Edge Azwan

Friday, October 10, 2008

System Center Configuration Manager 2007 for Dummies

System Center Configuration Manager - Configure Software and Hardware Inventory

How to Configure Software Inventory for a Site
Note You must have Modify permission for the Site security object class or instance to perform this procedure.


To configure software inventory for a site
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / - / Site Settings / Client Agents.
2. In the results pane, right-click Software Inventory Client Agent, and then click Properties.
3. In the Software Inventory Client Agent Properties dialog box, click the General tab, and enable and schedule software inventory.
4. Click the Inventory Collection tab, specify the file names or file types, and then select the reporting detail for files you want inventoried.
5. Click the File Collection tab, and specify any files you want to collect from clients.
6. Click the Inventory Names tab, specify a single, consistent display name that you want to use for a manufacturer or software program, and then specify the inventoried manufacturer or software program names that currently appear in Resource Explorer.


How to Configure Hardware Inventory for a Site
Note You must have Modify permission for the site security object class or instance to perform this procedure.


To configure hardware inventory for a site
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / - / Site Settings / Client Agents.
2. In the results pane, right-click Hardware Inventory Client Agent, and then click Properties.
3. Use the Hardware Inventory Client Agent Properties dialog box, General tab, to enable and schedule hardware inventory. The General tab is also used to configure the maximum custom MIF (IDMIF) file size that will be processed by the site.
4. Click the MIF Collection tab, specify the file names or file types, and then select the reporting detail for files you want inventoried.
5. Click the File Collection tab, and specify whether you want to collect IDMIF or NOIDMIF files from clients.

Labels: ,

just my 2cents at 11:52 PM |

System Center Configuration Manager 2007 for Dummies

System Center Configuration Manager - Reports

How to Create a Reporting Point
A reporting point in Configuration Manager 2007 is a site server role that hosts files used by Configuration Manager to display database information in Report Viewer. Use the following procedure to create a reporting point on a site system computer.


To create a reporting point
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / - / Site Settings / Site Systems.
2. Determine whether to create a new site system or modify an existing site system, and then follow the associated step.
3. To create a new site system and add the reporting point role:
4. Right-click Site Systems, click New, and then click Server.
5. To add the reporting point role to an existing site system:
6. Right-click the site system name, and then click New Roles.
7. Configure the general site system settings, and then click Next.
8. Select Reporting Point, and then click Next.
9. Specify the Report folder for the reporting point. Configuration Manager creates a folder with the specified name under \Inetpub\wwwroot. The default folder name is SMSReporting_sitecode.
10. Specify whether the Configuration Manager console opens the Report Viewer Web page using hypertext transfer protocol (http) or secure hypertext transfer protocol (https), and what port number is used. The default port for http is 80, and the default port for https is 443.
11. Click Next, and then click Close again to exit the wizard.
How to Configure Report Options for a Site
The reporting options for a Configuration Manager 2007 site provide the ability to select the default reporting point used and whether a new browser window opens when running reports and dashboards from the Configuration Manager console. Use the following procedure to configure the report options for a site.


To configure report options for a site
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database.
2. Right-click <>, and then click Report Options.
3. Specify from the drop-down list the default report point that will be used when opening reports and dashboards from the Configuration Manager console. If there are no reporting points available in the list, you must exit the dialog box and then create a reporting point. By default, the maximum number of reporting points displayed in the drop-down list is five.
4. Specify whether reports and dashboards that run from the Configuration Manager console open in a new browser window or if they open within the console.
How to Modify the Number of Reporting Points in Report Options
The Report Options dialog box provides a drop-down list of the available reporting points. By default, a maximum of five reporting points appear in the drop-down list. Use the following procedure to modify the number of reporting points that appear in the drop-down list.


To modify the maximum number of reporting points in the drop-down list
1. Open the Registry Editor on the computer on which the Configuration Manager console is installed.
2. Navigate to HKEY_LOCAL_MACHINE\Software\Microsoft\SMS\Admin UI. Create the SMS, Admin UI, and Reporting keys if they are not present.
3. Create a DWORD value named MenuCount under the Reporting key, and then enter the value for the desired maximum number of reporting points that will appear in the drop-down list.


How to Run a Report
Reports in Configuration Manager 2007 are opened in Report Viewer, which can be opened from the Configuration Manager console or by using a Web browser. Reports can be opened from any computer that has access to a reporting point for the site and for users that have sufficient rights to view the reports. Use the following procedures to open a report from the Configuration Manager console and from a Web browser.
Procedure


To run a report from the Configuration Manager console
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Reporting / Reports.
2. Right-click the name of the report that you want to run, and then click Run. The report will either open within the Configuration Manager console or be displayed in a Web browser window.
To run a report from a Web browser
1. Open a Web browser, enter the URL for the report, and then press Enter. The default URL for a report is http://reporting point name/SMSReporting_site code/Report.asp?ReportId=ReportID.
2. Alternatively, you can go to Report Viewer, select the report from the list, and then click Display. The default URL for the reporting point is http://servername/SMSReporting_site code.

