An Introduction to Configuration Manager 2007 and MDT 2010

Discussion in 'Software' started by SimonD, Apr 29, 2010.

  1. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    I was once asked to put together some documentation to high light what Configuration Manager 2007 and MDT 2010 could do, with that in mind over the next couple of days I will be writing up a deployment guide on how to install Configuration Manager 2007 SP2 (R2) and MDT 2010 as well as how to capture and deploy a Windows 7 machine and to deploy Office 2007 and Adobe Reader to that machine.

    This will be a very long guide so please bear with me.

    Microsoft System Center Configuration Manager 2007 and Microsoft Deployment Toolkit (MDT) 2010 provide technology for deploying Windows operating systems, various applications including Office 2007 and Adobe Reader.

    Note: The infrastructure setup described here was for evaluation purposes only but can easily be modified for production use.

    Prerequisites

    Required Software

    Windows Server 2008 R2
    Windows 7
    SCCM 2007 with SP2 (and R2)
    SQL Server 2005 SP3
    Windows Automated Installation Kit (WAIK)
    Networking services, including DNS and DHCP
    Active Directory® Domain Services (AD DS)


    Machine Configurations

    There will be two different Windows 2008 R2 Hyper-V VM’s running for this guide, the first one will be running the following services installed:

    WINDC01

    • AD DS
    • DNS Server
    • DHCP Server​
    The system resources of the first server are as follows:-

    • 1 Processor running at 3 GHz
    • 1 gig ram
    • 25 gig OS disk partition
    • One CD-ROM or DVD-ROM drive​


    WINSCCM01 

    This server will be running SCCM 2007 SP2 (R2), SQL 2008 and MDT 2010 with the following services installed:

    • Windows Deployment Services
    • Windows Software Update Services
    • IIS 7.5​

    The system resources of this computer are as follows:-

    • 2 Processor running at 3 GHz
    • 2 gig ram
    • 25 gig OS disk partition
    • 2 x 10 gig partitions for SQL Data and Logs
    • 1 x 40 gig partition for the Distribution Point
    • 1 CD-ROM ​

    I will also be using a reference computer which currently has no operating system installed.

    WINREF01

    The system resources of that computer are as follows:-

    • Processor running at 3 GHz
    • 1 gig ram
    • 16 gig OS disk partition
    • 1 CD-ROM drive​

     
    Step 1: Prepare the Prerequisite Infrastructure

    This guide assumes that Windows Server 2008 R2 is installed and configured with the following settings:
    (Installing Windows Server 2008 R2 and Active Directory is not within the scope of this guide).

    • Static IPv4 address: 192.168.2.21
    • Subnet mask: 255.255.255.0
    • Default Gateway: 192.168.2.1
    • Server name: WINSCCM01
    • Active Directory Domain Service ​
    o Domain DNS name: Colchester.Home
    o Domain NetBIOS Name: Colchester
    o Forest Functional Level: Windows Server 2008​

    Step 1-1: Pre-Configuration Manager Installation Tasks

    Before Configuration Manager can publish site data to Active Directory Domain Services, the Active Directory schema must be extended to create the necessary classes and attributes, the System Management container must be created, and the primary site server’s computer account must be granted full control of the System Management container and all of its child objects. Each site publishes its own site-specific information to the System Management container within its domain partition in the Active Directory schema.
    Extending the Active Directory schema is a forest-wide action and must only be done once per forest. Extending the schema is an irreversible action and must be done by a user who is a member of the Schema Admins Group or by someone who has been delegated sufficient permissions to modify the schema.
    Four actions need to be taken in order to successfully enable Configuration Manager Clients to query Active Directory Domain Services to locate site resources:

    • Extend the Active Directory schema.
    • Create the System Management container.
    • Set security permissions on the System Management container.
    • Enable Active Directory publishing for the Configuration Manager site.​

     
    Step 1-2: Extending the Active Directory Schema

    The Active Directory schema was previously updated by running the ExtADSch.exe file located in the SMSSETUP\BIN\I386 folder on the Configuration Manager 2007 installation media. The ExtADSch.exe file does not display output when it runs; however, it does generate a log file in the root of the system drive called extadsch.log, the results of which can be found at the end of this section, it indicates whether the schema update completed successfully or whether any problems were encountered while extending the schema.

