System Center Configuration Manager 2007: Reviewers Guide

System Center Configuration Manager 2007
Reviewers Guide
Microsoft Corporation Published: 10/2/2007 Updated: 11/2/2007
Executive Summary
The intent of this whitepaper is to provide a framework for the evaluation of System Center Configuration Manager 2007. System Center Configuration Managerpreviously known as Systems Management Server represents a tremendous advancement over its well-regarded predecessor, now providing the control necessary to more effectively manage change in today's dynamic IT infrastructures. Manage the full deployment and update lifecycle with streamlined, policy-based automation; with enhanced insight into, and control over, assets and systems compliance; and with optimization for Windowsparticularly Windows Server 2008 and Windows Vistaand extensibility to customized administration experiences and third-party applications.
Microsoft System Center
2006 Microsoft Corporation. All rights reserved. This document is developed prior to the products release to manufacturing, and as such, we cannot guarantee that all details included herein will be exactly as what is found in the shipping product. The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. The information represents the product at the time this document was printed and should be used for planning purposes only. Information subject to change at any time without prior notice. wThis whitepaper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Microsoft, Active Directory, Windows, the Windows logo, and Windows Server System are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. All other trademarks are property of their respective owners.
Contents
Executive Summary ................................................................................................................................................................ 1 Navigation ................................................................................................................................................................................ 7 Windows Vista .........................................................................................................................................................................................7 Section 1: Exercise 5 Upgrading Clients to Configuration Manager ........................................................................7 Section 2: Exercise 3 Installing an SCCM Client .................................................................................................................7 Section 2: Exercise 3 Reporting Configuration Manager 2007 Client Deployment Status ..............................7 Section 5: Exercise 2 - Creating a Capture Media Task Sequence ................................................................................7 Section 5: Exercise 3 - Creating an Image of the Windows Vista Reference Computer .......................................7 Section 5: Exercise 4 - Deploying an OS Image Using Configuration Manager 2007 ..........................................7 Section 5: Exercise 5 - Installing the Image at the Target Client Computer .............................................................7 Section 5: Exercise 6 - Viewing Status for the Image Deployment ...............................................................................7 Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management ......................................................................................................................................................................................7 Section 7: Exercise 5 - Software Update Deployment Options ......................................................................................7 The Datacenter ........................................................................................................................................................................................7 Section 4: Exercise 1 - Configuring Maintenance Windows on Collections ..............................................................8 Section 4: Exercise 2 - Implementing the Maintenance Windows on the Configuration Manager Clients 8 Section 4: Exercise 3 - Distributing Software to the Configuration Manager Clients............................................8 Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management ......................................................................................................................................................................................8 Section 7: Exercise 5 - Software Update Deployment Options ......................................................................................8 Security .......................................................................................................................................................................................................8 Section 2: Exercise 1 - Preparing Active Directory for SCCM 2007 Integration .......................................................8 Section 4: Exercise 1 - Configuring Maintenance Windows on Collections ..............................................................8 Section 6: Exercise 1 - Configuring Configuration Manager Integration with WSUS ...........................................8 Section 6: Exercise 2 - Generating Update Status on the Configuration Manager Client ...................................8 Section 6: Exercise 3 - Generating Software Update Compliance Reports ................................................................8 Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management ......................................................................................................................................................................................8 Section7: Exercise 1 - Installing the System Center Updates Publisher.......................................................................8 Section7: Exercise 2 - Synchronizing Custom Updates with Configuration Manager...........................................8 Section 7: Exercise 3 - Generating Status of Custom Updates on the Configuration Manager Client...........8 Section 7: Exercise 4 - Generating Software Update Compliance Reports for Custom Updates ......................8 Section 7: Exercise 5 - Software Update Deployment Options ......................................................................................8 Section 8: Exercise 1 - Creating and Importing Configuration Items ..........................................................................8 Section 8: Exercise 2 - Creating Configuration Baselines ..................................................................................................8 Section 8: Exercise 3 - Scanning Configuration Manager Clients for Compliance .................................................8 Asset Intelligence ....................................................................................................................................................................................8
Section 9: Exercise 1 Editing the SMS_Def.mof ....................................................................................................................9 Section 9: Exercise 2 Viewing and Running Reports ..........................................................................................................9 Branch and Remote Management ..................................................................................................................................................9 Section 2: Exercise 3 Installing an SCCM 2007 Client ....................................................................................................9 Section 2: Exercise 4 - Reporting Configuration Manager 2007 Client Deployment Status .............................9 Section 4: Exercise 1 - Configuring a Branch Distribution Point ...................................................................................9 Section 4: Exercise 2 - Distributing Software to the Configuration Manager Client.............................................9 Section 5: Exercise 1 - Configuring Maintenance Windows on Collections .............................................................9 Introduction .......................................................................................................................................................................... 10 Evaluating Configuration Manager 2007 .................................................................................................................................. 10 The Microsoft Virtual Hard Disk Program ................................................................................................................................. 10 Configuration Manager Supported Configurations .............................................................................................................. 10 Client Hardware Requirements ................................................................................................................................................ 11 Supported Client Platforms ....................................................................................................................................................... 11 Mobile Device Client .................................................................................................................................................................... 12 SMS Client Embedded Operating System Support ......................................................................................................... 12 Configuration Manager 2007 Site Server System Requirements ..................................................................................... 13 Site System Hardware Requirements .................................................................................................................................... 13 Supported Site System Platforms.................................................................................................................................................. 13 Unsupported Client Platforms ................................................................................................................................................. 15 Unsupported Site Server Platforms .............................................................................................................................................. 15 Configuring SQL Server Site Database Replication in Configuration Manager 2007 .............................................. 16 Active Directory Schema Extensions ............................................................................................................................................ 16 Multi-Site Clients ................................................................................................................................................................................. 16 Support for Windows Server Clustering ..................................................................................................................................... 16 Support for Specialized Storage Technology ........................................................................................................................... 16 Storage Area Network Support ............................................................................................................................................... 16 Single Instance Storage Support ............................................................................................................................................. 17 Removable Disk Drive Support ................................................................................................................................................ 17 Computers in Workgroups .............................................................................................................................................................. 17 Remote Assistance Console Sessions..................................................................................................................................... 18 Fast User Switching ....................................................................................................................................................................... 18 Dual Boot Computers .................................................................................................................................................................. 18 Virtual Machines ............................................................................................................................................................................ 18 Interoperability Between Configuration Manager and SMS 2003 Sites........................................................................ 18 Section 1 : Upgrading SMS 2003 SP2 to System Center Configuration Manager 2007 .................................... 20 Objectives ............................................................................................................................................................................................... 20 Prerequisites .......................................................................................................................................................................................... 20 Exercise 1 Identifying an SMS 2003 stallation ................................................................................................................. 22
Exercise 2 Preparing to Upgrade SMS 2003 SP2 to Configuration Manager ...................................................... 22 Exercise 3 Upgrading SMS 2003 SP2 to Configuration Manager............................................................................. 27 Exercise 4 Identifying a Configuration Manager Installation ..................................................................................... 30 Exercise 5 Upgrading Clients to Configuration Manager ............................................................................................ 31 Section 2: Deploying System Center Configuration Manager 2007 ....................................................................... 38 Objectives ............................................................................................................................................................................................... 38 Prerequisites .......................................................................................................................................................................................... 38 Exercise 1 Preparing Active Directory for SCCM 2007 Integration ........................................................................ 38 Exercise 2 Installing Microsoft Configuration Manager 2007................................................................................... 42 Exercise 3 Installing an SCCM 2007 Client ....................................................................................................................... 47 Exercise 4 Reporting Configuration Manager 2007 Client Deployment Status ................................................ 54 Section 3: Implementing Branch Distribution Points in System Center Configuration Manager 2007......... 56 Objectives ............................................................................................................................................................................................... 56 Prerequisites .......................................................................................................................................................................................... 56 Exercise 1 Configuring a Branch Distribution Point ....................................................................................................... 58 Exercise 2 Distributing Software to the Configuration Manager Client ................................................................ 60 Section 4: Implementing Maintenance Windows for Software Distribution in System Center Configuration Manager 2007....................................................................................................................................................................... 71 Objectives ............................................................................................................................................................................................... 71 Prerequisites .......................................................................................................................................................................................... 71 Exercise 1 Configuring Maintenance Windows on Collections ................................................................................. 73 Exercise 2 Implementing the Maintenance Windows on the Configuration Manager Clients .................... 77 Exercise 3 Distributing Software to the Configuration Manager Clients ............................................................... 79 Section 5: Deploying Operating System Images Using System Center Configuration Manager 2007 .......... 89 Objectives ............................................................................................................................................................................................... 89 Before You Begin ................................................................................................................................................................................. 89 Exercise 1 Preparing the Environment for Configuration Manager OSD .............................................................. 91 Exercise 2 Creating a Capture Media Task Sequence.................................................................................................... 98 Exercise 3 Creating an Image of the Windows Vista Reference Computer ........................................................100 Exercise 4 Deploying an OS Image Using Configuration Manager 2007............................................................102 Exercise 5 Installing the Image at the Target Client Computer ................................................................................108 Exercise 6 Viewing Status for the Image Deployment .................................................................................................110 Section 6: Managing Microsoft Updates with System Center Configuration Manager 2007 ........................ 112 Objectives .............................................................................................................................................................................................112 Before You Begin ...............................................................................................................................................................................112 Exercise 1 Configuring Configuration Manager Integration with WSUS ..............................................................114 Exercise 2 Generating Update Status on the Configuration Manager Client .....................................................120 Exercise 3 Generating Software Update Compliance Reports ..................................................................................122 Exercise 4 Distributing Software Updates Using Configuration Manager Software Update Management
............................................................................................................................................................................................................124 Exercise 5 Validating Current Software Update Compliance ....................................................................................130 Section 7: Managing Custom Application Updates using Systems Center Configuration Manager 2007 . 133 Objectives .............................................................................................................................................................................................133 Before You Begin ...............................................................................................................................................................................133 Exercise 1 Installing the System Center Updates Publisher ........................................................................................135 Exercise 2 Synchronizing Custom Updates with Configuration Manager ............................................................136 Exercise 3 Generating Status of Custom Updates on the Configuration Manager Client .............................145 Exercise 4 Generating Software Update Compliance Reports for Custom Updates ........................................147 Exercise 5 Software Update Deployment Options .........................................................................................................150 Exercise 6 Validating Current Software Update Compliance ....................................................................................154 Section 8: Implementing Desired Configuration Management in System Center Configuration Manager 2007 ................................................................................................................................................................................................ 157 Objectives .............................................................................................................................................................................................157 Prerequisites ........................................................................................................................................................................................157 Exercise 1 Creating and Importing Configuration Items ...........................................................................................159 Exercise 2 Creating Configuration Baselines ...................................................................................................................164 Exercise 3 Scanning Configuration Manager Clients for Compliance ..................................................................167 Section 9: Implementing Asset Intelligence in System Center Configuration Manager 2007 ............................. 171 Overview ...............................................................................................................................................................................................171 Whats new ...........................................................................................................................................................................................171 Setup experience .........................................................................................................................................................................171 Additional reports .......................................................................................................................................................................171 Performance enhancements ...................................................................................................................................................171 Data enhancements ...................................................................................................................................................................172 Enabling the Asset Intelligence Reporting Classes ..............................................................................................................172 A Description of the Different Classes ......................................................................................................................................172 Exercise 1 Editing the SMS_Def.mof ....................................................................................................................................174 Estimating network Impact based on Reporting Classes ..................................................................................................175 Asset Intelligence Reports ..............................................................................................................................................................176 Exercise 2 Viewing and Running Reports ..........................................................................................................................176 Additional Resources .......................................................................................................................................................................177
Navigation
Within this evaluation kit you will find comprehensive evaluation guidance for System Center Configuration Manager 2007. In order to better suit your interests we have provided here for you a navigation checklist for some specific technology areas. Each of these modules is designed to assist you in your evaluation of a more specific feature that may cross multiple capabilities within the product. We hope this assists you in your evaluation of Configuration Manager, and we would welcome your comments. For each of these modules please follow the guidance for more specific sections and exercises.
Windows Vista
System Center Configuration Manager 2007 brings incredible value to your desktop estate. From planning, to deployment, to configuration management once in production, Configuration Manager drives return on your Windows desktop investment by enabling a secure, well managed infrastructure fabric to support your increasingly mobile client environment. We would like you to view the power of Configuration Manager for the desktop by evaluating a few capabilities. Configuration Manager client deployment, Windows Operating System deployment, Hardware and Software Inventory, as well as Desired Configuration Management, Software distribution and Software Update Management are key areas to reducing the cost of your desktops, increasing the security of your business, and supporting the demands for flexibility and mobility in an ever increasing wireless and mobile network. The below exercises will demonstrate for you the features specific to desktop management and security. Section 1: Exercise 5 Upgrading Clients to Configuration Manager Section 2: Exercise 3 Installing an SCCM Client Section 2: Exercise 3 Reporting Configuration Manager 2007 Client Deployment Status Section 5: Exercise 2 - Creating a Capture Media Task Sequence Section 5: Exercise 3 - Creating an Image of the Windows Vista Reference Computer Section 5: Exercise 4 - Deploying an OS Image Using Configuration Manager 2007 Section 5: Exercise 5 - Installing the Image at the Target Client Computer Section 5: Exercise 6 - Viewing Status for the Image Deployment Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management Section 7: Exercise 5 - Software Update Deployment Options
The Datacenter
System Center Configuration Manager 2007 is not just for desktops. There have been some significant features developed specifically with a Datacenter focus. From planning and building servers, to deployment Operating System including provisioning roles and specific capabilities, to managing your servers and workloads through security, corporate and regulatory compliancy requirements. System Center Configuration Manager 2007 in your Datacenter helps you gain automation, configuration control, and SLA performance success by managing your business needs, workload requirements and geographic challenges from one console. We would like to highlight for you the abilities Configuration Manager has for your datacenter with some capability demonstrations highlighted below. Operating System Deployment is a major focus in datacenters today, and simplifying the management of the steps and tasks associated with server design, build and provisioning, significantly reduces the costs of server deployment. Managing drivers is another challenge, and the Driver Catalog brings together the right tools you need to import, manage, collect and distribute the drivers your hardware needs to be running at peak performance. Once in production, Configuration Manager drives more value to your datacenter with abilities to manage your desired configurations, software updates and when change is required, tools to maximize your SLA agreements scheduling activities to minimize the business impact.
Section 4: Exercise 1 - Configuring Maintenance Windows on Collections Section 4: Exercise 2 - Implementing the Maintenance Windows on the Configuration Manager Clients Section 4: Exercise 3 - Distributing Software to the Configuration Manager Clients Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management Section 7: Exercise 5 - Software Update Deployment Options
Security
Security is a large focus for the business of any size, and System Center Configuration Manager 2007 brings security and control to all aspects of the modern organization. From the desktop to the datacenter, Configuration Manager weaves seamless security integration across every aspect of its capabilities. Whether it be deploying updates with an operating system activity, or delivering critical patches in an explicitly targeted, scheduled fashion, Configuration Manager gives you the ability to blanket your organization in a controlled manner with only the updates you require. This release of Software Update Management supports all of the categories from Microsoft, as well as providing the tools to deliver updates of 3rd party and Line of Business applications to those in office locations, branches and remote or internet based connections. System Center Configuration Manager supports Network Access Protection in Windows Server 2008, so for those critical updates you can limit network connectivity until Health Validation is successful. But security is not just about delivering updates. Security is also about how processes occur. Using certificate relationships, introducing network perimeter health validation, encryption of data transfer and storage, as well as supporting the broad scenarios your end users encounter such as internet connectivity or remote access points, across desktops, laptops and devices are important to you. Through all of this your business must remain productive, flexible and efficient while driving your security to new levels. Configuration Manager provides you this capability, helping you define process automation, configuration baselines and update strategies that meet your business needs. Below we highlight for you some examples of how Configuration Manager improves security for your business. In the following exercises we will demonstrate these capabilities, and show you how System Center Configuration Manager 2007 is the best choice for managing your business needs. Section 2: Exercise 1 - Preparing Active Directory for SCCM 2007 Integration Section 4: Exercise 1 - Configuring Maintenance Windows on Collections Section 6: Exercise 1 - Configuring Configuration Manager Integration with WSUS Section 6: Exercise 2 - Generating Update Status on the Configuration Manager Clien Section 6: Exercise 3 - Generating Software Update Compliance Reports Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update Management Section7: Exercise 1 - Installing the System Center Updates Publisher Section7: Exercise 2 - Synchronizing Custom Updates with Configuration Manager Section 7: Exercise 3 - Generating Status of Custom Updates on the Configuration Manager Client Section 7: Exercise 4 - Generating Software Update Compliance Reports for Custom Updates Section 7: Exercise 5 - Software Update Deployment Options Section 8: Exercise 1 - Creating and Importing Configuration Items Section 8: Exercise 2 - Creating Configuration Baselines Section 8: Exercise 3 - Scanning Configuration Manager Clients for Compliance
Asset Intelligence
Information technology expenditures comprise an increasing portion of IT budgetsIT assets can often account for more than half of an enterprises total asset base. With the changing nature of todays technology
and the complexity of network environments, enterprises find it difficult to track the IT assets they own. Without an accurate record of their IT assets, it is impossible for enterprises to determine if IT is providing value and to meet financial, regulatory and license compliance requirements. System Center Configuration Manager 2007 includes hardware and software inventory and software metering capabilities that help IT organizations understand exactly what hardware and software assets they have, who is using them, and where they are. Asset Intelligence translates the inventory data into information, providing rich reports that IT administrators can use to optimize hardware and software usage. This information is paramount to organizations planning their Windows Vista upgrade strategy. With Configuration Manager 2007, companies can make informed decisions about their IT assets, improve IT operations and mitigate compliance risks. We would like to demonstrate for you the abilities of the Asset Intelligence feature in System Center Configuration Manager 2007 with some exercises on configuring and reporting. As you navigate through these exercises, you will be shown how to configure the Asset Intelligence infrastructure as well as learn how to access the wealth of reports available. Section 9: Exercise 1 Editing the SMS_Def.mof Section 9: Exercise 2 Viewing and Running Reports
Branch and Remote Management
System Center Configuration Manager 2007 has extended scenario support for todays modern business beyond the corporate network. Infrastructure improvements within Configuration Manager now provide depth and breadth support to both low bandwidth branch environments, as well as mobile workforces. Configuration Manager now delivers management services to the branch environment by enabling the ability to dedicate non server class systems in a branch as part of the distribution infrastructure (such as a desktop class PC). This drastically reduces the need for remote infrastructure to provide management services to clients, enabling the ability to extend the secure well managed environment of Configuration Manager to geographically distributed network locations. Configuration Manager also has improved the support for the mobile workforce, by providing support for Internet Based Client Management services. The trend of laptop purchase and remote working increases the importance of being well managed, and Configuration Manager answers this challenge by using readily available internet connectivity for management services. We would like to demonstrate this to you by walking through a collection of exercises that show these capabilities. Section 2: Exercise 3 Installing an SCCM 2007 Client Section 2: Exercise 4 - Reporting Configuration Manager 2007 Client Deployment Status Section 4: Exercise 1 - Configuring a Branch Distribution Point Section 4: Exercise 2 - Distributing Software to the Configuration Manager Client Section 5: Exercise 1 - Configuring Maintenance Windows on Collections
Introduction
Welcome to the System Center Configuration Manager 2007 Reviewer Guide. The intent of this paper is to guide you through an evaluation of the product, including: Setup Configuration Feature evaluation The intent of this reviewers guide is to preview the product in a non production environment, and is not intended for production infrastructure. Due to the testing and potential broadcast or delivery of software updates, applications, operating systems, or policy, discovery or broadcasting of network traffic, it is not recommended to utilize this guidance for any real world deployment. For additional support and guidance on the deployment in production for your organization, please visit the new and improved Technet Technical library, where all product documentation and guidance is located. The link for this resource is: http://technet.microsoft.com/en-us/configmgr/default.aspx
Evaluating Configuration Manager 2007
The evaluation of a robust, comprehensive management toolset such as Configuration manager requires infrastructure to be managed. In other words, simply reviewing an installation of the product may not satisfy your needs. In order to provide a comprehensive review of Configuration Manager, you may want to perform actual deployments of software, updates, or operating systems, in addition to reporting. To better assist your review the structure of this guide has been based on some assumptions for the evaluation environment. You have downloaded the evaluation version of System Center Configuration Manager 2007. This can be found at the following link: o http://technet.microsoft.com/en-us/configmgr/bb736730.aspx You have a configured physical or virtual system that meets the minimum requirements of Configuration Manager. Your test environment has Active Directory installed You have appropriate credentials for your test environment.
The Microsoft Virtual Hard Disk Program
As an alternative to preparing your own server installation, the VHD program is an option where you can download a time-bomb version of installed and configured System Center Configuration Manager 2007. If you have an installed environment ready for evaluation, this guide will still be of use, however exercises such as Configuration Manager Upgrade or Configuration Manager Install will not need to be done. These are referred to as Exercise 0 in each section. The Microsoft VHD format is a common virtualization file format that provides a uniform product support system, and provides more seamless manageability, security, reliability and cost-efficiency for customers. Using the power of virtualization, you can now quickly evaluate Microsoft and partner solutions through a series of pre-configured Virtual Hard Disks (VHDs). You can download the VHDs and evaluate them for free in your own environment without the need for dedicated servers or complex installations. System Center is represented in this program, and System Center Configuration Manager is available at the following link. http://www.microsoft.com/downloads/details.aspx?familyid=469af3b8-849d-4400-bded9024c3db759f&displaylang=en
Configuration Manager Supported Configurations
10
Configuration Manager 2007 introduces changes to supported Microsoft Windows client system requirements from previous versions of Systems Management Server. Client Hardware Requirements The following table lists the minimum and recommended hardware requirements for Configuration Manager 2007 computer clients. For information about device client requirements, see Mobile Device Client later in this section.
Hardware Component Processor RAM Free Disk Space Requirement 233 MHz minimum (300 MHz or faster Intel Pentium/Celeron family, or comparable processor recommended) 128 MB minimum (256 MB or more recommended, 384 MB required when using operating system deployment) 350 MB minimum for a new installation, 265 MB minimum to upgrade an existing client (by default, the temporary program download folder on clients is preconfigured at client installation to automatically increase to 5GB if necessary and if 5 GB or more is available.). This space is not used until required for a download, so not immediately needed.
Supported Client Platforms Supported Configuration Manager 2007 client installation requires at least Windows 2000 Professional Service Pack 4. The following table lists the minimum Configuration Manager 2007 supported client operating systems. Note Microsoft provides support on the current service pack, and in some cases the immediately preceding service pack. To find the support timelines for your product, visit the Lifecycle Supported Service Packs Web site at http://go.microsoft.com/fwlink/?LinkId=31975. For additional information about Microsofts support lifecycle policy, visit the Microsoft Support Lifecycle Support Policy FAQ Web site at http://go.microsoft.com/fwlink/?LinkId=31976. The following table is a breakdown of the operating system support in System Center Configuration Manager 2007. Operating System Windows 2000 Professional Service Pack 4 Windows XP Professional Service Pack 2 Windows XP Professional for 64-bit Systems Windows Vista Business Edition Windows Vista Enterprise Edition Windows Vista Ultimate Edition Windows 2000 Server Service Pack 4 Windows 2000 Advanced Server Service Pack 4 Windows 2000 Datacenter1 Service Pack 4 Windows Server 2003 Web Edition, Service Pack 1 Windows Server 2003 Standard Edition Service Pack 1 Windows Server 2003 Enterprise Edition Service Pack 1 Windows Server 2003 Datacenter Edition1 Service Pack 1, 2 Windows Server 2003 R2 Standard Edition x86 Y Y N Y Y Y Y Y Y Y Y Y Y Y x64 N N Y Y Y Y N N N N Y Y Y Y IA64 N N N N N N N N N N Y Y Y Y
11
Windows Server 2003 R2 Enterprise Edition Y Y Y Windows Embedded for Point of Service (WEPOS) Y N N Windows Fundamentals for Legacy PCs (WinFLP) Y N N Windows XP Embedded SP2 Y N N Windows XP Tablet PC SP2 Y N N 1Datacenter releases are supported, but not certified, for Configuration Manager 2007. Hotfix support is not offered for Windows Datacenter Server edition specific issues. Note Configuration Manager 2007 support for x64 and IA64 systems is through 32-bit code running on 64-bit operating systems. Mobile Device Client The Mobile Device Client requires 0.78 MB of storage space to install. In addition, mobile device management logging on the mobile device can require 256 KB of storage space. The mobile device client is supported on the following platforms: Windows Mobile for Pocket PC 2003 Windows Mobile for Pocket PC 2003 Second Edition Windows Mobile for Pocket PC Phone Edition 2003 Windows Mobile for Pocket PC Phone Edition 2003 Second Edition Windows Mobile Smartphone 2003 Note Password management is not supported for Windows Mobile Smartphone 2003.

