Unofficial SCCM 2007 Reviewers Guide

Microsoft System Center 1

Microsoft Corporation

Published: 10/2/2007

Updated: 11/2/2007

Executive Summary The intent of this whitepaper is to provide a framework for the evaluation of System Center Configuration

Manager 2007. System Center Configuration Manager—previously known as Systems Management Server—

represents a tremendous advancement over its well-regarded predecessor, now providing the control

necessary to more effectively manage change in today's dynamic IT infrastructures. Manage the full

deployment and update lifecycle with streamlined, policy-based automation; with enhanced insight into, and

control over, assets and systems compliance; and with optimization for Windows—particularly Windows

Server 2008 and Windows Vista—and extensibility to customized administration experiences and third-party

applications.

System Center Configuration

Manager 2007 Reviewers Guide

to manufacturing, and as such, we cannot guarantee that all details included herein will be exactly as what is

found in the shipping product. The information contained in this document represents the current view of

Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond

to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft,

and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. The

information represents the product at the time this document was printed and should be used for planning

purposes only. Information subject to change at any time without prior notice. wThis whitepaper is for

informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS

SUMMARY.

Microsoft, Active Directory, Windows, the Windows logo, and Windows Server System are either registered

trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

All other trademarks are property of their respective owners.

Contents

Executive Summary ................................................................................................................................................................ 1

Navigation ................................................................................................................................................................................ 7

Windows Vista ......................................................................................................................................................................................... 7

Section 1: Exercise 5 – Upgrading Clients to Configuration Manager ........................................................................ 7

Section 2: Exercise 3 – Installing an SCCM Client ................................................................................................................. 7

Section 2: Exercise 3 – Reporting Configuration Manager 2007 Client Deployment Status .............................. 7

Section 5: Exercise 2 - Creating a Capture Media Task Sequence ................................................................................ 7

Section 5: Exercise 3 - Creating an Image of the Windows Vista Reference Computer ....................................... 7

Section 5: Exercise 4 - Deploying an OS Image Using Configuration Manager 2007 .......................................... 7

Section 5: Exercise 5 - Installing the Image at the Target Client Computer ............................................................. 7

Section 5: Exercise 6 - Viewing Status for the Image Deployment ............................................................................... 7

Section 6: Exercise 4 - Distributing Software Updates Using Configuration Manager Software Update

Management ...................................................................................................................................................................................... 7

Section 7: Exercise 5 - Software Update Deployment Options ...................................................................................... 7

The Datacenter ........................................................................................................................................................................................ 7

Section 4: Exercise 1 - Configuring Maintenance Windows on Collections .............................................................. 8

Section 4: Exercise 2 - Implementing the Maintenance Windows on the Configuration Manager Clients 8

Section 4: Exercise 3 - Distributing Software to the Configuration Manager Clients............................................ 8

Management ...................................................................................................................................................................................... 8

Security ....................................................................................................................................................................................................... 8

Section 2: Exercise 1 - Preparing Active Directory for SCCM 2007 Integration ....................................................... 8

Section 4: Exercise 1 - Configuring Maintenance Windows on Collections .............................................................. 8

Section 6: Exercise 1 - Configuring Configuration Manager Integration with WSUS ........................................... 8

Section 6: Exercise 2 - Generating Update Status on the Configuration Manager Client ................................... 8

Section 6: Exercise 3 - Generating Software Update Compliance Reports ................................................................ 8

Management ...................................................................................................................................................................................... 8

Section7: Exercise 1 - Installing the System Center Updates Publisher....................................................................... 8

Section7: Exercise 2 - Synchronizing Custom Updates with Configuration Manager........................................... 8

Section 7: Exercise 3 - Generating Status of Custom Updates on the Configuration Manager Client........... 8

Section 7: Exercise 4 - Generating Software Update Compliance Reports for Custom Updates ...................... 8

Section 8: Exercise 1 - Creating and Importing Configuration Items .......................................................................... 8

Section 8: Exercise 2 - Creating Configuration Baselines .................................................................................................. 8

Section 8: Exercise 3 - Scanning Configuration Manager Clients for Compliance ................................................. 8

Asset Intelligence .................................................................................................................................................................................... 8

Section 9: Exercise 1 Editing the SMS_Def.mof .................................................................................................................... 9

Section 9: Exercise 2 Viewing and Running Reports .......................................................................................................... 9

Branch and Remote Management .................................................................................................................................................. 9

Section 2: Exercise 3 – Installing an SCCM 2007 Client .................................................................................................... 9

Section 2: Exercise 4 - Reporting Configuration Manager 2007 Client Deployment Status ............................. 9

Section 4: Exercise 1 - Configuring a Branch Distribution Point ................................................................................... 9

Section 4: Exercise 2 - Distributing Software to the Configuration Manager Client............................................. 9

Section 5: Exercise 1 - Configuring Maintenance Windows on Collections ............................................................. 9

Introduction .......................................................................................................................................................................... 10

Evaluating Configuration Manager 2007 .................................................................................................................................. 10

The Microsoft Virtual Hard Disk Program ................................................................................................................................. 10

Configuration Manager Supported Configurations .............................................................................................................. 10

Client Hardware Requirements ................................................................................................................................................ 11

Supported Client Platforms ....................................................................................................................................................... 11

Mobile Device Client .................................................................................................................................................................... 12

SMS Client Embedded Operating System Support ......................................................................................................... 12

Configuration Manager 2007 Site Server System Requirements ..................................................................................... 13

Site System Hardware Requirements .................................................................................................................................... 13

Supported Site System Platforms.................................................................................................................................................. 13

Unsupported Client Platforms ................................................................................................................................................. 15

Unsupported Site Server Platforms .............................................................................................................................................. 15

Configuring SQL Server Site Database Replication in Configuration Manager 2007 .............................................. 16

Active Directory Schema Extensions ............................................................................................................................................ 16

Multi-Site Clients ................................................................................................................................................................................. 16

Support for Windows Server Clustering ..................................................................................................................................... 16

Support for Specialized Storage Technology ........................................................................................................................... 16

Storage Area Network Support ............................................................................................................................................... 16

Single Instance Storage Support ............................................................................................................................................. 17

Removable Disk Drive Support ................................................................................................................................................ 17

Computers in Workgroups .............................................................................................................................................................. 17

Remote Assistance Console Sessions..................................................................................................................................... 18

Fast User Switching ....................................................................................................................................................................... 18

Dual Boot Computers .................................................................................................................................................................. 18

Virtual Machines ............................................................................................................................................................................ 18

Interoperability Between Configuration Manager and SMS 2003 Sites ........................................................................ 18

Section 1 : Upgrading SMS 2003 SP2 to System Center Configuration Manager 2007 .................................... 20

Objectives ............................................................................................................................................................................................... 20

Prerequisites .......................................................................................................................................................................................... 20

Exercise 1 Identifying an SMS 2003 stallation ................................................................................................................. 22

Exercise 2 Preparing to Upgrade SMS 2003 SP2 to Configuration Manager ...................................................... 22

Exercise 3 Upgrading SMS 2003 SP2 to Configuration Manager............................................................................. 27

Exercise 4 Identifying a Configuration Manager Installation ..................................................................................... 30

Exercise 5 Upgrading Clients to Configuration Manager ............................................................................................ 31

Section 2: Deploying System Center Configuration Manager 2007 ....................................................................... 38

Objectives ............................................................................................................................................................................................... 38

Prerequisites .......................................................................................................................................................................................... 38

Exercise 1 Preparing Active Directory for SCCM 2007 Integration ........................................................................ 38

Exercise 2 Installing Microsoft Configuration Manager 2007................................................................................... 42

Exercise 3 Installing an SCCM 2007 Client ....................................................................................................................... 47

Exercise 4 Reporting Configuration Manager 2007 Client Deployment Status ................................................ 54

Section 3: Implementing Branch Distribution Points in System Center Configuration Manager 2007......... 56

Objectives ............................................................................................................................................................................................... 56

Prerequisites .......................................................................................................................................................................................... 56

Exercise 1 Configuring a Branch Distribution Point ....................................................................................................... 58

Exercise 2 Distributing Software to the Configuration Manager Client ................................................................ 60

Section 4: Implementing Maintenance Windows for Software Distribution in System Center Configuration

Manager 2007 ....................................................................................................................................................................... 71

Objectives ............................................................................................................................................................................................... 71

Prerequisites .......................................................................................................................................................................................... 71

Exercise 1 Configuring Maintenance Windows on Collections ................................................................................. 73

Exercise 2 Implementing the Maintenance Windows on the Configuration Manager Clients .................... 77

Exercise 3 Distributing Software to the Configuration Manager Clients ............................................................... 79

Section 5: Deploying Operating System Images Using System Center Configuration Manager 2007 .......... 89

Objectives ............................................................................................................................................................................................... 89

Before You Begin ................................................................................................................................................................................. 89

Exercise 1 Preparing the Environment for Configuration Manager OSD .............................................................. 91

Exercise 2 Creating a Capture Media Task Sequence.................................................................................................... 98

Exercise 3 Creating an Image of the Windows Vista Reference Computer ........................................................ 100

Exercise 4 Deploying an OS Image Using Configuration Manager 2007............................................................ 102

Exercise 5 Installing the Image at the Target Client Computer ................................................................................ 108

Exercise 6 Viewing Status for the Image Deployment ................................................................................................. 110

Section 6: Managing Microsoft Updates with System Center Configuration Manager 2007 ........................ 112

Objectives ............................................................................................................................................................................................. 112

Before You Begin ............................................................................................................................................................................... 112

Exercise 1 Configuring Configuration Manager Integration with WSUS .............................................................. 114

Exercise 2 Generating Update Status on the Configuration Manager Client ..................................................... 120

Exercise 3 Generating Software Update Compliance Reports .................................................................................. 122

Exercise 4 Distributing Software Updates Using Configuration Manager Software Update Management

............................................................................................................................................................................................................ 124

Exercise 5 Validating Current Software Update Compliance .................................................................................... 130

Section 7: Managing Custom Application Updates using Systems Center Configuration Manager 2007 . 133

Objectives ............................................................................................................................................................................................. 133

Before You Begin ............................................................................................................................................................................... 133

Exercise 1 Installing the System Center Updates Publisher ........................................................................................ 135

Exercise 2 Synchronizing Custom Updates with Configuration Manager ............................................................ 136

Exercise 3 Generating Status of Custom Updates on the Configuration Manager Client ............................. 145

Exercise 4 Generating Software Update Compliance Reports for Custom Updates ........................................ 147

Exercise 5 Software Update Deployment Options ......................................................................................................... 150

Exercise 6 Validating Current Software Update Compliance .................................................................................... 154

Section 8: Implementing Desired Configuration Management in System Center Configuration Manager 2007

................................................................................................................................................................................................ 157

Objectives ............................................................................................................................................................................................. 157

Prerequisites ........................................................................................................................................................................................ 157

Exercise 1 Creating and Importing Configuration Items ........................................................................................... 159

Exercise 2 Creating Configuration Baselines ................................................................................................................... 164

Exercise 3 Scanning Configuration Manager Clients for Compliance .................................................................. 167

Section 9: Implementing Asset Intelligence in System Center Configuration Manager 2007 ............................. 171

Overview ............................................................................................................................................................................................... 171

What‘s new ........................................................................................................................................................................................... 171

Setup experience ......................................................................................................................................................................... 171

Additional reports ....................................................................................................................................................................... 171

Performance enhancements ................................................................................................................................................... 171

Data enhancements ................................................................................................................................................................... 172

Enabling the Asset Intelligence Reporting Classes .............................................................................................................. 172

A Description of the Different Classes ...................................................................................................................................... 172

Exercise 1 Editing the SMS_Def.mof .................................................................................................................................... 174

Estimating network Impact based on Reporting Classes .................................................................................................. 175

Asset Intelligence Reports .............................................................................................................................................................. 176

Exercise 2 Viewing and Running Reports .......................................................................................................................... 176

Additional Resources ....................................................................................................................................................................... 177

Navigation Within this evaluation kit you will find comprehensive evaluation guidance for System Center Configuration

Manager 2007. In order to better suit your interests we have provided here for you a navigation checklist for

some specific technology areas. Each of these modules is designed to assist you in your evaluation of a more

specific feature that may cross multiple capabilities within the product. We hope this assists you in your

evaluation of Configuration Manager, and we would welcome your comments.

For each of these modules please follow the guidance for more specific sections and exercises.

Windows Vista System Center Configuration Manager 2007 brings incredible value to your desktop estate. From planning,

to deployment, to configuration management once in production, Configuration Manager drives return on

your Windows desktop investment by enabling a secure, well managed infrastructure fabric to support your

increasingly mobile client environment.

We would like you to view the power of Configuration Manager for the desktop by evaluating a few

capabilities. Configuration Manager client deployment, Windows Operating System deployment, Hardware

and Software Inventory, as well as Desired Configuration Management, Software distribution and Software

Update Management are key areas to reducing the cost of your desktops, increasing the security of your

business, and supporting the demands for flexibility and mobility in an ever increasing wireless and mobile

network.

The below exercises will demonstrate for you the features specific to desktop management and security.

Section 1: Exercise 5 – Upgrading Clients to Configuration Manager

Section 2: Exercise 3 – Installing an SCCM Client

Section 2: Exercise 3 – Reporting Configuration Manager 2007 Client Deployment Status

Section 5: Exercise 2 - Creating a Capture Media Task Sequence

Section 5: Exercise 3 - Creating an Image of the Windows Vista Reference Computer

Section 5: Exercise 4 - Deploying an OS Image Using Configuration Manager 2007

Section 5: Exercise 5 - Installing the Image at the Target Client Computer

Section 5: Exercise 6 - Viewing Status for the Image Deployment

Management

Section 7: Exercise 5 - Software Update Deployment Options

The Datacenter System Center Configuration Manager 2007 is not just for desktops. There have been some significant

features developed specifically with a Datacenter focus. From planning and building servers, to deployment

Operating System including provisioning roles and specific capabilities, to managing your servers and

workloads through security, corporate and regulatory compliancy requirements. System Center

Configuration Manager 2007 in your Datacenter helps you gain automation, configuration control, and SLA

performance success by managing your business needs, workload requirements and geographic challenges

from one console.

We would like to highlight for you the abilities Configuration Manager has for your datacenter with some

capability demonstrations highlighted below. Operating System Deployment is a major focus in datacenters

today, and simplifying the management of the steps and tasks associated with server design, build and

provisioning, significantly reduces the costs of server deployment. Managing drivers is another challenge,

and the Driver Catalog brings together the right tools you need to import, manage, collect and distribute the

drivers your hardware needs to be running at peak performance.

Once in production, Configuration Manager drives more value to your datacenter with abilities to manage

your desired configurations, software updates and when change is required, tools to maximize your SLA

agreements scheduling activities to minimize the business impact.

Section 4: Exercise 1 - Configuring Maintenance Windows on Collections

Section 4: Exercise 2 - Implementing the Maintenance Windows on the Configuration Manager Clients

Section 4: Exercise 3 - Distributing Software to the Configuration Manager Clients

Management

Security Security is a large focus for the business of any size, and System Center Configuration Manager 2007 brings

security and control to all aspects of the modern organization. From the desktop to the datacenter,

Configuration Manager weaves seamless security integration across every aspect of its capabilities.

Whether it be deploying updates with an operating system activity, or delivering critical patches in an

explicitly targeted, scheduled fashion, Configuration Manager gives you the ability to blanket your

organization in a controlled manner with only the updates you require. This release of Software Update

Management supports all of the categories from Microsoft, as well as providing the tools to deliver updates

of 3rd party and Line of Business applications to those in office locations, branches and remote or internet

based connections. System Center Configuration Manager supports Network Access Protection in Windows

Server 2008, so for those critical updates you can limit network connectivity until Health Validation is

successful.

But security is not just about delivering updates. Security is also about how processes occur. Using certificate

relationships, introducing network perimeter health validation, encryption of data transfer and storage, as

well as supporting the broad scenarios your end users encounter such as internet connectivity or remote

access points, across desktops, laptops and devices are important to you. Through all of this your business

must remain productive, flexible and efficient – while driving your security to new levels. Configuration

Manager provides you this capability, helping you define process automation, configuration baselines and

update strategies that meet your business needs.

Below we highlight for you some examples of how Configuration Manager improves security for your

business. In the following exercises we will demonstrate these capabilities, and show you how System Center

Configuration Manager 2007 is the best choice for managing your business needs.

Section 2: Exercise 1 - Preparing Active Directory for SCCM 2007 Integration

Section 6: Exercise 1 - Configuring Configuration Manager Integration with WSUS

Section 6: Exercise 2 - Generating Update Status on the Configuration Manager Clien

Section 6: Exercise 3 - Generating Software Update Compliance Reports

Management

Section7: Exercise 1 - Installing the System Center Updates Publisher

Section7: Exercise 2 - Synchronizing Custom Updates with Configuration Manager

Section 7: Exercise 3 - Generating Status of Custom Updates on the Configuration Manager Client

Section 7: Exercise 4 - Generating Software Update Compliance Reports for Custom Updates

Section 8: Exercise 1 - Creating and Importing Configuration Items

Section 8: Exercise 2 - Creating Configuration Baselines

Section 8: Exercise 3 - Scanning Configuration Manager Clients for Compliance

Asset Intelligence Information technology expenditures comprise an increasing portion of IT budgets—IT assets can often

account for more than half of an enterprise‘s total asset base. With the changing nature of today‘s technology

and the complexity of network environments, enterprises find it difficult to track the IT assets they own.

Without an accurate record of their IT assets, it is impossible for enterprises to determine if IT is providing

value and to meet financial, regulatory and license compliance requirements.

System Center Configuration Manager 2007 includes hardware and software inventory and software metering

capabilities that help IT organizations understand exactly what hardware and software assets they have, who

is using them, and where they are. Asset Intelligence translates the inventory data into information, providing

rich reports that IT administrators can use to optimize hardware and software usage. This information is

paramount to organizations planning their Windows Vista upgrade strategy. With Configuration Manager

2007, companies can make informed decisions about their IT assets, improve IT operations and mitigate

compliance risks.

We would like to demonstrate for you the abilities of the Asset Intelligence feature in System Center

Configuration Manager 2007 with some exercises on configuring and reporting. As you navigate through

these exercises, you will be shown how to configure the Asset Intelligence infrastructure as well as learn how

to access the wealth of reports available.

Section 9: Exercise 1 Editing the SMS_Def.mof

Section 9: Exercise 2 Viewing and Running Reports

Branch and Remote Management System Center Configuration Manager 2007 has extended scenario support for today‘s modern business

beyond the corporate network. Infrastructure improvements within Configuration Manager now provide

depth and breadth support to both low bandwidth branch environments, as well as mobile workforces.

Configuration Manager now delivers management services to the branch environment by enabling the ability

to dedicate non server class systems in a branch as part of the distribution infrastructure (such as a desktop

class PC). This drastically reduces the need for remote infrastructure to provide management services to

clients, enabling the ability to extend the secure well managed environment of Configuration Manager to

geographically distributed network locations.

Configuration Manager also has improved the support for the mobile workforce, by providing support for

Internet Based Client Management services. The trend of laptop purchase and remote working increases the

importance of being well managed, and Configuration Manager answers this challenge by using readily

available internet connectivity for management services.

We would like to demonstrate this to you by walking through a collection of exercises that show these

capabilities.