    • Ideally you would back up the System State on the Domain Controller that holds the Schema Master role
    • Disconnect the Schema Master Domain Controller from the network.
    • Run extadsch.exe located at \SMSSETUP\BIN\I386 on the installation media, to add the new classes and attributes to the Active Directory schema.
    • Verify that the schema extension was successful by reviewing the extadsch.log located in the root of the system drive.
    • If the schema extension procedure was successful, reconnect the schema master domain controller to the network and allow it to replicate the schema extensions to the global catalogue servers throughout the Active Directory forest.
    • If the schema extension procedure was unsuccessful, restore the schema master's previous system state from the backup created in step 1 to reverse the schema extension actions before reconnecting the schema master domain controller to the network.​
     
    Step 1-3: Creating the System Management container in AD

    Microsoft System Center Configuration Manager 2007 does not automatically create the System Management container in Active Directory Domain Services, when the schema is extended. The container needs to be created once for each domain that includes a Configuration Manager Site server that will publish site information to Active Directory Domain Services. To manually create the System Management container using ADSIEdit, do the following steps:-

    • Log on as an account that has the Create All Child Objects permission on the System container in Active Directory Domain Services.
    • Open the ADSIEdit MMC console, and connect to the domain in which the site server resides.
    • In the console pane, expand DOMAIN [computer fully qualified domain name of one of the Domain Controllers], expand <DC=Colchester, DC=Home>, and right-click CN=System. On the context menu, click New and then click Object.
    • In the Create Object dialog box, select Container and click Next.
    • In the Value field, type System Management and click Next.
    • Click Finish.​

    Do not close ADSIEDIT down yet.

    Step 1-4: Configuring Security Permissions on System Management container

    After the System Management container was created in Active Directory Domain Services, the primary site server's computer account was granted the necessary permissions to publish site information to the container. I carried this out by doing the following:-

    • In the console pane, expand the site server's domain, expand DC= DC=Colchester, DC=Home, expand CN=System, and right-click CN=System Management. On the context menu, click Properties.
    • In the CN=System Management Properties dialog box, click the Security tab.
    • I clicked Add to add WINSCCM01 and granted the account Full Control permissions.
    • Click “Advanced”, select WINSCCM01 and click “Edit”
    • In the Apply onto list, select “This object and all descendant objects”
    • Click “OK” (3 times)​

    Step 1-5: Site System Roles – IIS7.5 Installation

    Configuration Manager requires the WebDAV component to be installed and enabled on the management points and BITS-enabled distribution points. The WebDAV component is now included in Windows Server 2008 R2 whereas previous versions of 2008 server required that the component be downloaded and configured manually.

    • In Server Manager, on the “Features” node, start the “Add Features Wizard”
    • On the “Select Features” page, select “BITS Server Extensions”
    • When prompted, click “Add Required Role Services” to add the dependent components, including the Web Server (IIS) role
    • On the “Select Features” page, select “Remote Differential Compression”, and then click “Next”
    • On the “Web Server (IIS)” page, click “Next”
    • Under “Security”, select “Windows Authentication”
    • On the “Select Role Services” page, under “IIS 6 Management Compatibility”, select “IIS 6 WMI Compatibility”
    • Under “Application Development”, select “ASP.NET” and “ASP”, when prompted, click “Add Required Role Services” to add the dependent components
    • On the “Confirmation” page, click “Install”, and then complete the rest of the wizard
    • Ensure that everything installed correctly and then Click “Close”​
    &#8195;
    Step 1-6: Site System Roles – SQL2005 Installation

    Configuration Manager 2007 SP2 (R2) requires an installation of SQL Server, in this instance I will be installing SQL 2005 with SP3 however there is no reason why you can’t install SQL 2008 SP1; this can either be a local install or a remote connection to a SQL farm.

    • Insert the installation media. If the “auto run” feature is disabled browse to the DVD drive and launch \Servers\default.hta
    • Click “Install – Server components, tools, Books Online, and samples”
    • Click “Run program”
    • Select “I accept the licensing terms and conditions” and click “Next”
    • Click “Install”
    • Click “Next”
    • Click “Next”
    • Review the System Configuration Check and click “Next”
    • Type the Name and the Company and click “Next”
    • Select “SQL Server Database Services” and “Workstation components, Books Online and development tools” and click “Next”
    • Make sure that “Default instance” is selected and click “Next”
    • Select “Use the built-in System account” and click “Next”
    • Make sure that “Windows Authentication Mode” is selected and click “Next”
    • Accept the default settings and click “Next”
    • Select if you want to help Microsoft build better products and click “Next”
    • Click “Install”
    • Click “Run program”
    • When the setup progress is completed click “Next”
    • Click “Finish” to complete the installation and Restart the Server​

