Friday, October 10, 2008
System Center Configuration Manager 2007 for Dummies
Tool Needed: Windows Installer 3.0.exe, Windows Defender.msiHow to Configure Software Distribution Components
Although the default software distribution component settings will be usable for most Configuration Manager 2007 sites, it may be necessary to modify them to meet the specific needs of an individual site.
Note You must have Modify permissions for the Site object type to configure software distribution components.
To configure software distribution components
1. In the Configuration Manager console, navigate to System Center Configuration Manager /
2. Right-click Software Distribution, and then click Properties.
3. In the Software Distribution Properties dialog box, modify the settings as needed.
Creating the Reboot Package
In this step, you will create a package to reboot the target machine
To configure the Reboot package
1. If not already running, on the Start menu, click ConfigMgr Console.
2. The ConfigMgr Console window appears.
3. Expand Computer Management, and then expand Software Distribution
4. Right-click Packages and select New followed by Package
5. Enter "Reboot Client Machine" in the name field
6. Enter "1.0" in the Version field
7. Enter "Internal Administration" in the Manufacturer field
8. Enter "This package consists of a program to remotely reboot a client machine" in the Comment field
9. Click Next to continue
10. In the Data Source page, leave the default stating that we do not have source files.
11. Click Finish to go straight to the Summary page
12. Click Next to begin creation
13. Click Close
14. Next, we will need to create a program. A package will not do anything without one.
15. To configure a program
16. Expand the Packages container and you should see the new package that you just created
17. Notice there are no Programs currently associated with this package and will not do anything
18. Right-click the Program container and select New followed by Program
19. This launches the New Program Wizard
20. In the General Page, enter the following details:
· Name: Reboot
· Command line: C:\Windows\system32\wuauclt.exe
· Run: Hidden
· After Running: SMS Restarts Computer
· Note: The After Running field:
· - SMS Restarts Computer: Starts a 5 minute countdown that is visible to users
· - No action required: Nothing happens.
· - Program restarts computer: The program we run in "Command Line" (or a child process) will start a reboot. Be careful with this because it can lead to upset users and administrators!
· · - SMS logs user off: This one is handy too. How many times have you come across situations where you needed everyone to log off as a prerequisite for something to be done? Consider making an administrative program for this.
21. Click Next to continue
22. In the Requirements page, there is nothing to change here
23. Click Next to continue
24. In the Environment page, select "Whether or not a user is logged on" in the Program can run field
· Note: Program can run:
· - Only when a user is logged on: You might run this when a program requires human intervention, e.g. to enter a license key.
· - Only when no user is logged on: You would run this when a task must never be interrupted by user activity. I find that this is the best way to deploy software, e.g. how do you install Version 2.0 of a program if Version 1.0 is already running? Or what about a running program interfering with the environment that your installation is trying to modify? Be careful, computers are rarely in this state. Consider forcing a reboot before running a task with this setting.
· - Whether or not a user is logged on: You don’t care because your program doesn’t care.
25. The Run mode section details what account would you to run the program.
· Note: Run Mode
· - "Run with user’s rights" is only available if you configure the program to only run when a user is logged in. This is handy if you need to deploy a package of files to a person’s home drive on the network. Ideally, your users don’t have local administrative rights so you shouldn’t be using this to perform administrative tasks on the PC.
· - "Run with administrative rights" is normally what you will run programs with. By default this runs the program with system privileges using a client agent.
26. The Drive mode section is how the share on the distribution point is accessed by the client to execute the program.
· Note: "Runs with UNC name" is the default and normally used option. However, some installers are a bit fussier about these things. Two alternatives are provided. "Requires Drive Letter" enables the CM client to map a drive to the Distribution Point using any available drive letter on the client machine. Some installers are even fussier than that … they require the program to be installedfrom a specific drive. "Requires specific drive letter" will enable the administrator to pre-define a drive letter for the Program to use to access the Distribution Point. However, this drive letter must be free on all of the targeted clients or it cannot be mapped by the CM client and the program will fail to execute.
27. The Drive mode section is how the share on the distribution point is accessed by the client to execute the program.
28. Click Next all the way to the Summary page
29. Click Next to start the creation
30. Click Close
31. That’s the first of three packages completed. This package and program will enable our targeted PC’s to reboot so we can start a clean installation. But a package won’t do anything if it cannot get to the clients. For this, must make it available on the distribution points.