Note
Windows Mobile for Pocket PC 5.0 Windows Mobile for Pocket PC Phone Edition 5.0 Windows Mobile 5.0 Smartphone Windows CE 4.2 (ARM processor only) Windows CE 5.0 (ARM and x86 processors) Windows Mobile 6 Standard Windows Mobile 6 Professional Windows Mobile 6 Classic
Password management on Windows Mobile for Pocket PC 5.0, Windows Mobile for Pocket PC Phone Edition 5.0 and Windows Mobile 5.0 Smartphone requires the Messaging and Security Feature Pack (MSPF). For more information, see the Windows Mobile Messaging and Security Feature Pack web page (http://go.microsoft.com/fwlink/?LinkId=80392).
Some Configuration Manager 2007 client features, such as operating system deployment, are not supported for the mobile device client. For more information about managing devices with Configuration Manager, see Overview of Mobile Device Management (http://technet.microsoft.com/en-us/library/bb632496.aspx). SMS Client Embedded Operating System Support Configuration Manager 2007 does not support a specific client for embedded platforms within a Configuration Manager 2007 hierarchy other than a Microsoft Systems Management Server (SMS) 2003 embedded client assigned to a child SMS 2003 primary site.
12
Configuration Manager 2007 introduces changes to supported site system requirements from previous versions. Site System Hardware Requirements The following table lists the minimum and recommended hardware requirements for Configuration Manager 2007 site systems. Hardware Component Processor RAM Free Disk Space Requirement 733 MHz Pentium III minimum (2.0 GHz or faster recommended) 256 MB minimum (1024 MB or more recommended) 5 GB minimum (15 GB or more free recommended if using operating system deployment)
Configuration Manager 2007 Site Server System Requirements
Supported Configuration Manager 2007 site system role installation, for roles other than the branch distribution point and Configuration Manager console, require at least Windows Server 2003 Service Pack 1. Configuration Manager 2007 does not support site system role installation on servers running Windows 2000 Server or Windows 2003 Server with no service pack installed. The following table lists the minimum operating systems required to support the various Configuration Manager 2007 site system roles. Note Microsoft provides support on the current service pack, and in some cases the immediately preceding service pack. To find the support timelines for your product, visit the Lifecycle Supported Service Packs Web site at http://go.microsoft.com/fwlink/?LinkId=31975. For additional information about Microsofts support lifecycle policy, visit the Microsoft Support Lifecycle Support Policy FAQ Web site at http://go.microsoft.com/fwlink/?LinkId=31976.
Supported Site System Platforms
13
Operating System
Primary Site Server
Secondary Site Server
Management Point
State Migration Point
Distribution Point
Reporting Point
Server Locator Point
Site Database Server
Software Update Point
Fallback status point
PXE service point
Configuration Manager console
Windows XP Professional Service Pack 2 Windows XP Professional for 64-bit Systems Windows Vista Business Edition Windows Vista Enterprise Edition Windows Vista Ultimate Edition Windows Server 2003 Web Edition Service Pack 1 and 2 Windows Server 2003 Standard Edition Service Pack 1 and 2
Windows Server 2003 Enterprise Edition Service Pack 1 and 2 Windows Server 2003 Standard Edition Service Pack 1 and 2 64 bit
Y1
Y1
Y1
Y1
Y1
14
Windows Server 2003 Enterprise Edition Service Pack 1 and 2 64 bit Windows Server 2003 Datacenter Edition Service Pack 1 and 2 Windows Server 2003 Storage Server Edition Service Pack 1 and 2 Windows Server 2003 R2 Standard Edition Windows Server 2003 R2 Enterprise Edition
1Only
the branch distribution point role is supported for this operating system
Note Configuration Manager 2007 support for IA64 systems is limited to the remote SQL server role. Unsupported Client Platforms The Configuration Manager client is not supported on any operating system prior to Windows 2000 Service Pack 4. Installing the Configuration Manager client is explicitly not supported on the following operating system versions: Windows 95 Windows 98 Windows Millennium Edition Windows XP Media Center Edition Windows XP Starter Edition Windows XP Home Edition Windows XP Professional, with less than Service Pack 2 applied Windows Vista Starter Edition Windows Vista Home Basic Edition Windows Vista Home Premium Edition Windows NT Workstation 4.0 Windows NT Server 4.0 Windows 2000 Server, Service Pack 3 and earlier Windows 2003 Server, with no service pack installed Windows CE 3.0 Windows Mobile Pocket PC 2002 Windows Mobile SmartPhone 2002
Unsupported Site Server Platforms
15
Configuration Manager 2007 site server roles are not supported on any operating system prior to Windows Server 2003 Service Pack 1. Configuration Manager 2007 site roles are explicitly not supported on the following operating system versions: Windows NT 4.0 Server Windows 2000 Server Windows 2003 Server, with no service pack installed
In SMS 2003, the mppublish.vbs script, supplied with the SMS 2003 installation files, was used to configure Microsoft SQL Server site database replication between the site database server and SQL Server site database replicas used to support management points and server locator points. Because Configuration Manager 2007 introduces new site database views and functions that are not replicated by the mppublish.vbs script, it is not supported for configuring SQL Server site database replication in Configuration Manager 2007 sites. For information about how to configure replication to support management points and server locator points, see How to Configure SQL Server Site Database Replication (http://technet.microsoft.com/en-us/library/bb693697.aspx). Configuration Manager 2007 Active Directory schema extensions provide many benefits for Configuration Manager 2007 sites, but they are not required. If you have extended your Active Directory schema for SMS 2003, you should update your schema extensions for Configuration Manager 2007. For more information about extending the Active Directory schema for Configuration Manager 2007, see How to Extend the Active Directory Schema for Configuration Manager (http://technet.microsoft.com/en-us/library/bb633121.aspx).. Configuration Manager 2007 clients can only be assigned and report to one site. When auto assignment is used to assign clients to a site during client installation, and more than one site has the same boundary configured, the actual site assignment of a client cannot be predicted. If boundaries overlap across multiple Configuration Manager 2007 or SMS 2003 site hierarchies, clients might not get assigned to the correct site hierarchy or may not even get assigned to a site at all. It is supported to install the site database server site system role on a Windows server failover cluster instance. It is not supported to install Configuration Manager 2007 site servers or any other site system server role on a Windows Server cluster instance. Note Physical node computers of a Windows server cluster instance can be managed as Configuration Manager 2007 clients.
Configuring SQL Server Site Database Replication in Configuration Manager 2007
Active Directory Schema Extensions
Multi-Site Clients
Support for Windows Server Clustering
Storage Area Network Support Using a Storage Area Network (SAN) is supported as long as a supported Windows server is attached directly to the volume hosted by the SAN. Configuration Manager 2007 is designed to work with any hardware that is certified on the Windows Hardware Compatibility List (HCL) for the version of the operating system that the Configuration Manager component is installed on. Configuration Manager 2007 site server roles require NTFS file systems so that directory and file permissions can be set. Because Configuration Manager 2007 assumes it has complete ownership of a logical drive when it uses naming conventions, site systems running on separate computers cant share a logical partition on any storage technology, but they could each use their own logical partition on a physical partition of a shared storage device. For more information about the use of System Area Networks and Configuration Manager 2007, see the following related Knowledge Base articles: For information about System Area Networks, see Knowledge Base article 260176 at http://go.microsoft.com/fwlink/?LinkId=66170. For information about the differences between System Area Networks and Storage Area Networks, see
Support for Specialized Storage Technology
16
Knowledge Base article 264135 at http://go.microsoft.com/fwlink/?LinkId=66171. For information about Systems Management Server and Storage Area Networks, see Knowledge Base article 307813 at http://go.microsoft.com/fwlink/?LinkId=66172.
Single Instance Storage Support Configuring distribution point package and signature folders to be configured on a Single Instance Storage (SIS) enabled volume is not supported. It is also not supported for a Configuration Manager 2007 client's cache to be configured on a SIS enabled volume. Note Single Instance Storage (SIS) is a feature of the Microsoft Windows Storage Server 2003 R2 operating system. Removable Disk Drive Support It is not supported to install Configuration Manager 2007 site system or client components on a removable disk drive. All site servers must be members of a Windows 2000 or Windows 2003 Active Directory domain. Note It is not supported to change the domain membership, or computer name, of a Configuration Manager 2007 site system after it is installed. Configuration Manager 2007 provides support for clients in workgroups. It is also supported for a client to be moved from a workgroup to a domain or from a domain to a workgroup. To support workgroup clients, the following requirements must be met: During client installation, the logged-on user must possess local administrator rights on the workgroup system. The only account that Configuration Manager 2007 can use to perform activities that require local administrator privileges is the account of the user that is logged on to the computer. The Configuration Manager client must be installed from a local source on each client machine. This requirement ensures a local source for repair and client update application will be available for the client. Workgroup clients must be able to locate a server locator point for site assignment because they cannot query Active Directory Domain Services. The server locator point can be manually published in WINS, or it can be specified in the CCMSetup.exe installation command-line parameters. Workgroup clients use the Network Access Account, downloaded as part of their machine policy, to access package source files on distribution points.
Computers in Workgroups
Important Until a workgroup client has been approved in the Configuration Manager console, it will be unable to download machine policies containing the Network Access Account information.
Although workgroup computers can be Configuration Manager 2007 clients, there are inherent limitations in supporting workgroup computers: Workgroup clients cannot reference Configuration Manager 2007 objects published to Active Directory Domain Services. For workgroup clients to locate their default management point computer, it must be registered and accessible to workgroup clients in either WINS or DNS. Active Directory system, user, or user group discovery is not possible. User targeted advertisements are not possible. The client push installation method is not supported for workgroup client installation. Using a workgroup client as a branch distribution point is not supported. Configuration Manager 2007
17
requires that branch distribution point computers be members of a domain. Remote Assistance Console Sessions Console sessions controlled by Remote Assistance are supported, except for simultaneous use of Configuration Manager Remote Tools. Invoking Remote Assistance from the Configuration Manager console requires that the Configuration Manager console computer and the client computer are running one of the following operating systems: Windows XP SP2 Windows Server 2003 SP1 or later Windows Server 2003 R2 Windows Vista (supported editions) Fast User Switching Fast User Switching, which is available in Windows XP editions not joined to a domain and Windows Vista editions, is supported in Configuration Manager 2007. Note Fast User Switching is not supported for any non-supported client platform capable of Fast User Switching, such as Windows XP Home and Windows Vista Home editions. Dual Boot Computers Configuration Manager 2007 cannot manage more than one operating system on a single computer. If there is more than one operating system on a computer that must be managed, tailor the discovery and installation methods used to ensure that the Configuration Manager client is installed only on the operating system that needs to be managed. Virtual Machines Configuration Manager 2007 support for virtual machine guest operating systems includes all supported client operating systems running on Microsoft Virtual PC or Virtual Server 2005 R2. Note Configuration Manager 2007 does not support Virtual PC or Virtual Server guests running on Macintosh. Configuration Manager 2007 cannot manage Virtual PC or Virtual Server guest operating systems unless they are running. A static Virtual PC image cannot be updated, nor can inventory be collected using the Configuration Manager client on the host computer. No special consideration is given to virtual machines. For example, Configuration Manager 2007 might not determine that an update needs to be re-applied to a virtual machine image if it is stopped and restarted without saving the version of the image to which the update was applied. Configuration Manager 2007 supports all site server roles running as virtual machines only on Microsoft Virtual Server 2005 R2.
The Configuration Manager console cannot be used to fully manage an SMS 2003 primary site. You can use an SMS 2003 Administrator console snap-in to manage SMS 2003 primary sites on a computer that does not have the Configuration Manager console installed or you can install the Configuration Manager console on a computer that already has the SMS 2003 Administrator console installed on it. There are planning considerations when hosting both consoles on the same computer that should be considered before installing a Configuration Manager 2007 console on a computer that already has the SMS 2003 Administrator console installed on it. For more information about planning for Configuration Manager 2007 console installations, see Planning for the Configuration Manager Console (http://technet.microsoft.com/en-us/library/bb693800.aspx). The Configuration Manager console can manage an SMS 2003 secondary site connected to a Configuration Manager 2007 primary parent site, with the following limitations: You cannot change the accounts or passwords of SMS 2003 secondary sites in the Configuration Manager console.
Interoperability Between Configuration Manager and SMS 2003 Sites
18
You cannot create or configure RAS sender addresses on SMS 2003 secondary sites. You cannot configure Active Directory Security Group Discovery on an SMS 2003 secondary site. SMS 2003 clients can be assigned to a Configuration Manager 2007 site, and they will be fully interoperable. Assigning Configuration Manager clients to SMS 2003 sites is not possible. Ensure that the boundaries defined for your Configuration Manager site are set properly. When installing Configuration Manager clients using auto assignment, ensure that Configuration Manager clients are not within the boundaries of an SMS 2003 site. Changes in Support from SMS 2003 SQL Server 2005 Service Pack 2 is now required to host the site database. SQL Server 7.0 and SQL Server 2000 are no longer supported to host the site database. The site database can be installed on the default or a named instance of SQL 2005 and it is supported to move the site database back to a local installation of SQL 2005 installed on the site server computer if it has been moved off of the site server computer previously. Windows Vista Business, Windows Vista Enterprise, and Windows Vista Ultimate editions are now fully supported client operating systems.
19
Section 1 : Upgrading SMS 2003 SP2 to System Center Configuration Manager 2007
Objectives
After completing this section, you will be able to:

Identify an SMS 2003 site. Use the Configuration Manager Prerequisite Check program to validate the site is ready to be upgraded. Prepare the SMS 2003 site for an upgrade to Configuration Manager. Use Configuration Manager Setup to test the SMS 2003 site database upgrade procedure. Upgrade SMS 2003 to Configuration Manager. Identify a Configuration Manager site. Upgrade SMS 2003 Advanced Clients to Configuration Manager clients.
Prerequisites
Before working on this lab, one virtual computer should be running as a Microsoft Windows Server 2003 SP1 computer installed as an SMS 2003 SP2 primary site server <your Configuration Manager Server>. A second virtual computer is booted as a Windows XP Professional client installed as an Advanced Client in the SMS 2003 site <your XP Client>.
Estimated time to complete this section: 75 minutes
20
Note Complete this procedure from the primary site server computer only.
To update the collection membership

1. Log on as administrator with a password of password. 2. On the Start menu, click SMS Administrator Console. The SMS Administrator Console window appears. 3. In the console tree, expand Site Database, expand Collections, and then click All Systems. The members of the All Systems collection appear in the details pane. Notice that the site server computer (<yourSMSServer>) and the Windows XP Professional client computer <yourSMSClient>appear as members. 4. On the Action menu, point to All Tasks, and then click Update Collection Membership. The All Systems message box appears prompting to update subcollection membership. 5. Click OK, and then on the Action menu, click Refresh. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed twice. Notice also that one of the instances is listed as being Obsolete and inactive. This is the old reference of the client. 6. In the details pane, click the topmost record for the <yourSMSClient> computer, which should be listed as an Obsolete client (scroll to the right in the details pane) and then on the Action menu, click Delete. A Confirm Delete message box appears prompting to delete the record. 7. Click Yes. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed only once. 8. Delete any other obsolete records from the All Systems collection. 9. Update the membership of the All Windows XP Systems collection. This collection will be used later in this lab to upgrade a client to Configuration Manager
21
Exercise 1 Identifying an SMS 2003 stallation In this exercise, you will verify the local site is running SMS 2003 SP2. This will be useful in determining that your site is running SMS 2003 SP2.
Note Complete this procedure from the primary site server computer only
To identify the SMS 2003 SP2 site

1. If not already running, on the Start menu, point to All Programs, point to Systems Management Server, and then click SMS Administrator Console. The SMS Administrator Console window appears. 2. In the console tree, click Site Database, and then on the Action menu, click About Systems Management Server. The About Systems Management Server dialog box appears displaying information about the local site. 3. What version of SMS is displayed? SMS 2.50 SP2 (4160) which is SMS 2003 SP2 SMS 2.50 SP2 (4253) which is SMS 2003 SP3 ________________________________________________________________________ 4. Click OK. 5. In the console tree, expand Site Database, and then click Site Hierarchy. The local site information appears in the details pane. 6. What version of SMS is installed on the local site server? 2.50.4160.2000 which is SMS 2003 SMS 2.50 SP2 (4253) which is SMS 2003 SP3 ________________________________________________________________________ 7. Close the SMS Administrator Console window.
Exercise 2 Preparing to Upgrade SMS 2003 SP2 to Configuration Manager In this exercise, you will prepare your SMS 2003 site for an upgrade to Configuration Manager. This will include running the Configuration Manager prerequisite check program to verify the site can upgrade to Configuration Manager, and testing the SMS site database upgrade. This is required for upgrade, and will be done automatically as part of the setup. It can also be done manually to prepare the site prior to stating the upgrade process.
Note Complete this exercise from the primary site server computer only
To verify the sites readiness for upgrade to Configuration Manager
22
1. Start <your SCCM eval download location> Splash.hta found in the <root> of the dir structure. The Microsoft System Center Configuration Manager 2007 Start window appears displaying available options. Notice that one of the options under Prepare is the prerequisite checker. 2. Click Run the prerequisite checker. The Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check Options dialog box appears. Notice that the default option for this site is for upgrade validation, as the checker detected an SMS 2003 site installation. 3. Click OK. The Microsoft System Center Configuration Manager Installation Prerequisite Check dialog box appears displaying the status of the site prerequisite check. This will take a few minutes to complete. When complete, notice that there are six warnings displayed. Three warnings are for missing updates which are included in Windows Server 2003 SP2 (however the site server is only running Windows Server 2003 SP1). Another warning indicates that the Active Directory schema has not been extended for Configuration Manager. Another warning is for the lack of secure key exchange configured for the current site. The final warning is that the WSUS SDK is not installed on the site server. 4. Under Prerequisite, double-click Schema extensions. The schema extension test information appears at the bottom of the dialog box. Notice that it states that while this is not required, the site will run with reduced functionality until the AD schema is updated for Configuration Manager. You will update the schema in the next step. Also notice that this is not something that the Configuration Manager Setup program can resolve automatically. 5. Start <your SCCM eval download location> \SMSSetup\Bin\I386\Extadsch.exe. A command prompt window appears as you extend the Active Directory schema for use by Configuration Manager. When the schema extension process has completed, the command prompt window closes.
23
6. In the Microsoft System Center Configuration Manager Installation Prerequisite Check dialog box, click Run Check. The Microsoft System Center Configuration Manage Installation Prerequisite Check dialog box appears displaying the status of the site prerequisite check. This will take a few minutes to complete. When complete, notice that there are now five warnings displayed. There are three for missing updates, one for secure key exchange, and one for the WSUS SDK. Notice also that the warning for the Active Directory schema extensions is no longer listed. As these are only warnings, and not failures, you can proceed with the upgrade. 7. Click OK to close the Microsoft System Center Configuration Manager Installation Prerequisite Check dialog box.
In the following procedure, you will create a backup of the SMS 2003 SP2 site database and test the upgrade of the database.
To create a backup of the SMS site database

1. On the Start menu, point to All Programs, point to Microsoft SQL Server 2005, and then click SQL Server Management Studio. A Connect to Server dialog box appears. 2. Click Next to connect to the local SQL Server, <yourSMSServer>. The Microsoft SQL Server Management Studio window appears. 3. In the tree pane, expand Databases, right-click SMS_sitecode, and then point to Tasks. A new menu appears. 4. Click Back Up. The Back Up Database SMS_sitecode dialog box appears. 5. In the Database box, verify that SMS_sitecode is listed, and then click Add. The Select Backup Destination dialog box appears. 6. In the File name box, add SMSTest to the end of the supplied path, and then click OK. The Back Up Database SMS_sitecode dialog box appears displaying the new backup device. 7. Click OK. The database is backed up. When complete, a Microsoft SQL Server Management Studio message box appears indicating the backup completed successfully. 8. Click OK. The Microsoft SQL Server Management Studio window appears. 9. In the tree pane, right-click Databases, and then click New Database. The New Database dialog box appears.
24
10. In the Database name box, type <sitecode>Backup and then click OK. The new database is created. When complete, the list of databases appears in the Microsoft SQL Server Management Studio window. 11. In the tree pane, right-click <sitecode>Backup, and then on point to Tasks. A new menu appears. 12. Point to Restore, and then click Database. The Restore Database - <sitecode>Backup dialog box appears. 13. In the From database box, click SMS_<sitecode>. Notice that the recent backup information appears in the list of backup sets for the <your_db_name> database. Restoring the <your_db_name> backup to the <your_db_name> Backup database will allow you to test the upgrade on the <your_db_name> database, but not upgrade the SMS site database (<your_db_name>). 14. In the To database box, click <sitecode>Backup. This sets the restore to go from the <your_db_name> database backup to the new <your_db_name> Backup database. 15. In the tree pane, click Options. The Restore Database - <sitecode>Backup dialog box appears displaying options for the restore process. 16. Under Restore options, click Overwrite the existing database. 17. Under Restore the database files as, click the ellipsis button () after SMS_< sitecode >_Data.MDF. The Locate Database Files dialog box appears. 18. In the File name box, type <your SCCM install path> \<sitecode>Backup.mdf and then click OK. The Restore Database - <sitecode>Backup dialog box appears. 19. Under Restore the database files as, click the ellipsis button () after SMS_<sitecode>__Log.LDF. The Locate Database Files dialog box appears. 20. In the File name box, type (this is an example location) <systempartition> \SMSData\<your_db_name> Backup.ldf and then click OK. The Restore Database - <sitecode>Backup dialog box appears. Notice that both the database and log files are now configured to restore to new files. 21. Click OK. The database is backed up. When complete, a Microsoft SQL Server Management Studio message box appears indicating the backup completed successfully. 22. Click OK. The Microsoft SQL Server Management Studio window appears. 23. Close the Microsoft SQL Server Management Studio window.
25
In the following procedure, you will run Configuration Manager Setup with a special command line option to test the upgrade of the database.
Note Complete this procedure from the primary site server computer only. This process can take a number of minutes (potentially 15) depending on the hardware used. If you dont want to take the time to complete this test, you can skip this procedure in the lab. However, it is highly recommended that you do perform a database upgrade test in your environment prior to attempting an upgrade.
To test an upgrade of the SMS site database

1. Start a command prompt, and then change to the <your SCCM eval download location> \SMSSetup\Bin\I386 folder. A command prompt window appears. 2. In the command prompt window, type Setup.exe /testdbupgrade <your_db_name>backup The Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check dialog box appears. Notice that there is a new button available, Begin TestDBUpgrade. 3. Click Begin TestDBUpgrade. The testing of the database upgrade takes a few minutes to complete. When the database upgrade test completes, a Configuration Manager 2007 message box appears indicating the upgrade was successful. Note There is no user interface while the database upgrade test is running. However you can start Task Manager to monitor Setup.exe, as well as to wait for the Configuration Manager 2007 message box to appear when the test has completed. 4. Click OK, and then open C:\ConfigMgrSetup.log. Notepad appears and displays the contents of the ConfigMgrSetup.log file. 5. Search for <sitecode>backup. Notepad displays the first occurrence of <sitecode>backup. Notice that the reference is to the testdbupgrade command. A few lines later, notice a reference to Testing database upgrade on <sitecode>backup database, on the <yourSMSServer> server. These lines are the indication that Setup is being run to test the database upgrade process. 6. Scroll to the bottom of the log file.
26
7. What is the last line logged in the file? TestDBUpgrade is done ________________________________________________________________________ If the ConfigMgrSetup.log file displays the success message, your database can be upgraded to Configuration Manager. 8. Close Notepad. Your site has passed the Configuration Manager Installation Prerequisite Check test, as well as the database upgrade test. Your site should be able to upgrade to Configuration Manager successfully.
Exercise 3 Upgrading SMS 2003 SP2 to Configuration Manager In this exercise, you will upgrade your SMS 2003 site to Configuration Manager.
To upgrade an SMS 2003 site to Configuration Manager

1. Start <your SCCM eval download location>\Splash.hta. The Microsoft System Center Configuration Manager 2007 Start window appears displaying available options. 2. Under Install, click Configuration Manager 2007. The Welcome to the System Center Configuration Manager 2007 Setup Wizard dialog box appears. 3. Click Next. The Microsoft System Center Configuration Manager 2007 Available Setup Options dialog box displays options for installation, which include an upgrade or uninstall. 4. Click Upgrade an existing Configuration Manager or SMS 2003 Installation, and then click Next. The Microsoft System Center Configuration Manager 2007 Microsoft Software License Terms dialog box appears displaying the license agreement. Read the licensing information. 5. Click I accept these license terms, and then click Next. The Microsoft System Center Configuration Manager 2007 Customer Experience Improvement Program Configuration dialog box appears prompting for participation in the customer experience improvement program. Notice that involvement in the program is not selected by default. 6. Click Next to not participate at this time. The Microsoft System Center Configuration Manager 2007 Product Key dialog box appears prompting for the product key for installation. 7. In the Key box, if not already supplied, type your product key, and then click Next. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite
27
Components dialog box appears prompting for the location of the required client components. Notice that there are two options, one to download the required updates from the Internet, and the other to use a local source of the required files. As were in a VPC environment, the required files have already been downloaded and staged for the lab.
28
8. Click The latest updates have already been downloaded to an alternate path, and then click Next. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears prompting for the location of the required client components. 9. Click Browse. The Browse For Folder dialog box appears. 10. Point to <systempartition>\SCCM Downloaded Client Files, and then click OK. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears displaying the configured location of the required client components. 11. Click Next. The Microsoft System Center Configuration Manager 2007 Settings Summary dialog box appears displaying various configuration values to be used during the installation of Configuration Manager. 12. Click Next. The Configuration Manager Installation Prerequisite Check runs to validate that the computers targeted for Configuration Manager installation meet the requirements for installation. When complete, the Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check dialog box appears indicating the status of the validation process. Notice that there were no problems found with the configuration that will prevent installation. 13. Click Begin Install. The Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears displaying the status of the individual tasks that must be completed as part of the Configuration Manager installation. This process will take several minutes to complete. When complete, the Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears indicating that Setup completed each action successfully. 14. Click Next. The Completing the System Center Configuration Manager 2007 Setup Wizard dialog box appears indicating the site is ready to use. 15. Click Finish.
29
Exercise 4 Identifying a Configuration Manager Installation In this exercise, you will verify that your site was successfully upgraded to Configuration Manager 2007.
To identify an Configuration Manager site installation

1. Open <systempartition>\ConfigMgrSetup.log. Notepad appears and displays the contents of the ConfigMgrSetup.log file. 2. What is the last line logged in the file? Moving to Finish page. Installation and Configuration processes are done. ________________________________________________________________________ If the ConfigMgrSetup.log file displays the success message, your site was upgraded to Configuration Manager. 3. Close Notepad. 4. On the Start menu, point to All Programs, point to Microsoft System Center, point to Configuration Manager 2007, and then click ConfigMgr Console. The Configuration Manager Console window appears displaying the Configuration Manager home page in the results pane. 5. In the tree pane, click Site Database. The local sites home page appears in the results pane. Notice that information is provided on completing the site configuration in order to support Configuration Manager client deployment. 6. In the tree pane, expand Site Database, and then click Site Management. The local site information appears in the results pane. 7. What version of SCM is installed on the local site server? 4.00.5931.0000 which is Configuration Manager 2007 RTM. ________________________________________________________________________ 8. In the tree pane, expand Site Management, expand <sitecode> (like <your_db_name>) , expand Site Settings, and then click Client Agents. The list of client agents for the Configuration Manager appears in the results pane. Notice that there are new client agents in Configuration Manager that were not available in SMS 2003, such as Computer Client Agent, Desired Configuration Management Client Agent, Network Access Protection Client Agent, and Software Updates Client Agent. There are many other differences in the Configuration Manager Console from SMS 2003 to Configuration Manager. You will explore those differences in this and other hands-on labs.
30
Exercise 5 Upgrading Clients to Configuration Manager In this exercise, you will upgrade your clients to Configuration Manager 2007. You will upgrade the Advanced Client running on the Windows XP Professional computer, as well as the client running on the Configuration Manager site server computer.
To upgrade an Advanced Client from SMS 2003 SP2 to Configuration Manager 2007
using the Client Push Installation Wizard 1. In the tree pane, expand Site Database, expand Computer Management, expand Reporting, and then click Reports. The list of reports appears in the results pane. Notice that there are many other reports included with Configuration Manager that were not available in SMS 2003. 2. In the results pane, click Count SMS client versions, and then in the Actions pane, under Count SMS client versions, click Run. The Report Options message box appears prompting for the reporting point to use to run the report. 3. Click OK to use the only reporting point in our site. The results of the Count SMS client versions report appear in the results pane. 4. What different versions of SMS clients are there, and how many of each client type? There are two SMS 2003 SP2 Advanced Clients (2.50.4160.2000) ________________________________________________________________________ 5. Click the arrow to the left of the 2.50.4160.2000. The Computers with a specific SMS client version report appears in the results pane displays the names of SMS 2003 Advanced Clients in the SMS site database. 6. What computers are currently installed as SMS 2003 SP2 Advanced Clients? <yourSMSClient> and <yourSMSServer> ________________________________________________________________________ ________________________________________________________________________ The Configuration Manager Console window appears. 7. In the tree pane, expand Collections, and then click All Windows XP Systems. The members of the All Windows XP Systems collection appear in the results pane. Notice that the <yourSMSClient> computer is listed as a member of the collection.
31
8. In the Actions pane, click Install Client. The Client Push Installation Wizard dialog box appears. 9. Click Next. The Client Push Installation Wizard Installation options dialog box appears displaying options for the client installation. 10. Click Always install (repair or upgrade the existing client), and then click Next. The Completing the Client Push Installation Wizard dialog box appears indicating it is ready to complete the installation. 11. Click Finish. The Configuration Manager client is remotely installed on the Windows XP Professional client computer. It will take a few minutes before the installation completes to upgrade the client from SMS 2003 SP2 to Configuration Manager.
In the following procedure, you will verify the Windows XP Professional client has upgraded to a Configuration Manager client.
Note Complete this procedure from the Windows XP Professional client computer only
To verify the Advanced Client upgrade

1. Log on as administrator with a password of password. 2. Start Task Manager. The Task Manager window appears. Notice that Ccmsetup.exe is running. This is the installation program for the client. When the Advanced Client has been upgraded to Configuration Manager, CcmExec.exe (SMS Agent Host) will appear, and then ccmsetup.exe will terminate. Note You can move to the next procedure while the Windows XP client computer is upgrading from SMS 2003 SP2 to Configuration Manager. The upgrade may take a number of minutes to complete, so you begin the process to upgrade the SMS 2003 Advanced Client on the site server and then return here to verify your Windows XP client did indeed upgrade. 3. Close Task Manager, and then in Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. Notice the SMS Client Version listed. It should display 4.00.5931.0001, which is for Configuration Manager 2007. 4. Click Cancel. Your SMS 2003 SP2 Advanced Client computer has successfully upgraded to Configuration Manager.
32
In the following procedure, you will prepare the site to upgrade your the site server computer as a client to a Configuration Manager client. You will use software distribution to upgrade this client, though you could use the Client Push Installation Wizard as well.
To prepare Configuration Manager for client upgrade using software distribution

1. In the tree pane, expand Site Database, expand Computer Management, expand Software Distribution, and then click Packages. The list of packages in the site appears in the results pane. Notice that there is one package, this was from the SMS 2003 installation and migrated to Configuration Manager. 2. In the Actions pane, click New, and then click Package From Definition. The Create Package from Definition Wizard dialog box appears. 3. Click Next. The Create Package from Definition Wizard Package Definition dialog box appears. Notice that there is already a package definition included in Configuration Manager for the Configuration Manager Client Upgrade. 4. Under Package definition, click Configuration Manager Client Upgrade, and then click Next. The Create Package from Definition Wizard Source files dialog box appears. 5. Click Always obtain files from a source directory, and then click Next. The Create Package from Definition Wizard Source Directory dialog box appears. 6. Click Local drive on site server, and then click Browse. The Browse For Folder dialog box appears. 7. Open <SMSinstallpath>\Client, and then click OK. The Create Package from Definition Wizard Source Directory dialog box appears displaying the configured path. 8. Click Next. The Create Package from Definition Wizard Summary dialog box appears indicating that the wizard is complete. 9. Click Finish. The Configuration Manager Console window appears. 10. In the tree pane, click Packages, and then in the Actions pane, click Refresh. The list of packages appears in the details pane. Notice that the Configuration Manager Client Upgrade package is listed.
33
11. In the tree pane, expand Packages, expand Microsoft Configuration Manager Client Upgrade 4.0 ALL, and then click Distribution Points. The list of distribution points for the package appears in the details pane. Notice that there are no distribution points for this package. 12. In the Actions pane, click New Distribution Points. The New Distribution Points Wizard dialog box appears. 13. Click Next. The New Distribution Points Wizard Copy Package dialog box appears. 14. Under Distribution points, click <yourSMSServer>, and then click Next. The New Distribution Points Wizard Wizard Complete dialog box appears indicating that the wizard completed successfully. 15. Click Close. The Configuration Manager Console window appears. 16. In the tree pane, expand Site Database, expand Computer Management, expand Software Distribution, and then click Advertisements. The list of advertisements appears in the results pane. Notice that there are no advertisements in the site. 17. In the Actions pane, click New, and then click Advertisement. The New Advertisement Wizard General dialog box appears. 18. In the Name box, type Configuration Manager Client Upgrade 19. After Package, click Browse. The Select a Package dialog box appears displaying the available packages. 20. Click Microsoft Configuration Manager Client 4.0 ALL, and then click OK. The New Advertisement Wizard General dialog box appears. Notice that the Advanced Client Silent Upgrade program is displayed as the program to advertise. 21. After Collection, click Browse. The Browse Collection dialog box appears. 22. Under Collections, click All Windows Server 2003 Systems, and then click OK. The New Advertisement Wizard General dialog box appears displaying the current properties for the advertisement. 23. Click Next. The New Advertisement Wizard Schedule dialog box appears allowing you to configure a schedule for this advertisement. 24. Click Next to not assign the program. The New Advertisement Wizard Distribution Points dialog box appears allowing you to configure whether or not the advertisement is run from the distribution point or downloaded before execution.
34
25. Click Next to run from local distribution points, to not run from slow network boundaries, and not require the use of protected distribution points. The New Advertisement Wizard Interaction dialog box appears allowing you to configure whether or not the advertisement displays reminders to the logged on user. 26. Click Display reminders according to the client agent reminder intervals, and then click Next. The New Advertisement Wizard Security dialog box appears allowing you to configure security rights for this advertisement. 27. Click Next to use the default security rights. The New Advertisement Wizard Summary dialog box appears indicating that the wizard has been successfully completed. 28. Click Next. The New Advertisement Wizard Wizard Completed dialog box appears indicating that the wizard has successfully created the advertisement. 29. Click Close. The Configuration Manager Console window appears displaying the new advertisement in the results pane. Note Verify that the All Windows Server 2003 Systems collection contains <yourSMSServer>.
In the following procedure, you will upgrade the Configuration Manager site server computer to a Configuration Manager client.
Note Complete this procedure from the site server as a client computer only
To upgrade the Configuration Manager site server computer using software

distribution 1. In Control Panel, start Systems Management. The Systems Management Properties dialog box appears. 2. Click the Actions tab. The Systems Management Properties dialog box displays the available actions for the Advanced Client. Notice the default actions of Discovery Data Collection Cycle, File Collection, Hardware Inventory Cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Advanced Client will request new policies, which will include the policies related to the client upgrade advertisement. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.
35
4. Click OK. The Systems Management Properties dialog box appears. 5. Click OK. In two minutes, a New Program Available message box appears in the System Tray. 6. In the System Tray, double-click the New Program Available icon. The Run Advertised Programs dialog box appears. 7. Under Program Name, click Microsoft Configuration Manager Client Upgrade, and then click Run. The Program Download Required dialog box appears. 8. Click Run program automatically when download completes, and then click Download. The program is downloaded, and then the upgrade process starts. You can use Task Manager to monitor the installation of the Configuration Manager client. Notice that Ccmsetup.exe is running. This is the installation program for the Configuration Manager client. This program will de-install the SMS 2003 client, and then install the Configuration Manager client. When the Advanced Client has been upgraded, CcmExec.exe (SMS Agent Host) will appear, and then CCMSETUP.EXE will terminate. This process will take a few minutes to complete. The Run Advertised Programs dialog box appears. 9. Click Close. Note You can return to the previous procedure to verify that the Windows XP client computer did upgrade from SMS 2003 to Configuration Manager. The upgrade to a Configuration Manager client will take a number of minutes to complete, so you can verify your Windows XP client did indeed upgrade. 10. Close Task Manager, and then in Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. Notice the SMS Client Version listed. It should display 4.00.5931.0001, which is for Configuration Manager 2007. 11. Click Cancel. Your SMS 2003 Advanced Client computers have successfully upgraded to Configuration Manager clients.
36
In following procedure, you will verify that your clients have upgraded to Configuration Manager.
To verify the Advanced Client upgrades

