Sunday, July 27, 2008

From Zero to Hero

This posting is provided AS IS with no warranties and confers no rights.System Center Configuration Manager
2007. The first several days will be filled with deploying supporting infrastructure.

And so it begins. As promised, I plan to chronicle in detail my journey through deploying

A Never-ending stories -- From Zero to Hero.

Introduction to SCCM 2007 (Part 1)

When
people that are new to Microsoft System Center Configuration Manager
2007, start playing around with the product in a test lab, they often
want to start with a simple OS deployment setup. But if you are new to
the product and wants to deploy Windows XP, getting started could be a
bit challenging. This article (not sure how many parts it will contain
yetJ), will be a guide through the basic steps, that needs to be
configured in order to successful deploy Microsoft Windows XP
Professional with Service Pack 3 and Windows Vista Enterprise with
Service Pack 1.

This article is based on System Center Configuration Manager 2007
with Service Pack 1 and Windows Server 2008 RTM. All roles will be
installed on a single box (virtual machine). Installing everything on
the same box is not “best practice” in production.

The headlines for the first parts are:

• Part 1: Pre-Configuration Manager Installation tasks


• Part 2: Installing and Configuring Configuration Manager 2007 with Service Pack 1.


• Part 3: Preparing and Configuring Configuration Manager for OS deployment


• Part 4: Building the reference image


• Part 5: Deploying the client Operating System

Before we get started there are a few things that need to be
configured. In my test lab I’m running Windows Server 2008 Enterprise
Edition with Hyper-V, and I recommend the following settings for the
virtual machine:

• CPU: 1 core (2 core recommended)


• RAM: min. 1024 MB (2048 recommended)


• Disk: 127 GB


• Network: 1 adapter (local only)

This guide assumes that Windows Server 2008 Enterprise Edition x86
with Service Pack 1 is installed and configured with the following
settings:
(Installing Windows Server 2008 and Active Directory is not within the scope of this article).

• Static IPv4 address: 192.168.0.10


• Subnet mask: 255.255.255.0


• Default Gateway: 192.168.0.1


• Server name: SERVER1


• Active Directory Domain Service
  
  
  
  • Domain DNS name: corp.demo.lab
  
  
  • Domain NetBIOS Name: CORP
  
  
  • Forest Functional Level: Windows Server 2008
  
  
  
  


• DNS Server


• DHCP Server
  
  
  
  • Scope Name: SCCM Lab
  
  
  • Starting IP Address: 192.168.0.50
  
  
  • Ending IP Address: 192.168.0.99
  
  
  • Subnet Mask: 255.255.255.0
  
  
  • Default Gateway: 192.168.0.1
  
  
  • Subnet Type: Wired (lease duration will be 6 days)
  
  
  • Activate this scope: Yes
  
  
  
  

Part 1: Pre-Configuration Manager Installation Tasks

The System Center Configuration Manager 2007 requires a few things
to be configured before installing the product. This part will guide
you through these steps.

Extending the Active Directory Schema

Extending the Active Directory schema is a forest-wide action and
must only be done once per forest. Extending the schema is an
irreversible action and must be done by a user who is a member of the
Schema Admins Group or by someone who has been delegated sufficient
permissions to modify the schema.

Four actions need to be taken in order to successfully enable
Configuration Manager Clients to query Active Directory Domain Services
to locate site resources:

• Extend the Active Directory schema.


• Create the System Management container.


• Set security permissions on the System Management container.


• Enable Active Directory publishing for the Configuration Manager site.

How to Extend the Active Directory Schema Using ExtADSch.exe

You can extend the Active Directory schema by running the ExtADSch.exe file located in the SMSSETUP\BIN\I386 folder on the Configuration Manager 2007 installation media. The ExtADSch.exe file does not display output when it runs; however, it does generate a log file in the root of the system drive called extadsch.log,
which will indicate whether the schema update completed successfully or
any problems were encountered while extending the schema.

Step by step guide

• Backup the System State on the Domain Controller that holds the Schema Master role.


• Disconnect the Schema Master Domain Controller from the network.


• Run extadsch.exe, located at \SMSSETUP\BIN\I386 on the installation media, to add the new classes and attributes to the Active Directory schema.

• Verify that the schema extension was successful by reviewing the extadsch.log located in the root of the system drive.


• If the schema extension procedure was successful, reconnect the
  schema master domain controller to the network and allow it to
  replicate the schema extensions to the global catalog servers
  throughout the Active Directory forest.


• If the schema extension procedure was unsuccessful, restore the
  schema master's previous system state from the backup created in step 1
  to reverse the schema extension actions before reconnecting the schema
  master domain controller to the network.

How to Create the System Management container using ADSIEdit

Configuration Manager does not automatically create the System
Management container in Active Directory Domain Services, when the
schema is extended. The container needs to be created once for each
domain that includes a Configuration Manager Site server that will
publish site information to Active Directory Domain Services. To
manually create the System Management container using ADSI Edit, do the
following steps:

• Log on as an account that has the Create All Child Objects permission on the System container in Active Directory Domain Services.