Labels: ,

just my 2cents at 11:38 PM |

System Center Configuration Manager 2007 for Dummies


System Center Configuration Manager - Dashboards


How to Create a Dashboard
Dashboards in Configuration Manager 2007 display multiple reports on a single page. You can create dashboards to monitor information about related hardware or software or to group the reports you use most frequently. New dashboards can be created by specifying the dashboard properties or by cloning an existing dashboard. Use the following procedure to create a new dashboard by specifying the dashboard properties.
Procedure


How to create a new dashboard
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Reporting / Dashboards.
2. Right-click Dashboards, and then click New Dashboard to open the New Dashboard Wizard.
3. Specify the following dashboard properties:
· Name: Specifies the name for the dashboard. This setting is required.
· Comment: Specifies the description for the dashboard. This setting is optional.
· Limit cell height: Specifies whether to limit the height of the dashboard display. When this property is selected, type the maximum height, in pixels, in the Height text box. The default value is 250.
4. Click Next.
5. Specify the dimensions for the dashboard, and then click Set. By default, the dashboard is made of two rows and two columns.
6. Select the row and column for the dashboard report, click the Select Report icon, select the report from the Select Report dialog box, and then click OK.
· Note The dialog box will display only the reports that do not contain a report prompt and reports for which the user has Read access.
7. Repeat step 5 to add additional reports to the dashboard.
8. Use the Move Up and Move Down icons to change the dashboard position for a highlighted report.
9. Click Next, and then click Close.


How to Add Reports to a Dashboard
Dashboards in Configuration Manager 2007 display multiple reports on a single page. Use the following procedure to add reports to a dashboard.
Procedure


To add reports to a dashboard
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Reporting / Dashboards.
2. Right-click the name of the dashboard that you want to modify, and then click Properties.
3. Click the Reports tab. All reports that are used in the dashboard are listed in the Dashboard reports area, along with the position (row and column) for each report.
4. To add or remove columns or rows from the dashboard, specify the dimensions and then click Set.
· Note When the dimensions for a dashboard are reduced, the reports assigned to the rows or columns are removed from the dashboard temporarily, but they can be restored by increasing the dimensions to the original size. The reports are permanently removed when clicking OK or Apply.
5. Double-click a dashboard position, select a report from the Select Report list, and then click OK to insert the selected report into the position.
· Note The dialog box will display only the reports that do not contain a report prompt and for which the user has Read access.
6. Use the Move Up and Move Down icons to change the dashboard position for a report.
7. Click OK to save the dashboard and exit the dialog box.


How to Run a Dashboard
Dashboards in Configuration Manager 2007 are used to display one or more reports on a single page. Dashboards are opened in the Report Viewer, which can be opened from the Configuration Manager console or by using a Web browser. Dashboards can be opened from any computer that has access to a reporting point for the site and for users that have sufficient rights to view the reports in the dashboard.
Use the following procedures to open a report from the Configuration Manager console and from a Web browser.
Procedure


To run a dashboard from the Configuration Manager console
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Reporting / Dashboards.
2. Right-click the name of the dashboard that you want to run, and then click Run. The dashboard will either open within the Configuration Manager console or be displayed in a Web browser window.


To run a dashboard from a Web browser
1. Open a Web browser, enter the URL for the dashboard, and then press Enter. The default URL for a dashboard is a http://reporting point name/SMSReporting_site code/Dashboard.asp?DashboardId=DashboardID.
2. Alternatively, you can go to Report Viewer, select the dashboard from the list, and then click Display. The default URL for the reporting point is http://servername/SMSReporting_site code.

How to Remove Reports from a Dashboard
Dashboards in Configuration Manager 2007 display multiple reports on a single page. Use the following procedure to remove reports from a dashboard.
Procedure


How to remove reports from a dashboard
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Reporting / Dashboards.
2. Right-click the name of the dashboard that you want to modify, and then click Properties.
3. Click the Reports tab. All reports that are used in the dashboard are listed in the Dashboard reports area, along with the position (row and column) for each report.
4. To remove an individual report while keeping the original number of rows and columns in the dashboard, double-click the report to open the Select Report Properties dialog box, select -Blank- from the Select Report dialog box, and then click OK.
· Note Several reports can be removed at the same time by decreasing the number of rows or columns in the dashboard. Decreasing the number of rows will remove entire rows of reports, starting from the bottom of the dashboard. Decreasing the number of columns will remove entire columns of reports, starting from the right-hand side of the dashboard.
5. Click OK to save the dashboard and exit the dialog box.


How to Delete a Dashboard
Dashboards in Configuration Manager 2007 display multiple reports on a single page. Use the following procedure to delete a dashboard.
Note The reports displayed in a dashboard are not removed from the database when the dashboard is deleted.
Procedure


To delete a dashboard
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Reporting / Dashboards.
2. Right-click the name of the dashboard that you want to delete, and then click Delete.
3. Click Yes to confirm the deletion.

Labels: ,

just my 2cents at 11:31 PM |

System Center Configuration Manager 2007 for Dummies



System Center Configuration Manager - Software Update

To prepare SCCM for Software Updates
1. First, we have to add a new role to SMSSERVER called the Software Update Management Point.
2. If not already running, on the Start menu, click ConfigMgr Console.
3. The ConfigMgr Console window appears.
4. In the tree pane, expand SMSSERVER, expand Site Management, expand SV4, expand Site Settings, expand Site Systems, and then click \\SMSSERVER.
5. In the Actions pane, click New Roles
6. In the New Site Role Wizard, click Next
7. On the System Role Selection page, select Software update point, then click Next
8. On the Software Update Point page, enter proxy information (if any) to enable access to the Internet.
9. Click Next when done
10. From here on, the setting selected here will correspond to the Options set in WSUS. All changes made here will be automatically reflected in WSUS.
11. On the Active software update point settings page, click on the checkbox next to Use this server as the active software update point to enable it.
12. Also enter port information used by the WSUS server if changes have been made. If not, leave all settings as default.
13. Click Next to continue
14. On the Synchronization schedule page, configure the frequency of synchronization with Microsoft Update or do not enable if manual synchronization is preferred
15. Click Next to continue
16. Select the appropriate Update classifications that you require WSUS to synchronize with.
17. Click Next to continue
18. Next, select the products that you would like WSUS to synchronize with Microsoft Updates
19. Click Next to continue
20. On the Languages page, select all language version of updates that WSUS should download.
21. Click Next to continue
22. After going through the Summary of the configuration, Click Next to continue
23. At this point, the Software Update Point role will be created
24. Click Close


To view SCCM logs
1. Launch a Windows Explorer session and navigate to C:\Program Files\MicrosoftSCCM2007\Logs
2. Open the SUPSetup.log to view it and you should see the installation details of the SUP
3. Notice a line that states:(Parameters: C:\PROGRA~1\MIF5F3~1\bin\i386\ROLESE~1.EXE /install /siteserver:SMSSERVER SMSWSUS)
4. This is the command line operative that SMSSERVER uses to install the Software Update Point
5. A clear giveaway that installation was successful is the last line which states the exact.
6. What has also happen at this point is that SCCM has taken over WSUS and relatively own it.