    &#8195;
    Step 1-7: Site System Roles – SQL2005 SP3 Installation

    Launch “SQLServer2005SP3-KB955706-x64-ENU.exe”

    • On the Welcome Screen click “Next” to continue
    • Select “I accept the agreement”, and click “Next”
    • On the “Feature Selection” page, accept the defaults and click “Next”
    • On the Authentication page, accept the defaults and click “Next”
    • On the “Error and Usage Reporting Settings” page, accept the defaults and click “NEXT”
    • Click “Next”
    • Click “Install”
    • Click “Run program”
    • Click “OK”
    • Click “Next”
    • Click “Next”
    • Unselect “Launch the user Provisioning Tool” and click “Finish”​

    &#8195;
    Step 1-8: Site System Roles – WSUS 3.0SP2 Installation

    Windows Server 2008 R2 now ships with Windows Server Update Service 3.0 (WSUS) as a pre-installed role; this role is required in order to deploy patches to the Configuration Manager Clients.
    Click on the Server Manager and add the Windows Server Update Service role, a live internet connection is required to allow the Windows Server to download updated installation files, alternatively you can download and install the Windows Server Update Service 3.0 from here:

    http://support.microsoft.com/default.aspx/kb/972455

    If you download the file you will need to launch “WSUS30-KB972455-x64.exe”

    • Click “Next”
    • Select “Full Server installation” and click “Next”
    • Click “I accept the terms in the License Agreement” and then “Next”
    • Select “Store updates locally“ and type the location where you want to store the updates. Choosing a separate (dedicated) drive is highly recommended in production, but not required. For the installation carried out at we used the F:\WSUS folder on the server.
    • Click “Next”
    • Select “Use an existing database server on this computer”, and click “Next”
    • It will connect to the local SQL database
    • Click “Next”
    • Select “Create a Windows Server Update Service 3.0 SP2 Web Site” and click “Next”
    • Review the installation summary, and click “Next” to begin the installation
    • Click “Finish” to complete the installation
    • When the “Windows Server Update Service Configuration Wizard” appears click “Cancel”​

    Step 1-9: Manually Update the Server

    After installing SQL and all of the required roles it’s important to run a Windows Update on the server prior to installing SCCM 2007, ensure that you configure the updates to choose additional products as well (we want it to install any additional SQL updates post SP3). The updates should include Visual Studio and SQL 2005 updates.

    Once the updates have been installed please reboot the server.

    This is the end of this part of the guide. On the next part of the guide I will be going through the installation and configuration of Config Manager 2007 SP2 (R2)
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  2. ThomasMc

    ThomasMc Gigabyte Poster

    1,507
    49
    111
    Nice one Simon, this will come in very handy.
     
    Certifications: MCDST|FtOCC
    WIP: MCSA(70-270|70-290|70-291)
  3. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    Here is the second part of my guide on deploying and using Config Manager 2007 and MDT 2010.

    This part covers the installation and basic configuration of Config Manager 2007.

    Step 1-10: Configuration Manager 2007 SP2 Installation

    I installed System Center Configuration Manager using the following instructions into the environment. In this setup I used my Domain Admin account (Colchester\SDavies) for everything. One thing to note here, during this installation a live internet connection is required to allow the download of the latest setup files, it is possible however to pre-download these via the command line.

    • Browse to the C:\Software\SCCM folder and launch \Servers\default.hta
    • Click “Install – Configuration Manager 2007 SP2”
    • Select “Install a Configuration Manager site server” and click “Next”
    • Select “I accept these license terms” and click “Next”
    • Select “Custom settings” and click “Next”
    • Select “Primary site” click “Next”
    • Select “No, I do not want to participate right now” and click “Next”
    • Browse to the D Drive and choose that as the Installation location for Configuration Manager and click “Next”
    • Type the Site code (S01) and the Site name (Home, Colchester) and click “Next”
    • Select “Configuration Manager Mixed Mode” and click “Next”
    • Accept the defaults and click “Next”
    • Type the SQL server name (WINSCCM01) and the SCCM site database name (SMS_S01) and click “Next”
    • Type the SMS Provider (WINSCCM01) and click “Next”
    • Select “Install a management point” and type the FQDN name of the management point (WINSCCM01.Colchester.Home) and click “Next”
    • Select “Use the default port (80)” and click “Next”
    • Select “Check for updates…” and click “Next”
    • Type the path where the updates should be saved (F:\ sccm\updates) and click “Next”​

    Important: The folder specified must exist otherwise the step will fail.