Section 2: Exercise 3 – Installing an SCCM 2007 Client

Section 2: Exercise 4 - Reporting Configuration Manager 2007 Client Deployment Status

Section 4: Exercise 1 - Configuring a Branch Distribution Point

Section 4: Exercise 2 - Distributing Software to the Configuration Manager Client

Introduction

Welcome to the System Center Configuration Manager 2007 Reviewer Guide. The intent of this paper is to

guide you through an evaluation of the product, including:

Configuration

Feature evaluation

The intent of this reviewer‘s guide is to preview the product in a non production environment, and is not

intended for production infrastructure. Due to the testing and potential broadcast or delivery of software

updates, applications, operating systems, or policy, discovery or broadcasting of network traffic, it is not

recommended to utilize this guidance for any real world deployment. For additional support and guidance

on the deployment in production for your organization, please visit the new and improved Technet Technical

library, where all product documentation and guidance is located. The link for this resource is:

http://technet.microsoft.com/en-us/configmgr/default.aspx

Evaluating Configuration Manager 2007 The evaluation of a robust, comprehensive management toolset such as Configuration manager requires

infrastructure to be managed. In other words, simply reviewing an installation of the product may not satisfy

your needs. In order to provide a comprehensive review of Configuration Manager, you may want to perform

actual deployments of software, updates, or operating systems, in addition to reporting.

To better assist your review the structure of this guide has been based on some assumptions for the

evaluation environment.

You have downloaded the evaluation version of System Center Configuration Manager 2007. This

can be found at the following link:

o http://technet.microsoft.com/en-us/configmgr/bb736730.aspx

You have a configured physical or virtual system that meets the minimum requirements of

Configuration Manager.

Your test environment has Active Directory installed

You have appropriate credentials for your test environment.

The Microsoft Virtual Hard Disk Program As an alternative to preparing your own server installation, the VHD program is an option where you can

download a time-bomb version of installed and configured System Center Configuration Manager 2007. If

you have an installed environment ready for evaluation, this guide will still be of use, however exercises such

as Configuration Manager Upgrade or Configuration Manager Install will not need to be done. These are

referred to as ‗Exercise 0‘ in each section.

The Microsoft VHD format is a common virtualization file format that provides a uniform product support

system, and provides more seamless manageability, security, reliability and cost-efficiency for customers.

Using the power of virtualization, you can now quickly evaluate Microsoft and partner solutions through a

series of pre-configured Virtual Hard Disks (VHDs). You can download the VHDs and evaluate them for free in

your own environment without the need for dedicated servers or complex installations. System Center is

represented in this program, and System Center Configuration Manager is available at the following link.

http://www.microsoft.com/downloads/details.aspx?familyid=469af3b8-849d-4400-bded-

9024c3db759f&displaylang=en

Configuration Manager Supported Configurations

Configuration Manager 2007 introduces changes to supported Microsoft Windows client system

requirements from previous versions of Systems Management Server.

Client Hardware Requirements

The following table lists the minimum and recommended hardware requirements for Configuration

Manager 2007 computer clients. For information about device client requirements, see Mobile Device

Client later in this section.

Hardware

Component

Requirement

Processor 233 MHz minimum (300 MHz or faster Intel Pentium/Celeron family, or comparable processor

recommended)

RAM 128 MB minimum (256 MB or more recommended, 384 MB required when using operating

system deployment)

Free Disk

350 MB minimum for a new installation, 265 MB minimum to upgrade an existing client (by

default, the temporary program download folder on clients is preconfigured at client installation

to automatically increase to 5GB if necessary and if 5 GB or more is available.). This space is not

used until required for a download, so not immediately needed.

Supported Client Platforms

Supported Configuration Manager 2007 client installation requires at least Windows 2000 Professional Service

Pack 4.

The following table lists the minimum Configuration Manager 2007 supported client operating systems.

Microsoft provides support on the current service pack, and in some cases the immediately preceding service pack.

To find the support timelines for your product, visit the Lifecycle Supported Service Packs Web site at

http://go.microsoft.com/fwlink/?LinkId=31975. For additional information about Microsoft‘s support lifecycle

policy, visit the Microsoft Support Lifecycle Support Policy FAQ Web site at

http://go.microsoft.com/fwlink/?LinkId=31976.

The following table is a breakdown of the operating system support in System Center Configuration Manager

Operating System x86 x64 IA64

Windows 2000 Professional Service Pack 4 Y N N

Windows XP Professional Service Pack 2 Y N N

Windows XP Professional for 64-bit Systems N Y N

Windows Vista Business Edition Y Y N

Windows Vista Enterprise Edition Y Y N

Windows Vista Ultimate Edition Y Y N

Windows 2000 Server Service Pack 4 Y N N

Windows 2000 Advanced Server Service Pack 4 Y N N

Windows 2000 Datacenter1 Service Pack 4 Y N N

Windows Server 2003 Web Edition, Service Pack 1 Y N N

Windows Server 2003 Standard Edition Service Pack 1 Y Y Y

Windows Server 2003 Enterprise Edition Service Pack 1 Y Y Y

Windows Server 2003 Datacenter Edition1 Service

Pack 1, 2

Windows Server 2003 R2 Standard Edition Y Y Y

Windows Server 2003 R2 Enterprise Edition Y Y Y

Windows Embedded for Point of Service (WEPOS) Y N N

Windows Fundamentals for Legacy PCs (WinFLP) Y N N

Windows XP Embedded SP2 Y N N

Windows XP Tablet PC SP2 Y N N 1Datacenter releases are supported, but not certified, for Configuration Manager 2007. Hotfix support is not

offered for Windows Datacenter Server edition specific issues.

Configuration Manager 2007 support for x64 and IA64 systems is through 32-bit code running on 64-bit

operating systems.

Mobile Device Client

The Mobile Device Client requires 0.78 MB of storage space to install. In addition, mobile device management

logging on the mobile device can require 256 KB of storage space. The mobile device client is supported on

the following platforms:

Windows Mobile for Pocket PC 2003

Windows Mobile for Pocket PC 2003 Second Edition

Windows Mobile for Pocket PC Phone Edition 2003

Windows Mobile for Pocket PC Phone Edition 2003 Second Edition

Windows Mobile Smartphone 2003

Password management is not supported for Windows Mobile Smartphone 2003.

Windows Mobile for Pocket PC 5.0

Windows Mobile for Pocket PC Phone Edition 5.0

Windows Mobile 5.0 Smartphone

Windows CE 4.2 (ARM processor only)

Windows CE 5.0 (ARM and x86 processors)

Windows Mobile 6 Standard

Windows Mobile 6 Professional

Windows Mobile 6 Classic

Password management on Windows Mobile for Pocket PC 5.0, Windows Mobile for Pocket PC Phone Edition 5.0

and Windows Mobile 5.0 Smartphone requires the Messaging and Security Feature Pack (MSPF). For more

information, see the Windows Mobile Messaging and Security Feature Pack web page

(http://go.microsoft.com/fwlink/?LinkId=80392).

Some Configuration Manager 2007 client features, such as operating system deployment, are not supported

for the mobile device client. For more information about managing devices with Configuration Manager, see

Overview of Mobile Device Management (http://technet.microsoft.com/en-us/library/bb632496.aspx).

SMS Client Embedded Operating System Support

Configuration Manager 2007 does not support a specific client for embedded platforms within a Configuration

Manager 2007 hierarchy other than a Microsoft Systems Management Server (SMS) 2003 embedded client

assigned to a child SMS 2003 primary site.

Configuration Manager 2007 Site Server System Requirements Configuration Manager 2007 introduces changes to supported site system requirements from previous versions.

Site System Hardware Requirements

The following table lists the minimum and recommended hardware requirements for Configuration Manager

2007 site systems.

Hardware

Component Requirement

Processor 733 MHz Pentium III minimum (2.0 GHz or faster recommended)

RAM 256 MB minimum (1024 MB or more recommended)

Free Disk Space 5 GB minimum (15 GB or more free recommended if using operating system

deployment)

Supported Site System Platforms Supported Configuration Manager 2007 site system role installation, for roles other than the branch distribution

point and Configuration Manager console, require at least Windows Server 2003 Service Pack 1. Configuration

Manager 2007 does not support site system role installation on servers running Windows 2000 Server or

Windows 2003 Server with no service pack installed.

The following table lists the minimum operating systems required to support the

various Configuration Manager 2007 site system roles.

Microsoft provides support on the current service pack, and in some cases the immediately preceding service

pack. To find the support timelines for your product, visit the Lifecycle Supported Service Packs Web site at

http://go.microsoft.com/fwlink/?LinkId=31975. For additional information about Microsoft‘s support lifecycle

policy, visit the Microsoft Support Lifecycle Support Policy FAQ Web site at

Operating

System

Primary

Server

Secondary

Server

Management

Migration

Distribution

Reporting

Server

Locator

Database

Server

Software

Update

Fallback

status

service

Configuration

Manager

console

Windows XP

Professional

Service

Pack 2

N N N N Y 1 N N N N N N Y

Windows XP

Professional

for 64-bit

Systems

Windows

Business

Edition

Windows

Enterprise

Edition

Windows

Ultimate

Edition

Windows

Server 2003

Web Edition

Service

Pack 1 and 2

N N N N Y N N N N N N Y

Windows

Server 2003

Standard

Edition

Service

Pack 1 and 2

Y Y Y Y Y Y Y Y Y Y Y Y

Windows

Server 2003

Enterprise

Edition Service

Pack 1 and 2

Windows

Server 2003

Standard

Edition Service

Pack 1 and 2

64 bit

Windows

Server 2003

Enterprise

Edition Service

Pack 1 and 2

64 bit

Windows

Server 2003

Datacenter

Edition Service

Pack 1 and 2

Windows

Server 2003

Storage Server

Edition Service

Pack 1 and 2

N N N N Y N N N N N N Y

Windows

Server 2003

R2 Standard

Edition

Windows

Server 2003

R2 Enterprise

Edition

1Only the branch distribution point role is supported for this operating system

Configuration Manager 2007 support for IA64 systems is limited to the remote SQL server role.

Unsupported Client Platforms

The Configuration Manager client is not supported on any operating system prior to Windows 2000 Service Pack 4.

Installing the Configuration Manager client is explicitly not supported on the following operating system versions:

Windows 95

Windows 98

Windows Millennium Edition

Windows XP Media Center Edition

Windows XP Starter Edition

Windows XP Home Edition

Windows XP Professional, with less than Service Pack 2 applied

Windows Vista Starter Edition

Windows Vista Home Basic Edition

Windows Vista Home Premium Edition

Windows NT Workstation 4.0

Windows NT Server 4.0

Windows 2000 Server, Service Pack 3 and earlier

Windows 2003 Server, with no service pack installed

Windows CE 3.0

Windows Mobile Pocket PC 2002

Windows Mobile SmartPhone 2002

Unsupported Site Server Platforms

Configuration Manager 2007 site server roles are not supported on any operating system prior to Windows

Server 2003 Service Pack 1. Configuration Manager 2007 site roles are explicitly not supported on the following

operating system versions:

Windows NT 4.0 Server

Windows 2000 Server

Windows 2003 Server, with no service pack installed

Configuring SQL Server Site Database Replication in Configuration Manager 2007

In SMS 2003, the mppublish.vbs script, supplied with the SMS 2003 installation files, was used to configure

Microsoft SQL Server site database replication between the site database server and SQL Server site database replicas

used to support management points and server locator points. Because Configuration Manager 2007 introduces new

site database views and functions that are not replicated by the mppublish.vbs script, it is not supported for

configuring SQL Server site database replication in Configuration Manager 2007 sites. For information about how to

configure replication to support management points and server locator points, see How to Configure SQL Server Site

Database Replication (http://technet.microsoft.com/en-us/library/bb693697.aspx).

Active Directory Schema Extensions Configuration Manager 2007 Active Directory schema extensions provide many benefits for Configuration Manager

2007 sites, but they are not required. If you have extended your Active Directory schema for SMS 2003, you should

update your schema extensions for Configuration Manager 2007. For more information about extending the Active

Directory schema for Configuration Manager 2007, see How to Extend the Active Directory Schema for Configuration

Manager (http://technet.microsoft.com/en-us/library/bb633121.aspx)..

Multi-Site Clients Configuration Manager 2007 clients can only be assigned and report to one site. When auto assignment is used to

assign clients to a site during client installation, and more than one site has the same boundary configured, the

actual site assignment of a client cannot be predicted. If boundaries overlap across multiple Configuration Manager

2007 or SMS 2003 site hierarchies, clients might not get assigned to the correct site hierarchy or may not even get

assigned to a site at all.

Support for Windows Server Clustering It is supported to install the site database server site system role on a Windows server failover cluster instance. It is

not supported to install Configuration Manager 2007 site servers or any other site system server role on a Windows

Server cluster instance.

Physical node computers of a Windows server cluster instance can be managed as Configuration Manager

2007 clients.

Support for Specialized Storage Technology Storage Area Network Support

Using a Storage Area Network (SAN) is supported as long as a supported Windows server is attached directly to the

volume hosted by the SAN.

Configuration Manager 2007 is designed to work with any hardware that is certified on the Windows Hardware

Compatibility List (HCL) for the version of the operating system that the Configuration Manager component is

installed on.

Configuration Manager 2007 site server roles require NTFS file systems so that directory and file permissions can be

set. Because Configuration Manager 2007 assumes it has complete ownership of a logical drive when it uses naming

conventions, site systems running on separate computers can‘t share a logical partition on any storage technology,

but they could each use their own logical partition on a physical partition of a shared storage device.

For more information about the use of System Area Networks and Configuration Manager 2007, see the following

related Knowledge Base articles:

For information about System Area Networks, see Knowledge Base article 260176 at

For information about the differences between System Area Networks and Storage Area Networks, see

Knowledge Base article 264135 at http://go.microsoft.com/fwlink/?LinkId=66171.

For information about Systems Management Server and Storage Area Networks, see Knowledge Base

article 307813 at http://go.microsoft.com/fwlink/?LinkId=66172.

Single Instance Storage Support

Configuring distribution point package and signature folders to be configured on a Single Instance Storage (SIS)

enabled volume is not supported. It is also not supported for a Configuration Manager 2007 client's cache to be

configured on a SIS enabled volume.

Single Instance Storage (SIS) is a feature of the Microsoft® Windows® Storage Server 2003 R2 operating

system.

Removable Disk Drive Support

It is not supported to install Configuration Manager 2007 site system or client components on a removable disk

drive.

Computers in Workgroups All site servers must be members of a Windows 2000 or Windows 2003 Active Directory domain.

It is not supported to change the domain membership, or computer name, of a Configuration Manager 2007

site system after it is installed.

Configuration Manager 2007 provides support for clients in workgroups. It is also supported for a client to be moved

from a workgroup to a domain or from a domain to a workgroup.

To support workgroup clients, the following requirements must be met:

During client installation, the logged-on user must possess local administrator rights on the workgroup

system. The only account that Configuration Manager 2007 can use to perform activities that require

local administrator privileges is the account of the user that is logged on to the computer.

The Configuration Manager client must be installed from a local source on each client machine. This

requirement ensures a local source for repair and client update application will be available for the client.

Workgroup clients must be able to locate a server locator point for site assignment because they cannot

query Active Directory Domain Services. The server locator point can be manually published in WINS, or

it can be specified in the CCMSetup.exe installation command-line parameters.

Workgroup clients use the Network Access Account, downloaded as part of their machine policy, to

access package source files on distribution points.

Important

Until a workgroup client has been approved in the Configuration Manager console, it will be unable to download

machine policies containing the Network Access Account information.

Although workgroup computers can be Configuration Manager 2007 clients, there are inherent limitations in

supporting workgroup computers:

Workgroup clients cannot reference Configuration Manager 2007 objects published to Active Directory

Domain Services. For workgroup clients to locate their default management point computer, it must be

registered and accessible to workgroup clients in either WINS or DNS.

Active Directory system, user, or user group discovery is not possible.

User targeted advertisements are not possible.

The client push installation method is not supported for workgroup client installation.

Using a workgroup client as a branch distribution point is not supported. Configuration Manager 2007

requires that branch distribution point computers be members of a domain.

Remote Assistance Console Sessions

Console sessions controlled by Remote Assistance are supported, except for simultaneous use of Configuration

Manager Remote Tools.

Invoking Remote Assistance from the Configuration Manager console requires that the Configuration Manager

console computer and the client computer are running one of the following operating systems:

Windows XP SP2

Windows Server 2003 SP1 or later

Windows Server 2003 R2

Windows Vista (supported editions)

Fast User Switching

Fast User Switching, which is available in Windows XP editions not joined to a domain and Windows Vista editions, is

supported in Configuration Manager 2007.

Fast User Switching is not supported for any non-supported client platform capable of Fast User Switching,

such as Windows XP Home and Windows Vista Home editions.

Dual Boot Computers

Configuration Manager 2007 cannot manage more than one operating system on a single computer. If there is more

than one operating system on a computer that must be managed, tailor the discovery and installation methods used

to ensure that the Configuration Manager client is installed only on the operating system that needs to be managed.

Virtual Machines

Configuration Manager 2007 support for virtual machine guest operating systems includes all supported client

operating systems running on Microsoft Virtual PC or Virtual Server 2005 R2.

Configuration Manager 2007 does not support Virtual PC or Virtual Server guests running on Macintosh.

Configuration Manager 2007 cannot manage Virtual PC or Virtual Server guest operating systems unless they are

running. A static Virtual PC image cannot be updated, nor can inventory be collected using the Configuration

Manager client on the host computer.

No special consideration is given to virtual machines. For example, Configuration Manager 2007 might not

determine that an update needs to be re-applied to a virtual machine image if it is stopped and restarted without

saving the version of the image to which the update was applied.

Configuration Manager 2007 supports all site server roles running as virtual machines only on Microsoft Virtual

Server 2005 R2.

Interoperability Between Configuration Manager and SMS 2003 Sites The Configuration Manager console cannot be used to fully manage an SMS 2003 primary site. You can use an

SMS 2003 Administrator console snap-in to manage SMS 2003 primary sites on a computer that does not have the

Configuration Manager console installed or you can install the Configuration Manager console on a computer that

already has the SMS 2003 Administrator console installed on it. There are planning considerations when hosting both

consoles on the same computer that should be considered before installing a Configuration Manager 2007 console

on a computer that already has the SMS 2003 Administrator console installed on it. For more information about

planning for Configuration Manager 2007 console installations, see Planning for the Configuration Manager Console

(http://technet.microsoft.com/en-us/library/bb693800.aspx).

The Configuration Manager console can manage an SMS 2003 secondary site connected to a Configuration Manager

2007 primary parent site, with the following limitations:

You cannot change the accounts or passwords of SMS 2003 secondary sites in the Configuration

Manager console.

You cannot create or configure RAS sender addresses on SMS 2003 secondary sites.

You cannot configure Active Directory Security Group Discovery on an SMS 2003 secondary site.

SMS 2003 clients can be assigned to a Configuration Manager 2007 site, and they will be fully interoperable.

Assigning Configuration Manager clients to SMS 2003 sites is not possible.

Ensure that the boundaries defined for your Configuration Manager site are set properly. When installing

Configuration Manager clients using auto assignment, ensure that Configuration Manager clients are not within the

boundaries of an SMS 2003 site.

Changes in Support from SMS 2003

SQL Server 2005 Service Pack 2 is now required to host the site database. SQL Server 7.0 and SQL

Server 2000 are no longer supported to host the site database.

The site database can be installed on the default or a named instance of SQL 2005 and it is supported to

move the site database back to a local installation of SQL 2005 installed on the site server computer if it

has been moved off of the site server computer previously.

Windows Vista Business, Windows Vista Enterprise, and Windows Vista Ultimate editions are now fully

supported client operating systems.

Section 1 : Upgrading SMS 2003 SP2 to System Center Configuration Manager 2007 Objectives

After completing this section, you will be able to:

Identify an SMS 2003 site.

