Sunday, March 28, 2010

SCCM Basics & FAQ
A Short notes on ' SCCM 2007 Basics'

I've been looking for short notes that facilitate quick understanding knowledge on SCCM 2007. I finally put my efforts to bring a short notes on SCCM 2007 to help those who are already familiar with Systems Management Server (SMS) 2003 and who wish to quickly develop understanding knowledge on 'Microsoft System Center Configuration Manager 2007'.

Microsoft SCCM -2007 (ConfigMgr) provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively, Allows IT staff to monitor and manage the hardware & software in a modern distributed environment.

SCCM 2007 Features        HW/SW Inventory Software Distribution Software Update Software Metering Operating System Deployment (Image capture/deployment, User State Migration, Task sequence) Manage site accounts tool (MSAC) Asset Intelligence Remote tools NAP Works with Windows Server 2008 operating system Network Policy Server to restrict computers from accessing the network if they do not meet specified requirements The System Center Family, The products included under the System Center umbrella address the challenges of managing information technology in organizations of different sizes.

What's New    Branch distribution point Desired configuration management Wake On LAN

 Network Access Protection (NAP) In addition to SCCM 2007. SCCM Sites A site consists of a site server. problem management. System Center Virtual Machine Manager Helps management staff with the process of consolidating applications onto virtualized servers. clients. such as Exchange Server 2003. For more information about Microsoft System Center. to meet specific performance and availability goals. Multiple sites can be configured into site hierarchies and connected such that you can manage bandwidth utilization between sites. Secondary Site-A secondary site has no SCCM 2007 site database. automating software updates and installing applications. System Center Essentials 2007 Provides tools for less-specialized IT staff in smaller organizations to manage their environments more effectively with the three most important management functions: monitoring distributed systems. including incident management. The primary site then stores the data of both the primary and . “Service Desk” is expected to provide imp lementations of fundamental IT Service Management processes. such as computer inventory data and Configuration Manager 2007 system status information. System Center code name “Service Desk” When it released. to its parent site. the System Center products include: System Center Operations Manager 2007 -Allows IT staff to monitor and manage the hardware and software in a modern software distributed environment. A site always requires access to a Microsoft SQL Server database. A SCCM 2007 site is identified by the threecharacter code and the friendly site name configured during Setup and types of sites as follows. A SCCM 2007 site uses boundaries to determine the clients belonging to the site. There are several types of SCCM 2007 sites. site system roles. It is attached to and reports to a primary site. System Center Data Protection Manager 2006 Provides data backup and restore for Windows file servers. and resources. System Center Capacity Planner 2006 Capacity Planner is a tool for determining what hardware resources will be required to run an application. and change management. The secondary site forwards the information it gathers from Configuration Manager 2007 clients. The secondary site is managed by a SCCM 2007 administrator running a Configuration Manager 2007 console that is connected to the primary site. Primary Sites-A primary site stores SCCM 2007 data for itself and all the sites beneath it in a SQL Server database.

secondary sites cannot have sites beneath them in the hierarchy. Secondary sites are managed from the primary site it is connected to. including running all site roles on the site server. A site system role is a function required to use SCCM 2007 or to use a feature of SCCM 2007. The advantages of using secondary sites are that they require no additional SCCM 2007 server license and do not require the overhead of maintaining an additional database.The site system role that serves as the primary point of contact between SCCM 2007 clients and the Configuration Manager 2007 site server. Server locator Point -A site system role that locates management points for SCCM 2007 clients.secondary sites in the SCCM 2007 site database. . such as computer inventory data and SCCM 2007 system status information. The disadvantage of secondary sites is that they must be attached to a primary site and cannot be moved to a different primary site without deleting and recreating the site. Child Sites-A child site is a site that is attached to a site above it in the hierarchy. Site System Roles   Management Point. Site Systems Each site contains one site server and one or more site systems. The site server is the computer where you install SCCM 2007 and it hosts services required for SCCM 2007. A central site to collect all of the site information for centralized management. Parent Site-A parent site is a primary site that has one ore more sites attached to it in the hierarchy. A secondary site is always a child site. but this is usually appropriate only for very small and simple environments. Multiple site roles can be combined on a single site system. A parent site contains pertinent information about its lower level sites. A child site is either a primary site or a secondary site. SCCM 2007 copies all the data that is collected at a child site to its parent site. so they are frequently used in sites with no local administrator present. Only a primary site can have child sites. Typically. and can control many operations at the child sites. Central Site -A central site has no parent site. The site it reports to is its parent site. A site with no parent and no child site is still called a central site although it is also referred to as a standalone site. A site system is any computer running a supported version of Windows® or a shared folder that hosts one or more site system roles. a central site has child and grandchild sites and aggregates all of their client information to provide centralized management and reporting. Also. A child site can have only one parent site.

