Professional Documents
Culture Documents
System Center Configuration Manager 2007: Reviewers Guide
System Center Configuration Manager 2007: Reviewers Guide
Reviewers Guide
Microsoft Corporation Published: 10/2/2007 Updated: 11/2/2007
Executive Summary
The intent of this whitepaper is to provide a framework for the evaluation of System Center Configuration Manager 2007. System Center Configuration Managerpreviously known as Systems Management Server represents a tremendous advancement over its well-regarded predecessor, now providing the control necessary to more effectively manage change in today's dynamic IT infrastructures. Manage the full deployment and update lifecycle with streamlined, policy-based automation; with enhanced insight into, and control over, assets and systems compliance; and with optimization for Windowsparticularly Windows Server 2008 and Windows Vistaand extensibility to customized administration experiences and third-party applications.
2006 Microsoft Corporation. All rights reserved. This document is developed prior to the products release to manufacturing, and as such, we cannot guarantee that all details included herein will be exactly as what is found in the shipping product. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. The information represents the product at the time this document was printed and should be used for planning purposes only. Information subject to change at any time without prior notice. wThis whitepaper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, Windows, the Windows logo, and Windows Server System are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Contents
Executive Summary ................................................................................................................................................................ 1 Navigation ................................................................................................................................................................................ 7 Windows Vista .........................................................................................................................................................................................7 Section 1: Exercise 5 Upgrading Clients to Configuration Manager ........................................................................7 Section 2: Exercise 3 Installing an SCCM Client .................................................................................................................7 Section 2: Exercise 3 Reporting Configuration Manager 2007 Client Deployment Status ..............................7 Section 5: Exercise 2 - Creating a Capture Media Task Sequence ................................................................................7 Section 5: Exercise 3 - Creating an Image of the Windows Vista Reference Computer .......................................7 Section 5: Exercise 4 - Deploying an OS Image Using Configuration Manager 2007 ..........................................7 Section 5: Exercise 5 - Installing the Image at the Target Client Computer .............................................................7 Section 5: Exercise 6 - Viewing Status for the Image Deployment ...............................................................................7 Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management ......................................................................................................................................................................................7 Section 7: Exercise 5 - Software Update Deployment Options ......................................................................................7 The Datacenter ........................................................................................................................................................................................7 Section 4: Exercise 1 - Configuring Maintenance Windows on Collections ..............................................................8 Section 4: Exercise 2 - Implementing the Maintenance Windows on the Configuration Manager Clients 8 Section 4: Exercise 3 - Distributing Software to the Configuration Manager Clients............................................8 Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management ......................................................................................................................................................................................8 Section 7: Exercise 5 - Software Update Deployment Options ......................................................................................8 Security .......................................................................................................................................................................................................8 Section 2: Exercise 1 - Preparing Active Directory for SCCM 2007 Integration .......................................................8 Section 4: Exercise 1 - Configuring Maintenance Windows on Collections ..............................................................8 Section 6: Exercise 1 - Configuring Configuration Manager Integration with WSUS ...........................................8 Section 6: Exercise 2 - Generating Update Status on the Configuration Manager Client ...................................8 Section 6: Exercise 3 - Generating Software Update Compliance Reports ................................................................8 Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management ......................................................................................................................................................................................8 Section7: Exercise 1 - Installing the System Center Updates Publisher.......................................................................8 Section7: Exercise 2 - Synchronizing Custom Updates with Configuration Manager...........................................8 Section 7: Exercise 3 - Generating Status of Custom Updates on the Configuration Manager Client...........8 Section 7: Exercise 4 - Generating Software Update Compliance Reports for Custom Updates ......................8 Section 7: Exercise 5 - Software Update Deployment Options ......................................................................................8 Section 8: Exercise 1 - Creating and Importing Configuration Items ..........................................................................8 Section 8: Exercise 2 - Creating Configuration Baselines ..................................................................................................8 Section 8: Exercise 3 - Scanning Configuration Manager Clients for Compliance .................................................8 Asset Intelligence ....................................................................................................................................................................................8
Section 9: Exercise 1 Editing the SMS_Def.mof ....................................................................................................................9 Section 9: Exercise 2 Viewing and Running Reports ..........................................................................................................9 Branch and Remote Management ..................................................................................................................................................9 Section 2: Exercise 3 Installing an SCCM 2007 Client ....................................................................................................9 Section 2: Exercise 4 - Reporting Configuration Manager 2007 Client Deployment Status .............................9 Section 4: Exercise 1 - Configuring a Branch Distribution Point ...................................................................................9 Section 4: Exercise 2 - Distributing Software to the Configuration Manager Client.............................................9 Section 5: Exercise 1 - Configuring Maintenance Windows on Collections .............................................................9 Introduction .......................................................................................................................................................................... 10 Evaluating Configuration Manager 2007 .................................................................................................................................. 10 The Microsoft Virtual Hard Disk Program ................................................................................................................................. 10 Configuration Manager Supported Configurations .............................................................................................................. 10 Client Hardware Requirements ................................................................................................................................................ 11 Supported Client Platforms ....................................................................................................................................................... 11 Mobile Device Client .................................................................................................................................................................... 12 SMS Client Embedded Operating System Support ......................................................................................................... 12 Configuration Manager 2007 Site Server System Requirements ..................................................................................... 13 Site System Hardware Requirements .................................................................................................................................... 13 Supported Site System Platforms.................................................................................................................................................. 13 Unsupported Client Platforms ................................................................................................................................................. 15 Unsupported Site Server Platforms .............................................................................................................................................. 15 Configuring SQL Server Site Database Replication in Configuration Manager 2007 .............................................. 16 Active Directory Schema Extensions ............................................................................................................................................ 16 Multi-Site Clients ................................................................................................................................................................................. 16 Support for Windows Server Clustering ..................................................................................................................................... 16 Support for Specialized Storage Technology ........................................................................................................................... 16 Storage Area Network Support ............................................................................................................................................... 16 Single Instance Storage Support ............................................................................................................................................. 17 Removable Disk Drive Support ................................................................................................................................................ 17 Computers in Workgroups .............................................................................................................................................................. 17 Remote Assistance Console Sessions..................................................................................................................................... 18 Fast User Switching ....................................................................................................................................................................... 18 Dual Boot Computers .................................................................................................................................................................. 18 Virtual Machines ............................................................................................................................................................................ 18 Interoperability Between Configuration Manager and SMS 2003 Sites........................................................................ 18 Section 1 : Upgrading SMS 2003 SP2 to System Center Configuration Manager 2007 .................................... 20 Objectives ............................................................................................................................................................................................... 20 Prerequisites .......................................................................................................................................................................................... 20 Exercise 1 Identifying an SMS 2003 stallation ................................................................................................................. 22
Exercise 2 Preparing to Upgrade SMS 2003 SP2 to Configuration Manager ...................................................... 22 Exercise 3 Upgrading SMS 2003 SP2 to Configuration Manager............................................................................. 27 Exercise 4 Identifying a Configuration Manager Installation ..................................................................................... 30 Exercise 5 Upgrading Clients to Configuration Manager ............................................................................................ 31 Section 2: Deploying System Center Configuration Manager 2007 ....................................................................... 38 Objectives ............................................................................................................................................................................................... 38 Prerequisites .......................................................................................................................................................................................... 38 Exercise 1 Preparing Active Directory for SCCM 2007 Integration ........................................................................ 38 Exercise 2 Installing Microsoft Configuration Manager 2007................................................................................... 42 Exercise 3 Installing an SCCM 2007 Client ....................................................................................................................... 47 Exercise 4 Reporting Configuration Manager 2007 Client Deployment Status ................................................ 54 Section 3: Implementing Branch Distribution Points in System Center Configuration Manager 2007......... 56 Objectives ............................................................................................................................................................................................... 56 Prerequisites .......................................................................................................................................................................................... 56 Exercise 1 Configuring a Branch Distribution Point ....................................................................................................... 58 Exercise 2 Distributing Software to the Configuration Manager Client ................................................................ 60 Section 4: Implementing Maintenance Windows for Software Distribution in System Center Configuration Manager 2007....................................................................................................................................................................... 71 Objectives ............................................................................................................................................................................................... 71 Prerequisites .......................................................................................................................................................................................... 71 Exercise 1 Configuring Maintenance Windows on Collections ................................................................................. 73 Exercise 2 Implementing the Maintenance Windows on the Configuration Manager Clients .................... 77 Exercise 3 Distributing Software to the Configuration Manager Clients ............................................................... 79 Section 5: Deploying Operating System Images Using System Center Configuration Manager 2007 .......... 89 Objectives ............................................................................................................................................................................................... 89 Before You Begin ................................................................................................................................................................................. 89 Exercise 1 Preparing the Environment for Configuration Manager OSD .............................................................. 91 Exercise 2 Creating a Capture Media Task Sequence.................................................................................................... 98 Exercise 3 Creating an Image of the Windows Vista Reference Computer ........................................................100 Exercise 4 Deploying an OS Image Using Configuration Manager 2007............................................................102 Exercise 5 Installing the Image at the Target Client Computer ................................................................................108 Exercise 6 Viewing Status for the Image Deployment .................................................................................................110 Section 6: Managing Microsoft Updates with System Center Configuration Manager 2007 ........................ 112 Objectives .............................................................................................................................................................................................112 Before You Begin ...............................................................................................................................................................................112 Exercise 1 Configuring Configuration Manager Integration with WSUS ..............................................................114 Exercise 2 Generating Update Status on the Configuration Manager Client .....................................................120 Exercise 3 Generating Software Update Compliance Reports ..................................................................................122 Exercise 4 Distributing Software Updates Using Configuration Manager Software Update Management
............................................................................................................................................................................................................124 Exercise 5 Validating Current Software Update Compliance ....................................................................................130 Section 7: Managing Custom Application Updates using Systems Center Configuration Manager 2007 . 133 Objectives .............................................................................................................................................................................................133 Before You Begin ...............................................................................................................................................................................133 Exercise 1 Installing the System Center Updates Publisher ........................................................................................135 Exercise 2 Synchronizing Custom Updates with Configuration Manager ............................................................136 Exercise 3 Generating Status of Custom Updates on the Configuration Manager Client .............................145 Exercise 4 Generating Software Update Compliance Reports for Custom Updates ........................................147 Exercise 5 Software Update Deployment Options .........................................................................................................150 Exercise 6 Validating Current Software Update Compliance ....................................................................................154 Section 8: Implementing Desired Configuration Management in System Center Configuration Manager 2007 ................................................................................................................................................................................................ 157 Objectives .............................................................................................................................................................................................157 Prerequisites ........................................................................................................................................................................................157 Exercise 1 Creating and Importing Configuration Items ...........................................................................................159 Exercise 2 Creating Configuration Baselines ...................................................................................................................164 Exercise 3 Scanning Configuration Manager Clients for Compliance ..................................................................167 Section 9: Implementing Asset Intelligence in System Center Configuration Manager 2007 ............................. 171 Overview ...............................................................................................................................................................................................171 Whats new ...........................................................................................................................................................................................171 Setup experience .........................................................................................................................................................................171 Additional reports .......................................................................................................................................................................171 Performance enhancements ...................................................................................................................................................171 Data enhancements ...................................................................................................................................................................172 Enabling the Asset Intelligence Reporting Classes ..............................................................................................................172 A Description of the Different Classes ......................................................................................................................................172 Exercise 1 Editing the SMS_Def.mof ....................................................................................................................................174 Estimating network Impact based on Reporting Classes ..................................................................................................175 Asset Intelligence Reports ..............................................................................................................................................................176 Exercise 2 Viewing and Running Reports ..........................................................................................................................176 Additional Resources .......................................................................................................................................................................177
Navigation
Within this evaluation kit you will find comprehensive evaluation guidance for System Center Configuration Manager 2007. In order to better suit your interests we have provided here for you a navigation checklist for some specific technology areas. Each of these modules is designed to assist you in your evaluation of a more specific feature that may cross multiple capabilities within the product. We hope this assists you in your evaluation of Configuration Manager, and we would welcome your comments. For each of these modules please follow the guidance for more specific sections and exercises.
Windows Vista
System Center Configuration Manager 2007 brings incredible value to your desktop estate. From planning, to deployment, to configuration management once in production, Configuration Manager drives return on your Windows desktop investment by enabling a secure, well managed infrastructure fabric to support your increasingly mobile client environment. We would like you to view the power of Configuration Manager for the desktop by evaluating a few capabilities. Configuration Manager client deployment, Windows Operating System deployment, Hardware and Software Inventory, as well as Desired Configuration Management, Software distribution and Software Update Management are key areas to reducing the cost of your desktops, increasing the security of your business, and supporting the demands for flexibility and mobility in an ever increasing wireless and mobile network. The below exercises will demonstrate for you the features specific to desktop management and security. Section 1: Exercise 5 Upgrading Clients to Configuration Manager Section 2: Exercise 3 Installing an SCCM Client Section 2: Exercise 3 Reporting Configuration Manager 2007 Client Deployment Status Section 5: Exercise 2 - Creating a Capture Media Task Sequence Section 5: Exercise 3 - Creating an Image of the Windows Vista Reference Computer Section 5: Exercise 4 - Deploying an OS Image Using Configuration Manager 2007 Section 5: Exercise 5 - Installing the Image at the Target Client Computer Section 5: Exercise 6 - Viewing Status for the Image Deployment Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management Section 7: Exercise 5 - Software Update Deployment Options
The Datacenter
System Center Configuration Manager 2007 is not just for desktops. There have been some significant features developed specifically with a Datacenter focus. From planning and building servers, to deployment Operating System including provisioning roles and specific capabilities, to managing your servers and workloads through security, corporate and regulatory compliancy requirements. System Center Configuration Manager 2007 in your Datacenter helps you gain automation, configuration control, and SLA performance success by managing your business needs, workload requirements and geographic challenges from one console. We would like to highlight for you the abilities Configuration Manager has for your datacenter with some capability demonstrations highlighted below. Operating System Deployment is a major focus in datacenters today, and simplifying the management of the steps and tasks associated with server design, build and provisioning, significantly reduces the costs of server deployment. Managing drivers is another challenge, and the Driver Catalog brings together the right tools you need to import, manage, collect and distribute the drivers your hardware needs to be running at peak performance. Once in production, Configuration Manager drives more value to your datacenter with abilities to manage your desired configurations, software updates and when change is required, tools to maximize your SLA agreements scheduling activities to minimize the business impact.
Section 4: Exercise 1 - Configuring Maintenance Windows on Collections Section 4: Exercise 2 - Implementing the Maintenance Windows on the Configuration Manager Clients Section 4: Exercise 3 - Distributing Software to the Configuration Manager Clients Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management Section 7: Exercise 5 - Software Update Deployment Options
Security
Security is a large focus for the business of any size, and System Center Configuration Manager 2007 brings security and control to all aspects of the modern organization. From the desktop to the datacenter, Configuration Manager weaves seamless security integration across every aspect of its capabilities. Whether it be deploying updates with an operating system activity, or delivering critical patches in an explicitly targeted, scheduled fashion, Configuration Manager gives you the ability to blanket your organization in a controlled manner with only the updates you require. This release of Software Update Management supports all of the categories from Microsoft, as well as providing the tools to deliver updates of 3rd party and Line of Business applications to those in office locations, branches and remote or internet based connections. System Center Configuration Manager supports Network Access Protection in Windows Server 2008, so for those critical updates you can limit network connectivity until Health Validation is successful. But security is not just about delivering updates. Security is also about how processes occur. Using certificate relationships, introducing network perimeter health validation, encryption of data transfer and storage, as well as supporting the broad scenarios your end users encounter such as internet connectivity or remote access points, across desktops, laptops and devices are important to you. Through all of this your business must remain productive, flexible and efficient while driving your security to new levels. Configuration Manager provides you this capability, helping you define process automation, configuration baselines and update strategies that meet your business needs. Below we highlight for you some examples of how Configuration Manager improves security for your business. In the following exercises we will demonstrate these capabilities, and show you how System Center Configuration Manager 2007 is the best choice for managing your business needs. Section 2: Exercise 1 - Preparing Active Directory for SCCM 2007 Integration Section 4: Exercise 1 - Configuring Maintenance Windows on Collections Section 6: Exercise 1 - Configuring Configuration Manager Integration with WSUS Section 6: Exercise 2 - Generating Update Status on the Configuration Manager Clien Section 6: Exercise 3 - Generating Software Update Compliance Reports Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management Section7: Exercise 1 - Installing the System Center Updates Publisher Section7: Exercise 2 - Synchronizing Custom Updates with Configuration Manager Section 7: Exercise 3 - Generating Status of Custom Updates on the Configuration Manager Client Section 7: Exercise 4 - Generating Software Update Compliance Reports for Custom Updates Section 7: Exercise 5 - Software Update Deployment Options Section 8: Exercise 1 - Creating and Importing Configuration Items Section 8: Exercise 2 - Creating Configuration Baselines Section 8: Exercise 3 - Scanning Configuration Manager Clients for Compliance
Asset Intelligence
Information technology expenditures comprise an increasing portion of IT budgetsIT assets can often account for more than half of an enterprises total asset base. With the changing nature of todays technology
and the complexity of network environments, enterprises find it difficult to track the IT assets they own. Without an accurate record of their IT assets, it is impossible for enterprises to determine if IT is providing value and to meet financial, regulatory and license compliance requirements. System Center Configuration Manager 2007 includes hardware and software inventory and software metering capabilities that help IT organizations understand exactly what hardware and software assets they have, who is using them, and where they are. Asset Intelligence translates the inventory data into information, providing rich reports that IT administrators can use to optimize hardware and software usage. This information is paramount to organizations planning their Windows Vista upgrade strategy. With Configuration Manager 2007, companies can make informed decisions about their IT assets, improve IT operations and mitigate compliance risks. We would like to demonstrate for you the abilities of the Asset Intelligence feature in System Center Configuration Manager 2007 with some exercises on configuring and reporting. As you navigate through these exercises, you will be shown how to configure the Asset Intelligence infrastructure as well as learn how to access the wealth of reports available. Section 9: Exercise 1 Editing the SMS_Def.mof Section 9: Exercise 2 Viewing and Running Reports
System Center Configuration Manager 2007 has extended scenario support for todays modern business beyond the corporate network. Infrastructure improvements within Configuration Manager now provide depth and breadth support to both low bandwidth branch environments, as well as mobile workforces. Configuration Manager now delivers management services to the branch environment by enabling the ability to dedicate non server class systems in a branch as part of the distribution infrastructure (such as a desktop class PC). This drastically reduces the need for remote infrastructure to provide management services to clients, enabling the ability to extend the secure well managed environment of Configuration Manager to geographically distributed network locations. Configuration Manager also has improved the support for the mobile workforce, by providing support for Internet Based Client Management services. The trend of laptop purchase and remote working increases the importance of being well managed, and Configuration Manager answers this challenge by using readily available internet connectivity for management services. We would like to demonstrate this to you by walking through a collection of exercises that show these capabilities. Section 2: Exercise 3 Installing an SCCM 2007 Client Section 2: Exercise 4 - Reporting Configuration Manager 2007 Client Deployment Status Section 4: Exercise 1 - Configuring a Branch Distribution Point Section 4: Exercise 2 - Distributing Software to the Configuration Manager Client Section 5: Exercise 1 - Configuring Maintenance Windows on Collections
Introduction
Welcome to the System Center Configuration Manager 2007 Reviewer Guide. The intent of this paper is to guide you through an evaluation of the product, including: Setup Configuration Feature evaluation The intent of this reviewers guide is to preview the product in a non production environment, and is not intended for production infrastructure. Due to the testing and potential broadcast or delivery of software updates, applications, operating systems, or policy, discovery or broadcasting of network traffic, it is not recommended to utilize this guidance for any real world deployment. For additional support and guidance on the deployment in production for your organization, please visit the new and improved Technet Technical library, where all product documentation and guidance is located. The link for this resource is: http://technet.microsoft.com/en-us/configmgr/default.aspx
The evaluation of a robust, comprehensive management toolset such as Configuration manager requires infrastructure to be managed. In other words, simply reviewing an installation of the product may not satisfy your needs. In order to provide a comprehensive review of Configuration Manager, you may want to perform actual deployments of software, updates, or operating systems, in addition to reporting. To better assist your review the structure of this guide has been based on some assumptions for the evaluation environment. You have downloaded the evaluation version of System Center Configuration Manager 2007. This can be found at the following link: o http://technet.microsoft.com/en-us/configmgr/bb736730.aspx You have a configured physical or virtual system that meets the minimum requirements of Configuration Manager. Your test environment has Active Directory installed You have appropriate credentials for your test environment.