    • When the prerequisite components has been downloaded click “OK”
    • Review the Settings Summary page and click “Next”
    • If all required prerequisite tests have completed successfully click “Begin Install”
    • After about 15 to 30 minutes all action should be completed. Click “Next”
    • Click “View Log” or open the C:\ConfigMgrSetup.log if you want to review the setup log file. Click “Finish” to close the wizard.​
    &#8195;
    Once the SP2 Installation was carried out you will then be required to install the R2 components, this is required for the added functionality that R2 offers.

    • Support for application virtualisation (App-V)
    • ForeFront Client Security integration.
    • Report on SCCM 2007 R2 using SQL Reporting Services
    • OS Deployment Improvements: Unknown Computer Support​

    Step 1-11: Configuring the WebDAV for BITS enabled DPs and MPs

    System Center Configuration Manager requires that the WebDAV extension be installed and enabled on the management points and distribution points for BITS.

    Enable WebDAV and create an Authoring Rule as follows:-

    • Open Internet Information Services (IIS) Manager
    • In the “Connections” pane, expand the “Sites” node in the tree, and then click Default Web Site
    • In the “Features View”, double-click “WebDAV Authoring Rules”
    • When the “WebDAV Authoring Rules” page is displayed, in the “Actions” pane, click “Enable WebDAV”
    • After WebDAV has been enabled, in the “Actions” pane, click “Add Authoring Rule”
    • In the “Add Authoring Rule” dialog box, under “Allow access to”, click “All content”
    • Under “Allow access to this content to”, click “All users”
    • Under “Permissions”, click “Read”, and then click “OK”​
    Change the property behaviour as follows:

    • In the “WebDAV Authoring Rules” page, in the “Actions” pane, click “WebDAV Settings”
    • In the “WebDAV Settings” page, under “Property Behaviour”, set “Allow anonymous property queries” to “True”
    • Set “Allow Custom Properties” to “False”
    • Set “Allow property queries with infinite depth” to “True”
    • In the “Action” pane, click “Apply”​
    IIS Authentication

    • In the “Features View”, double-click “Authentication”
    • Enable “Windows Authentication” and then Close Internet Information Services (IIS) Manager.​

    Step 1-12: Create the Required User and Service Accounts

    System Center Configuration Manager and SQL Server 2005 require user accounts during the installation process

    • SCCM_Admins AD Security Group for Centralised Management
    • SCCM_CliPush Account used for Remote Client installation.
    • SCCM_Network Network Access Account used to connect to the DP, MDT Shares and other shared folders​

    Step 1-13: Configure the Network Access Account

    The System Center Configuration Manager client needs an account to provide credentials when accessing the System Center Configuration Manager distribution points, MDT 2010 deployment shares, and shared folders. This account is called the Network Access account.

    To configure the Network Access account

    • In the Configuration Manager Console tree view, go to Site Database/Site Management/"SO1"/Site Settings/Client Agents.
    • In the details pane, right-click Computer Client Agent, and then click Properties.
    • In the Computer Client Agent Properties dialog box, click the General tab. In Network Access Account, in Account (domain\user), click “Set”
    • Complete the Windows User Account dialog box using the credentials created earlier then click “OK”
    • Close any open windows.​
    &#8195;
    Step 1-14: Configure the System Center Configuration Manager Site Boundaries

    The System Center Configuration Manager client needs to know the boundaries for the site. Unless the site boundaries are specified, the client assumes that the computer running System Center Configuration Manager is in a remote site. Add a site boundary based on the IP subnet or AD Name, in our case because it’s a single site, single subnet we can get away with just using the AD Name

    • In the Configuration Manager Console tree, go to Site Database/Site Management/"sitecode"/Site Settings/Boundaries.
    • In the Actions pane, click New Boundary.
    • Complete the New Site Boundary dialog box using the information and then click OK.
    • Close any open windows.​

    Step 1-15: Configure the Publishing of Site Information in AD DS and DNS

    The Configuration Manager client needs to locate the various Configuration Manager server roles. To do this we publish the Config Manager server details in AD and DNS.