depending on various site configuration choices you make.     How Site communicates? Clients communicate with site systems hosting site system roles. IPv6 prefix or Active Directory site to two different sites makes it difficult to determine which clients should be managed in the site. Distribution Point-A site system role that stores packages for clients to install. Because all of these communications are unmanaged. If there are multiple sites connected in a hierarchy.A site system role that gathers state messages from clients that cannot install properly. Site Boundaries. or cannot communicate securely with their assigned management point. the sites communicate with their parent. Senders have sender addresses that help them locate the other site. or sometimes grandchild sites. Software Update Point-A site system role assigned to a computer running Microsoft Windows Server Update Services (WSUS). or HTTPS. SCCM 2007 uses senders to connect the two sites. Reporting Point-A site system role hosts the Report Viewer component for Web-based reporting functionality. child. Fallback Status Point . that is. SCCM 2007 uses boundaries to determine when clients and site systems are in the site and outside of the site. Two sites should never share the same boundaries. and Active Directory sites. Inter-Site Communication When you have a separate sites. cannot assign to a Configuration Manager 2007 site. HTTP. IP address range. . Intra-site Communications They use either server message block (SMB). User State Migration Point-A site system role that stores user state data while a computer is being migrated to a new operating system. When sending data between sites. Boundaries can be IP subnets. Assigning the same IP subnet. PXE Service Point-A site system role that has been configured to respond to and initiate operating system deployments from computers whose network interface card is configured to allow PXE boot requests. Site systems communicate with the site server and with the site database. senders provide fault tolerance and bandwidth management. IPv6 prefixes. IP address ranges. it is beneficial to make sure these site elements have fast communication channels. they happen at any time with no consideration for bandwidth consumption.

Network Discovery-Searches the network for resources that meet a specific profile. Client Installation SCCM 2007 provides several options for installing the client software.Discovers details such as organizational unit. even if the discovered resource is not capable of being a SCCM 2007 client.  Software update point installation -Uses the Automatic Update configuration of a client to direct the client computer to a WSUS computer configured as a SCCM 2007 software update point. From router's ARP cache. and nested groups.  Client push installation -Uses an account with administrative rights to access the client computers and install the SCCM 2007 client software. The following table lists the client computer installation methods. Active Directory User Discovery and Active Directory Security Group Discovery allow you to target software distribution packages to users and groups instead of computers. SNMP agent and DHCP Each discovery method creates data discovery records (DDRs) for resources and sends them to the site database. Heartbeat Discovery-Refresh Configuration Manager client computer discovery data in the site database. global groups. Active Directory User Discovery-Retrieves Active Directory User Discovery Active Directory Security Group Discovery-Discovers security groups created in Active Directory.Discovery Methods       Active Directory System Discovery -Discovers details about the computer Active Directory System Group Discovery . universal groups. .