As an alternative to preparing your own server installation, the VHD program is an option where you can download a time-bomb version of installed and configured System Center Configuration Manager 2007. If you have an installed environment ready for evaluation, this guide will still be of use, however exercises such as Configuration Manager Upgrade or Configuration Manager Install will not need to be done. These are referred to as Exercise 0 in each section. The Microsoft VHD format is a common virtualization file format that provides a uniform product support system, and provides more seamless manageability, security, reliability and cost-efficiency for customers. Using the power of virtualization, you can now quickly evaluate Microsoft and partner solutions through a series of pre-configured Virtual Hard Disks (VHDs). You can download the VHDs and evaluate them for free in your own environment without the need for dedicated servers or complex installations. System Center is represented in this program, and System Center Configuration Manager is available at the following link. http://www.microsoft.com/downloads/details.aspx?familyid=469af3b8-849d-4400-bded9024c3db759f&displaylang=en
10
Configuration Manager 2007 introduces changes to supported Microsoft Windows client system requirements from previous versions of Systems Management Server. Client Hardware Requirements The following table lists the minimum and recommended hardware requirements for Configuration Manager 2007 computer clients. For information about device client requirements, see Mobile Device Client later in this section.
Hardware Component Processor RAM Free Disk Space Requirement 233 MHz minimum (300 MHz or faster Intel Pentium/Celeron family, or comparable processor recommended) 128 MB minimum (256 MB or more recommended, 384 MB required when using operating system deployment) 350 MB minimum for a new installation, 265 MB minimum to upgrade an existing client (by default, the temporary program download folder on clients is preconfigured at client installation to automatically increase to 5GB if necessary and if 5 GB or more is available.). This space is not used until required for a download, so not immediately needed.
Supported Client Platforms Supported Configuration Manager 2007 client installation requires at least Windows 2000 Professional Service Pack 4. The following table lists the minimum Configuration Manager 2007 supported client operating systems. Note Microsoft provides support on the current service pack, and in some cases the immediately preceding service pack. To find the support timelines for your product, visit the Lifecycle Supported Service Packs Web site at http://go.microsoft.com/fwlink/?LinkId=31975. For additional information about Microsofts support lifecycle policy, visit the Microsoft Support Lifecycle Support Policy FAQ Web site at http://go.microsoft.com/fwlink/?LinkId=31976. The following table is a breakdown of the operating system support in System Center Configuration Manager 2007. Operating System Windows 2000 Professional Service Pack 4 Windows XP Professional Service Pack 2 Windows XP Professional for 64-bit Systems Windows Vista Business Edition Windows Vista Enterprise Edition Windows Vista Ultimate Edition Windows 2000 Server Service Pack 4 Windows 2000 Advanced Server Service Pack 4 Windows 2000 Datacenter1 Service Pack 4 Windows Server 2003 Web Edition, Service Pack 1 Windows Server 2003 Standard Edition Service Pack 1 Windows Server 2003 Enterprise Edition Service Pack 1 Windows Server 2003 Datacenter Edition1 Service Pack 1, 2 Windows Server 2003 R2 Standard Edition x86 Y Y N Y Y Y Y Y Y Y Y Y Y Y x64 N N Y Y Y Y N N N N Y Y Y Y IA64 N N N N N N N N N N Y Y Y Y
11
Windows Server 2003 R2 Enterprise Edition Y Y Y Windows Embedded for Point of Service (WEPOS) Y N N Windows Fundamentals for Legacy PCs (WinFLP) Y N N Windows XP Embedded SP2 Y N N Windows XP Tablet PC SP2 Y N N 1Datacenter releases are supported, but not certified, for Configuration Manager 2007. Hotfix support is not offered for Windows Datacenter Server edition specific issues. Note Configuration Manager 2007 support for x64 and IA64 systems is through 32-bit code running on 64-bit operating systems. Mobile Device Client The Mobile Device Client requires 0.78 MB of storage space to install. In addition, mobile device management logging on the mobile device can require 256 KB of storage space. The mobile device client is supported on the following platforms: Windows Mobile for Pocket PC 2003 Windows Mobile for Pocket PC 2003 Second Edition Windows Mobile for Pocket PC Phone Edition 2003 Windows Mobile for Pocket PC Phone Edition 2003 Second Edition Windows Mobile Smartphone 2003 Note Password management is not supported for Windows Mobile Smartphone 2003.
Note
Windows Mobile for Pocket PC 5.0 Windows Mobile for Pocket PC Phone Edition 5.0 Windows Mobile 5.0 Smartphone Windows CE 4.2 (ARM processor only) Windows CE 5.0 (ARM and x86 processors) Windows Mobile 6 Standard Windows Mobile 6 Professional Windows Mobile 6 Classic
Password management on Windows Mobile for Pocket PC 5.0, Windows Mobile for Pocket PC Phone Edition 5.0 and Windows Mobile 5.0 Smartphone requires the Messaging and Security Feature Pack (MSPF). For more information, see the Windows Mobile Messaging and Security Feature Pack web page (http://go.microsoft.com/fwlink/?LinkId=80392).
Some Configuration Manager 2007 client features, such as operating system deployment, are not supported for the mobile device client. For more information about managing devices with Configuration Manager, see Overview of Mobile Device Management (http://technet.microsoft.com/en-us/library/bb632496.aspx). SMS Client Embedded Operating System Support Configuration Manager 2007 does not support a specific client for embedded platforms within a Configuration Manager 2007 hierarchy other than a Microsoft Systems Management Server (SMS) 2003 embedded client assigned to a child SMS 2003 primary site.
12
Configuration Manager 2007 introduces changes to supported site system requirements from previous versions. Site System Hardware Requirements The following table lists the minimum and recommended hardware requirements for Configuration Manager 2007 site systems. Hardware Component Processor RAM Free Disk Space Requirement 733 MHz Pentium III minimum (2.0 GHz or faster recommended) 256 MB minimum (1024 MB or more recommended) 5 GB minimum (15 GB or more free recommended if using operating system deployment)
Supported Configuration Manager 2007 site system role installation, for roles other than the branch distribution point and Configuration Manager console, require at least Windows Server 2003 Service Pack 1. Configuration Manager 2007 does not support site system role installation on servers running Windows 2000 Server or Windows 2003 Server with no service pack installed. The following table lists the minimum operating systems required to support the various Configuration Manager 2007 site system roles. Note Microsoft provides support on the current service pack, and in some cases the immediately preceding service pack. To find the support timelines for your product, visit the Lifecycle Supported Service Packs Web site at http://go.microsoft.com/fwlink/?LinkId=31975. For additional information about Microsofts support lifecycle policy, visit the Microsoft Support Lifecycle Support Policy FAQ Web site at http://go.microsoft.com/fwlink/?LinkId=31976.
13
Operating System
Management Point
Distribution Point
Reporting Point
Windows XP Professional Service Pack 2 Windows XP Professional for 64-bit Systems Windows Vista Business Edition Windows Vista Enterprise Edition Windows Vista Ultimate Edition Windows Server 2003 Web Edition Service Pack 1 and 2 Windows Server 2003 Standard Edition Service Pack 1 and 2
Windows Server 2003 Enterprise Edition Service Pack 1 and 2 Windows Server 2003 Standard Edition Service Pack 1 and 2 64 bit
Y1
Y1
Y1
Y1
Y1
14
Windows Server 2003 Enterprise Edition Service Pack 1 and 2 64 bit Windows Server 2003 Datacenter Edition Service Pack 1 and 2 Windows Server 2003 Storage Server Edition Service Pack 1 and 2 Windows Server 2003 R2 Standard Edition Windows Server 2003 R2 Enterprise Edition
1Only
the branch distribution point role is supported for this operating system
Note Configuration Manager 2007 support for IA64 systems is limited to the remote SQL server role. Unsupported Client Platforms The Configuration Manager client is not supported on any operating system prior to Windows 2000 Service Pack 4. Installing the Configuration Manager client is explicitly not supported on the following operating system versions: Windows 95 Windows 98 Windows Millennium Edition Windows XP Media Center Edition Windows XP Starter Edition Windows XP Home Edition Windows XP Professional, with less than Service Pack 2 applied Windows Vista Starter Edition Windows Vista Home Basic Edition Windows Vista Home Premium Edition Windows NT Workstation 4.0 Windows NT Server 4.0 Windows 2000 Server, Service Pack 3 and earlier Windows 2003 Server, with no service pack installed Windows CE 3.0 Windows Mobile Pocket PC 2002 Windows Mobile SmartPhone 2002
15
Configuration Manager 2007 site server roles are not supported on any operating system prior to Windows Server 2003 Service Pack 1. Configuration Manager 2007 site roles are explicitly not supported on the following operating system versions: Windows NT 4.0 Server Windows 2000 Server Windows 2003 Server, with no service pack installed
In SMS 2003, the mppublish.vbs script, supplied with the SMS 2003 installation files, was used to configure Microsoft SQL Server site database replication between the site database server and SQL Server site database replicas used to support management points and server locator points. Because Configuration Manager 2007 introduces new site database views and functions that are not replicated by the mppublish.vbs script, it is not supported for configuring SQL Server site database replication in Configuration Manager 2007 sites. For information about how to configure replication to support management points and server locator points, see How to Configure SQL Server Site Database Replication (http://technet.microsoft.com/en-us/library/bb693697.aspx). Configuration Manager 2007 Active Directory schema extensions provide many benefits for Configuration Manager 2007 sites, but they are not required. If you have extended your Active Directory schema for SMS 2003, you should update your schema extensions for Configuration Manager 2007. For more information about extending the Active Directory schema for Configuration Manager 2007, see How to Extend the Active Directory Schema for Configuration Manager (http://technet.microsoft.com/en-us/library/bb633121.aspx).. Configuration Manager 2007 clients can only be assigned and report to one site. When auto assignment is used to assign clients to a site during client installation, and more than one site has the same boundary configured, the actual site assignment of a client cannot be predicted. If boundaries overlap across multiple Configuration Manager 2007 or SMS 2003 site hierarchies, clients might not get assigned to the correct site hierarchy or may not even get assigned to a site at all. It is supported to install the site database server site system role on a Windows server failover cluster instance. It is not supported to install Configuration Manager 2007 site servers or any other site system server role on a Windows Server cluster instance. Note Physical node computers of a Windows server cluster instance can be managed as Configuration Manager 2007 clients.
Multi-Site Clients
Storage Area Network Support Using a Storage Area Network (SAN) is supported as long as a supported Windows server is attached directly to the volume hosted by the SAN. Configuration Manager 2007 is designed to work with any hardware that is certified on the Windows Hardware Compatibility List (HCL) for the version of the operating system that the Configuration Manager component is installed on. Configuration Manager 2007 site server roles require NTFS file systems so that directory and file permissions can be set. Because Configuration Manager 2007 assumes it has complete ownership of a logical drive when it uses naming conventions, site systems running on separate computers cant share a logical partition on any storage technology, but they could each use their own logical partition on a physical partition of a shared storage device. For more information about the use of System Area Networks and Configuration Manager 2007, see the following related Knowledge Base articles: For information about System Area Networks, see Knowledge Base article 260176 at http://go.microsoft.com/fwlink/?LinkId=66170. For information about the differences between System Area Networks and Storage Area Networks, see
16
Knowledge Base article 264135 at http://go.microsoft.com/fwlink/?LinkId=66171. For information about Systems Management Server and Storage Area Networks, see Knowledge Base article 307813 at http://go.microsoft.com/fwlink/?LinkId=66172.
Single Instance Storage Support Configuring distribution point package and signature folders to be configured on a Single Instance Storage (SIS) enabled volume is not supported. It is also not supported for a Configuration Manager 2007 client's cache to be configured on a SIS enabled volume. Note Single Instance Storage (SIS) is a feature of the Microsoft Windows Storage Server 2003 R2 operating system. Removable Disk Drive Support It is not supported to install Configuration Manager 2007 site system or client components on a removable disk drive. All site servers must be members of a Windows 2000 or Windows 2003 Active Directory domain. Note It is not supported to change the domain membership, or computer name, of a Configuration Manager 2007 site system after it is installed. Configuration Manager 2007 provides support for clients in workgroups. It is also supported for a client to be moved from a workgroup to a domain or from a domain to a workgroup. To support workgroup clients, the following requirements must be met: During client installation, the logged-on user must possess local administrator rights on the workgroup system. The only account that Configuration Manager 2007 can use to perform activities that require local administrator privileges is the account of the user that is logged on to the computer. The Configuration Manager client must be installed from a local source on each client machine. This requirement ensures a local source for repair and client update application will be available for the client. Workgroup clients must be able to locate a server locator point for site assignment because they cannot query Active Directory Domain Services. The server locator point can be manually published in WINS, or it can be specified in the CCMSetup.exe installation command-line parameters. Workgroup clients use the Network Access Account, downloaded as part of their machine policy, to access package source files on distribution points.
Computers in Workgroups
Important Until a workgroup client has been approved in the Configuration Manager console, it will be unable to download machine policies containing the Network Access Account information.
Although workgroup computers can be Configuration Manager 2007 clients, there are inherent limitations in supporting workgroup computers: Workgroup clients cannot reference Configuration Manager 2007 objects published to Active Directory Domain Services. For workgroup clients to locate their default management point computer, it must be registered and accessible to workgroup clients in either WINS or DNS. Active Directory system, user, or user group discovery is not possible. User targeted advertisements are not possible. The client push installation method is not supported for workgroup client installation. Using a workgroup client as a branch distribution point is not supported. Configuration Manager 2007
17
requires that branch distribution point computers be members of a domain. Remote Assistance Console Sessions Console sessions controlled by Remote Assistance are supported, except for simultaneous use of Configuration Manager Remote Tools. Invoking Remote Assistance from the Configuration Manager console requires that the Configuration Manager console computer and the client computer are running one of the following operating systems: Windows XP SP2 Windows Server 2003 SP1 or later Windows Server 2003 R2 Windows Vista (supported editions) Fast User Switching Fast User Switching, which is available in Windows XP editions not joined to a domain and Windows Vista editions, is supported in Configuration Manager 2007. Note Fast User Switching is not supported for any non-supported client platform capable of Fast User Switching, such as Windows XP Home and Windows Vista Home editions. Dual Boot Computers Configuration Manager 2007 cannot manage more than one operating system on a single computer. If there is more than one operating system on a computer that must be managed, tailor the discovery and installation methods used to ensure that the Configuration Manager client is installed only on the operating system that needs to be managed. Virtual Machines Configuration Manager 2007 support for virtual machine guest operating systems includes all supported client operating systems running on Microsoft Virtual PC or Virtual Server 2005 R2. Note Configuration Manager 2007 does not support Virtual PC or Virtual Server guests running on Macintosh. Configuration Manager 2007 cannot manage Virtual PC or Virtual Server guest operating systems unless they are running. A static Virtual PC image cannot be updated, nor can inventory be collected using the Configuration Manager client on the host computer. No special consideration is given to virtual machines. For example, Configuration Manager 2007 might not determine that an update needs to be re-applied to a virtual machine image if it is stopped and restarted without saving the version of the image to which the update was applied. Configuration Manager 2007 supports all site server roles running as virtual machines only on Microsoft Virtual Server 2005 R2.
The Configuration Manager console cannot be used to fully manage an SMS 2003 primary site. You can use an SMS 2003 Administrator console snap-in to manage SMS 2003 primary sites on a computer that does not have the Configuration Manager console installed or you can install the Configuration Manager console on a computer that already has the SMS 2003 Administrator console installed on it. There are planning considerations when hosting both consoles on the same computer that should be considered before installing a Configuration Manager 2007 console on a computer that already has the SMS 2003 Administrator console installed on it. For more information about planning for Configuration Manager 2007 console installations, see Planning for the Configuration Manager Console (http://technet.microsoft.com/en-us/library/bb693800.aspx). The Configuration Manager console can manage an SMS 2003 secondary site connected to a Configuration Manager 2007 primary parent site, with the following limitations: You cannot change the accounts or passwords of SMS 2003 secondary sites in the Configuration Manager console.
18
You cannot create or configure RAS sender addresses on SMS 2003 secondary sites. You cannot configure Active Directory Security Group Discovery on an SMS 2003 secondary site. SMS 2003 clients can be assigned to a Configuration Manager 2007 site, and they will be fully interoperable. Assigning Configuration Manager clients to SMS 2003 sites is not possible. Ensure that the boundaries defined for your Configuration Manager site are set properly. When installing Configuration Manager clients using auto assignment, ensure that Configuration Manager clients are not within the boundaries of an SMS 2003 site. Changes in Support from SMS 2003 SQL Server 2005 Service Pack 2 is now required to host the site database. SQL Server 7.0 and SQL Server 2000 are no longer supported to host the site database. The site database can be installed on the default or a named instance of SQL 2005 and it is supported to move the site database back to a local installation of SQL 2005 installed on the site server computer if it has been moved off of the site server computer previously. Windows Vista Business, Windows Vista Enterprise, and Windows Vista Ultimate editions are now fully supported client operating systems.