1. In the tree pane, expand Site Database, expand Computer Management, expand Reporting, and then expand Visited Reports. The list of reports previously run appears in the tree pane. Notice that there is one report you had run previously, the Count SMS client versions report. 2. In the results pane, under Visited Reports, click Count SMS client versions. The results of the Count SMS client versions report appear in the results pane. 3. What different versions of SMS clients are there, and how many of each client type? There are two Configuration Manager 2007 clients (4.00.5931.0001) ________________________________________________________________________ 4. Click the arrow to the left of the clients (4.00.5931.0001). The results of the drill down report action appears in the results pane. Notice that the results pane displays the Configuration Manager clients. 5. What computers are currently installed as Configuration Manager clients? <yourSMSClient> and <yourSMSServer> ________________________________________________________________________ ________________________________________________________________________ 6. Close the SMS Report window. The Configuration Manager Console window appears. You have now successfully upgraded your SMS 2003 site server, and two of your SMS 2003 clients to Configuration Manager 2007. This process included running the Setup Prerequisite checker to validate the site was ready to be upgraded, as well as performing a test database upgrade process to verify that the SMS site database could be upgraded to Configuration Manager.
37
Section 2: Deploying System Center Configuration Manager 2007

Objectives
After completing this section , you will be able to:

Prepare Active Directory for Configuration Manager publishing and use. Install Configuration Manager 2007 using a custom setup. View status message activity related to site server installation. Discover computer resources from Active Directory. Install and configure a fallback status point. Install a Configuration Manager 2007 client on the Windows XP Professional client. Install a reporting point
Prerequisites
This section is not dependant or connected to Section 1, where we focused on the SMS 2003 upgrade process. Before working on this lab, one virtual computer should be started as a Microsoft Windows Server 2003 SP1 computer running as an Active Directory domain controller <yourDeployADServer>. A second virtual computer is started as a Microsoft Windows Server 2003 SP2 member server to install as an SCCM primary site server <yourDeploySCCMserver>. This computer has Microsoft SQL Server 2005 installed. The third virtual computer should be started as a Windows XP Professional SP2 client to be installed as a client in the Configuration Manager 2007 site <yourDeployClient>. The requirements for implementing SCCM 2007 (which have all been installed in the lab VPC images, include: Microsoft Windows Server 2003 SP1 or later in an Active Directory domain Internet Information Server (IIS) 6.0 or later, with BITS Server Extensions installed and WebDAV enabled (for management points and BITS-enabled distribution points) Microsoft SQL Server 2005 SP2 (Standard or Enterprise Edition) Microsoft Management Console 3.0 or later Several KB updates The required client installation files already downloaded in the image if no Internet access is available

Exercise 1 Preparing Active Directory for SCCM 2007 Integration In this exercise, you will prepare Active Directory for use with SCCM 2007. You will use a utility to extend the Active Directory schema for use by SCCM. You will also grant rights for the SCCM site server to publish data to Active Directory. Finally, you will create an Active Directory site that will be added to the SCCM boundaries for client management.
Note Complete this exercise on the virtual computer running as a Windows Server 2003 Active Directory domain controller only.
To extend the Active Directory schema
38
1. Log on as administrator with your password. 2. Run Extadsch.exe which is documented here. How to Extend the Active Directory Schema Using ExtADSch.exe http://technet.microsoft.com/en-us/library/bb680608.aspx 3. A command prompt window appears as you extend the Active Directory schema for use by Configuration Manager. When the schema extension process has completed, the command prompt window closes. 4. Open C:\Extadsch.log. Notepad displays the contents of the Extadsch.log file. This file is created by the Extadsch.exe utility and reports on the Active Directory schema extension process. There were 14 attributes and 4 classes added to Active Directory. 5. Verify that there are no errors listed in the log, and then close Notepad.
To grant the SCCM site server rights to Active Directory

1. On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers. The Active Directory Computers and Users window appears. 2. On the View menu, click Advanced Features. The Active Directory Computers and Users window displays additional Active Directory information, including displaying the System container. You will grant rights to the System container to allow the Configuration Manager site server to publish data to Active Directory. 3. In the console tree, expand <yourdomain> , and then click System. 4. On the Action menu, click Properties. The System Properties dialog box appears. 5. Click the Security tab. The System Properties dialog box displays the security permissions on the System container. Notice that the Configuration Manager site server computer (<yourSMSServer>) is not listed. 6. Click Add. The Select Users, Computers, or Groups dialog box appears. 7. Click Object Types. The Object Types dialog box appears. 8. Under Object types, click Computers, and then click OK. The Select Users, Computers, or Groups dialog box appears. 9. In the Enter the object names to select field, type <yourSMSServer> and then click OK. The Select Users, Computers, or Groups dialog box appears. Notice that the Configuration Manager site server computer (<yourSMSServer>) is now listed with Read
39
rights. 10. Under Permissions for <yourSMSServer>, click Full Control under Allow, and then click Advanced. The Advanced Security Settings for System dialog box appears displaying the rights for various accounts. 11. Under Name, click <yourSMSServer>, and then click Edit. The Permission Entry for System dialog box appears displaying the rights for <yourSMSServer>\$. 12. In the Apply onto field, click This object and all child objects, and then click OK. The Advanced Security Settings for System dialog box appears. 13. Click OK. The System Properties dialog box appears. 14. Click OK. The Active Directory Computers and Users window appears. You can leave this window open if you want to view information that Configuration Manager publishes to Active Directory after installation.
In the following procedure, you will create an Active Directory site to integrate with Configuration Manager as part of its boundaries.
To create an Active Directory site

1. On the Start menu, point to Administrative Tools, and then click Active Directory Sites and Services. The Active Directory Sites and Services window appears. 2. In the console tree, click Sites. The list of AD sites appears in the results pane. Notice the default site name of DefaultFirst-Site-Name. 3. On the Action menu, click New Site. The New Object Site dialog box appears. 4. In the Name box, type SCCMSite 5. Under Link Name, click DEFAULTIPSITELINK, and then click OK. An Active Directory message box appears listing steps that may be required to complete the creation of the new site. 6. Click OK. The list of sites appears in the details pane. Notice the new site is listed. 7. In the console tree, expand Sites, click Subnets, and then on the Action menu, click New Subnet. The New Object Subnet dialog box appears. 8. In the Address box, type your range
40
9. In the Mask box, type your subnet 10. Under Select a site object for this subnet, click SCCMSite, and then click OK. The list of subnets appears in the details pane. Notice the new subnet and its associated site. 11. In the console tree, expand SCCMSite, and then click Servers. The list of servers for this site appears in the details pane. Notice that there are no servers in this new site. 12. In the console tree, expand Default-First-Site-Name, expand Servers, and then click <yourADServer>. This is your domain controller. You will move this to your new site as its server. 13. On the Action menu, click Move. The Move Server dialog box appears displaying all sites available. 14. Under Site Name, click SCCMSite, and then click OK. The list of servers for the default site appears in the details pane. Notice that there are no servers in the default site. 15. In the console tree, expand Sites, expand SCCMSite, and then click Servers. The list of servers for the new site appears in the details pane. Notice that your PDC has been moved to the new site. 16. Close Active Directory Sites and Services.
41
Exercise 2 Installing Microsoft Configuration Manager 2007 In this exercise, you will install Configuration Manager 2007 using a custom installation. SQL Server 2005 is already installed on the computer <yourSMSServer>. The installation will implement a mixed mode security environment.
Note Complete this exercise on the virtual computer running as a Windows Server 2003 SP2 member only. This is the computer that will be installed as the Configuration Manager site server
To install Configuration Manager 2007

1. Start <your SCCM eval download location> \Splash.hta. The Microsoft System Center Configuration Manager 2007 Start window appears. 2. Under Install, click Configuration Manager 2007. The Welcome to System Center Configuration Manager 2007 Setup Wizard dialog box appears. 3. Click Next. The Microsoft System Center Configuration Manager 2007 Available Setup Options dialog box displays options for installation. 4. Click Install a Configuration Manager site server, and then click Next. The Microsoft System Center Configuration Manager 2007 Microsoft Software License Terms dialog box appears displaying the license agreement. Read the licensing information. 5. Click I accept these license terms, and then click Next. The Microsoft System Center Configuration Manager 2007 Installation Settings dialog box appears displaying options for installation. 6. Verify that Custom settings is selected, and then click Next. The Microsoft System Center Configuration Manager 2007 Site Type dialog box appears displaying options for the type of site to install. 7. Verify that Primary site is selected, and then click Next. The Microsoft System Center Configuration Manager 2007 Customer Experience Improvement Program Configuration dialog box appears prompting for participation in the customer experience improvement program. Notice that involvement in the program is configured to no participation. 8. As we are in a virtual environment, click Next to decline participation at this time. The Microsoft System Center Configuration Manager 2007 Product Key dialog box appears prompting for the product key for installation.
42
9. In the Key box, if not using the evaluation version of Configuration Manager, type your product key, and then click Next. The Microsoft System Center Configuration Manager 2007 Destination Folder dialog box appears prompting for destination folder to install Configuration Manager 2007 to. 10. Click Next to accept the default folder of C:\Program Files\Microsoft Configuration Manager. The Microsoft System Center Configuration Manager 2007 Site Settings dialog box appears prompting for site information. 11. In the Site Code box, type an appropriate 3 character site code, such as <your_db_name> (can be whatever you prefer). 12. In the Site Name box, type SCCM 2007 Primary Site, and then click Next. The Microsoft System Center Configuration Manager 2007 Site Mode dialog box appears displaying setup options for the SCCM security mode. 13. Click Configuration Manager Mixed Mode, and then click Next. The Microsoft System Center Configuration Manager 2007 Client Agent Selection dialog box appears displaying the available SCCM client agents, and allowing you to enable or disable each as desired. 14. Click Next to enable and configure the selected agents (ensuring that Network Access Protection is not enabled). The Microsoft System Center Configuration Manager 2007 Database Server dialog box appears prompting for the SQL Server computer (and instance if required) to use as well as the name of the database for SMS. 15. Click Next to accept the default values of the SCCM site servers installation of SQL Server and SMS_<your_db_name> for the database name. The Microsoft System Center Configuration Manager 2007 SMS Provider Settings dialog box appears prompting for the computer to install the SMS Provider on. 16. Click Next to use the SCCM site server for the SMS Provider. The Microsoft System Center Configuration Manager 2007 Management point dialog box appears prompting for the computer to use to install the management point on. Since SCCM requires a management point, setup will install one by default. 17. Click Next to install the management point on the SCCM site server. The Microsoft System Center Configuration Manager 2007 Port Settings dialog box appears prompting for the HTTP port to configure for use by SCCM. 18. Click Next to use the default HTTP port of 80. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Components dialog box appears prompting for the location of the required client components. Notice that there are two options, one to download the required updates from the Internet, and the other to use a local source of the required files. As were in a VPC environment, the required files have already been downloaded and staged for the lab.
43
19. Click The latest updates have already been downloaded to an alternate path, and then click Next. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears prompting for the location of the required client components. 20. Click Browse. The Browse For Folder dialog box appears. 21. Point to <systempartition>\SCCM Downloaded Client Files (or your location where these are located), and then click OK. The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears displaying the configured location of the required client components. 22. Click Next. The Microsoft System Center Configuration Manager 2007 Settings Summary dialog box appears displaying various configuration values to be used during the installation of SCCM 2007. 23. Click Next. The Configuration Manager Installation Prerequisite Check runs to validate that the computers targeted for SCCM 2007 installation meet the requirements for installation. When complete, the Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check dialog box appears indicating the status of the validation process. Notice that there were no problems found with the configuration that will prevent installation. There is a warning that no WSUS installation was found. This is required to be able to deploy software updates, but it is not required for the deployment lab, so you can continue. 24. Click Begin Install. The Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears displaying the status of the individual tasks that must be completed as part of the SCCM 2007 installation. This process will take several minutes to complete. When complete, the Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears indicating that Setup completed each action successfully. 25. Click Next. The Completing the Microsoft System Center Configuration Manager 2007 Setup Wizard dialog box appears indicating the site is ready to use. 26. Click Finish.
44
In the following procedure, you will use Configuration Manager status messages generated by the site server installation to verify that the site server installation was successful. You can use this same procedure to view status messages generated by any Configuration Manager processes.
To view Configuration Manager status messages

1. On the Start menu, point to All Programs, point to Microsoft System Center, point to Configuration Manager 2007, and then click ConfigMgr Console. The Microsoft Management Console (MMC) starts, and then the Configuration Manager Console window appears. 2. In the tree pane, expand Site Database, expand System Status, expand Site Status, expand <yoursitecode>, and then click Site System Status. The list of Configuration Manager site system roles appears in the results pane with the current status of each site system. Verify that each site system has a status of OK. 3. In the tree pane, click Component Status. The list of SCCM components and their status appears in the results pane. 4. In the results pane, click SMS_SITE_COMPONENT_MANAGER, and then in the Actions pane, click Show Messages. A new menu appears. 5. Click All. The ConfigMgr Status Message Viewer for <yoursitecode>, window appears. Notice the message with the ID of 1027. It mentions that the site server was configured to receive Configuration Manager server components. 6. Click the message, and then on the View menu, click Detail. The Status Message Details dialog box appears. Notice the header information for the message, as well as the text under Description. 7. Click OK. The ConfigMgr Status Message Viewer for <yoursitecode>, window appears. 8. On the File menu, click Exit. The list of SCCM components appear in the results pane. 9. Display the status messages for SMS_SITE_CONTROL_MANAGER. The ConfigMgr Status Message Viewer for <yoursitecode>, window appears. You may notice the message with a message ID of 2819. This message indicates that SCCM retains the 100 most recent copies of the site control file. At this point, SCCM has just been installed, however there will have already been some site control file modifications processed. Notice the message with an ID of 2866. This message indicates the actual site control file copy has been sent to the SMS Hierarchy Manager for addition to the SCCM site database. From here, you might notice many sets of site control file images being modified. You might see messages with IDs of 2808, 2814, 2813, 2811, and 2865 in each set of site control file modification requests. You will view these messages in later sections of this review.
45
10. Display the status messages for SMS_HIERARCHY_MANAGER. The ConfigMgr Status Message Viewer for <yoursitecode>, window appears. You might notice the messages with message IDs of 3306. These messages indicate that Hierarchy Manager has successfully processed a site control file modification and updated the site database. 11. Display the status messages for SMS_WINNT_SERVER_DISCOVERY_AGENT The ConfigMgr Status Message Viewer for <your_db_name> window appears. You might notice the message with a message ID of 4202. This message indicates one server was discovered and discovery data was written for it. This occurred as a result of installing SCCM site components on the site server computer.
In the following procedure, you will add the Active Directory site to the Configuration Manager 2007 Boundaries.
To configure Configuration Manager to use the new AD site as a boundary

1. In the tree, expand Site Database, expand Site Management, expand <sitecode>, expand Site Settings, and then click Boundaries. The list of boundaries for the local site appears in the results pane. Notice that there no default boundaries added to the site. 2. In the Actions pane, click New Boundary. The New Site Boundary dialog box appears allowing the creation of a new boundary. 3. In the Description box, type Active Directory site for SCCM 4. In the Type box, click Active Directory site, and then click Browse. The Browse Active Directory sites dialog box appears displaying the available Active Directory sites. Notice that both the default AD site (Default-First-Site-Name) as well the AD site you created earlier (SCCMSite) are displayed. 5. Under Site Name, click SCCMSite, and then click OK. The New Site Boundary dialog box appears displaying the information specified for the new boundary. 6. Under Network Connection, verify that Fast (LAN) is selected, and then click OK. Notice that the new AD site (SCCMSite) now appears as a boundary.
46
Exercise 3 Installing an SCCM 2007 Client In this exercise, you will install the Configuration Manager 2007 client on the Windows XP Professional client computer. You will begin by using Active Directory System Discovery to discover the computer from Active Directory.
Note Complete this exercise on the virtual computer running as a Windows Server 2003 SP2 SCCM site server unless directed to use another VPC image.
To discover computers from Active Directory

1. In the tree, expand Site Database, expand Site Management, expand <yoursitecode>, expand Site Settings, and then click Discovery Methods. The list of discovery methods for the local site appears in the results pane. Notice that there are four discovery methods related to Active Directory. 2. In the results pane, click Active Directory System Discovery, and then in the Actions pane, click Properties. The Active Directory System Discovery Properties dialog box appears. 3. Select Enable Active Directory System Discovery, and then click New (the icon resembles a starburst). The New Active Directory Container dialog box appears allowing you to specify the use of a local domain, local forest, or custom query for the discovery. 4. Verify that Local domain is selected, and then click OK. The Select New Container dialog box appears allowing you to specify the container to use for discovery. 5. Select <yourdomainname>, and then click OK. The Active Directory System Discovery Properties dialog box appears. Notice the distinguished name for the container to search. Also notice that a recursive search will be performed on that container and that groups are excluded. 6. Click the Polling Schedule tab. The Active Directory System Discovery Properties dialog box displays the default polling schedule for Active Directory System Discovery. Notice that by default, this polling will occur daily. 7. Click Run discovery as soon as possible and then click OK. The Configuration Manager Console window appears.
47
In the following procedure, you will verify the results of the Active Directory System Discovery process.
Note You will need to wait for a moment for the discovery process to complete.
To verify Active Directory System Discovery

1. In the tree pane, expand Site Database, expand Computer Management, and then click Collections. The list of collections appears in the results pane. 2. In the tree pane, expand Collections, and then click All Systems. Notice that there is one member in the All Systems collection currently, that being the Configuration Manager site server. 3. In the Actions pane, click Update Collection Membership. An All Systems message box appears prompting to update subcollection membership. 4. Click OK. The collection is updated. It takes a moment before the database is updated with the new collection membership information. 5. In the Actions pane, click Refresh. The collection membership is updated, and the current membership of the All Systems collection is displayed. 6. Are there any new members in the All Systems collection? Yes, the local site server (<yourSMSServer>), the domain controller (ADServer) (or DC) and the Windows XP Professional client <yourSMSClient>should have been discovered. 7. Are each of the systems assigned to the site? Yes, all are listed as being assigned to the site. Note If the assigned status still remains listed as No, then verify that you have correctly listed SCCMSite as a boundary for the site. 8. In the results pane, click the Windows XP Professional client, and then in the Actions pane, under <yourSMSClient>, click Properties. The <yourSMSClient> Properties dialog box appears displaying discovery properties.
48
9. What is the discovered AD site name? SCCMSite, which is the AD site you added as a boundary for the site. 10. Click Close.
In the following procedure, you will create the account necessary to remotely install the Configuration Manager 2007 client on your Windows XP Professional client computer.
Note Complete this procedure on the virtual computer running as a Windows Server 2003 Active Directory domain controller only
To create the account required to install the SCCM Client

1. From Administrative Tools, start Active Directory Users and Computers. The Active Directory Users and Computers window appears. 2. Create a new user with the name of ClientInstall, assign it a password of password, ensure that the account is not disabled, and that the password does not require changing at first logon. Note for a simple password to be accepted, complex passwords must be turned off. For information on how to do this, please visit the Technet article on Account Passwords and Policies located at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpa ctlck.mspx 3. Add this user as a member of the Domain Admins group. This is the account that will be used to push the Configuration Manager 2007 client installation to your Windows XP Professional client. It must be a local admin on the client computer. Being a member of Domain Admins is not a requirement, but simplifies the configuration in the lab environment.
In the following procedure, you will configure the account in the Configuration Manager Console to allow installation of the Configuration Manager 2007 client.
Note Complete this procedure on the virtual computer running as a SCCM site server only
To configure the Configuration Manager 2007 client account

1. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, expand Site Settings, and then click Client Installation Methods. The list of client installation methods appears in the results pane. 2. In the results pane, click Client Push Installation, and then in the Actions pane, click Properties. The Client Push Installation Properties dialog box appears. Notice that the installation method is not enabled. It does not need to be enabled for our admin controlled push installation. 3. Click the Accounts tab. The Client Push Installation Properties dialog box displays accounts to be used to push out the Configuration Manager client software. Notice that there are no accounts listed.
49
4. Click New (the icon resembles a starburst). The Windows User Account dialog box appears. 5. In the User name box, type <yoursmsdomain>\ClientInstall 6. In the Password and Confirm password boxes, type password and then click OK. The Client Push Installation Properties dialog box displays accounts to be used to push out the Configuration Manager client software. Notice that the new account is listed. 7. Click OK. The Configuration Manager Console window appears.
In the following procedure, you will use the Configuration Manager Console to install a fallback status point. This is a new site system to Configuration Manager 2007, and is recommended to get client deployment status reporting.
Note Complete this procedure on the virtual computer running as a SCCM site server only.
To install a fallback status point

1. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, and then expand Site Settings. The list of configurable site settings appears in the results pane. 2. In the tree pane, expand Site Systems, and then click \\<yourSMSServer>. The list of site system roles for the site server appears in the results pane. Notice that there are six site system roles assigned to the computer. 3. In the Actions pane, click New Roles. The New Site Role Wizard General dialog box appears. 4. Verify that Specify a fully qualified domain name (FQDN) for this site system on the intranet is selected, and then in the Intranet FQDN box, type <yourSMSServer>.<yourdomain> 5. Click Next. The New Site Role Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer. 6. Under Available roles, select Fallback status point, and then click Next. The New Site Role Wizard Fallback Status Point dialog box appears allowing you to configure the fallback status point message processing.
50
7. In the Throttle interval (in seconds) box, type 360, and then click Next. Note You should not use a value of 360 in a production environment as it could cause performance issues when deploying large numbers of clients in a very short period of time. We are doing so in the lab to get our state messages processed more quickly to allow for client deployment reports to be generated in a timely manner. The New Site Role Wizard Summary dialog box appears indicating that you have successfully completed the wizard. 8. Click Next. The New Site Role Wizard Wizard Completed dialog box appears indicating that SMS is now ready to begin installation of the reporting point. 9. Click Close. The Configuration Manager Console window appears displaying the site system roles for the computer <yourSMSServer>. Notice that the fallback status point role has been added to the list.
In the following procedure, you will configure clients to use the fallback status point during installation of the Configuration Manager 2007 client.
Note Complete this procedure on the virtual computer running as a Configuration Manager site server only.
To configure the use of a fallback status point

1. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, expand Site Settings, and then click Client Installation Methods. The list of client installation methods appears in the results pane. 2. In the results pane, click Client Push Installation, and then in the Actions pane, click Properties. The Client Push Installation Properties dialog box appears. Notice that the installation method is not enabled. It does not need to be enabled for our admin controlled push installation. 3. Click the Client tab. The Client Push Installation Properties dialog box displays the properties to use when performing a client push. Notice that the one default parameter is the SMSSITECODE set to the local site code. 4. Add the following to the existing command line: FSP=<yourSMSServer> and then click OK. The Configuration Manager Console window appears.
51
In the following procedure, you will use the Configuration Manager Console to push the installation of the Configuration Manager client to the Windows XP Professional client.
Note Complete this procedure on the virtual computer running as a Configuration Manager site server only.
To install the Configuration Manager client

1. In the tree pane, expand Site Database, expand Computer Management, expand Collections, and then click All Windows XP Systems. The members of the All Windows XP Systems collection appear in the results pane. Notice that there are no members of the collection. 2. In the Actions pane, click Update Collection Membership. The All Windows XP Systems message box appears prompting to update subcollection membership. 3. Click OK. The collection is updated. 4. In the Actions pane, click Refresh. The collection membership is updated, and the current membership of the All Windows XP Systems collection is displayed. This should include the Windows XP Professional client computer, <yourSMSClient>. 5. In the results pane, click <yourSMSClient>. The Actions pane updates to include actions for the selected resource, in this case, <yourSMSClient>. 6. In the Actions pane, under <yourSMSClient>, click Install Client. The Client Push Installation Wizard dialog box appears. 7. Click Next. The Client Push Installation Wizard Installation options dialog box appears displaying options for the client installation. 8. Click Next to accept the default configuration to install the client to assigned resources. The Completing the Client Push Installation Wizard dialog box appears indicating it is ready to complete the installation. 9. Click Finish. The Configuration Manager 2007 client is remotely installed on the Windows XP Professional client computer. It will take a few minutes before the installation completes.
52
In the following procedure, you will verify that the Configuration Manager 2007 client has been installed on the Windows XP Professional client. Note Complete this procedure on your Windows XP Professional client computer only. It will take a few moments for the installation of the SCCM 2007 client to complete. You can use Task Manager to verify the installation. While ccmsetup.exe is running, the client is being installed. When ccmsetup.exe terminates and Ccmexec.exe starts, the Configuration Manager 2007 client has been successfully installed.
To verify the Configuration Manager 2007 client installation

1. Log on as administrator with a password of password. 2. In Control Panel, double-click Administrative Tools, and then start Services. The Services window appears. 3. Verify that the SMS Agent Host service has been started. 4. Close Services.
In the following procedure, you will verify that the Windows XP Professional client has reported to the Configuration Manager site that it is installed as a Configuration Manager 2007 client.
Note Complete this procedure on the virtual computer running as a Configuration Manager site server only
To verify the reporting of the Configuration Manager 2007 client

1. In the tree pane, expand Site Database, expand Computer Management, expand Collections, and then click All Windows XP Systems. The members of the All Windows XP Systems collection appear in the results pane. Notice that the Windows XP Professional computer appears. Also notice that the computer is not listed as being an SMS client. 2. In the Actions pane, click Update Collection Membership. The All Windows XP Systems message box appears prompting to update subcollection membership. 3. Click OK. The collection is updated. 4. In the Actions pane, click Refresh. The collection membership is updated, and the current membership of the All Windows XP Systems collection is displayed. Notice that the Windows XP Professional client computer now is listed as being installed as a Configuration Manager 2007 client.
53
Exercise 4 Reporting Configuration Manager 2007 Client Deployment Status In this exercise, you will install a reporting point for your Configuration Manager site and then run reports to verify the client deployment success in the site.
Note Complete this exercise on the site server computer only.
To install a reporting point

1. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, and then expand Site Settings. The list of configurable site settings appears in the results pane. 2. In the tree pane, expand Site Systems, and then click \\<yourSMSServer>. The list of site system roles for the site server appears in the results pane. Notice that there are seven site system roles assigned to the computer. 3. In the Actions pane, click New Roles. The New Site Role Wizard General dialog box appears. 4. Click Next. The New Site Role Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer. 5. Under Available roles, select Reporting point, and then click Next. The New Site Role Wizard Reporting Point dialog box appears allowing you to configure the reporting folder and port to use for the reporting point. 6. Click Next to use the default values. The New Site Role Wizard Summary dialog box appears indicating that you have successfully completed the wizard. 7. Click Next. The New Site Role Wizard Wizard Completed dialog box appears indicating that SMS is now ready to begin installation of the reporting point. 8. Click Close. The Configuration Manager Console window appears displaying the site system roles for the computer <yourSMSServer>. Notice that the reporting point role has been added to the list. 9. From Administrative Tools, start Services. The Services window appears. Verify that the SMS Reporting Point service is installed and running. 10. Close Services.
In the following procedure, you will run a few built in reports to validate that the reporting point is running successfully and that the client was deployed successfully.
Note
54
Complete this procedure on the virtual computer running as a Configuration Manager site server only.
To report Configuration Manager data

1. In the tree pane, expand Site Database, expand Computer Management, expand Reporting, and then click Reports. The list of reports appears in the results pane. 2. In the results pane, click Computers assigned but not installed for a particular site, and then in the Actions pane, under Computers assigned but not installed for a particular site, click Run. The Report Options message box appears prompting for the reporting point to use to run the report. 3. Click OK to use the only reporting point in our site. The Computers assigned but not installed for a particular site Report Information report appears in the results pane. As this is a prompted report, you must supply the site code of the site you wish to view computer information for. 4. In the Site Code box, type <sitecode>, and then click Display. An Internet Explorer window starts and displays the Computers assigned but not installed for a particular site report. Notice that there are two computers discovered and assigned to the site that are not yet clients, those being the domain controller (yourADServer) and the site server (<yourSMSServer>). In your evaluation these may be on the same computer. 5. Close the ConfigMgr Report window. The Configuration Manager Console window appears displaying the current report parameters. 6. In the tree pane, click Reports. The list of reports appears in the results pane. 7. In the results pane, click Client Deployment Status Details, and then in the Actions pane, under Client Deployment Status Details, click Run. The Client Deployment Status Details report appears in the results pane. Notice that this report shows the total number of clients with any deployment status (in our case one), the number of successfully deployed clients (in our case one), and the success and failure percentages (in our case 100% success). 8. In the results pane, click Client Deployment Success Report, and then in the Actions pane, under Client Deployment Success Report, click Run. The Client Deployment Success Report appears in the results pane. Notice that this report displays that status of each client that was installed. Notice that <yourSMSClient> is listed as a successfully deployed client. You have now successfully deployed Configuration Manager 2007 in your AD environment, including site systems required for client deployment and successfully installed a client computer.
55
Section 3: Implementing Branch Distribution Points in System Center Configuration Manager 2007
Objectives

Configure a standard distribution point to support BITS downloads. Configure a branch distribution point. Configure a protected site system. Distribute software to a client to access a branch distribution point.
Prerequisites
Before working on this lab, one virtual computer should be booted as a Microsoft Windows Server 2003 SP2 computer installed as a Configuration Manager primary site server <yourSMSServer>. The second virtual computer could be booted as a Windows XP Professional SP2 client installed as a Configuration Manager client in the Configuration Manager site <yourSMSClient>.
56

1. Log on as administrator with a password of password. 2. On the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 3. In the tree pane, expand Site Database, expand Computer Management, and then expand Collections. The list of collections appears in the results pane. 4. In the tree pane, click All Systems. The members of the All Systems collection appear in the details pane. Notice that the site server computer (<yourSMSServer>) and the Windows XP Professional client computer <yourSMSClient>appear as members. 5. In the Actions pane, click Update Collection Membership. An All Systems message box appears prompting to update subcollection membership. 6. Click OK, and then in the Actions pane, click Refresh. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed twice. Notice also that one of the instances is listed as being Obsolete and inactive. This is the old reference of the client. 7. In the details pane, click the obsolete record for the <yourSMSClient> computer, and then in the Actions pane, click Delete. A Confirm Delete message box appears prompting to delete the record. 8. Click Yes. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed only once and it is an Active record (not Obsolete). 9. Delete any other Obsolete records from the All Systems collection. 10. Update the membership for the All Windows XP Systems collection. You have now prepared your images for the lab and may proceed to Exercise 1.
57
Exercise 1 Configuring a Branch Distribution Point In this exercise, you will configure a branch distribution point for the site. You will begin by configuring the distribution point on the site server to support BITS downloads, which is required to support a branch distribution point.
To configure the distribution point to support BITS downloads

1. If not already running, on the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 2. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, expand Site Settings, expand Site Systems, and then click \\<yourSMSServer>. The list of site system roles configured for the site server computer are displayed in the results pane. Notice that one of the site system roles configured for the site server is as a distribution point. 3. In the results pane, select ConfigMgr distribution point, and then in the Actions pane, click Properties. The ConfigMgr distribution point Properties dialog box appears displaying the current configuration of the distribution point role on the Configuration Manager site server. Notice that the role is not configured to support BITS. 4. Click Allow clients to transfer content from this distribution point using BITS, HTTP and HTTPS (required for device clients and Internet-based clients), and then click OK. This configures the distribution point to support BITS downloads to Configuration Manager clients, which includes branch distribution points.
In the following procedure, you will create a new site system as a branch distribution point. You will configure the Windows XP client to be the branch distribution point.
Note Complete this procedure from the primary site server computer only in the Configuration Manager Console.
To create a branch distribution point

1. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, expand Site Settings, and then click Site Systems. The list of site systems configured for the site displayed in the results pane. Notice that there is currently only one site system in the site, that being the site server computer. 2. In the Actions pane, click New, and then click Server. The New Site System Server Wizard General dialog box appears.
58
3. In the Name box, type <yourSMSClient> 4. Under Intranet FQDN, type <yourSMSClient>.your.domain.path.here.com 5. Click Enable this site system as a protected site system, and then click Select Boundaries. The Boundaries dialog box appears displaying the current configuration of protected boundaries for this site system. Notice that there are currently no protected boundaries configured for this site system. Notice also that the boundaries are only applicable to the distribution point and state migration point site system roles. 6. Click New (the icon resembles a starburst). The New Boundaries dialog box appears displaying the boundaries available for protecting the site system. Notice that the Active Directory site boundary is listed as an available boundary. 7. Under Boundaries, click SCCMSite and then click OK. The Boundaries dialog box appears displaying the current configuration of protected boundaries for this site system. Notice that the site system is now configured to be protected for only the one Active Directory site that is added as a boundary in the site. 8. Click OK. The New Site System Server Wizard General dialog box appears. 9. Click Next. The New Site System Server Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer. 10. Under Available roles, select Distribution point, and then click Next. The New Site System Server Wizard Distribution Point dialog box appears allowing you to configure the distribution point. Notice that by default, the site system would be a standard distribution point, which is not supported on a Windows XP system. 11. Click Enable as a branch distribution point, and then click Next. The New Site System Server Wizard Summary dialog box appears indicating that you have successfully completed the wizard. 12. Click Next. The New Site System Server Wizard Wizard Completed dialog box appears indicating that you have now configured the branch distribution point. 13. Click Close. The Configuration Manager Console window appears displaying the site systems in the site. Notice that there are now two site systems in the site, the site server (<yourSMSServer>) and the Windows XP client (<yourSMSClient>).
59
14. In the tree pane, expand Site Systems, and then click \\<yourSMSClient>. The list of site system roles configured for the site system are displayed in the results pane. Notice that the Windows XP client is configured as a ConfigMgr distribution point and a ConfigMgr site system.
In the following procedure, you will configure the branch distribution point to not perform BITS throttling. BITS throttling is configured by default and could affect the download of content to the branch distribution point.
To remove BITS throttling

1. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, expand Site Settings, and then click Client Agents. The list of available client agents appears in the results pane. 2. In the results pane, click Computer Client Agent, and then in the Actions pane, click Properties. The Computer Client Agent Properties dialog box appears displaying general properties. 3. Click the BITS tab. The Computer Client Agent Properties dialog box appears displaying the BITS configuration. Notice that the default configuration is to perform BITS download throttling from 9 am to 5 pm daily. This could cause delays in the download of the content to the branch distribution point. 4. Click Not configured, and then click OK. The list of available client agents appears in the results pane.
Exercise 2 Distributing Software to the Configuration Manager Client In this exercise, you will distribute software to the Configuration Manager client. Initially this will fail as the branch distribution point will not be configured for the package.
To distribute an application to a client

1. In the tree pane, expand Site Database, expand Computer Management, expand Collections, and then click All Systems. The list of members of the All Systems collection appears in the results pane. Notice that both computers are installed as clients in the site. 2. In the Actions pane, click Distribute, and then click Software. The Distribute Software to Collection Wizard dialog box appears. 3. Click Next. The Distribute Software to Collection Wizard Package dialog box appears providing
60
options for package creation or distribution. 4. Select Create a new package from a definition, and then click Next. The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice the default package definitions built into Configuration Manager. 5. If you do not already have the SMS2003 Toolkit, this can be obtained from here. Systems Management Server 2003 Toolkit http://www.microsoft.com/downloads/details.aspx?FamilyID=61E4E21F-2652-42DD-A04DB67F0573751D&displaylang=en 6. Download and expand this. 7. Click Browse. The Open dialog box appears. 8. Open <yourdownloadlocation> \SMS2003Toolkit2.msi. The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice that SMS 2003 Toolkit 2 is displayed. 9. Under Package definition, verify that SMS 2003 Toolkit 2 is highlighted, and then click Next. The Distribute Software to Collection Wizard Source Files dialog box appears prompting for source file handling instructions. 10. Click Always obtain files from a source directory, and then click Next. The Distribute Software to Collection Wizard Source Directory dialog box appears allowing the designation of the source file directory. 11. Click Local drive on site server, and then click Browse. The Browse For Folder dialog box appears. 12. Click <yourdownloadlocation>, and then click OK. The Distribute Software to Collection Wizard Source Directory dialog box displays the designated source directory.
61
13. Click Next. The Distribute Software to Collection Wizard Distribution Points dialog box appears allowing the designation of distribution points to store the package files. Notice that both the standard (<yourSMSServer>) and branch distribution points <yourSMSClient>are listed. 14. Under Distribution points, select <yourSMSServer>, and then click Next. Note For the purposes of this exercise, select only the site server (<yourSMSServer>) as a distribution point. Do not select the branch distribution point (<yourSMSClient>). The Distribute Software to Collection Wizard Select Program dialog box appears allowing the selection of the program to advertise. 15. Under Programs, click Per-system unattended, and then click Next. The Distribute Software to Collection Wizard Advertisement Name dialog box appears prompting for a name and comment for the advertisement. 16. Click Next to accept the default name. The Distribute Software to Collection Wizard Advertisement Subcollection dialog box appears prompting for advertising to subcollections. 17. Click Next to accept the default option of advertising to subcollections as well (even though we do not have any subcollections). The Distribute Software to Collection Wizard Advertisement Schedule dialog box appears prompting for a start and expiration time for the advertisement. 18. After Advertise the program after, verify that the current date and time is displayed. 19. Verify No, this advertisement never expires is selected, and then click Next. The Distribute Software to Collection Wizard Assign Program dialog box appears prompting for program assignments. 20. Verify that No, do not assign the program is selected, and then click Next. The Distribute Software to Collection Wizard Summary dialog box appears prompting to complete the wizard. 21. Click Next. The Distribute Software to Collection Wizard Wizard Completed dialog box appears indicating the process was successful. 22. Click Close. The list of members of the All Systems collection in the results pane.
62
In the following procedure, you will verify the configuration of the package, program, and advertisement that were created by the Distribute Software to Collection Wizard. You will also configure the advertisement to only allow content access from the protected distribution point.
To verify package configuration

1. In the tree pane, expand Computer Management, expand Software Distribution, and then expand Packages. The new package appears in the tree pane. Note You may need to refresh the display to see the new package. 2. In the tree pane, expand Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English. The Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English package data appears in the tree pane. 3. In the tree pane, click Programs. The configured programs for the package appear in the results pane. Notice the Persystem unattended program which you advertised to the client using the Distribute Software wizard. 4. In the tree pane, click Distribution Points. The distribution points for the package appear in the results pane. Notice only the local site server is listed. 5. In the tree pane, click Advertisements. Note You may need to refresh the display to see the new advertisement. The advertisement for the SMS 2003 Toolkit 2 program appears in the results pane. Notice the Available After time is the date and time the advertisement was created. 6. In the results pane, click SMS 2003 Toolkit 2, and then in the Actions pane under SMS 2003 Toolkit 2, click Properties. The SMS 2003 Toolkit 2 Properties dialog box appears displaying general properties for the advertisement. 7. Click the Distribution Points tab. The SMS 2003 Toolkit 2 Properties dialog box appears displaying properties for distribution point access. Notice that the default values are to download from fast network boundaries, and not run from slow network boundaries. Also notice that the default configuration is to not require download from a protected distribution point. 8. Click to clear Allow clients to fallback to unprotected distribution points when the content is not available on the protected distribution point, and then click OK.
63
In the following procedure, you will initiate the searching for advertised programs on your Configuration Manager client computer. For this procedure, you will use the client running on the site server computer.
Note Complete this procedure from the Configuration Manager client computer on the Configuration Manager site server (<yourSMSServer>) only.
To search for available advertised programs

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Configuration Manager client will request new policies, which will include the policy related to the advertised program. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. It will take a couple of minutes, and then the New Program Available icon appears on the system tray. 6. Double-click the New Program Available icon. The Run Advertised Programs window appears displaying new programs that are available to be installed. Notice that the SMS 2003 Toolkit 2 program is available. 7. Under Program Name, click Microsoft Corporation SMS 2003 Toolkit 2, and then click Run. A Cannot Run Program message box appears indicating the program cant run as the package source files are not available. 8. Click OK. The Run Advertised Programs window appears displaying new programs that are available to be installed. Notice that the SMS 2003 Toolkit 2 program is available. 9. In the Run Advertised Programs window, refresh the display (use F5). The Run Advertised Programs window appears. Notice that the SMS 2003 Toolkit advertised program is listed with a status of Failed.
64
10. Click Close, and then open <systempartition>\Program Files\SMS_Ccm\Logs\Cas.log. Notepad appears displaying the contents of the Content Access Service log file. 11. Search for matching. Notepad displays the first occurrence of matching. Notice that the current line indicates that there was no matching distribution point found for the content location request. We know that the content was distributed to the standard distribution point on the site server. However, as the branch distribution point was protected for the Active Directory site that the client is a member of, the client can only access the content from the branch distribution point. And the branch distribution point does not contain the requested content, and so there is no matching distribution point available for this client. 12. Close Notepad.
In the following procedure, you will view the advertisement status of the advertised program using the Software Distribution home page to verify the program installation or failure on the clients.
Note Complete this procedure from the primary site server computer only in the Configuration Management Console.
To report the advertisement status

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Distribution. The Software Distribution home page appears in the results pane. Notice that there are no results to display. Status has to be summarized before it appears in the home page. 2. In the Actions pane, click Run Home Page Summarization. It will take a moment for the summarization process to complete. 3. In the Actions pane, click Refresh. The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that both the statistics and graph indicate that one client has not started the advertisement and another client failed.
65
In the following procedure, you will verify the current distribution points for the package do not include the branch distribution point, and then add the branch distribution point.
To add the package to the branch distribution point

1. In the tree pane, expand Computer Management, expand Software Distribution, expand Packages, expand Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English, and then click Distribution Points. The distribution points for the package appear in the results pane. Notice only the local site server is listed. Since the advertisement is configured to only use protected distribution points, and the client is within the boundaries of the protected distribution point, the client is unable to run the program as the protected distribution point (branch distribution point) does not contain the content requested. 2. In the Actions pane, click New Distribution Points. The New Distribution Points Wizard window appears. 3. Click Next. The New Distribution Points Wizard Copy Package dialog box appears displaying the distribution points available for this package. Notice that the Windows XP branch distribution point <yourSMSClient>is listed. 4. Under Distribution points, click <yourSMSClient>, and then click Next. The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard was completed successfully. 5. Click Close. The distribution points for the package appear in the results pane. Notice that now both distribution points are listed for this package.
In the following procedure, you will force the distribution of the content the branch distribution point. You do not need to complete this procedure in a production environment, as the content will be distributed to the branch distribution point automatically. You are going to complete this procedure simply to speed up the process for the lab.
Note Complete this procedure from the branch distribution point computer only (<yourSMSClient>).
To distribute the package to the branch distribution point

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears.
66
2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Configuration Manager client will request new policies, which will include the policy related to the branch distribution point package location. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. It will take a couple of minutes, and then the content will begin being downloaded to the branch distribution point.
In the following procedure, you will verify that the content the branch distribution point has requested has been distributed locally.
Note Complete this procedure from the branch distribution point computer only (<yourSMSClient>).
To verify the package is distributed to the branch distribution point

1. Start Windows Explorer and then view the contents of drive C. The contents of the C drive appears. Notice a new folder has been created, SMSPKGC$. This is the folder that the branch distribution point uses to store locally distributed package content. 2. In the console tree, expand <systempartition>\SMSPKGC$, and then click the package folder (<yoursitecode>packagenumber,). The contents of the package folder appear in the details pane. Notice that the distributed source files are now available on the branch distribution point.
67
In the following procedure, you will run the advertised program now that the content is available on the branch distribution point.
Note Complete this procedure from the Configuration Manager client computer on the Configuration Manager site server (<yourSMSServer>) only.
To run the advertised program

1. In Control Panel, start Run Advertised Programs. The Run Advertised Programs window appears. Notice that the SMS 2003 Toolkit advertised program is listed with a status of Failed. 2. Under Program Name, click Microsoft Corporation SMS 2003 Toolkit 2, and then click Run. A Program Download Required message box appears. By default, in Configuration Manager, advertised programs will be downloaded from the distribution point prior to installation. 3. Click Run program automatically when download completes, and then click Download. The program is installed. This is an unattended installation, so you wont see any installation occur. Note It will take a moment to install the program. Wait a moment before proceeding. 4. In the Run Advertised Programs window, refresh the display (use F5). The Run Advertised Programs window appears. Notice that the SMS 2003 Toolkit advertised program is listed with a status of Successful. 5. Click Close, and then on the Start menu, point to All Programs. The list of program is displayed. Notice that a new program group item for the SMS 2003 Toolkit 2 appears. 6. Point to SMS 2003 Toolkit 2. The list of programs in the SMS 2003 Toolkit 2 program group appears. These were installed through the SMS 2003 Toolkit 2 advertisement. 7. Open <systempartition>\Program Files\SMS_Ccm\Logs\Cas.log. Notepad appears displaying the contents of the Content Access Service log file.
68
8. Search for download location found. Notepad displays the first occurrence of download location found. Notice that the current line indicates that there was one matching distribution point found for the content location request. Also notice that is lists the FQDN of the distribution point used, in this case <yourSMSClient>.yourdomain.yourdomain.com. To see what type of distribution point was used, you need to look in the LocationServices.log file. 9. Close CAS.log and then open LocationServices.log. Notepad appears displaying the contents of the Location Service log file. 10. Search for dptype. Notepad displays the first occurrence of dptype. Notice that the highlighted line indicates the name and path of the distribution point used. Also notice that this is the Windows XP branch distribution point, as indicated by the name <yourSMSClient>and the DPType (branch). 11. Close Notepad.
In the following procedure, you will view the advertisement status of the advertised program using the Software Distribution home page to verify the program installation on the clients.

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Distribution. The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that both the statistics and the graph indicate that one client has not started the advertisement and another client failed. 2. In the Actions pane, click Run Home Page Summarization. It will take a moment for the summarization process to complete. 3. In the Actions pane, click Refresh. The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that both the statistics and the graph indicate that one client still has not started the advertisement and the other client was successful. You have now successfully implemented a branch distribution point solution in your Configuration Manager environment and verified the ability to retrieve content from the branch distribution point. You also used the Software Distribution home page to validate advertisement status. In this section, you deployed the package to the branch distribution point via an administrator action (adding the branch distribution point to the package). You could have configured the package for distribute on demand, in which case the package would have been distributed to the branch distribution point automatically after the client requested it. No administrator action would be required to complete the assignment of the branch
69
distribution point to the package in that scenario.
70
Section 4: Implementing Maintenance Windows for Software Distribution in System Center Configuration Manager 2007
Objectives

Configure maintenance windows on collections. Verify software distribution behavior to a client in a collection with a maintenance window to allow distribution. Verify software distribution behavior to a client in a collection that is configured with a maintenance window to restrict distributions.
Prerequisites
Before working on this section, one virtual computer should be booted as a Microsoft Windows Server 2003 SP2 computer installed as a Configuration Manager primary site server (<yourSMSServer>. The second virtual computer is booted as a Windows XP Professional SP2 client installed as a Configuration Manager client in the Configuration Manager site (<yourSMSClient>). Make a note of your site code for the installed site. The package you may have deployed in the previous section will already have been created and distributed. It will reside on the branch DP as well as the standard DP. So, consider a 2 nd package for distribution here, remove the package from all locations, or advertise your package as an uninstall to complete this section.
71

1. Log on as administrator with a password of password. 2. On the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 3. In the tree pane, expand Site Database, expand Computer Management, and then expand Collections. The list of collections appears in the results pane. 4. In the tree pane, click All Systems. The members of the All Systems collection appear in the details pane. Notice that the site server computer (<yourSMSServer>) and the Windows XP Professional client computer <yourSMSClient>appear as members. 5. In the Actions pane, click Update Collection Membership. An All Systems message box appears prompting to update subcollection membership. 6. Click OK, and then in the Actions pane, click Refresh. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed twice. Notice also that one of the instances is listed as being Obsolete and inactive. This is the old reference of the client. 7. In the details pane, click the obsolete record for the <yourSMSClient> computer, and then in the Actions pane, click Delete. A Confirm Delete message box appears prompting to delete the record. 8. Click Yes. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed only once and it is an Active record (not Obsolete). 9. Delete any other Obsolete records from the All Systems collection. 10. Update the membership for the All Windows XP Systems and All Windows Server 2003 Systems collections. You have now prepared your images for the lab and may proceed to Exercise 1.
72
Exercise 1 Configuring Maintenance Windows on Collections In this exercise, you will configure maintenance windows on collections. You will configure a maintenance window to prevent software distribution to server computers, and then configure a maintenance window to allow distribution to Windows XP clients.
To configure a maintenance window to prevent software distribution

1. If not already running, on the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 2. In the tree pane, expand Site Database, expand Computer Management, expand Collections, and then click All Windows Server 2003 Systems. The list of members of the All Windows Server 2003 Systems collection appears in the results pane. Notice that there is one Configuration Manager client in the collection (<yourSMSServer>) but that the Windows XP client <yourSMSClient>is not a member of the collection. Note If your collection does not display the site server computer as a member, update the collection membership and then refresh until it does display the site server (<yourSMSServer>). 3. In the Actions pane, click Modify Collection Settings. The All Windows Server 2003 Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that by default, there are no maintenance windows configured for the collection. 4. Click New (the icon resembles a starburst). The <new> Schedule dialog box appears allows the configuration of a maintenance window for the collection. 5. In the Name box, type Future window 6. In the Effective date box, set the date to tomorrow. Make sure you choose tomorrows date, not today. 7. In the Start box, set the starting time to be the top of the current hour. 8. In the End, set the starting time to be the top of the next hour. You need at least a 15 minute window for this exercise. Make sure your configuration creates a maintenance window that will prevent the server computer from running the advertised program today and has a duration of at least 15 minutes. 9. Click OK. The All Windows Server 2003 Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that the new maintenance window is displayed for the collection.
73
10. Click OK. The list of members of the All Windows Server 2003 Systems collection appears in the results pane.
In the following procedure, you will create a maintenance window that will allow the Windows XP SCCM client to run an advertised program.
To configure a maintenance window to allow software distribution

1. In the tree pane, expand Site Database, expand Computer Management, expand Collections, and then click All Windows XP Systems. The list of members of the All Windows XP Systems collection appears in the results pane. Notice that there is only one Configuration Manager client in the collection <yourSMSClient>and that the server computer (<yourSMSServer>) is not a member of the collection. 2. In the Actions pane, click Modify Collection Settings. The All Windows XP Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that by default, there are no maintenance windows configured for the collection. 3. Click New (the icon resembles a starburst). The <new> Schedule dialog box appears allows the configuration of a maintenance window for the collection. 4. In the Name box, type Weekly window 5. In the Effective date box, verify that todays date is displayed. 6. In the Start box, set the time to the top of the current hour. 7. In the End, set the starting time to be two hours from the current time. This configuration will create a maintenance window that will allow the Windows XP client to run the advertised program in the next two hours as the window is current. You should not need two hours, but to give yourself plenty of time, you are configuring a two hour window. 8. Click OK. The All Windows XP Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that the new maintenance window is displayed for the collection. 9. Click OK. The list of members of the All Windows XP Systems collection appears in the results pane.
74
In the following procedure, you will view the collections with maintenance windows.
To identify collections with maintenance windows

1. In the tree pane, expand Site Database, expand Computer Management, and then click Collections. The list of collections appears in the results pane. 2. In the Actions pane, click Refresh. 3. In the results pane, if necessary, scroll to the right until you can view the Maintenance Windows column. The list of collections appears in the results pane including the listing of whether or not each collection includes a maintenance window. Notice that the two collections you configured earlier are identified as having maintenance windows. 4. In the results pane, drag the Maintenance Windows column to appear after Name. The Maintenance Windows column now appears right after Name. 5. In the results pane, click the Maintenance Windows column to sort by the maintenance window attribute. The Maintenance Windows column now appears sorted by the appropriate value, with the collections containing maintenance windows at the bottom of the display.
In the following procedure, you will view the maintenance windows available to the Configuration Manager clients using Configuration Manager reporting.
To identify maintenance windows available to a client

1. In the tree pane, expand Site Database, expand Computer Management, expand Reporting, and then click Reports. The list of reports appears in the results pane. 2. In the results pane, click Maintenance Windows Available to a Particular Client, and then in the Actions pane, under Maintenance Windows Available to a Particular Client, click Run. The Maintenance Windows Available to a Particular Client Report Information report appears in the results pane. As this is a prompted report, you must supply the computer name of the client you wish to view the maintenance windows for.
75
3. In the Client Name box, type <yourSMSClient>, and then click Display. An Internet Explorer window starts and displays the Maintenance Windows Available to a Particular Client report. Notice that there is one maintenance window available to the client. Notice also that this report shows the start time, duration, and other values for the maintenance window. 4. Close the ConfigMgr Report window. The Configuration Manager Console window appears displaying the Maintenance Windows Available to a Particular Client Report Information report in the results pane.
76
Exercise 2 Implementing the Maintenance Windows on the Configuration Manager Clients In this exercise, you will force the clients to retrieve policies, which will implement the appropriate maintenance windows on the clients.
Note Complete this procedure from each of the SCCM clients.
To implement the maintenance windows

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Configuration Manager client will request new policies, which will include the policy related to the maintenance window. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. It will take a couple of minutes to evaluate and implement the policy. 6. Open C:\Program Files\SMS_CCM\Logs Notepad appears displaying the contents of the Service Window Manager log file.
77
7. Search for New service window. Notepad displays the first occurrence of new service window. Notice that the current line indicates that there was a new service window policy implemented. If you are looking at the Windows XP client, you will see lines referring to: Scheduling the StartTime for today The duration of two hours The Active Service Windows list has 1 window Programs can run Scheduling the StartTime for a week from today The duration of an hour No windows in the Active Service Windows list Scheduling the timer to fire in 0 days, 23 hours.
If you are looking at the site server computer, you will see lines referring to:
8. Close Notepad.
78
Exercise 3 Distributing Software to the Configuration Manager Clients In this exercise, you will distribute software to the Configuration Manager clients. You will distribute to the All Systems collection to include both clients.
To distribute an application to the clients

1. In the tree pane, expand Site Database, expand Computer Management, expand Collections, and then click All Systems. The list of members of the All Systems collection appears in the results pane. Notice that both computers are installed as clients in the site. 2. In the Actions pane, click Distribute, and then click Software. The Distribute Software to Collection Wizard dialog box appears. 3. Click Next. The Distribute Software to Collection Wizard Package dialog box appears providing options for package creation or distribution. 4. Select Create a new package from a definition, and then click Next. The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice the default package definitions built into SCCM 2007. 5. Click Browse. The Open dialog box appears. 6. Open <download location>\SMS Toolkit\SMS2003Toolkit2.msi. The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice that SMS 2003 Toolkit 2 is displayed. 7. Under Package definition, verify that SMS 2003 Toolkit 2 is highlighted, and then click Next. The Distribute Software to Collection Wizard Source Files dialog box appears prompting for source file handling instructions. 8. Click Always obtain files from a source directory, and then click Next. The Distribute Software to Collection Wizard Source Directory dialog box appears allowing the designation of the source file directory. 9. Click Local drive on site server, and then click Browse. The Browse For Folder dialog box appears. 10. Click <download location>\SMS Toolkit, and then click OK. The Distribute Software to Collection Wizard Source Directory dialog box displays the designated source directory.
79
11. Click Next. The Distribute Software to Collection Wizard Distribution Points dialog box appears allowing the designation of distribution points to store the package files. Notice that only the site server distribution point (<yourSMSServer>) is listed. 12. Under Distribution points, select <yourSMSServer>, and then click Next. The Distribute Software to Collection Wizard Select Program dialog box appears allowing the selection of the program to advertise. 13. Under Programs, click Per-system unattended, and then click Next. The Distribute Software to Collection Wizard Advertisement Name dialog box appears prompting for a name and comment for the advertisement. 14. Click Next to accept the default name. The Distribute Software to Collection Wizard Advertisement Subcollection dialog box appears prompting for advertising to subcollections. 15. Click Next to accept the default option of advertising to subcollections as well (even though we do not have any subcollections). The Distribute Software to Collection Wizard Advertisement Schedule dialog box appears prompting for a start and expiration time for the advertisement. 16. After Advertise the program after, verify that the current date and time is displayed. 17. Verify No, this advertisement never expires is selected, and then click Next. The Distribute Software to Collection Wizard Assign Program dialog box appears prompting for program assignments. 18. Click Yes, assign the program. 19. In the Assign after box, verify that the current time is listed. The time configured should fit within the time frame of the maintenance window configured for the All Windows XP Systems collection. 20. Click Next. The Distribute Software to Collection Wizard Summary dialog box appears prompting to complete the wizard. 21. Click Next. The Distribute Software to Collection Wizard Wizard Completed dialog box appears indicating the process was successful. 22. Click Close. The list of members of the All Systems collection in the results pane.
80
In the following procedure, you will verify the configuration of the package, program, and advertisement that were created by the Distribute Software to Collection Wizard.
To verify package configuration

1. In the tree pane, expand Computer Management, expand Software Distribution, and then expand Packages. The new package appears in the tree pane. Note You may need to refresh the display to see the new package. 2. In the tree pane, expand Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English. The Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English package data appears in the tree pane. 3. In the tree pane, click Programs. The configured programs for the package appear in the results pane. Notice the Persystem unattended program which you advertised to the client using the Distribute Software wizard. 4. In the results pane, click Per-system unattended, and then in the Actions pane, click Properties. The Per-system unattended Properties dialog box appears displaying general properties for the program. Notice the command line used. 5. Click the Requirements tab. The Per-system unattended Properties dialog box appears displaying requirements for the program. Notice that the maximum run time is set to unknown. When the program is processed on the client, and Unknown value is assumed to be larger than our window, so you need to set the max run time value to fit within our window. 6. In the Maximum allowed run time (minutes) box, type 5 and then click OK. The configured programs for the package appear in the results pane. Notice that the Persystem unattended program now displays a maximum run time of 5 minutes. 7. In the tree pane, click Distribution Points. The distribution points for the package appear in the results pane. Notice only the local site server is listed. 8. In the tree pane, click Advertisements. Note You may need to refresh the display to see the new advertisement. The advertisement for the SMS 2003 Toolkit 2 program appears in the results pane. Notice the Available After time is the date and time the advertisement was created.
81
In the following procedure, you will initiate the searching for advertised programs on your Configuration Manager client computer. For this procedure, you will use the client running on the Configuration Manager site server computer.
Note Complete this procedure from each of the SCCM client computers in the site.
To search for available advertised programs

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Configuration Manager client will request new policies, which will include the policy related to the advertised program. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. It will take a couple of minutes to evaluate and implement the policy. If you are looking at the Windows XP client computer, you will see an Assigned Program About to Run icon appears in the system tray. 6. Double-click the Assigned Program About to Run icon. The Program Countdown Status dialog box appears indicating an assigned program will run within the next five minutes. 7. Click Run. The program will attempt to install. Since you advertised the Per-system unattended program, this will be a silent installation, and you will not see any user interface. The install will only take a minute to complete. If you are looking at the site server computer, you will not see anything occur, as the program will not run.
82
In the following procedure, you will verify that the advertised program did indeed run on the Windows XP client computer.
Note Complete this procedure from the Windows XP client computer <yourSMSClient>only.
To verify the program installation

1. On the Start menu, point to All Programs. The All Programs menu appears. Notice that a new menu titled SMS 2003 Toolkit 2 appears. 2. Point to SMS 2003 Toolkit 2. The SMS 2003 Toolkit 2 menu appears. This is a confirmation that the advertised program did install successfully on the client in the configured service window. 3. Open %Windows%\System32\Ccm\Logs\Execmgr.log. Notepad appears displaying the contents of the Execution Managers log file. 4. Search for per-system. The first occurrence of per-system is highlighted. Remember that the program you advertised was the per-system unattended program. This line indicates a policy for the per-system unattended program was received. 5. Search for service window. The first occurrence of service window is highlighted. This line indicates that the service window does allow the program to run. 6. Close Notepad.
In the following procedure, you will verify that the advertised program did not run on the Windows Server 2003 client computer.
Note Complete this procedure from the Windows Server 2003 client computer (<yourSMSServer>) only.
To verify that the program did not install

1. On the Start menu, point to All Programs. The All Programs menu appears. Notice that there is no new menu titled SMS 2003 Toolkit 2 as was displayed on the Windows XP client computer. 2. Open <systempartition>\Program Files\SMS_Ccm\Logs\Execmgr.log. Notepad appears displaying the contents of the Execution Managers log file. 3. Search for per-system. The first occurrence of per-system is highlighted. Remember that the program you advertised was the per-system unattended program. This line indicates a policy for the per-system unattended program was received.
83
4. Search for service window. The first occurrence of service window is highlighted. This line indicates that the program could not run due to a service window restriction. Notice that the last line in the log indicates the client is waiting for a service window. 5. Close Notepad.
In the following procedure, you will view the advertisement status of the advertised program using the Software Distribution home page to verify the program installation or failure on the clients.

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Distribution. The Software Distribution home page appears in the results pane. Notice that there are no results to display. Status has to be summarized before it appears in the home page. 2. In the Actions pane, click Run Home Page Summarization. It will take a moment for the summarization process to complete. 3. In the Actions pane, click Refresh. The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that the graph shows one client successfully ran the advertisement and another client is in a waiting state. 4. In the results pane, under Advertisement, click SMS 2003 Toolkit 2. The Status of a specific advertisement report appears in the results pane. Notice that there were two clients that received the advertisement, one was successful in running the program, and one that is listed as waiting. 5. Click the arrow to the left of Succeeded. The All system resources for a specific advertisement in a specific state report appears. Notice that one client listed is the Windows XP client <yourSMSClient>and that the last status is Program completed with success. 6. Click Back, and then click the arrow to the left of Waiting. The All system resources for a specific advertisement in a specific state report appears. Notice that the client listed is the Windows Server 2003 client (<yourSMSServer>) and that the last status is Waiting for a Service Window.
84
In the following procedure, you will create a maintenance window that will allow all members of the All Systems collection to run an advertised program.
To configure a maintenance window for All Systems

1. In the tree pane, expand Site Database, expand Computer Management, expand Collections, and then click All Systems. The list of members of the All Systems collection appears in the results pane. Notice that both clients are members of this collection. 2. In the Actions pane, click Modify Collection Settings. The All Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that by default, there are no maintenance windows configured for the collection. 3. Click New (the icon resembles a starburst). The <new> Schedule dialog box appears allows the configuration of a maintenance window for the collection. 4. In the Name box, type Daily window 5. In the Effective date box, verify that todays date is displayed. 6. In the Start box, set the time to the top of the current hour. 7. In the End, set the starting time to be two hours from the current time. This configuration will create a maintenance window that will allow the clients to run the advertised program as the window is current. Even though the server computer is a member of another collection with a restricted window, Configuration Manager performs a union of all available windows for the client to identify availability. 8. Under Recurrence pattern, select Daily, and then click OK. The All Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that the new maintenance window is displayed for the collection. 9. Click OK. The list of members of the All Systems collection appears in the results pane.
85
In the following exercise, you will force the clients to retrieve policies, which will implement the appropriate maintenance windows on the clients.
Note Complete this procedure from each of the Configuration Manager clients.
To implement the maintenance windows

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Configuration Manager client will request new policies, which will include the policy related to the maintenance window. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. It will take a couple of minutes to evaluate and implement the policy. On the server computer, an Assigned Program About to Run icon appears in the system tray. 6. Double-click the Assigned Program About to Run icon. The Program Countdown Status dialog box appears indicating an assigned program will run within the next five minutes. 7. Click Run. The program will attempt to install. Since you advertised the Per-system unattended program, this will be a silent installation, and you will not see any user interface. The install will only take a minute to complete. On the Windows XP client computer, you will see nothing new, as the program has already run.
86
In the following procedure, you will verify that the advertised program did indeed run on the Windows Server 2003 client computer that failed to run the program earlier.
Note Complete this procedure from the Windows Server 2003 client computer (<yourSMSServer>) only.
To verify the program installation

1. On the Start menu, point to All Programs. The All Programs menu appears. Notice that a new menu titled SMS 2003 Toolkit 2 appears. 2. Point to SMS 2003 Toolkit 2. The SMS 2003 Toolkit 2 menu appears. This is a confirmation that the advertised program did install successfully on the client in the configured service window.
In the following procedure, you will view the advertisement status of the advertised program using the Software Distribution home page to verify the program installation.