 Group Policy installation -Uses Group Policy software installation to install CCMSetup. or configuring the client to automatically assign to a site based on boundaries. This is because clients communicate with management points and management points must communicate with a site database. In mixed mode. Clients can be assigned to a site during installation or after installation. Manual client installation -A user with administrative rights can install the client software by running CCMSetup on the client computer. clients must be issued client authentication certificates prior to installing the SCCM 2007 client software. Authenticating Clients Before SCCM 2007 trusts a client. it requires some manner of authentication. They use the site database at their parent primary site. clients must be approved. either by manually approving each client or by automatically approving all clients or all clients in a trusted Windows domain. the client installation phase completes. Secondary sites do not have their own site database. but can reside in the boundaries of the secondary site. Blocking Clients. Clients cannot be assigned to secondary sites.  Software Distribution -Existing clients can be upgraded or redeployed using SCCM 2007 software distribution. the Configuration Manager administrator can block the client in the SCCM 2007 console. Client Agents Client agents are SCCM 2007 components that run on top of the base client components. they are always assigned to the parent primary site.msi. If the client is not assigned to any site during the client installation phase. In native mode. A variety of switches modify the installation options. including images created and deployed with SCCM 2007 operating system deployment.  Imaging -The client software can be added to an image.If a client computer is no longer trusted. taking advantage of any proxy management points and distribution points at the secondary site. but the client cannot be managed by SCCM 2007. . Assigning a client involves either telling it a specific site code to use. Mobile devices use different installation methods Client Assignment Clients must be assigned to a site before they can be managed by that site.

Device Client Agent Properties-Configures all of the properties specific to mobile device clients. One console can manage many sites or many consoles can manage a single site. Advertised Programs Client Agent-Enables and configures the software distribution feature. but also of Microsoft Windows users and user groups as well as other discovered resources. enabling you to create an organized structure that logically represents the kinds of tasks that you want to perform. Hardware Inventory Client Agent-Enables and configures the agent that collects a wide variety of information about the client computer. Desired Configuration Management Client Agent-Enables the client agent that evaluates whether computers are in compliance with configuration baselines that are assigned to them Remote Tools Client Agent-Enables Configuration Manager remote control Network Access Protection Client Agent-Enables Configuration Manager Network Access Protection Software Updates Client Agent-Enables the agent that scans for and installs software updates on client computers. . Software Inventory Client Agent-Enables and configures which files Configuration Manager inventories and collects. although you must run SCCM 2007 Setup on the computer so that the snap-in is available.Computer Client Agent Properties-Configures how often client computers retrieve the policy that gives them the rest of their configuration settings. The SCCM 2007 console runs as a Microsoft Management Console (MMC) snap-in. Collections Collections represent groups of resources and can consist not only of computers. Administrator Console You can run the console from the site server or install additional consoles on your desktop or help desk computers to facilitate management. Collections provide you with the means to organize resources into easily manageable units.

You can also create dashboards. Packages in software distribution can contain source files to deploy software applications and commands called programs that tell the client what executable file to run. A single package can contain multiple programs. Query results are returned in the SCCM 2007 console. Software Distribution Software distribution allows you to push just about anything to a client computer. The data provided by these reports can be used by many groups within the organization such as IT and corporate purchasing. Identify the number of concurrent usages of a specified software application. Packages can also contain command lines to run files already present on the client. Several pre-created reports are available to support common reporting scenarios. Identify redundant software application installations. The administrator views which updates are needed in the environment and creates packages and deployments containing the source files for the software updates. For more information about the reports provided for each feature.Inventory Hardware inventory gives you system information Software inventoried file types and versions present on client computers Queries It uses WBEM query language (WQL) to query the site database. Software updates The software updates feature provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. Software updates in SCCM 2007 requires a Windows Server Update Services (WSUS) server to be installed and uses that to scan the client computers for applicable software updates. each configured to run differently. see the feature documentation. and who is using them. Software Metering Software metering enables you to collect and report software program usage data. Reporting Reporting is a supporting feature to many other SCCM 2007 features. Reports are returned in Web pages in the browser. Operating System Deployment . Identify unused software applications which could be relocated. where they can be exported using the MMC export list feature. which combine several different views of information. Identify actual software license requirements. Clients then install the software updates from distribution points and report their status back to the site database. without actually containing additional source files. Software metering in SCCM 2007 supports the following scenarios: Identify which software applications are being used. With reporting you can create reports that show the inventory you have collected or the software updates successfully deployed.