To create a distribution point
1. Just above the Package container is the Distribution Points container. Right-click the Distribution Points container and select Manage Distribution Point
2. This will launch the Manage Distribution Points Wizard
3. At the Welcome page click Next to continue
4. At the Select Destination Distribution Points, select "Copy the package to new distribution points"
· Note:
· - Copy the package to distribution points: start a replication of the installation files.
· - Refresh the package on selected distribution points: force a copy, maybe because we had to recover a server that hosts a distribution point.
· - Update all distribution points with a new package source version: we have updated the source folder with a new version of an installer and want to replicate it to all distribution points.
· - Remove the package from selected distribution points: It is no longer applicable to their clients or the package is obsolete.
5. Click Next to continue
6. In the Copy Package section, select the SMSSERVER Distribution Point. (Ensure the checkbox is selected)
7. Click Next to continue
8. Click Finish
9. We also need to monitor the replication of the package to our distribution points before we make them available to clients. Failure to do this will lead to failed jobs.
To monitor package status
1. Expand the System Status container and then click on Package Status
2. Scroll across the window and notice the different columns it reports on.
3. This package is a funny one. It has no source files so there is nothing to replicate. CM 2007 gets a little confused so nothing is every shown as installed. This does not stop the package programs from being able to run, though.
Creating the Silent Executable Package
This will be an actual software installation package. The type of installer in this example is an executable that can be installed and controlled using command line parameters. The software we are installing is Microsoft’s Windows Installer 3.1 V2.
To configure the Windows Installer Package (or Any .exe Files)
1. First create a "Packages" folder in the C: drive and share it as "Packages$"
2. This creates a hidden shared folder to store all packages. This is not a requirement but rather a good practice
3. Copy the Win Installer 3.1 folder from the SCCM Workshop directory on the host computer into the Virtual image and then in the Packages$ share
· Tip! Before creating packages, be sure to test it out in a test/lab environment to see how it works.
4. If not already running, on the Start menu, click ConfigMgr Console.
5. The ConfigMgr Console window appears.
6. Expand Computer Management, and then expand Software Distribution
7. Right-click Packages and select New followed by Package
8. In the General Page, enter the following details:
· Name: Windows Installer
· Version: 3.1 V2
· Manufacturer: Microsoft
9. Click Next to continue
10. Click the "This package contains source files" to enable it.
11. Click the
12. In the Set Source Directory dialog box, select Network Path (UNC Name)
13. Enter \\SMSSERVER\Packages$\Windows Installer 3.1 V2\ in the Source Directory box
14. This is one of the methods. You could also select the local drive setting. CM2007 will copy the package into its own package share.
15. Click OK when done
16. Under the Source Directory, select "Use a compressed copy of the source directory"
· There are 2 options:
· The first will download the package and compress it on the distribution point. This is suitable when you are short on space or when the package is a single file or is unlikely to be changed on a file by file basis. The download to the distribution point happens once and only once.
· The second choice is where the distribution point always downloads a copy of the source from the source directory. When I say "always" I don’t mean "always". The distribution point acts as a cache. It downloads the files and stores them as they are found on the source folder. An addition control is available to refresh distribution points on a schedule. You would consider using this option when you have packages that are built up of many files and you want to be able to update them with hotfixes or service packs. An example of when you could use this is Microsoft Office.
· The final control allows the package to persistently reside in the client cache after installation. You would use this when there is a package that you continually run on clients that has a source and you wish to reduce downloads to save on network or distribution point load. Again, be careful and selective with this. Your cache size is limited.
17. Click Next to continue
18. In the Data Access page, accept defaults and Click Next to continue
19. Alternatively can configure clients to download files from a "share distribution folder". You will need to make sure (1) that the folder is populated and (2) it is accessible to client computer accounts. Be careful that you don’t have clients downloading packages from a distribution point across a WAN or heavily loaded router. Watch out for license usage, i.e. more than 10 connections to a desktop operating system. If you do use this method then the Active Directory computer account of the client must be able to access the share. If this is not possible then you can use the client installation account to run the installation (configured later in the package program). Microsoft warns us not to use this field to list the distribution point share name or a folder within that share because it can cause infinite loops.
20. You also should be aware that not using a distribution point mean that you cannot use BITS as your transfer protocol.