To configure SUP in SCCM
1. In the SCCM Console tree pane, expand SMSSERVER, expand Site Management, expand SV4, expand Site Settings, expand Site Systems, and then click \\SMSSERVER.
2. You should now notice the ConfigMgr software update point already installed
3. Click on Component Configuration
4. Right-click the Software Update Point Component option and select Properties
5. You will notice that most of the settings here seem familiar from the Wizard during setup of the SUP.
6. Click through the different tabs to look at the settings.
7. REMEMBER, SCCM is now the main owner of WSUS and whatever we configure here will reflect in the WSUS Options
8. Click on the Products tab and then select.
9. Click OK


Install Software Update Point in SCCM
Configure the Windows Update agent GPO:
1. Open a GPO
2. Go to Computer configuration\Windows Components\Windows Update
3. Configure the Configure automatic updates option, Set it to auto download and shedule the install
4. Choose your own schedule
5. Configure the Specify intranet microsoft update service location
6. Configure both options with the value http://wsusserver:80
7. Import the SCCM-2007 adm template:
8. Download the adm template to configure SCCM 2007 client installation command line parameters http://www.blogcastrepository.com/files/folders/documents/entry15469.aspx
9. Open a GPO
10. In Computer Configuration Right-click on Administrative templates
11. Browse to the SCCM-2007 and add the template.
12. Go to Computer configuration\Windows Components\SCCM 2007\Software Update point client installation
13. Configure the command line with the parameters you want.
· SCCM2007_Example="smscachesize=1500 smssitecode=S01 smsfp=FSP01"


To publish the Configuration Manager 2007 client to the WSUS server:
1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / / Site Settings / Client Installation Methods.
2. Right-click Software Update Point Client Installation, and click Properties.
3. To enable client installation, select the Enable Software Update Point Client Installation check box.
4. If the client software on the Configuration Manager 2007 site server is newer than that stored on the software update point, the Upgrade Client Package Version dialog box will open. You should click Yes in this dialog box to publish the most recent version of the client software to he software update point.
5. To finish configuring the software update point client installation, click OK.

To configure SCCM Client Agents
1. If not already running, on the Start menu, click ConfigMgr Console.
2. The ConfigMgr Console window appears.
3. In the tree pane, expand SMSSERVER, expand Site Management, expand SV4, expand Site Settings, and then click on Client Agents.
4. In the results pane, right-click the Software Updates Client Agent and select Properties
5. In the Software Updates Client Agent Properties dialog box, you should see three tabs.
6. Ensure that Enable Software Updates on clients is selected.
7. Click on the Update Installation tab.
8. This is a setting for mandatory updates
9. Click on the Deployment Re-Evaluation
10. Select how long you would like the Client Agent to re-evaluate itself for software updates. The default is 7 days. For testing purposes you may want to reduce this setting


To look at Inventory Updates
1. Expand the Software Updates container.
2. You will notice 5 nodes under the container.
3. The way SCCM works with regards to software updates is different than SMS2003. Although essentially patches are deployed via a software distribution model, it no longer ties itself to the Software Distribution Feature per say.
4. Click on the Updates Repository. This is where you will find the complete inventory of updates that is synchronized with WSUS.
5. Right-click Updates Repository and select Run Synchronization. This will initiate an action to pull all the updates from the WSUS database
6. To verify synchronization is taking place, navigate to the C:\Program Files\MicrosoftSCCM2007\Logs folder and launch the wsyncmgr.log
7. Look for a line that states Found local sync request in site control file (You can pause the SMSTrace utility to hold your log place)
8. Let’s look at the Site Control File.
9. In a Windows Explorer session, navigate to C:\Program Files\ MicrosoftSCCM2007\inboxes\sitectrl.box
10. Open the sitectrl.ct0 file with Notepad
11. Once the file is opened, Click on the Edit menu and select Find and key in WSUS and then click FIND NEXT.
12. Click Find Next until you find a section in the file that looks similar to this:

BEGIN_COMPONENT
SMS_WSUS_SYNC_MANAGER>
6>
SMSSERVER> PROPERTY Sync Schedule><><><0>
PROPERTY Sync Retry Intercal><><><60>

13. This section of the Site Control File controls the synchronization of SCCM with the WSUS Server
· Notice a setting that states PROPERTY <><><1179…..>