19
Section 1 : Upgrading SMS 2003 SP2 to System Center Configuration Manager 2007
Objectives
After completing this section, you will be able to:
Identify an SMS 2003 site. Use the Configuration Manager Prerequisite Check program to validate the site is ready to be upgraded. Prepare the SMS 2003 site for an upgrade to Configuration Manager. Use Configuration Manager Setup to test the SMS 2003 site database upgrade procedure. Upgrade SMS 2003 to Configuration Manager. Identify a Configuration Manager site. Upgrade SMS 2003 Advanced Clients to Configuration Manager clients.
Prerequisites
Before working on this lab, one virtual computer should be running as a Microsoft Windows Server 2003 SP1 computer installed as an SMS 2003 SP2 primary site server <your Configuration Manager Server>. A second virtual computer is booted as a Windows XP Professional client installed as an Advanced Client in the SMS 2003 site <your XP Client>.
20
Note Complete this procedure from the primary site server computer only.
21
Exercise 1 Identifying an SMS 2003 stallation In this exercise, you will verify the local site is running SMS 2003 SP2. This will be useful in determining that your site is running SMS 2003 SP2.
Note Complete this procedure from the primary site server computer only
Note Complete this exercise from the primary site server computer only
22
1. Start <your SCCM eval download location> Splash.hta found in the <root> of the dir structure. The Microsoft System Center Configuration Manager 2007 Start window appears displaying available options. Notice that one of the options under Prepare is the prerequisite checker. 2. Click Run the prerequisite checker. The Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check Options dialog box appears. Notice that the default option for this site is for upgrade validation, as the checker detected an SMS 2003 site installation. 3. Click OK. The Microsoft System Center Configuration Manager Installation Prerequisite Check dialog box appears displaying the status of the site prerequisite check. This will take a few minutes to complete. When complete, notice that there are six warnings displayed. Three warnings are for missing updates which are included in Windows Server 2003 SP2 (however the site server is only running Windows Server 2003 SP1). Another warning indicates that the Active Directory schema has not been extended for Configuration Manager. Another warning is for the lack of secure key exchange configured for the current site. The final warning is that the WSUS SDK is not installed on the site server. 4. Under Prerequisite, double-click Schema extensions. The schema extension test information appears at the bottom of the dialog box. Notice that it states that while this is not required, the site will run with reduced functionality until the AD schema is updated for Configuration Manager. You will update the schema in the next step. Also notice that this is not something that the Configuration Manager Setup program can resolve automatically. 5. Start <your SCCM eval download location> \SMSSetup\Bin\I386\Extadsch.exe. A command prompt window appears as you extend the Active Directory schema for use by Configuration Manager. When the schema extension process has completed, the command prompt window closes.
23
6. In the Microsoft System Center Configuration Manager Installation Prerequisite Check dialog box, click Run Check. The Microsoft System Center Configuration Manage Installation Prerequisite Check dialog box appears displaying the status of the site prerequisite check. This will take a few minutes to complete. When complete, notice that there are now five warnings displayed. There are three for missing updates, one for secure key exchange, and one for the WSUS SDK. Notice also that the warning for the Active Directory schema extensions is no longer listed. As these are only warnings, and not failures, you can proceed with the upgrade. 7. Click OK to close the Microsoft System Center Configuration Manager Installation Prerequisite Check dialog box.
In the following procedure, you will create a backup of the SMS 2003 SP2 site database and test the upgrade of the database.
Note Complete this procedure from the primary site server computer only.
24
10. In the Database name box, type <sitecode>Backup and then click OK. The new database is created. When complete, the list of databases appears in the Microsoft SQL Server Management Studio window. 11. In the tree pane, right-click <sitecode>Backup, and then on point to Tasks. A new menu appears. 12. Point to Restore, and then click Database. The Restore Database - <sitecode>Backup dialog box appears. 13. In the From database box, click SMS_<sitecode>. Notice that the recent backup information appears in the list of backup sets for the <your_db_name> database. Restoring the <your_db_name> backup to the <your_db_name> Backup database will allow you to test the upgrade on the <your_db_name> database, but not upgrade the SMS site database (<your_db_name>). 14. In the To database box, click <sitecode>Backup. This sets the restore to go from the <your_db_name> database backup to the new <your_db_name> Backup database. 15. In the tree pane, click Options. The Restore Database - <sitecode>Backup dialog box appears displaying options for the restore process. 16. Under Restore options, click Overwrite the existing database. 17. Under Restore the database files as, click the ellipsis button () after SMS_< sitecode >_Data.MDF. The Locate Database Files dialog box appears. 18. In the File name box, type <your SCCM install path> \<sitecode>Backup.mdf and then click OK. The Restore Database - <sitecode>Backup dialog box appears. 19. Under Restore the database files as, click the ellipsis button () after SMS_<sitecode>__Log.LDF. The Locate Database Files dialog box appears. 20. In the File name box, type (this is an example location) <systempartition> \SMSData\<your_db_name> Backup.ldf and then click OK. The Restore Database - <sitecode>Backup dialog box appears. Notice that both the database and log files are now configured to restore to new files. 21. Click OK. The database is backed up. When complete, a Microsoft SQL Server Management Studio message box appears indicating the backup completed successfully. 22. Click OK. The Microsoft SQL Server Management Studio window appears. 23. Close the Microsoft SQL Server Management Studio window.
25
In the following procedure, you will run Configuration Manager Setup with a special command line option to test the upgrade of the database.
Note Complete this procedure from the primary site server computer only. This process can take a number of minutes (potentially 15) depending on the hardware used. If you dont want to take the time to complete this test, you can skip this procedure in the lab. However, it is highly recommended that you do perform a database upgrade test in your environment prior to attempting an upgrade.
26
7. What is the last line logged in the file? TestDBUpgrade is done ________________________________________________________________________ If the ConfigMgrSetup.log file displays the success message, your database can be upgraded to Configuration Manager. 8. Close Notepad. Your site has passed the Configuration Manager Installation Prerequisite Check test, as well as the database upgrade test. Your site should be able to upgrade to Configuration Manager successfully.
Exercise 3 Upgrading SMS 2003 SP2 to Configuration Manager In this exercise, you will upgrade your SMS 2003 site to Configuration Manager.
Note Complete this exercise from the primary site server computer only
27
Components dialog box appears prompting for the location of the required client components. Notice that there are two options, one to download the required updates from the Internet, and the other to use a local source of the required files. As were in a VPC environment, the required files have already been downloaded and staged for the lab.
28
8. Click The latest updates have already been downloaded to an alternate path, and then click Next. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears prompting for the location of the required client components. 9. Click Browse. The Browse For Folder dialog box appears. 10. Point to <systempartition>\SCCM Downloaded Client Files, and then click OK. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears displaying the configured location of the required client components. 11. Click Next. The Microsoft System Center Configuration Manager 2007 Settings Summary dialog box appears displaying various configuration values to be used during the installation of Configuration Manager. 12. Click Next. The Configuration Manager Installation Prerequisite Check runs to validate that the computers targeted for Configuration Manager installation meet the requirements for installation. When complete, the Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check dialog box appears indicating the status of the validation process. Notice that there were no problems found with the configuration that will prevent installation. 13. Click Begin Install. The Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears displaying the status of the individual tasks that must be completed as part of the Configuration Manager installation. This process will take several minutes to complete. When complete, the Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears indicating that Setup completed each action successfully. 14. Click Next. The Completing the System Center Configuration Manager 2007 Setup Wizard dialog box appears indicating the site is ready to use. 15. Click Finish.
29
Exercise 4 Identifying a Configuration Manager Installation In this exercise, you will verify that your site was successfully upgraded to Configuration Manager 2007.
Note Complete this exercise from the primary site server computer only
30
Exercise 5 Upgrading Clients to Configuration Manager In this exercise, you will upgrade your clients to Configuration Manager 2007. You will upgrade the Advanced Client running on the Windows XP Professional computer, as well as the client running on the Configuration Manager site server computer.
Note Complete this procedure from the primary site server computer only
To upgrade an Advanced Client from SMS 2003 SP2 to Configuration Manager 2007
using the Client Push Installation Wizard 1. In the tree pane, expand Site Database, expand Computer Management, expand Reporting, and then click Reports. The list of reports appears in the results pane. Notice that there are many other reports included with Configuration Manager that were not available in SMS 2003. 2. In the results pane, click Count SMS client versions, and then in the Actions pane, under Count SMS client versions, click Run. The Report Options message box appears prompting for the reporting point to use to run the report. 3. Click OK to use the only reporting point in our site. The results of the Count SMS client versions report appear in the results pane. 4. What different versions of SMS clients are there, and how many of each client type? There are two SMS 2003 SP2 Advanced Clients (2.50.4160.2000) ________________________________________________________________________ 5. Click the arrow to the left of the 2.50.4160.2000. The Computers with a specific SMS client version report appears in the results pane displays the names of SMS 2003 Advanced Clients in the SMS site database. 6. What computers are currently installed as SMS 2003 SP2 Advanced Clients? <yourSMSClient> and <yourSMSServer> ________________________________________________________________________ ________________________________________________________________________ The Configuration Manager Console window appears. 7. In the tree pane, expand Collections, and then click All Windows XP Systems. The members of the All Windows XP Systems collection appear in the results pane. Notice that the <yourSMSClient> computer is listed as a member of the collection.
31
8. In the Actions pane, click Install Client. The Client Push Installation Wizard dialog box appears. 9. Click Next. The Client Push Installation Wizard Installation options dialog box appears displaying options for the client installation. 10. Click Always install (repair or upgrade the existing client), and then click Next. The Completing the Client Push Installation Wizard dialog box appears indicating it is ready to complete the installation. 11. Click Finish. The Configuration Manager client is remotely installed on the Windows XP Professional client computer. It will take a few minutes before the installation completes to upgrade the client from SMS 2003 SP2 to Configuration Manager.
In the following procedure, you will verify the Windows XP Professional client has upgraded to a Configuration Manager client.
Note Complete this procedure from the Windows XP Professional client computer only
32
In the following procedure, you will prepare the site to upgrade your the site server computer as a client to a Configuration Manager client. You will use software distribution to upgrade this client, though you could use the Client Push Installation Wizard as well.
Note Complete this procedure from the primary site server computer only
33
11. In the tree pane, expand Packages, expand Microsoft Configuration Manager Client Upgrade 4.0 ALL, and then click Distribution Points. The list of distribution points for the package appears in the details pane. Notice that there are no distribution points for this package. 12. In the Actions pane, click New Distribution Points. The New Distribution Points Wizard dialog box appears. 13. Click Next. The New Distribution Points Wizard Copy Package dialog box appears. 14. Under Distribution points, click <yourSMSServer>, and then click Next. The New Distribution Points Wizard Wizard Complete dialog box appears indicating that the wizard completed successfully. 15. Click Close. The Configuration Manager Console window appears. 16. In the tree pane, expand Site Database, expand Computer Management, expand Software Distribution, and then click Advertisements. The list of advertisements appears in the results pane. Notice that there are no advertisements in the site. 17. In the Actions pane, click New, and then click Advertisement. The New Advertisement Wizard General dialog box appears. 18. In the Name box, type Configuration Manager Client Upgrade 19. After Package, click Browse. The Select a Package dialog box appears displaying the available packages. 20. Click Microsoft Configuration Manager Client 4.0 ALL, and then click OK. The New Advertisement Wizard General dialog box appears. Notice that the Advanced Client Silent Upgrade program is displayed as the program to advertise. 21. After Collection, click Browse. The Browse Collection dialog box appears. 22. Under Collections, click All Windows Server 2003 Systems, and then click OK. The New Advertisement Wizard General dialog box appears displaying the current properties for the advertisement. 23. Click Next. The New Advertisement Wizard Schedule dialog box appears allowing you to configure a schedule for this advertisement. 24. Click Next to not assign the program. The New Advertisement Wizard Distribution Points dialog box appears allowing you to configure whether or not the advertisement is run from the distribution point or downloaded before execution.
34
25. Click Next to run from local distribution points, to not run from slow network boundaries, and not require the use of protected distribution points. The New Advertisement Wizard Interaction dialog box appears allowing you to configure whether or not the advertisement displays reminders to the logged on user. 26. Click Display reminders according to the client agent reminder intervals, and then click Next. The New Advertisement Wizard Security dialog box appears allowing you to configure security rights for this advertisement. 27. Click Next to use the default security rights. The New Advertisement Wizard Summary dialog box appears indicating that the wizard has been successfully completed. 28. Click Next. The New Advertisement Wizard Wizard Completed dialog box appears indicating that the wizard has successfully created the advertisement. 29. Click Close. The Configuration Manager Console window appears displaying the new advertisement in the results pane. Note Verify that the All Windows Server 2003 Systems collection contains <yourSMSServer>.
In the following procedure, you will upgrade the Configuration Manager site server computer to a Configuration Manager client.
Note Complete this procedure from the site server as a client computer only
35
4. Click OK. The Systems Management Properties dialog box appears. 5. Click OK. In two minutes, a New Program Available message box appears in the System Tray. 6. In the System Tray, double-click the New Program Available icon. The Run Advertised Programs dialog box appears. 7. Under Program Name, click Microsoft Configuration Manager Client Upgrade, and then click Run. The Program Download Required dialog box appears. 8. Click Run program automatically when download completes, and then click Download. The program is downloaded, and then the upgrade process starts. You can use Task Manager to monitor the installation of the Configuration Manager client. Notice that Ccmsetup.exe is running. This is the installation program for the Configuration Manager client. This program will de-install the SMS 2003 client, and then install the Configuration Manager client. When the Advanced Client has been upgraded, CcmExec.exe (SMS Agent Host) will appear, and then CCMSETUP.EXE will terminate. This process will take a few minutes to complete. The Run Advertised Programs dialog box appears. 9. Click Close. Note You can return to the previous procedure to verify that the Windows XP client computer did upgrade from SMS 2003 to Configuration Manager. The upgrade to a Configuration Manager client will take a number of minutes to complete, so you can verify your Windows XP client did indeed upgrade. 10. Close Task Manager, and then in Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. Notice the SMS Client Version listed. It should display 4.00.5931.0001, which is for Configuration Manager 2007. 11. Click Cancel. Your SMS 2003 Advanced Client computers have successfully upgraded to Configuration Manager clients.
36
In following procedure, you will verify that your clients have upgraded to Configuration Manager.
Note Complete this procedure from the primary site server computer only.
37
Prepare Active Directory for Configuration Manager publishing and use. Install Configuration Manager 2007 using a custom setup. View status message activity related to site server installation. Discover computer resources from Active Directory. Install and configure a fallback status point. Install a Configuration Manager 2007 client on the Windows XP Professional client. Install a reporting point
Prerequisites
This section is not dependant or connected to Section 1, where we focused on the SMS 2003 upgrade process. Before working on this lab, one virtual computer should be started as a Microsoft Windows Server 2003 SP1 computer running as an Active Directory domain controller <yourDeployADServer>. A second virtual computer is started as a Microsoft Windows Server 2003 SP2 member server to install as an SCCM primary site server <yourDeploySCCMserver>. This computer has Microsoft SQL Server 2005 installed. The third virtual computer should be started as a Windows XP Professional SP2 client to be installed as a client in the Configuration Manager 2007 site <yourDeployClient>. The requirements for implementing SCCM 2007 (which have all been installed in the lab VPC images, include: Microsoft Windows Server 2003 SP1 or later in an Active Directory domain Internet Information Server (IIS) 6.0 or later, with BITS Server Extensions installed and WebDAV enabled (for management points and BITS-enabled distribution points) Microsoft SQL Server 2005 SP2 (Standard or Enterprise Edition) Microsoft Management Console 3.0 or later Several KB updates The required client installation files already downloaded in the image if no Internet access is available
Note Complete this exercise on the virtual computer running as a Windows Server 2003 Active Directory domain controller only.
38
1. Log on as administrator with your password. 2. Run Extadsch.exe which is documented here. How to Extend the Active Directory Schema Using ExtADSch.exe http://technet.microsoft.com/en-us/library/bb680608.aspx 3. A command prompt window appears as you extend the Active Directory schema for use by Configuration Manager. When the schema extension process has completed, the command prompt window closes. 4. Open C:\Extadsch.log. Notepad displays the contents of the Extadsch.log file. This file is created by the Extadsch.exe utility and reports on the Active Directory schema extension process. There were 14 attributes and 4 classes added to Active Directory. 5. Verify that there are no errors listed in the log, and then close Notepad.
39
rights. 10. Under Permissions for <yourSMSServer>, click Full Control under Allow, and then click Advanced. The Advanced Security Settings for System dialog box appears displaying the rights for various accounts. 11. Under Name, click <yourSMSServer>, and then click Edit. The Permission Entry for System dialog box appears displaying the rights for <yourSMSServer>\$. 12. In the Apply onto field, click This object and all child objects, and then click OK. The Advanced Security Settings for System dialog box appears. 13. Click OK. The System Properties dialog box appears. 14. Click OK. The Active Directory Computers and Users window appears. You can leave this window open if you want to view information that Configuration Manager publishes to Active Directory after installation.
In the following procedure, you will create an Active Directory site to integrate with Configuration Manager as part of its boundaries.
40
9. In the Mask box, type your subnet 10. Under Select a site object for this subnet, click SCCMSite, and then click OK. The list of subnets appears in the details pane. Notice the new subnet and its associated site. 11. In the console tree, expand SCCMSite, and then click Servers. The list of servers for this site appears in the details pane. Notice that there are no servers in this new site. 12. In the console tree, expand Default-First-Site-Name, expand Servers, and then click <yourADServer>. This is your domain controller. You will move this to your new site as its server. 13. On the Action menu, click Move. The Move Server dialog box appears displaying all sites available. 14. Under Site Name, click SCCMSite, and then click OK. The list of servers for the default site appears in the details pane. Notice that there are no servers in the default site. 15. In the console tree, expand Sites, expand SCCMSite, and then click Servers. The list of servers for the new site appears in the details pane. Notice that your PDC has been moved to the new site. 16. Close Active Directory Sites and Services.
41
Exercise 2 Installing Microsoft Configuration Manager 2007 In this exercise, you will install Configuration Manager 2007 using a custom installation. SQL Server 2005 is already installed on the computer <yourSMSServer>. The installation will implement a mixed mode security environment.