Use the Configuration Manager Prerequisite Check program to validate the site is ready to

be upgraded.

Prepare the SMS 2003 site for an upgrade to Configuration Manager.

Use Configuration Manager Setup to test the SMS 2003 site database upgrade procedure.

Upgrade SMS 2003 to Configuration Manager.

Identify a Configuration Manager site.

Upgrade SMS 2003 Advanced Clients to Configuration Manager clients.

Prerequisites Before working on this lab, one virtual computer should be running as a Microsoft Windows Server 2003®

SP1 computer installed as an SMS 2003 SP2 primary site server <your Configuration Manager Server>. A

second virtual computer is booted as a Windows XP Professional client installed as an Advanced Client in the

SMS 2003 site <your XP Client>.

Estimated time to complete this section: 75 minutes

Complete this procedure from the primary site server computer only.

To update the collection membership

1. Log on as administrator with a password of password.

2. On the Start menu, click SMS Administrator Console.

The SMS Administrator Console window appears.

3. In the console tree, expand Site Database, expand Collections, and then click All

Systems.

The members of the All Systems collection appear in the details pane. Notice that the site server computer (<yourSMSServer>) and the Windows XP Professional client computer <yourSMSClient>appear as members.

4. On the Action menu, point to All Tasks, and then click Update Collection Membership.

The All Systems message box appears prompting to update subcollection membership.

5. Click OK, and then on the Action menu, click Refresh.

The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed twice. Notice also that one of the instances is listed as being Obsolete and inactive. This is the old reference of the client.

6. In the details pane, click the topmost record for the <yourSMSClient> computer, which

should be listed as an Obsolete client (scroll to the right in the details pane) and then on

the Action menu, click Delete.

A Confirm Delete message box appears prompting to delete the record.

7. Click Yes.

The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed only once.

8. Delete any other obsolete records from the All Systems collection.

9. Update the membership of the All Windows XP Systems collection.

This collection will be used later in this lab to upgrade a client to Configuration Manager

Exercise 1

Identifying an SMS 2003 stallation

In this exercise, you will verify the local site is running SMS 2003 SP2. This will be useful in determining that

your site is running SMS 2003 SP2.

Complete this procedure from the primary site server computer only

To identify the SMS 2003 SP2 site

1. If not already running, on the Start menu, point to All Programs, point to Systems

Management Server, and then click SMS Administrator Console.

The SMS Administrator Console window appears.

2. In the console tree, click Site Database, and then on the Action menu, click About

Systems Management Server.

The About Systems Management Server dialog box appears displaying information about the local site.

3. What version of SMS is displayed?

SMS 2.50 SP2 (4160) which is SMS 2003 SP2

________________________________________________________________________

4. Click OK.

5. In the console tree, expand Site Database, and then click Site Hierarchy.

The local site information appears in the details pane.

6. What version of SMS is installed on the local site server?

2.50.4160.2000 which is SMS 2003

________________________________________________________________________

7. Close the SMS Administrator Console window.

Exercise 2

Preparing to Upgrade SMS 2003 SP2 to Configuration Manager

In this exercise, you will prepare your SMS 2003 site for an upgrade to

Configuration Manager. This will include running the Configuration Manager prerequisite check program to

verify the site can upgrade to Configuration Manager, and testing the SMS site database upgrade. This is

required for upgrade, and will be done automatically as part of the setup. It can also be done manually to

prepare the site prior to stating the upgrade process.

Complete this exercise from the primary site server computer only

To verify the site’s readiness for upgrade to Configuration Manager

1. Start <your SCCM eval download location> Splash.hta found in the <root> of the dir

structure.

The Microsoft System Center Configuration Manager 2007 Start window appears displaying available options. Notice that one of the options under Prepare is the prerequisite checker.

2. Click Run the prerequisite checker.

The Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check Options dialog box appears. Notice that the default option for this site is for upgrade validation, as the checker detected an SMS 2003 site installation.

3. Click OK.

The Microsoft System Center Configuration Manager Installation Prerequisite Check dialog box appears displaying the status of the site prerequisite check. This will take a few minutes to complete. When complete, notice that there are six warnings displayed. Three warnings are for missing updates which are included in Windows Server 2003 SP2 (however the site server is only running Windows Server 2003 SP1). Another warning indicates that the Active Directory schema has not been extended for Configuration Manager. Another warning is for the lack of secure key exchange configured for the current site. The final warning is that the WSUS SDK is not installed on the site server.

4. Under Prerequisite, double-click Schema extensions.

The schema extension test information appears at the bottom of the dialog box. Notice that it states that while this is not required, the site will run with reduced functionality until the AD schema is updated for Configuration Manager. You will update the schema in the next step. Also notice that this is not something that the Configuration Manager Setup program can resolve automatically.

5. Start <your SCCM eval download location> \SMSSetup\Bin\I386\Extadsch.exe.

A command prompt window appears as you extend the Active Directory schema for use by Configuration Manager. When the schema extension process has completed, the command prompt window closes.

6. In the Microsoft System Center Configuration Manager Installation Prerequisite

Check dialog box, click Run Check.

The Microsoft System Center Configuration Manage Installation Prerequisite Check dialog box appears displaying the status of the site prerequisite check. This will take a few minutes to complete. When complete, notice that there are now five warnings displayed. There are three for missing updates, one for secure key exchange, and one for the WSUS SDK. Notice also that the warning for the Active Directory schema extensions is no longer listed. As these are only warnings, and not failures, you can proceed with the upgrade.

7. Click OK to close the Microsoft System Center Configuration Manager Installation

Prerequisite Check dialog box.

In the following procedure, you will create a backup of the SMS 2003 SP2 site database and test the upgrade

of the database.

To create a backup of the SMS site database

1. On the Start menu, point to All Programs, point to Microsoft SQL Server 2005, and

then click SQL Server Management Studio.

A Connect to Server dialog box appears.

2. Click Next to connect to the local SQL Server, <yourSMSServer>.

The Microsoft SQL Server Management Studio window appears.

3. In the tree pane, expand Databases, right-click SMS_sitecode, and then point to Tasks.

A new menu appears.

4. Click Back Up.

The Back Up Database – SMS_sitecode dialog box appears.

5. In the Database box, verify that SMS_sitecode is listed, and then click Add.

The Select Backup Destination dialog box appears.

6. In the File name box, add SMSTest to the end of the supplied path, and then click OK.

The Back Up Database – SMS_sitecode dialog box appears displaying the new backup device.

7. Click OK.

The database is backed up. When complete, a Microsoft SQL Server Management Studio message box appears indicating the backup completed successfully.

8. Click OK.

9. In the tree pane, right-click Databases, and then click New Database.

The New Database dialog box appears.

10. In the Database name box, type <sitecode>Backup and then click OK.

The new database is created. When complete, the list of databases appears in the Microsoft SQL Server Management Studio window.

11. In the tree pane, right-click <sitecode>Backup, and then on point to Tasks.

A new menu appears.

12. Point to Restore, and then click Database.

The Restore Database - <sitecode>Backup dialog box appears.

13. In the From database box, click SMS_<sitecode>.

Notice that the recent backup information appears in the list of backup sets for the <your_db_name> database. Restoring the <your_db_name> backup to the <your_db_name> Backup database will allow you to test the upgrade on the <your_db_name> database, but not upgrade the SMS site database (<your_db_name>).

14. In the To database box, click <sitecode>Backup.

This sets the restore to go from the <your_db_name> database backup to the new <your_db_name> Backup database.

15. In the tree pane, click Options.

The Restore Database - <sitecode>Backup dialog box appears displaying options for the restore process.

16. Under Restore options, click Overwrite the existing database.

17. Under Restore the database files as, click the ellipsis button (…) after SMS_< sitecode

>_Data.MDF.

The Locate Database Files dialog box appears.

18. In the File name box, type <your SCCM install path> \<sitecode>Backup.mdf and then

click OK.

The Restore Database - <sitecode>Backup dialog box appears.

19. Under Restore the database files as, click the ellipsis button (…) after

SMS_<sitecode>__Log.LDF.

The Locate Database Files dialog box appears.

20. In the File name box, type (this is an example location) <systempartition>

\SMSData\<your_db_name> Backup.ldf and then click OK.

The Restore Database - <sitecode>Backup dialog box appears. Notice that both the database and log files are now configured to restore to new files.

21. Click OK.

The database is backed up. When complete, a Microsoft SQL Server Management Studio message box appears indicating the backup completed successfully.

22. Click OK.

23. Close the Microsoft SQL Server Management Studio window.

In the following procedure, you will run Configuration Manager Setup with a special command line option to

test the upgrade of the database.

Complete this procedure from the primary site server computer only. This process can take a number of minutes (potentially 15) depending on the hardware used. If you don‘t want to take the time to complete this test, you can skip this procedure in the lab. However, it is highly recommended that you do perform a database upgrade test in your environment prior to attempting an upgrade.

To test an upgrade of the SMS site database

1. Start a command prompt, and then change to the <your SCCM eval download location>

\SMSSetup\Bin\I386 folder.

A command prompt window appears.

2. In the command prompt window, type

Setup.exe /testdbupgrade <your_db_name>backup

The Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check dialog box appears. Notice that there is a new button available, Begin TestDBUpgrade.

3. Click Begin TestDBUpgrade.

The testing of the database upgrade takes a few minutes to complete. When the database upgrade test completes, a Configuration Manager 2007 message box appears indicating the upgrade was successful.

There is no user interface while the database upgrade test is running. However you can start Task Manager to monitor Setup.exe, as well as to wait for the Configuration Manager 2007 message box to appear when the test has completed.

4. Click OK, and then open C:\ConfigMgrSetup.log.

Notepad appears and displays the contents of the ConfigMgrSetup.log file.

5. Search for <sitecode>backup.

Notepad displays the first occurrence of <sitecode>backup. Notice that the reference is to the testdbupgrade command. A few lines later, notice a reference to ―Testing database upgrade on <sitecode>backup database, on the <yourSMSServer> server‖. These lines are the indication that Setup is being run to test the database upgrade process.

6. Scroll to the bottom of the log file.

7. What is the last line logged in the file?

TestDBUpgrade is done

________________________________________________________________________

If the ConfigMgrSetup.log file displays the success message, your database can be upgraded to Configuration Manager.

8. Close Notepad.

Your site has passed the Configuration Manager Installation Prerequisite Check test, as well as the database upgrade test. Your site should be able to upgrade to Configuration Manager successfully.

Exercise 3

Upgrading SMS 2003 SP2 to Configuration Manager

In this exercise, you will upgrade your SMS 2003 site to Configuration Manager.

To upgrade an SMS 2003 site to Configuration Manager

1. Start <your SCCM eval download location>\Splash.hta.

The Microsoft System Center Configuration Manager 2007 Start window appears displaying available options.

2. Under Install, click Configuration Manager 2007.

The Welcome to the System Center Configuration Manager 2007 Setup Wizard dialog box appears.

3. Click Next.

The Microsoft System Center Configuration Manager 2007 Available Setup Options dialog box displays options for installation, which include an upgrade or uninstall.

4. Click Upgrade an existing Configuration Manager or SMS 2003 Installation, and then

click Next.

The Microsoft System Center Configuration Manager 2007 Microsoft Software License Terms dialog box appears displaying the license agreement. Read the licensing information.

5. Click I accept these license terms, and then click Next.

The Microsoft System Center Configuration Manager 2007 Customer Experience Improvement Program Configuration dialog box appears prompting for participation in the customer experience improvement program. Notice that involvement in the program is not selected by default.

6. Click Next to not participate at this time.

The Microsoft System Center Configuration Manager 2007 Product Key dialog box appears prompting for the product key for installation.

7. In the Key box, if not already supplied, type your product key, and then click Next.

The Microsoft System Center Configuration Manager 2007 Updated Prerequisite

Components dialog box appears prompting for the location of the required client components. Notice that there are two options, one to download the required updates from the Internet, and the other to use a local source of the required files. As we‘re in a VPC environment, the required files have already been downloaded and staged for the lab.

8. Click The latest updates have already been downloaded to an alternate path, and

then click Next.

The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears prompting for the location of the required client components.

9. Click Browse.

The Browse For Folder dialog box appears.

10. Point to <systempartition>\SCCM Downloaded Client Files, and then click OK.

The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears displaying the configured location of the required client components.

11. Click Next.

The Microsoft System Center Configuration Manager 2007 Settings Summary dialog box appears displaying various configuration values to be used during the installation of Configuration Manager.

12. Click Next.

The Configuration Manager Installation Prerequisite Check runs to validate that the computers targeted for Configuration Manager installation meet the requirements for installation. When complete, the Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check dialog box appears indicating the status of the validation process. Notice that there were no problems found with the configuration that will prevent installation.

13. Click Begin Install.

The Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears displaying the status of the individual tasks that must be completed as part of the Configuration Manager installation. This process will take several minutes to complete.

When complete, the Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears indicating that Setup completed each action successfully.

14. Click Next.

The Completing the System Center Configuration Manager 2007 Setup Wizard dialog box appears indicating the site is ready to use.

15. Click Finish.

Exercise 4

Identifying a Configuration Manager Installation

In this exercise, you will verify that your site was successfully upgraded to Configuration Manager 2007.

To identify an Configuration Manager site installation

1. Open <systempartition>\ConfigMgrSetup.log.

Notepad appears and displays the contents of the ConfigMgrSetup.log file.

2. What is the last line logged in the file?

Moving to Finish page. Installation and Configuration processes are done.

________________________________________________________________________

If the ConfigMgrSetup.log file displays the success message, your site was upgraded to Configuration Manager.

3. Close Notepad.

4. On the Start menu, point to All Programs, point to Microsoft System Center, point to

Configuration Manager 2007, and then click ConfigMgr Console.

The Configuration Manager Console window appears displaying the Configuration Manager home page in the results pane.

5. In the tree pane, click Site Database.

The local site‘s home page appears in the results pane. Notice that information is provided on completing the site configuration in order to support Configuration Manager client deployment.

6. In the tree pane, expand Site Database, and then click Site Management.

The local site information appears in the results pane.

7. What version of SCM is installed on the local site server?

4.00.5931.0000 which is Configuration Manager 2007 RTM.

________________________________________________________________________

8. In the tree pane, expand Site Management, expand <sitecode> (like <your_db_name>)

, expand Site Settings, and then click Client Agents.

The list of client agents for the Configuration Manager appears in the results pane. Notice that there are new client agents in Configuration Manager that were not available in SMS 2003, such as Computer Client Agent, Desired Configuration Management Client Agent, Network Access Protection Client Agent, and Software Updates Client Agent.

There are many other differences in the Configuration Manager Console from SMS 2003 to Configuration Manager. You will explore those differences in this and other hands-on labs.

Exercise 5

Upgrading Clients to Configuration Manager

In this exercise, you will upgrade your clients to Configuration Manager 2007. You will upgrade the Advanced

Client running on the Windows XP Professional computer, as well as the client running on the Configuration

Manager site server computer.

To upgrade an Advanced Client from SMS 2003 SP2 to Configuration Manager 2007

using the Client Push Installation Wizard

1. In the tree pane, expand Site Database, expand Computer Management, expand

Reporting, and then click Reports.

The list of reports appears in the results pane. Notice that there are many other reports included with Configuration Manager that were not available in SMS 2003.

2. In the results pane, click Count SMS client versions, and then in the Actions pane, under

Count SMS client versions, click Run.

The Report Options message box appears prompting for the reporting point to use to run the report.

3. Click OK to use the only reporting point in our site.

The results of the Count SMS client versions report appear in the results pane.

4. What different versions of SMS clients are there, and how many of each client type?

There are two SMS 2003 SP2 Advanced Clients (2.50.4160.2000)

________________________________________________________________________

5. Click the arrow to the left of the 2.50.4160.2000.

The Computers with a specific SMS client version report appears in the results pane displays the names of SMS 2003 Advanced Clients in the SMS site database.

6. What computers are currently installed as SMS 2003 SP2 Advanced Clients?

________________________________________________________________________

The Configuration Manager Console window appears.

7. In the tree pane, expand Collections, and then click All Windows XP Systems.

The members of the All Windows XP Systems collection appear in the results pane. Notice that the <yourSMSClient> computer is listed as a member of the collection.

8. In the Actions pane, click Install Client.

The Client Push Installation Wizard dialog box appears.

9. Click Next.

The Client Push Installation Wizard Installation options dialog box appears displaying options for the client installation.

10. Click Always install (repair or upgrade the existing client), and then click Next.

The Completing the Client Push Installation Wizard dialog box appears indicating it is ready to complete the installation.

11. Click Finish.

The Configuration Manager client is remotely installed on the Windows XP Professional client computer. It will take a few minutes before the installation completes to upgrade the client from SMS 2003 SP2 to Configuration Manager.

In the following procedure, you will verify the Windows XP Professional client has upgraded to a

Configuration Manager client.

Complete this procedure from the Windows XP Professional client computer only

To verify the Advanced Client upgrade

2. Start Task Manager.

The Task Manager window appears. Notice that Ccmsetup.exe is running. This is the installation program for the client. When the Advanced Client has been upgraded to Configuration Manager, CcmExec.exe (SMS Agent Host) will appear, and then ccmsetup.exe will terminate.

You can move to the next procedure while the Windows XP client computer is upgrading from SMS 2003 SP2 to Configuration Manager. The upgrade may take a number of minutes to complete, so you begin the process to upgrade the SMS 2003 Advanced Client on the site server and then return here to verify your Windows XP client did indeed upgrade.

3. Close Task Manager, and then in Control Panel, start Configuration Manager.

The Configuration Manager Properties dialog box appears. Notice the SMS Client Version listed. It should display 4.00.5931.0001, which is for Configuration Manager 2007.

4. Click Cancel.

Your SMS 2003 SP2 Advanced Client computer has successfully upgraded to Configuration Manager.

In the following procedure, you will prepare the site to upgrade your the site server computer as a client to a

Configuration Manager client. You will use software distribution to upgrade this client, though you could use

the Client Push Installation Wizard as well.

To prepare Configuration Manager for client upgrade using software distribution

Software Distribution, and then click Packages.

The list of packages in the site appears in the results pane. Notice that there is one package, this was from the SMS 2003 installation and migrated to Configuration Manager.

2. In the Actions pane, click New, and then click Package From Definition.

The Create Package from Definition Wizard dialog box appears.

3. Click Next.

The Create Package from Definition Wizard Package Definition dialog box appears. Notice that there is already a package definition included in Configuration Manager for the Configuration Manager Client Upgrade.

4. Under Package definition, click Configuration Manager Client Upgrade, and then click

The Create Package from Definition Wizard Source files dialog box appears.

5. Click Always obtain files from a source directory, and then click Next.

The Create Package from Definition Wizard Source Directory dialog box appears.

6. Click Local drive on site server, and then click Browse.

7. Open <SMSinstallpath>\Client, and then click OK.

The Create Package from Definition Wizard Source Directory dialog box appears displaying the configured path.

8. Click Next.

The Create Package from Definition Wizard Summary dialog box appears indicating that the wizard is complete.

9. Click Finish.

10. In the tree pane, click Packages, and then in the Actions pane, click Refresh.

The list of packages appears in the details pane. Notice that the Configuration Manager Client Upgrade package is listed.

11. In the tree pane, expand Packages, expand Microsoft Configuration Manager Client

Upgrade 4.0 ALL, and then click Distribution Points.

The list of distribution points for the package appears in the details pane. Notice that there are no distribution points for this package.

12. In the Actions pane, click New Distribution Points.

The New Distribution Points Wizard dialog box appears.