    To modify the site properties to publish the site information in AD DS and in DNS do the following:-

    • In the Configuration Manager Console tree, go to Site Database/Site Management/"sitecode".
    • In the Actions pane, click “Properties”
    • Complete the Advanced tab of the Site Properties dialog box by performing the following steps, and then click “OK”
    • Select the “Publish this site in Active Directory Domain Services” box
    • Select the “Publish the default management point in DNS (intranet only)” box
    • Close any open windows.​

    Step 1-16: Configure the Drive to Be Used for Storing SCCM2007 Package Source Files

    To configure the drive for storing System Center Configuration Manager package source files do the following:-

    • In the Configuration Manager Console tree, go to Site Database/Site Management/"sitecode"/Site Settings/Component Configuration.
    • In the details pane, right-click “Software Distribution”, and then click “Properties”
    • In the Software Distribution Properties dialog box, in Drive on site server, type your drive letter, and then click OK.
    • Close any open windows.​

    Configuration Manager will by default use the drive with the largest amount of free space available to store files on, to stop this happening on unwanted drives simply place a 0 byte sized file called “NoSmsOnDrive.sms” at the root of each drive (obviously don’t do this on the Distribution Point drive (F)

    Step 1-17: Configure the System Center Configuration Manager Distribution Point to Be BITS Enabled

    To configure a distribution point to be BITS enabled do the following:-

    • In the Configuration Manager Console tree, go to System Center Configuration Manager/Site Database/Site Management/"site-code"/Site Settings/Site Systems/"server-name"
    • In the details pane, right-click ConfigMgr distribution point, and then click Properties.
    • In the ConfigMgr Distribution Point Properties dialog box, on the General tab, select “Allow clients to transfer content from this distribution point using BITS, HTTP, and HTTPS (required for device clients and Internet-based clients)” check box, and then click “OK”
    • Close any open windows.​

    The next part of the guide will cover the installation of MDT 2010.
    Please stay tuned.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  4. JK2447
    Highly Decorated Member Award 500 Likes Award

    JK2447 Petabyte Poster Administrator Premium Member

    Top Poster
    of the Month

    7,191
    945
    318
    Thanks mate. I'll eagerly await your SCCM guide I've just volunteered you do (due to popular demand!) :biggrin
    No seriously spot on. SCCM and SCOM on my radar. Deployed a security patch with SCCM earlier this week and was impressed with it but I need to know a lot more. Jim
     
    Certifications: VCP4, 5, 6, 6.5, 6.7, 7, 8, VCAP DCV Design, VMConAWS Skill, Google Cloud Digital Leader, BSc (Hons), HND IT, HND Computing, ITIL-F, MBCS CITP, MCP (270,290,291,293,294,298,299,410,411,412) MCTS (401,620,624,652) MCSA:Security, MCSE: Security, Security+, CPTS, CCA (XenApp6.5), MCSA 2012, VSP, VTSP
    WIP: Google Cloud Certs
  5. Theprof

    Theprof Petabyte Poster

    4,607
    83
    211
    We purchased the software and I am also waiting for the MS-Press book to arrive... in the mean time, I am going to follow your guide and set this up in my virtual lab at home before doing this in production.

    Thanks Simon.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  6. SimonD
    Honorary Member

    SimonD Terabyte Poster

    3,681
    440
    199
    I will eventually finish off the MDT side of things, unfortunately what with me doing DPM, NPS (NAP) and a whole host of other things it's taking a little time to complete it.
     
    Certifications: CNA | CNE | CCNA | MCP | MCP+I | MCSE NT4 | MCSA 2003 | Security+ | MCSA:S 2003 | MCSE:S 2003 | MCTS:SCCM 2007 | MCTS:Win 7 | MCITP:EDA7 | MCITP:SA | MCITP:EA | MCTS:Hyper-V | VCP 4 | ITIL v3 Foundation | VCP 5 DCV | VCP 5 Cloud | VCP6 NV | VCP6 DCV | VCAP 5.5 DCA
  7. Theprof

    Theprof Petabyte Poster

    4,607
    83
    211
    I completely understand and I too am working on all kinds of things at the moment... I was going to start last night but I ended up adding an additional 500GB HD to my ESXi server so I can start working on SCCM... I will try tonight and see if I can get some stuff started.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  8. Theprof

    Theprof Petabyte Poster

    4,607
    83
    211
    So I just finished the installation of SCCM 2007... followed your guide and all is good... I'll be waiting for your other one to come.

    Thanks!
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.