Note Complete this exercise on the virtual computer running as a Windows Server 2003 SP2 member only. This is the computer that will be installed as the Configuration Manager site server
42
9. In the Key box, if not using the evaluation version of Configuration Manager, type your product key, and then click Next. The Microsoft System Center Configuration Manager 2007 Destination Folder dialog box appears prompting for destination folder to install Configuration Manager 2007 to. 10. Click Next to accept the default folder of C:\Program Files\Microsoft Configuration Manager. The Microsoft System Center Configuration Manager 2007 Site Settings dialog box appears prompting for site information. 11. In the Site Code box, type an appropriate 3 character site code, such as <your_db_name> (can be whatever you prefer). 12. In the Site Name box, type SCCM 2007 Primary Site, and then click Next. The Microsoft System Center Configuration Manager 2007 Site Mode dialog box appears displaying setup options for the SCCM security mode. 13. Click Configuration Manager Mixed Mode, and then click Next. The Microsoft System Center Configuration Manager 2007 Client Agent Selection dialog box appears displaying the available SCCM client agents, and allowing you to enable or disable each as desired. 14. Click Next to enable and configure the selected agents (ensuring that Network Access Protection is not enabled). The Microsoft System Center Configuration Manager 2007 Database Server dialog box appears prompting for the SQL Server computer (and instance if required) to use as well as the name of the database for SMS. 15. Click Next to accept the default values of the SCCM site servers installation of SQL Server and SMS_<your_db_name> for the database name. The Microsoft System Center Configuration Manager 2007 SMS Provider Settings dialog box appears prompting for the computer to install the SMS Provider on. 16. Click Next to use the SCCM site server for the SMS Provider. The Microsoft System Center Configuration Manager 2007 Management point dialog box appears prompting for the computer to use to install the management point on. Since SCCM requires a management point, setup will install one by default. 17. Click Next to install the management point on the SCCM site server. The Microsoft System Center Configuration Manager 2007 Port Settings dialog box appears prompting for the HTTP port to configure for use by SCCM. 18. Click Next to use the default HTTP port of 80. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Components dialog box appears prompting for the location of the required client components. Notice that there are two options, one to download the required updates from the Internet, and the other to use a local source of the required files. As were in a VPC environment, the required files have already been downloaded and staged for the lab.
43
19. Click The latest updates have already been downloaded to an alternate path, and then click Next. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears prompting for the location of the required client components. 20. Click Browse. The Browse For Folder dialog box appears. 21. Point to <systempartition>\SCCM Downloaded Client Files (or your location where these are located), and then click OK. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears displaying the configured location of the required client components. 22. Click Next. The Microsoft System Center Configuration Manager 2007 Settings Summary dialog box appears displaying various configuration values to be used during the installation of SCCM 2007. 23. Click Next. The Configuration Manager Installation Prerequisite Check runs to validate that the computers targeted for SCCM 2007 installation meet the requirements for installation. When complete, the Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check dialog box appears indicating the status of the validation process. Notice that there were no problems found with the configuration that will prevent installation. There is a warning that no WSUS installation was found. This is required to be able to deploy software updates, but it is not required for the deployment lab, so you can continue. 24. Click Begin Install. The Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears displaying the status of the individual tasks that must be completed as part of the SCCM 2007 installation. This process will take several minutes to complete. When complete, the Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears indicating that Setup completed each action successfully. 25. Click Next. The Completing the Microsoft System Center Configuration Manager 2007 Setup Wizard dialog box appears indicating the site is ready to use. 26. Click Finish.
44
In the following procedure, you will use Configuration Manager status messages generated by the site server installation to verify that the site server installation was successful. You can use this same procedure to view status messages generated by any Configuration Manager processes.
45
10. Display the status messages for SMS_HIERARCHY_MANAGER. The ConfigMgr Status Message Viewer for <yoursitecode>, window appears. You might notice the messages with message IDs of 3306. These messages indicate that Hierarchy Manager has successfully processed a site control file modification and updated the site database. 11. Display the status messages for SMS_WINNT_SERVER_DISCOVERY_AGENT The ConfigMgr Status Message Viewer for <your_db_name> window appears. You might notice the message with a message ID of 4202. This message indicates one server was discovered and discovery data was written for it. This occurred as a result of installing SCCM site components on the site server computer.
In the following procedure, you will add the Active Directory site to the Configuration Manager 2007 Boundaries.
46
Exercise 3 Installing an SCCM 2007 Client In this exercise, you will install the Configuration Manager 2007 client on the Windows XP Professional client computer. You will begin by using Active Directory System Discovery to discover the computer from Active Directory.
Note Complete this exercise on the virtual computer running as a Windows Server 2003 SP2 SCCM site server unless directed to use another VPC image.
47
In the following procedure, you will verify the results of the Active Directory System Discovery process.
Note You will need to wait for a moment for the discovery process to complete.
48
9. What is the discovered AD site name? SCCMSite, which is the AD site you added as a boundary for the site. 10. Click Close.
In the following procedure, you will create the account necessary to remotely install the Configuration Manager 2007 client on your Windows XP Professional client computer.
Note Complete this procedure on the virtual computer running as a Windows Server 2003 Active Directory domain controller only
Note Complete this procedure on the virtual computer running as a SCCM site server only
49
4. Click New (the icon resembles a starburst). The Windows User Account dialog box appears. 5. In the User name box, type <yoursmsdomain>\ClientInstall 6. In the Password and Confirm password boxes, type password and then click OK. The Client Push Installation Properties dialog box displays accounts to be used to push out the Configuration Manager client software. Notice that the new account is listed. 7. Click OK. The Configuration Manager Console window appears.
In the following procedure, you will use the Configuration Manager Console to install a fallback status point. This is a new site system to Configuration Manager 2007, and is recommended to get client deployment status reporting.
Note Complete this procedure on the virtual computer running as a SCCM site server only.
50
7. In the Throttle interval (in seconds) box, type 360, and then click Next. Note You should not use a value of 360 in a production environment as it could cause performance issues when deploying large numbers of clients in a very short period of time. We are doing so in the lab to get our state messages processed more quickly to allow for client deployment reports to be generated in a timely manner. The New Site Role Wizard Summary dialog box appears indicating that you have successfully completed the wizard. 8. Click Next. The New Site Role Wizard Wizard Completed dialog box appears indicating that SMS is now ready to begin installation of the reporting point. 9. Click Close. The Configuration Manager Console window appears displaying the site system roles for the computer <yourSMSServer>. Notice that the fallback status point role has been added to the list.
In the following procedure, you will configure clients to use the fallback status point during installation of the Configuration Manager 2007 client.
Note Complete this procedure on the virtual computer running as a Configuration Manager site server only.
51
In the following procedure, you will use the Configuration Manager Console to push the installation of the Configuration Manager client to the Windows XP Professional client.
Note Complete this procedure on the virtual computer running as a Configuration Manager site server only.
52
In the following procedure, you will verify that the Configuration Manager 2007 client has been installed on the Windows XP Professional client. Note Complete this procedure on your Windows XP Professional client computer only. It will take a few moments for the installation of the SCCM 2007 client to complete. You can use Task Manager to verify the installation. While ccmsetup.exe is running, the client is being installed. When ccmsetup.exe terminates and Ccmexec.exe starts, the Configuration Manager 2007 client has been successfully installed.
Note Complete this procedure on the virtual computer running as a Configuration Manager site server only
53
Exercise 4 Reporting Configuration Manager 2007 Client Deployment Status In this exercise, you will install a reporting point for your Configuration Manager site and then run reports to verify the client deployment success in the site.
Note
54
Complete this procedure on the virtual computer running as a Configuration Manager site server only.
55
Section 3: Implementing Branch Distribution Points in System Center Configuration Manager 2007
Objectives
After completing this section, you will be able to:
Configure a standard distribution point to support BITS downloads. Configure a branch distribution point. Configure a protected site system. Distribute software to a client to access a branch distribution point.
Prerequisites
Before working on this lab, one virtual computer should be booted as a Microsoft Windows Server 2003 SP2 computer installed as a Configuration Manager primary site server <yourSMSServer>. The second virtual computer could be booted as a Windows XP Professional SP2 client installed as a Configuration Manager client in the Configuration Manager site <yourSMSClient>.
56
Note Complete this procedure from the primary site server computer only.
57
Exercise 1 Configuring a Branch Distribution Point In this exercise, you will configure a branch distribution point for the site. You will begin by configuring the distribution point on the site server to support BITS downloads, which is required to support a branch distribution point.
Note Complete this procedure from the primary site server computer only.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
58
3. In the Name box, type <yourSMSClient> 4. Under Intranet FQDN, type <yourSMSClient>.your.domain.path.here.com 5. Click Enable this site system as a protected site system, and then click Select Boundaries. The Boundaries dialog box appears displaying the current configuration of protected boundaries for this site system. Notice that there are currently no protected boundaries configured for this site system. Notice also that the boundaries are only applicable to the distribution point and state migration point site system roles. 6. Click New (the icon resembles a starburst). The New Boundaries dialog box appears displaying the boundaries available for protecting the site system. Notice that the Active Directory site boundary is listed as an available boundary. 7. Under Boundaries, click SCCMSite and then click OK. The Boundaries dialog box appears displaying the current configuration of protected boundaries for this site system. Notice that the site system is now configured to be protected for only the one Active Directory site that is added as a boundary in the site. 8. Click OK. The New Site System Server Wizard General dialog box appears. 9. Click Next. The New Site System Server Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer. 10. Under Available roles, select Distribution point, and then click Next. The New Site System Server Wizard Distribution Point dialog box appears allowing you to configure the distribution point. Notice that by default, the site system would be a standard distribution point, which is not supported on a Windows XP system. 11. Click Enable as a branch distribution point, and then click Next. The New Site System Server Wizard Summary dialog box appears indicating that you have successfully completed the wizard. 12. Click Next. The New Site System Server Wizard Wizard Completed dialog box appears indicating that you have now configured the branch distribution point. 13. Click Close. The Configuration Manager Console window appears displaying the site systems in the site. Notice that there are now two site systems in the site, the site server (<yourSMSServer>) and the Windows XP client (<yourSMSClient>).
59
14. In the tree pane, expand Site Systems, and then click \\<yourSMSClient>. The list of site system roles configured for the site system are displayed in the results pane. Notice that the Windows XP client is configured as a ConfigMgr distribution point and a ConfigMgr site system.
In the following procedure, you will configure the branch distribution point to not perform BITS throttling. BITS throttling is configured by default and could affect the download of content to the branch distribution point.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
60
options for package creation or distribution. 4. Select Create a new package from a definition, and then click Next. The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice the default package definitions built into Configuration Manager. 5. If you do not already have the SMS2003 Toolkit, this can be obtained from here. Systems Management Server 2003 Toolkit http://www.microsoft.com/downloads/details.aspx?FamilyID=61E4E21F-2652-42DD-A04DB67F0573751D&displaylang=en 6. Download and expand this. 7. Click Browse. The Open dialog box appears. 8. Open <yourdownloadlocation> \SMS2003Toolkit2.msi. The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice that SMS 2003 Toolkit 2 is displayed. 9. Under Package definition, verify that SMS 2003 Toolkit 2 is highlighted, and then click Next. The Distribute Software to Collection Wizard Source Files dialog box appears prompting for source file handling instructions. 10. Click Always obtain files from a source directory, and then click Next. The Distribute Software to Collection Wizard Source Directory dialog box appears allowing the designation of the source file directory. 11. Click Local drive on site server, and then click Browse. The Browse For Folder dialog box appears. 12. Click <yourdownloadlocation>, and then click OK. The Distribute Software to Collection Wizard Source Directory dialog box displays the designated source directory.
61
13. Click Next. The Distribute Software to Collection Wizard Distribution Points dialog box appears allowing the designation of distribution points to store the package files. Notice that both the standard (<yourSMSServer>) and branch distribution points <yourSMSClient>are listed. 14. Under Distribution points, select <yourSMSServer>, and then click Next. Note For the purposes of this exercise, select only the site server (<yourSMSServer>) as a distribution point. Do not select the branch distribution point (<yourSMSClient>). The Distribute Software to Collection Wizard Select Program dialog box appears allowing the selection of the program to advertise. 15. Under Programs, click Per-system unattended, and then click Next. The Distribute Software to Collection Wizard Advertisement Name dialog box appears prompting for a name and comment for the advertisement. 16. Click Next to accept the default name. The Distribute Software to Collection Wizard Advertisement Subcollection dialog box appears prompting for advertising to subcollections. 17. Click Next to accept the default option of advertising to subcollections as well (even though we do not have any subcollections). The Distribute Software to Collection Wizard Advertisement Schedule dialog box appears prompting for a start and expiration time for the advertisement. 18. After Advertise the program after, verify that the current date and time is displayed. 19. Verify No, this advertisement never expires is selected, and then click Next. The Distribute Software to Collection Wizard Assign Program dialog box appears prompting for program assignments. 20. Verify that No, do not assign the program is selected, and then click Next. The Distribute Software to Collection Wizard Summary dialog box appears prompting to complete the wizard. 21. Click Next. The Distribute Software to Collection Wizard Wizard Completed dialog box appears indicating the process was successful. 22. Click Close. The list of members of the All Systems collection in the results pane.
62
In the following procedure, you will verify the configuration of the package, program, and advertisement that were created by the Distribute Software to Collection Wizard. You will also configure the advertisement to only allow content access from the protected distribution point.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
63
In the following procedure, you will initiate the searching for advertised programs on your Configuration Manager client computer. For this procedure, you will use the client running on the site server computer.
Note Complete this procedure from the Configuration Manager client computer on the Configuration Manager site server (<yourSMSServer>) only.
64
10. Click Close, and then open <systempartition>\Program Files\SMS_Ccm\Logs\Cas.log. Notepad appears displaying the contents of the Content Access Service log file. 11. Search for matching. Notepad displays the first occurrence of matching. Notice that the current line indicates that there was no matching distribution point found for the content location request. We know that the content was distributed to the standard distribution point on the site server. However, as the branch distribution point was protected for the Active Directory site that the client is a member of, the client can only access the content from the branch distribution point. And the branch distribution point does not contain the requested content, and so there is no matching distribution point available for this client. 12. Close Notepad.
In the following procedure, you will view the advertisement status of the advertised program using the Software Distribution home page to verify the program installation or failure on the clients.
Note Complete this procedure from the primary site server computer only in the Configuration Management Console.
65
In the following procedure, you will verify the current distribution points for the package do not include the branch distribution point, and then add the branch distribution point.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
Note Complete this procedure from the branch distribution point computer only (<yourSMSClient>).
66
2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Configuration Manager client will request new policies, which will include the policy related to the branch distribution point package location. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. It will take a couple of minutes, and then the content will begin being downloaded to the branch distribution point.
In the following procedure, you will verify that the content the branch distribution point has requested has been distributed locally.
Note Complete this procedure from the branch distribution point computer only (<yourSMSClient>).
67
In the following procedure, you will run the advertised program now that the content is available on the branch distribution point.
Note Complete this procedure from the Configuration Manager client computer on the Configuration Manager site server (<yourSMSServer>) only.
68
8. Search for download location found. Notepad displays the first occurrence of download location found. Notice that the current line indicates that there was one matching distribution point found for the content location request. Also notice that is lists the FQDN of the distribution point used, in this case <yourSMSClient>.yourdomain.yourdomain.com. To see what type of distribution point was used, you need to look in the LocationServices.log file. 9. Close CAS.log and then open LocationServices.log. Notepad appears displaying the contents of the Location Service log file. 10. Search for dptype. Notepad displays the first occurrence of dptype. Notice that the highlighted line indicates the name and path of the distribution point used. Also notice that this is the Windows XP branch distribution point, as indicated by the name <yourSMSClient>and the DPType (branch). 11. Close Notepad.
In the following procedure, you will view the advertisement status of the advertised program using the Software Distribution home page to verify the program installation on the clients.
Note Complete this procedure from the primary site server computer only in the Configuration Management Console.
69
70
Section 4: Implementing Maintenance Windows for Software Distribution in System Center Configuration Manager 2007
Objectives
After completing this section, you will be able to:
Configure maintenance windows on collections. Verify software distribution behavior to a client in a collection with a maintenance window to allow distribution. Verify software distribution behavior to a client in a collection that is configured with a maintenance window to restrict distributions.
Prerequisites
Before working on this section, one virtual computer should be booted as a Microsoft Windows Server 2003 SP2 computer installed as a Configuration Manager primary site server (<yourSMSServer>. The second virtual computer is booted as a Windows XP Professional SP2 client installed as a Configuration Manager client in the Configuration Manager site (<yourSMSClient>). Make a note of your site code for the installed site. The package you may have deployed in the previous section will already have been created and distributed. It will reside on the branch DP as well as the standard DP. So, consider a 2 nd package for distribution here, remove the package from all locations, or advertise your package as an uninstall to complete this section.
71
Note Complete this procedure from the primary site server computer only.
72
Exercise 1 Configuring Maintenance Windows on Collections In this exercise, you will configure maintenance windows on collections. You will configure a maintenance window to prevent software distribution to server computers, and then configure a maintenance window to allow distribution to Windows XP clients.
Note Complete this procedure from the primary site server computer only.
73
10. Click OK. The list of members of the All Windows Server 2003 Systems collection appears in the results pane.
In the following procedure, you will create a maintenance window that will allow the Windows XP SCCM client to run an advertised program.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
74
In the following procedure, you will view the collections with maintenance windows.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
Note Complete this procedure from the primary site server computer only in the Configuration Management Console.
75
3. In the Client Name box, type <yourSMSClient>, and then click Display. An Internet Explorer window starts and displays the Maintenance Windows Available to a Particular Client report. Notice that there is one maintenance window available to the client. Notice also that this report shows the start time, duration, and other values for the maintenance window. 4. Close the ConfigMgr Report window. The Configuration Manager Console window appears displaying the Maintenance Windows Available to a Particular Client Report Information report in the results pane.
76
Exercise 2 Implementing the Maintenance Windows on the Configuration Manager Clients In this exercise, you will force the clients to retrieve policies, which will implement the appropriate maintenance windows on the clients.
77
7. Search for New service window. Notepad displays the first occurrence of new service window. Notice that the current line indicates that there was a new service window policy implemented. If you are looking at the Windows XP client, you will see lines referring to: Scheduling the StartTime for today The duration of two hours The Active Service Windows list has 1 window Programs can run Scheduling the StartTime for a week from today The duration of an hour No windows in the Active Service Windows list Scheduling the timer to fire in 0 days, 23 hours.
If you are looking at the site server computer, you will see lines referring to:
8. Close Notepad.
78
Exercise 3 Distributing Software to the Configuration Manager Clients In this exercise, you will distribute software to the Configuration Manager clients. You will distribute to the All Systems collection to include both clients.