To deploy updates
1. Select an update that you would like to deploy, right-click it and select Deploy Software Updates
2. The Deploy Software Updates Wizard should appear
3. First, key in a name that you would like to identify this deployment, then click Next
4. On the Deployment Templates page, select Create a new deployment definition.
5. Deployment Templates are essentially pre-defined settings that you can re-use. This is to save time and the number of clicks needed to complete the tasks if you should have setting which can be re-used on to other deployment scenarios.
6. Click Next to continue.
7. On the Collection page, Browse and select a Collection that you would like to deploy to.
8. Click OK to accept it.
9. Then, Click Next to continue.
10. In the Display/Time Settings, configure how you want display notifications and time sync options. For the purpose of this exercise, select Allow display notifications on clients and Client Local Time.
11. The final setting on this page is important. This setting denotes the timeline when the software update will become mandatory and forced to install. When the time you advertise the package, it will not automatically install until the duration specified here. So if you want updates to apply IMMEDIATELY, set this to 0 weeks.
12. Click Next to continue.
13. On the Restart Settings page, configure whether you would like to suppress the restarts. For the purpose of this exercise, suppress Servers and Workstations by selecting the check boxes.
14. Click Next to continue.
15. On the Event Generation page, select Create Windows event for software update installation failure to have events written into the Event logs.
16. Click Next to continue.
17. On the Update Binary Download page, select how you want clients to react to distribution points. Select Download software updates from distribution point and install for both settings
18. Click Next to continue.
19. On the Create Template page, specify whether you would like to save the settings you had selected earlier as a template for re-use at a later time. For the purpose of this exercise, key-in template
20. Click Next to continue.
21. The Deployment Package page is where you would specify the installation files that will be available to clients. Select Create a new deployment package.
22. At this point of time, you have to create a shared folder on the SMSSERVER. This is the folder SMS Clients will poll the updates from.
23. Navigate back to the Deploy Software Updates Wizard
24. On the Deployment Package page, enter the name.
25. Enter \\SMSSERVER\location in the Package Source box, then click Browse to check its path
26. Click Next to continue.
27. On the Distribution Points page, click Browse and select a Distribution point. Select SMSSERVER and click OK.
28. Click Next to continue.
29. Click Next to continue.
30. Select the update language Click Next to continue.
31. In the Deployment Schedule, select when the updates should be made available. Select As soon as possible.
32. Notice that the deadline for software installation is 2 weeks from the deployment date which was the setting chosen during the Deployment Template
33. Click Next to continue.
34. Do not enable NAP Evaluation for this exercise
35. Click Next to continue.
36. Click Next on the Summary page to begin the process.
37. Once done, a Successful message will appear. Click Close.


To verify the update packages
1. Launch a Windows Explorer session and navigate to \\smsserver\location
2. You should now see the update installer present in the folder
3. Let’s check the log files.
4. Navigate to C:\SMS_CCM\Logs\ and launch the PatchDownloader.log
5. Look for a line that starts with …
6. Download destination = \\smsserver\location\a213789.. (this set of numbers is the Unique patch ID and it is significant for tracking the updates through the logs on the client side.)
7. You should notice the other entries signifying downloading and successful creation.
8. Now, navigate back to the ConfigMgr Console
9. Expand Software Updates and click on Deployment Management.
· Note You may have to Refresh to see the Updates
10. Right-click and select Properties
11. Go through the different tabs. You will notice that these are all the setting which was configured through the wizard. You may change these settings at any time.
12. Click Cancel
13. Under the , you will be able to view the software update that was configured to be deployed
14. Click on Deployment Templates.
· Note You may have to Refresh to see the Templates
15. Right-click Template and select Properties.
16. This is the setting which was saved during the wizard and can be modified here.
17. Click on the Deployment Packages
· Note You may have to Refresh to see the Packages
18. Right-click and select Properties.
19. Browse through the tabs
20. Under the , you will be able to view the Distribution Points and Software Updates


To view the process from the client side
· Note: Perform the following on the SMS Client, WINXP2
1. Launch Control Panel and double-click on Systems Management
2. Click on the Actions tab.
3. Select the Software Updates Evaluation Cycle and click Initiate Action
4. Launch a Windows Explorer session and navigate to C:\WINDOWS\System32\CCM\Logs
5. Open the smscliui.log. Notice the last line verifying that a Software Updates Assignments Evaluation cycle was triggered.
6. Navigate to C:\WINDOWS\System32\CCM\Logs and open the UpdateDeployment.log
7. Notice the last couple of lines.
· Message received: …. (denotes a message received to initiate cycle)
8. Then…
· Removing scan history… (denotes the removal of previous scans)
9. Then…
· Starting updates assignments… (denotes the start of a scan)
10. Then…
· No updates assigned.. (denotes the end of the process)
· Note The Software Updates Evaluation Cycle does not actually perform an evaluation on what the SCCM Client is lacking but rather compares with an assignment from the SCCM. At the moment, there is no assignment from the SCCM there fore, no comparison is done.
11. Now, in the Systems Management Control Panel dialog box, click on the Actions tab and select Update Source Scan Cycle, then click Initiate Action.
12. Launch a Windows Explorer session and navigate to C:\WINDOWS\System32\CCM\Logs
13. Open the ScanAgent.log
14. Notice the line that says: ***WSUSLocationUpdate received for location…. (denotes the start of scanning by WSUS)
15. Then…
· ScanJob completed. (denotes Scan completed)
· Note: The Update Source Scan Cycle is essentially the manual scanning Trigger.


To view the process from the SCCM
Note: Perform the following on the SCCM Site Server, SMSSERVER
1. Go to the SCCM Admin Console and expand Software Updates, then Refresh the Update Repository.
2. Expand the Update Repository, then expand Security Updates followed by Microsoft.
3. Click on Windows XP
4. Notice the columns are now updated with the recent scan results. Denoting clients that would need the updates and those that do not. It also states what percentage of compliancy are the computers on the network.