13. Click Next.

The New Distribution Points Wizard Copy Package dialog box appears.

14. Under Distribution points, click <yourSMSServer>, and then click Next.

The New Distribution Points Wizard Wizard Complete dialog box appears indicating that the wizard completed successfully.

15. Click Close.

Software Distribution, and then click Advertisements.

The list of advertisements appears in the results pane. Notice that there are no advertisements in the site.

17. In the Actions pane, click New, and then click Advertisement.

The New Advertisement Wizard General dialog box appears.

18. In the Name box, type Configuration Manager Client Upgrade

19. After Package, click Browse.

The Select a Package dialog box appears displaying the available packages.

20. Click Microsoft Configuration Manager Client 4.0 ALL, and then click OK.

The New Advertisement Wizard General dialog box appears. Notice that the Advanced Client Silent Upgrade program is displayed as the program to advertise.

21. After Collection, click Browse.

The Browse Collection dialog box appears.

22. Under Collections, click All Windows Server 2003 Systems, and then click OK.

The New Advertisement Wizard General dialog box appears displaying the current properties for the advertisement.

23. Click Next.

The New Advertisement Wizard Schedule dialog box appears allowing you to configure a schedule for this advertisement.

24. Click Next to not assign the program.

The New Advertisement Wizard Distribution Points dialog box appears allowing you to configure whether or not the advertisement is run from the distribution point or downloaded before execution.

25. Click Next to run from local distribution points, to not run from slow network boundaries,

and not require the use of protected distribution points.

The New Advertisement Wizard Interaction dialog box appears allowing you to configure whether or not the advertisement displays reminders to the logged on user.

26. Click Display reminders according to the client agent reminder intervals, and then

click Next.

The New Advertisement Wizard Security dialog box appears allowing you to configure security rights for this advertisement.

27. Click Next to use the default security rights.

The New Advertisement Wizard Summary dialog box appears indicating that the wizard has been successfully completed.

28. Click Next.

The New Advertisement Wizard Wizard Completed dialog box appears indicating that the wizard has successfully created the advertisement.

29. Click Close.

The Configuration Manager Console window appears displaying the new advertisement in the results pane.

Verify that the All Windows Server 2003 Systems collection contains <yourSMSServer>.

In the following procedure, you will upgrade the Configuration Manager site server computer to a

Configuration Manager client.

Complete this procedure from the site server as a client computer only

To upgrade the Configuration Manager site server computer using software

distribution

1. In Control Panel, start Systems Management.

The Systems Management Properties dialog box appears.

2. Click the Actions tab.

The Systems Management Properties dialog box displays the available actions for the Advanced Client. Notice the default actions of Discovery Data Collection Cycle, File Collection, Hardware Inventory Cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle.

3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action.

The Advanced Client will request new policies, which will include the policies related to the client upgrade advertisement. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

4. Click OK.

The Systems Management Properties dialog box appears.

5. Click OK.

In two minutes, a New Program Available message box appears in the System Tray.

6. In the System Tray, double-click the New Program Available icon.

The Run Advertised Programs dialog box appears.

7. Under Program Name, click Microsoft Configuration Manager Client Upgrade, and

then click Run.

The Program Download Required dialog box appears.

8. Click Run program automatically when download completes, and then click

Download.

The program is downloaded, and then the upgrade process starts. You can use Task Manager to monitor the installation of the Configuration Manager client. Notice that Ccmsetup.exe is running. This is the installation program for the Configuration Manager client. This program will de-install the SMS 2003 client, and then install the Configuration Manager client. When the Advanced Client has been upgraded, CcmExec.exe (SMS Agent Host) will appear, and then CCMSETUP.EXE will terminate. This process will take a few minutes to complete.

The Run Advertised Programs dialog box appears.

9. Click Close.

You can return to the previous procedure to verify that the Windows XP client computer did upgrade from SMS 2003 to Configuration Manager. The upgrade to a Configuration Manager client will take a number of minutes to complete, so you can verify your Windows XP client did indeed upgrade.

10. Close Task Manager, and then in Control Panel, start Configuration Manager.

The Configuration Manager Properties dialog box appears. Notice the SMS Client Version listed. It should display 4.00.5931.0001, which is for Configuration Manager 2007.

11. Click Cancel.

Your SMS 2003 Advanced Client computers have successfully upgraded to Configuration Manager clients.

In following procedure, you will verify that your clients have upgraded to Configuration Manager.

To verify the Advanced Client upgrades

Reporting, and then expand Visited Reports.

The list of reports previously run appears in the tree pane. Notice that there is one report you had run previously, the ―Count SMS client versions‖ report.

2. In the results pane, under Visited Reports, click Count SMS client versions.

The results of the Count SMS client versions report appear in the results pane.

3. What different versions of SMS clients are there, and how many of each client type?

There are two Configuration Manager 2007 clients (4.00.5931.0001)

________________________________________________________________________

4. Click the arrow to the left of the clients (4.00.5931.0001).

The results of the drill down report action appears in the results pane. Notice that the results pane displays the Configuration Manager clients.

5. What computers are currently installed as Configuration Manager clients?

________________________________________________________________________

6. Close the SMS Report window.

You have now successfully upgraded your SMS 2003 site server, and two of your SMS 2003 clients to Configuration Manager 2007. This process included running the Setup Prerequisite checker to validate the site was ready to be upgraded, as well as performing a test database upgrade process to verify that the SMS site database could be upgraded to Configuration Manager.

Section 2: Deploying System Center Configuration Manager 2007 Objectives

After completing this section , you will be able to:

Prepare Active Directory for Configuration Manager publishing and use.

Install Configuration Manager 2007 using a custom setup.

View status message activity related to site server installation.

Discover computer resources from Active Directory.

Install and configure a fallback status point.

Install a Configuration Manager 2007 client on the Windows XP Professional client.

Install a reporting point

Prerequisites This section is not dependant or connected to Section 1, where we focused on the SMS 2003 upgrade

process.

Before working on this lab, one virtual computer should be started as a Microsoft Windows Server 2003® SP1

computer running as an Active Directory domain controller <yourDeployADServer>. A second virtual

computer is started as a Microsoft Windows Server 2003® SP2 member server to install as an SCCM primary

site server <yourDeploySCCMserver>. This computer has Microsoft SQL Server 2005 installed. The third virtual

computer should be started as a Windows XP Professional SP2 client to be installed as a client in the

Configuration Manager 2007 site <yourDeployClient>.

The requirements for implementing SCCM 2007 (which have all been installed in the lab VPC images, include:

Microsoft Windows Server 2003 SP1 or later in an Active Directory domain

Internet Information Server (IIS) 6.0 or later, with BITS Server Extensions installed and WebDAV

enabled (for management points and BITS-enabled distribution points)

Microsoft SQL Server 2005 SP2 (Standard or Enterprise Edition)

Microsoft Management Console 3.0 or later

Several KB updates

The required client installation files already downloaded in the image if no Internet access is

available

Exercise 1

Preparing Active Directory for SCCM 2007 Integration

In this exercise, you will prepare Active Directory for use with SCCM 2007. You will use a utility to extend the

Active Directory schema for use by SCCM. You will also grant rights for the SCCM site server to publish data

to Active Directory. Finally, you will create an Active Directory site that will be added to the SCCM boundaries

for client management.

Complete this exercise on the virtual computer running as a Windows Server 2003 Active Directory domain controller only.

To extend the Active Directory schema

1. Log on as administrator with your password.

2. Run Extadsch.exe which is documented here.

How to Extend the Active Directory Schema Using ExtADSch.exe

http://technet.microsoft.com/en-us/library/bb680608.aspx

3. A command prompt window appears as you extend the Active Directory schema for use

by Configuration Manager. When the schema extension process has completed, the

command prompt window closes.

4. Open C:\Extadsch.log.

Notepad displays the contents of the Extadsch.log file. This file is created by the Extadsch.exe utility and reports on the Active Directory schema extension process.

There were 14 attributes and 4 classes added to Active Directory.

5. Verify that there are no errors listed in the log, and then close Notepad.

To grant the SCCM site server rights to Active Directory

1. On the Start menu, point to Administrative Tools, and then click Active Directory Users

and Computers.

The Active Directory Computers and Users window appears.

2. On the View menu, click Advanced Features.

The Active Directory Computers and Users window displays additional Active Directory information, including displaying the System container. You will grant rights to the System container to allow the Configuration Manager site server to publish data to Active Directory.

3. In the console tree, expand <yourdomain> , and then click System.

4. On the Action menu, click Properties.

The System Properties dialog box appears.

5. Click the Security tab.

The System Properties dialog box displays the security permissions on the System container. Notice that the Configuration Manager site server computer (<yourSMSServer>) is not listed.

6. Click Add.

The Select Users, Computers, or Groups dialog box appears.

7. Click Object Types.

The Object Types dialog box appears.

8. Under Object types, click Computers, and then click OK.

The Select Users, Computers, or Groups dialog box appears.

9. In the Enter the object names to select field, type <yourSMSServer> and then click OK.

The Select Users, Computers, or Groups dialog box appears. Notice that the Configuration Manager site server computer (<yourSMSServer>) is now listed with Read

rights.

10. Under Permissions for <yourSMSServer>, click Full Control under Allow, and then click

Advanced.

The Advanced Security Settings for System dialog box appears displaying the rights for various accounts.

11. Under Name, click <yourSMSServer>, and then click Edit.

The Permission Entry for System dialog box appears displaying the rights for <yourSMSServer>\$.

12. In the Apply onto field, click This object and all child objects, and then click OK.

The Advanced Security Settings for System dialog box appears.

13. Click OK.

14. Click OK.

The Active Directory Computers and Users window appears. You can leave this window open if you want to view information that Configuration Manager publishes to Active Directory after installation.

In the following procedure, you will create an Active Directory site to integrate with Configuration Manager

as part of its boundaries.

To create an Active Directory site

1. On the Start menu, point to Administrative Tools, and then click Active Directory Sites

and Services.

The Active Directory Sites and Services window appears.

2. In the console tree, click Sites.

The list of AD sites appears in the results pane. Notice the default site name of Default-First-Site-Name.

3. On the Action menu, click New Site.

The New Object – Site dialog box appears.

4. In the Name box, type SCCMSite

5. Under Link Name, click DEFAULTIPSITELINK, and then click OK.

An Active Directory message box appears listing steps that may be required to complete the creation of the new site.

6. Click OK.

The list of sites appears in the details pane. Notice the new site is listed.

7. In the console tree, expand Sites, click Subnets, and then on the Action menu, click New

Subnet.

The New Object – Subnet dialog box appears.

8. In the Address box, type your range

9. In the Mask box, type your subnet

10. Under Select a site object for this subnet, click SCCMSite, and then click OK.

The list of subnets appears in the details pane. Notice the new subnet and its associated site.

11. In the console tree, expand SCCMSite, and then click Servers.

The list of servers for this site appears in the details pane. Notice that there are no servers in this new site.

12. In the console tree, expand Default-First-Site-Name, expand Servers, and then click

<yourADServer>.

This is your domain controller. You will move this to your new site as its server.

13. On the Action menu, click Move.

The Move Server dialog box appears displaying all sites available.

14. Under Site Name, click SCCMSite, and then click OK.

The list of servers for the default site appears in the details pane. Notice that there are no servers in the default site.

15. In the console tree, expand Sites, expand SCCMSite, and then click Servers.

The list of servers for the new site appears in the details pane. Notice that your PDC has been moved to the new site.

16. Close Active Directory Sites and Services.

Exercise 2

Installing Microsoft Configuration Manager 2007

In this exercise, you will install Configuration Manager 2007 using a custom installation. SQL Server 2005 is

already installed on the computer <yourSMSServer>. The installation will implement a mixed mode security

environment.

Complete this exercise on the virtual computer running as a Windows Server 2003 SP2 member only. This is the computer that will be installed as the Configuration Manager site server

To install Configuration Manager 2007

1. Start <your SCCM eval download location> \Splash.hta.

The Microsoft System Center Configuration Manager 2007 Start window appears.

2. Under Install, click Configuration Manager 2007.

The Welcome to System Center Configuration Manager 2007 Setup Wizard dialog box appears.

3. Click Next.

The Microsoft System Center Configuration Manager 2007 Available Setup Options dialog box displays options for installation.

4. Click Install a Configuration Manager site server, and then click Next.

The Microsoft System Center Configuration Manager 2007 Microsoft Software License Terms dialog box appears displaying the license agreement. Read the licensing information.

5. Click I accept these license terms, and then click Next.

The Microsoft System Center Configuration Manager 2007 Installation Settings dialog box appears displaying options for installation.

6. Verify that Custom settings is selected, and then click Next.

The Microsoft System Center Configuration Manager 2007 Site Type dialog box appears displaying options for the type of site to install.

7. Verify that Primary site is selected, and then click Next.

The Microsoft System Center Configuration Manager 2007 Customer Experience Improvement Program Configuration dialog box appears prompting for participation in the customer experience improvement program. Notice that involvement in the program is configured to no participation.

8. As we are in a virtual environment, click Next to decline participation at this time.

The Microsoft System Center Configuration Manager 2007 Product Key dialog box appears prompting for the product key for installation.

9. In the Key box, if not using the evaluation version of Configuration Manager, type your

product key, and then click Next.

The Microsoft System Center Configuration Manager 2007 Destination Folder dialog box appears prompting for destination folder to install Configuration Manager 2007 to.

10. Click Next to accept the default folder of

C:\Program Files\Microsoft Configuration Manager.

The Microsoft System Center Configuration Manager 2007 Site Settings dialog box appears prompting for site information.

11. In the Site Code box, type an appropriate 3 character site code, such as <your_db_name>

(can be whatever you prefer).

12. In the Site Name box, type SCCM 2007 Primary Site, and then click Next.

The Microsoft System Center Configuration Manager 2007 Site Mode dialog box appears displaying setup options for the SCCM security mode.

13. Click Configuration Manager Mixed Mode, and then click Next.

The Microsoft System Center Configuration Manager 2007 Client Agent Selection dialog box appears displaying the available SCCM client agents, and allowing you to enable or disable each as desired.

14. Click Next to enable and configure the selected agents (ensuring that Network Access

Protection is not enabled).

The Microsoft System Center Configuration Manager 2007 Database Server dialog box appears prompting for the SQL Server computer (and instance if required) to use as well as the name of the database for SMS.

15. Click Next to accept the default values of the SCCM site server‘s installation of SQL Server

and SMS_<your_db_name> for the database name.

The Microsoft System Center Configuration Manager 2007 SMS Provider Settings dialog box appears prompting for the computer to install the SMS Provider on.

16. Click Next to use the SCCM site server for the SMS Provider.

The Microsoft System Center Configuration Manager 2007 Management point dialog box appears prompting for the computer to use to install the management point on. Since SCCM requires a management point, setup will install one by default.

17. Click Next to install the management point on the SCCM site server.

The Microsoft System Center Configuration Manager 2007 Port Settings dialog box appears prompting for the HTTP port to configure for use by SCCM.

18. Click Next to use the default HTTP port of 80.

The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Components dialog box appears prompting for the location of the required client components. Notice that there are two options, one to download the required updates from the Internet, and the other to use a local source of the required files. As we‘re in a VPC environment, the required files have already been downloaded and staged for the lab.

19. Click The latest updates have already been downloaded to an alternate path, and

then click Next.

The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears prompting for the location of the required client components.

20. Click Browse.

21. Point to <systempartition>\SCCM Downloaded Client Files (or your location where these

are located), and then click OK.

The Microsoft System Center Configuration Manager 2007 Updated Prerequisite Component Path dialog box appears displaying the configured location of the required client components.

22. Click Next.

The Microsoft System Center Configuration Manager 2007 Settings Summary dialog box appears displaying various configuration values to be used during the installation of SCCM 2007.

23. Click Next.

The Configuration Manager Installation Prerequisite Check runs to validate that the computers targeted for SCCM 2007 installation meet the requirements for installation. When complete, the Microsoft System Center Configuration Manager 2007 Installation Prerequisite Check dialog box appears indicating the status of the validation process. Notice that there were no problems found with the configuration that will prevent installation. There is a warning that no WSUS installation was found. This is required to be able to deploy software updates, but it is not required for the deployment lab, so you can continue.

24. Click Begin Install.

The Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears displaying the status of the individual tasks that must be completed as part of the SCCM 2007 installation. This process will take several minutes to complete.

When complete, the Microsoft System Center Configuration Manager 2007 Setup Action Status Monitoring dialog box appears indicating that Setup completed each action successfully.

25. Click Next.

The Completing the Microsoft System Center Configuration Manager 2007 Setup Wizard dialog box appears indicating the site is ready to use.

26. Click Finish.

In the following procedure, you will use Configuration Manager status messages generated by the site server

installation to verify that the site server installation was successful. You can use this same procedure to view

status messages generated by any Configuration Manager processes.

To view Configuration Manager status messages

1. On the Start menu, point to All Programs, point to Microsoft System Center, point to

Configuration Manager 2007, and then click ConfigMgr Console.

The Microsoft Management Console (MMC) starts, and then the Configuration Manager Console window appears.

2. In the tree pane, expand Site Database, expand System Status, expand Site Status,

expand <yoursitecode>, and then click Site System Status.

The list of Configuration Manager site system roles appears in the results pane with the current status of each site system. Verify that each site system has a status of OK.

3. In the tree pane, click Component Status.

The list of SCCM components and their status appears in the results pane.

4. In the results pane, click SMS_SITE_COMPONENT_MANAGER, and then in the Actions

pane, click Show Messages.

A new menu appears.

5. Click All.

The ConfigMgr Status Message Viewer for <yoursitecode>, window appears. Notice the message with the ID of 1027. It mentions that the site server was configured to receive Configuration Manager server components.

6. Click the message, and then on the View menu, click Detail.

The Status Message Details dialog box appears. Notice the header information for the message, as well as the text under Description.

7. Click OK.

The ConfigMgr Status Message Viewer for <yoursitecode>, window appears.

8. On the File menu, click Exit.

The list of SCCM components appear in the results pane.

9. Display the status messages for SMS_SITE_CONTROL_MANAGER.

The ConfigMgr Status Message Viewer for <yoursitecode>, window appears. You may notice the message with a message ID of 2819. This message indicates that SCCM retains the 100 most recent copies of the site control file. At this point, SCCM has just been installed, however there will have already been some site control file modifications processed.

Notice the message with an ID of 2866. This message indicates the actual site control file copy has been sent to the SMS Hierarchy Manager for addition to the SCCM site database.

From here, you might notice many sets of site control file images being modified. You might see messages with IDs of 2808, 2814, 2813, 2811, and 2865 in each set of site control file modification requests. You will view these messages in later sections of this review.

10. Display the status messages for SMS_HIERARCHY_MANAGER.

The ConfigMgr Status Message Viewer for <yoursitecode>, window appears. You might notice the messages with message IDs of 3306. These messages indicate that Hierarchy Manager has successfully processed a site control file modification and updated the site database.

11. Display the status messages for SMS_WINNT_SERVER_DISCOVERY_AGENT

The ConfigMgr Status Message Viewer for <your_db_name> window appears. You might notice the message with a message ID of 4202. This message indicates one server was discovered and discovery data was written for it. This occurred as a result of installing SCCM site components on the site server computer.

In the following procedure, you will add the Active Directory site to the Configuration Manager 2007

Boundaries.

To configure Configuration Manager to use the new AD site as a boundary

1. In the tree, expand Site Database, expand Site Management, expand <sitecode>,

expand Site Settings, and then click Boundaries.

The list of boundaries for the local site appears in the results pane. Notice that there no default boundaries added to the site.

