Operating System Deployment

One of the most important features of SCCM is the Operating Systems Deployment (OSD). This is very helpful especially when rolling out new operating systems and applications to hundreds of computers.

Below are the proper configurations to make OSD works in SCCM.

1. Install WDS

2. Run WDS under Administrative Tools

3. Open the properties of the server and tab to PXE Response Settings. The setting should be 1 or higher.

This means we will not use WDS to respond in any PXE request, instead we will be using SCCM PXE role.

I have installed DHCP in the same server where WDS and SCCM are installed. I was having issue with DHCP PXE when using a separate DHCP server.

Open WDS > Properties of the server > Tab to DHCP. Check both options.

This settings will allow new booted computers to communicate with the SCCM server.

Install the PXE server role and configure the PXE response to zero. This means all PXE request will be handled by SCCM.

Configure the Computer Client Agent. Set a network access account that has read access to SCCM shared folders.

The Interval settings is the number of minutes that client agent will communicate to the SCCM server to check for updates.

Once a new computer is booted in the network it will communicate with the SCCM PXE and will look at the Boot Images.

Make sure that this boot images contains network and storage VISTA drivers.

Administrator can also enable cmd prompt support under boot images options. This allows you to troubleshoot network or storage issue.

Running ipconfig and diskpart commands can check whether the machine have a network or storage detected.

Make sure that the boot images are advertised in all distribution points.

The Operating System Images contains images of reference computers. In this example I have a Windows XP SP3 reference computer.

This is the same image or output file of programs such as Acronis and Norton Ghost.

The task sequence determines the step taken by a booted computer in the network once a PXE request has been received.

The Apply Network Settings should come next after Setup Operating System.

Advertise the task sequence to the desired computer collections.

Client Installation

Methods

1. Software Update Point - builtin of SCCM

2. Client Push - best method to use, but if there's a firewall this might not work.

a. Create an installation account that has administrator rights in client computers in the organization. A domain admin account is possible however it is also possible to create a user with just a local administrator right to the computers using group policy.

3. Manual installation

4. Group Policy - create a logon script that will check to see if the client is already installed, if not then install it.

Batch file Command:

\\SCCM\Client\CCMSetup.exe /mp:SCCM /logon SMSSITECODE=MIS

Place startup script somewhere accessible. Assign read rights to the domain computers group. It is better to assign rights to domain computers group so that activities happen just before the user login.

Configure a Group Policy to execute the login script.

Login to DC > Edit Default Domain Policy > Computer Configuration > Windows Settings > Scripts (Startup/Shutdown);

SMS TRACE - identify where things are going wrong. A log file parser and is incredibly usefull.

Installation, Configuration and Administration

SCCM 2007

- Desktop infrastructure management. Automation of rolling out new PC's, installing software, patch management, hardware inventory and a whole host of other things.

Prerequisite knowledge and abilities:

- AD and DHCP.

Windows 2008 and SCCM

- Much more complex than SCCM on Windows Server 2003 as Windows 2008 does not include WebDAV which is a critical part of SCCM 2007.

SCCM Site Servers & Roles

1. Site Server - The server on SCCM is installed.
2. Site DB server - server which SCCM resides. Requires SQL Server 2005 SP2 or above. It is recommended to install RS in a separate machine.
3. Component Server - some sccm software installed to fulfill an SCCM role.
4. Management point - sccm clients do not speak wih the main sccm site server. Communication is handled instead by intermediary servers known as mgt points.
5. Distribution point - houses sccm packages for clients.

Installation:

1. Extend the AD schema. (strongly recommended)

- \smssetup\bin\i386\extadcsh.exe

2. Download and install WSUS administration console. (WSUSSetup_30SP1_x86.exe) It is strongly recommended to have a separate WSUS server.

3. a number of hotfixes, windows remote mgt 1.1, use the prerequisite checker to see what is missing.

4. Open AD Users & Computers > Advanced view > Right click on System OU > Security > Add computer account of SCCM > full control > advanced > edit > apply onto this object and all child object.