21. In the Distribution settings, you would set the priority in sending this package to other distribution points. Click Next to continue
22. In the Reporting page, click Next to continue
23. In the security tab, accept defaults of accounts to install the package, click Next to continue
24. In the Summary page, click Next to start the creation
25. Click Close
26. Next, we will need to create a program. A package will not do anything without one.
To configure a program
1. Expand the Packages container and you should see the new package that you just created
2. Notice there are no Programs currently associated with this package and will not do anything
3. Right-click the Program container and select New followed by Program
4. This launches the New Program Wizard
5. In the General Page, enter the following details:
· Name: Per computer unattended (to specify the behaviour of the program)
· Command line: Click Browse and select the WindowsInstaller-KB893802 file
· Add some parameters to the file so that it looks something like this:
· WindowsInstaller-KB893803-v2-x86.exe /QUIET /NORESTART
· Run: Hidden
· After Running: SMS Restarts Computer
6. Click Next to continue
7. In the Requirements page, enter 1GB in the Estimated Disk Space
8. This screen is one to watch out for. In some regards I feel it is often underused. We can use it to configure what criteria the client must meet before the program will run, even if the client is a member of a targeted group.
9. Click Next to continue
10. In the Environment page, select "Whether or not a user is logged on"
11. Click Next to continue
12. In the Advance page, select "Run another program first"
13. How many times have you tried to install an application only to be told that a pending operation must be complete and you must reboot to do this? When I advertise my "Windows Installer 3.1 V2" package, it will have one chance to install per advertisement. I want it to succeed on all clients on my first attempt. Therefore, I am going to use my "Reboot Client" package and its "Reboot" program to reboot the clients before I install this package.
14. Click Browse and select the Reboot Client package we created earlier
15. Then select the Reboot program
16. Click Next to continue
17. On the Windows Installer page, Click Next to continue
18. On the MOM page, enable the "Disable MOM alerts while this program runs"
19. You will want to "Disable MOM alerts while this program runs" if your targeted CM agents include MOM-managed computers. An installation that updates the operating system and/or reboots the client could lead to alerts
20. Click Next to continue
21. On the Summary page, Click Next to continue
22. Click Close
23. Next define distribution points for the package
To create a distribution point
1. Just above the Package container is the Distribution Points container. Right-click the Distribution Points container and select Manage Distribution Point
2. This will launch the Manage Distribution Points Wizard
3. At the Welcome page click Next to continue
4. At the Select Destination Distribution Points, select "Copy the package to new distribution points"
5. Click Next to continue
6. In the Copy Package section, select the SMSSERVER Distribution Point. (Ensure the checkbox is selected)
7. Click Next to continue
8. Click Finish
9. We also need to monitor the replication of the package to our distribution points before we make them available to clients. Failure to do this will lead to failed jobs.
To monitor package status
1. Expand the System Status container and then click on Package Status
2. Scroll across the window and notice the different columns it reports on.
Creating the MSI Package (or Any .msi Files)
The final package to prepare is Microsoft Windows Defender for Windows OS. When download it comes in an MSI package. You’ll soon see why this is often the easiest sort of package to deploy.
To configure the MSI Package
1. Copy the Windows Defender folder into the Packages$ share
· Tip! Before creating packages, be sure to test it out in a test/lab environment to see how it works.
2. If not already running, on the Start menu, click ConfigMgr Console.
3. The ConfigMgr Console window appears.
4. Expand Computer Management, and then expand Software Distribution
5. Right-click Packages and select New followed by Package from Definition
6. Click Next at the Welcome page
7. Click Browse and select the WindowsDefender.msi file. Click Open
8. You should now see Windows Defender listed in the Package Definition box
9. Click Next to continue
10. Select Create a compressed version of the source
11. Click Next to continue
12. This time select "Local drive on site server"
13. Click Browse and select C:\Packages\Windows Defender
14. Click Next to continue
15. Click Finish
16. Click on the Programs container under the newly created package. Notice the programs already created to suit this package.