2. In the Actions pane, click New Boundary.

The New Site Boundary dialog box appears allowing the creation of a new boundary.

3. In the Description box, type Active Directory site for SCCM

4. In the Type box, click Active Directory site, and then click Browse.

The Browse Active Directory sites dialog box appears displaying the available Active Directory sites. Notice that both the default AD site (Default-First-Site-Name) as well the AD site you created earlier (SCCMSite) are displayed.

5. Under Site Name, click SCCMSite, and then click OK.

The New Site Boundary dialog box appears displaying the information specified for the new boundary.

6. Under Network Connection, verify that Fast (LAN) is selected, and then click OK.

Notice that the new AD site (SCCMSite) now appears as a boundary.

Exercise 3

Installing an SCCM 2007 Client

In this exercise, you will install the Configuration Manager 2007 client on the Windows XP Professional client

computer. You will begin by using Active Directory System Discovery to discover the computer from Active

Directory.

Complete this exercise on the virtual computer running as a Windows Server 2003 SP2 SCCM site server unless directed to use another VPC image.

To discover computers from Active Directory

1. In the tree, expand Site Database, expand Site Management, expand <yoursitecode>,

expand Site Settings, and then click Discovery Methods.

The list of discovery methods for the local site appears in the results pane. Notice that there are four discovery methods related to Active Directory.

2. In the results pane, click Active Directory System Discovery, and then in the Actions

pane, click Properties.

The Active Directory System Discovery Properties dialog box appears.

3. Select Enable Active Directory System Discovery, and then click New (the icon

resembles a starburst).

The New Active Directory Container dialog box appears allowing you to specify the use of a local domain, local forest, or custom query for the discovery.

4. Verify that Local domain is selected, and then click OK.

The Select New Container dialog box appears allowing you to specify the container to use for discovery.

5. Select <yourdomainname>, and then click OK.

The Active Directory System Discovery Properties dialog box appears. Notice the distinguished name for the container to search. Also notice that a recursive search will be performed on that container and that groups are excluded.

6. Click the Polling Schedule tab.

The Active Directory System Discovery Properties dialog box displays the default polling schedule for Active Directory System Discovery. Notice that by default, this polling will occur daily.

7. Click Run discovery as soon as possible and then click OK.

In the following procedure, you will verify the results of the Active Directory System Discovery process.

You will need to wait for a moment for the discovery process to complete.

To verify Active Directory System Discovery

1. In the tree pane, expand Site Database, expand Computer Management, and then click

Collections.

The list of collections appears in the results pane.

2. In the tree pane, expand Collections, and then click All Systems.

Notice that there is one member in the All Systems collection currently, that being the Configuration Manager site server.

3. In the Actions pane, click Update Collection Membership.

An All Systems message box appears prompting to update subcollection membership.

4. Click OK.

The collection is updated. It takes a moment before the database is updated with the new collection membership information.

5. In the Actions pane, click Refresh.

The collection membership is updated, and the current membership of the All Systems collection is displayed.

6. Are there any new members in the All Systems collection?

Yes, the local site server (<yourSMSServer>), the domain controller (ADServer) (or DC) and the Windows XP Professional client <yourSMSClient>should have been discovered.

7. Are each of the systems assigned to the site?

Yes, all are listed as being assigned to the site.

If the assigned status still remains listed as No, then verify that you have correctly listed SCCMSite as a boundary for the site.

8. In the results pane, click the Windows XP Professional client, and then in the Actions pane,

under <yourSMSClient>, click Properties.

The <yourSMSClient> Properties dialog box appears displaying discovery properties.

9. What is the discovered AD site name?

SCCMSite, which is the AD site you added as a boundary for the site.

10. Click Close.

In the following procedure, you will create the account necessary to remotely install the Configuration

Manager 2007 client on your Windows XP Professional client computer.

Complete this procedure on the virtual computer running as a Windows Server 2003 Active Directory domain controller only

To create the account required to install the SCCM Client

1. From Administrative Tools, start Active Directory Users and Computers.

The Active Directory Users and Computers window appears.

2. Create a new user with the name of ClientInstall, assign it a password of password,

ensure that the account is not disabled, and that the password does not require changing

at first logon. Note for a simple password to be accepted, ‗complex passwords must be

turned off. For information on how to do this, please visit the Technet article on ‗Account

Passwords and Policies‘ located at http://www.microsoft.com/technet/prodtechnol/windowsserver2003/technologies/security/bpactlck.mspx

3. Add this user as a member of the Domain Admins group.

This is the account that will be used to push the Configuration Manager 2007 client installation to your Windows XP Professional client. It must be a local admin on the client computer. Being a member of Domain Admins is not a requirement, but simplifies the configuration in the lab environment.

In the following procedure, you will configure the account in the Configuration Manager Console to allow

installation of the Configuration Manager 2007 client.

Complete this procedure on the virtual computer running as a SCCM site server only

To configure the Configuration Manager 2007 client account

1. In the tree pane, expand Site Database, expand Site Management, expand

<yoursitecode>, expand Site Settings, and then click Client Installation Methods.

The list of client installation methods appears in the results pane.

2. In the results pane, click Client Push Installation, and then in the Actions pane, click

Properties.

The Client Push Installation Properties dialog box appears. Notice that the installation method is not enabled. It does not need to be enabled for our admin controlled push installation.

3. Click the Accounts tab.

The Client Push Installation Properties dialog box displays accounts to be used to push out the Configuration Manager client software. Notice that there are no accounts listed.

4. Click New (the icon resembles a starburst).

The Windows User Account dialog box appears.

5. In the User name box, type <yoursmsdomain>\ClientInstall

6. In the Password and Confirm password boxes, type password and then click OK.

The Client Push Installation Properties dialog box displays accounts to be used to push out the Configuration Manager client software. Notice that the new account is listed.

7. Click OK.

In the following procedure, you will use the Configuration Manager Console to install a fallback status point.

This is a new site system to Configuration Manager 2007, and is recommended to get client deployment

status reporting.

Complete this procedure on the virtual computer running as a SCCM site server only.

To install a fallback status point

<yoursitecode>, and then expand Site Settings.

The list of configurable site settings appears in the results pane.

2. In the tree pane, expand Site Systems, and then click \\<yourSMSServer>.

The list of site system roles for the site server appears in the results pane. Notice that there are six site system roles assigned to the computer.

3. In the Actions pane, click New Roles.

The New Site Role Wizard General dialog box appears.

4. Verify that Specify a fully qualified domain name (FQDN) for this site system on the

intranet is selected, and then in the Intranet FQDN box, type

5. Click Next.

The New Site Role Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer.

6. Under Available roles, select Fallback status point, and then click Next.

The New Site Role Wizard Fallback Status Point dialog box appears allowing you to configure the fallback status point message processing.

7. In the Throttle interval (in seconds) box, type 360, and then click Next.

You should not use a value of 360 in a production environment as it could cause performance issues when deploying large numbers of clients in a very short period of time. We are doing so in the lab to get our state messages processed more quickly to allow for client deployment reports to be generated in a timely manner.

The New Site Role Wizard Summary dialog box appears indicating that you have successfully completed the wizard.

8. Click Next.

The ‗New Site Role Wizard’ Wizard Completed dialog box appears indicating that SMS is now ready to begin installation of the reporting point.

9. Click Close.

The Configuration Manager Console window appears displaying the site system roles for the computer <yourSMSServer>. Notice that the fallback status point role has been added to the list.

In the following procedure, you will configure clients to use the fallback status point during installation of the

Configuration Manager 2007 client.

Complete this procedure on the virtual computer running as a Configuration Manager site server only.

To configure the use of a fallback status point

<yoursitecode>, expand Site Settings, and then click Client Installation Methods.

The list of client installation methods appears in the results pane.

2. In the results pane, click Client Push Installation, and then in the Actions pane, click

Properties.

The Client Push Installation Properties dialog box appears. Notice that the installation method is not enabled. It does not need to be enabled for our admin controlled push installation.

3. Click the Client tab.

The Client Push Installation Properties dialog box displays the properties to use when performing a client push. Notice that the one default parameter is the SMSSITECODE set to the local site code.

4. Add the following to the existing command line: FSP=<yourSMSServer> and then click

In the following procedure, you will use the Configuration Manager Console to push the installation of the

Configuration Manager client to the Windows XP Professional client.

To install the Configuration Manager client

Collections, and then click All Windows XP Systems.

The members of the All Windows XP Systems collection appear in the results pane. Notice that there are no members of the collection.

The All Windows XP Systems message box appears prompting to update subcollection membership.

3. Click OK.

The collection is updated.

The collection membership is updated, and the current membership of the All Windows XP Systems collection is displayed. This should include the Windows XP Professional client computer, <yourSMSClient>.

5. In the results pane, click <yourSMSClient>.

The Actions pane updates to include actions for the selected resource, in this case, <yourSMSClient>.

6. In the Actions pane, under <yourSMSClient>, click Install Client.

The Client Push Installation Wizard dialog box appears.

7. Click Next.

The Client Push Installation Wizard Installation options dialog box appears displaying options for the client installation.

8. Click Next to accept the default configuration to install the client to assigned resources.

The Completing the Client Push Installation Wizard dialog box appears indicating it is ready to complete the installation.

9. Click Finish.

The Configuration Manager 2007 client is remotely installed on the Windows XP Professional client computer. It will take a few minutes before the installation completes.

In the following procedure, you will verify that the Configuration Manager 2007 client has been installed on

the Windows XP Professional client.

Note Complete this procedure on your Windows XP Professional client computer only. It will take a few

moments for the installation of the SCCM 2007 client to complete. You can use Task Manager to verify the

installation. While ccmsetup.exe is running, the client is being installed. When ccmsetup.exe terminates and

Ccmexec.exe starts, the Configuration Manager 2007 client has been successfully installed.

To verify the Configuration Manager 2007 client installation

2. In Control Panel, double-click Administrative Tools, and then start Services.

The Services window appears.

3. Verify that the SMS Agent Host service has been started.

4. Close Services.

In the following procedure, you will verify that the Windows XP Professional client has reported to the

Configuration Manager site that it is installed as a Configuration Manager 2007 client.

Complete this procedure on the virtual computer running as a Configuration Manager site server only

To verify the reporting of the Configuration Manager 2007 client

The members of the All Windows XP Systems collection appear in the results pane. Notice that the Windows XP Professional computer appears. Also notice that the computer is not listed as being an SMS client.

The All Windows XP Systems message box appears prompting to update subcollection membership.

3. Click OK.

The collection is updated.

The collection membership is updated, and the current membership of the All Windows XP Systems collection is displayed. Notice that the Windows XP Professional client computer now is listed as being installed as a Configuration Manager 2007 client.

Exercise 4

Reporting Configuration Manager 2007 Client Deployment Status

In this exercise, you will install a reporting point for your Configuration Manager site and then run reports to

verify the client deployment success in the site.

Complete this exercise on the site server computer only.

To install a reporting point

<yoursitecode>, and then expand Site Settings.

The list of configurable site settings appears in the results pane.

2. In the tree pane, expand Site Systems, and then click \\<yourSMSServer>.

The list of site system roles for the site server appears in the results pane. Notice that there are seven site system roles assigned to the computer.

4. Click Next.

5. Under Available roles, select Reporting point, and then click Next.

The New Site Role Wizard Reporting Point dialog box appears allowing you to configure the reporting folder and port to use for the reporting point.

6. Click Next to use the default values.

7. Click Next.

The New Site Role Wizard Wizard Completed dialog box appears indicating that SMS is now ready to begin installation of the reporting point.

8. Click Close.

The Configuration Manager Console window appears displaying the site system roles for the computer <yourSMSServer>. Notice that the reporting point role has been added to the list.

9. From Administrative Tools, start Services.

The Services window appears. Verify that the SMS Reporting Point service is installed and running.

10. Close Services.

In the following procedure, you will run a few built in reports to validate that the reporting point is running

successfully and that the client was deployed successfully.

To report Configuration Manager data

The list of reports appears in the results pane.

2. In the results pane, click Computers assigned but not installed for a particular site, and

then in the Actions pane, under Computers assigned but not installed for a particular

site, click Run.

The Report Options message box appears prompting for the reporting point to use to run the report.

3. Click OK to use the only reporting point in our site.

The Computers assigned but not installed for a particular site Report Information report appears in the results pane. As this is a prompted report, you must supply the site code of the site you wish to view computer information for.

4. In the Site Code box, type <sitecode>, and then click Display.

An Internet Explorer window starts and displays the Computers assigned but not installed for a particular site report. Notice that there are two computers discovered and assigned to the site that are not yet clients, those being the domain controller (yourADServer) and the site server (<yourSMSServer>). In your evaluation these may be on the same computer.

5. Close the ConfigMgr Report window.

The Configuration Manager Console window appears displaying the current report parameters.

6. In the tree pane, click Reports.

7. In the results pane, click Client Deployment Status Details, and then in the Actions

pane, under Client Deployment Status Details, click Run.

The Client Deployment Status Details report appears in the results pane. Notice that this report shows the total number of clients with any deployment status (in our case one), the number of successfully deployed clients (in our case one), and the success and failure percentages (in our case 100% success).

8. In the results pane, click Client Deployment Success Report, and then in the Actions

pane, under Client Deployment Success Report, click Run.

The Client Deployment Success Report appears in the results pane. Notice that this report displays that status of each client that was installed. Notice that <yourSMSClient> is listed as a successfully deployed client.

You have now successfully deployed Configuration Manager 2007 in your AD environment, including site systems required for client deployment and successfully installed a client computer.

Section 3: Implementing Branch Distribution Points in System Center Configuration Manager 2007 Objectives

Configure a standard distribution point to support BITS downloads.

Configure a branch distribution point.

Configure a protected site system.

Distribute software to a client to access a branch distribution point.

Prerequisites Before working on this lab, one virtual computer should be booted as a Microsoft Windows Server 2003 SP2

computer installed as a Configuration Manager primary site server <yourSMSServer>. The second virtual

computer could be booted as a Windows XP Professional SP2 client installed as a Configuration Manager

client in the Configuration Manager site <yourSMSClient>.

2. On the Start menu, click ConfigMgr Console.

3. In the tree pane, expand Site Database, expand Computer Management, and then

expand Collections.

4. In the tree pane, click All Systems.

6. Click OK, and then in the Actions pane, click Refresh.

7. In the details pane, click the obsolete record for the <yourSMSClient> computer, and

then in the Actions pane, click Delete.

8. Click Yes.

The collection membership is updated, and the current membership of the All Systems collection is displayed. Notice that the <yourSMSClient> computer is now displayed only once and it is an Active record (not Obsolete).

9. Delete any other Obsolete records from the All Systems collection.

10. Update the membership for the All Windows XP Systems collection.

You have now prepared your images for the lab and may proceed to Exercise 1.

Exercise 1

Configuring a Branch Distribution Point

In this exercise, you will configure a branch distribution point for the site. You will begin by configuring the

distribution point on the site server to support BITS downloads, which is required to support a branch

distribution point.

To configure the distribution point to support BITS downloads

1. If not already running, on the Start menu, click ConfigMgr Console.

<yoursitecode>, expand Site Settings, expand Site Systems, and then click

\\<yourSMSServer>.

The list of site system roles configured for the site server computer are displayed in the results pane. Notice that one of the site system roles configured for the site server is as a distribution point.

3. In the results pane, select ConfigMgr distribution point, and then in the Actions pane,

click Properties.

The ConfigMgr distribution point Properties dialog box appears displaying the current configuration of the distribution point role on the Configuration Manager site server. Notice that the role is not configured to support BITS.

4. Click Allow clients to transfer content from this distribution point using BITS, HTTP

and HTTPS (required for device clients and Internet-based clients), and then click OK.

This configures the distribution point to support BITS downloads to Configuration Manager clients, which includes branch distribution points.

In the following procedure, you will create a new site system as a branch distribution point. You will configure

the Windows XP client to be the branch distribution point.

Complete this procedure from the primary site server computer only in the Configuration Manager Console.

To create a branch distribution point

<yoursitecode>, expand Site Settings, and then click Site Systems.

The list of site systems configured for the site displayed in the results pane. Notice that there is currently only one site system in the site, that being the site server computer.

2. In the Actions pane, click New, and then click Server.

The New Site System Server Wizard General dialog box appears.

3. In the Name box, type <yourSMSClient>

4. Under Intranet FQDN, type <yourSMSClient>.your.domain.path.here.com

5. Click Enable this site system as a protected site system, and then click Select

Boundaries.

The Boundaries dialog box appears displaying the current configuration of protected boundaries for this site system. Notice that there are currently no protected boundaries configured for this site system. Notice also that the boundaries are only applicable to the distribution point and state migration point site system roles.

The New Boundaries dialog box appears displaying the boundaries available for protecting the site system. Notice that the Active Directory site boundary is listed as an available boundary.

7. Under Boundaries, click SCCMSite and then click OK.

The Boundaries dialog box appears displaying the current configuration of protected boundaries for this site system. Notice that the site system is now configured to be protected for only the one Active Directory site that is added as a boundary in the site.

8. Click OK.

The New Site System Server Wizard General dialog box appears.

9. Click Next.

The New Site System Server Wizard System Role Selection dialog box appears displaying the list of site system roles that can be assigned to this computer.

10. Under Available roles, select Distribution point, and then click Next.

The New Site System Server Wizard Distribution Point dialog box appears allowing you to configure the distribution point. Notice that by default, the site system would be a standard distribution point, which is not supported on a Windows XP system.

11. Click Enable as a branch distribution point, and then click Next.

The New Site System Server Wizard Summary dialog box appears indicating that you have successfully completed the wizard.

12. Click Next.

The New Site System Server Wizard Wizard Completed dialog box appears indicating that you have now configured the branch distribution point.

13. Click Close.

The Configuration Manager Console window appears displaying the site systems in the site. Notice that there are now two site systems in the site, the site server (<yourSMSServer>) and the Windows XP client (<yourSMSClient>).

14. In the tree pane, expand Site Systems, and then click \\<yourSMSClient>.

The list of site system roles configured for the site system are displayed in the results pane. Notice that the Windows XP client is configured as a ConfigMgr distribution point and a ConfigMgr site system.

In the following procedure, you will configure the branch distribution point to not perform BITS throttling.

BITS throttling is configured by default and could affect the download of content to the branch distribution

point.

To remove BITS throttling

<yoursitecode>, expand Site Settings, and then click Client Agents.

The list of available client agents appears in the results pane.

2. In the results pane, click Computer Client Agent, and then in the Actions pane, click

Properties.

The Computer Client Agent Properties dialog box appears displaying general properties.

3. Click the BITS tab.

The Computer Client Agent Properties dialog box appears displaying the BITS configuration. Notice that the default configuration is to perform BITS download throttling from 9 am to 5 pm daily. This could cause delays in the download of the content to the branch distribution point.

4. Click Not configured, and then click OK.

The list of available client agents appears in the results pane.

Exercise 2

Distributing Software to the Configuration Manager Client

In this exercise, you will distribute software to the Configuration Manager client. Initially this will fail as the

branch distribution point will not be configured for the package.

To distribute an application to a client

Collections, and then click All Systems.

The list of members of the All Systems collection appears in the results pane. Notice that both computers are installed as clients in the site.

2. In the Actions pane, click Distribute, and then click Software.

The Distribute Software to Collection Wizard dialog box appears.

3. Click Next.

The Distribute Software to Collection Wizard Package dialog box appears providing

options for package creation or distribution.

4. Select Create a new package from a definition, and then click Next.

The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice the default package definitions built into Configuration Manager.

