1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SCCM setup

Discussion in 'Software' started by Theprof, Jan 19, 2011.

  1. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    So I've been making some really good progress and learning a lot about SCCM... I must of spent a good 3 months learning about the product, doing tests, proof of concept, then into production.

    Here's my setup:

    1 x Central site
    9 x Protected Branch Distribution points

    I deployed PXE on the central site and all is working well. To prevent accidental OS deployments to servers/workstations I setup a MAC address exclusion list, non mandatory tasks, and password protected the PXE boots.

    I also setup SQL server reporting services and imported all the reports within SCCM, linked the page to our Sharepoint site for quick and easy access.

    The next thing that's on my list is getting OSD working in our remote offices, my boss really wants this done so I have to get at it.

    Another one of my projects is getting a dashboard setup with reports such as client health, etc...


    Anyways I have a feeling I'll be working on this for the next few months so it should be interesting.

    Rant over :biggrin
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  2. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    I may be asking for your help soon then mate, I have been dabbling with SCCM recently myself. I have a server setup with it on, but it's not working properly yet.

    I only need it because I'm trying to trial Endpoint Protection 2010 to see if it's worth using before our current AV licence runs out. I think it's ashame that you can't use FEP2010 without having SCCM in place though. We were hoping to implement FEP into some of the smaller orgs that we support, but the fact you need SCCM and full SQL server before you can even think about the AV could mean it's too expensive to put in place.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  3. SimonD

    SimonD Terabyte Poster Moderator

    3,463
    397
    199
    Forefront Client Security (the predecessor) for FEP also had quite strict requirements, you can actually just install the client component of both FEP and FCS without having the management point installed, they just utilise WindowsUpdate as the source for the AV\Malware updates.

    The reason MS decided to move FEP away from the direction of FCS is that FCS required an installation of Microsoft Operations Manager 2005 (bearing in mind we are up to SCOM 2007 now), it also required that you install it on specific OS\SQL versions.

    FEP as an end point client is lovely (I use it at home) but something to bear in mind is that MS also released Security Essentials to small businesses (up to 10 pc's) if you need something for smaller companies.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
    WIP: VCP6-CMA, VCAP-DCD and Linux + (and possibly VCIX-NV).
  4. Modey

    Modey Terabyte Poster

    2,397
    99
    154
    Yeah I heard about the small business version of essentials, but 10 clients is far too small really. Would be looking at least 100 as the smallest number of PCs to protect.
     
    Certifications: A+, N+, MCP, MCDST, MCSA 2K3, MCTS, MOS, MTA, MCT, MCITP:EDST7, MCSA W7, Citrix CCA, ITIL Foundation
    WIP: Nada
  5. NeedMoreSleep

    NeedMoreSleep Bit Poster

    11
    1
    18
    Are you implementing mixed or native (SSL) mode with SCCM? I deployed SCCM with native mode and for the sake of my quickly greying hair I wish I'd gone the easy route and selected mixed.

    If you've deployed SCCM in native mode, here's one thing that had me scratching my head for a while when particular clients wouldn't connect to the PXE service point for OSD. Check the clock settings in the BIOs of your clients and make sure they're in sync with your domain. It makes sense now thinking about it but not one single piece of documentation I read mentioned it.
     
    Certifications: MCSA+Messaging
    WIP: MCITP:Enterprise Admin
  6. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Running it in Mixed mode actually... I know people use Native for a PKI infrastructure, etc.. but we don't have that plus Mixed seems to fulfill all of our requirements. I actually just finished up setting up SUP and running a successful sync between WSUS and SCCM. I am starting to learn more on how to deploy updates, etc.. and first thing I've found out is that there are no more approvals, declines, etc.. in SCCM. Everything has to be done live by an admin. Of course you can create scripts, etc and things like update lists which I will be looking at later, but it's definitely a whole new ball game.

    Also due to PXE boot requirements for our remote sites, I had to change our SCCM design a little, I changed all my Branch Distribution Points to Secondary sites as PXE is not supported on Branch Distribution Points.

    Great product though, it's the first time I use something like this and the deeper I get into to it, the more I realize who much I don't know!
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA

Share This Page

Loading...