To modify the Deployment Update
Note: Perform the following on the SCCM Site Server, SMSSERVER
1. Earlier, we targeted our software update to the All Mobile Devices Collection so that the updates will not be deployed. We need to change that now
2. In the ConfigMgr Console, expand Software Updates, then expand Deployment Management.
3. Right-click and select Properties
4. Click on the Collection tab, then click on the Browse button.
5. Select All System, then click OK
6. Click OK on the Properties dialog box.
Note: Perform the following on the SCCM Client
1. Go to the Control Panel and launch the Systems Management option.
2. Click on the Actions tab and select Machine Policy Retrieval & Evaluation Cycle.
3. This will trigger the download of new policies and will initiate the advertised security update
· Note: You may have to wait a couple of minutes to see the advertised program
4. A pop up should appear from the tray area denoting that there is a new software update waiting to be installed.
5. Click on the balloon to launch the Available Software Updates dialog box
6. There should be information about the KB885836 security update that was configured earlier to be deployed. Click Install

Labels: ,

just my 2cents at 11:20 PM |

System Center Configuration Manager 2007 for Dummies

Tool Needed: Windows Installer 3.0.exe, Windows Defender.msi
How to Configure Software Distribution Components
Although the default software distribution component settings will be usable for most Configuration Manager 2007 sites, it may be necessary to modify them to meet the specific needs of an individual site.
Note You must have Modify permissions for the Site object type to configure software distribution components.


To configure software distribution components
1. In the Configuration Manager console, navigate to System Center Configuration Manager / / Site Management / / Site Settings / Component Configuration.
2. Right-click Software Distribution, and then click Properties.
3. In the Software Distribution Properties dialog box, modify the settings as needed.

Creating the Reboot Package


In this step, you will create a package to reboot the target machine


To configure the Reboot package
1. If not already running, on the Start menu, click ConfigMgr Console.
2. The ConfigMgr Console window appears.
3. Expand Computer Management, and then expand Software Distribution
4. Right-click Packages and select New followed by Package
5. Enter "Reboot Client Machine" in the name field
6. Enter "1.0" in the Version field
7. Enter "Internal Administration" in the Manufacturer field
8. Enter "This package consists of a program to remotely reboot a client machine" in the Comment field
9. Click Next to continue
10. In the Data Source page, leave the default stating that we do not have source files.
11. Click Finish to go straight to the Summary page
12. Click Next to begin creation
13. Click Close
14. Next, we will need to create a program. A package will not do anything without one.
15. To configure a program
16. Expand the Packages container and you should see the new package that you just created
17. Notice there are no Programs currently associated with this package and will not do anything
18. Right-click the Program container and select New followed by Program
19. This launches the New Program Wizard
20. In the General Page, enter the following details:
· Name: Reboot
· Command line: C:\Windows\system32\wuauclt.exe
· Run: Hidden
· After Running: SMS Restarts Computer
· Note: The After Running field:
· - SMS Restarts Computer: Starts a 5 minute countdown that is visible to users
· - No action required: Nothing happens.
· - Program restarts computer: The program we run in "Command Line" (or a child process) will start a reboot. Be careful with this because it can lead to upset users and administrators!
· · - SMS logs user off: This one is handy too. How many times have you come across situations where you needed everyone to log off as a prerequisite for something to be done? Consider making an administrative program for this.
21. Click Next to continue
22. In the Requirements page, there is nothing to change here
23. Click Next to continue
24. In the Environment page, select "Whether or not a user is logged on" in the Program can run field
· Note: Program can run:
· - Only when a user is logged on: You might run this when a program requires human intervention, e.g. to enter a license key.
· - Only when no user is logged on: You would run this when a task must never be interrupted by user activity. I find that this is the best way to deploy software, e.g. how do you install Version 2.0 of a program if Version 1.0 is already running? Or what about a running program interfering with the environment that your installation is trying to modify? Be careful, computers are rarely in this state. Consider forcing a reboot before running a task with this setting.
· - Whether or not a user is logged on: You don’t care because your program doesn’t care.
25. The Run mode section details what account would you to run the program.
· Note: Run Mode
· - "Run with user’s rights" is only available if you configure the program to only run when a user is logged in. This is handy if you need to deploy a package of files to a person’s home drive on the network. Ideally, your users don’t have local administrative rights so you shouldn’t be using this to perform administrative tasks on the PC.
· - "Run with administrative rights" is normally what you will run programs with. By default this runs the program with system privileges using a client agent.
26. The Drive mode section is how the share on the distribution point is accessed by the client to execute the program.
· Note: "Runs with UNC name" is the default and normally used option. However, some installers are a bit fussier about these things. Two alternatives are provided. "Requires Drive Letter" enables the CM client to map a drive to the Distribution Point using any available drive letter on the client machine. Some installers are even fussier than that … they require the program to be installedfrom a specific drive. "Requires specific drive letter" will enable the administrator to pre-define a drive letter for the Program to use to access the Distribution Point. However, this drive letter must be free on all of the targeted clients or it cannot be mapped by the CM client and the program will fail to execute.
27. The Drive mode section is how the share on the distribution point is accessed by the client to execute the program.
28. Click Next all the way to the Summary page
29. Click Next to start the creation
30. Click Close
31. That’s the first of three packages completed. This package and program will enable our targeted PC’s to reboot so we can start a clean installation. But a package won’t do anything if it cannot get to the clients. For this, must make it available on the distribution points.


To create a distribution point
1. Just above the Package container is the Distribution Points container. Right-click the Distribution Points container and select Manage Distribution Point
2. This will launch the Manage Distribution Points Wizard
3. At the Welcome page click Next to continue
4. At the Select Destination Distribution Points, select "Copy the package to new distribution points"
· Note:
· - Copy the package to distribution points: start a replication of the installation files.
· - Refresh the package on selected distribution points: force a copy, maybe because we had to recover a server that hosts a distribution point.
· - Update all distribution points with a new package source version: we have updated the source folder with a new version of an installer and want to replicate it to all distribution points.
· - Remove the package from selected distribution points: It is no longer applicable to their clients or the package is obsolete.
5. Click Next to continue
6. In the Copy Package section, select the SMSSERVER Distribution Point. (Ensure the checkbox is selected)
7. Click Next to continue
8. Click Finish
9. We also need to monitor the replication of the package to our distribution points before we make them available to clients. Failure to do this will lead to failed jobs.