5. If you do not already have the SMS2003 Toolkit, this can be obtained from here.

Systems Management Server 2003 Toolkit

http://www.microsoft.com/downloads/details.aspx?FamilyID=61E4E21F-2652-42DD-A04D-

B67F0573751D&displaylang=en

6. Download and expand this.

7. Click Browse.

The Open dialog box appears.

8. Open <yourdownloadlocation> \SMS2003Toolkit2.msi.

The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice that SMS 2003 Toolkit 2 is displayed.

9. Under Package definition, verify that SMS 2003 Toolkit 2 is highlighted, and then click

The Distribute Software to Collection Wizard Source Files dialog box appears prompting for source file handling instructions.

The Distribute Software to Collection Wizard Source Directory dialog box appears allowing the designation of the source file directory.

12. Click <yourdownloadlocation>, and then click OK.

The Distribute Software to Collection Wizard Source Directory dialog box displays the designated source directory.

13. Click Next.

The Distribute Software to Collection Wizard Distribution Points dialog box appears allowing the designation of distribution points to store the package files. Notice that both the standard (<yourSMSServer>) and branch distribution points <yourSMSClient>are listed.

14. Under Distribution points, select <yourSMSServer>, and then click Next.

For the purposes of this exercise, select only the site server (<yourSMSServer>) as a distribution point. Do not select the branch distribution point (<yourSMSClient>).

The Distribute Software to Collection Wizard Select Program dialog box appears allowing the selection of the program to advertise.

15. Under Programs, click Per-system unattended, and then click Next.

The Distribute Software to Collection Wizard Advertisement Name dialog box appears prompting for a name and comment for the advertisement.

16. Click Next to accept the default name.

The Distribute Software to Collection Wizard Advertisement Subcollection dialog box appears prompting for advertising to subcollections.

17. Click Next to accept the default option of advertising to subcollections as well (even

though we do not have any subcollections).

The Distribute Software to Collection Wizard Advertisement Schedule dialog box appears prompting for a start and expiration time for the advertisement.

18. After Advertise the program after, verify that the current date and time is displayed.

19. Verify No, this advertisement never expires is selected, and then click Next.

The Distribute Software to Collection Wizard Assign Program dialog box appears prompting for program assignments.

20. Verify that No, do not assign the program is selected, and then click Next.

The Distribute Software to Collection Wizard Summary dialog box appears prompting to complete the wizard.

21. Click Next.

The Distribute Software to Collection Wizard Wizard Completed dialog box appears indicating the process was successful.

22. Click Close.

The list of members of the All Systems collection in the results pane.

In the following procedure, you will verify the configuration of the package, program, and advertisement that

were created by the Distribute Software to Collection Wizard. You will also configure the advertisement to

only allow content access from the protected distribution point.

To verify package configuration

1. In the tree pane, expand Computer Management, expand Software Distribution, and

then expand Packages.

The new package appears in the tree pane.

You may need to refresh the display to see the new package.

2. In the tree pane, expand Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English.

The Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English package data appears in the tree pane.

3. In the tree pane, click Programs.

The configured programs for the package appear in the results pane. Notice the Per-system unattended program which you advertised to the client using the Distribute Software wizard.

4. In the tree pane, click Distribution Points.

The distribution points for the package appear in the results pane. Notice only the local site server is listed.

5. In the tree pane, click Advertisements.

You may need to refresh the display to see the new advertisement.

The advertisement for the SMS 2003 Toolkit 2 program appears in the results pane. Notice the Available After time is the date and time the advertisement was created.

6. In the results pane, click SMS 2003 Toolkit 2, and then in the Actions pane under SMS

2003 Toolkit 2, click Properties.

The SMS 2003 Toolkit 2 Properties dialog box appears displaying general properties for the advertisement.

7. Click the Distribution Points tab.

The SMS 2003 Toolkit 2 Properties dialog box appears displaying properties for distribution point access. Notice that the default values are to download from fast network boundaries, and not run from slow network boundaries. Also notice that the default configuration is to not require download from a protected distribution point.

8. Click to clear Allow clients to fallback to unprotected distribution points when the

content is not available on the protected distribution point, and then click OK.

In the following procedure, you will initiate the searching for advertised programs on your Configuration

Manager client computer. For this procedure, you will use the client running on the site server computer.

Complete this procedure from the Configuration Manager client computer on the Configuration Manager site server (<yourSMSServer>) only.

To search for available advertised programs

1. In Control Panel, start Configuration Manager.

The Configuration Manager Properties dialog box appears.

The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle.

The Configuration Manager client will request new policies, which will include the policy related to the advertised program. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

4. Click OK.

5. Click OK.

It will take a couple of minutes, and then the New Program Available icon appears on the system tray.

6. Double-click the New Program Available icon.

The Run Advertised Programs window appears displaying new programs that are available to be installed. Notice that the SMS 2003 Toolkit 2 program is available.

7. Under Program Name, click Microsoft Corporation SMS 2003 Toolkit 2, and then click

A Cannot Run Program message box appears indicating the program can‘t run as the package source files are not available.

8. Click OK.

The Run Advertised Programs window appears displaying new programs that are available to be installed. Notice that the SMS 2003 Toolkit 2 program is available.

9. In the Run Advertised Programs window, refresh the display (use F5).

The Run Advertised Programs window appears. Notice that the SMS 2003 Toolkit advertised program is listed with a status of Failed.

10. Click Close, and then open <systempartition>\Program Files\SMS_Ccm\Logs\Cas.log.

Notepad appears displaying the contents of the Content Access Service log file.

11. Search for matching.

Notepad displays the first occurrence of ―matching‖. Notice that the current line indicates that there was no matching distribution point found for the content location request. We know that the content was distributed to the standard distribution point on the site server. However, as the branch distribution point was protected for the Active Directory site that the client is a member of, the client can only access the content from the branch distribution point. And the branch distribution point does not contain the requested content, and so there is no matching distribution point available for this client.

12. Close Notepad.

In the following procedure, you will view the advertisement status of the advertised program using the

Software Distribution home page to verify the program installation or failure on the clients.

Complete this procedure from the primary site server computer only in the Configuration Management Console.

To report the advertisement status

Software Distribution.

The Software Distribution home page appears in the results pane. Notice that there are no results to display. Status has to be summarized before it appears in the home page.

2. In the Actions pane, click Run Home Page Summarization.

It will take a moment for the summarization process to complete.

The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that both the statistics and graph indicate that one client has not started the advertisement and another client failed.

In the following procedure, you will verify the current distribution points for the package do not include the

branch distribution point, and then add the branch distribution point.

To add the package to the branch distribution point

1. In the tree pane, expand Computer Management, expand Software Distribution,

expand Packages, expand Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English,

and then click Distribution Points.

The distribution points for the package appear in the results pane. Notice only the local site server is listed. Since the advertisement is configured to only use protected distribution points, and the client is within the boundaries of the protected distribution point, the client is unable to run the program as the protected distribution point (branch distribution point) does not contain the content requested.

The New Distribution Points Wizard window appears.

3. Click Next.

The New Distribution Points Wizard Copy Package dialog box appears displaying the distribution points available for this package. Notice that the Windows XP branch distribution point <yourSMSClient>is listed.

4. Under Distribution points, click <yourSMSClient>, and then click Next.

The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard was completed successfully.

5. Click Close.

The distribution points for the package appear in the results pane. Notice that now both distribution points are listed for this package.

In the following procedure, you will force the distribution of the content the branch distribution point. You do

not need to complete this procedure in a production environment, as the content will be distributed to the

branch distribution point automatically. You are going to complete this procedure simply to speed up the

process for the lab.

Complete this procedure from the branch distribution point computer only (<yourSMSClient>).

To distribute the package to the branch distribution point

The Configuration Manager client will request new policies, which will include the policy related to the branch distribution point package location. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

4. Click OK.

5. Click OK.

It will take a couple of minutes, and then the content will begin being downloaded to the branch distribution point.

In the following procedure, you will verify that the content the branch distribution point has requested has

been distributed locally.

Complete this procedure from the branch distribution point computer only (<yourSMSClient>).

To verify the package is distributed to the branch distribution point

1. Start Windows Explorer and then view the contents of drive C.

The contents of the C drive appears. Notice a new folder has been created, SMSPKGC$. This is the folder that the branch distribution point uses to store locally distributed package content.

2. In the console tree, expand <systempartition>\SMSPKGC$, and then click the package

folder (<yoursitecode>packagenumber,).

The contents of the package folder appear in the details pane. Notice that the distributed source files are now available on the branch distribution point.

In the following procedure, you will run the advertised program now that the content is available on the

branch distribution point.

Complete this procedure from the Configuration Manager client computer on the Configuration Manager site server (<yourSMSServer>) only.

To run the advertised program

1. In Control Panel, start Run Advertised Programs.

The Run Advertised Programs window appears. Notice that the SMS 2003 Toolkit advertised program is listed with a status of Failed.

2. Under Program Name, click Microsoft Corporation SMS 2003 Toolkit 2, and then click

A Program Download Required message box appears. By default, in Configuration Manager, advertised programs will be downloaded from the distribution point prior to installation.

3. Click Run program automatically when download completes, and then click

Download.

The program is installed. This is an unattended installation, so you won‘t see any installation occur.

It will take a moment to install the program. Wait a moment before proceeding.

4. In the Run Advertised Programs window, refresh the display (use F5).

The Run Advertised Programs window appears. Notice that the SMS 2003 Toolkit advertised program is listed with a status of Successful.

5. Click Close, and then on the Start menu, point to All Programs.

The list of program is displayed. Notice that a new program group item for the SMS 2003 Toolkit 2 appears.

6. Point to SMS 2003 Toolkit 2.

The list of programs in the SMS 2003 Toolkit 2 program group appears. These were installed through the SMS 2003 Toolkit 2 advertisement.

7. Open <systempartition>\Program Files\SMS_Ccm\Logs\Cas.log.

Notepad appears displaying the contents of the Content Access Service log file.

8. Search for download location found.

Notepad displays the first occurrence of ―download location found‖. Notice that the current line indicates that there was one matching distribution point found for the content location request. Also notice that is lists the FQDN of the distribution point used, in this case <yourSMSClient>.yourdomain.yourdomain.com. To see what type of distribution point was used, you need to look in the LocationServices.log file.

9. Close CAS.log and then open LocationServices.log.

Notepad appears displaying the contents of the Location Service log file.

10. Search for dptype.

Notepad displays the first occurrence of ―dptype‖. Notice that the highlighted line indicates the name and path of the distribution point used. Also notice that this is the Windows XP branch distribution point, as indicated by the name <yourSMSClient>and the DPType (branch).

11. Close Notepad.

Software Distribution home page to verify the program installation on the clients.

The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that both the statistics and the graph indicate that one client has not started the advertisement and another client failed.

The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that both the statistics and the graph indicate that one client still has not started the advertisement and the other client was successful.

You have now successfully implemented a branch distribution point solution in your Configuration Manager environment and verified the ability to retrieve content from the branch distribution point. You also used the Software Distribution home page to validate advertisement status.

In this section, you deployed the package to the branch distribution point via an administrator action (adding the branch distribution point to the package). You could have configured the package for distribute on demand, in which case the package would have been distributed to the branch distribution point automatically after the client requested it. No administrator action would be required to complete the assignment of the branch

distribution point to the package in that scenario.

Section 4: Implementing Maintenance Windows for Software Distribution in System Center Configuration Manager 2007 Objectives

Configure maintenance windows on collections.

Verify software distribution behavior to a client in a collection with a maintenance window

to allow distribution.

Verify software distribution behavior to a client in a collection that is configured with a

maintenance window to restrict distributions.

Prerequisites Before working on this section, one virtual computer should be booted as a Microsoft Windows Server 2003

SP2 computer installed as a Configuration Manager primary site server (<yourSMSServer>. The second

virtual computer is booted as a Windows XP Professional SP2 client installed as a Configuration Manager

client in the Configuration Manager site (<yourSMSClient>). Make a note of your site code for the installed

site. The package you may have deployed in the previous section will already have been created and

distributed. It will reside on the branch DP as well as the standard DP. So, consider a 2nd package for

distribution here, remove the package from all locations, or advertise your package as an uninstall to

complete this section.

expand Collections.

8. Click Yes.

10. Update the membership for the All Windows XP Systems and All Windows Server 2003

Systems collections.

Exercise 1

Configuring Maintenance Windows on Collections

In this exercise, you will configure maintenance windows on collections. You will configure a maintenance

window to prevent software distribution to server computers, and then configure a maintenance window to

allow distribution to Windows XP clients.

To configure a maintenance window to prevent software distribution

Collections, and then click All Windows Server 2003 Systems.

The list of members of the All Windows Server 2003 Systems collection appears in the results pane. Notice that there is one Configuration Manager client in the collection (<yourSMSServer>) but that the Windows XP client <yourSMSClient>is not a member of the collection.

If your collection does not display the site server computer as a member, update the collection membership and then refresh until it does display the site server (<yourSMSServer>).

3. In the Actions pane, click Modify Collection Settings.

The All Windows Server 2003 Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that by default, there are no maintenance windows configured for the collection.

The <new> Schedule dialog box appears allows the configuration of a maintenance window for the collection.

5. In the Name box, type Future window

6. In the Effective date box, set the date to tomorrow.

Make sure you choose tomorrow‘s date, not today.

7. In the Start box, set the starting time to be the top of the current hour.

8. In the End, set the starting time to be the top of the next hour.

You need at least a 15 minute window for this exercise. Make sure your configuration creates a maintenance window that will prevent the server computer from running the advertised program today and has a duration of at least 15 minutes.

9. Click OK.

The All Windows Server 2003 Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that the new maintenance window is displayed for the collection.

10. Click OK.

The list of members of the All Windows Server 2003 Systems collection appears in the results pane.

In the following procedure, you will create a maintenance window that will allow the Windows XP SCCM

client to run an advertised program.

To configure a maintenance window to allow software distribution

The list of members of the All Windows XP Systems collection appears in the results pane. Notice that there is only one Configuration Manager client in the collection <yourSMSClient>and that the server computer (<yourSMSServer>) is not a member of the collection.

The All Windows XP Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that by default, there are no maintenance windows configured for the collection.

4. In the Name box, type Weekly window

5. In the Effective date box, verify that today‘s date is displayed.

6. In the Start box, set the time to the top of the current hour.

7. In the End, set the starting time to be two hours from the current time.

This configuration will create a maintenance window that will allow the Windows XP client to run the advertised program in the next two hours as the window is current. You should not need two hours, but to give yourself plenty of time, you are configuring a two hour window.

8. Click OK.

The All Windows XP Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that the new maintenance window is displayed for the collection.

9. Click OK.

The list of members of the All Windows XP Systems collection appears in the results pane.

In the following procedure, you will view the collections with maintenance windows.

To identify collections with maintenance windows

Collections.

3. In the results pane, if necessary, scroll to the right until you can view the Maintenance

Windows column.

The list of collections appears in the results pane including the listing of whether or not each collection includes a maintenance window. Notice that the two collections you configured earlier are identified as having maintenance windows.

4. In the results pane, drag the Maintenance Windows column to appear after Name.

The Maintenance Windows column now appears right after Name.

5. In the results pane, click the Maintenance Windows column to sort by the maintenance

window attribute.

The Maintenance Windows column now appears sorted by the appropriate value, with the collections containing maintenance windows at the bottom of the display.

In the following procedure, you will view the maintenance windows available to the Configuration Manager

clients using Configuration Manager reporting.

To identify maintenance windows available to a client

2. In the results pane, click Maintenance Windows Available to a Particular Client, and

then in the Actions pane, under Maintenance Windows Available to a Particular

Client, click Run.

The Maintenance Windows Available to a Particular Client Report Information report appears in the results pane. As this is a prompted report, you must supply the computer name of the client you wish to view the maintenance windows for.

3. In the Client Name box, type <yourSMSClient>, and then click Display.

An Internet Explorer window starts and displays the Maintenance Windows Available to a Particular Client report. Notice that there is one maintenance window available to the client. Notice also that this report shows the start time, duration, and other values for the maintenance window.

The Configuration Manager Console window appears displaying the Maintenance Windows Available to a Particular Client Report Information report in the results pane.

Exercise 2

Implementing the Maintenance Windows on the Configuration Manager Clients

In this exercise, you will force the clients to retrieve policies, which will implement the appropriate

maintenance windows on the clients.

Complete this procedure from each of the SCCM clients.

To implement the maintenance windows

The Configuration Manager client will request new policies, which will include the policy related to the maintenance window. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

4. Click OK.

5. Click OK.

It will take a couple of minutes to evaluate and implement the policy.

6. Open C:\Program Files\SMS_CCM\Logs

Notepad appears displaying the contents of the Service Window Manager log file.

7. Search for New service window.

Notepad displays the first occurrence of ―new service window‖. Notice that the current line indicates that there was a new service window policy implemented.

If you are looking at the Windows XP client, you will see lines referring to:

Scheduling the StartTime for today

The duration of two hours

The Active Service Windows list has 1 window

Programs can run

If you are looking at the site server computer, you will see lines referring to:

Scheduling the StartTime for a week from today

The duration of an hour

No windows in the Active Service Windows list

―Scheduling the timer to fire in 0 days, 23 hours…‖.

8. Close Notepad.

Exercise 3

Distributing Software to the Configuration Manager Clients

In this exercise, you will distribute software to the Configuration Manager clients. You will distribute to the All

Systems collection to include both clients.

To distribute an application to the clients

The list of members of the All Systems collection appears in the results pane. Notice that both computers are installed as clients in the site.

2. In the Actions pane, click Distribute, and then click Software.

The Distribute Software to Collection Wizard dialog box appears.

3. Click Next.

The Distribute Software to Collection Wizard Package dialog box appears providing options for package creation or distribution.

4. Select Create a new package from a definition, and then click Next.

The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice the default package definitions built into SCCM 2007.

5. Click Browse.

The Open dialog box appears.

6. Open <download location>\SMS Toolkit\SMS2003Toolkit2.msi.

The Distribute Software to Collection Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice that SMS 2003 Toolkit 2 is displayed.

7. Under Package definition, verify that SMS 2003 Toolkit 2 is highlighted, and then click

The Distribute Software to Collection Wizard Source Files dialog box appears prompting for source file handling instructions.

The Distribute Software to Collection Wizard Source Directory dialog box appears allowing the designation of the source file directory.

10. Click <download location>\SMS Toolkit, and then click OK.

The Distribute Software to Collection Wizard Source Directory dialog box displays the designated source directory.

11. Click Next.

The Distribute Software to Collection Wizard Distribution Points dialog box appears allowing the designation of distribution points to store the package files. Notice that only the site server distribution point (<yourSMSServer>) is listed.

12. Under Distribution points, select <yourSMSServer>, and then click Next.

The Distribute Software to Collection Wizard Select Program dialog box appears allowing the selection of the program to advertise.

13. Under Programs, click Per-system unattended, and then click Next.

The Distribute Software to Collection Wizard Advertisement Name dialog box appears prompting for a name and comment for the advertisement.

14. Click Next to accept the default name.

The Distribute Software to Collection Wizard Advertisement Subcollection dialog box appears prompting for advertising to subcollections.

15. Click Next to accept the default option of advertising to subcollections as well (even

though we do not have any subcollections).

The Distribute Software to Collection Wizard Advertisement Schedule dialog box appears prompting for a start and expiration time for the advertisement.

16. After Advertise the program after, verify that the current date and time is displayed.

17. Verify No, this advertisement never expires is selected, and then click Next.

The Distribute Software to Collection Wizard Assign Program dialog box appears prompting for program assignments.

18. Click Yes, assign the program.

19. In the Assign after box, verify that the current time is listed.

The time configured should fit within the time frame of the maintenance window configured for the All Windows XP Systems collection.

