SCCM setup

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

So I've been making some really good progress and learning a lot about SCCM... I must of spent a good 3 months learning about the product, doing tests, proof of concept, then into production.

Here's my setup:

1 x Central site
9 x Protected Branch Distribution points

I deployed PXE on the central site and all is working well. To prevent accidental OS deployments to servers/workstations I setup a MAC address exclusion list, non mandatory tasks, and password protected the PXE boots.

I also setup SQL server reporting services and imported all the reports within SCCM, linked the page to our Sharepoint site for quick and easy access.

The next thing that's on my list is getting OSD working in our remote offices, my boss really wants this done so I have to get at it.

Another one of my projects is getting a dashboard setup with reports such as client health, etc...


Anyways I have a feeling I'll be working on this for the next few months so it should be interesting.

Rant over

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I may be asking for your help soon then mate, I have been dabbling with SCCM recently myself. I have a server setup with it on, but it's not working properly yet.

I only need it because I'm trying to trial Endpoint Protection 2010 to see if it's worth using before our current AV licence runs out. I think it's ashame that you can't use FEP2010 without having SCCM in place though. We were hoping to implement FEP into some of the smaller orgs that we support, but the fact you need SCCM and full SQL server before you can even think about the AV could mean it's too expensive to put in place.

 

Forefront Client Security (the predecessor) for FEP also had quite strict requirements, you can actually just install the client component of both FEP and FCS without having the management point installed, they just utilise WindowsUpdate as the source for the AV\Malware updates.

The reason MS decided to move FEP away from the direction of FCS is that FCS required an installation of Microsoft Operations Manager 2005 (bearing in mind we are up to SCOM 2007 now), it also required that you install it on specific OS\SQL versions.

FEP as an end point client is lovely (I use it at home) but something to bear in mind is that MS also released Security Essentials to small businesses (up to 10 pc's) if you need something for smaller companies.

 

Yeah I heard about the small business version of essentials, but 10 clients is far too small really. Would be looking at least 100 as the smallest number of PCs to protect.

 

Are you implementing mixed or native (SSL) mode with SCCM? I deployed SCCM with native mode and for the sake of my quickly greying hair I wish I'd gone the easy route and selected mixed.

If you've deployed SCCM in native mode, here's one thing that had me scratching my head for a while when particular clients wouldn't connect to the PXE service point for OSD. Check the clock settings in the BIOs of your clients and make sure they're in sync with your domain. It makes sense now thinking about it but not one single piece of documentation I read mentioned it.

 

Running it in Mixed mode actually... I know people use Native for a PKI infrastructure, etc.. but we don't have that plus Mixed seems to fulfill all of our requirements. I actually just finished up setting up SUP and running a successful sync between WSUS and SCCM. I am starting to learn more on how to deploy updates, etc.. and first thing I've found out is that there are no more approvals, declines, etc.. in SCCM. Everything has to be done live by an admin. Of course you can create scripts, etc and things like update lists which I will be looking at later, but it's definitely a whole new ball game.

Also due to PXE boot requirements for our remote sites, I had to change our SCCM design a little, I changed all my Branch Distribution Points to Secondary sites as PXE is not supported on Branch Distribution Points.

Great product though, it's the first time I use something like this and the deeper I get into to it, the more I realize who much I don't know!