Mobile clients can run a subset of SCCM 2007 features such as inventory and software distribution. mobile clients are treated as a separate feature. Operating system deployment provides the following solutions for deploying operating system images to computers: Provide a secure operating system deployment environment. This feature is designed to provide data for use by many groups within the organization. Assist with unifying deployment strategies to help provide a solid deployment foundation for future operating system deployment methods.Operating system deployment enables you to install new operating systems and software onto a computer. Additionally. These Configuration Packs can then be refined to meet customized business requirements. For documentation purposes. Desired Configuration Management Desired configuration management enables you to define configuration standards and policies. Mobile Device Management Mobile devices are supported as SCCM 2007 clients. desired configuration management supports an authoring environment for customized configurations. including IT and corporate security. You can use operating system deployment to install operating system images to new or existing computers as well as to computers with no connection your SCCM 2007 site. Remote Tools Remote tools in SCCM 2007 includes the remote control feature which allows an operator with sufficient access rights the ability to remotely administer client computers in the SCCM 2007 site hierarchy. By using task sequences and the driver catalog operating system deployment streamlines new computer installations by allowing you to install software using one dynamic image that can be installed on different types of computers and configurations. Best practices configurations can be used from Microsoft and vendors in the form of Microsoft System Center SCCM 2007 Configuration Packs. Assist with managing the cost of deploying images by allowing one image to work with different computer hardware configurations. but cannot be managed by remote control and cannot receive operating system deployments like desktop clients. . and audit compliance throughout the enterprise against those defined configurations.

IPSec Enforcement. and the registry all at the same point in time . industry-standard PKI. which can be for software distribution or a task sequence. Sending a wake-up transmission prior to the configured schedule of a mandatory advertisement. SCCM 2007 should be able to use certificates from the existing PKI. Installing a PKI solely to support SCCM 2007 operations could fulfill certain short term goals but could hamper a more extensive PKI rollout to support other applications at a later time. frequent snapshots of the necessary components. making . your site should be backed up to provide recoverability in case of unexpected events. You can configure DHCP Enforcement. Asset Intelligence Tracking IT asset & reporting -Is an inventory monitoring capability of SCCM 2007 Wake On LAN The Wake On LAN feature helps to achieve a higher success rate for scheduled SCCM 2007 activities.Network Access Protection Network Access Protection (NAP) is a policy enforcement platform built into the Windows Vista and Windows Server® 2008 operating systems that helps you to better protect network assets by enforcing compliance with system health requirements. the file system.backing up just one of these elements is not sufficient to restore a working site.1X Enforcement. reducing associated network traffic during business hours. depending on your network needs.Native mode is the recommended site configuration for new SCCM 2007 sites because it offers a higher level of security by integrating with a public key infrastructure (PKI) to help protect client-to-server communication. SCCM 2007 uses the Volume Shadow Copy Service (VSS) to take small. If your organization already has a well-designed. Security Modes There are two security modes in SCCM 2007. Backing up a SCCM 2007 site involves backing up the database. but they must be carefully designed and implemented to meet the current and future needs. VPN Enforcement. and helps organizations to conserve power by not requiring computers to be left on for maintenance outside business hours. Backup and Recovery Like any enterprise software. 802. or all four. PKIs can help companies meet their security and business requirements. Wake On LAN in SCCM 2007 supports the following scenarios: Sending a wake-up transmission prior to the configured deadline for a software update deployment.

The Site Repair Wizard walks you through the necessary steps to complete the site easier to restore a failed site. Ports Used by SCCM-2007   Port used for client to site system communication -port 80 (HTTP) and default HTTPS port 443 Port used for Site Server to Site Server -SMB 445(Server Message Block) and its bi-directional .