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Distribution. The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that the graph shows one client successfully ran the advertisement and another client is in a waiting state. 2. In the Actions pane, click Run Home Page Summarization. It will take a moment for the summarization process to complete. 3. In the Actions pane, click Refresh. The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that the graph shows both clients successfully ran the advertisement. 4. In the results pane, under Advertisement, click SMS 2003 Toolkit 2. The Status of a specific advertisement report appears in the results pane. Notice that there were two clients that received the advertisement and both were successful in running the program.
87
5. Click the arrow to the left of Succeeded. The All system resources for a specific advertisement in a specific state report appears in the results pane. Notice that both clients are listed with a last status of Program completed with success. You have now successfully implemented maintenance windows in Configuration Manager 2007, and verified software distribution behavior using the maintenance windows. You have also used the Software Distribution home page and reports to validate deployment success.
88
Section 5: Deploying Operating System Images Using System Center Configuration Manager 2007
Objectives
After completing this lab, you will be able to:

Install USMT 3.0 to capture and restore user state information. Install a Configuration Manager State Migration Point to store user state information. Create an Operating System Capture Disk. Image a Windows Vista client computer. Import the Windows Vista image into Configuration Manager as an OS image package. Deploy the Windows Vista image to a Windows XP client computer.
Before You Begin
In this lab, one virtual computer should be started as a primary site server running Configuration Manager. A second virtual computer should be running as a Windows Vista Configuration Manager client computer to be imaged . The final virtual computer is a Windows XP Professional Configuration Manager client to be upgraded to Windows Vista using the OS deployment feature of Configuration Manager 2007. There are no requirements for any connections outside the VPC image, and as OSD requires DHCP, you must configure Virtual PC networking configuration to Local only. The site code for the installed site is <yoursitecode>.
89

1. Log on as administrator with a password of password. 2. On the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 3. In the tree pane, expand Site Database, expand Computer Management, and then expand Collections. The list of collections appears in the results pane. 4. In the tree pane, click All Systems. The members of the All Systems collection appear in the details pane. Notice that there are four members in the collection. 5. In the Actions pane, click Update Collection Membership. An All Systems message box appears prompting to update subcollection membership. 6. Click OK, and then in the Actions pane, click Refresh. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed twice. Notice also that one of the instances is listed as being Obsolete and inactive. This is the old reference of the client. 7. In the details pane, click the obsolete record for the<yourSMSClient> computer, and then in the Actions pane, click Delete. A Confirm Delete message box appears prompting to delete the record. 8. Click Yes. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed only once and it is an Active record (not Obsolete). 9. Delete any other Obsolete records from the All Systems collection. 10. Update the collection membership for the All Windows XP Professional Systems collection. This collection will be targeted for deployment later in this lab. You have now prepared your images for the lab and may proceed to Exercise 1.
90
Exercise 1 Preparing the Environment for Configuration Manager OSD In this exercise, you will prepare the Configuration Manager environment for deploying operating system images using OSD. You will begin by installing the User State Migration Tool version 3.0, which is used by Configuration Manager 2007 to back up and restore user state information.
Note Complete this exercise from the primary site server only.
To install USMT 3.0

1. Download User State Migration Tool 3.0 located at the following link. http://technet2.microsoft.com/WindowsVista/en/library/91f62fc4-621f-4537-b3111307df0105611033.mspx?mfr=true 2. Start <download location>\USMT30\InstallUsmt30_x86_2000andXP.exe. The Software Update Installation Wizard dialog box appears. 3. Click Next. The Software Update Installation Wizard License Agreement dialog box appears. 4. Click I Agree, and then click Next. USMT 3.0 is installed. When complete, the Software Update Installation Wizard dialog box appears indicating the installation was successful. 5. Click Finish. 6. Share the <systempartition>\Program Files\USMT30 folder as USMT, and then grant administrators full control to the USMT share.
In the following procedure, you will create an account that will be used as the Network Access Account.
Note Complete this exercise from the site server computer
To create a user account to be assigned as the Network Access Account

1. On the Start menu, point to Administrative Tools, and then click Active Directory Users and Computers. The Active Directory Users and Computers window appears. 2. Create a new user named NetworkAccess with a password of password and ensuring that the password does not have to be changed at next logon. 3. Close Active Directory Users and Computers.
91
In the following procedure, you will configure the required Network Access Account in the Configuration Manager Console. This account is used by the client to access the Configuration Manager distribution point when booted under WinPE.
Note Complete this exercise from the primary site server with the Configuration Manager Console running and active.
To create a Network Access Account

1. If not already running, on the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 2. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, expand Site Settings, and then click Client Agents. The list of client agents appears in the results pane. 3. In the result pane, click Computer Client Agent, and then in the Actions pane, click Properties. The Computer Client Agent Properties dialog box appears displaying general properties. 4. After Network Access Account, click Set. The Windows User Account dialog box appears prompting for the account and password to configure as the Advanced Client Network Access Account. 5. In the Name box, type <domainname>\NetworkAccess 6. In the Password and Confirm password boxes, type password and then click OK. The Computer Client Agent Properties dialog box appears displaying properties for the Computer Client Agent. 7. Click OK. The Configuration Manager Console window appears.
In the following procedure, you will create the Configuration Manager package that OSD will use to install the Configuration Manager client after distributing the new operating system image.
To create a Configuration Manager Client installation package

1. In the tree pane, expand Site Database, expand Computer Management, expand Software Distribution, and then click Packages. The list of packages for the site appears in the results pane. Notice that there are no packages created at this point.
92
2. In the Actions pane, click New, and then click Package From Definition. The Create Package from Definition Wizard dialog box appears. 3. Click Next. The Create Package from Definition Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice the default package definitions built into Configuration Manager 2007 include the Configuration Manager Client Upgrade package definition. 4. Under Package definition, click Configuration Manager Client Upgrade, and then click Next. The Create Package from Definition Wizard Source Files dialog box appears prompting for source file handling instructions. 5. Click Always obtain files from a source directory, and then click Next. The Create Package from Definition Wizard Source Directory dialog box appears allowing the designation of the source file directory. 6. Click Local drive on site server, and then click Browse. The Browse For Folder dialog box appears. 7. Click <systempartition>\Program Files\Microsoft Configuration Manager\Client, and then click OK. The Create Package from Definition Wizard Source Directory dialog box displays the configured source directory. 8. Click Next. The Create Package from Definition Wizard Summary dialog box appears indicating the wizard is ready to create the package. 9. Click Finish. The wizard completes the package creation and then the Configuration Manager Console appears displaying the packages in the site. Notice that the Configuration Manager Client Upgrade package is displayed. 10. In the tree pane, expand Packages, expand Microsoft Configuration Manager Client Upgrade, and then click Microsoft Configuration Manager Advanced Client Upgrade. The package objects appear in the tree pane. 11. In the tree pane, click Programs. The programs for the package appear in the results pane. Notice that there is only one program for this package, that being a silent upgrade. 12. In the tree pane, click Distribution Points. The distribution points for this package appear in the results pane. Notice that there are no distribution points assigned to this package yet. 13. In the Actions pane, click New Distribution Points. The New Distribution Points Wizard window appears. 14. Click Next.
93
The New Distribution Points Wizard Copy Package dialog box appears displaying the list of distribution points for the package. 15. Under Distribution points, click <yourSMSServer>, and then click Next. The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard was successfully completed. 16. Click Close. The package is copied to the designated distribution point.
In the following procedure, you will create the Configuration Manager package that OSD will use to migrate user state while distributing the new operating system image.
To create a USMT package

1. In the tree pane, expand Site Database, expand Computer Management, expand Software Distribution, and then click Packages. The list of packages in the site appears in the results pane. Notice that there is no package created for USMT. 2. In the Actions pane, click New, and then click Package. The New Package Wizard General dialog box appears prompting for the package name. 3. In the Name box, type USMT and then click Next. The New Package Wizard Data Source dialog box appears allowing you to configure source files for the package. 4. Click This package contains source files, and then click Set. The Set Source Directory dialog box appears displaying the source file location. 5. Click Local drive on site server, and then click Browse. The Browse For Folder dialog box appears. 6. Click <systempartition>\Program Files\Usmt30, and then click OK. The Set Source Directory dialog box appears prompting for source file location. 7. Click OK. The New Package Wizard Data Source dialog box appears displaying the current configuration for the source files for the package. 8. Click Next. The New Package Wizard Data Access dialog box appears allowing configuration of the access to the package source files. 9. Click Next to accept the default of the standard ConfigMgr package share. The New Package Wizard Distribution Settings dialog box appears allowing configuration of the download of package source files to branch distribution points.
94
10. Click Next to accept the default to automatically download to branch distribution points and complete the wizard. The New Package Wizard Reporting dialog box appears prompting for the values to use when matching status mif values. 11. Click Next to use the default package properties as the mif matching values. The New Package Wizard Security dialog box appears prompting for security rights to be created for this package. 12. Click Next to use the default security rights. The wizard completes the package creation and then the New Package Wizard Summary dialog box appears indicating the wizard completed the package creation. 13. Click Next. The wizard completes the package creation and then the New Package Wizard Confirmation dialog box appears indicating the package creation was successful. 14. Click Close. The Configuration Manager Console appears displaying the packages in the site. Notice that the USMT package is displayed in the list of packages. 15. In the tree pane, expand Packages, expand USMT, and then click USMT. The package options appear in the tree pane. 16. In the tree pane, click Programs. The programs for the package appear in the results pane. Notice that there are no programs created for the package. You do not need to configure a program for the USMT package. 17. In the tree pane, click Distribution Points. The distribution points for this package appear in the results pane. Notice that there are no distribution points assigned to this package yet. 18. In the Actions pane, click New Distribution Points. The New Distribution Points Wizard window appears. 19. Click Next. The New Distribution Points Wizard Copy Package dialog box appears displaying the list of distribution points for the package. 20. Under Distribution points, click <yourSMSServer>, and then click Next. The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard has completed successfully. 21. Click Close. The package is copied to the designated distribution point.
95
In the following procedure, you will distribute the boot image package to a distribution point. The boot image is used to start the computer with WinPE for capturing the operating system image as well as prior to deploying the operating system image to a system.
To distribute the boot package

1. In the tree pane, expand Site Database, expand Computer Management, expand Operating System Deployment, and then click Boot Images. The list of boot images in the site appears in the results pane. Notice that there are two boot images for various platforms. 2. In the tree pane, expand Boot Images, expand Boot image (x86) (assuming x86 systems are used) , and then click Distribution Points. The distribution points for this package appear in the results pane. Notice that there are no distribution points assigned to this boot image yet. 3. In the Actions pane, click New Distribution Points. The New Distribution Points Wizard window appears. 4. Click Next. The New Distribution Points Wizard Copy Package dialog box appears displaying the list of available distribution points for the boot image. 5. Under Distribution points, click <yourSMSServer>, and then click Next. The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard has completed successfully. 6. Click Close. The boot image is copied to the designated distribution point. As boot images are larger in size, it may take a couple minutes to completely distribute to the distribution point.
In the following procedure, you will create a State Migration Point for the site. The state migration point is used by USMT to store the state information during operating system image deployment.
To create a state migration point

1. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, expand Site Settings, and then click Site Systems. The list of site systems configured for the site displayed in the results pane. 2. In the tree pane, expand Site Systems, click <yourSMSServer>, and then in the Actions pane, click New Roles. The New Site Role Wizard General dialog box appears.
96
3. Click Next. The New Site Role Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer. 4. Under Available roles, select State migration point, and then click Next. The New Site Role Wizard State Migration Point dialog box appears allowing you to configure the state migration point. 5. Click New (the icon resembles a starburst). The Storage Folder dialog box appears allowing you to configure the drive to use to maintain the user state information. Notice that the default values of a maximum of 100 clients storing state on the state migration point, and the required minimum free disk space of 100 MB. Notice also that by default, state information is removed one day after successful restore. 6. In the Storage folder box, type C:\Userstate and then click OK. The New Site Role Wizard General dialog box appears displaying the current configuration of the state migration point. 7. Click Next to accept the current configuration to remove the state after 1 day. The New Site Role Wizard Summary dialog box appears indicating that you have successfully completed the wizard. 8. Click Next. The New Site Role Wizard Wizard Completed dialog box appears indicating that you have now configured the state migration point and it is currently being installed. 9. Click Close. The Configuration Manager Console window appears displaying the site systems for the computer. Notice that the state migration point role is now listed for the site system. It will take a minute to install the state migration point.
97
Exercise 2 Creating a Capture Media Task Sequence In this exercise, you will create a task sequence that will be used to capture the Windows Vista client computer image.
Note Complete this exercise from the site server computer only in the Configuration Manager Console.
To create the Capture Media task sequence

1. In the tree pane, expand Site Database, expand Computer Management, and then expand Operating System Deployment. The operating system deployment items appear in the tree pane. 2. In the tree pane, click Task Sequences. The task sequences for the site appear in the results pane. Notice that there are no task sequences yet. You need to create a task sequence that will allow you to capture an operating system image. 3. In the Actions pane, click Create Task Sequence Media. The Task Sequence Media Wizard Select Media Type window appears prompting for the type of task sequence media to create: either a standalone, bootable, or capture media type. 4. Click Capture media, and then click Next. The Task Sequence Media Wizard Media Type dialog box appears prompting for the type of media to create: either a USB flash drive or a CD/DVD. 5. Verify that CD/DVD set is selected. 6. In the Media file box, type C:\Capture.iso and then click Next. The Task Sequence Media Wizard Boot Image dialog box appears prompting for the boot image to use. 7. Click Browse. The Select a Boot Image dialog box appears displaying the boot images available. 8. Click Boot image (x86)(assuing x86 systems are used) and then click OK. The Task Sequence Media Wizard Boot Image dialog box appears displaying the selected boot image and distribution point to use. 9. Click Next. The Task Sequence Media Wizard Summary dialog box appears indicating the wizard is complete and is ready to create the media. 10. Click Next. The task sequence media is created. This process will take a couple of minutes to complete. When complete, a Task Sequence Media Wizard Wizard Completed dialog box appears indicating the media was successfully created.
98
11. Click Close. The list of task sequence items appear in the tree pane. Notice that the process of creating a task sequence capture media does not create a task sequence in the Configuration Manager Console, but rather the .iso file. 12. Start Windows Explorer, and then display the contents of C:\. The contents of the folder appear. Notice the Capture.iso file, which can now be burned to a CD for booting on computers to be imaged. In the lab, we will just use the .iso file without creating an actual CD.
In the following procedure, you will copy the OS Capture Media disk to your host computer so it can be accessed by the reference virtual computer. This would only be done if you are using VPC images. If using physical systems, burn a CD from the Capture.iso file just created.
To copy the ISO file to the host computer

1. Under the Start menu, right-click the icon that resembles a folder, and then click Share Folder. The Browse for Folder dialog box appears. 2. Under My Computer, click Local Disk (C:) and then click OK. The local hosts drive C: is connected as drive Z: on the virtual computer. 3. Copy C:\Capture.iso to Z:\. It may take a couple of moments to copy the Capture.iso file to the host computer. 4. Verify the file was copied to Z:. 5. Under the Start menu, right-click the icon that resembles a folder, and then click Remove Z:.
99
Exercise 3 Creating an Image of the Windows Vista Reference Computer In this exercise, you will create an image of the reference computer running as a Configuration Manager 2007 client. This lab will use a Windows Vista Business edition client as the reference computer.
Note Complete this exercise from the Windows Vista client only.
To prepare the client for imaging

1. Log on as administrator with a password of password. 2. On the Start menu, right-click Computer, and then click Properties. The System window appears displaying basic information about the computer. Notice that the computer is a member of a workgroup. Reference systems must be workgroup clients, and not domain members. If your reference system is still a domain member you are required to remove the computer from the domain to create an OS image of the computer. 3. Close the System window.
In the following procedure, you will create an image of the Windows Vista reference computer.
To create a Windows Vista image

1. On the Windows Vista Virtual PC CD menu, click Capture ISO Image. The Select CD Image to Capture dialog box appears. 2. Click C:\Capture.iso from the host computer, and then click Open. This step is only done if using VPC images. If using physical systems, insert the CD into the drive. An AutoPlay dialog box appears prompting to run Run TSMBAutorun.exe. 3. Click Run TSMBAutorun.exe. The Image Capture Wizard window appears. 4. Click Next. The Image Capture Wizard Image destination dialog box appears prompting for information regarding the image creation process. 5. In the Destination box, type \\<yourSMSServer>\<share_you_create_to_store_images>\MyVista.wim 6. In the Account Name box, type <yourdomain>\Administrator, or some other account that has rights to save to your share in step 5. 7. In the Password box, type <yourpassword> and then click Next. The Image Capture Wizard Image information dialog box appears prompting for additional information regarding the image. 8. In the Created by box, type your name. 9. In the Version box, type 1.0 10. In the Description box, type Windows Vista master image and then click Next. The Image Capture Wizard Summary dialog box appears indicating the image creation
100
process is ready to begin. 11. Click Finish. An Installation Progress dialog box appears as the computer is prepared for imaging. This process includes automatically running sysprep. When complete, a System Restart message box appears indicating that the system is going to be restarted. Windows Vista is then shut down and the computer is restarted. After restarting, Windows PE initializes. When ready, an Installation Progress dialog box appears displaying the progress of the image capture process. Note Capturing an image of an operating system is a lengthy process, and may take an hour depending on your hardware. 12. When the client has restarted and begun the capture process, you can close the Windows Vista client Virtual PC as it is no longer needed. It will likely take anywhere from 30 to 60 minutes to complete. 13. Shut down the Windows virtual PC. When prompted to save changes, click Turn off and delete changes, and then click OK.
101
Exercise 4 Deploying an OS Image Using Configuration Manager 2007 In this exercise, you will create a new package and advertisement to deploy the Windows Vista image to the Windows XP client.
Note Complete this exercise from the primary site server only.
To create the image package

1. In the tree pane, expand Site Database, expand Computer Management, and then expand Operating System Deployment. The operating system deployment items appear in the tree pane. 2. In the tree pane, click Operating System Images. The operating system images for the site appear in the results pane. Notice that there are no images yet. You need to create an operating system image from the Vista.wim file previously created. 3. In the Actions pane, click Add Operating System Image. The Add Operating System Image Wizard Data Source dialog box appears allowing you to specify the image file to use. 4. In the Path box, type \\<yourSMSServer>\<share_you_create_to_store_images>\Vista.wim and then click Next. The Add Operating System Image Wizard General dialog box appears allowing you to specify the name, version and comment for the operating system image to be created. 5. In the Name box, type Windows Vista 6. In the Version box, type 1.0 7. In the Comment box, type Windows Vista image and then click Next. The Add Operating System Image Wizard Summary dialog box appears indicating that the operating system image is ready to be created. 8. Click Next. The Add Operating System Image Wizard Wizard Completed dialog box appears indicating that the wizard completed successfully. 9. Click Close. Note The process of creating the package in the Configuration Manager Console can take a number of minutes to complete (approximately three minutes) in a Virtual PC. Remain at this point until the image has been successfully created and the disk activity has stopped. The list of image packages appears in the results pane. Notice that the Windows Vista image appears.
102
In the following procedure, you will assign the image to a distribution point to make the image available for access by Configuration Manager clients.
To add the image to a distribution point

1. In the tree pane, expand Site Database, expand Computer Management, Operating System Deployment, expand Operating System Images, and then expand Windows Vista. The Windows Vista image items appear in the tree pane. 2. In the tree pane, click Distribution Points, and then in the Actions pane, click New Distribution Points. The New Distribution Points Wizard window appears. 3. Click Next. The New Distribution Points Wizard Copy Package dialog box appears displaying the list of available distribution points for the OS image. 4. Under Distribution points, click <yourSMSServer>, and then click Next. The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard has completed successfully. 5. Click Close. The OS image is copied to the designated distribution point. As the OS image is very large in size. It will take several minutes to completely distribute to the distribution point. Note You can use the Package Status node under the image to identify when the image package has been distributed to the distribution point. This will take several minutes due to the size of the image. You do not have to wait for it to complete distribution before you move onto the next procedure. However, the image must be distributed to the distribution point before the client attempts to run the advertisement.
In the following procedure, you will create a task sequence to deploy the Windows Vista OS image.
To create an image deployment task sequence

1. In the tree pane, expand Site Database, expand Computer Management, and then expand Operating System Deployment. The operating system deployment items appear in the tree pane. 2. In the tree pane, click Task Sequences. The task sequences for the site appear in the results pane. Notice that there are no task sequences yet. You need to create a task sequence that will allow you to deploy an operating system image. 3. In the Actions pane, click New, and then click Task Sequence. The New Task Sequence Wizard Create a New Task Sequence window appears prompting for the type of task sequence to create: to deploy an image package, build a reference system or a custom task sequence.
103
4. Click Next to create a task sequence that will install an existing image package. The New Task Sequence Wizard Task Sequence Information dialog box appears prompting for the name and description for the task sequence, as well as which boot image to use. 5. In the Task sequence name box, type Install Vista Image 6. In the Comment box, type Installs Windows Vista image and then click Browse. The Select a Boot Image dialog box appears displaying the boot images available. 7. Click Boot image (x86) (if using x86 systems) and then click OK. The New Task Sequence Wizard Task Sequence Information dialog box appears displaying the name and description of the task sequence, as well as the boot image to use. 8. Click Next. The New Task Sequence Wizard Install the Windows Operating System dialog box appears prompting for the image package, licensing, and administrator password to use. 9. Click Browse. The Select a Package dialog box appears displaying the image packages available. 10. Click Windows Vista 1.0 and then click OK. The New Task Sequence Wizard Install the Windows Operating System dialog box appears displaying the image package to use. Notice that the default action is to install all images in the package. Also notice that the default configuration is to partition and format the target computers hard disk. That is only required in a bare metal scenario, which we are not performing. 11. If you are doing a bare metal installation, click to clear the Partition and format the target computer before installing the operating system. If you are deploying to an existing client this is not needed. Partitioning and formatting the target computers hard disk is only required in a bare metal scenario. Clearing this option will make the image deployment process faster, especially as the default format is a full format, not a quick format. 12. Click Next to not designate a product key, not specify a licensing mode, and to disable the local administrator account on the target system. The New Task Sequence Wizard Configure the Network dialog box appears prompting whether the target system will join a workgroup or domain. 13. Click Join a domain, and then after Domain, click Browse. The Select a Domain dialog box appears displaying the available domains. 14. Under Domains, click your.domain.path.here.com and then click OK. The New Task Sequence Wizard Configure the Network dialog box appears displaying the domain the target client should join after installation of the Vista image. Notice that you can also configure a specific OU for the client to join.
104
15. Click Set. The Windows User Account dialog box appears prompting for the account and password to configure as the Advanced Client Network Access Account. 16. In the Name box, type <yourdomain>\administrator 17. In the Password and Confirm password boxes, type password and then click OK. The New Task Sequence Wizard Configure the Network dialog box appears displaying the domain the target client should join after installation of the Vista image as well as the account that will be used to add the client to the domain. 18. Click Next. The New Task Sequence Wizard Install the ConfigMgr client dialog box appears prompting for the package to use for the Configuration Manager client installation, which occurs after the OS image has been deployed. 19. Click Browse. The Select a Package dialog box appears displaying the packages available. 20. Click Microsoft Configuration Manager Client Upgrade and then click OK. The New Task Sequence Wizard Install the SMS client dialog box appears displaying the package and program to use for the Configuration Manager client installation. Notice that the installation properties includes the FSP parameter to allow the new client deployment to report deployment state messages. 21. Click Next. The New Task Sequence Wizard Configure State Migration dialog box appears prompting for configuration of the user state capture process. 22. Click Browse. The Select a Package dialog box appears displaying the packages available. 23. Click USMT and then click OK. The New Task Sequence Wizard Configure State Migration dialog box appears displaying the configuration of the user state capture process. Notice that the defaults are to capture user state, save it to the state migration point, capture network settings, and capture Microsoft Windows settings. 24. Click Next. The New Task Sequence Wizard Include Updates in Image dialog box appears prompting for deployment of software updates. Notice that the default configuration is to not deploy software updates with the image. 25. Click Next to not deploy any software updates in our lab. The New Task Sequence Wizard Install Software Packages dialog box appears prompting for deployment of software packages after the image has been installed. This is where youd configure to add in additional SMS packages, such as Microsoft Office 2007.
105
26. Click Next to not deploy any software packages in the lab environment. The New Task Sequence Wizard Summary dialog box appears indicating the wizard has been completed and is ready to create the task sequence. 27. Click Next. The task sequence is created, and then the New Task Sequence Wizard Wizard Completed dialog box appears indicating that the task sequence was successfully created. 28. Click Close. The task sequences for the site appear in the results pane. Notice that there is now one task sequence in the site.
In the following procedure, you will advertise the task sequence to deploy the Windows Vista image to the Windows XP computer.
To advertise the task sequence

1. In the results pane, click Install Vista Image. The task sequence properties appear at the bottom of the results pane. 2. Click the References tab. The list of packages used by this task sequence appears in the results pane. Notice that there are four packages used by this task sequence. 3. Start Windows Explorer and verify that each of the four packages are available on the distribution point. Note Do not proceed until the four packages are available on the distribution point. 4. In the Actions pane, click Advertise. The New Advertisement Wizard General dialog box appears prompting for general properties of the advertisement. Notice that the name defaults to the task sequence name. 5. After Collection, click Browse. The Browse Collection dialog box appears. 6. Click All Windows XP Systems, and then click OK. The New Advertisement Wizard General dialog box appears prompting for general properties of the advertisement. 7. Click Next. The New Advertisement Wizard Schedule dialog box appears prompting for the advertisement schedule. 8. Click New (the toolbar icon resembles a star burst). The Assignment Schedule dialog box appears. 9. Click OK to create a schedule for the current date and time. The New Advertisement Wizard Schedule dialog box appears displaying the advertisement schedule.
106
10. Click Next. The New Advertisement Wizard Distribution Points dialog box appears prompting for how the task sequence will access any content that is required. 11. Click Next to allow content to be downloaded when needed by the task sequence, to not allow access to remote distribution points, and require the use of protected distribution points if available. The New Advertisement Wizard Interaction dialog box appears prompting for how the user will interact with the task sequence. 12. Click Next to not allow the user to run the program as an optional program prior to the mandatory schedule and to display progress of the task sequence. The New Advertisement Wizard Security dialog box appears prompting for security rights for the task sequence. 13. Click Next to use the default security rights. The New Advertisement Wizard Summary dialog box appears indicating the wizard has been completed successfully and is ready to create the advertisement. 14. Click Next. The advertisement is created, and then the New Advertisement Wizard Wizard Completed dialog box appears indicating the advertisement was successfully created. 15. Verify that all processes were completed successfully, and then click Close. The task sequences for the site appear in the results pane. Notice that there is now one task sequence in the site.
107
Exercise 5 Installing the Image at the Target Client Computer In this exercise, you will install the Windows Vista image on the Windows XP client computer. You will begin by verifying the current client configuration.
Note Complete this exercise from the Windows XP client only.
To verify the current configuration

16. Log on as administrator with a password of password. 17. On the Start menu, right-click My Computer; and then click Properties. The System Properties dialog box appears. 18. What operating system is listed for the client computer? Microsoft Windows XP Professional Service Pack 2. ________________________________________________________________________ 19. Click Cancel.
In the following procedure, you will install the Windows Vista image.
To install the operating system image

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the client. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The client will request new policies, which will include the policy related to the advertised task sequence. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. Note It will take two minutes for the policy to be evaluated and the Assigned Program About to Run notification to be displayed. Remain at this point until the Assigned Program About to Run notification appears. 6. Double-click the Assigned Program About to Run icon on the system tray. The Program Countdown Status dialog box appears indicating a program is about to run.
108
7. Click Run. An Installation Progress message box appears as the Windows Vista operating system image is installed on the Windows XP client computer. Note It will take a number of minutes for the Windows Vista image to be deployed to the computer (approximately 60 minutes). It will automatically restart in the middle of this process. Notice that Windows PE is started and initialized to install the image. After the system reboots into Window PE, the Installation Properties message box appears displaying the progress bar for installing the image, you can shut down the Windows XP virtual PC image and not wait for the image installation process to occur. If you do cancel the deployment, you can still complete the next exercise to report on the operating system deployment progress. If you do let the image continue the installation process, the computer will restart, automatically run through Windows setup to apply configuration settings, and then finally reboot again into Windows Vista.
In the following procedure, you will verify that the Windows Vista image was installed successfully.
To verify the operating system image installation

1. Log on to <yourdomain> as administrator. 2. Notice that the wallpaper on the desktop is for Windows Vista, and not Windows XP. Also notice that the Welcome Center window appears. In Control Panel, start System. The System Properties dialog box appears. 3. What operating system is listed for the client computer? Microsoft Windows Vista. ________________________________________________________________________ 4. Close the System Properties dialog box and then start Administrative Tools. The Administrative Tools window appears. 5. Double-click Services. The Services window appears. 6. What SMS services are installed on the client computer? The SMS Agent Host and SMS Task Sequence Agent services. These services indicate a Configuration Manager client installation. ________________________________________________________________________ ________________________________________________________________________ 7. Close the Services and Administrative Tools windows.
109
Exercise 6 Viewing Status for the Image Deployment In this exercise, you will view status messages for the image installation.
Note Complete this exercise from the Configuration Manager primary site server only.
To verify the image deployment