• Open the ADSIEdit MMC console, and connect to the domain in which the site server resides.

• In the console pane, expand Domain [computer fully qualified domain name], expand <distinguished name>, and right-click CN=System. On the context menu, click New and then click Object.


• In the console pane, expand Domain [computer fully qualified domain name], expand <distinguished name>, and right-click CN=System. On the context menu, click New and then click Object.


• In the Create Object dialog box, select Container and click Next.

• In the Value field, type System Management and click Next.

• Click Finish.

How to configure the security permissions on the System Management container.

After the System Management container has been created in Active
Directory Domain Services, the primary site server's computer account
must be granted the necessary permissions to publish site information
to the container.

• Click Start, click Run, and enter adsiedit.msc to launch the ADSIEdit MMC console.


• If necessary, connect to the site server's domain.


• In the console pane, expand the site server's domain, expand DC=<server distinguished name>, expand CN=System, and right-click CN=System Management. On the context menu, click Properties.

• In the CN=System Management Properties dialog box, click the Security tab.


• Click Add to add the “SCCM Servers” Security Group and grant the account Full Control permissions.

• Click Advanced, select the “SCCM Servers” Security Group, and click Edit.


• In the Apply onto list, select “This object and all child objects”.

• Click OK. (3 times)

Enable Active Directory publishing for the Configuration Manager site.

Before Configuration Manager can publish site data to Active
Directory Domain Services, the Active Directory schema must be extended
to create the necessary classes and attributes, the System Management
container must be created, and the primary site server’s computer
account must be granted full control of the System Management container
and all of its child objects. Each site publishes its own site-specific
information to the System Management container within its domain
partition in the Active Directory schema.

This part cannot be completed before Configuration Manager has been installed.

Configuring Windows Server 2008 for Site System Roles

Configuration Manager requires the WebDAV component to be installed
and enabled on the management points and BITS-enabled distribution
points. The WebDAV component is not included in Windows Server 2008
operating system and must be downloaded and configured manually.

Installing and configuring WebDAV for BITS-enabled distribution points and management points

• In Server Manager, on the Features node, start the Add Features Wizard.
  
  
  
  • On the Select Features page, select BITS Server Extensions.
  
  
  • When prompted, click Add Required Role Services to add the dependent components, including the Web Server (IIS) role.
  
  
  • On the Select Features page, select Remote Differential Compression, and then click Next.
  
  
  • On the Web Server (IIS) page, click Next.
  
  
  • On the Select Role Services page, under IIS 6 Management Compatibility, select IIS 6 WMI Compatibility.
  
  
  • Under Application Development, select ASP.NET and, when prompted, click Add Required Role Services to add the dependent components.
  
  
  • Under Security, select Windows Authentication, and then click Next.
  
  
  • On the Confirmation page, click Install, and then complete the rest of the wizard.
  
  
  
  


• Download the x86 or x64 version of WebDAV at http://go.microsoft.com/fwlink/?LinkId=108052.


• Run either webdav_x86_golive.msi or webdav_x64_golive.msi, depending on your processor.


• Enable WebDAV and create an Authoring Rule, as follows:
  
  
  
  • Open Internet Information Services (IIS) Manager.
  
  
  • In the Connections pane, expand the Sites node in the tree, and then click SMSWEB if you are using a custom Web site or click Default Web Site if you are using the default Web site for the site system.
  
  
  • In the Features View, double-click WebDAV Authoring Rules.
  
  
  • When the WebDAV Authoring Rules page is displayed, in the ActionsEnable WebDAV. pane, click
  
  
  • After WebDAV has been enabled, in the Actions pane, click Add Authoring Rule.
  
  
  • In the Add Authoring Rule dialog box, under Allow access to, click All content.
  
  
  • Under Allow access to this content to, click All users.
  
  
  • Under Permissions, click Read, and then click OK.
  
  
  
  


• Change the property behavior as follows:
  
  
  
  • In the WebDAV Authoring Rules page, in the Actions pane, click WebDAV Settings.
  
  
  • In the WebDAV Settings page, under Property Behavior, set Allow anonymous property queries to True.
  
  
  • Set Allow Custom Properties to False.
  
  
  • Set Allow property queries with infinite depth to True.
  
  
  • If this is a BITS-enabled distribution point, under WebDAV Behavior, set Allow access to hidden files to True.
  
  
  • In the Action pane, click Apply.
  
  
  
  


• Close Internet Information Services (IIS) Manager.

Summary

This completes part 1 of this article. In the next part we’ll
install Microsoft SQL Server 2005, Windows Server Update Service (WSUS)
3.0 and System Center Configuration Manager 2007 with Service Pack 1.

Enjoy.

Labels: Microsoft, SCCM

just my 2cents at 5:04 PM |

---