between WSUS & ITMU? If pkg is not reaching the secondary server then what could be a issue? What is NAP? What are the issue faced while distribute the package from primary server to secondary server? Which tool are you using to monitor SMS server? What kind of major issues face on the client side? What is the different between pkg refresh and update.SCCM FAQ Frequently Asked Questions.SCCM FAQ                          What is the purpose of extended AD schema? What are MP. how the pkg version will be change? What is the SMS version are you using. OSD and Wake on LAN. what is that? What are the pre-requisites for SMS 2k3 installation? If DP doesn‟t work then where we need to look and which are the log files will you refer?26) How the clients send the info to MP? If it is WMI then which file send the info to WMI?27) What is the procedure to deploy pkg to client and how it works? Which log file will indicate if SMS client install successfully? What is the sender address? Classification of sender. ITMU version? How MP and DP identified client? Is it possible client can send inventory report to server if AD not extended? When AD extended in the SMS server there are entry will be added in the AD. SLP and DP? Why we are using BITS? If client is not reporting data/info then which point is falls under? If we want to advertisement a package in a single client then how do to that? How to create collections? What is feature of SCCM 2k7? – Internet based client. where the changes will be happen. Where the SMS server and client log file will be store? What is the direct collection membership? What is the wake on LAN? What is the pre-requisites of SCCM 2k7? What is Wake on LAN and how it‟s works? What is OSD? And what are the options available? What is diff. if you use Standard sender then why we are using it? What are the role will you enable in the Central Site?    .

How to advertisement goes to client? Which logs should look when communication happen from primary to secondary? Hman. how the SMS communicate with them if so. What are the discovery methods available? What is the default schedule time for AD system discovery method? Which . how to configure in boundaries? There are 4 methods to view the logs and to do troubleshoot also.log.log How will you check client health status? What are the steps needs to be following if a pkg needs to distribute production environment? There is a one site and it has 100 clients.log and hierarchy manager Site to site communication? Sitecomp. Resource type and system resource. needs to be deployed one pkg to 10 clients? How will you create a collection?                  . there is a one exe will be running continuously. hman.exe file will use for SMS client installation? After SMS client installation.           Different between Primary and Secondary site? What is the reason we are enabling reporting point in Central Site? What is the flow of pkg distribution? Some of the clients are not getting patch installed? What could be a reason and how to find out those clients and troubleshoot? What are the logs need to look client and server side? How to client communicate with server? Through which port client getting download file from server? How did you know that the particular patch reached client or not? How many MP and DP can we enable a single site? When the default profile will be loading in AD user & computers while install SMS? What are the profile names? Why are we using SQL2005 enterprise edition? What is the advantage of that and there are major changes/ Configuration need to be done during the SQL 2005 installation. what is that? Scenario: we have a one Forest and two Domain‟s. what is that? If the client machine not in the domain then how the SMS server communicate and install SMS client? Scenario: Total hosts: 20001500 clients assigned status is „Yes‟ and 500 client status is „No‟ even all the client got installed SMS client. What are the troubleshoot steps to be followed for resolving the issue? How to know that the particular application is running on client machine? What are the default collections available in SMS? Can you tell two resource ids? Resource id. Resource Value.

Service pack ConfigMgr does not allow for incremental or differential backups and it always adopts a “full backup” approach i. what are the roles avail in SCCM &their function What is H/W inventory log file and server log files Diff b/w ITMU & WSUS What are the service are running on SCCM server and client – What is SMS execute What is SMS_site_component_manager SMS_site_SQL_backup.e. What could be a reason? 61) Why we need to extend AD? What is the name of file? What is SLP. Needs to be suppressing the reboot function in the program? What kind of client installation method are you using? We have a 1000 client and 800 clients are installed SMS client. native mode and mixed mode .html . however 1500 machines got failed. patch. hw will backup SCCM. what is advantage using this Does internet based client support mixed mode? No64) What is DP and BDP. BITS. it backs up everything that is needed to reinstall a site completely                   http://sccmfaq. SMS_Reporting point. SMS_task_sequencer_agent. SMS_agent_host What are the package can distribute through ITMU or WSUS – all Microsoft package. difference b/w SMS and SCCM 65) How to configure software metering for particular package? Deployed one package to 10k client. hot will create a OS What are the reports will pullout from SCCM What are the components avail in SCCM Diff b/w native mode and mixed mode How will setup new SCCM environment What is BDP. how will troubleshoot? What are the sites roles configured? What is desire configure management? Why are we using it? What are the features avail in SCCM OSD. SMS_server_locator_point.     There is a pkg and it will be rebooting after install the application. 200 client not installed. Difference b/w primary and secondary