Note Complete this procedure from the primary site server computer only in the Configuration Management Console.
79
11. Click Next. The Distribute Software to Collection Wizard Distribution Points dialog box appears allowing the designation of distribution points to store the package files. Notice that only the site server distribution point (<yourSMSServer>) is listed. 12. Under Distribution points, select <yourSMSServer>, and then click Next. The Distribute Software to Collection Wizard Select Program dialog box appears allowing the selection of the program to advertise. 13. Under Programs, click Per-system unattended, and then click Next. The Distribute Software to Collection Wizard Advertisement Name dialog box appears prompting for a name and comment for the advertisement. 14. Click Next to accept the default name. The Distribute Software to Collection Wizard Advertisement Subcollection dialog box appears prompting for advertising to subcollections. 15. Click Next to accept the default option of advertising to subcollections as well (even though we do not have any subcollections). The Distribute Software to Collection Wizard Advertisement Schedule dialog box appears prompting for a start and expiration time for the advertisement. 16. After Advertise the program after, verify that the current date and time is displayed. 17. Verify No, this advertisement never expires is selected, and then click Next. The Distribute Software to Collection Wizard Assign Program dialog box appears prompting for program assignments. 18. Click Yes, assign the program. 19. In the Assign after box, verify that the current time is listed. The time configured should fit within the time frame of the maintenance window configured for the All Windows XP Systems collection. 20. Click Next. The Distribute Software to Collection Wizard Summary dialog box appears prompting to complete the wizard. 21. Click Next. The Distribute Software to Collection Wizard Wizard Completed dialog box appears indicating the process was successful. 22. Click Close. The list of members of the All Systems collection in the results pane.
80
In the following procedure, you will verify the configuration of the package, program, and advertisement that were created by the Distribute Software to Collection Wizard.
Note Complete this procedure from the primary site server computer only in the Configuration Management Console.
81
In the following procedure, you will initiate the searching for advertised programs on your Configuration Manager client computer. For this procedure, you will use the client running on the Configuration Manager site server computer.
Note Complete this procedure from each of the SCCM client computers in the site.
82
In the following procedure, you will verify that the advertised program did indeed run on the Windows XP client computer.
Note Complete this procedure from the Windows XP client computer <yourSMSClient>only.
Note Complete this procedure from the Windows Server 2003 client computer (<yourSMSServer>) only.
83
4. Search for service window. The first occurrence of service window is highlighted. This line indicates that the program could not run due to a service window restriction. Notice that the last line in the log indicates the client is waiting for a service window. 5. Close Notepad.
In the following procedure, you will view the advertisement status of the advertised program using the Software Distribution home page to verify the program installation or failure on the clients.
Note Complete this procedure from the primary site server computer only in the Configuration Management Console.
84
In the following procedure, you will create a maintenance window that will allow all members of the All Systems collection to run an advertised program.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
85
In the following exercise, you will force the clients to retrieve policies, which will implement the appropriate maintenance windows on the clients.
Note Complete this procedure from each of the Configuration Manager clients.
86
In the following procedure, you will verify that the advertised program did indeed run on the Windows Server 2003 client computer that failed to run the program earlier.
Note Complete this procedure from the Windows Server 2003 client computer (<yourSMSServer>) only.
Note Complete this procedure from the primary site server computer only in the Configuration Management Console.
87
5. Click the arrow to the left of Succeeded. The All system resources for a specific advertisement in a specific state report appears in the results pane. Notice that both clients are listed with a last status of Program completed with success. You have now successfully implemented maintenance windows in Configuration Manager 2007, and verified software distribution behavior using the maintenance windows. You have also used the Software Distribution home page and reports to validate deployment success.
88
Section 5: Deploying Operating System Images Using System Center Configuration Manager 2007
Objectives
After completing this lab, you will be able to:
Install USMT 3.0 to capture and restore user state information. Install a Configuration Manager State Migration Point to store user state information. Create an Operating System Capture Disk. Image a Windows Vista client computer. Import the Windows Vista image into Configuration Manager as an OS image package. Deploy the Windows Vista image to a Windows XP client computer.
In this lab, one virtual computer should be started as a primary site server running Configuration Manager. A second virtual computer should be running as a Windows Vista Configuration Manager client computer to be imaged . The final virtual computer is a Windows XP Professional Configuration Manager client to be upgraded to Windows Vista using the OS deployment feature of Configuration Manager 2007. There are no requirements for any connections outside the VPC image, and as OSD requires DHCP, you must configure Virtual PC networking configuration to Local only. The site code for the installed site is <yoursitecode>.
89
Note Complete this procedure from the primary site server computer only.
90
Exercise 1 Preparing the Environment for Configuration Manager OSD In this exercise, you will prepare the Configuration Manager environment for deploying operating system images using OSD. You will begin by installing the User State Migration Tool version 3.0, which is used by Configuration Manager 2007 to back up and restore user state information.
Note Complete this exercise from the primary site server only.
91
In the following procedure, you will configure the required Network Access Account in the Configuration Manager Console. This account is used by the client to access the Configuration Manager distribution point when booted under WinPE.
Note Complete this exercise from the primary site server with the Configuration Manager Console running and active.
Note Complete this exercise from the primary site server with the Configuration Manager Console running and active.
92
2. In the Actions pane, click New, and then click Package From Definition. The Create Package from Definition Wizard dialog box appears. 3. Click Next. The Create Package from Definition Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice the default package definitions built into Configuration Manager 2007 include the Configuration Manager Client Upgrade package definition. 4. Under Package definition, click Configuration Manager Client Upgrade, and then click Next. The Create Package from Definition Wizard Source Files dialog box appears prompting for source file handling instructions. 5. Click Always obtain files from a source directory, and then click Next. The Create Package from Definition Wizard Source Directory dialog box appears allowing the designation of the source file directory. 6. Click Local drive on site server, and then click Browse. The Browse For Folder dialog box appears. 7. Click <systempartition>\Program Files\Microsoft Configuration Manager\Client, and then click OK. The Create Package from Definition Wizard Source Directory dialog box displays the configured source directory. 8. Click Next. The Create Package from Definition Wizard Summary dialog box appears indicating the wizard is ready to create the package. 9. Click Finish. The wizard completes the package creation and then the Configuration Manager Console appears displaying the packages in the site. Notice that the Configuration Manager Client Upgrade package is displayed. 10. In the tree pane, expand Packages, expand Microsoft Configuration Manager Client Upgrade, and then click Microsoft Configuration Manager Advanced Client Upgrade. The package objects appear in the tree pane. 11. In the tree pane, click Programs. The programs for the package appear in the results pane. Notice that there is only one program for this package, that being a silent upgrade. 12. In the tree pane, click Distribution Points. The distribution points for this package appear in the results pane. Notice that there are no distribution points assigned to this package yet. 13. In the Actions pane, click New Distribution Points. The New Distribution Points Wizard window appears. 14. Click Next.
93
The New Distribution Points Wizard Copy Package dialog box appears displaying the list of distribution points for the package. 15. Under Distribution points, click <yourSMSServer>, and then click Next. The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard was successfully completed. 16. Click Close. The package is copied to the designated distribution point.
In the following procedure, you will create the Configuration Manager package that OSD will use to migrate user state while distributing the new operating system image.
Note Complete this exercise from the primary site server with the Configuration Manager Console running and active.
94
10. Click Next to accept the default to automatically download to branch distribution points and complete the wizard. The New Package Wizard Reporting dialog box appears prompting for the values to use when matching status mif values. 11. Click Next to use the default package properties as the mif matching values. The New Package Wizard Security dialog box appears prompting for security rights to be created for this package. 12. Click Next to use the default security rights. The wizard completes the package creation and then the New Package Wizard Summary dialog box appears indicating the wizard completed the package creation. 13. Click Next. The wizard completes the package creation and then the New Package Wizard Confirmation dialog box appears indicating the package creation was successful. 14. Click Close. The Configuration Manager Console appears displaying the packages in the site. Notice that the USMT package is displayed in the list of packages. 15. In the tree pane, expand Packages, expand USMT, and then click USMT. The package options appear in the tree pane. 16. In the tree pane, click Programs. The programs for the package appear in the results pane. Notice that there are no programs created for the package. You do not need to configure a program for the USMT package. 17. In the tree pane, click Distribution Points. The distribution points for this package appear in the results pane. Notice that there are no distribution points assigned to this package yet. 18. In the Actions pane, click New Distribution Points. The New Distribution Points Wizard window appears. 19. Click Next. The New Distribution Points Wizard Copy Package dialog box appears displaying the list of distribution points for the package. 20. Under Distribution points, click <yourSMSServer>, and then click Next. The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard has completed successfully. 21. Click Close. The package is copied to the designated distribution point.
95
In the following procedure, you will distribute the boot image package to a distribution point. The boot image is used to start the computer with WinPE for capturing the operating system image as well as prior to deploying the operating system image to a system.
Note Complete this exercise from the primary site server with the Configuration Manager Console running and active.
Note Complete this exercise from the primary site server with the Configuration Manager Console running and active.
96
3. Click Next. The New Site Role Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer. 4. Under Available roles, select State migration point, and then click Next. The New Site Role Wizard State Migration Point dialog box appears allowing you to configure the state migration point. 5. Click New (the icon resembles a starburst). The Storage Folder dialog box appears allowing you to configure the drive to use to maintain the user state information. Notice that the default values of a maximum of 100 clients storing state on the state migration point, and the required minimum free disk space of 100 MB. Notice also that by default, state information is removed one day after successful restore. 6. In the Storage folder box, type C:\Userstate and then click OK. The New Site Role Wizard General dialog box appears displaying the current configuration of the state migration point. 7. Click Next to accept the current configuration to remove the state after 1 day. The New Site Role Wizard Summary dialog box appears indicating that you have successfully completed the wizard. 8. Click Next. The New Site Role Wizard Wizard Completed dialog box appears indicating that you have now configured the state migration point and it is currently being installed. 9. Click Close. The Configuration Manager Console window appears displaying the site systems for the computer. Notice that the state migration point role is now listed for the site system. It will take a minute to install the state migration point.
97
Exercise 2 Creating a Capture Media Task Sequence In this exercise, you will create a task sequence that will be used to capture the Windows Vista client computer image.
Note Complete this exercise from the site server computer only in the Configuration Manager Console.
98
11. Click Close. The list of task sequence items appear in the tree pane. Notice that the process of creating a task sequence capture media does not create a task sequence in the Configuration Manager Console, but rather the .iso file. 12. Start Windows Explorer, and then display the contents of C:\. The contents of the folder appear. Notice the Capture.iso file, which can now be burned to a CD for booting on computers to be imaged. In the lab, we will just use the .iso file without creating an actual CD.
In the following procedure, you will copy the OS Capture Media disk to your host computer so it can be accessed by the reference virtual computer. This would only be done if you are using VPC images. If using physical systems, burn a CD from the Capture.iso file just created.
99
Exercise 3 Creating an Image of the Windows Vista Reference Computer In this exercise, you will create an image of the reference computer running as a Configuration Manager 2007 client. This lab will use a Windows Vista Business edition client as the reference computer.
Note Complete this exercise from the Windows Vista client only.
100
process is ready to begin. 11. Click Finish. An Installation Progress dialog box appears as the computer is prepared for imaging. This process includes automatically running sysprep. When complete, a System Restart message box appears indicating that the system is going to be restarted. Windows Vista is then shut down and the computer is restarted. After restarting, Windows PE initializes. When ready, an Installation Progress dialog box appears displaying the progress of the image capture process. Note Capturing an image of an operating system is a lengthy process, and may take an hour depending on your hardware. 12. When the client has restarted and begun the capture process, you can close the Windows Vista client Virtual PC as it is no longer needed. It will likely take anywhere from 30 to 60 minutes to complete. 13. Shut down the Windows virtual PC. When prompted to save changes, click Turn off and delete changes, and then click OK.
101
Exercise 4 Deploying an OS Image Using Configuration Manager 2007 In this exercise, you will create a new package and advertisement to deploy the Windows Vista image to the Windows XP client.
Note Complete this exercise from the primary site server only.
102
In the following procedure, you will assign the image to a distribution point to make the image available for access by Configuration Manager clients.
103
4. Click Next to create a task sequence that will install an existing image package. The New Task Sequence Wizard Task Sequence Information dialog box appears prompting for the name and description for the task sequence, as well as which boot image to use. 5. In the Task sequence name box, type Install Vista Image 6. In the Comment box, type Installs Windows Vista image and then click Browse. The Select a Boot Image dialog box appears displaying the boot images available. 7. Click Boot image (x86) (if using x86 systems) and then click OK. The New Task Sequence Wizard Task Sequence Information dialog box appears displaying the name and description of the task sequence, as well as the boot image to use. 8. Click Next. The New Task Sequence Wizard Install the Windows Operating System dialog box appears prompting for the image package, licensing, and administrator password to use. 9. Click Browse. The Select a Package dialog box appears displaying the image packages available. 10. Click Windows Vista 1.0 and then click OK. The New Task Sequence Wizard Install the Windows Operating System dialog box appears displaying the image package to use. Notice that the default action is to install all images in the package. Also notice that the default configuration is to partition and format the target computers hard disk. That is only required in a bare metal scenario, which we are not performing. 11. If you are doing a bare metal installation, click to clear the Partition and format the target computer before installing the operating system. If you are deploying to an existing client this is not needed. Partitioning and formatting the target computers hard disk is only required in a bare metal scenario. Clearing this option will make the image deployment process faster, especially as the default format is a full format, not a quick format. 12. Click Next to not designate a product key, not specify a licensing mode, and to disable the local administrator account on the target system. The New Task Sequence Wizard Configure the Network dialog box appears prompting whether the target system will join a workgroup or domain. 13. Click Join a domain, and then after Domain, click Browse. The Select a Domain dialog box appears displaying the available domains. 14. Under Domains, click your.domain.path.here.com and then click OK. The New Task Sequence Wizard Configure the Network dialog box appears displaying the domain the target client should join after installation of the Vista image. Notice that you can also configure a specific OU for the client to join.
104
15. Click Set. The Windows User Account dialog box appears prompting for the account and password to configure as the Advanced Client Network Access Account. 16. In the Name box, type <yourdomain>\administrator 17. In the Password and Confirm password boxes, type password and then click OK. The New Task Sequence Wizard Configure the Network dialog box appears displaying the domain the target client should join after installation of the Vista image as well as the account that will be used to add the client to the domain. 18. Click Next. The New Task Sequence Wizard Install the ConfigMgr client dialog box appears prompting for the package to use for the Configuration Manager client installation, which occurs after the OS image has been deployed. 19. Click Browse. The Select a Package dialog box appears displaying the packages available. 20. Click Microsoft Configuration Manager Client Upgrade and then click OK. The New Task Sequence Wizard Install the SMS client dialog box appears displaying the package and program to use for the Configuration Manager client installation. Notice that the installation properties includes the FSP parameter to allow the new client deployment to report deployment state messages. 21. Click Next. The New Task Sequence Wizard Configure State Migration dialog box appears prompting for configuration of the user state capture process. 22. Click Browse. The Select a Package dialog box appears displaying the packages available. 23. Click USMT and then click OK. The New Task Sequence Wizard Configure State Migration dialog box appears displaying the configuration of the user state capture process. Notice that the defaults are to capture user state, save it to the state migration point, capture network settings, and capture Microsoft Windows settings. 24. Click Next. The New Task Sequence Wizard Include Updates in Image dialog box appears prompting for deployment of software updates. Notice that the default configuration is to not deploy software updates with the image. 25. Click Next to not deploy any software updates in our lab. The New Task Sequence Wizard Install Software Packages dialog box appears prompting for deployment of software packages after the image has been installed. This is where youd configure to add in additional SMS packages, such as Microsoft Office 2007.
105
26. Click Next to not deploy any software packages in the lab environment. The New Task Sequence Wizard Summary dialog box appears indicating the wizard has been completed and is ready to create the task sequence. 27. Click Next. The task sequence is created, and then the New Task Sequence Wizard Wizard Completed dialog box appears indicating that the task sequence was successfully created. 28. Click Close. The task sequences for the site appear in the results pane. Notice that there is now one task sequence in the site.
In the following procedure, you will advertise the task sequence to deploy the Windows Vista image to the Windows XP computer.
106
10. Click Next. The New Advertisement Wizard Distribution Points dialog box appears prompting for how the task sequence will access any content that is required. 11. Click Next to allow content to be downloaded when needed by the task sequence, to not allow access to remote distribution points, and require the use of protected distribution points if available. The New Advertisement Wizard Interaction dialog box appears prompting for how the user will interact with the task sequence. 12. Click Next to not allow the user to run the program as an optional program prior to the mandatory schedule and to display progress of the task sequence. The New Advertisement Wizard Security dialog box appears prompting for security rights for the task sequence. 13. Click Next to use the default security rights. The New Advertisement Wizard Summary dialog box appears indicating the wizard has been completed successfully and is ready to create the advertisement. 14. Click Next. The advertisement is created, and then the New Advertisement Wizard Wizard Completed dialog box appears indicating the advertisement was successfully created. 15. Verify that all processes were completed successfully, and then click Close. The task sequences for the site appear in the results pane. Notice that there is now one task sequence in the site.
107
Exercise 5 Installing the Image at the Target Client Computer In this exercise, you will install the Windows Vista image on the Windows XP client computer. You will begin by verifying the current client configuration.
108
7. Click Run. An Installation Progress message box appears as the Windows Vista operating system image is installed on the Windows XP client computer. Note It will take a number of minutes for the Windows Vista image to be deployed to the computer (approximately 60 minutes). It will automatically restart in the middle of this process. Notice that Windows PE is started and initialized to install the image. After the system reboots into Window PE, the Installation Properties message box appears displaying the progress bar for installing the image, you can shut down the Windows XP virtual PC image and not wait for the image installation process to occur. If you do cancel the deployment, you can still complete the next exercise to report on the operating system deployment progress. If you do let the image continue the installation process, the computer will restart, automatically run through Windows setup to apply configuration settings, and then finally reboot again into Windows Vista.
In the following procedure, you will verify that the Windows Vista image was installed successfully.
109
Exercise 6 Viewing Status for the Image Deployment In this exercise, you will view status messages for the image installation.
Note Complete this exercise from the Configuration Manager primary site server only.
110
You have now successfully configured your Configuration Manager site for an OS image deployment, prepared and captured your Windows Vista reference system, created the appropriate task sequence to deploy the image, and upgraded your Windows XP client to Windows Vista.
111
Section 6: Managing Microsoft Updates with System Center Configuration Manager 2007
Objectives
After completing this section, you will be able to:
Configure integration between WSUS 3.0 and Configuration Manager. Analyze required updates. Distribute an update using Configuration Manager. Use Configuration Manager Reporting to report update status.