1. In the tree pane, expand Site Database, expand Computer Management, and then click Operating System Deployment. The Operating System Deployment home page appears in the results pane. Notice that there are no results to display unless the scheduled summarization process of hourly has already occurred. 2. In the Actions pane, click Run Home Page Summarization. The home page for operating system deployment is summarized. This will take a moment to complete. 3. In the Actions pane, click Refresh. The Operating System Deployment home page appears in the results pane. Notice that there is now one task sequence that has been advertised. You will also notice that a chart has been created to the right of the list of task sequence advertisements. The chart will indicate the state of the advertised task sequence. In our case, we only have one computer targeted, so the chart shows the state of that one computer running, failed, succeeded, etc. 4. In the results pane, under Advertisement, click Install Vista Image. The Status summary of a specific task sequence advertisement report appears in the results pane. This report displays the status for this task sequence advertisement. The status of the task sequence advertisement depends on the state of the image deployment: canceled, running, or completed. 5. Click the arrow to the left of the one execution state listed. The All system resources for a specific task sequence advertisement in a specific state report appears in the results pane. This report displays the clients who are reporting the specific execution state you drilled into. Notice that the report displays the last status message ID as well as the description of the last status message. 6. Click the arrow to the left of <yourSMSClient>. The History - Specific task sequence advertisements run on a specific computer report appears in the results pane. This report displays the status for each task sequence step executed on the client computer. The task sequence steps displayed depends on the state of the image deployment: canceled, in progress, or completed. You should at least see messages with IDs of 10035, 10002, 10005 and 11140. Many others could be available after this one, depending on how far you allowed the process to complete.
110
You have now successfully configured your Configuration Manager site for an OS image deployment, prepared and captured your Windows Vista reference system, created the appropriate task sequence to deploy the image, and upgraded your Windows XP client to Windows Vista.
111
Section 6: Managing Microsoft Updates with System Center Configuration Manager 2007
Objectives

Configure integration between WSUS 3.0 and Configuration Manager. Analyze required updates. Distribute an update using Configuration Manager. Use Configuration Manager Reporting to report update status.
Before You Begin
In this lab, you need a Configuration Manager primary site server and a Configuration Manager client. These could be the same computer. You can have additional Configuration Manager clients if you want to scan for and deploy updates to multiple client platforms. The systems needed for this section include a Windows Server 2003 SP2 site server configured as a WSUS 3.0 server (<yourSMSServer>) and a Windows XP SP2 Professional client.
112

1. Log on as administrator . 2. On the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 3. In the tree pane, expand Site Database, expand Computer Management, and then expand Collections. The list of collections appears in the results pane. 4. In the tree pane, click All Systems. The members of the All Systems collection appear in the details pane. Notice that the site server computer (<yourSMSServer>) and the Windows XP Professional client computer <yourSMSClient>appear as members. 5. In the Actions pane, click Update Collection Membership. An All Systems message box appears prompting to update subcollection membership. 6. Click OK, and then in the Actions pane, click Refresh. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed twice. Notice also that one of the instances is listed as being Obsolete and inactive. This is the old reference of the client. 7. In the details pane, click the obsolete record for the <yourSMSClient> computer, and then in the Actions pane, click Delete. A Confirm Delete message box appears prompting to delete the record. 8. Click Yes. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed only once and it is an Active record (not Obsolete). 9. Delete any other Obsolete records from the All Systems collection. You have now prepared your images for the lab and may proceed to Exercise 1.
113
Exercise 1 Configuring Configuration Manager Integration with WSUS In this exercise, you will configure Configuration Manager to integrate with WSUS 3.0 in order to scan for, and deploy, updates to the Configuration Manager clients. You will begin by configuring the WSUS 3.0 computer as a Configuration Manager software update point.
Note Complete this procedure from primary site server computer only.
To verify the installation of WSUS 3.0

1. From Administrative Tools, start Services. The Services window appears displaying the services installed locally. 2. What services are installed that indicate that Windows Server Update Services is installed locally? Update Services and WsusCertServer ________________________________________________________________________ ________________________________________________________________________ 3. Close Services.
In the following procedure, you will configure the WSUS 3.0 server as a software update point for Configuration Manager.
Note Complete this procedure from the primary site server only.
To configure a software update point

1. If not already running, start the Configuration Manager Console. The Configuration Manager Console window appears. 2. In the tree pane, expand Site Database, expand Site Management, expand <yoursitecode>, expand Site Settings, and then expand Site Systems. The list of site systems appears in the tree pane. Notice that there is only one site system, that being the site server (<yourSMSServer>). 3. In the tree pane, click <yourSMSServer>. The list of site system roles for the Configuration Manager site server appears in the tree pane. Notice that there are eight roles implemented, none having to do with software updates. This server is the WSUS server, so you will need to add the site system role to perform the role of the software update point. 4. In the Actions pane, click New Roles. The New Site Role Wizard General dialog box appears.
114
5. Click Next. The New Site Role Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer. 6. Under Available roles, select Software update point, and then click Next. The New Site Role Wizard Software Update Point dialog box appears allowing you to configure the proxy server to use for access to the update content if needed. 7. Click Next to not configure the use of a proxy server. The New Site Role Wizard Active software update point settings dialog box appears allowing you to configure the software update point as the active software update management point for the Configuration Manager site, and to configure the port to use when interacting with WSUS. 8. Click Use this server as the active software update point, and then click Next. The New Site Role Wizard Synchronization source dialog box appears displaying settings for synchronization with the software update point. Notice that the default configuration is to synchronize with Microsoft Updates. Since you are in a virtual environment without Internet access and will perform manual synchronization, you will change the configuration. 9. You may want to choose to synchronize from Microsoft Update or an upstream update server. Select this option only if the export/import function is used to obtain software update definitions and then click Next. The New Site Role Wizard Synchronization schedule dialog box appears allowing you to configure the schedule to synchronize updates from WSUS with Configuration Manager. Notice that by default, the software update point does not synchronize with the WSUS server automatically. 10. Click Next to not schedule synchronization. The New Site Role Wizard Update classifications dialog box appears displaying the various product categories of updates that are available in Configuration Manager for reporting and deployment. Notice that by default, security updates, service packs, and update rollups are to be managed by Configuration Manager. Notice also that there is a message at the bottom of the dialog box indicating that you cant modify the update classifications when you are not configured to sync from a source. You may want to sync additional classifications such as critical updates. 11. Click Next. The New Site Role Wizard Products dialog box appears allowing you to configure the various Microsoft software products that can be updated by Configuration Manager. Notice that there is a message at the bottom of the dialog box indicating that you cant modify the products when you are not configured to sync from a source.
115
12. Click Next. The New Site Role Wizard Languages dialog box appears displaying the languages that content will be managed for through Configuration Manager. Notice that multiple languages are enabled by default. To make the synchronization and management process of updates quicker, you will clear all languages except the local language. 13. Under Update File, clear each language as appropriate, leaving only the local language (such as English), and then click Next. The New Site Role Wizard Summary dialog box appears indicating that you have successfully completed the wizard. 14. Click Next. The New Site Role Wizard Wizard Completed dialog box appears indicating that you have now configured the software update point. 15. Click Close. The Configuration Manager Console window appears displaying the site systems in the site in the results pane. Notice that the computer is configured as a ConfigMgr component server, a ConfigMgr distribution point, a ConfigMgr fallback status point, a ConfigMgr management point, a ConfigMgr reporting point, a ConfigMgr site server, a ConfigMgr site system, a ConfigMgr software update point and a ConfigMgr site database server.
In the following procedure, you will verify the configuration of the ConfigMgr software update point was successful.
To verify the software update point role

1. Open <systempartition>\Program Files\Microsoft Configuration Manager\Logs\ SUPSetup.log. Notepad appears displaying the contents of the Configuration Manager software update point installation log. Notice that the log indicates that the required WSUS version was detected, and that the installation was successful. 2. Close the SUPSetup.log, and then open <systempartition>\Program Files\Microsoft Configuration Manager\Logs\ WSUSCtrl.log. Notepad appears displaying the contents of the Configuration Manager WSUS Control Managers log. Notice that the log indicates there was a successful connection to the WSUS server, and that the local database connection was successful. You have now successfully installed an Configuration Manager software update point on the WSUS 3.0 server.
116
In the following procedure, you will force synchronization of the Configuration Manager site database with updates from the software update point.
To force catalog synchronization

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane. Notice that by default, the home page displays current compliance for security updates for the current month. Also notice that there are no results to display, as no synchronization has occurred yet. 2. In the tree pane, expand Software Updates, and then click Update Repository. The updates synchronized with Configuration Manager are displayed in the results pane. Notice that by default, no updates are listed. This is due to the fact that synchronization has not yet occurred. 3. In the tree pane, click Update Repository, and then in the Actions pane, click Run Synchronization. A Run Update Synchronization message box appears prompting to run the synchronization process on the site. 4. Click Yes. The synchronization process is initiated. This process may take some time to complete. There is no visual indication that the process has completed, so youll need to view status messages or Configuration Manager log files to verify that the process has completed successfully. 5. In the tree pane, expand Site Database, expand System Status, expand Site Status, expand <sitecode>, and then click Component Status. The list of Configuration Manager server components and their current status appears in the results pane. 6. In the results pane, click WSUS_Sync_Manager, and then in the Actions pane, click Show Messages. A new menu appears. 7. Click All. The ConfigMgr Status Message Viewer for <your_db_name> window appears displaying the status messages for the WSUS Sync Manager. Notice the most recent messages with IDs of 6701, 6705 and 6702. These messages indicate the sync process has started, is in progress, and completed, respectively. 8. On the File menu, click Exit. The Configuration Manager Console window appears.
117
9. Open <systempartition>\Program Files\Microsoft Configuration Manager\Logs\ Wsyncmgr.log. Notepad appears displaying the contents of the WSUS Sync Managers log file. 10. Search for synchronizing. Notepad displays the first occurrence of the text synchronizing. Notice that the line indicates that the synchronization process is happening with Configuration Manager and the WSUS server <yourSMSServer>. On later lines of the log, notice the following processes occurring: Successful connection to the local WSUS server Requested localization languages one for each language configured in WSUS (likely only English in the lab) Requested update classification one for each type of update to be managed (multiple different classifications in the lab) Synchronizing updates this begins the process of synchronization of individual updates (numerous pages of updates being synchronized in the lab) Done synchronizing SMS with WSUS Server <yourSMSServer> signals the end of the synchronization process Updated x items in SMS database the number depends on the specific lab configuration, catalog, etc. There should be some updates in the Configuration Manager database.
11. Close Notepad. The Configuration Manager Console appears. 12. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane. Notice that there currently is not information to display. 13. In the Actions pane, click Run Home Page Summarization. This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a moment to complete. Note Wait a moment here to allow the summarization process to complete before refreshing. If you refresh and the data is not update, wait another moment and then proceed.
118
14. In the Actions pane, click Refresh. This will refresh the data in the software updates home page. 15. In the tree pane, expand Software Updates, click Update Repository, and then in the Actions pane, click Refresh. This will update the Update Repository node to include Critical Updates and Service Packs. 16. In the tree pane, expand Software Updates, expand Update Repository, expand Critical Updates, and then click All Updates. The critical updates synchronized with Configuration Manager are displayed in the results pane. Notice that there are now may be some critical updates that have been synchronized with Configuration Manager from WSUS. 17. In the tree pane, expand Software Updates, expand Update Repository, expand Service Packs, and then click All Updates. The service packs synchronized with Configuration Manager are displayed in the results pane. Notice that there are now may be some service packs that have been synchronized with Configuration Manager from WSUS.
119
Exercise 2 Generating Update Status on the Configuration Manager Client In this exercise, you will force the client to run a software updates scan cycle. This will cause the client to scan for updates through WSUS, and then store the information in WMI. Configuration Manager will then automatically send the data to the Configuration Manager site through state messages.
Note Complete this procedure from the Configuration Manager client computer. If you have multiple computers in the site, you can complete this procedure on all clients.
To force the software updates scan cycle on the client

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory Cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, Software Updates Scan Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 3. Click Software Updates Scan Cycle, and then click Initiate Action. Note If the Software Updates Scan Cycle task does not appear, you can force a policy retrieval cycle Machine Policy Retrieval & Evaluation Cycle, wait two minutes, and then check again. The client will force a scan for software updates. A Software Updates Scan Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. It will take at least 15 minutes (the default for state message forward interval) for the client to be scanned, and the results to be returned to the Configuration Manager site through state messages.
120
In the following procedure, you will verify that the Configuration Manager client computer has successfully reported software update compliance data.
Note Complete this procedure from the primary site server with the Configuration Manager Console running. Do not begin this procedure for a few minutes to allow time for the client to complete the scan process.
To view results of the software updates scan cycle

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane. Notice that the home page displays current compliance for security updates for the current month. 2. In the Actions pane, click Run Home Page Summarization. By default, Configuration Manager only summarizes the software updates information every four hours. By forcing the summarization process, you will get up to date information more quickly. Note Wait a moment here to allow the summarization process to complete before refreshing. If you refresh and the data is not update, wait another moment and then proceed. 3. In the Actions pane, click Refresh. 4. In the results pane, configure the Vendor to <your_variable_here>, configure the Update classification to Critical Updates, configure the Month and year to August, 2007, and then click Go. The Software Update Compliance Status Summary information appears in the details pane. 5. In the tree pane, expand Software Updates, expand Update Repository, expand Critical Updates, and then click All Updates. The critical updates synchronized with Configuration Manager are displayed in the results pane. Notice that there are now may be some critical updates that have been synchronized with Configuration Manager from WSUS. Also notice the status of each update with the number of systems requiring this update (should be two clients) and the number of not compliant (zero) systems. 6. In the tree pane, expand Software Updates, expand Update Repository, expand Service Packs, and then click All Updates. The service packs synchronized with Configuration Manager are displayed in the results pane. Notice that there now may be some service packs that have been synchronized with Configuration Manager from WSUS and all are listed as required updates for both clients.
121
Exercise 3 Generating Software Update Compliance Reports In this exercise, you will use generate reports for analysis and reporting of software update status.
Note Complete this exercise from the Configuration Manager site server.
To generate an update status report for software updates

1. In the tree pane, expand Site Database, expand Computer Management, and then expand Reporting. The available Configuration Manager Reporting tool functions appear in the tree pane. 2. In the tree pane, click Reports. The list of available reports appears in the results pane. Notice that there are 353 reports available. 3. In the results pane, click Compliance 6 - Specific computer, and then in the Actions pane, click Run. The Compliance 6 - Specific computer Report Information appears in the results pane. Notice this is a prompted report, and requires the computer name, with vendor and update class as optional attributes. 4. In the Computer Name box, type the name of the Configuration Manager client you want to report on (it can be either of the clients). 5. Click Display. A ConfigMgr Report window appears. Notice the list of updates available for the Configuration Manager client computer. Notice the information in the report includes the vendor, update class, bulletin ID, article ID, title, whether the computer is compliant with the update, the update ID, and an information URL. 6. Close the ConfigMgr Report window. The Compliance 6 - Specific computer Report Information appears in the results pane displaying the designated computer name, vendor and update class. 7. In the tree pane, click Reports. The list of available reports appears in the results pane. 8. In the results pane, click Management 1 - Updates required but not deployed, and then in the Actions pane, click Run. The Management 1 - Updates required but not deployed Report Information appears in the results pane. Notice this is a prompted report, and requires the collection to report on and the vendor and update class. 9. After Collection ID, click Values. The Select Value dialog box appears displaying the list of available collections.
122
10. Click All Systems. The Management 1 - Updates required but not deployed Report Information appears in the results pane allowing configuration of the prompted values. 11. After Vendor, click Values. A Select Value dialog box appears displaying the available vendors. In our case, the options are <your_variable_here> , Local Publisher and Microsoft. 12. Click Lab. The Management 1 - Updates required but not deployed Report Information appears in the results pane allowing configuration of the prompted values. 13. After Update Class, click Values. A Select Value dialog box appears displaying the available update classes. Notice that the classes are the same as configured in SCCM for synchronization with WSUS. 14. Click Critical Updates. The Management 1 - Updates required but not deployed Report Information appears in the results pane displaying the configured prompted values. 15. Click Display. A ConfigMgr Report window appears. Notice the report displays information for the appropriate update, including the article ID, bulletin ID, title, the number of clients requiring the update, and information URLs for the collection members. Notice also that some updates are listed as being required but not yet deployed. 16. Close the ConfigMgr Report window. The Management 1 - Updates required but not deployed Report Information appears in the results pane.
123
Exercise 4 Distributing Software Updates Using Configuration Manager Software Update Management In this exercise, you will distribute a specific update using Configuration Manager and the software updates management feature. The lab procedures will use a synthetic update.
Note Complete this procedure from the Configuration Manager site server with the Configuration Manager Console running.
To distribute the update to the Configuration Manager client

1. In the tree pane, expand Software Updates, expand Update Repository, expand Critical Updates, and then click All Updates. The information for all critical updates appears in the results pane. Notice that there may be some updates available. 2. In the Look for box, type English update and then click Find Now. The results for the search for English updates appear in the results pane. Notice that there are now leses updates displayed in the results pane, filtered from the original updates. 3. Under Title, notice you can also multi-select here to view greater details or pursue specific actions. Configuration Manager supports multi-selection of items in most nodes. Notice that in the lower portion of the Actions pane, under Description, is displayed a message that three items are selected. 4. In the Actions pane, click Update List. The Update List Wizard Update List dialog box appears allowing you to select an existing update list or create a new one. 5. Click Create a new update list. 6. In the Name box, type <an_update_name> 7. In the Description box, type <an_update_name> 8. Click Next. The Update List Wizard Security dialog box appears allowing you to configure security on the update list. 9. Click Next. The Update List Wizard Summary dialog box appears indicating the wizard has all the information it needs to successfully complete. 10. Click Next. The Update List Wizard Wizard Completed dialog box appears indicating the wizard successfully completed.
124
11. Click Close. The Configuration Manager Console appears. 12. In the tree pane, expand Software Updates, expand Update Lists, and then click <your_update_name> The list of software updates in the update list appears in the results pane. 13. In the Actions pane, click Deploy Software Updates. The Deploy Software Updates Wizard General dialog box appears. 14. In the Name box, type <your_update_name> 15. In the Description box, type <your_update_name>and then click Next. The Deploy Software Updates Wizard Deployment Template dialog box appears prompting to create a deployment template for distributing software updates. 16. Click Next to create a new deployment definition. The Deploy Software Updates Wizard Collection dialog box appears prompting for the collection to be targeted with the update. 17. Click Browse. The Browse Collection dialog box appears displaying the collections in the site. 18. Under Collections, click All Systems, and then click OK. The Deploy Software Updates Wizard Collection dialog box appears displaying the designated collection to be targeted with the updates. 19. Click Next. The Deploy Software Updates Wizard Display/Time Settings dialog box appears allowing you to configure whether notifications will be displayed to the user, whether displayed time is the client time or UTC, and how of a time period do users have to deploy mandatory updates before forced on the computer. 20. Click Next to accept the default values to display user notifications, use UTC, and allow two weeks before updates become mandatory. The Deploy Software Updates Wizard Restart Settings dialog box appears allowing you to configure the reboot behavior when updates require a system restart, including whether or not reboots should occur outside any configured maintenance windows. Notice that the default is not to suppress restarts and that restarts can not occur outside maintenance windows. 21. Under Suppress the system restart on, click Servers, and then click Next. The Deploy Software Updates Wizard Event Generation dialog box appears allowing you to configure whether or not any failure in the update deployment will generate a Windows event. 22. Click Next to not generate a Windows event in the case of a failure. The Deploy Software Updates Wizard Update Binary Download ConfigMgr Client Settings dialog box appears allowing you to configure whether or not clients can install updates when in slow network boundaries, or when the clients protected distribution point does not contain the update content.
125
23. Click Next to not support slow network boundaries and to allow fallback to unprotected distribution points. The Deploy Software Updates Wizard Create Template dialog box appears allowing you to save the configuration as a deployment template. Doing so will make deployment of future updates much quicker, as you can use the template and not have to respond to configure all the settings you have done so on the last set of wizard pages. 24. In the Template name box, type Standard update deployment template 25. In the Template description box, type Normal software update deployments with suppression for servers 26. Click Next. The Deploy Software Updates Wizard Deployment Package dialog box appears prompting to name the new deployment package to add the updates to. Notice that the default is to use an existing deployment package. As this is your first deployment, you do not have one yet, so will need to create a deployment package. 27. Click Create a new deployment package. 28. In the Name box, type Critical Updates 29. In the Description box, type Critical updates for all clients 30. In the Package source box, type \\<yourSMSServer>\<systempartition>\Critical 31. Click Next. The Deploy Software Updates Wizard Distribution Points dialog box appears allowing you to designate the distribution points to distribute the package to. 32. Click Browse. The Add Distribution Points dialog box appears displaying the site(s) that can be targeted. Notice in our implementation, only one site is listed. 33. Under Distribution points, expand <sitecode>. The list of distribution points for the local site appears. 34. Under Distribution points, click <sitecode> to select all distribution points in the site, and then click OK. The Deploy Software Updates Wizard Distribution Points dialog box appears displaying the distribution points to distribute the package to. Notice that the local site server (as a distribution point) is listed. 35. Click Next. The Deploy Software Updates Wizard Download Location dialog box appears allowing you to configure whether or not to download updates automatically from the Internet or to retrieve them from a network location. 36. Click Download software updates from a location on the local network (or your internet connection), and then click Browse. The Browse For Folder dialog box appears allowing you to select the source of they updates.
126
37. Click <systempartition>\WSUS Synthetic, and then click OK. The Deploy Software Updates Wizard Download Location dialog box appears displaying the configured source folder. 38. Click Next. The Deploy Software Updates Wizard Language Selection dialog box appears allowing you to configure which languages updates should be downloaded for. Notice that the default is the same as you configured during the configuration of the software update point. 39. Click Next to accept the configured languages. The Deploy Software Updates Wizard Deployment Schedule dialog box appears allowing you to configure when the update deployment will be made available to clients, and when the deployment becomes mandatory. Notice that the default values are to become available now, and become mandatory in two weeks time. Also notice that Wake on LAN is not enabled for this deployment, and updates can only be deployed within any configured maintenance windows for the targeted collection. 40. Click Next to accept the default values. The Deploy Software Updates Wizard Summary dialog box appears indicating you have successfully completed the wizard. 41. Click Next. The Deploy Software Updates Wizard Progress dialog box appears displaying the progress of the deployment, which includes the downloading of each update to be deployed, and creating the deployment template and deployment package. When complete, the Deploy Software Updates Wizard Wizard Completed dialog box appears displaying the status on each phase of the deployment. 42. Verify that each phase of the process was successful, and then click Close. The Configuration Manager Console appears displaying the list of critical updates in the results pane.
In the following procedure, you will verify the software update deployment objects created.
Note Complete this procedure on the Configuration Manager primary site server only.
To view the software update distribution objects

1. In the tree pane, click Deployment Management. The Deployment Management information appears in the results pane. Notice the deployment name and values listed from the DSUW. 2. In the tree pane, expand Deployment Management, expand <your_update_name>, and then click Software Updates. The list of software updates in this deployment appears in the results pane. Notice the list of updates includes the <updates you selected> prior to starting the DSUW.
127
3. In the tree pane, expand Deployment Templates, and then click Standard update deployment template. The Standard update deployment template information appears in the results pane. Notice the template name and description. You can use this template for future deployments and not have to complete all the pages of the DSUW. 4. In the tree pane, expand Deployment Packages, expand Critical Updates, and then click Software Updates. The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is those you selected prior to launching the DSUW. 5. In the tree pane, expand Deployment Packages, expand Critical Updates, and then click Distribution Points. The distribution points assigned to this deployment package appears in the results pane. Notice that this matches the distribution points you selected in the DSUW. 6. In the tree pane, expand Deployment Packages, expand Critical Updates, expand Package Status, and then click Package Status. The deployment status of the deployment package to the assigned distribution points appears in the results pane. Notice that deployment package has been successfully deployed (listed as Installed) to the only distribution point in our site.
In the following procedure, you will install the update on the client computer. For the lab, you will force the client to check for new advertisements instead of waiting for the automated detection to occur.
Note Complete this procedure on each client computer that is to receive the update (which may include the site server computer).
To install the update on the Configuration Manager client

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Configuration Manager client will request new policies, which will include the policy related to the advertised program. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears.
128
5. Click OK. This causes the Configuration Manager client to check for new policies. When it has finished the check, the update will be available for installation. This is an attended update, so you will see the new Configuration Manager user interface. Note It will take a few minutes for the policy to be downloaded and evaluated before the software update will be available. A Software Updates Installation icon appears in the System Tray indicating that new software updates are available, that they will be installed automatically after the configured optional period (two weeks in our case) and that a system restart may be required to complete the installation. 6. In the System Tray, double-click the Software Updates Installation icon. The ConfigMgr - Software Update Management dialog box appears. Notice the default values of IT Organization and Protecting your PC. These are configurable in the Software Updates Client Agent. Notice also that ConfigMgr detected multiple update for the client, and that you can perform an express or custom installation. 7. Click Install to perform an express installation of the updates. The updates are applied to the system. It will take some time for the updates to be applied, and the status to be reported through state messages. Your updates may require a system restart. Note It will take a few minutes for the new state messages to be sent to the site. Wait a few minutes here before proceeding to exercise 5.
129
Exercise 5 Validating Current Software Update Compliance In this exercise, you will validate that the update has been deployed successfully. You will begin by generating reports for analysis and reporting of Microsoft update status, and then will validate using the Software Updates node.
Note Complete this exercise from the Configuration Manager site server.
To generate an update status report for Microsoft updates

1. In the tree pane, expand Site Database, expand Computer Management, and then expand Reporting. The available Configuration Manager Reporting tool functions appear in the tree pane. 2. In the tree pane, expand Reports, and then expand Visited Reports. The list of reports that have already been run appears in the results pane. Notice that you ran two reports earlier. 3. In the tree pane, click Compliance 6 - Specific computer. The Compliance 6 - Specific computer Report Information appears in the results pane. Notice this is a prompted report, and requires the computer name, with vendor and update class as optional attributes. 4. In the Computer Name box, type the name of the Configuration Manager client you want to report on (use one that you successfully ran the update deployment on earlier in this lab). 5. Click Display. A ConfigMgr Report window appears. Notice the list of updates available for the Configuration Manager client computer. Notice the information in the report includes the vendor, update class, bulletin ID, article ID, title, whether the computer is compliant with the update, the update ID, and an information URL. Notice also that <the_updates_you_deployed> listed as being compliant (approved and installed). 6. Close the ConfigMgr Report window. The Compliance 6 - Specific computer Report Information appears in the results pane displaying the designated computer name, vendor and update class. 7. In the tree pane, under Visited Reports, click Management 1 - Updates required but not deployed. The Management 1 - Updates required but not deployed Report Information appears in the results pane. Notice this is a prompted report, and requires the collection to report on and the vendor and update class. 8. After Collection ID, click Values. The Select Value dialog box appears displaying the list of available collections.
130
9. Click All Systems. The Management 1 - Updates required but not deployed Report Information appears in the results pane allowing configuration of the prompted values. 10. After Vendor, click Values. A Select Value dialog box appears displaying the available vendors. In our case, the options are <your_variable_here>,, Local Publisher and Microsoft. 11. Click <your_variable_here>. The Management 1 - Updates required but not deployed Report Information appears in the results pane allowing configuration of the prompted values. 12. After Update Class, click Values. A Select Value dialog box appears displaying the available update classes. Notice that the classes are the same as configured in Configuration Manager for synchronization with WSUS. 13. Click Critical Updates. The Management 1 - Updates required but not deployed Report Information appears in the results pane displaying the configured prompted values. 14. Click Display. A ConfigMgr Report window appears. Notice the report displays information for the appropriate update, including the article ID, bulletin ID, title, the number of clients requiring the update, and information URLs for the collection members. Notice also that there are some updates listed as being required but not yet deployed. 15. Close the ConfigMgr Report window. The Software updates that are required, but not yet deployed Report Information appears in the results pane.
In the following procedure, you will view the updated status data for the Microsoft update directly from the Configuration Manager Console.
Note Complete this step from the primary site server with the Configuration Manager Console running.
To view the update status data

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane.
131
2. In the Actions pane, click Run Home Page Summarization. This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a moment to complete. Note It will take a moment for the summarization process to complete. Wait for a moment before refreshing the home page. 3. In the Actions pane, click Refresh. The home page is refreshed. You now will set the values to identify current status of the deployed updates. 4. In the results pane, configure the Vendor to <your_variable_here> (perhaps choose Microsoft) , configure the Update classification to <your_preference>, configure the Month and year to <a_specific_date>, and then click Go. The Software Update Compliance Status Summary information appears in the details pane. Notice that the update status now reflects that the three updates were successfully installed to the Configuration Manager client, and are now compliant. 5. In the tree pane, expand Software Updates, expand Update Repository, and then expand Critical Updates (or some other preference), and then click All Updates. The Critical Updates (or your choice you made above) information appears in the results pane. Notice that updates are displayed for the selected month. This displays the current status for the updates for the current month, including bulletin ID, article ID, name, status of compliance, severity, size and other information. 6. In the Look for box, type English Updates and then click Find Now. The results for the search for English updates appear in the results pane. Notice that only the specific updates are displayed. 7. In the Actions pane, click Refresh. Notice that the updates are now compliant. 8. In the tree pane, expand Deployment Packages, expand Critical Updates, and then click Software Updates. The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is displayed along with the status of the updates. You should see some changes in the compliance as a result of the distribution. You have now explored a simple scenario for deploying Microsoft updates in Configuration Manager. There are many other aspects in the software updates role for Configuration Manager that youll experience outside this simple scenario.
132
Section 7: Managing Custom Application Updates using Systems Center Configuration Manager 2007
Objectives

Install the System Center Updates Publisher. Create a catalog for a custom update. Import a catalog for a synthetic application (if available download required). Publish custom catalog information to Configuration Manager for scanning. Perform a scan for custom updates. Analyze required updates. Distribute an update using Configuration Manager. Use Configuration Manager Reporting to report update status.
Before You Begin
In this lab, you need a Configuration Manager 2007 primary site server and a Configuration Manager client. These could be the same computer. You can have additional Configuration Manager clients if you want to scan for and deploy updates to multiple client platforms. The machines for this section include a Windows Server 2003 SP2 site server configured as a WSUS 3.0 server and Configuration Manager software update point (<yourSMSServer>) and a Windows XP SP2 Professional client
133

1. Log on as administrator with a password of password. 2. On the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 3. In the console tree, expand Site Database, expand Collections, and then click All Systems. The members of the All Systems collection appear in the details pane. Notice that there are multiple members, including the site server computer (<yourSMSServer>) and the Windows XP Professional client computer. 4. On the Action menu, point to All Tasks, and then click Update Collection Membership. The All Systems message box appears prompting to update subcollection membership. 5. Click OK, and then on the Action menu, click Refresh. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed twice. Notice also that one of the instances is listed as being Obsolete and inactive. This is the old reference of the client. 6. In the details pane, click the obsolete record for the <yourSMSClient> computer, and then on the Action menu, click Delete. A Confirm Delete message box appears prompting to delete the record. 7. Click Yes. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed only once and it is an Active record (not Obsolete). 8. Delete any other Obsolete records from the All Systems collection. You have now prepared your images for the lab and may proceed to Exercise 1.
134
Exercise 1 Installing the System Center Updates Publisher In this exercise, you will install the System Center Updates Publisher. This is one of the tools in the Configuration Manager source.
Note Complete this exercise from the primary site server computer.
To install the System Center Updates Publisher