17. Select Properties of the different programs and look at the different command line options.
18. Next, we will explore changing the properties of a pre-created program to suit our need
To modify Programs
1. In the Programs container of the Windows Defender package, right-click Per-system unattended and select Properties
2. View the command line options and view all the other tabs in this Properties dialog
3. Click on the Advanced Tab. Since we know that Windows Installer is a pre-requisite for Windows Defender, we will run that program first. Enable the Run another program first
4. Click Browse and select Microsoft Win Installer 3.1
5. Select the Per Computer Unattended program
6. Deselect the Suppress program notifications
7. Click on the Windows Installer tab. Click Import and select the WindowsDefender.msi file, then click Open
8. This will import information regarding the file
9. Next define distribution points for the package
To create a distribution point
1. Just above the Package container is the Distribution Points container. Right-click the Distribution Points container and select Manage Distribution Point
2. This will launch the Manage Distribution Points Wizard
3. At the Welcome page click Next to continue
4. At the Select Destination Distribution Points, select "Copy the package to new distribution points"
5. Click Next to continue
6. In the Copy Package section, select the SMSSERVER Distribution Point. (Ensure the checkbox is selected)
7. Click Next to continue
8. Click Finish
9. Open a Windows Explorer session and browse the C: drive. Notice there is not a shared folder called SMSPKGC$. This is the shard folder created on the distribution points which will contain packages
Creating the Advertisement
We will now create an advertisement to install Windows Defender. As I’ve already mentioned, because of our daisy chaining of package programs, the pre-requisites of Windows Defender will also be installed before our desired package is. There are a few ways to create a new advertisement. They all create the same results, it’s just a matter of where you kick things off and what additional steps the resulting wizard or dialog will go through.
To create the advertisement
1. In the Packages container, right click the Windows Defender package we created earlier and select Distribute followed by Software
2. Click Next at the Welcome page
3. Select the Distribution Points that clients will access the package from
· Note Allow enough time for packages to be copied to the distribution points
4. Click Next to continue
5. In the Advertise Program page, select Yes and click Next
6. In the Select Program, select "Per system unattended" (we modified this earlier remember?)
7. Click Next to continue
8. In the Advertisement Target, click the Browse button and choose appropriate Collections.
9. Click Next to continue
10. In the Advertisement Name, accept the default and enter Comments as necessary
11. Click Next to continue
12. On the Advertisement Subcollection page, Click Next to continue
13. In the Advertisement Schedule, this is where we can schedule the advertisement and allow time for the packages to be copied to the distribution point. For this exercise, accept defaults. Click Next to continue
14. In the Assign Program, enable the "Yes. Assign the program"
· Note Assign Program basically means Mandatory Assignment
15. When a program is advertised, it does not install automatically. User intervention is required to start the installation. If you would like installation to start regardless, then select to Assign the program.
16. Click Next to continue
17. In the Summary page, Click Next to continue
18. Click Close
19. In the Advertisement container, you should now se your newly created advertisement.
20. Right-click the advertisement and select Properties. Run through the different tabs
Verifying the Advertised Programs Client Agent
Every computer that is managed by CM 2007 will have a CM 2007 client installed. By itself, the client does not do very much. It certainly cannot do any software distribution, i.e. download a package or execute a package program. Additional functionality is added by client agents. To use CM 2007 for software distribution you will to enable and configure the "Advertised Programs Client Agent" in "Site Management -
To enable Advertised Programs Client Agent
1. If not already running, on the Start menu, click ConfigMgr Console.
2. The ConfigMgr Console window appears.
3. Expand Site Management, and then expand SV4 followed by Site Settings. Then click on Client Agents
4. In the results pane, Right-click Advertised Programs Client Agent and select Properties
5. In the Properties dialog box, ensure the Enable software distribution to clients is selected
6. Click on the Notification tab. Select options as necessary
Installing the Package
When you are deploying software to clients in a medium to large environment, you cannot expect to keep track of things by running from machine to machine. You could use the summary information in the administrator console under "System Status – Advertisement Status" but it is just summary information. The best and only way to track things with detail is to use the reports that are provided by the CM 2007 Reporting Point.
CM 2007 require a lot of patience. Things do not happen immediately. Left by itself, your software distribution client agent will probably not look for new software for anything up to 60 minutes. We can hurry this along from the client’s end of things..
Note: Perform this on the CM2007 Client
To install the package
1. Log on to the WINXP2 machine if you have not already done so.
2. Go to the Control Panel and open the Systems Management applet
3. On the Actions tab, select the Machine Policy Retrieval & Evaluation Cycle and click Initiate Action
4. This will force the client to check for new updates on the CM2007 server
just my 2cents at 11:12 PM |
0 Comments:
Post a Comment
<< Home