succeed.


Configuration Manager 2007 boundaries are used to identify a roaming client's position in the Configuration Manager 2007 hierarchy, which in turn facilitates locating the nearest distribution points that host the content requested by clients. When a change in network location results in a client being outside its assigned site's boundaries, it relies on roaming behavior to locate content.


For more information about planning Configuration Manager 2007 site boundaries, see Planning Configuration Manager Boundaries, and for more information about content location, see Configuration Manager and Content Location (Package Source Files).




The boundaries node of the Configuration Manager console displays all boundaries defined for every site in the Configuration Manager 2007 hierarchy beneath the current site. Boundaries defined for SMS 2003 child sites before joining a Configuration Manager 2007 site hierarchy are not editable. To change the boundaries of an SMS 2003 child site, the pre-defined SMS 2003 boundary must be deleted and a new one created from within the Configuration Manager console.


Startup the SCCM Configmgr console and click on the + beside Site Management to expand that section.


Underneath that you'll have your SCCM Site Server name (in my case WIN), and underneath that we have the Sites settings.








You'll need to know your AD site name. The AD site name is by default called Default-First-Site-Name and you can change that in Active Directory sites and services just as long as the site name is the SAME in both AD and SCCM site boundries


Before change:-




below we have renamed the Default-First-Site-Name to windows-noob in Active directory sites and services




Open SCCM Configmgr and expand Site settings, click on the Boundaries node, right click the node and select New Boundary from the context menu.






Click on Type and change it to Active Directory Site




click on Browse and select the AD site name we configured earlier in AD sites and services.




click on ok to complete




click ok again and we can now see our SCCM Site boundary is setup in ConfigMgr.



  • Like 1

Share this post

Link to post
Share on other sites

Step 2. Setting and configuring the site system roles.


Open Active Directory Users and Computers and create two new Domain Users


SMSadmin and SMSread.




The SMSAdmin account should have Full Administrative priveledges on the SCCM server. To do this you can add the SMSadmin account to the Local Administrators Group on the SCCM Server.




Go back to SCCM ConfigMgr, expand Site Settings and Site Systems, and click on your Server name. You should see that several Roles are already installed (Component Server, distribution point, management point, site server, site system, site database server).




Right click your server name and choose New Roles. This will bring up the New Site Role Wizard.




Accept the defaults and click next.


Select Server Locator point, State Migration point, Reporting point and Software update point from the list.




Note: If you are not using the Configuration Manager AD schema *ie, if you have not extended the AD schema for SCCM as outlined here* , then you do need an SLP.For Server Locator point, however, if you plan on doing Build and Capture, then read below.


Select the Server Locator Point even though the AD schema has been extended for SCCM. This is because when doing Build and Capture of an Operating System, best practise means the computer is not domain joined, therefore it cannot get the information it needs (to install windows updates) from AD, it therfore retrieves the information from the SLP. Read this post for more info.




For State Migration point, click on the red exclamation mark to input a path to store the SMP data for example d:\smp this is where data will be stored during the OSD process if it has to be stored on the network.




Next up is the reporting point, leave it as it is




Then we will have the Software Update point, WSUS 3.0 sp1 or later must be installed to use this feature, but if you've followed my guide from start to finish you'll already have it (WSUS 3.1) installed.




Put a checkmark in Use this server as the active software update point, and click next, then leave the Sync source settings as they are.




Accept the Sync Schedule defaults




click next to see the classifications, choose the following Critical Updates, Definition Updates, Security Updates, Service Packs, Update Rollups, and Updates, then click the next button.




For Products to update, choose Office, SQL and Windows (Windows and Office will already be selected)




Set your language preferences, mine had Chinese, Korean, French and German pre-selected (odd...) I changed it to only English




finally you can review the summary.... click Finish




once done click close.




We can now see our roles in ConfigMgr.




Next step > SCCM 2007 SP1 configuration guide - Part 2


The guide covers:-


Configuring the Distribution Point (DP) and the Management Point (MP), adding Authoring rules in WebDav and changing WebDav settings, making sure the System Management container in Active Directory has the correct permissions for SCCM, checking and fixing errors in SCCM System Status.

Share this post

Link to post
Share on other sites

Extra information:


- If McAfee antivirus is installed on the server, the installation won't report error's, but the regkey's aren't written correctly, this can cause the server to malfunction whithouth generating helpfull logs. The McAfee antivirus should be disabled when installing the SCCM server.

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...