1. Start <your SCCM eval download location> \Splash.hta. The Microsoft System Center Configuration Manager 2007 Start window appears displaying various installation options, including the System Center Updates Publisher. 2. Click System Center Updates Publisher. The Setup Wizard for System Center Updates Publisher window appears. 3. Click Next. The Setup Wizard for System Center Updates Publisher License agreement dialog box appears displaying the end user license agreement. 4. Read the end user license agreement, click I accept the license agreement, and then click Next. The Setup Wizard for System Center Updates Publisher Select Database Server and Instance Name dialog box appears prompting for the local or remote database server to use. 5. Click Next to use the default instance on the local server. The Setup Wizard for System Center Updates Publisher Select instance name dialog box appears prompting for the instance of SQL Server to use. Notice that the default value is MSSQLSERVER. 6. Click Next to use the SQL Server installation. The Setup Wizard for System Center Updates Publisher Destination Folder dialog box appears prompting for the location to install the System Center Updates Publisher. 7. Click Next to accept the default location of C:\Program Files\System Center Updates Publisher. The Setup Wizard for System Center Updates Publisher Installation dialog box appears indicating the installation is ready to complete. 8. Click Next. The System Center Updates Publisher is installed. This process will take a few minutes to complete. When complete, a Setup Wizard for System Center Updates Publisher Setup Complete dialog box appears indicating the installation was successfully completed. 9. Click Finish.
135
Exercise 2 Synchronizing Custom Updates with Configuration Manager In this exercise, you can create a custom catalog that will be imported into Configuration Manager for scanning with the standard Configuration Manager software updates scan process. You can also import 3rd party catalogs that contain updates, available from the System Center website on Microsoft.com (http://www.microsoft.com/systemcenter)
Note Complete this procedure from the Configuration Manager site server.
To create a custom catalog

1. On the Configuration Manager server Start menu, point to All Programs, point to System Center Updates Publisher, and then click System Center Updates Publisher. The System Center Updates Publisher window appears. If you do not have the Updates Publisher installed, this can be found here. http://www.microsoft.com/downloads/details.aspx?FamilyID=DC2329DD-304B-47259D4C-9C3F339F9D85&displaylang=en 2. In the Actions pane, click Create Update. The Create Update Wizard Update Information dialog box appears prompting for update information. 3. In the Update Title box, type <a_name_for_an_update> 4. In the Description box, type Test update 5. In the Classification box, click Security Updates. 6. In the Vendor box, type Evaluation. 7. In the Product box, type Synthetic Software and then click Next. The Create Update Wizard Extended Properties dialog box appears prompting for additional update information. 8. In the Severity box, click Moderate. 9. In the More Info URL box, type http://<yourSMSServer> 10. In the Reboot Behavior box, click Never reboots, and then click Next. The Create Update Wizard Define Prerequisite Rules dialog box appears prompting for information on how to identify systems the update is applicable for. We will create rules to apply this update to only Windows XP SP1 and SP2 systems that are running English for their language. 11. Click Add Rule (button with a +). The Add Rule dialog box appears prompting for the type of rule to create. 12. Click Create Basic rule, and then in the Rule Type box, click Windows Version. The Add Rule dialog box appears expands to allow for configuration of a Windows Version rule.
136
13. In the Comparison box, click Greater Than or Equal To. 14. In the Major Version box, type 5 15. In the Minor Version box, type 1 16. In the SP Major Version box, type 1 17. In the SP Minor Version box, type 0 18. In the Build Number box, type 2600 19. In the Product Type box, click Workstation, and then click OK. This creates a rule to identify Windows XP SP1 and later systems. The Create Update Wizard Define Prerequisite Rules dialog box appears displaying the rule created. 20. Click Add Rule (button with a +). The Add Rule dialog box appears prompting for the type of rule to create. 21. Click Create Basic rule, and then in the Rule Type box, click Windows Version. The Add Rule dialog box appears expands to allow for configuration of a Windows Version rule. 22. In the Comparison box, click Less Than or Equal To. 23. In the Major Version box, type 5 24. In the Minor Version box, type 1 25. In the SP Major Version box, type 2 26. In the SP Minor Version box, type 0 27. In the Build Number box, type 2600 28. In the Product Type box, click Workstation, and then click OK. This creates a rule to identify Windows XP SP2 and earlier systems. The Create Update Wizard Define Prerequisite Rules dialog box appears displaying the rule created. Notice that you now have two rules, with an Or operator for the two rules. We want this to be an And operator. This will allow the rule to filter out all operating systems that are not Window XP SP1 or Windows XP SP2. 29. Under Operation, select And from the drop down list, and then click Add Rule (button with a +). The Add Rule dialog box appears prompting for the type of rule to create. 30. Click Create Basic rule, and then in the Rule Type box, click Windows Language. The Add Rule dialog box appears expands to allow for configuration of a Windows Language rule. 31. In the Language box, click English, and then click OK. The Create Update Wizard Define Prerequisite Rules dialog box appears displaying the rule created. 32. Make sure both operators are set to And, and then click Next.
137
The Create Update Wizard Select Package dialog box appears prompting the location and type of update to be deployed. 33. In the Installer Type box, click Command Line Installation (.exe).
138
34. Click Browse. The Select File dialog box appears prompting the location of update to be deployed. 35. At this point you can choose anything you would like to test this available feature. For example, making a copy of any install such as a Windows update you have will be fine. Once completed, open the path to that file. The Create Update Wizard Select Package dialog box appears prompting the location and type of update to be deployed. 36.In the Download URL (or UNC) box, type \\<yourSMSServer>\<SCUP install location> \yourfile.exe Notice the default values for success and pending reboot return codes as well as default command line switch for unattended installation are not provided for command line installations as they are for Windows Installer updates. 37. In the Success Return Codes box, type 0 38. In the Command line (quiet) box, type I and then click Next. The Create Update Wizard Define Applicability Rules dialog box appears prompting for information on how to identify the file to be updated. You will a create rule to apply this update to only clients without a specific registry value configured. 39. Click Add Rule (button with a +). The Add Rule dialog box appears prompting for the type of rule to create. 40. Click Create Basic rule, and then in the Rule Type box, click Registry Value Exists. The Add Rule dialog box appears expands to allow for configuration of a Registry Value Exists rule. 41. After Rule Type, click Not rule. 42. In the Registry Path box, type HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ yourfile.exe 43. In the Registry value box, type Installed 44. In the Registry value type box, click REG_SZ. 45. Click Save your rule as, and then in the Save your rule as box, type Update Test Registry Check and then click OK. This creates a rule to identify systems that do not have the specific registry value configured. If the value is not present, that indicates the update is required. The Create Update Wizard Define Applicability Rules dialog box appears prompting for information on how to identify the file to be updated. Notice that your one rule is now displayed. 46. Click Next. The Create Update Wizard Define Installed Rules dialog box appears prompting for information on how to identify whether or not the file is already installed. Notice that there are no default rules.
139
47. Click Add Rule (button with a +). The Add Rule dialog box appears prompting for the type of rule to create. 48. Click Use existing rule, and then in the Rule Type box, click Update Test Registry Check. The rule you just created is imported and is now used to validate whether or not the update has already been deployed. However, you need to clear the Not rule configuration, so that it evaluates correctly for the query. 49. After Rule Type, click to clear Not rule, and then click OK. The Create Update Wizard Define Installed Rules dialog box appears displaying your configured rule. 50. Click Next. The Create Update Wizard Summary dialog box appears indicating the wizard is ready to create the update. 51. Click Next. The update is created. When complete, the Create Update Wizard Confirmation dialog box appears indicating the update was created successfully. 52. Click Close. The System Center Updates Publisher window appears. Notice that the SCCM Lab vendor appears in the tree pane.
In the following procedure, you will configure the custom update to be published to Configuration Manager.
Note Complete this procedure from the primary site server only with the System Center Updates Publisher window active.
To configure the custom update to be published to Configuration Manager

1. In the tree pane, expand your node, and then click Synthetic Software. The list of updates for the SCCM Lab vendor appears in the results pane. Notice that your custom update for the Synthetic Software Update is listed. Notice also that it is not flagged to be published to Configuration Manager. 2. In the Actions pane, under Update Test Software Update, click Set Publish Flag. The list of updates for the SCCM Lab vendor appears in the results pane. Notice also that your synthetic update is now flagged to be published to Configuration Manager. This will happen when synchronization is forced between SCUP and WSUS, and then Configuration Manager synchronizes from WSUS.
140
In the following procedure, you will import two 3rd party catalogs to be published to Configuration Manager.
To import a custom catalog

1. In the tree pane, click System Center Updates Publisher, and then in the Actions pane, click Import Updates. The Import Software Updates Catalog Wizard Select Import Method dialog box appears. 2. Click Next to import a single catalog. The Import Software Updates Catalog Wizard Select File dialog box appears prompting for the file to import. 3. Click Browse. Browse to the catalog. The Select Catalog to Import dialog box appears. The Import Software Updates Catalog Wizard Select File dialog box appears displaying the file to be imported. 4. Click Next. The Import Software Updates Catalog Wizard Summary dialog box appears displaying the catalog to be imported. 5. Click Next. A Catalog Validation Security Warning message box appears prompting to import the catalog. 6. Click Accept. The file is imported. When complete, the Import Software Updates Catalog Wizard Confirmation dialog box appears. 7. Click Close. The System Center Updates Publisher window appears displaying the two catalogs. Notice that both the catalogs are listed. 8. You will not actually publish the 3rd party updates to WSUS (to be synchronized with Configuration Manager). In order to publish custom and 3rd party updates to WSUS, you have to download the content for the updates, which you will not do in the VPC environment.
141
In the following procedure, you will configure the System Center Updates Publisher to synchronize updates with WSUS so that Configuration Manager can synchronize the updates as with Microsoft Updates.
To configure SCUP and WSUS for publishing

In order to follow this section, you must create and deploy a certificate. As well, there is a policy that must be set to allow 3rd party content to be installed from WSUS, which is not set by default. If not set, then no updates can be deployed. This is documented here. http://technet.microsoft.com/enus/library/bb633114.aspx 1. In the tree pane, click System Center Updates Publisher, and then in the Actions pane, click Settings. The Settings dialog box appears. 2. Click the Update Server tab. The Settings dialog box appears displaying synchronization settings. Notice that the tool is currently not configured to publish to an update server (WSUS 3.0). 3. Click Enable publishing to an update server. 4. Verify that Connect to a local update server is selected, and then click Test Connection. The connection is validated, and then a Test Connection message box appears indicating that the connection was validated. 5. Click OK. The Settings dialog box appears displaying synchronization settings. Notice that the bottom portion of the property page displays the WSUS signing certificate information. 6. Click OK. The System Center Updates Publisher window appears. 7. In the Actions pane, click Publish Updates. The Publish Wizard Summary dialog box appears indicating it is ready to publish one update. 8. Click Next. A Content Validation Security Warning message box appears validating that you want to publish the Synthetic Software Update, as the publisher is not known. 9. Click Accept. The update is published to WSUS. This process can take a few minutes depending on how many updates you are publishing to WSUS. When complete, the Publish Wizard Confirmation dialog box appears indicating the synchronization was successful. 10. Click Close. The System Center Updates Publisher window appears.
142
In the following step, you will force the custom update to be published to Configuration Manager.
Note Complete this step from the primary site server only with the Configuration Manager Console window active.
To force catalog synchronization

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane. Notice that by default, the home page displays current compliance for Microsoft security updates for the current month. 2. In the tree pane, expand Software Updates, and then click Update Repository. The update categories synchronized with Configuration Manager are displayed in the results pane. Notice that there are folders for Critical Updates and Service Packs, as these have been synchronized with WSUS previously. 3. In the tree pane, click Update Repository, and then in the Actions pane, click Run Synchronization. A Run Update Synchronization message box appears prompting to run the synchronization process on the site. This will sync Configuration Manager with WSUS and will add the synthetic software update we created in the Synthetic Updates Publishing Tool into the Configuration Manager database. 4. Click OK. The synchronization process is initiated. This process may take a few minutes to complete. There is no visual indication that the process has completed, so youll need to view status messages or Configuration Manager log files to verify that the process has completed successfully. 5. In the tree pane, expand Site Database, expand System Status, expand Site Status, expand <your_db_name>, and then click Component Status. The list of Configuration Manager server components and their current status appears in the results pane. 6. In the results pane, click WSUS_Sync_Manager, and then in the Actions pane, click Show Messages. A new menu appears. 7. Click All. The ConfigMgr Status Message Viewer for <your_db_name> window appears displaying the status messages for the WSUS Sync Manager. Notice the most recent messages with IDs of 6701, 6705 and 6702. These messages indicate the sync process has started, is in progress, and completed, respectively. 8. On the File menu, click Exit. The Configuration Manager Console window appears.
143
9. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane. 10. In the Actions pane, click Run Home Page Summarization. This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a minute to complete. Note It will take a minute for the summarization process to complete. Wait a moment before refreshing the console. 11. In the Actions pane, click Refresh. This will refresh the data in the software updates home page. 12. In the tree pane, expand Software Updates, click Update Repository, and then in the Actions pane, click Refresh. This will update the Update Repository node to include Security Updates, in addition to the Critical Updates and Service Packs that had already been synchronized. Remember that you had configured the Synthetic Software Update to be a Security Update. 13. In the tree pane, expand Software Updates, expand Update Repository, expand <your chosen update>, and then click All Updates. The security updates synchronized with Configuration Manager are displayed in the results pane.
144
Exercise 3 Generating Status of Custom Updates on the Configuration Manager Client In this exercise, you will force the client to run a scan cycle to identify applicable and installed updates, both Microsoft Updates as well as custom updates.
Note Complete this procedure from each of the Configuration Manager client computers. If you have multiple computers in the site, you can complete this procedure on all collection members but must complete this on at least one client.
To force the software updates scan cycle on the client

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory Cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, Software Updates Scan Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 3. Click Software Updates Scan Cycle, and then click Initiate Action. The client will force a scan for software updates. A Software Updates Scan Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. It will take a few minutes for the client to be scanned, and the results to be returned to the Configuration Manager site through state messages.
145
In the following procedure, you will verify that the Configuration Manager client computer has successfully reported software update compliance data.
Note Complete this procedure from the primary site server with the Configuration Manager Console running. Do not begin this procedure for a few minutes to allow time for the client to complete the scan process.
To view results of the software updates scan cycle

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane. 2. In the Actions pane, click Run Home Page Summarization. By default, Configuration Manager only summarizes the software updates information every four hours. By forcing the summarization process, you will get up to date information more quickly. Note It will take a minute for the summarization process to complete. Wait a moment before refreshing the console. 3. In the Actions pane, click Refresh. 4. In the tree pane, expand Software Updates, expand Update Repository, expand <your chosen update>, and then click All Updates. The updates synchronized with Configuration Manager are displayed in the results pane.
146
Exercise 4 Generating Software Update Compliance Reports for Custom Updates In this exercise, you will use generate reports for analysis and reporting of the custom software update status.
Note Complete this exercise from the site server.
To generate an update status report for software updates

1. In the tree pane, expand Site Database, expand Computer Management, and then expand Reporting. The available Configuration Manager Reporting tool functions appear in the tree pane. 2. In the tree pane, click Reports. The list of available reports appears in the results pane. Notice that there are 353 reports available. 3. In the results pane, click Compliance 6 - Specific computer, and then in the Actions pane, under Compliance 6 - Specific computer, click Run. The Compliance 6 - Specific computer Report Information appears in the results pane. Notice this is a prompted report, and requires the computer name, vendor and update class. 4. In the Computer Name box, type the name of the Configuration Manager client you want to report on (it can be either of the clients though <yourSMSClient> is the only one the update is applicable for according to our rules). 5. After Vendor, click Values. A Select Value dialog box appears displaying the available vendors. In our case, the options are <your_variable_here>, Local Publisher, and Microsoft. 6. Click the <vendor_name_you_created>. The Compliance 6 - Specific computer Report Information appears in the results pane allowing configuration of the prompted values. 7. After Update Class, click Values. A Select Value dialog box appears displaying the available update classes. Notice that the classes are the same as configured in Configuration Manager for synchronization with WSUS. 8. Click Security Updates. The Compliance 6 - Specific computer Report Information appears in the results pane displaying the designated computer name, vendor and update class.
147
9. Click Display. A ConfigMgr Report window appears. Notice the list of security updates available for the Configuration Manager client computer. As the only security update synchronized is the custom update <your_update_you_created> there is only data available for one update. Notice the information in the report includes the vendor, update class, bulletin ID, article ID, title, whether the computer is compliant with the update, the update ID, and an information URL. 10. Close the ConfigMgr Report window. The Compliance 6 - Specific computer Report Information appears in the results pane displaying the designated computer name, vendor and update class. 11. In the tree pane, click Reports. The list of available reports appears in the results pane. 12. In the results pane, click Compliance 2 - Specific software update, and then in the Actions pane, under Compliance 2 - Specific software update, click Run. The Compliance 2 - Specific software update Report Information appears in the results pane. Notice this is a prompted report, and requires the collection to report on and update. 13. After Collection ID, click Values. The Select Value dialog box appears displaying the list of available collections. 14. Click All Systems. The Compliance 2 - Specific software update Report Information appears in the results pane allowing configuration of the prompted values. 15. After Update, Title, Bulletin ID or Article ID, click Values. A Select Value dialog box appears displaying the available updates. Notice that the list includes all updates synchronized with WSUS, including the Synthetic Software Update. 16. Click <your_update_you_created> The Compliance 2 - Specific software update Report Information appears in the results pane displaying the configured prompted values. 17. Click Display. A ConfigMgr Report window appears. Notice the report displays information for the synthetic update, including the article ID, bulletin ID, title, the number of clients requiring the update, and information URLs for the collection members. Notice that you have one client that requires the update, and one client that does not require it. 18. Click the left arrow next to the <vendor_name_you_created> The Compliance 7 - Specific software update states report appears displaying the number of clients in various states for this update. Notice that you have one client with a state of Update is required and one client with a state of Update is not required.
148
19. Click the left arrow next to Update is required. The Compliance 9 - Computers in a specific compliance state for an update report appears displaying the number of clients that require this software update. Notice that the Windows XP client, <yourSMSClient>, is the only one that is listed. 20. Close the ConfigMgr Report window. The Compliance 2 - Specific software update Report Information appears in the results pane.
149
Exercise 5 Software Update Deployment Options In this exercise, you will distribute a specific update using Configuration Manager and the software updates management feature. The lab procedures will use a synthetic update.
Note Complete this procedure from the Configuration Manager site server with the Configuration Manager Console running.
To distribute the update to the Configuration Manager client

1. In the tree pane, expand Software Updates, expand Update Repository, expand Security Updates, and then click All Updates. The information for all security updates appears in the results pane. Notice that there is only one update available. 2. Under Title, click <your software update>, and then in the Actions pane, click Deploy Software Updates. The Deploy Software Updates Wizard General dialog box appears. 3. In the Name box, type Synthetic Custom Update 4. In the Description box, type Test of a custom update and then click Next. The Deploy Software Updates Wizard Deployment Template dialog box appears prompting to use an existing deployment template for distributing software updates. Notice that there is an existing template titled Standard update deployment template. 5. Click Next to use the existing deployment template. The Deploy Software Updates Wizard Deployment Package dialog box appears prompting to name the new deployment package to add the updates to. Notice that the default is to use an existing deployment package. You will create a new deployment package. 6. Click Create a new deployment package. 7. In the Name box, type Synthetic Custom Update 8. In the Description box, type Custom update test for all Windows XP clients 9. In the Package source box, type \\<yourSMSServer>\<path to your software update> 10. Click Next. The Deploy Software Updates Wizard Distribution Points dialog box appears allowing you to designate the distribution points to distribute the package to. 11. Click Browse. The Add Distribution Points dialog box appears displaying the site(s) that can be targeted. Notice in our implementation, only one site is listed.
150
12. Under Distribution points, click <site code> to select all distribution points in the site, and then click OK. The Deploy Software Updates Wizard Distribution Points dialog box appears displaying the distribution points to distribute the package to. Notice that the local site server (as a distribution point) is listed. 13. Click Next. The Deploy Software Updates Wizard Download Location dialog box appears allowing you to configure whether or not to download updates automatically from the Internet or to retrieve them from a network location. 14. Click Download software updates from the Internet to pull the updates from the published location (which was configured to a UNC path on the site server in the custom catalog), and then click Next. The Deploy Software Updates Wizard Language Selection dialog box appears allowing you to configure which languages updates should be downloaded for. Notice that the default is the same as you configured during the configuration of the software update point. 15. Click Next to accept the configured languages. The Deploy Software Updates Wizard Set Deployment Schedule dialog box appears allowing you to configure when the update deployment will be made available to clients, and when the deployment becomes mandatory. Notice that the default values are to become available now, and become mandatory in two weeks time. Also notice that Wake on LAN is not enabled for this deployment, and updates can only be deployed within any configured maintenance windows for the targeted collection. Click Next to accept the default values. The Deploy Software Updates Wizard Summary dialog box appears indicating you have successfully completed the wizard. 16. Click Next. The Deploy Software Updates Wizard Progress dialog box appears displaying the progress of creating the deployment. When complete, the Deploy Software Updates Wizard Wizard Completed dialog box appears displaying the status on each phase of the deployment. 17. Verify that each phase of the process was successful, including the download of the update file, and then click Close. The Configuration Manager Console appears displaying the list of security updates in the results pane, which only includes the one synthetic update.
151
In the following procedure, you will verify the software update deployment objects created.
Note Complete this procedure on the primary site server only.
To view the software update distribution objects

1. In the tree pane, click Deployment Management. The Deployment Management information appears in the results pane. Notice the deployment name and values listed from the DSUW. 2. In the tree pane, expand Deployment Management, if you created a site hierarchy expand <your site hierarchy>. The list of software updates in this deployment appears in the results pane. 3. In the tree pane, expand Deployment Packages (if you named it this way), expand <your update>. The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is those you selected prior to launching the DSUW, which only included your update (unless you added others). 4. In the tree pane, expand Deployment Packages, expand <your update>, expand Package Status, and then click Package Status. The status of the distribution of the deployment package to the distribution point appears in the results pane. Notice that only one distribution point was targeted, and it received the package successfully (Installed = 1).
In the following procedure, you will install the update on the client computer. For the lab, you will force the client to check for new advertisements instead of waiting for the automated detection to occur.
Note Complete this procedure on each client computer that is to receive the update (the update is only applicable to the Windows XP client computer however you can retrieve policies on both of your systems).
To install the update on the Configuration Manager client

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. 3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Configuration Manager client will request new policies, which will include the policy related to the software update deployment. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.
152
4. Click OK. The Configuration Manager Properties dialog box appears. 5. Click OK. This causes the Configuration Manager client to check for new policies. When it has finished the check, the update will be available for installation. This is an attended update, so you will see the new Configuration Manager user interface. Note It will take a few minutes for the policy to be downloaded and evaluated before the software update will be available. A Software Updates Installation icon appears in the System Tray of the Windows XP client computer indicating that new software updates are available, that they will be installed automatically after the configured optional period (two weeks in our case) and that a system restart may be required to complete the installation. 6. In the System Tray, double-click the Software Updates Installation icon. The ConfigMgr - Software Update Management dialog box appears. Notice the default values of IT Organization and Protecting your PC. These are configurable in the Software Updates Client Agent. Notice also that Configuration Manager detected a single update for the client, and that you can perform an express or custom installation. 7. Click Install to perform an express installation of the updates. The update is applied to the system. It will take a few minutes for the update to be applied, and the status to be reported through state messages. Your update may require a reboot this will vary by package. Note It will take a minute for the update to be deployed and updated state messages to be sent. Wait a few minutes before moving onto the next exercise.
153
Exercise 6 Validating Current Software Update Compliance In this exercise, you will validate that the update has been deployed successfully. You will begin by generating reports for analysis and reporting of Microsoft update status, and then will validate using the Software Updates node.
Note Complete this exercise from the site server.
To generate an update status report for custom updates

1. In the tree pane, expand Site Database, expand Computer Management, and then expand Reporting. The available Configuration Manager Reporting tool functions appear in the tree pane. 2. In the tree pane, expand Reports, and then expand Visited Reports. The list of reports that have already been run appears in the results pane. Notice that you ran two reports earlier. 3. In the results pane, click Compliance 2 - Specific software update, and then in the Actions pane, under Compliance 2 - Specific software update, click Run. The Compliance 2 - Specific software update Report Information appears in the results pane. Notice this is a prompted report, and requires the collection to report on and update. 4. After Collection ID, click Values. The Select Value dialog box appears displaying the list of available collections. 5. Click All Systems. The Compliance 2 - Specific software update Report Information appears in the results pane allowing configuration of the prompted values. 6. After Update, Title, Bulletin ID or Article ID, click Values. A Select Value dialog box appears displaying the available updates. Notice that the list includes all updates synchronized with WSUS. 7. Click < Name/title/update that is appropriate> The Compliance 2 - Specific software update Report Information appears in the results pane displaying the configured prompted values. 8. Click Display. A ConfigMgr Report window appears. Notice the report displays information for the synthetic update, including the article ID, bulletin ID, title, the number of clients requiring the update, and information URLs for the collection members. Notice that you have one client that installed the update, and one client that does not require it. 9. Click the left arrow next to SCCM Lab. The Compliance 7 - Specific software update states report appears displaying the number of clients in various states for this update. Notice that you have one client with a state of Update is installed and one client with a state of Update is not required. 10. Click the left arrow next to Update is installed. The Compliance 9 - Computers in a specific compliance state for a software update
154
report appears displaying the number of clients that have installed this software update. Notice that the Windows XP client, <yourSMSClient>, is the only one that is listed. 11. Close the ConfigMgr Report window. The Compliance 2 - Specific software update Report Information appears in the results pane.
In the following procedure, you will view the updated status data for the custom update directly from the Configuration Manager Console.
Note Complete this step from the primary site server with the Configuration Manager Console running.
To view the update status data

1. In the tree pane, expand Site Database, expand Computer Management, and then click Software Updates. The home page for software updates appears in the results pane. 2. In the Actions pane, click Run Home Page Summarization. This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a minute to complete. 3. In the Actions pane, click Refresh. The home page for software updates appears in the results pane. Validate that the Last Updated time is the current date and time. 4. In the results pane, you can configure the Vendor to <SCCM as a vendor name>, configure the Update classification to Security Updates, configure the Month and year to the current month and year, and then click Go. The Software Update Compliance Status Summary information appears in the details pane. Notice that the update status now reflects that the update was successfully installed on the client, and is now compliant for one client and not required for the second client. 5. In the tree pane, expand Software Updates, expand Update Repository, and then expand Security Updates, and then click All Updates. The Security Updates information appears in the results pane. Notice that updates are displayed. This displays the current status for the updates for the current month, including bulletin ID, article ID, name, status of compliance, severity, size and other information.
155
6. In the Actions pane, click Refresh. Notice that the update is now compliant. 7. In the tree pane, expand Deployment Packages, expand <your update> and then click Software Updates. The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is displayed along with the status of the updates. You should see some changes in the compliance as a result of the distribution. You have now explored another scenario in System Center Configuration Manager software updates management that being the ability to distribute updates for 3rd party and custom applications just as easily as you can do so for Microsoft updates.
156
Section 8: Implementing Desired Configuration Management in System Center Configuration Manager 2007
Objectives

Create a configuration item for compliance. Import pre-created configuration items from the System Center Pack website. Create baselines for assignment. Assign baselines to collections. Verify compliance for the assigned baselines.
Prerequisites
Before working on this lab, one virtual computer should be booted as a Microsoft Windows Server 2003 SP1 computer installed as a Configuration Manager primary site server <yourSMSServer>. The second virtual computer is booted as a Windows XP Professional SP2 client installed as a Configuration Manager client in the Configuration Manager site <yourSMSClient> . Configuration Packs are available for download from the System Center web site, located here. http://www.microsoft.com/systemcenter .
157

1. Log on as administrator. 2. On the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 3. In the tree pane, expand Site Database, expand Computer Management, and then expand Collections. The list of collections appears in the results pane. 4. In the tree pane, click All Systems. The members of the All Systems collection appear in the details pane. Notice that the site server computer (<yourSMSServer>) and the Windows XP Professional client computer <yourSMSClient>appear as members. 5. In the Actions pane, click Update Collection Membership. An All Systems message box appears prompting to update subcollection membership. 6. Click OK, and then in the Actions pane, click Refresh. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed twice. Notice also that one of the instances is listed as being Obsolete and inactive. This is the old reference of the client. 7. In the details pane, click the obsolete record for the <yourSMSClient> computer, and then in the Actions pane, click Delete. A Confirm Delete message box appears prompting to delete the record. 8. Click Yes. The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed only once and it is an Active record (not Obsolete). 9. Delete any other Obsolete records from the All Systems collection. 10. Update the membership for the All Windows XP Systems and All Windows Server 2003 Systems collections. You have now prepared your images for the lab and may proceed to Exercise 1.
158
Exercise 1 Creating and Importing Configuration Items In this exercise, you will configure configuration items, which are used to identify specific configurations for determining compliance. You will begin by manually creating a configuration item.
To create a configuration item

1. If not already running, on the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 2. In the tree pane, expand Site Database, expand Computer Management, and then click Desired Configuration Management. The Desired Configuration Management home page appears in the results pane. Notice that by default, the home page displays configuration baselines that are reported as being out of compliance with at least one violation of the severity of Error. Notice also that there are no items to display, as no configuration baselines have been deployed. 3. In the tree pane, expand Desired Configuration Management, and then click Configuration Items. The list of configuration items, which are used to create configuration baselines, appears in the results pane. Notice that by default there are no configuration items created. 4. In the Actions pane, click New. A new menu appears. Notice that you can create three types of configuration items application, business or operating system. 5. Click Application Configuration Item. The Create Application Configuration Item Wizard Identification dialog box appears allowing the configuration of the CI. 6. In the Name box, type SCCM Client 7. In the Description box, type Looks for SCCM clients not using the standard Windows\System32\Ccm folder and then click the Categories button. The Categories dialog box appears allowing you to select an existing category, or create your own. Notice the default categories for client, IT infrastructure, line of business, and server. 8. In the Add a new category box, type SCCM Client and then click Add. The Categories dialog box appears displaying the available categories. Notice that the SCCM Client category has been added, and automatically selected for this application configuration item.
159
9. Click OK. The Create Application Configuration Item Wizard Identification dialog box appears allowing the configuration of the CI. Notice that the information you supplied is displayed. 10. Click Next. The Create Application Configuration Item Wizard Detection Method dialog box appears allowing you to configure the method of detection for this configuration item. Notice that the default option is to assume the application is always installed, however you can also do detection via Microsoft Installer or a VB script. 11. Verify that Always assume application is installed is selected, and then click Next. The Create Application Configuration Item Wizard Objects dialog box appears allowing you to configure the configuration item you want to monitor compliance with. This configuration is if you wish to check security (Access Control Lists) on objects instead of the object settings themselves. 12. Click Next to not define objects for security checks. The Create Application Configuration Item Wizard Settings dialog box appears allowing you to configure the settings for the configuration item you want to monitor compliance with. 13. Click New. A new menu appears with various options for configuring the object. 14. Click Registry. The New Registry Setting Properties dialog box appears allows the configuration of the registry value to query. 15. In the Display name box, type SCCM Install Directory 16. In the Hive box, verify that HKEY_LOCAL_MACHINE is displayed. 17. In the Key box, type SOFTWARE\Microsoft\SMS\Client\Configuration\Client Properties 18. In the Value name box, type Local SMS Path and then click the Validation tab. The New Registry Setting Properties dialog box appears allows the configuration of the registry value for validation. 19. In the Data Type box, verify that String is displayed, and then click New. The Configure Validation dialog box appears allows the configuration of the registry value for validation. 20. In the Name box, type Install folder 21. In the Operator box, verify that Equals is displayed. 22. In the Value box, type <systempartition>\Windows\System32\Ccm\ Note Be sure to include the trailing backslash, as that is how it is stored in the Registry.
160
23. In the Severity box, click Warning, and then click OK. The New Registry Setting Properties dialog box appears displaying the rule for validation. 24. Click OK. The Create Application Configuration Item Wizard Settings dialog box appears displaying the settings you are using for this application rule. 25. Click Next. The Create Application Configuration Item Wizard Applicability dialog box appears allowing you to configure the client operating systems that this rule is appropriate for. Notice that by default, the rule is applicable for all Windows operating systems. 26. Click Next to use all Windows platforms. The Create Application Configuration Item Wizard Summary dialog box appears indicating it is ready to create the configuration item. 27. Click Next. The configuration item is created, and then the Create Application Configuration Item Wizard Wizard Completed dialog box appears indicating that the configuration item was successfully created. 28. Click Close. The list of configuration items, which are used to create configuration baselines, appears in the results pane. Notice that your configuration item is now listed.
In the following procedure, you will import pre-created configuration items that will be used to create a configuration baseline.
To import or create configuration items