To monitor package status
1. Expand the System Status container and then click on Package Status
2. Scroll across the window and notice the different columns it reports on.
3. This package is a funny one. It has no source files so there is nothing to replicate. CM 2007 gets a little confused so nothing is every shown as installed. This does not stop the package programs from being able to run, though.
Creating the Silent Executable Package
This will be an actual software installation package. The type of installer in this example is an executable that can be installed and controlled using command line parameters. The software we are installing is Microsoft’s Windows Installer 3.1 V2.


To configure the Windows Installer Package (or Any .exe Files)
1. First create a "Packages" folder in the C: drive and share it as "Packages$"
2. This creates a hidden shared folder to store all packages. This is not a requirement but rather a good practice
3. Copy the Win Installer 3.1 folder from the SCCM Workshop directory on the host computer into the Virtual image and then in the Packages$ share
· Tip! Before creating packages, be sure to test it out in a test/lab environment to see how it works.
4. If not already running, on the Start menu, click ConfigMgr Console.
5. The ConfigMgr Console window appears.
6. Expand Computer Management, and then expand Software Distribution
7. Right-click Packages and select New followed by Package
8. In the General Page, enter the following details:
· Name: Windows Installer
· Version: 3.1 V2
· Manufacturer: Microsoft
9. Click Next to continue
10. Click the "This package contains source files" to enable it.
11. Click the button
12. In the Set Source Directory dialog box, select Network Path (UNC Name)
13. Enter \\SMSSERVER\Packages$\Windows Installer 3.1 V2\ in the Source Directory box
14. This is one of the methods. You could also select the local drive setting. CM2007 will copy the package into its own package share.
15. Click OK when done
16. Under the Source Directory, select "Use a compressed copy of the source directory"
· There are 2 options:
· The first will download the package and compress it on the distribution point. This is suitable when you are short on space or when the package is a single file or is unlikely to be changed on a file by file basis. The download to the distribution point happens once and only once.
· The second choice is where the distribution point always downloads a copy of the source from the source directory. When I say "always" I don’t mean "always". The distribution point acts as a cache. It downloads the files and stores them as they are found on the source folder. An addition control is available to refresh distribution points on a schedule. You would consider using this option when you have packages that are built up of many files and you want to be able to update them with hotfixes or service packs. An example of when you could use this is Microsoft Office.
· The final control allows the package to persistently reside in the client cache after installation. You would use this when there is a package that you continually run on clients that has a source and you wish to reduce downloads to save on network or distribution point load. Again, be careful and selective with this. Your cache size is limited.
17. Click Next to continue
18. In the Data Access page, accept defaults and Click Next to continue
19. Alternatively can configure clients to download files from a "share distribution folder". You will need to make sure (1) that the folder is populated and (2) it is accessible to client computer accounts. Be careful that you don’t have clients downloading packages from a distribution point across a WAN or heavily loaded router. Watch out for license usage, i.e. more than 10 connections to a desktop operating system. If you do use this method then the Active Directory computer account of the client must be able to access the share. If this is not possible then you can use the client installation account to run the installation (configured later in the package program). Microsoft warns us not to use this field to list the distribution point share name or a folder within that share because it can cause infinite loops.
20. You also should be aware that not using a distribution point mean that you cannot use BITS as your transfer protocol.
21. In the Distribution settings, you would set the priority in sending this package to other distribution points. Click Next to continue
22. In the Reporting page, click Next to continue
23. In the security tab, accept defaults of accounts to install the package, click Next to continue
24. In the Summary page, click Next to start the creation
25. Click Close
26. Next, we will need to create a program. A package will not do anything without one.


To configure a program
1. Expand the Packages container and you should see the new package that you just created
2. Notice there are no Programs currently associated with this package and will not do anything
3. Right-click the Program container and select New followed by Program
4. This launches the New Program Wizard
5. In the General Page, enter the following details:
· Name: Per computer unattended (to specify the behaviour of the program)
· Command line: Click Browse and select the WindowsInstaller-KB893802 file
· Add some parameters to the file so that it looks something like this:
· WindowsInstaller-KB893803-v2-x86.exe /QUIET /NORESTART
· Run: Hidden
· After Running: SMS Restarts Computer
6. Click Next to continue
7. In the Requirements page, enter 1GB in the Estimated Disk Space
8. This screen is one to watch out for. In some regards I feel it is often underused. We can use it to configure what criteria the client must meet before the program will run, even if the client is a member of a targeted group.
9. Click Next to continue
10. In the Environment page, select "Whether or not a user is logged on"
11. Click Next to continue
12. In the Advance page, select "Run another program first"
13. How many times have you tried to install an application only to be told that a pending operation must be complete and you must reboot to do this? When I advertise my "Windows Installer 3.1 V2" package, it will have one chance to install per advertisement. I want it to succeed on all clients on my first attempt. Therefore, I am going to use my "Reboot Client" package and its "Reboot" program to reboot the clients before I install this package.
14. Click Browse and select the Reboot Client package we created earlier
15. Then select the Reboot program
16. Click Next to continue
17. On the Windows Installer page, Click Next to continue
18. On the MOM page, enable the "Disable MOM alerts while this program runs"
19. You will want to "Disable MOM alerts while this program runs" if your targeted CM agents include MOM-managed computers. An installation that updates the operating system and/or reboots the client could lead to alerts
20. Click Next to continue
21. On the Summary page, Click Next to continue
22. Click Close
23. Next define distribution points for the package


To create a distribution point
1. Just above the Package container is the Distribution Points container. Right-click the Distribution Points container and select Manage Distribution Point
2. This will launch the Manage Distribution Points Wizard
3. At the Welcome page click Next to continue
4. At the Select Destination Distribution Points, select "Copy the package to new distribution points"
5. Click Next to continue
6. In the Copy Package section, select the SMSSERVER Distribution Point. (Ensure the checkbox is selected)
7. Click Next to continue
8. Click Finish
9. We also need to monitor the replication of the package to our distribution points before we make them available to clients. Failure to do this will lead to failed jobs.