Kick off the SCCM installer

1. Follow the setup > custom settings > primary site > site code: ABC , Site Name: Any name > mixed mode > check latest updates > follow the rest.

2. Download and install SCCM R2 update

Mixed Mode vs Native Mode

Mixed Mode

- supports sccm 2007 and sms 2003

- the downside is that it requires some kind of client approval before clients can be managed

- only http communication

Native Mode

- requies a PKI

- more secure, https communication is available

- provides support for Internet-based client mgt

SCCM R2 Update new features

- Application Virtualization Management

- Forefront Client Security Integration

- SQL Reporting Services Reporting

- Client Status Reporting

- Operating System Deployment Enhancements

Note: SCCM is not a real time application, once a changes is made in the console it is queued for later action. Patience is a virtue!

Senders

- used to communicate to other SCCM server located in other sites.

POST INSTALLATION TASKS

Enable Wake On LAN

- manage clients in the evening hours or off business hours, if for example deploying software or updates.

Enable a Management Point

- an sccm environment should have at least one management point. A mgt point is the communication transport from client to the SCCM server.

SITE SETTINGS

Site boundaries - identifies the client that is allowed to be manage by the SCCM server. (IP Subnet, AD Site, IP address range). This is very important, failure to do so can have multiple problems in the future. AD site is the recommended boundary type.

Create a new boundary > Site Settings > Boundaries > New Boundary > AD Site > browse for the site name.

Note: Rename the site name by using AD Sites and Services.

Verify that AD publishing is enabled (HIGHLY RECOMMENDED!)

Site Code > Properties > Advanced tab > Publish this site in AD DS.

Login to DC, Open AD Users & Computers > Enable advanced features in View > Domain name > System > System Management container. Once there's any item in SM container means SCCM publishing is working correctly.

This is also the reason why we enabled full control for the server account, so that it can access the systems container successfully.

Publish the default mgt point in DNS

Site Code > Properties > Advanced tab > Publish the default mgt point.

SITE/DEVICE DISCOVERY OPTIONS

1. Client, device user and group discovery methods.

AD system group - finds OU, Global groups, universal groups, nested groups, nonsecurity groups.

AD security group - searches for security group in AD.

AD Directory System - searches for system resources by polling the closest AD DC. This will pull out computers that are joined in the domain.

AD Directory User - not recommended

Network - most COMMON discovery. This does not only pulls items in your AD but also pulls other network devices such as printers, routers, etc. IF is it allowed in the Site boundary. But if the boundary is an AD Site boundary, devices that are not joined in the domain cannot be manage.

Heartbeat - keeps the sccm configuration database current.

Make sure this is enabled!

CLIENT AGENTS

Some of these options are enabled after installation of SCCM.

1. Hardware inventory - dictates on what schedule a hardware inventory will be performed. The default is every 7 days.

2. Software inventory - performs an inventory of all executables files, as well as other files, on a client computer.

3. Advertised programs - tells a client how often it should poll the SCCM server for policy updates.

4. Computer - used by clients to communicate with SCCM site systems.

5. Desired configuration management - makes clients periodically evaluate compliance status with configured baselines.

DISCOVERY AND COLLECTIONS

1. Enable a discovery method. e.g. AD discovery

Site settings > Discovery Methods > Properties of AD System Discovery > Change Polling Schedule > Browse the domain in general tab and enale AD System Discovery.

2. Computer Mgt > Richt click All Systems > Update Collection Membership > Refresh.

CLIENT DEPLOYMENT AND SUPPORT

1. Site Settings > Site Systems > Server name > Right click configMgr Mgt Pt > allow devices to use this mgt pt.

Configure a Fallback Status Point

- Another server having IIS 6.0 or higher, with no other SCCM critical roles, such as Management Points.

Right click Site Systems > New server > specify the new server > Fallback status point > Finish

Install BITS to client computers.

1. BITS 3.0 is included in Vista, 7 and Server 2008.

2. BITS 2.5 is included in XP SP3

To check if BITS is installed, navigate to System32 folder and look for qmgr.dll file

SCCM CLIENT INSTALLATION

Methods

- Software Update Point method

- Client Push method

- Manual installation

- Group Policy