1. In the tree pane, expand Site Database, expand Computer Management, expand Desired Configuration Management, and then click Configuration Items. The list of configuration items appears in the results pane. Notice that your configuration item is listed. 2. In the Actions pane, click Import Configuration Data. The Import Configuration Data Wizard Choose Files dialog box appears displaying the files to import. Notice that by default no files are listed to be imported.
161
3. Click Add. The Open dialog box appears allowing you to select the file to import. The Configuration Pack downloads are located here: http://www.microsoft.com/systemcenter Download these to be used in this section. 4. If you have downloaded any Configuration Packs, path to your downloaded CPs and then click Open. A Microsoft Management Console Security Warning message box may appear for some Configuration Packs, indicating the publisher of the file Windows Server 2003 SP1.cab could not be validated and prompting to run the cab file anyway. 5. Click Run. A Microsoft Management Console Security Warning message box may appear indicating the publisher of the Windows XP SP2.cab file could not be validated and prompting to run the cab file anyway. 6. Click Run. The Import Configuration Data Wizard Choose Files dialog box appears displaying the files to import. Notice that the two selected files are listed to be imported. 7. Click Next. The Import Configuration Data Wizard Summary dialog box appears indicating that there are two configuration items ready to be imported. 8. Click Finish. 9. The list of configuration items appears in the results pane. Notice that there are now three configuration items listed. To create an Operating System Configuration Item for the next section follow the next set of steps. 10. To create an Operating System Configuration Item, Select the Desired Configuration Management section within your Configuration Manager console, and expand to show the two subsections. 11. Select Configuration Items, and in the Actions pane, select New, Operating System Configuration Item. 12. The Create Operating System Configuration Item Wizard launches. In the Dialog box that appears, type in the name of the Operating System Configuration Item you intend to create. 13. In the Description dialog box, place the name a short description of the Operating System Configuration Item you are creating. You are also able to select existing or create new Categories in the same window. Select Next when complete. 14. In the next step, you begin to have some choices. For example, you may Specify a particular Windows Operating System by description in the drop down menu, or specify more granular details of an Operating System, such as Major/Minor versions, Build numbers, Service Pack version (major or minor). This particular customization can be very useful for organizations that may have their own build revisions that they monitor and
162
administrate outside of Microsoft official releases. Select Next when complete. 15. In the next step, you also have the option of adding additional objects you may want to use to verify an Operating System version. Some customers or partners for example use elements such as Registry key values. This section is optional. Select Next when complete. 16. In the next step, you have the option of querying additional resources from places such as Active Directory, registry and others. This is an optional step. Select Next when complete. 17. The final step in the wizard is a summary Detail list. Here you can review your choices, and also you have the option of going to Previous steps if modifications are needed. Select Next when complete. 18. Once the Wizard finished the Configuration Item creation, you will be given a Details page. Select Close when complete. You have now created an Operating System Configuration Item that you may reference later in your evaluation.
163
Exercise 2 Creating Configuration Baselines In this exercise, you will create configuration baselines that will be used to determine compliance of your Configuration Manager clients.
To create a configuration baseline for operating systems

1. In the tree pane, expand Site Database, expand Computer Management, expand Desired Configuration Management, and then click Configuration Baselines. The list of configuration baselines appears in the results pane. Notice that there are no configuration baselines displayed. 2. In the Actions pane, click New Configuration Baseline. The Create Configuration Baseline Wizard Identification dialog box appears allowing the configuration of the baseline. 3. In the Name box, type Client Operating Systems 4. In the Description box, type Verifies all clients are running <your Operating system Configuration Item you created> and then click the Categories button. The Categories dialog box appears allowing you to select the category of items to display. 5. Under Available categories, click both Client and Server, and then click OK. If you do not see these options, they are easily added at the top under the section called Add a new category The Create Configuration Baseline Wizard Identification dialog box appears displaying the configuration of the baseline. 6. Click Next. The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears allowing the configuration of the rules that are used to validate the baseline. Notice the default rule configuration options. 7. Under Rules, click operating system. The Choose Configuration Items dialog box appears allowing you to select the operating system configuration items you created earlier. 8. Under Name, select the Operating System you would like to include in your baseline. What you see here is dependent on what OS packages you have created in your Configuration Manager Desired Configuration Manager environment in the previous excercise. The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears allowing the configuration of the rules that are used to validate the baseline. Notice that <your OS choice> configuration items are now listed under operating systems. 9. Click Next. The Create Configuration Baseline Wizard Summary dialog box appears indicating it is ready to create the configuration baseline.
164
10. Click Next. The configuration baseline is created. When complete, the Create Configuration Baseline Wizard Wizard Completed dialog box appears indicating the configuration baseline was successfully created. 11. Click Close. The list of configuration baselines appears in the results pane. Notice that the operating system configuration baseline is displayed.
In the following procedure, you will create a configuration baseline to check for the Configuration Manager client configuration. You can also add the an Operating Systems baseline to the new baseline.
To create a configuration baseline for SCCM client installation

1. In the tree pane, expand Site Database, expand Computer Management, expand Desired Configuration Management, and then click Configuration Baselines. The list of configuration baselines appears in the results pane. Notice that the Client Operating Systems configuration baseline is displayed. 2. In the Actions pane, click New Configuration Baseline. The Create Configuration Baseline Wizard Identification dialog box appears allowing the configuration of the baseline. 3. In the Name box, type SCCM Client 4. In the Description box, type Uses all SCCM client configuration items and then click the Categories button. The Categories dialog box appears allowing you to select an existing category, or create your own. Notice the default categories for client, IT infrastructure, line of business, and server as well as the SCCM Client category you created earlier. 5. Under Available categories, click SCCM Client, and then click OK. The Create Configuration Baseline Wizard Identification dialog box appears displaying the configuration of the baseline. 6. Click Next. The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears allowing the configuration of the rules that are used to validate the baseline. Notice the default rule configuration options. 7. Under Rules, click applications and general. The Choose Configuration Items dialog box appears allowing you to select the application or general rule configuration items created. Notice that there is only one configuration item listed, which is the SCCM Client configuration item you created. Also notice that the category is SCCM Client, which you had configured as the filter earlier in this procedure.
165
8. Under Name, click SCCM Client, and then click OK. The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears allowing the configuration of the rules that are used to validate the baseline. Notice that the SCCM Client configuration item is now listed under application and general. 9. Under Rules, click configuration baselines. The Choose Configuration Baselines dialog box appears allowing you to select the configuration baselines potentially already created. You may only see one configuration baseline listed, which is the Operating Systems configuration baseline you created earlier. You can add one baseline as a requirement of another one. This is a very powerful feature of Desired Configuration Management, allowing the nesting of Parent and Child relationships to exist, and for Configuration Items and Baselines to have relationships. 10. Under Name, click Client Operating Systems, and then click OK. The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears displaying the rules for the new configuration baseline. Notice that both the SCCM Client configuration item and the Client Operating Systems baseline are added as rules. 11. Click Next. The Create Configuration Baseline Wizard Summary dialog box appears indicating it is ready to create the configuration baseline. 12. Click Next. The configuration baseline is created. When complete, the Create Configuration Baseline Wizard Wizard Completed dialog box appears indicating the configuration baseline was successfully created. 13. Click Close. The list of configuration baselines appears in the results pane. Notice that both the Operating System and SCCM Client configuration baselines are displayed.
166
Exercise 3 Scanning Configuration Manager Clients for Compliance In this exercise, you will generate compliance data for your Configuration Manager clients. You will begin by assigning the configuration baselines to the appropriate collections.
To assign the baselines to collections

1. In the tree pane, expand Site Database, expand Computer Management, expand Desired Configuration Management, and then click Configuration Baselines. The list of configuration baselines appears in the results pane. Notice that both the Operating Systems (you created earlier) and SCCM Client configuration baselines are displayed. 2. In the results pane, click both configuration baselines (if you created both), and then in the Actions pane, click Assign to a Collection. The Assign Configuration Baseline Wizard Choose Configuration Baselines dialog box appears allowing you to configure the baselines to assign. Notice that both baselines are already listed, as you had selected both when you launched the wizard. 3. Click Next. The Assign Configuration Baseline Wizard Choose Collection dialog box appears allowing you to configure the collection the baselines are to be assigned to. 4. Click Browse. The Browse Collection dialog box appears prompting for the collection to target with the configuration baselines. 5. Under Collections, click All Systems, and then click OK. The Assign Configuration Baseline Wizard Choose Collection dialog box appears displaying the All Systems collection as the collection the baselines are to be assigned to. 6. Click Next. The Assign Configuration Baseline Wizard Set Schedule dialog box appears allowing the configuration of the schedule clients in the assigned collection should use for compliance scanning. Notice that the default schedule is weekly. 7. Click Next to use the default schedule of weekly scans. The Assign Configuration Baseline Wizard Summary dialog box appears indicating it is ready to create the assignment.
167
8. Click Next. The assignment process completes, and then the Assign Configuration Baseline Wizard Wizard Completed dialog box appears indicating the process was successful. 9. Click Close. The list of configuration baselines appears in the results pane. 10. In the tree pane, expand Site Database, expand Computer Management, and then click Desired Configuration Management. The Desired Configuration Management home page appears in the results pane. Notice that by default, the home page displays configuration baselines that are reported as being out of compliance with at least a Severity of Error. Notice also that there are no items to display, as no configuration baselines have been deployed. 11. In the results pane, after Minimum severity, click None. The Desired Configuration Management home page appears in the results pane. Notice that the home page displays configuration baselines that have no compliance data reported, which includes your configuration baselines. As you scan your clients, and receive compliance data from them, data will appear in the home page.
In the following procedure, you will initiate the retrieval of policies on your SCCM client computers. Desired configuration management baselines are delivered to clients through policies.
Note Complete this procedure from each of the Configuration Manager client computers in the site.
To search for new policies

1. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 2. Click the Configurations tab. The Configuration Manager Properties dialog box displays the configuration baselines assigned to the client. Notice that by default there are no configuration baselines assigned. 3. Click the Actions tab. The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle. 4. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action. The Configuration Manager client will request new policies, which will include the policies related to configuration baselines. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete. 5. Click OK. The Configuration Manager Properties dialog box appears.
168
6. Click OK. It will take a couple of minutes for the client to download the policies and then implement them. Wait at least two minutes before moving onto the next step. 7. In Control Panel, start Configuration Manager. The Configuration Manager Properties dialog box appears. 8. Click the Configurations tab. The Configuration Manager Properties dialog box displays the configuration baselines assigned to the client. Notice that by default there are now two configuration baselines assigned to the client. Depending on which client you are looking at, the SCCM Client configuration baseline may be listed as not being compliant (the site server computers Configuration Manager client is installed in C:\Program Files\SMS_CCM\ instead of C:\Windows\System32\Ccm\). 9. Click OK.
In the following procedure, you will view the compliance status of each Configuration Manager client for the two configuration baselines.
To view the compliance status

1. In the tree pane, expand Site Database, expand Computer Management, and then click Desired Configuration Management. The Desired Configuration Management home page appears in the results pane. Notice that the home page displays configuration baselines that are configured. Notice that in our case, we have two baselines, both with a severity of None. 2. In the Actions pane, click Run Home Page Summarization. It will take a moment for the summarization process to complete. 3. In the Actions pane, click Refresh. The Desired Configuration Management home page displays the current status in the results pane. Notice that statistics on each baseline and a a pie chart for the selected baseline are displayed in the results pane. The pie chart is for the highlighted baseline, which is the SCCM Client baseline. This baseline should have one non-compliant system and one compliant system.
169
4. In the results pane, under Name, click SCCM Client. The Summary compliance by configuration baseline report appears in the results pane. Notice that it reports that you have one compliant and one non-compliant system reporting for this baseline. 5. Click the arrow to the left of SCCM Client. The Compliance details for a configuration baseline by configuration item report appears in the results pane. Notice that this report displays each configuration item and the state of each configuration item at each client. 6. Click the arrow to the left of the SCCM Client configuration item. The Summary compliance for a configuration item by computer report appears in the results pane. Notice that it displays an entry for each SCCM client reporting status for this baseline. Notice that it displays the baseline name, version, configuration item, configuration type, desired state, compliance state, and applicability and detected states for each client. 7. Click the arrow to the left of SCCM Client, for the Computer Name of <yourSMSServer>, and the Actual Compliance State of Non-Compliant. The Non-compliance details for a configuration item on a computer report appears in the results pane. Notice that it displays the results of this configuration item on this specific client. If you scroll to the right, youll see the current value of the key, which is why the item is listed as non-compliant. This is expected, as the SCCM client was installed into the management point folder, not the normal client folder. 8. In the tree pane, expand Site Database, expand Computer Management, and then click Desired Configuration Management. 9. In the results pane, in the list of baselines, under Severity, click None. This will select the Operating System baseline but not launch a report that would happen if you clicked the Operating Systems baseline name under Name. The Desired Configuration Management home page displays the results of the Operating Systems baseline in the pie chart. Notice that all clients have reported that they are compliant with this baseline. The Configuration Manager Console window appears. You have now used Configuration Manager 2007 to monitor compliance of systems using the desired configuration management feature of Configuration Manager. You created and imported configuration items, created configuration baselines, assigned the baselines to collections, scanned clients for compliance, and reported system compliance through the DCM home page and reports.
170
Section 9: Implementing Asset Intelligence in System Center Configuration Manager 2007

Overview
Microsoft System Center Configuration Manager 2007 contains the second release of Asset Intelligence which continues and enhances the focus on improving asset & license visibility in the enterprise. Asset Intelligence enhances the inventory capabilities of SCCM 2007 by extending hardware and software inventory and adding license management functionality. Many inventory classes improve the breadth of information gathered about hardware and software assets. In the following sections we will cover the whats new in this release, examine some of the enhancements made to performance and briefly talk about the updated knowledge base catalog. In addition, we will cover the reporting classes and their correlation to the Asset Intelligence reports and finally, we will provide some hands-on exercises that will help you get acquainted with this feature set.
Whats new
Setup experience In Configuration Manager 2007, Asset Intelligence is fully integrated into the setup experience. This means that the knowledge base catalog as well as all reports are installed during SCCM 2007 setup and are no longer treated as optional components. To avoid unintentional or unnecessary data collection, we ship the Asset Intelligence reporting classes in a disabled state, and it is up to you to decide which reporting classes to enable. Note: If you do not enable the Asset Intelligence reporting classes, reports will contain no data and will instead display a message stating:"No matching records could be found". Additional reports We have added additional reports and functionality that can be broken into the following high level buckets:
Recent Usage Inventory: o SCCM metering agent will inventory the last time any executable was running in the user context. o Data returned through hardware inventory. o Additional reports will help you answer the When was the last time this was used? question. Auto-created Metering Rules: o Last Usage Inventory can be used to auto-create full metering rules which you can decide to enable. o Simplifies the process of creating metering rules. Asset Change Summarization: o A summary of changes to computer assets is stored in a central table. o Managing deltas help reduce the complexity of asset management. o Additional reports help you answer the What has changed recently in my environment? question. Client Access Licenses usage tracking for Microsoft Windows and Exchange: o Both User and Device CALs usage is tracked. o Based on Security audit logs. o Additional reports answer the who used up the CALs , when did they do that questions.
Performance enhancements Several performance enhancements were included in this release of Asset Intelligence with special optimization for large environments. These include a wide range of changes from more efficient data
171
collection to fewer reporting Joins. The end result is a faster, more robust product. Data enhancements As the heart of Asset intelligence is the knowledge base catalog, we invested effort in adding additional titles, cleaning up older ones as well work around title schema rationalization. Several fixes we introduced to address issues we discovered in SMS 2003 SP3, which resulted in higher quality data to work with.
Enabling the Asset Intelligence Reporting Classes
Asset Intelligence data collection is controlled via SCCM WMI classes. These classes are contained in the SMS_DEF.MOF and each classes correlates to specific report(s). By default, these classes are disabled and you will need to enable the ones that control report you wish to utilize. Note: Enabling classes increases the bandwidth consumed by the inventory process. Likewise, disabling classes will decrease the bandwidth consumed by the inventory process but, will adversely affect the reports that depend upon that class for data. For more information, see the Microsoft TechNet article Customizing with MOF Files (http://go.microsoft.com/fwlink/?LinkId=87301). The following classes are available and are listed with the reports that depend on them. If you want to utilize a given report, you must enable the WMI class on which it depends. Note: If you are upgrading from Systems Management Server 2003 Service Pack 3, and Asset Intelligence is already installed and enabled, then Asset Intelligence data collection will remain enabled.
A Description of the Different Classes
The classes that support Asset Intelligence functionality are listed below with the reports that depend on them for data.
SMS_InstalledSoftware
This class tracks information about installed software. The following reports are dependent on this class: License 1C - Computers with a specific Microsoft License Ledger Item and Sales Channel Software 1A - Summary of Installed Software in a Specific Collection Software 2A - Software Families Software 2B - Software Categories with a Family Software 2C - Software by Category and Family Software 2D - Computers with a Specific Software Product Software 2E - Installed Software on a Specific Computer Software 3A - Uncategorized Software Software 6A - Search for Installed Software
SMS_InstalledSoftwareMS
This class tracks information specifically about installed Microsoft software. The following reports are dependent on this class: License 1A - Microsoft License Ledger for Microsoft License Statements License 1B - Microsoft License Ledger Item by Sales Channel License 1C - Computers with a specific Microsoft License Ledger Item and Sales Channel License 1D - Microsoft License Ledger products on a specific computer
SMS_SystemConsoleUsage
This class polls the System Security Event Log for information about all console usage. The following reports are dependent on this class: Hardware 1A - Summary of Computers in a Specific Collection
172
Hardware 2B - Computers within an age range with a collection Hardware 3A - Primary computer users Hardware 3B - Computers for a Specific Primary Console User Hardware 4A - Shared (multi-user) Computers Hardware 5A - Console Users on a Specific Computer Hardware 6A - Computers for Which Console Users Could not be Determined Hardware 7C - Computers with a Specific USB Device Hardware 8A - Hardware that is Not Ready for a Software Upgrade Hardware 9A - Search for computers License 1C - Computers with a specific Microsoft License Ledger Item and Sales Channel License 2B - Computers with Licenses Nearing Expiration License 3B - Computers with a Specific License Status License 4B - Computers with a Specific Product Managed by Software Licensing Service Software 2D - Computers with a Specific Software Product Software 4B - Computers with a Specific Auto-Start Software Software 5B - Computers with a Specific Browser Helper Object
SMS_SystemConsoleUser
This class polls the System Security Event Log for information about specific console users. The following reports are dependent on this class: Hardware 3A - Primary computer users Hardware 3B - Computers for a Specific Primary Console User Hardware 4A - Shared (multi-user) Computers Hardware 5A - Console Users on a Specific Computer All CAL Reports Note: This class only reads the last 90 days of the event log, regardless of the length of the log. If the log has less than 90 days of data, the entire log is read. In addition to enabling this class, you will also need to enable audits on these servers. To enable the auditing of Logon/Logoff policy you will need to go to the Local Security Settings->Local Policies -> Audit Policy -> Audit logon events and allow Success auditing.
SMS_AutoStartSoftware
This class tracks information about software that starts automatically with the operating system. The following reports are dependent on this class: Software 4A - Auto-Start Software Software 4B - Computers with a Specific Auto-Start Software Software 4C - Auto-Start Software on a Specific Computer
SMS_BrowserHelperObject
This class tracks browser helper objects. While some browser helper objects are beneficial, most software considered "malware" is in the form of browser helper objects. The following reports are dependent upon this class: Software 5A - Browser Helper Objects Software 5B - Computers with a Specific Browser Helper Object Software 5C - Browser Helper Objects on a Specific Computer
173
Win32_USBDevice
This class tracks devices connected to USB ports. The following reports are dependent upon this class: Hardware 7A - USB Devices by Manufacturer Hardware 7B - USB Devices by Manufacturer and Description Hardware 7C - Computers with a Specific USB Device Hardware 7D - USB Devices on a Specific Computer
SMS_Processor
This is an existing SMS class to which new properties have been added to provide more complete data about processors. The following reports are dependent upon this class: Hardware 1A - Summary of Computers in a Specific Collection Hardware 2A - Estimated Computer Age by Ranges within a Collection Hardware 2B - Computers within an age range with a collection Hardware 8A - Hardware that is Not Ready for a Software Upgrade Hardware 9A - Search for computers
SMS_InstalledExecutable
This class is not currently used to support existing Asset Intelligence reports. However, it can be enabled to support custom reports.
SMS_SoftwareShortcut
This class is not currently used to support existing Asset Intelligence reports. However, it can be enabled to support custom reports.
SoftwareLicensingService
This class is specific to Windows Vista. For more information, see the Microsoft TechNet article Windows Vista Volume Activation 2.0 Technical Attributes (http://go.microsoft.com/fwlink/?LinkId=87205). The following reports are dependent upon this class: License 2C - License Information on a Specific Computer License 5A - Computers Acting as a Key Management Service
SoftwareLicensingProduct
This class is specific to Windows Vista. For more information, see the Microsoft TechNet article Windows Vista Volume Activation 2.0 Technical Attributes (http://go.microsoft.com/fwlink/?LinkId=87205). The following reports are dependent upon this class: License 2A - Count of Licenses Nearing Expiration by Time Ranges License 2B - Computers with Licenses Nearing Expiration License 2C - License Information on a Specific Computer License 3A - Count of Licenses by License Status License 3B - Computers with a Specific License Status License 4A - Count of Products Managed by Software Licensing License 4B - Computers with a Specific Product Managed by Software Licensing Service Note: In addition to this, we will provide more in-depth cover to rach of the classes in the SCCM 2007 SDK documentation. Exercise 1 Editing the SMS_Def.mof First we will need to enable the Asset Intelligence reporting classes. The SMS_def.mof file consists of a list of
174
classes and attributes. You can find the file on the SCCM site server, in the \SMS\Inboxes\Clifiles.src\Hinv folder. For Configuration Manager, the path is C:\Program Files\Microsoft Configuration Manager\. When you open the file, you will see the following format: //************************************************************************** //* Class: SMS_InstalledSoftwareMS //* Derived from: (nothing) //* //* Key = SoftwareCode //* //* This Asset Intelligence class provides specific to Installed Microsoft Software information. //* //************************************************************************** [ dynamic, provider("AAInstProv"), SMS_Report(TRUE), SMS_Group_Name ("Installed Software MS"), SMS_Namespace (TRUE), SMS_Class_ID ("MICROSOFT|INSTALLED_SOFTWARE_MS|1.0") ] class SMS_InstalledSoftwareMS : SMS_Class_Template { [SMS_Report (TRUE), key] string SoftwareCode; [SMS_Report (TRUE)] string ProductCode; [SMS_Report (TRUE)] string MPC; [SMS_Report (TRUE)] string ChannelID; [SMS_Report (TRUE)] string ChannelCode; }; Note: The highlighted line (i.e. SMS_Report) acts as the on/off switch, indicating whether or not the class is to be reported in SMS inventory. Classes that are set to TRUE are collected and those set to FALSE are not. However, there is an exception: if a class is set to TRUE (as it is in the example above), then any attributes with the key property are collected, even if the individual attribute is set to FALSE. You can use Notepad to modify the SMS_def.mof file. If there are attributes and classes that you no longer want to collect, set them to FALSE. If you want to add attributes, set them to TRUE. After you have complied and tested the file, you can replace the default SMS_def.mof file by replacing the file in the \SMS\Inboxes\Clifiles.src\Hinv folder on the site server. For Configuration Manager, the path is C:\Program Files\Microsoft Configuration Manager\. From there, it is sent to each client in your site. Note: Hardware inventory will require time to start, collect and send data to the site server. While this is taking place, you can explore the new Asset Intelligence reports or enable the logon audit to allow for additional data collection (e.g. for CAL usage).
Estimating network Impact based on Reporting Classes
A key question you will need to answer before enabling these classes in Production will be network
175
bandwidth. Based on testing we did, the anticipated range for a client is about 54KB-75KB (thats for a machine that has 60 installed applications, 11 auto-start items etc (see breakdown in table)). Example of # Installed item 60 14 1 2 11 2 0 1 0 0 0 0
Class SMS_InstalledSoftware SMS_InstalledSoftwareMS SMS_SystemConsoleUsage SMS_SystemConsoleUser SMS_AutoStartSoftware SMS_BrowserHelperObject Win32_USBDevice SMS_Processor SMS_InstalledExecutable SMS_SoftwareShortcut SoftwareLicensingService SoftwareLicensingProduct
Payload Size (Bytes) 1047 290 330 294 681 589 606 496 739 775 813 401
File Size (Bytes) 62791 4065 330 589 7495 1178 0 496 0 0 0 0
76944 When testing Asset Intelligence, you can use these numbers guidelines to start the evaluation. It is important to note that true to life testing (e.g. using a production image of a client) will yield the best approximation for production time rollout. Examine the hardware inventory files as they come from the client to perform this analysis.
Asset Intelligence Reports
In this section, we encourage you to explore the new Asset Intelligence reports.
License Management Reports

Nine new license management reports have been added, providing the means to track Client Access Licenses (CAL) in addition to the existing volume license reports. One of these new reports identifies the number of processors in computers running software that can be licensed using the per-processor licensing model. The remaining 8 new reports identify User CAL usage and Device CAL usage summaries, details, and history. For more information, see the SCCM help file under License Management Reports.
Hardware Reports
Three new hardware reports help identify computers that have changed since the last inventory cycle. The changes identified in these reports include both hardware and software changes. For more information, see the SCCM help file under Hardware Reports.
Software Reports
Six new software reports extend previous inventory capabilities by adding software metering. These new reports identify recently used executables, which users ran them, and the devices on which the executables were run. For more information, see the SCCM help file under Hardware Reports. Exercise 2 Viewing and Running Reports
To view the Asset Intelligence Reports
176
1. Log on as administrator with a password of password. 2. On the Start menu, click ConfigMgr Console. The Configuration Manager Console window appears. 3. In the console tree, expand Site Database, expand Computer Management, expand Reporting, and then click Reports. 4. On the Look For filter, type Asset Intelligence and hit Enter. You now see all 57 Asset Intelligence reports. Note: After Hardware Inventory runs and sends data to the SCCM site database, information will become available for you to generate the different reports. The reporting structure is similar in most cases, where report 1A provides a high level view and then allows drill-down.
Running Reports To run Asset Intelligence Reports

1. 2. 3. 4. 5.
In order to have data available to report on, you need to retrieve
polices, and then force a Hardware Inventory Cycle. Click on a report (e.g. Software 02A Software Families) In the Actions pane click Run In the Collection box, type SMS00001 (All Systems) In the Family box, type OS (if desired) To generate the report, click on Display
Note: Each batch of reports may require different variables. To see the possible options, you can click on the Values box to see a menu that you can select from.
Know Issues and Limitations

CAL Reports will only provide accurate data on single purpose servers (e.g. File Server, Exchange Server) since e the auditing data collected is per machine and not per role. If you repackage applications and in the process modify the MSI data, it is very likely that the application will appear as uncategorized. You can see the SKU of an installed SQL Server but not the licensing mode in which it runs. Exchange 2007 does not appear in the License Leger report because it does not have a ProductID.
During testing it is important that you cover key scenarios and examine the results carefully. Asset Intelligence offers a powerful set of tools and you need to see what can and cant be done in this release.
Additional Resources

The Asset Intelligence Forum: http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=1816&SiteID=17 System Center Configuration Manager in-the-box help file System Center Configuration Manager On-line: http://technet.microsoft.com/enus/configmgr/default.aspx
177

System Center Configuration Manager 2007: Reviewers Guide

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

System Center Configuration Manager 2007: Reviewers Guide

Uploaded by

Copyright:

Available Formats

System Center Configuration Manager 2007

Microsoft System Center

Microsoft System Center

Microsoft System Center

Microsoft System Center

Microsoft System Center

Microsoft System Center

Microsoft System Center

Microsoft System Center

Branch and Remote Management

Microsoft System Center

Evaluating Configuration Manager 2007

The Microsoft Virtual Hard Disk Program

Configuration Manager Supported Configurations

Microsoft System Center

Microsoft System Center

Microsoft System Center

Configuration Manager 2007 Site Server System Requirements

Supported Site System Platforms

Microsoft System Center

Primary Site Server

Secondary Site Server

State Migration Point

Server Locator Point

Site Database Server

Software Update Point

Fallback status point

PXE service point

Configuration Manager console

Microsoft System Center

Unsupported Site Server Platforms

Microsoft System Center

Configuring SQL Server Site Database Replication in Configuration Manager 2007

Active Directory Schema Extensions

Support for Windows Server Clustering

Support for Specialized Storage Technology

Microsoft System Center

Microsoft System Center

Interoperability Between Configuration Manager and SMS 2003 Sites

Microsoft System Center

Microsoft System Center

Estimated time to complete this section: 75 minutes

Microsoft System Center

To update the collection membership

Microsoft System Center

To identify the SMS 2003 SP2 site

To verify the sites readiness for upgrade to Configuration Manager

Microsoft System Center

Microsoft System Center

To create a backup of the SMS site database

Microsoft System Center

Microsoft System Center

To test an upgrade of the SMS site database

Microsoft System Center

To upgrade an SMS 2003 site to Configuration Manager

Microsoft System Center

Microsoft System Center

Microsoft System Center

To identify an Configuration Manager site installation

Microsoft System Center

Microsoft System Center

To verify the Advanced Client upgrade

Microsoft System Center