My previous article detailed one possible method to get SCCM 2007 installed and operational on a windows 2008 R2 server. Before you can begin to use the system for meaningful activities in a production or lab environment there are a few configuration tasks that need to be tackled. This article will aim to detail the main ones, provide some options on what settings to choose (where applicable) and bring the system to a state of readiness for my next article, which will tackle windows 7 deployment using SCCM.
Pre-requisites : A windows 2008 R2 server, SCCM 2007 installed as per my previous guide
The first stage is to define the scope of the SCCM site, that is, to which network ranges, AD sites, or AD objects that the site manages.
Locate & Expand < Site database ->Site Management -> Site Name -> Site Settings -> Boundaries > Right click, select 'new boundary'. Change the 'type' field to 'Active Directory Site' and select the Lan (or production) site as appropriate
At this point we need to create users within active-directory for different levels of access. (n.b this is one point at which personal judgement will apply - for a lab situation two users will suffice, for a production environment you may wish to use more granular settings and potentially groups).
Open 'Active Directory Users & Computers' and create a 'SMSread' and 'SMSadmin' user, having user and admin privileges respectively.
Next we will add most of the site roles required to operate a SCCM primary site. Locate < Site Management -> Site -> Site Settings -> Site Systems -> Site > Right click and select 'New Roles'. Accept the defaults as indicated in the first screen shot below, click next and then select the following rules.
Once you have selected the options as above, click next and set options as indicated below.
Server Locator Point -> Accept Defaults
State Migration Point -> Yellow Start and set path (c:\smp or as appropriate for production)
Reporting Point -> Accept Defaults
Software Update Point -> Accept Defaults on first screen, followed by 'use this server as the active software update point', then defaults twice, then select the update type, platform and languages as appropriate for your environment.
Next - Locate & Expand < Site Database -> Site Management -> Site -> Site Settings -> Site Systems -> Server > Double click the 'ConfigMgr' Distribution Point to bring up the properties window. Enable the ' Allow Clients to transfer content from this distribution point using BITS, HTTP and HTTPS' option and click OK.
This would be a useful time to check the correct operation of various SCCM components. Locate the site status view by navigating to < Site Database -> System Status -> Site Status -> Site -> Component Status & Site System Status>. For any components with errors check for recent operational messages and assuming all if well, clear the log and restart the server. At this point you should have all components operating with a 'warning' (yellow), or 'good' (green).
Navigate to < Site Database -> Site Management -> Site > Right click -> Properties and click the advanced tab. Ensure the 'Publish the site in active directory domain services' is checked.
The last large piece of configuration is to configure the client agents, those being the software instances which are installed on clients managed by the SCCM site to perform management, configuration and inventory functions.
Client Agent administration is controlled by expanding < Site Database -> Site Management -> Site -> Site Settings -> Client Agents > within SCCM management console.
For each of the agents configure the following options : (take note that these are LAB options, production environments will require consideration and planning).
Hardware Inventory Client Agent -> Enable and set appropriate schedule (5 minutes for LAB).
Software Inventory Client Agent -> Enable and set schedule ( 1 hour for LAB).
Advertised Programs Client Agent -> Enable and set ' new program notification opens add / remove programs ).
Computer Client Agent -> Enable and add user account for network communications ( for lab this is SMSread). In addition click the BITS tab and set 'apply to branch distribution points and all clients' & allow bits download outside throttling window.
Desired configuration Management Agent, enable and set schedule (5 minutes for LAB).
Remote Tools client Agent, enable and set 'users cannot change policy or notification settings'. Set Level of access allowed for XP or later clients to 'Full Control'. Click on security tab and add users to allow for control ( for production environments consider using groups for this ). Remote assistant tab, check both boxes and select full control. Remote desktop tab, select allow permitted viewers to connect using remote desktop.
Finally to ensure the agents are pushed to clients automatically we need to enable the installation method. Navigate to < Site Management -> Site -> Site Settings -> Client Installation Methods > Double Click client push installation. Enable 'client push to assigned resources' and ensure the 'workstations' box is ticked (servers & domain controllers are optional - for the lab we will leave them disabled). Select the accounts tab and select an account with suitable software installation permissions ( for the lab we will use SMSadmin ). Select the client tab and add ' SMSCACHESIZE=8000 ' to the installation properties.
The above configuration determines which agents are installed and which options are set for discovered clients. All that remains is to configure how clients within the scope of your SCCM server are discovered. Navigate to < Site Management -> Site -> Site Settings -> Discovery Methods > and for each of the options below perform the following configuration. Enable, select yellow start and find the local domain and set a schedule (for lab 5 minutes).
Active Directory System Group discovery
Active Directory Security Group Discovery
Active Directory System Discovery
Active Directory User Discovery
For the heartbeat discovery, set the schedule for 1 hour.
I hope this guide was of some use, it's my intention that this series of documents make the process a lot easier for the average user testing SCCM in a lab environment. Stay tuned for the next guide in the series 'how to deploy a windows 7 machine using SCCM2007'. Please visit my Blog for all of my technical articles, some of which aren't suitable for EE.