In this lab, you need a Configuration Manager primary site server and a Configuration Manager client. These could be the same computer. You can have additional Configuration Manager clients if you want to scan for and deploy updates to multiple client platforms. The systems needed for this section include a Windows Server 2003 SP2 site server configured as a WSUS 3.0 server (<yourSMSServer>) and a Windows XP SP2 Professional client.
112
Note Complete this procedure from the primary site server computer only.
113
Exercise 1 Configuring Configuration Manager Integration with WSUS In this exercise, you will configure Configuration Manager to integrate with WSUS 3.0 in order to scan for, and deploy, updates to the Configuration Manager clients. You will begin by configuring the WSUS 3.0 computer as a Configuration Manager software update point.
Note Complete this procedure from primary site server computer only.
Note Complete this procedure from the primary site server only.
114
5. Click Next. The New Site Role Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer. 6. Under Available roles, select Software update point, and then click Next. The New Site Role Wizard Software Update Point dialog box appears allowing you to configure the proxy server to use for access to the update content if needed. 7. Click Next to not configure the use of a proxy server. The New Site Role Wizard Active software update point settings dialog box appears allowing you to configure the software update point as the active software update management point for the Configuration Manager site, and to configure the port to use when interacting with WSUS. 8. Click Use this server as the active software update point, and then click Next. The New Site Role Wizard Synchronization source dialog box appears displaying settings for synchronization with the software update point. Notice that the default configuration is to synchronize with Microsoft Updates. Since you are in a virtual environment without Internet access and will perform manual synchronization, you will change the configuration. 9. You may want to choose to synchronize from Microsoft Update or an upstream update server. Select this option only if the export/import function is used to obtain software update definitions and then click Next. The New Site Role Wizard Synchronization schedule dialog box appears allowing you to configure the schedule to synchronize updates from WSUS with Configuration Manager. Notice that by default, the software update point does not synchronize with the WSUS server automatically. 10. Click Next to not schedule synchronization. The New Site Role Wizard Update classifications dialog box appears displaying the various product categories of updates that are available in Configuration Manager for reporting and deployment. Notice that by default, security updates, service packs, and update rollups are to be managed by Configuration Manager. Notice also that there is a message at the bottom of the dialog box indicating that you cant modify the update classifications when you are not configured to sync from a source. You may want to sync additional classifications such as critical updates. 11. Click Next. The New Site Role Wizard Products dialog box appears allowing you to configure the various Microsoft software products that can be updated by Configuration Manager. Notice that there is a message at the bottom of the dialog box indicating that you cant modify the products when you are not configured to sync from a source.
115
12. Click Next. The New Site Role Wizard Languages dialog box appears displaying the languages that content will be managed for through Configuration Manager. Notice that multiple languages are enabled by default. To make the synchronization and management process of updates quicker, you will clear all languages except the local language. 13. Under Update File, clear each language as appropriate, leaving only the local language (such as English), and then click Next. The New Site Role Wizard Summary dialog box appears indicating that you have successfully completed the wizard. 14. Click Next. The New Site Role Wizard Wizard Completed dialog box appears indicating that you have now configured the software update point. 15. Click Close. The Configuration Manager Console window appears displaying the site systems in the site in the results pane. Notice that the computer is configured as a ConfigMgr component server, a ConfigMgr distribution point, a ConfigMgr fallback status point, a ConfigMgr management point, a ConfigMgr reporting point, a ConfigMgr site server, a ConfigMgr site system, a ConfigMgr software update point and a ConfigMgr site database server.
In the following procedure, you will verify the configuration of the ConfigMgr software update point was successful.
Note Complete this procedure from the primary site server only.
116
In the following procedure, you will force synchronization of the Configuration Manager site database with updates from the software update point.
Note Complete this procedure from the primary site server only.
117
9. Open <systempartition>\Program Files\Microsoft Configuration Manager\Logs\ Wsyncmgr.log. Notepad appears displaying the contents of the WSUS Sync Managers log file. 10. Search for synchronizing. Notepad displays the first occurrence of the text synchronizing. Notice that the line indicates that the synchronization process is happening with Configuration Manager and the WSUS server <yourSMSServer>. On later lines of the log, notice the following processes occurring: Successful connection to the local WSUS server Requested localization languages one for each language configured in WSUS (likely only English in the lab) Requested update classification one for each type of update to be managed (multiple different classifications in the lab) Synchronizing updates this begins the process of synchronization of individual updates (numerous pages of updates being synchronized in the lab) Done synchronizing SMS with WSUS Server <yourSMSServer> signals the end of the synchronization process Updated x items in SMS database the number depends on the specific lab configuration, catalog, etc. There should be some updates in the Configuration Manager database.
11. Close Notepad. The Configuration Manager Console appears. 12. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane. Notice that there currently is not information to display. 13. In the Actions pane, click Run Home Page Summarization. This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a moment to complete. Note Wait a moment here to allow the summarization process to complete before refreshing. If you refresh and the data is not update, wait another moment and then proceed.
118
14. In the Actions pane, click Refresh. This will refresh the data in the software updates home page. 15. In the tree pane, expand Software Updates, click Update Repository, and then in the Actions pane, click Refresh. This will update the Update Repository node to include Critical Updates and Service Packs. 16. In the tree pane, expand Software Updates, expand Update Repository, expand Critical Updates, and then click All Updates. The critical updates synchronized with Configuration Manager are displayed in the results pane. Notice that there are now may be some critical updates that have been synchronized with Configuration Manager from WSUS. 17. In the tree pane, expand Software Updates, expand Update Repository, expand Service Packs, and then click All Updates. The service packs synchronized with Configuration Manager are displayed in the results pane. Notice that there are now may be some service packs that have been synchronized with Configuration Manager from WSUS.
119
Exercise 2 Generating Update Status on the Configuration Manager Client In this exercise, you will force the client to run a software updates scan cycle. This will cause the client to scan for updates through WSUS, and then store the information in WMI. Configuration Manager will then automatically send the data to the Configuration Manager site through state messages.
Note Complete this procedure from the Configuration Manager client computer. If you have multiple computers in the site, you can complete this procedure on all clients.
120
In the following procedure, you will verify that the Configuration Manager client computer has successfully reported software update compliance data.
Note Complete this procedure from the primary site server with the Configuration Manager Console running. Do not begin this procedure for a few minutes to allow time for the client to complete the scan process.
121
Exercise 3 Generating Software Update Compliance Reports In this exercise, you will use generate reports for analysis and reporting of software update status.
Note Complete this exercise from the Configuration Manager site server.
122
10. Click All Systems. The Management 1 - Updates required but not deployed Report Information appears in the results pane allowing configuration of the prompted values. 11. After Vendor, click Values. A Select Value dialog box appears displaying the available vendors. In our case, the options are <your_variable_here> , Local Publisher and Microsoft. 12. Click Lab. The Management 1 - Updates required but not deployed Report Information appears in the results pane allowing configuration of the prompted values. 13. After Update Class, click Values. A Select Value dialog box appears displaying the available update classes. Notice that the classes are the same as configured in SCCM for synchronization with WSUS. 14. Click Critical Updates. The Management 1 - Updates required but not deployed Report Information appears in the results pane displaying the configured prompted values. 15. Click Display. A ConfigMgr Report window appears. Notice the report displays information for the appropriate update, including the article ID, bulletin ID, title, the number of clients requiring the update, and information URLs for the collection members. Notice also that some updates are listed as being required but not yet deployed. 16. Close the ConfigMgr Report window. The Management 1 - Updates required but not deployed Report Information appears in the results pane.
123
Exercise 4 Distributing Software Updates Using Configuration Manager Software Update Management In this exercise, you will distribute a specific update using Configuration Manager and the software updates management feature. The lab procedures will use a synthetic update.
Note Complete this procedure from the Configuration Manager site server with the Configuration Manager Console running.
124
11. Click Close. The Configuration Manager Console appears. 12. In the tree pane, expand Software Updates, expand Update Lists, and then click <your_update_name> The list of software updates in the update list appears in the results pane. 13. In the Actions pane, click Deploy Software Updates. The Deploy Software Updates Wizard General dialog box appears. 14. In the Name box, type <your_update_name> 15. In the Description box, type <your_update_name>and then click Next. The Deploy Software Updates Wizard Deployment Template dialog box appears prompting to create a deployment template for distributing software updates. 16. Click Next to create a new deployment definition. The Deploy Software Updates Wizard Collection dialog box appears prompting for the collection to be targeted with the update. 17. Click Browse. The Browse Collection dialog box appears displaying the collections in the site. 18. Under Collections, click All Systems, and then click OK. The Deploy Software Updates Wizard Collection dialog box appears displaying the designated collection to be targeted with the updates. 19. Click Next. The Deploy Software Updates Wizard Display/Time Settings dialog box appears allowing you to configure whether notifications will be displayed to the user, whether displayed time is the client time or UTC, and how of a time period do users have to deploy mandatory updates before forced on the computer. 20. Click Next to accept the default values to display user notifications, use UTC, and allow two weeks before updates become mandatory. The Deploy Software Updates Wizard Restart Settings dialog box appears allowing you to configure the reboot behavior when updates require a system restart, including whether or not reboots should occur outside any configured maintenance windows. Notice that the default is not to suppress restarts and that restarts can not occur outside maintenance windows. 21. Under Suppress the system restart on, click Servers, and then click Next. The Deploy Software Updates Wizard Event Generation dialog box appears allowing you to configure whether or not any failure in the update deployment will generate a Windows event. 22. Click Next to not generate a Windows event in the case of a failure. The Deploy Software Updates Wizard Update Binary Download ConfigMgr Client Settings dialog box appears allowing you to configure whether or not clients can install updates when in slow network boundaries, or when the clients protected distribution point does not contain the update content.
125
23. Click Next to not support slow network boundaries and to allow fallback to unprotected distribution points. The Deploy Software Updates Wizard Create Template dialog box appears allowing you to save the configuration as a deployment template. Doing so will make deployment of future updates much quicker, as you can use the template and not have to respond to configure all the settings you have done so on the last set of wizard pages. 24. In the Template name box, type Standard update deployment template 25. In the Template description box, type Normal software update deployments with suppression for servers 26. Click Next. The Deploy Software Updates Wizard Deployment Package dialog box appears prompting to name the new deployment package to add the updates to. Notice that the default is to use an existing deployment package. As this is your first deployment, you do not have one yet, so will need to create a deployment package. 27. Click Create a new deployment package. 28. In the Name box, type Critical Updates 29. In the Description box, type Critical updates for all clients 30. In the Package source box, type \\<yourSMSServer>\<systempartition>\Critical 31. Click Next. The Deploy Software Updates Wizard Distribution Points dialog box appears allowing you to designate the distribution points to distribute the package to. 32. Click Browse. The Add Distribution Points dialog box appears displaying the site(s) that can be targeted. Notice in our implementation, only one site is listed. 33. Under Distribution points, expand <sitecode>. The list of distribution points for the local site appears. 34. Under Distribution points, click <sitecode> to select all distribution points in the site, and then click OK. The Deploy Software Updates Wizard Distribution Points dialog box appears displaying the distribution points to distribute the package to. Notice that the local site server (as a distribution point) is listed. 35. Click Next. The Deploy Software Updates Wizard Download Location dialog box appears allowing you to configure whether or not to download updates automatically from the Internet or to retrieve them from a network location. 36. Click Download software updates from a location on the local network (or your internet connection), and then click Browse. The Browse For Folder dialog box appears allowing you to select the source of they updates.
126
37. Click <systempartition>\WSUS Synthetic, and then click OK. The Deploy Software Updates Wizard Download Location dialog box appears displaying the configured source folder. 38. Click Next. The Deploy Software Updates Wizard Language Selection dialog box appears allowing you to configure which languages updates should be downloaded for. Notice that the default is the same as you configured during the configuration of the software update point. 39. Click Next to accept the configured languages. The Deploy Software Updates Wizard Deployment Schedule dialog box appears allowing you to configure when the update deployment will be made available to clients, and when the deployment becomes mandatory. Notice that the default values are to become available now, and become mandatory in two weeks time. Also notice that Wake on LAN is not enabled for this deployment, and updates can only be deployed within any configured maintenance windows for the targeted collection. 40. Click Next to accept the default values. The Deploy Software Updates Wizard Summary dialog box appears indicating you have successfully completed the wizard. 41. Click Next. The Deploy Software Updates Wizard Progress dialog box appears displaying the progress of the deployment, which includes the downloading of each update to be deployed, and creating the deployment template and deployment package. When complete, the Deploy Software Updates Wizard Wizard Completed dialog box appears displaying the status on each phase of the deployment. 42. Verify that each phase of the process was successful, and then click Close. The Configuration Manager Console appears displaying the list of critical updates in the results pane.
In the following procedure, you will verify the software update deployment objects created.
Note Complete this procedure on the Configuration Manager primary site server only.
127
3. In the tree pane, expand Deployment Templates, and then click Standard update deployment template. The Standard update deployment template information appears in the results pane. Notice the template name and description. You can use this template for future deployments and not have to complete all the pages of the DSUW. 4. In the tree pane, expand Deployment Packages, expand Critical Updates, and then click Software Updates. The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is those you selected prior to launching the DSUW. 5. In the tree pane, expand Deployment Packages, expand Critical Updates, and then click Distribution Points. The distribution points assigned to this deployment package appears in the results pane. Notice that this matches the distribution points you selected in the DSUW. 6. In the tree pane, expand Deployment Packages, expand Critical Updates, expand Package Status, and then click Package Status. The deployment status of the deployment package to the assigned distribution points appears in the results pane. Notice that deployment package has been successfully deployed (listed as Installed) to the only distribution point in our site.
In the following procedure, you will install the update on the client computer. For the lab, you will force the client to check for new advertisements instead of waiting for the automated detection to occur.
Note Complete this procedure on each client computer that is to receive the update (which may include the site server computer).
128
5. Click OK. This causes the Configuration Manager client to check for new policies. When it has finished the check, the update will be available for installation. This is an attended update, so you will see the new Configuration Manager user interface. Note It will take a few minutes for the policy to be downloaded and evaluated before the software update will be available. A Software Updates Installation icon appears in the System Tray indicating that new software updates are available, that they will be installed automatically after the configured optional period (two weeks in our case) and that a system restart may be required to complete the installation. 6. In the System Tray, double-click the Software Updates Installation icon. The ConfigMgr - Software Update Management dialog box appears. Notice the default values of IT Organization and Protecting your PC. These are configurable in the Software Updates Client Agent. Notice also that ConfigMgr detected multiple update for the client, and that you can perform an express or custom installation. 7. Click Install to perform an express installation of the updates. The updates are applied to the system. It will take some time for the updates to be applied, and the status to be reported through state messages. Your updates may require a system restart. Note It will take a few minutes for the new state messages to be sent to the site. Wait a few minutes here before proceeding to exercise 5.
129
Exercise 5 Validating Current Software Update Compliance In this exercise, you will validate that the update has been deployed successfully. You will begin by generating reports for analysis and reporting of Microsoft update status, and then will validate using the Software Updates node.
Note Complete this exercise from the Configuration Manager site server.
130
9. Click All Systems. The Management 1 - Updates required but not deployed Report Information appears in the results pane allowing configuration of the prompted values. 10. After Vendor, click Values. A Select Value dialog box appears displaying the available vendors. In our case, the options are <your_variable_here>,, Local Publisher and Microsoft. 11. Click <your_variable_here>. The Management 1 - Updates required but not deployed Report Information appears in the results pane allowing configuration of the prompted values. 12. After Update Class, click Values. A Select Value dialog box appears displaying the available update classes. Notice that the classes are the same as configured in Configuration Manager for synchronization with WSUS. 13. Click Critical Updates. The Management 1 - Updates required but not deployed Report Information appears in the results pane displaying the configured prompted values. 14. Click Display. A ConfigMgr Report window appears. Notice the report displays information for the appropriate update, including the article ID, bulletin ID, title, the number of clients requiring the update, and information URLs for the collection members. Notice also that there are some updates listed as being required but not yet deployed. 15. Close the ConfigMgr Report window. The Software updates that are required, but not yet deployed Report Information appears in the results pane.
In the following procedure, you will view the updated status data for the Microsoft update directly from the Configuration Manager Console.
Note Complete this step from the primary site server with the Configuration Manager Console running.
131
2. In the Actions pane, click Run Home Page Summarization. This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a moment to complete. Note It will take a moment for the summarization process to complete. Wait for a moment before refreshing the home page. 3. In the Actions pane, click Refresh. The home page is refreshed. You now will set the values to identify current status of the deployed updates. 4. In the results pane, configure the Vendor to <your_variable_here> (perhaps choose Microsoft) , configure the Update classification to <your_preference>, configure the Month and year to <a_specific_date>, and then click Go. The Software Update Compliance Status Summary information appears in the details pane. Notice that the update status now reflects that the three updates were successfully installed to the Configuration Manager client, and are now compliant. 5. In the tree pane, expand Software Updates, expand Update Repository, and then expand Critical Updates (or some other preference), and then click All Updates. The Critical Updates (or your choice you made above) information appears in the results pane. Notice that updates are displayed for the selected month. This displays the current status for the updates for the current month, including bulletin ID, article ID, name, status of compliance, severity, size and other information. 6. In the Look for box, type English Updates and then click Find Now. The results for the search for English updates appear in the results pane. Notice that only the specific updates are displayed. 7. In the Actions pane, click Refresh. Notice that the updates are now compliant. 8. In the tree pane, expand Deployment Packages, expand Critical Updates, and then click Software Updates. The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is displayed along with the status of the updates. You should see some changes in the compliance as a result of the distribution. You have now explored a simple scenario for deploying Microsoft updates in Configuration Manager. There are many other aspects in the software updates role for Configuration Manager that youll experience outside this simple scenario.
132
Section 7: Managing Custom Application Updates using Systems Center Configuration Manager 2007
Objectives
After completing this section, you will be able to:
Install the System Center Updates Publisher. Create a catalog for a custom update. Import a catalog for a synthetic application (if available download required). Publish custom catalog information to Configuration Manager for scanning. Perform a scan for custom updates. Analyze required updates. Distribute an update using Configuration Manager. Use Configuration Manager Reporting to report update status.
In this lab, you need a Configuration Manager 2007 primary site server and a Configuration Manager client. These could be the same computer. You can have additional Configuration Manager clients if you want to scan for and deploy updates to multiple client platforms. The machines for this section include a Windows Server 2003 SP2 site server configured as a WSUS 3.0 server and Configuration Manager software update point (<yourSMSServer>) and a Windows XP SP2 Professional client
133
Note Complete this procedure from the primary site server computer only.