20. Click Next.

The Distribute Software to Collection Wizard Summary dialog box appears prompting to complete the wizard.

21. Click Next.

The Distribute Software to Collection Wizard Wizard Completed dialog box appears indicating the process was successful.

22. Click Close.

The list of members of the All Systems collection in the results pane.

In the following procedure, you will verify the configuration of the package, program, and advertisement that

were created by the Distribute Software to Collection Wizard.

To verify package configuration

1. In the tree pane, expand Computer Management, expand Software Distribution, and

then expand Packages.

The new package appears in the tree pane.

You may need to refresh the display to see the new package.

2. In the tree pane, expand Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English.

The Microsoft Corporation SMS 2003 Toolkit 2 2.50.0 English package data appears in the tree pane.

The configured programs for the package appear in the results pane. Notice the Per-system unattended program which you advertised to the client using the Distribute Software wizard.

4. In the results pane, click Per-system unattended, and then in the Actions pane, click

Properties.

The Per-system unattended Properties dialog box appears displaying general properties for the program. Notice the command line used.

5. Click the Requirements tab.

The Per-system unattended Properties dialog box appears displaying requirements for the program. Notice that the maximum run time is set to unknown. When the program is processed on the client, and ―Unknown‖ value is assumed to be larger than our window, so you need to set the max run time value to fit within our window.

6. In the Maximum allowed run time (minutes) box, type 5 and then click OK.

The configured programs for the package appear in the results pane. Notice that the Per-system unattended program now displays a maximum run time of 5 minutes.

The distribution points for the package appear in the results pane. Notice only the local site server is listed.

8. In the tree pane, click Advertisements.

You may need to refresh the display to see the new advertisement.

The advertisement for the SMS 2003 Toolkit 2 program appears in the results pane. Notice the Available After time is the date and time the advertisement was created.

In the following procedure, you will initiate the searching for advertised programs on your Configuration

Manager client computer. For this procedure, you will use the client running on the Configuration Manager

site server computer.

Complete this procedure from each of the SCCM client computers in the site.

To search for available advertised programs

4. Click OK.

5. Click OK.

If you are looking at the Windows XP client computer, you will see an Assigned Program About to Run icon appears in the system tray.

6. Double-click the Assigned Program About to Run icon.

The Program Countdown Status dialog box appears indicating an assigned program will run within the next five minutes.

7. Click Run.

The program will attempt to install. Since you advertised the ―Per-system unattended‖ program, this will be a silent installation, and you will not see any user interface. The install will only take a minute to complete.

If you are looking at the site server computer, you will not see anything occur, as the program will not run.

In the following procedure, you will verify that the advertised program did indeed run on the Windows XP

client computer.

Complete this procedure from the Windows XP client computer <yourSMSClient>only.

To verify the program installation

1. On the Start menu, point to All Programs.

The All Programs menu appears. Notice that a new menu titled SMS 2003 Toolkit 2 appears.

The SMS 2003 Toolkit 2 menu appears. This is a confirmation that the advertised program did install successfully on the client in the configured service window.

3. Open %Windows%\System32\Ccm\Logs\Execmgr.log.

Notepad appears displaying the contents of the Execution Manager‘s log file.

4. Search for per-system.

The first occurrence of ―per-system‖ is highlighted. Remember that the program you advertised was the per-system unattended program. This line indicates a policy for the per-system unattended program was received.

5. Search for service window.

The first occurrence of ―service window‖ is highlighted. This line indicates that the service window does allow the program to run.

6. Close Notepad.

In the following procedure, you will verify that the advertised program did not run on the Windows Server

2003 client computer.

Complete this procedure from the Windows Server 2003 client computer (<yourSMSServer>) only.

To verify that the program did not install

The All Programs menu appears. Notice that there is no new menu titled SMS 2003 Toolkit 2 as was displayed on the Windows XP client computer.

2. Open <systempartition>\Program Files\SMS_Ccm\Logs\Execmgr.log.

Notepad appears displaying the contents of the Execution Manager‘s log file.

3. Search for per-system.

The first occurrence of ―per-system‖ is highlighted. Remember that the program you advertised was the per-system unattended program. This line indicates a policy for the per-system unattended program was received.

4. Search for service window.

The first occurrence of ―service window‖ is highlighted. This line indicates that the program could not run due to a service window restriction. Notice that the last line in the log indicates the client is waiting for a service window.

5. Close Notepad.

Software Distribution home page to verify the program installation or failure on the clients.

The Software Distribution home page appears in the results pane. Notice that there are no results to display. Status has to be summarized before it appears in the home page.

The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that the graph shows one client successfully ran the advertisement and another client is in a waiting state.

4. In the results pane, under Advertisement, click SMS 2003 Toolkit 2.

The Status of a specific advertisement report appears in the results pane. Notice that there were two clients that received the advertisement, one was successful in running the program, and one that is listed as ―waiting‖.

5. Click the arrow to the left of ―Succeeded‖.

The All system resources for a specific advertisement in a specific state report appears. Notice that one client listed is the Windows XP client <yourSMSClient>and that the last status is ―Program completed with success‖.

6. Click Back, and then click the arrow to the left of ―Waiting‖.

The All system resources for a specific advertisement in a specific state report appears. Notice that the client listed is the Windows Server 2003 client (<yourSMSServer>) and that the last status is ―Waiting for a Service Window‖.

In the following procedure, you will create a maintenance window that will allow all members of the All

Systems collection to run an advertised program.

To configure a maintenance window for All Systems

The list of members of the All Systems collection appears in the results pane. Notice that both clients are members of this collection.

The All Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that by default, there are no maintenance windows configured for the collection.

4. In the Name box, type Daily window

5. In the Effective date box, verify that today‘s date is displayed.

6. In the Start box, set the time to the top of the current hour.

7. In the End, set the starting time to be two hours from the current time.

This configuration will create a maintenance window that will allow the clients to run the advertised program as the window is current. Even though the server computer is a member of another collection with a restricted window, Configuration Manager performs a union of all available windows for the client to identify availability.

8. Under Recurrence pattern, select Daily, and then click OK.

The All Systems Settings dialog box appears displaying maintenance windows for the collection. Notice that the new maintenance window is displayed for the collection.

9. Click OK.

The list of members of the All Systems collection appears in the results pane.

In the following exercise, you will force the clients to retrieve policies, which will implement the appropriate

maintenance windows on the clients.

Complete this procedure from each of the Configuration Manager clients.

To implement the maintenance windows

The Configuration Manager client will request new policies, which will include the policy related to the maintenance window. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

4. Click OK.

5. Click OK.

On the server computer, an Assigned Program About to Run icon appears in the system tray.

6. Double-click the Assigned Program About to Run icon.

The Program Countdown Status dialog box appears indicating an assigned program will run within the next five minutes.

7. Click Run.

The program will attempt to install. Since you advertised the ―Per-system unattended‖ program, this will be a silent installation, and you will not see any user interface. The install will only take a minute to complete.

On the Windows XP client computer, you will see nothing new, as the program has already run.

In the following procedure, you will verify that the advertised program did indeed run on the Windows Server

2003 client computer that failed to run the program earlier.

Complete this procedure from the Windows Server 2003 client computer (<yourSMSServer>) only.

To verify the program installation

The All Programs menu appears. Notice that a new menu titled SMS 2003 Toolkit 2 appears.

The SMS 2003 Toolkit 2 menu appears. This is a confirmation that the advertised program did install successfully on the client in the configured service window.

Software Distribution home page to verify the program installation.

The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that the graph shows one client successfully ran the advertisement and another client is in a waiting state.

The Software Distribution home page appears in the results pane displaying the current advertisements. Notice that the SMS 2003 Toolkit 2 advertisement is displayed. Notice also that the graph shows both clients successfully ran the advertisement.

4. In the results pane, under Advertisement, click SMS 2003 Toolkit 2.

The Status of a specific advertisement report appears in the results pane. Notice that there were two clients that received the advertisement and both were successful in running the program.

5. Click the arrow to the left of ―Succeeded‖.

The All system resources for a specific advertisement in a specific state report appears in the results pane. Notice that both clients are listed with a last status of ―Program completed with success‖.

You have now successfully implemented maintenance windows in Configuration Manager 2007, and verified software distribution behavior using the maintenance windows. You have also used the Software Distribution home page and reports to validate deployment success.

Section 5: Deploying Operating System Images Using System Center Configuration Manager 2007 Objectives

After completing this lab, you will be able to:

Install USMT 3.0 to capture and restore user state information.

Install a Configuration Manager State Migration Point to store user state information.

Create an Operating System Capture Disk.

Image a Windows Vista client computer.

Import the Windows Vista image into Configuration Manager as an OS image package.

Deploy the Windows Vista image to a Windows XP client computer.

Before You Begin In this lab, one virtual computer should be started as a primary site server running Configuration Manager. A

second virtual computer should be running as a Windows Vista Configuration Manager client computer to be

imaged . The final virtual computer is a Windows XP Professional Configuration Manager client to be

upgraded to Windows Vista using the OS deployment feature of Configuration Manager 2007.

There are no requirements for any connections outside the VPC image, and as OSD requires DHCP, you must

configure Virtual PC networking configuration to ―Local only‖.

The site code for the installed site is <yoursitecode>.

expand Collections.

The members of the All Systems collection appear in the details pane. Notice that there are four members in the collection.

7. In the details pane, click the obsolete record for the<yourSMSClient> computer, and

8. Click Yes.

10. Update the collection membership for the All Windows XP Professional Systems

collection.

This collection will be targeted for deployment later in this lab.

Exercise 1

Preparing the Environment for Configuration Manager OSD

In this exercise, you will prepare the Configuration Manager environment for deploying operating system

images using OSD. You will begin by installing the User State Migration Tool version 3.0, which is used by

Configuration Manager 2007 to back up and restore user state information.

Complete this exercise from the primary site server only.

To install USMT 3.0

1. Download User State Migration Tool 3.0 – located at the following link.

http://technet2.microsoft.com/WindowsVista/en/library/91f62fc4-621f-4537-b311-

1307df0105611033.mspx?mfr=true

2. Start <download location>\USMT30\InstallUsmt30_x86_2000andXP.exe.

The Software Update Installation Wizard dialog box appears.

3. Click Next.

The Software Update Installation Wizard License Agreement dialog box appears.

4. Click I Agree, and then click Next.

USMT 3.0 is installed. When complete, the Software Update Installation Wizard dialog box appears indicating the installation was successful.

5. Click Finish.

6. Share the <systempartition>\Program Files\USMT30 folder as USMT, and then grant

administrators full control to the USMT share.

In the following procedure, you will create an account that will be used as the Network Access Account.

Complete this exercise from the site server computer

To create a user account to be assigned as the Network Access Account

1. On the Start menu, point to Administrative Tools, and then click Active Directory Users

and Computers.

The Active Directory Users and Computers window appears.

2. Create a new user named NetworkAccess with a password of password and ensuring

that the password does not have to be changed at next logon.

3. Close Active Directory Users and Computers.

In the following procedure, you will configure the required Network Access Account in the Configuration

Manager Console. This account is used by the client to access the Configuration Manager distribution point

when booted under WinPE.

Complete this exercise from the primary site server with the Configuration Manager Console running and active.

To create a Network Access Account

<yoursitecode>, expand Site Settings, and then click Client Agents.

The list of client agents appears in the results pane.

3. In the result pane, click Computer Client Agent, and then in the Actions pane, click

Properties.

The Computer Client Agent Properties dialog box appears displaying general properties.

4. After Network Access Account, click Set.

The Windows User Account dialog box appears prompting for the account and password to configure as the Advanced Client Network Access Account.

5. In the Name box, type <domainname>\NetworkAccess

The Computer Client Agent Properties dialog box appears displaying properties for the Computer Client Agent.

7. Click OK.

In the following procedure, you will create the Configuration Manager package that OSD will use to install the

Configuration Manager client after distributing the new operating system image.

To create a Configuration Manager Client installation package

The list of packages for the site appears in the results pane. Notice that there are no packages created at this point.

2. In the Actions pane, click New, and then click Package From Definition.

The Create Package from Definition Wizard dialog box appears.

3. Click Next.

The Create Package from Definition Wizard Package Definition dialog box appears allowing you to select the package definition file to use. Notice the default package definitions built into Configuration Manager 2007 include the Configuration Manager Client Upgrade package definition.

4. Under Package definition, click Configuration Manager Client Upgrade, and then click

The Create Package from Definition Wizard Source Files dialog box appears prompting for source file handling instructions.

The Create Package from Definition Wizard Source Directory dialog box appears allowing the designation of the source file directory.

7. Click <systempartition>\Program Files\Microsoft Configuration Manager\Client, and

then click OK.

The Create Package from Definition Wizard Source Directory dialog box displays the configured source directory.

8. Click Next.

The Create Package from Definition Wizard Summary dialog box appears indicating the wizard is ready to create the package.

9. Click Finish.

The wizard completes the package creation and then the Configuration Manager Console appears displaying the packages in the site. Notice that the Configuration Manager Client Upgrade package is displayed.

10. In the tree pane, expand Packages, expand Microsoft Configuration Manager Client

Upgrade, and then click Microsoft Configuration Manager Advanced Client Upgrade.

The package objects appear in the tree pane.

The programs for the package appear in the results pane. Notice that there is only one program for this package, that being a silent upgrade.

The distribution points for this package appear in the results pane. Notice that there are no distribution points assigned to this package yet.

14. Click Next.

The New Distribution Points Wizard Copy Package dialog box appears displaying the list of distribution points for the package.

The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard was successfully completed.

16. Click Close.

The package is copied to the designated distribution point.

In the following procedure, you will create the Configuration Manager package that OSD will use to migrate

user state while distributing the new operating system image.

To create a USMT package

The list of packages in the site appears in the results pane. Notice that there is no package created for USMT.

2. In the Actions pane, click New, and then click Package.

The New Package Wizard General dialog box appears prompting for the package name.

3. In the Name box, type USMT and then click Next.

The New Package Wizard Data Source dialog box appears allowing you to configure source files for the package.

4. Click This package contains source files, and then click Set.

The Set Source Directory dialog box appears displaying the source file location.

6. Click <systempartition>\Program Files\Usmt30, and then click OK.

The Set Source Directory dialog box appears prompting for source file location.

7. Click OK.

The New Package Wizard Data Source dialog box appears displaying the current configuration for the source files for the package.

8. Click Next.

The New Package Wizard Data Access dialog box appears allowing configuration of the access to the package source files.

9. Click Next to accept the default of the standard ConfigMgr package share.

The New Package Wizard Distribution Settings dialog box appears allowing configuration of the download of package source files to branch distribution points.

10. Click Next to accept the default to automatically download to branch distribution points

and complete the wizard.

The New Package Wizard Reporting dialog box appears prompting for the values to use when matching status mif values.

11. Click Next to use the default package properties as the mif matching values.

The New Package Wizard Security dialog box appears prompting for security rights to be created for this package.

The wizard completes the package creation and then the New Package Wizard Summary dialog box appears indicating the wizard completed the package creation.

13. Click Next.

The wizard completes the package creation and then the New Package Wizard Confirmation dialog box appears indicating the package creation was successful.

14. Click Close.

The Configuration Manager Console appears displaying the packages in the site. Notice that the USMT package is displayed in the list of packages.

15. In the tree pane, expand Packages, expand USMT, and then click USMT.

The package options appear in the tree pane.

The programs for the package appear in the results pane. Notice that there are no programs created for the package. You do not need to configure a program for the USMT package.

The distribution points for this package appear in the results pane. Notice that there are no distribution points assigned to this package yet.

19. Click Next.

The New Distribution Points Wizard Copy Package dialog box appears displaying the list of distribution points for the package.

The New Distribution Points Wizard Wizard Completed dialog box appears indicating that the wizard has completed successfully.

21. Click Close.

The package is copied to the designated distribution point.

In the following procedure, you will distribute the boot image package to a distribution point. The boot

image is used to start the computer with WinPE for capturing the operating system image as well as prior to

deploying the operating system image to a system.

To distribute the boot package

Operating System Deployment, and then click Boot Images.

The list of boot images in the site appears in the results pane. Notice that there are two boot images for various platforms.

2. In the tree pane, expand Boot Images, expand Boot image (x86) (assuming x86

systems are used) , and then click Distribution Points.

The distribution points for this package appear in the results pane. Notice that there are no distribution points assigned to this boot image yet.

4. Click Next.

The New Distribution Points Wizard Copy Package dialog box appears displaying the list of available distribution points for the boot image.

6. Click Close.

The boot image is copied to the designated distribution point. As boot images are larger in size, it may take a couple minutes to completely distribute to the distribution point.

In the following procedure, you will create a State Migration Point for the site. The state migration point is

used by USMT to store the state information during operating system image deployment.

To create a state migration point

<yoursitecode>, expand Site Settings, and then click Site Systems.

The list of site systems configured for the site displayed in the results pane.

2. In the tree pane, expand Site Systems, click <yourSMSServer>, and then in the Actions

pane, click New Roles.

3. Click Next.

4. Under Available roles, select State migration point, and then click Next.

The New Site Role Wizard State Migration Point dialog box appears allowing you to configure the state migration point.

The Storage Folder dialog box appears allowing you to configure the drive to use to maintain the user state information. Notice that the default values of a maximum of 100 clients storing state on the state migration point, and the required minimum free disk space of 100 MB. Notice also that by default, state information is removed one day after successful restore.

6. In the Storage folder box, type C:\Userstate and then click OK.

The New Site Role Wizard General dialog box appears displaying the current configuration of the state migration point.

7. Click Next to accept the current configuration to remove the state after 1 day.

8. Click Next.

The New Site Role Wizard Wizard Completed dialog box appears indicating that you have now configured the state migration point and it is currently being installed.

9. Click Close.

The Configuration Manager Console window appears displaying the site systems for the computer. Notice that the state migration point role is now listed for the site system. It will take a minute to install the state migration point.

Exercise 2

Creating a Capture Media Task Sequence

In this exercise, you will create a task sequence that will be used to capture the Windows Vista client

computer image.

Complete this exercise from the site server computer only in the Configuration Manager Console.

To create the Capture Media task sequence

expand Operating System Deployment.

The operating system deployment items appear in the tree pane.

2. In the tree pane, click Task Sequences.

The task sequences for the site appear in the results pane. Notice that there are no task sequences yet. You need to create a task sequence that will allow you to capture an operating system image.

3. In the Actions pane, click Create Task Sequence Media.

The Task Sequence Media Wizard Select Media Type window appears prompting for the type of task sequence media to create: either a standalone, bootable, or capture media type.

4. Click Capture media, and then click Next.

The Task Sequence Media Wizard Media Type dialog box appears prompting for the type of media to create: either a USB flash drive or a CD/DVD.

5. Verify that CD/DVD set is selected.

6. In the Media file box, type C:\Capture.iso and then click Next.

The Task Sequence Media Wizard Boot Image dialog box appears prompting for the boot image to use.

7. Click Browse.

The Select a Boot Image dialog box appears displaying the boot images available.

8. Click Boot image (x86)(assuing x86 systems are used) and then click OK.

The Task Sequence Media Wizard Boot Image dialog box appears displaying the selected boot image and distribution point to use.

9. Click Next.

The Task Sequence Media Wizard Summary dialog box appears indicating the wizard is complete and is ready to create the media.

10. Click Next.

The task sequence media is created. This process will take a couple of minutes to complete. When complete, a ―Task Sequence Media Wizard” Wizard Completed dialog box appears indicating the media was successfully created.