To monitor package status
1. Expand the System Status container and then click on Package Status
2. Scroll across the window and notice the different columns it reports on.
Creating the MSI Package (or Any .msi Files)
The final package to prepare is Microsoft Windows Defender for Windows OS. When download it comes in an MSI package. You’ll soon see why this is often the easiest sort of package to deploy.


To configure the MSI Package
1. Copy the Windows Defender folder into the Packages$ share
· Tip! Before creating packages, be sure to test it out in a test/lab environment to see how it works.
2. If not already running, on the Start menu, click ConfigMgr Console.
3. The ConfigMgr Console window appears.
4. Expand Computer Management, and then expand Software Distribution
5. Right-click Packages and select New followed by Package from Definition
6. Click Next at the Welcome page
7. Click Browse and select the WindowsDefender.msi file. Click Open
8. You should now see Windows Defender listed in the Package Definition box
9. Click Next to continue
10. Select Create a compressed version of the source
11. Click Next to continue
12. This time select "Local drive on site server"
13. Click Browse and select C:\Packages\Windows Defender
14. Click Next to continue
15. Click Finish
16. Click on the Programs container under the newly created package. Notice the programs already created to suit this package.
17. Select Properties of the different programs and look at the different command line options.
18. Next, we will explore changing the properties of a pre-created program to suit our need


To modify Programs
1. In the Programs container of the Windows Defender package, right-click Per-system unattended and select Properties
2. View the command line options and view all the other tabs in this Properties dialog
3. Click on the Advanced Tab. Since we know that Windows Installer is a pre-requisite for Windows Defender, we will run that program first. Enable the Run another program first
4. Click Browse and select Microsoft Win Installer 3.1
5. Select the Per Computer Unattended program
6. Deselect the Suppress program notifications
7. Click on the Windows Installer tab. Click Import and select the WindowsDefender.msi file, then click Open
8. This will import information regarding the file
9. Next define distribution points for the package


To create a distribution point
1. Just above the Package container is the Distribution Points container. Right-click the Distribution Points container and select Manage Distribution Point
2. This will launch the Manage Distribution Points Wizard
3. At the Welcome page click Next to continue
4. At the Select Destination Distribution Points, select "Copy the package to new distribution points"
5. Click Next to continue
6. In the Copy Package section, select the SMSSERVER Distribution Point. (Ensure the checkbox is selected)
7. Click Next to continue
8. Click Finish
9. Open a Windows Explorer session and browse the C: drive. Notice there is not a shared folder called SMSPKGC$. This is the shard folder created on the distribution points which will contain packages


Creating the Advertisement
We will now create an advertisement to install Windows Defender. As I’ve already mentioned, because of our daisy chaining of package programs, the pre-requisites of Windows Defender will also be installed before our desired package is. There are a few ways to create a new advertisement. They all create the same results, it’s just a matter of where you kick things off and what additional steps the resulting wizard or dialog will go through.


To create the advertisement
1. In the Packages container, right click the Windows Defender package we created earlier and select Distribute followed by Software
2. Click Next at the Welcome page
3. Select the Distribution Points that clients will access the package from
· Note Allow enough time for packages to be copied to the distribution points
4. Click Next to continue
5. In the Advertise Program page, select Yes and click Next
6. In the Select Program, select "Per system unattended" (we modified this earlier remember?)
7. Click Next to continue
8. In the Advertisement Target, click the Browse button and choose appropriate Collections.
9. Click Next to continue
10. In the Advertisement Name, accept the default and enter Comments as necessary
11. Click Next to continue
12. On the Advertisement Subcollection page, Click Next to continue
13. In the Advertisement Schedule, this is where we can schedule the advertisement and allow time for the packages to be copied to the distribution point. For this exercise, accept defaults. Click Next to continue
14. In the Assign Program, enable the "Yes. Assign the program"
· Note Assign Program basically means Mandatory Assignment
15. When a program is advertised, it does not install automatically. User intervention is required to start the installation. If you would like installation to start regardless, then select to Assign the program.
16. Click Next to continue
17. In the Summary page, Click Next to continue
18. Click Close
19. In the Advertisement container, you should now se your newly created advertisement.
20. Right-click the advertisement and select Properties. Run through the different tabs
Verifying the Advertised Programs Client Agent
Every computer that is managed by CM 2007 will have a CM 2007 client installed. By itself, the client does not do very much. It certainly cannot do any software distribution, i.e. download a package or execute a package program. Additional functionality is added by client agents. To use CM 2007 for software distribution you will to enable and configure the "Advertised Programs Client Agent" in "Site Management - - Site Settings – Client Agents".