134
Exercise 1 Installing the System Center Updates Publisher In this exercise, you will install the System Center Updates Publisher. This is one of the tools in the Configuration Manager source.
Note Complete this exercise from the primary site server computer.
135
Exercise 2 Synchronizing Custom Updates with Configuration Manager In this exercise, you can create a custom catalog that will be imported into Configuration Manager for scanning with the standard Configuration Manager software updates scan process. You can also import 3rd party catalogs that contain updates, available from the System Center website on Microsoft.com (http://www.microsoft.com/systemcenter)
Note Complete this procedure from the Configuration Manager site server.
136
13. In the Comparison box, click Greater Than or Equal To. 14. In the Major Version box, type 5 15. In the Minor Version box, type 1 16. In the SP Major Version box, type 1 17. In the SP Minor Version box, type 0 18. In the Build Number box, type 2600 19. In the Product Type box, click Workstation, and then click OK. This creates a rule to identify Windows XP SP1 and later systems. The Create Update Wizard Define Prerequisite Rules dialog box appears displaying the rule created. 20. Click Add Rule (button with a +). The Add Rule dialog box appears prompting for the type of rule to create. 21. Click Create Basic rule, and then in the Rule Type box, click Windows Version. The Add Rule dialog box appears expands to allow for configuration of a Windows Version rule. 22. In the Comparison box, click Less Than or Equal To. 23. In the Major Version box, type 5 24. In the Minor Version box, type 1 25. In the SP Major Version box, type 2 26. In the SP Minor Version box, type 0 27. In the Build Number box, type 2600 28. In the Product Type box, click Workstation, and then click OK. This creates a rule to identify Windows XP SP2 and earlier systems. The Create Update Wizard Define Prerequisite Rules dialog box appears displaying the rule created. Notice that you now have two rules, with an Or operator for the two rules. We want this to be an And operator. This will allow the rule to filter out all operating systems that are not Window XP SP1 or Windows XP SP2. 29. Under Operation, select And from the drop down list, and then click Add Rule (button with a +). The Add Rule dialog box appears prompting for the type of rule to create. 30. Click Create Basic rule, and then in the Rule Type box, click Windows Language. The Add Rule dialog box appears expands to allow for configuration of a Windows Language rule. 31. In the Language box, click English, and then click OK. The Create Update Wizard Define Prerequisite Rules dialog box appears displaying the rule created. 32. Make sure both operators are set to And, and then click Next.
137
The Create Update Wizard Select Package dialog box appears prompting the location and type of update to be deployed. 33. In the Installer Type box, click Command Line Installation (.exe).
138
34. Click Browse. The Select File dialog box appears prompting the location of update to be deployed. 35. At this point you can choose anything you would like to test this available feature. For example, making a copy of any install such as a Windows update you have will be fine. Once completed, open the path to that file. The Create Update Wizard Select Package dialog box appears prompting the location and type of update to be deployed. 36.In the Download URL (or UNC) box, type \\<yourSMSServer>\<SCUP install location> \yourfile.exe Notice the default values for success and pending reboot return codes as well as default command line switch for unattended installation are not provided for command line installations as they are for Windows Installer updates. 37. In the Success Return Codes box, type 0 38. In the Command line (quiet) box, type I and then click Next. The Create Update Wizard Define Applicability Rules dialog box appears prompting for information on how to identify the file to be updated. You will a create rule to apply this update to only clients without a specific registry value configured. 39. Click Add Rule (button with a +). The Add Rule dialog box appears prompting for the type of rule to create. 40. Click Create Basic rule, and then in the Rule Type box, click Registry Value Exists. The Add Rule dialog box appears expands to allow for configuration of a Registry Value Exists rule. 41. After Rule Type, click Not rule. 42. In the Registry Path box, type HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ yourfile.exe 43. In the Registry value box, type Installed 44. In the Registry value type box, click REG_SZ. 45. Click Save your rule as, and then in the Save your rule as box, type Update Test Registry Check and then click OK. This creates a rule to identify systems that do not have the specific registry value configured. If the value is not present, that indicates the update is required. The Create Update Wizard Define Applicability Rules dialog box appears prompting for information on how to identify the file to be updated. Notice that your one rule is now displayed. 46. Click Next. The Create Update Wizard Define Installed Rules dialog box appears prompting for information on how to identify whether or not the file is already installed. Notice that there are no default rules.
139
47. Click Add Rule (button with a +). The Add Rule dialog box appears prompting for the type of rule to create. 48. Click Use existing rule, and then in the Rule Type box, click Update Test Registry Check. The rule you just created is imported and is now used to validate whether or not the update has already been deployed. However, you need to clear the Not rule configuration, so that it evaluates correctly for the query. 49. After Rule Type, click to clear Not rule, and then click OK. The Create Update Wizard Define Installed Rules dialog box appears displaying your configured rule. 50. Click Next. The Create Update Wizard Summary dialog box appears indicating the wizard is ready to create the update. 51. Click Next. The update is created. When complete, the Create Update Wizard Confirmation dialog box appears indicating the update was created successfully. 52. Click Close. The System Center Updates Publisher window appears. Notice that the SCCM Lab vendor appears in the tree pane.
In the following procedure, you will configure the custom update to be published to Configuration Manager.
Note Complete this procedure from the primary site server only with the System Center Updates Publisher window active.
140
In the following procedure, you will import two 3rd party catalogs to be published to Configuration Manager.
Note Complete this procedure from the primary site server only with the System Center Updates Publisher window active.
141
In the following procedure, you will configure the System Center Updates Publisher to synchronize updates with WSUS so that Configuration Manager can synchronize the updates as with Microsoft Updates.
Note Complete this procedure from the primary site server only with the System Center Updates Publisher window active.
142
In the following step, you will force the custom update to be published to Configuration Manager.
Note Complete this step from the primary site server only with the Configuration Manager Console window active.
143
9. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane. 10. In the Actions pane, click Run Home Page Summarization. This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a minute to complete. Note It will take a minute for the summarization process to complete. Wait a moment before refreshing the console. 11. In the Actions pane, click Refresh. This will refresh the data in the software updates home page. 12. In the tree pane, expand Software Updates, click Update Repository, and then in the Actions pane, click Refresh. This will update the Update Repository node to include Security Updates, in addition to the Critical Updates and Service Packs that had already been synchronized. Remember that you had configured the Synthetic Software Update to be a Security Update. 13. In the tree pane, expand Software Updates, expand Update Repository, expand <your chosen update>, and then click All Updates. The security updates synchronized with Configuration Manager are displayed in the results pane.
144
Exercise 3 Generating Status of Custom Updates on the Configuration Manager Client In this exercise, you will force the client to run a scan cycle to identify applicable and installed updates, both Microsoft Updates as well as custom updates.
Note Complete this procedure from each of the Configuration Manager client computers. If you have multiple computers in the site, you can complete this procedure on all collection members but must complete this on at least one client.
145
In the following procedure, you will verify that the Configuration Manager client computer has successfully reported software update compliance data.
Note Complete this procedure from the primary site server with the Configuration Manager Console running. Do not begin this procedure for a few minutes to allow time for the client to complete the scan process.
146
Exercise 4 Generating Software Update Compliance Reports for Custom Updates In this exercise, you will use generate reports for analysis and reporting of the custom software update status.
147
9. Click Display. A ConfigMgr Report window appears. Notice the list of security updates available for the Configuration Manager client computer. As the only security update synchronized is the custom update <your_update_you_created> there is only data available for one update. Notice the information in the report includes the vendor, update class, bulletin ID, article ID, title, whether the computer is compliant with the update, the update ID, and an information URL. 10. Close the ConfigMgr Report window. The Compliance 6 - Specific computer Report Information appears in the results pane displaying the designated computer name, vendor and update class. 11. In the tree pane, click Reports. The list of available reports appears in the results pane. 12. In the results pane, click Compliance 2 - Specific software update, and then in the Actions pane, under Compliance 2 - Specific software update, click Run. The Compliance 2 - Specific software update Report Information appears in the results pane. Notice this is a prompted report, and requires the collection to report on and update. 13. After Collection ID, click Values. The Select Value dialog box appears displaying the list of available collections. 14. Click All Systems. The Compliance 2 - Specific software update Report Information appears in the results pane allowing configuration of the prompted values. 15. After Update, Title, Bulletin ID or Article ID, click Values. A Select Value dialog box appears displaying the available updates. Notice that the list includes all updates synchronized with WSUS, including the Synthetic Software Update. 16. Click <your_update_you_created> The Compliance 2 - Specific software update Report Information appears in the results pane displaying the configured prompted values. 17. Click Display. A ConfigMgr Report window appears. Notice the report displays information for the synthetic update, including the article ID, bulletin ID, title, the number of clients requiring the update, and information URLs for the collection members. Notice that you have one client that requires the update, and one client that does not require it. 18. Click the left arrow next to the <vendor_name_you_created> The Compliance 7 - Specific software update states report appears displaying the number of clients in various states for this update. Notice that you have one client with a state of Update is required and one client with a state of Update is not required.
148
19. Click the left arrow next to Update is required. The Compliance 9 - Computers in a specific compliance state for an update report appears displaying the number of clients that require this software update. Notice that the Windows XP client, <yourSMSClient>, is the only one that is listed. 20. Close the ConfigMgr Report window. The Compliance 2 - Specific software update Report Information appears in the results pane.
149
Exercise 5 Software Update Deployment Options In this exercise, you will distribute a specific update using Configuration Manager and the software updates management feature. The lab procedures will use a synthetic update.
Note Complete this procedure from the Configuration Manager site server with the Configuration Manager Console running.
150
12. Under Distribution points, click <site code> to select all distribution points in the site, and then click OK. The Deploy Software Updates Wizard Distribution Points dialog box appears displaying the distribution points to distribute the package to. Notice that the local site server (as a distribution point) is listed. 13. Click Next. The Deploy Software Updates Wizard Download Location dialog box appears allowing you to configure whether or not to download updates automatically from the Internet or to retrieve them from a network location. 14. Click Download software updates from the Internet to pull the updates from the published location (which was configured to a UNC path on the site server in the custom catalog), and then click Next. The Deploy Software Updates Wizard Language Selection dialog box appears allowing you to configure which languages updates should be downloaded for. Notice that the default is the same as you configured during the configuration of the software update point. 15. Click Next to accept the configured languages. The Deploy Software Updates Wizard Set Deployment Schedule dialog box appears allowing you to configure when the update deployment will be made available to clients, and when the deployment becomes mandatory. Notice that the default values are to become available now, and become mandatory in two weeks time. Also notice that Wake on LAN is not enabled for this deployment, and updates can only be deployed within any configured maintenance windows for the targeted collection. Click Next to accept the default values. The Deploy Software Updates Wizard Summary dialog box appears indicating you have successfully completed the wizard. 16. Click Next. The Deploy Software Updates Wizard Progress dialog box appears displaying the progress of creating the deployment. When complete, the Deploy Software Updates Wizard Wizard Completed dialog box appears displaying the status on each phase of the deployment. 17. Verify that each phase of the process was successful, including the download of the update file, and then click Close. The Configuration Manager Console appears displaying the list of security updates in the results pane, which only includes the one synthetic update.
151
In the following procedure, you will verify the software update deployment objects created.
Note Complete this procedure on each client computer that is to receive the update (the update is only applicable to the Windows XP client computer however you can retrieve policies on both of your systems).
152
4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. This causes the Configuration Manager client to check for new policies. When it has finished the check, the update will be available for installation. This is an attended update, so you will see the new Configuration Manager user interface. Note It will take a few minutes for the policy to be downloaded and evaluated before the software update will be available. A Software Updates Installation icon appears in the System Tray of the Windows XP client computer indicating that new software updates are available, that they will be installed automatically after the configured optional period (two weeks in our case) and that a system restart may be required to complete the installation. 6. In the System Tray, double-click the Software Updates Installation icon. The ConfigMgr - Software Update Management dialog box appears. Notice the default values of IT Organization and Protecting your PC. These are configurable in the Software Updates Client Agent. Notice also that Configuration Manager detected a single update for the client, and that you can perform an express or custom installation. 7. Click Install to perform an express installation of the updates. The update is applied to the system. It will take a few minutes for the update to be applied, and the status to be reported through state messages. Your update may require a reboot this will vary by package. Note It will take a minute for the update to be deployed and updated state messages to be sent. Wait a few minutes before moving onto the next exercise.
153
Exercise 6 Validating Current Software Update Compliance In this exercise, you will validate that the update has been deployed successfully. You will begin by generating reports for analysis and reporting of Microsoft update status, and then will validate using the Software Updates node.
154
report appears displaying the number of clients that have installed this software update. Notice that the Windows XP client, <yourSMSClient>, is the only one that is listed. 11. Close the ConfigMgr Report window. The Compliance 2 - Specific software update Report Information appears in the results pane.
In the following procedure, you will view the updated status data for the custom update directly from the Configuration Manager Console.
Note Complete this step from the primary site server with the Configuration Manager Console running.
155
6. In the Actions pane, click Refresh. Notice that the update is now compliant. 7. In the tree pane, expand Deployment Packages, expand <your update> and then click Software Updates. The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is displayed along with the status of the updates. You should see some changes in the compliance as a result of the distribution. You have now explored another scenario in System Center Configuration Manager software updates management that being the ability to distribute updates for 3rd party and custom applications just as easily as you can do so for Microsoft updates.
156
Section 8: Implementing Desired Configuration Management in System Center Configuration Manager 2007
Objectives
After completing this section, you will be able to:
Create a configuration item for compliance. Import pre-created configuration items from the System Center Pack website. Create baselines for assignment. Assign baselines to collections. Verify compliance for the assigned baselines.
Prerequisites
Before working on this lab, one virtual computer should be booted as a Microsoft Windows Server 2003 SP1 computer installed as a Configuration Manager primary site server <yourSMSServer>. The second virtual computer is booted as a Windows XP Professional SP2 client installed as a Configuration Manager client in the Configuration Manager site <yourSMSClient> . Configuration Packs are available for download from the System Center web site, located here. http://www.microsoft.com/systemcenter .
157
Note Complete this procedure from the primary site server computer only.
158
Exercise 1 Creating and Importing Configuration Items In this exercise, you will configure configuration items, which are used to identify specific configurations for determining compliance. You will begin by manually creating a configuration item.
Note Complete this procedure from the primary site server computer only.
159
9. Click OK. The Create Application Configuration Item Wizard Identification dialog box appears allowing the configuration of the CI. Notice that the information you supplied is displayed. 10. Click Next. The Create Application Configuration Item Wizard Detection Method dialog box appears allowing you to configure the method of detection for this configuration item. Notice that the default option is to assume the application is always installed, however you can also do detection via Microsoft Installer or a VB script. 11. Verify that Always assume application is installed is selected, and then click Next. The Create Application Configuration Item Wizard Objects dialog box appears allowing you to configure the configuration item you want to monitor compliance with. This configuration is if you wish to check security (Access Control Lists) on objects instead of the object settings themselves. 12. Click Next to not define objects for security checks. The Create Application Configuration Item Wizard Settings dialog box appears allowing you to configure the settings for the configuration item you want to monitor compliance with. 13. Click New. A new menu appears with various options for configuring the object. 14. Click Registry. The New Registry Setting Properties dialog box appears allows the configuration of the registry value to query. 15. In the Display name box, type SCCM Install Directory 16. In the Hive box, verify that HKEY_LOCAL_MACHINE is displayed. 17. In the Key box, type SOFTWARE\Microsoft\SMS\Client\Configuration\Client Properties 18. In the Value name box, type Local SMS Path and then click the Validation tab. The New Registry Setting Properties dialog box appears allows the configuration of the registry value for validation. 19. In the Data Type box, verify that String is displayed, and then click New. The Configure Validation dialog box appears allows the configuration of the registry value for validation. 20. In the Name box, type Install folder 21. In the Operator box, verify that Equals is displayed. 22. In the Value box, type <systempartition>\Windows\System32\Ccm\ Note Be sure to include the trailing backslash, as that is how it is stored in the Registry.
160
23. In the Severity box, click Warning, and then click OK. The New Registry Setting Properties dialog box appears displaying the rule for validation. 24. Click OK. The Create Application Configuration Item Wizard Settings dialog box appears displaying the settings you are using for this application rule. 25. Click Next. The Create Application Configuration Item Wizard Applicability dialog box appears allowing you to configure the client operating systems that this rule is appropriate for. Notice that by default, the rule is applicable for all Windows operating systems. 26. Click Next to use all Windows platforms. The Create Application Configuration Item Wizard Summary dialog box appears indicating it is ready to create the configuration item. 27. Click Next. The configuration item is created, and then the Create Application Configuration Item Wizard Wizard Completed dialog box appears indicating that the configuration item was successfully created. 28. Click Close. The list of configuration items, which are used to create configuration baselines, appears in the results pane. Notice that your configuration item is now listed.
In the following procedure, you will import pre-created configuration items that will be used to create a configuration baseline.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
161
3. Click Add. The Open dialog box appears allowing you to select the file to import. The Configuration Pack downloads are located here: http://www.microsoft.com/systemcenter Download these to be used in this section. 4. If you have downloaded any Configuration Packs, path to your downloaded CPs and then click Open. A Microsoft Management Console Security Warning message box may appear for some Configuration Packs, indicating the publisher of the file Windows Server 2003 SP1.cab could not be validated and prompting to run the cab file anyway. 5. Click Run. A Microsoft Management Console Security Warning message box may appear indicating the publisher of the Windows XP SP2.cab file could not be validated and prompting to run the cab file anyway. 6. Click Run. The Import Configuration Data Wizard Choose Files dialog box appears displaying the files to import. Notice that the two selected files are listed to be imported. 7. Click Next. The Import Configuration Data Wizard Summary dialog box appears indicating that there are two configuration items ready to be imported. 8. Click Finish. 9. The list of configuration items appears in the results pane. Notice that there are now three configuration items listed. To create an Operating System Configuration Item for the next section follow the next set of steps. 10. To create an Operating System Configuration Item, Select the Desired Configuration Management section within your Configuration Manager console, and expand to show the two subsections. 11. Select Configuration Items, and in the Actions pane, select New, Operating System Configuration Item. 12. The Create Operating System Configuration Item Wizard launches. In the Dialog box that appears, type in the name of the Operating System Configuration Item you intend to create. 13. In the Description dialog box, place the name a short description of the Operating System Configuration Item you are creating. You are also able to select existing or create new Categories in the same window. Select Next when complete. 14. In the next step, you begin to have some choices. For example, you may Specify a particular Windows Operating System by description in the drop down menu, or specify more granular details of an Operating System, such as Major/Minor versions, Build numbers, Service Pack version (major or minor). This particular customization can be very useful for organizations that may have their own build revisions that they monitor and
162
administrate outside of Microsoft official releases. Select Next when complete. 15. In the next step, you also have the option of adding additional objects you may want to use to verify an Operating System version. Some customers or partners for example use elements such as Registry key values. This section is optional. Select Next when complete. 16. In the next step, you have the option of querying additional resources from places such as Active Directory, registry and others. This is an optional step. Select Next when complete. 17. The final step in the wizard is a summary Detail list. Here you can review your choices, and also you have the option of going to Previous steps if modifications are needed. Select Next when complete. 18. Once the Wizard finished the Configuration Item creation, you will be given a Details page. Select Close when complete. You have now created an Operating System Configuration Item that you may reference later in your evaluation.
163
Exercise 2 Creating Configuration Baselines In this exercise, you will create configuration baselines that will be used to determine compliance of your Configuration Manager clients.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
164
10. Click Next. The configuration baseline is created. When complete, the Create Configuration Baseline Wizard Wizard Completed dialog box appears indicating the configuration baseline was successfully created. 11. Click Close. The list of configuration baselines appears in the results pane. Notice that the operating system configuration baseline is displayed.
In the following procedure, you will create a configuration baseline to check for the Configuration Manager client configuration. You can also add the an Operating Systems baseline to the new baseline.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
165
8. Under Name, click SCCM Client, and then click OK. The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears allowing the configuration of the rules that are used to validate the baseline. Notice that the SCCM Client configuration item is now listed under application and general. 9. Under Rules, click configuration baselines. The Choose Configuration Baselines dialog box appears allowing you to select the configuration baselines potentially already created. You may only see one configuration baseline listed, which is the Operating Systems configuration baseline you created earlier. You can add one baseline as a requirement of another one. This is a very powerful feature of Desired Configuration Management, allowing the nesting of Parent and Child relationships to exist, and for Configuration Items and Baselines to have relationships. 10. Under Name, click Client Operating Systems, and then click OK. The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears displaying the rules for the new configuration baseline. Notice that both the SCCM Client configuration item and the Client Operating Systems baseline are added as rules. 11. Click Next. The Create Configuration Baseline Wizard Summary dialog box appears indicating it is ready to create the configuration baseline. 12. Click Next. The configuration baseline is created. When complete, the Create Configuration Baseline Wizard Wizard Completed dialog box appears indicating the configuration baseline was successfully created. 13. Click Close. The list of configuration baselines appears in the results pane. Notice that both the Operating System and SCCM Client configuration baselines are displayed.
166
Exercise 3 Scanning Configuration Manager Clients for Compliance In this exercise, you will generate compliance data for your Configuration Manager clients. You will begin by assigning the configuration baselines to the appropriate collections.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
167
8. Click Next. The assignment process completes, and then the Assign Configuration Baseline Wizard Wizard Completed dialog box appears indicating the process was successful. 9. Click Close. The list of configuration baselines appears in the results pane. 10. In the tree pane, expand Site Database, expand Computer Management, and then click Desired Configuration Management. The Desired Configuration Management home page appears in the results pane. Notice that by default, the home page displays configuration baselines that are reported as being out of compliance with at least a Severity of Error. Notice also that there are no items to display, as no configuration baselines have been deployed. 11. In the results pane, after Minimum severity, click None. The Desired Configuration Management home page appears in the results pane. Notice that the home page displays configuration baselines that have no compliance data reported, which includes your configuration baselines. As you scan your clients, and receive compliance data from them, data will appear in the home page.
In the following procedure, you will initiate the retrieval of policies on your SCCM client computers. Desired configuration management baselines are delivered to clients through policies.
Note Complete this procedure from each of the Configuration Manager client computers in the site.
168
6. Click OK. It will take a couple of minutes for the client to download the policies and then implement them. Wait at least two minutes before moving onto the next step. 7. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 8. Click the Configurations tab. The Configuration Manager Properties dialog box displays the configuration baselines assigned to the client. Notice that by default there are now two configuration baselines assigned to the client. Depending on which client you are looking at, the SCCM Client configuration baseline may be listed as not being compliant (the site server computers Configuration Manager client is installed in C:\Program Files\SMS_CCM\ instead of C:\Windows\System32\Ccm\). 9. Click OK.
In the following procedure, you will view the compliance status of each Configuration Manager client for the two configuration baselines.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
169
4. In the results pane, under Name, click SCCM Client. The Summary compliance by configuration baseline report appears in the results pane. Notice that it reports that you have one compliant and one non-compliant system reporting for this baseline. 5. Click the arrow to the left of SCCM Client. The Compliance details for a configuration baseline by configuration item report appears in the results pane. Notice that this report displays each configuration item and the state of each configuration item at each client. 6. Click the arrow to the left of the SCCM Client configuration item. The Summary compliance for a configuration item by computer report appears in the results pane. Notice that it displays an entry for each SCCM client reporting status for this baseline. Notice that it displays the baseline name, version, configuration item, configuration type, desired state, compliance state, and applicability and detected states for each client. 7. Click the arrow to the left of SCCM Client, for the Computer Name of <yourSMSServer>, and the Actual Compliance State of Non-Compliant. The Non-compliance details for a configuration item on a computer report appears in the results pane. Notice that it displays the results of this configuration item on this specific client. If you scroll to the right, youll see the current value of the key, which is why the item is listed as non-compliant. This is expected, as the SCCM client was installed into the management point folder, not the normal client folder. 8. In the tree pane, expand Site Database, expand Computer Management, and then click Desired Configuration Management. 9. In the results pane, in the list of baselines, under Severity, click None. This will select the Operating System baseline but not launch a report that would happen if you clicked the Operating Systems baseline name under Name. The Desired Configuration Management home page displays the results of the Operating Systems baseline in the pie chart. Notice that all clients have reported that they are compliant with this baseline. The Configuration Manager Console window appears. You have now used Configuration Manager 2007 to monitor compliance of systems using the desired configuration management feature of Configuration Manager. You created and imported configuration items, created configuration baselines, assigned the baselines to collections, scanned clients for compliance, and reported system compliance through the DCM home page and reports.
170
Whats new
Setup experience In Configuration Manager 2007, Asset Intelligence is fully integrated into the setup experience. This means that the knowledge base catalog as well as all reports are installed during SCCM 2007 setup and are no longer treated as optional components. To avoid unintentional or unnecessary data collection, we ship the Asset Intelligence reporting classes in a disabled state, and it is up to you to decide which reporting classes to enable. Note: If you do not enable the Asset Intelligence reporting classes, reports will contain no data and will instead display a message stating:"No matching records could be found". Additional reports We have added additional reports and functionality that can be broken into the following high level buckets:
Recent Usage Inventory: o SCCM metering agent will inventory the last time any executable was running in the user context. o Data returned through hardware inventory. o Additional reports will help you answer the When was the last time this was used? question. Auto-created Metering Rules: o Last Usage Inventory can be used to auto-create full metering rules which you can decide to enable. o Simplifies the process of creating metering rules. Asset Change Summarization: o A summary of changes to computer assets is stored in a central table. o Managing deltas help reduce the complexity of asset management. o Additional reports help you answer the What has changed recently in my environment? question. Client Access Licenses usage tracking for Microsoft Windows and Exchange: o Both User and Device CALs usage is tracked. o Based on Security audit logs. o Additional reports answer the who used up the CALs , when did they do that questions.
Performance enhancements Several performance enhancements were included in this release of Asset Intelligence with special optimization for large environments. These include a wide range of changes from more efficient data
171
collection to fewer reporting Joins. The end result is a faster, more robust product. Data enhancements As the heart of Asset intelligence is the knowledge base catalog, we invested effort in adding additional titles, cleaning up older ones as well work around title schema rationalization. Several fixes we introduced to address issues we discovered in SMS 2003 SP3, which resulted in higher quality data to work with.
Asset Intelligence data collection is controlled via SCCM WMI classes. These classes are contained in the SMS_DEF.MOF and each classes correlates to specific report(s). By default, these classes are disabled and you will need to enable the ones that control report you wish to utilize. Note: Enabling classes increases the bandwidth consumed by the inventory process. Likewise, disabling classes will decrease the bandwidth consumed by the inventory process but, will adversely affect the reports that depend upon that class for data. For more information, see the Microsoft TechNet article Customizing with MOF Files (http://go.microsoft.com/fwlink/?LinkId=87301). The following classes are available and are listed with the reports that depend on them. If you want to utilize a given report, you must enable the WMI class on which it depends. Note: If you are upgrading from Systems Management Server 2003 Service Pack 3, and Asset Intelligence is already installed and enabled, then Asset Intelligence data collection will remain enabled.
The classes that support Asset Intelligence functionality are listed below with the reports that depend on them for data.
SMS_InstalledSoftware
This class tracks information about installed software. The following reports are dependent on this class: License 1C - Computers with a specific Microsoft License Ledger Item and Sales Channel Software 1A - Summary of Installed Software in a Specific Collection Software 2A - Software Families Software 2B - Software Categories with a Family Software 2C - Software by Category and Family Software 2D - Computers with a Specific Software Product Software 2E - Installed Software on a Specific Computer Software 3A - Uncategorized Software Software 6A - Search for Installed Software
SMS_InstalledSoftwareMS
This class tracks information specifically about installed Microsoft software. The following reports are dependent on this class: License 1A - Microsoft License Ledger for Microsoft License Statements License 1B - Microsoft License Ledger Item by Sales Channel License 1C - Computers with a specific Microsoft License Ledger Item and Sales Channel License 1D - Microsoft License Ledger products on a specific computer
SMS_SystemConsoleUsage
This class polls the System Security Event Log for information about all console usage. The following reports are dependent on this class: Hardware 1A - Summary of Computers in a Specific Collection
172
Hardware 2B - Computers within an age range with a collection Hardware 3A - Primary computer users Hardware 3B - Computers for a Specific Primary Console User Hardware 4A - Shared (multi-user) Computers Hardware 5A - Console Users on a Specific Computer Hardware 6A - Computers for Which Console Users Could not be Determined Hardware 7C - Computers with a Specific USB Device Hardware 8A - Hardware that is Not Ready for a Software Upgrade Hardware 9A - Search for computers License 1C - Computers with a specific Microsoft License Ledger Item and Sales Channel License 2B - Computers with Licenses Nearing Expiration License 3B - Computers with a Specific License Status License 4B - Computers with a Specific Product Managed by Software Licensing Service Software 2D - Computers with a Specific Software Product Software 4B - Computers with a Specific Auto-Start Software Software 5B - Computers with a Specific Browser Helper Object
SMS_SystemConsoleUser
This class polls the System Security Event Log for information about specific console users. The following reports are dependent on this class: Hardware 3A - Primary computer users Hardware 3B - Computers for a Specific Primary Console User Hardware 4A - Shared (multi-user) Computers Hardware 5A - Console Users on a Specific Computer All CAL Reports Note: This class only reads the last 90 days of the event log, regardless of the length of the log. If the log has less than 90 days of data, the entire log is read. In addition to enabling this class, you will also need to enable audits on these servers. To enable the auditing of Logon/Logoff policy you will need to go to the Local Security Settings->Local Policies -> Audit Policy -> Audit logon events and allow Success auditing.
SMS_AutoStartSoftware
This class tracks information about software that starts automatically with the operating system. The following reports are dependent on this class: Software 4A - Auto-Start Software Software 4B - Computers with a Specific Auto-Start Software Software 4C - Auto-Start Software on a Specific Computer
SMS_BrowserHelperObject
This class tracks browser helper objects. While some browser helper objects are beneficial, most software considered "malware" is in the form of browser helper objects. The following reports are dependent upon this class: Software 5A - Browser Helper Objects Software 5B - Computers with a Specific Browser Helper Object Software 5C - Browser Helper Objects on a Specific Computer
173
Win32_USBDevice
This class tracks devices connected to USB ports. The following reports are dependent upon this class: Hardware 7A - USB Devices by Manufacturer Hardware 7B - USB Devices by Manufacturer and Description Hardware 7C - Computers with a Specific USB Device Hardware 7D - USB Devices on a Specific Computer
SMS_Processor
This is an existing SMS class to which new properties have been added to provide more complete data about processors. The following reports are dependent upon this class: Hardware 1A - Summary of Computers in a Specific Collection Hardware 2A - Estimated Computer Age by Ranges within a Collection Hardware 2B - Computers within an age range with a collection Hardware 8A - Hardware that is Not Ready for a Software Upgrade Hardware 9A - Search for computers
SMS_InstalledExecutable
This class is not currently used to support existing Asset Intelligence reports. However, it can be enabled to support custom reports.
SMS_SoftwareShortcut
This class is not currently used to support existing Asset Intelligence reports. However, it can be enabled to support custom reports.
SoftwareLicensingService
This class is specific to Windows Vista. For more information, see the Microsoft TechNet article Windows Vista Volume Activation 2.0 Technical Attributes (http://go.microsoft.com/fwlink/?LinkId=87205). The following reports are dependent upon this class: License 2C - License Information on a Specific Computer License 5A - Computers Acting as a Key Management Service
SoftwareLicensingProduct
This class is specific to Windows Vista. For more information, see the Microsoft TechNet article Windows Vista Volume Activation 2.0 Technical Attributes (http://go.microsoft.com/fwlink/?LinkId=87205). The following reports are dependent upon this class: License 2A - Count of Licenses Nearing Expiration by Time Ranges License 2B - Computers with Licenses Nearing Expiration License 2C - License Information on a Specific Computer License 3A - Count of Licenses by License Status License 3B - Computers with a Specific License Status License 4A - Count of Products Managed by Software Licensing License 4B - Computers with a Specific Product Managed by Software Licensing Service Note: In addition to this, we will provide more in-depth cover to rach of the classes in the SCCM 2007 SDK documentation. Exercise 1 Editing the SMS_Def.mof First we will need to enable the Asset Intelligence reporting classes. The SMS_def.mof file consists of a list of
174
classes and attributes. You can find the file on the SCCM site server, in the \SMS\Inboxes\Clifiles.src\Hinv folder. For Configuration Manager, the path is C:\Program Files\Microsoft Configuration Manager\. When you open the file, you will see the following format: //************************************************************************** //* Class: SMS_InstalledSoftwareMS //* Derived from: (nothing) //* //* Key = SoftwareCode //* //* This Asset Intelligence class provides specific to Installed Microsoft Software information. //* //************************************************************************** [ dynamic, provider("AAInstProv"), SMS_Report(TRUE), SMS_Group_Name ("Installed Software MS"), SMS_Namespace (TRUE), SMS_Class_ID ("MICROSOFT|INSTALLED_SOFTWARE_MS|1.0") ] class SMS_InstalledSoftwareMS : SMS_Class_Template { [SMS_Report (TRUE), key] string SoftwareCode; [SMS_Report (TRUE)] string ProductCode; [SMS_Report (TRUE)] string MPC; [SMS_Report (TRUE)] string ChannelID; [SMS_Report (TRUE)] string ChannelCode; }; Note: The highlighted line (i.e. SMS_Report) acts as the on/off switch, indicating whether or not the class is to be reported in SMS inventory. Classes that are set to TRUE are collected and those set to FALSE are not. However, there is an exception: if a class is set to TRUE (as it is in the example above), then any attributes with the key property are collected, even if the individual attribute is set to FALSE. You can use Notepad to modify the SMS_def.mof file. If there are attributes and classes that you no longer want to collect, set them to FALSE. If you want to add attributes, set them to TRUE. After you have complied and tested the file, you can replace the default SMS_def.mof file by replacing the file in the \SMS\Inboxes\Clifiles.src\Hinv folder on the site server. For Configuration Manager, the path is C:\Program Files\Microsoft Configuration Manager\. From there, it is sent to each client in your site. Note: Hardware inventory will require time to start, collect and send data to the site server. While this is taking place, you can explore the new Asset Intelligence reports or enable the logon audit to allow for additional data collection (e.g. for CAL usage).
A key question you will need to answer before enabling these classes in Production will be network
175
bandwidth. Based on testing we did, the anticipated range for a client is about 54KB-75KB (thats for a machine that has 60 installed applications, 11 auto-start items etc (see breakdown in table)). Example of # Installed item 60 14 1 2 11 2 0 1 0 0 0 0
Class SMS_InstalledSoftware SMS_InstalledSoftwareMS SMS_SystemConsoleUsage SMS_SystemConsoleUser SMS_AutoStartSoftware SMS_BrowserHelperObject Win32_USBDevice SMS_Processor SMS_InstalledExecutable SMS_SoftwareShortcut SoftwareLicensingService SoftwareLicensingProduct
Payload Size (Bytes) 1047 290 330 294 681 589 606 496 739 775 813 401
File Size (Bytes) 62791 4065 330 589 7495 1178 0 496 0 0 0 0
76944 When testing Asset Intelligence, you can use these numbers guidelines to start the evaluation. It is important to note that true to life testing (e.g. using a production image of a client) will yield the best approximation for production time rollout. Examine the hardware inventory files as they come from the client to perform this analysis.
In this section, we encourage you to explore the new Asset Intelligence reports.
Hardware Reports
Three new hardware reports help identify computers that have changed since the last inventory cycle. The changes identified in these reports include both hardware and software changes. For more information, see the SCCM help file under Hardware Reports.
Software Reports
Six new software reports extend previous inventory capabilities by adding software metering. These new reports identify recently used executables, which users ran them, and the devices on which the executables were run. For more information, see the SCCM help file under Hardware Reports. Exercise 2 Viewing and Running Reports
176
1. Log on as administrator with a password of password. 2. On the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 3. In the console tree, expand Site Database, expand Computer Management, expand Reporting, and then click Reports. 4. On the Look For filter, type Asset Intelligence and hit Enter. You now see all 57 Asset Intelligence reports. Note: After Hardware Inventory runs and sends data to the SCCM site database, information will become available for you to generate the different reports. The reporting structure is similar in most cases, where report 1A provides a high level view and then allows drill-down.
polices, and then force a Hardware Inventory Cycle. Click on a report (e.g. Software 02A Software Families) In the Actions pane click Run In the Collection box, type SMS00001 (All Systems) In the Family box, type OS (if desired) To generate the report, click on Display
Note: Each batch of reports may require different variables. To see the possible options, you can click on the Values box to see a menu that you can select from.
During testing it is important that you cover key scenarios and examine the results carefully. Asset Intelligence offers a powerful set of tools and you need to see what can and cant be done in this release.
Additional Resources
The Asset Intelligence Forum: http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=1816&SiteID=17 System Center Configuration Manager in-the-box help file System Center Configuration Manager On-line: http://technet.microsoft.com/enus/configmgr/default.aspx
177