To enable Advertised Programs Client Agent
1. If not already running, on the Start menu, click ConfigMgr Console.
2. The ConfigMgr Console window appears.
3. Expand Site Management, and then expand SV4 followed by Site Settings. Then click on Client Agents
4. In the results pane, Right-click Advertised Programs Client Agent and select Properties
5. In the Properties dialog box, ensure the Enable software distribution to clients is selected
6. Click on the Notification tab. Select options as necessary


Installing the Package
When you are deploying software to clients in a medium to large environment, you cannot expect to keep track of things by running from machine to machine. You could use the summary information in the administrator console under "System Status – Advertisement Status" but it is just summary information. The best and only way to track things with detail is to use the reports that are provided by the CM 2007 Reporting Point.
CM 2007 require a lot of patience. Things do not happen immediately. Left by itself, your software distribution client agent will probably not look for new software for anything up to 60 minutes. We can hurry this along from the client’s end of things..
Note: Perform this on the CM2007 Client


To install the package
1. Log on to the WINXP2 machine if you have not already done so.
2. Go to the Control Panel and open the Systems Management applet
3. On the Actions tab, select the Machine Policy Retrieval & Evaluation Cycle and click Initiate Action
4. This will force the client to check for new updates on the CM2007 server

Labels: ,

just my 2cents at 11:12 PM |

Sunday, July 27, 2008

From Zero to Hero

This posting is provided AS IS with no warranties and confers no rights.System Center Configuration Manager
2007. The first several days will be filled with deploying supporting infrastructure.

And so it begins. As promised, I plan to chronicle in detail my journey through deploying

A Never-ending stories -- From Zero to Hero.

Introduction to SCCM 2007 (Part 1)

When
people that are new to Microsoft System Center Configuration Manager
2007, start playing around with the product in a test lab, they often
want to start with a simple OS deployment setup. But if you are new to
the product and wants to deploy Windows XP, getting started could be a
bit challenging. This article (not sure how many parts it will contain
yetJ), will be a guide through the basic steps, that needs to be
configured in order to successful deploy Microsoft Windows XP
Professional with Service Pack 3 and Windows Vista Enterprise with
Service Pack 1.

This article is based on System Center Configuration Manager 2007
with Service Pack 1 and Windows Server 2008 RTM. All roles will be
installed on a single box (virtual machine). Installing everything on
the same box is not “best practice” in production.

The headlines for the first parts are:

Before we get started there are a few things that need to be
configured. In my test lab I’m running Windows Server 2008 Enterprise
Edition with Hyper-V, and I recommend the following settings for the
virtual machine:

This guide assumes that Windows Server 2008 Enterprise Edition x86
with Service Pack 1 is installed and configured with the following
settings:
(Installing Windows Server 2008 and Active Directory is not within the scope of this article).

Part 1: Pre-Configuration Manager Installation Tasks

The System Center Configuration Manager 2007 requires a few things
to be configured before installing the product. This part will guide
you through these steps.

Extending the Active Directory Schema

Extending the Active Directory schema is a forest-wide action and
must only be done once per forest. Extending the schema is an
irreversible action and must be done by a user who is a member of the
Schema Admins Group or by someone who has been delegated sufficient
permissions to modify the schema.

Four actions need to be taken in order to successfully enable
Configuration Manager Clients to query Active Directory Domain Services
to locate site resources:

How to Extend the Active Directory Schema Using ExtADSch.exe

You can extend the Active Directory schema by running the ExtADSch.exe file located in the SMSSETUP\BIN\I386 folder on the Configuration Manager 2007 installation media. The ExtADSch.exe file does not display output when it runs; however, it does generate a log file in the root of the system drive called extadsch.log,
which will indicate whether the schema update completed successfully or
any problems were encountered while extending the schema.

Step by step guide

image


How to Create the System Management container using ADSIEdit

Configuration Manager does not automatically create the System
Management container in Active Directory Domain Services, when the
schema is extended. The container needs to be created once for each
domain that includes a Configuration Manager Site server that will
publish site information to Active Directory Domain Services. To
manually create the System Management container using ADSI Edit, do the
following steps:

image


image


image


How to configure the security permissions on the System Management container.

After the System Management container has been created in Active
Directory Domain Services, the primary site server's computer account
must be granted the necessary permissions to publish site information
to the container.

image


image


image


Enable Active Directory publishing for the Configuration Manager site.

Before Configuration Manager can publish site data to Active
Directory Domain Services, the Active Directory schema must be extended
to create the necessary classes and attributes, the System Management
container must be created, and the primary site server’s computer
account must be granted full control of the System Management container
and all of its child objects. Each site publishes its own site-specific
information to the System Management container within its domain
partition in the Active Directory schema.

This part cannot be completed before Configuration Manager has been installed.

Configuring Windows Server 2008 for Site System Roles


Configuration Manager requires the WebDAV component to be installed
and enabled on the management points and BITS-enabled distribution
points. The WebDAV component is not included in Windows Server 2008
operating system and must be downloaded and configured manually.
Installing and configuring WebDAV for BITS-enabled distribution points and management points


Summary

This completes part 1 of this article. In the next part we’ll
install Microsoft SQL Server 2005, Windows Server Update Service (WSUS)
3.0 and System Center Configuration Manager 2007 with Service Pack 1.

Enjoy.

Labels: ,

just my 2cents at 5:04 PM |

Disclaimer


" I accept things happening around me and accepting them as my fate from Allah SWT.. I do believe in love..but as I grow older.. there's more in life with my dearest wife than being updated with clubs,parties watsoever.. I learn to look at life beyond that.. one thing I know.. what I'm missing in my life is basically.. nothing "

from zero to hero..

My Bloggers!

Something money can’t buy! The never ending journey through my ups and downs..

Name: Edge Azwan
View My Profile
View My Other Profile

The Edge



Edgetionaries

The Chosen One
The Photographer
Azwin Omar
The Sifoo
lil Brother
My Ramblings
Miss Taeyong
Jasmin Hassan
Sarah
Lina
Gezzeg
Mat Kown
Udey Ismail
Mukhriz Latif
LensaGrafik
Rarinda
Ministry Of Moment

Edgecution


Edgelicious

The Edgent

Powered by Blogger