11. Click Close.

The list of task sequence items appear in the tree pane. Notice that the process of creating a task sequence capture media does not create a task sequence in the Configuration Manager Console, but rather the .iso file.

12. Start Windows Explorer, and then display the contents of C:\.

The contents of the folder appear. Notice the Capture.iso file, which can now be burned to a CD for booting on computers to be imaged. In the lab, we will just use the .iso file without creating an actual CD.

In the following procedure, you will copy the OS Capture Media disk to your host computer so it can be

accessed by the reference virtual computer. This would only be done if you are using VPC images. If using

physical systems, burn a CD from the Capture.iso file just created.

To copy the ISO file to the host computer

1. Under the Start menu, right-click the icon that resembles a folder, and then click Share

Folder.

The Browse for Folder dialog box appears.

2. Under My Computer, click Local Disk (C:) and then click OK.

The local host‘s drive C: is connected as drive Z: on the virtual computer.

3. Copy C:\Capture.iso to Z:\.

It may take a couple of moments to copy the Capture.iso file to the host computer.

4. Verify the file was copied to Z:.

5. Under the Start menu, right-click the icon that resembles a folder, and then click Remove

Exercise 3

Creating an Image of the Windows Vista Reference Computer

In this exercise, you will create an image of the reference computer running as a Configuration Manager 2007

client. This lab will use a Windows Vista Business edition client as the reference computer.

Complete this exercise from the Windows Vista client only.

To prepare the client for imaging

2. On the Start menu, right-click Computer, and then click Properties.

The System window appears displaying basic information about the computer. Notice that the computer is a member of a workgroup. Reference systems must be workgroup clients, and not domain members. If your reference system is still a domain member you are required to remove the computer from the domain to create an OS image of the computer.

3. Close the System window.

In the following procedure, you will create an image of the Windows Vista reference computer.

To create a Windows Vista image

1. On the Windows Vista Virtual PC CD menu, click Capture ISO Image.

The Select CD Image to Capture dialog box appears.

2. Click C:\Capture.iso from the host computer, and then click Open. This step is only done

if using VPC images. If using physical systems, insert the CD into the drive.

An AutoPlay dialog box appears prompting to run Run TSMBAutorun.exe.

3. Click Run TSMBAutorun.exe.

The Image Capture Wizard window appears.

4. Click Next.

The Image Capture Wizard Image destination dialog box appears prompting for information regarding the image creation process.

5. In the Destination box, type

\\<yourSMSServer>\<share_you_create_to_store_images>\MyVista.wim

6. In the Account Name box, type <yourdomain>\Administrator, or some other account

that has rights to save to your share in step 5.

7. In the Password box, type <yourpassword> and then click Next.

The Image Capture Wizard Image information dialog box appears prompting for additional information regarding the image.

8. In the Created by box, type your name.

9. In the Version box, type 1.0

10. In the Description box, type Windows Vista master image and then click Next.

The Image Capture Wizard Summary dialog box appears indicating the image creation

process is ready to begin.

11. Click Finish.

An Installation Progress dialog box appears as the computer is prepared for imaging. This process includes automatically running sysprep. When complete, a System Restart message box appears indicating that the system is going to be restarted.

Windows Vista is then shut down and the computer is restarted.

After restarting, Windows PE initializes. When ready, an Installation Progress dialog box appears displaying the progress of the image capture process.

Capturing an image of an operating system is a lengthy process, and may take an hour depending on your hardware.

12. When the client has restarted and begun the capture process, you can close the Windows

Vista client Virtual PC as it is no longer needed. It will likely take anywhere from 30 to 60

minutes to complete.

13. Shut down the Windows virtual PC. When prompted to save changes, click Turn off and

delete changes, and then click OK.

Exercise 4

Deploying an OS Image Using Configuration Manager 2007

In this exercise, you will create a new package and advertisement to deploy the Windows Vista image to the

Windows XP client.

Complete this exercise from the primary site server only.

To create the image package

2. In the tree pane, click Operating System Images.

The operating system images for the site appear in the results pane. Notice that there are no images yet. You need to create an operating system image from the Vista.wim file previously created.

3. In the Actions pane, click Add Operating System Image.

The Add Operating System Image Wizard Data Source dialog box appears allowing you to specify the image file to use.

4. In the Path box, type

\\<yourSMSServer>\<share_you_create_to_store_images>\Vista.wim and then click

The Add Operating System Image Wizard General dialog box appears allowing you to specify the name, version and comment for the operating system image to be created.

5. In the Name box, type Windows Vista

6. In the Version box, type 1.0

7. In the Comment box, type Windows Vista image and then click Next.

The Add Operating System Image Wizard Summary dialog box appears indicating that the operating system image is ready to be created.

8. Click Next.

The Add Operating System Image Wizard Wizard Completed dialog box appears indicating that the wizard completed successfully.

9. Click Close.

The process of creating the package in the Configuration Manager Console can take a number of minutes to complete (approximately three minutes) in a Virtual PC. Remain at this point until the image has been successfully created and the disk activity has stopped.

The list of image packages appears in the results pane. Notice that the Windows Vista image appears.

In the following procedure, you will assign the image to a distribution point to make the image available for

access by Configuration Manager clients.

To add the image to a distribution point

1. In the tree pane, expand Site Database, expand Computer Management, Operating

System Deployment, expand Operating System Images, and then expand Windows

Vista.

The Windows Vista image items appear in the tree pane.

2. In the tree pane, click Distribution Points, and then in the Actions pane, click New

Distribution Points.

3. Click Next.

The New Distribution Points Wizard Copy Package dialog box appears displaying the list of available distribution points for the OS image.

5. Click Close.

The OS image is copied to the designated distribution point. As the OS image is very large in size. It will take several minutes to completely distribute to the distribution point.

You can use the Package Status node under the image to identify when the image package has been distributed to the distribution point. This will take several minutes due to the size of the image. You do not have to wait for it to complete distribution before you move onto the next procedure. However, the image must be distributed to the distribution point before the client attempts to run the advertisement.

In the following procedure, you will create a task sequence to deploy the Windows Vista OS image.

To create an image deployment task sequence

2. In the tree pane, click Task Sequences.

The task sequences for the site appear in the results pane. Notice that there are no task sequences yet. You need to create a task sequence that will allow you to deploy an operating system image.

3. In the Actions pane, click New, and then click Task Sequence.

The New Task Sequence Wizard Create a New Task Sequence window appears prompting for the type of task sequence to create: to deploy an image package, build a reference system or a custom task sequence.

4. Click Next to create a task sequence that will install an existing image package.

The New Task Sequence Wizard Task Sequence Information dialog box appears prompting for the name and description for the task sequence, as well as which boot image to use.

5. In the Task sequence name box, type Install Vista Image

6. In the Comment box, type Installs Windows Vista image and then click Browse.

The Select a Boot Image dialog box appears displaying the boot images available.

7. Click Boot image (x86) (if using x86 systems) and then click OK.

The New Task Sequence Wizard Task Sequence Information dialog box appears displaying the name and description of the task sequence, as well as the boot image to use.

8. Click Next.

The New Task Sequence Wizard Install the Windows Operating System dialog box appears prompting for the image package, licensing, and administrator password to use.

9. Click Browse.

The Select a Package dialog box appears displaying the image packages available.

10. Click Windows Vista 1.0 and then click OK.

The New Task Sequence Wizard Install the Windows Operating System dialog box appears displaying the image package to use. Notice that the default action is to install all images in the package. Also notice that the default configuration is to partition and format the target computer‘s hard disk. That is only required in a bare metal scenario, which we are not performing.

11. If you are doing a bare metal installation, click to clear the Partition and format the

target computer before installing the operating system. If you are deploying to an

existing client this is not needed.

Partitioning and formatting the target computer‘s hard disk is only required in a bare metal scenario. Clearing this option will make the image deployment process faster, especially as the default format is a full format, not a quick format.

12. Click Next to not designate a product key, not specify a licensing mode, and to disable the

local administrator account on the target system.

The New Task Sequence Wizard Configure the Network dialog box appears prompting whether the target system will join a workgroup or domain.

13. Click Join a domain, and then after Domain, click Browse.

The Select a Domain dialog box appears displaying the available domains.

14. Under Domains, click your.domain.path.here.com and then click OK.

The New Task Sequence Wizard Configure the Network dialog box appears displaying the domain the target client should join after installation of the Vista image. Notice that you can also configure a specific OU for the client to join.

15. Click Set.

The Windows User Account dialog box appears prompting for the account and password to configure as the Advanced Client Network Access Account.

16. In the Name box, type <yourdomain>\administrator

The New Task Sequence Wizard Configure the Network dialog box appears displaying the domain the target client should join after installation of the Vista image as well as the account that will be used to add the client to the domain.

18. Click Next.

The New Task Sequence Wizard Install the ConfigMgr client dialog box appears prompting for the package to use for the Configuration Manager client installation, which occurs after the OS image has been deployed.

19. Click Browse.

The Select a Package dialog box appears displaying the packages available.

20. Click Microsoft Configuration Manager Client Upgrade and then click OK.

The New Task Sequence Wizard Install the SMS client dialog box appears displaying the package and program to use for the Configuration Manager client installation. Notice that the installation properties includes the FSP parameter to allow the new client deployment to report deployment state messages.

21. Click Next.

The New Task Sequence Wizard Configure State Migration dialog box appears prompting for configuration of the user state capture process.

22. Click Browse.

The Select a Package dialog box appears displaying the packages available.

23. Click USMT and then click OK.

The New Task Sequence Wizard Configure State Migration dialog box appears displaying the configuration of the user state capture process. Notice that the defaults are to capture user state, save it to the state migration point, capture network settings, and capture Microsoft Windows settings.

24. Click Next.

The New Task Sequence Wizard Include Updates in Image dialog box appears prompting for deployment of software updates. Notice that the default configuration is to not deploy software updates with the image.

25. Click Next to not deploy any software updates in our lab.

The New Task Sequence Wizard Install Software Packages dialog box appears prompting for deployment of software packages after the image has been installed. This is where you‘d configure to add in additional SMS packages, such as Microsoft Office 2007.

26. Click Next to not deploy any software packages in the lab environment.

The New Task Sequence Wizard Summary dialog box appears indicating the wizard has been completed and is ready to create the task sequence.

27. Click Next.

The task sequence is created, and then the New Task Sequence Wizard Wizard Completed dialog box appears indicating that the task sequence was successfully created.

28. Click Close.

The task sequences for the site appear in the results pane. Notice that there is now one task sequence in the site.

In the following procedure, you will advertise the task sequence to deploy the Windows Vista image to the

Windows XP computer.

To advertise the task sequence

1. In the results pane, click Install Vista Image.

The task sequence properties appear at the bottom of the results pane.

2. Click the References tab.

The list of packages used by this task sequence appears in the results pane. Notice that there are four packages used by this task sequence.

3. Start Windows Explorer and verify that each of the four packages are available on the

distribution point.

Do not proceed until the four packages are available on the distribution point.

4. In the Actions pane, click Advertise.

The New Advertisement Wizard General dialog box appears prompting for general properties of the advertisement. Notice that the name defaults to the task sequence name.

5. After Collection, click Browse.

The Browse Collection dialog box appears.

6. Click All Windows XP Systems, and then click OK.

The New Advertisement Wizard General dialog box appears prompting for general properties of the advertisement.

7. Click Next.

The New Advertisement Wizard Schedule dialog box appears prompting for the advertisement schedule.

8. Click New (the toolbar icon resembles a star burst).

The Assignment Schedule dialog box appears.

9. Click OK to create a schedule for the current date and time.

The New Advertisement Wizard Schedule dialog box appears displaying the advertisement schedule.

10. Click Next.

The New Advertisement Wizard Distribution Points dialog box appears prompting for how the task sequence will access any content that is required.

11. Click Next to allow content to be downloaded when needed by the task sequence, to not

allow access to remote distribution points, and require the use of protected distribution

points if available.

The New Advertisement Wizard Interaction dialog box appears prompting for how the user will interact with the task sequence.

12. Click Next to not allow the user to run the program as an optional program prior to the

mandatory schedule and to display progress of the task sequence.

The New Advertisement Wizard Security dialog box appears prompting for security rights for the task sequence.

The New Advertisement Wizard Summary dialog box appears indicating the wizard has been completed successfully and is ready to create the advertisement.

14. Click Next.

The advertisement is created, and then the New Advertisement Wizard Wizard Completed dialog box appears indicating the advertisement was successfully created.

15. Verify that all processes were completed successfully, and then click Close.

The task sequences for the site appear in the results pane. Notice that there is now one task sequence in the site.

Exercise 5

Installing the Image at the Target Client Computer

In this exercise, you will install the Windows Vista image on the Windows XP client computer. You will begin

by verifying the current client configuration.

Complete this exercise from the Windows XP client only.

To verify the current configuration

17. On the Start menu, right-click My Computer; and then click Properties.

18. What operating system is listed for the client computer?

Microsoft Windows XP Professional Service Pack 2.

________________________________________________________________________

19. Click Cancel.

In the following procedure, you will install the Windows Vista image.

To install the operating system image

The Configuration Manager Properties dialog box displays the available actions for the client.

The client will request new policies, which will include the policy related to the advertised task sequence. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

4. Click OK.

5. Click OK.

It will take two minutes for the policy to be evaluated and the Assigned Program About to Run notification to be displayed. Remain at this point until the Assigned Program About to Run notification appears.

6. Double-click the Assigned Program About to Run icon on the system tray.

The Program Countdown Status dialog box appears indicating a program is about to run.

7. Click Run.

An Installation Progress message box appears as the Windows Vista operating system image is installed on the Windows XP client computer.

It will take a number of minutes for the Windows Vista image to be deployed to the computer (approximately 60 minutes). It will automatically restart in the middle of this process. Notice that Windows PE is started and initialized to install the image. After the system reboots into Window PE, the Installation Properties message box appears displaying the progress bar for installing the image, you can shut down the Windows XP virtual PC image and not wait for the image installation process to occur.

If you do cancel the deployment, you can still complete the next exercise to report on the operating system deployment progress. If you do let the image continue the installation process, the computer will restart, automatically run through Windows setup to apply configuration settings, and then finally reboot again into Windows Vista.

In the following procedure, you will verify that the Windows Vista image was installed successfully.

To verify the operating system image installation

1. Log on to <yourdomain> as administrator.

2. Notice that the wallpaper on the desktop is for Windows Vista, and not Windows XP. Also

notice that the Welcome Center window appears. In Control Panel, start System.

3. What operating system is listed for the client computer?

Microsoft Windows Vista.

________________________________________________________________________

4. Close the System Properties dialog box and then start Administrative Tools.

The Administrative Tools window appears.

5. Double-click Services.

The Services window appears.

6. What SMS services are installed on the client computer?

The SMS Agent Host and SMS Task Sequence Agent services. These services indicate a Configuration Manager client installation.

________________________________________________________________________

7. Close the Services and Administrative Tools windows.

Exercise 6

Viewing Status for the Image Deployment

In this exercise, you will view status messages for the image installation.

Complete this exercise from the Configuration Manager primary site server only.

To verify the image deployment

Operating System Deployment.

The Operating System Deployment home page appears in the results pane. Notice that there are no results to display unless the scheduled summarization process of hourly has already occurred.

The home page for operating system deployment is summarized. This will take a moment to complete.

The Operating System Deployment home page appears in the results pane. Notice that there is now one task sequence that has been advertised. You will also notice that a chart has been created to the right of the list of task sequence advertisements. The chart will indicate the state of the advertised task sequence. In our case, we only have one computer targeted, so the chart shows the state of that one computer – running, failed, succeeded, etc.

4. In the results pane, under Advertisement, click Install Vista Image.

The Status summary of a specific task sequence advertisement report appears in the results pane. This report displays the status for this task sequence advertisement. The status of the task sequence advertisement depends on the state of the image deployment: canceled, running, or completed.

5. Click the arrow to the left of the one execution state listed.

The All system resources for a specific task sequence advertisement in a specific state report appears in the results pane. This report displays the clients who are reporting the specific execution state you drilled into. Notice that the report displays the last status message ID as well as the description of the last status message.

6. Click the arrow to the left of <yourSMSClient>.

The History - Specific task sequence advertisements run on a specific computer report appears in the results pane. This report displays the status for each task sequence step executed on the client computer. The task sequence steps displayed depends on the state of the image deployment: canceled, in progress, or completed.

You should at least see messages with IDs of 10035, 10002, 10005 and 11140. Many others could be available after this one, depending on how far you allowed the process to complete.

You have now successfully configured your Configuration Manager site for an OS image deployment, prepared and captured your Windows Vista reference system, created the appropriate task sequence to deploy the image, and upgraded your Windows XP client to Windows Vista.

Section 6: Managing Microsoft Updates with System Center Configuration Manager 2007 Objectives

Configure integration between WSUS 3.0 and Configuration Manager.

Analyze required updates.

Distribute an update using Configuration Manager.

Use Configuration Manager Reporting to report update status.

Before You Begin In this lab, you need a Configuration Manager primary site server and a Configuration Manager client. These

could be the same computer. You can have additional Configuration Manager clients if you want to scan for

and deploy updates to multiple client platforms. The systems needed for this section include a Windows

Server 2003 SP2 site server configured as a WSUS 3.0 server (<yourSMSServer>) and a Windows XP SP2

Professional client.

1. Log on as administrator .

expand Collections.

8. Click Yes.

Exercise 1

Configuring Configuration Manager Integration with WSUS

In this exercise, you will configure Configuration Manager to integrate with WSUS 3.0 in order to scan for, and

deploy, updates to the Configuration Manager clients. You will begin by configuring the WSUS 3.0 computer

as a Configuration Manager software update point.

Complete this procedure from primary site server computer only.

To verify the installation of WSUS 3.0

1. From Administrative Tools, start Services.

The Services window appears displaying the services installed locally.

2. What services are installed that indicate that Windows Server Update Services is installed

locally?

Update Services and WsusCertServer

________________________________________________________________________

3. Close Services.

In the following procedure, you will configure the WSUS 3.0 server as a software update point for

Configuration Manager.

Complete this procedure from the primary site server only.

To configure a software update point

1. If not already running, start the Configuration Manager Console.

<yoursitecode>, expand Site Settings, and then expand Site Systems.

The list of site systems appears in the tree pane. Notice that there is only one site system, that being the site server (<yourSMSServer>).

3. In the tree pane, click <yourSMSServer>.

The list of site system roles for the Configuration Manager site server appears in the tree pane. Notice that there are eight roles implemented, none having to do with software updates. This server is the WSUS server, so you will need to add the site system role to perform the role of the software update point.

5. Click Next.

6. Under Available roles, select Software update point, and then click Next.

The New Site Role Wizard Software Update Point dialog box appears allowing you to configure the proxy server to use for access to the update content if needed.

7. Click Next to not configure the use of a proxy server.

The New Site Role Wizard Active software update point settings dialog box appears allowing you to configure the software update point as the active software update management point for the Configuration Manager site, and to configure the port to use when interacting with WSUS.

8. Click Use this server as the active software update point, and then click Next.

The New Site Role Wizard Synchronization source dialog box appears displaying settings for synchronization with the software update point. Notice that the default configuration is to synchronize with Microsoft Updates. Since you are in a virtual environment without Internet access and will perform manual synchronization, you will change the configuration.

9. You may want to choose to synchronize from Microsoft Update or an upstream

update server. Select this option only if the export/import function is used to obtain

software update definitions and then click Next.

The New Site Role Wizard Synchronization schedule dialog box appears allowing you to configure the schedule to synchronize updates from WSUS with Configuration Manager. Notice that by default, the software update point does not synchronize with the WSUS server automatically.

10. Click Next to not schedule synchronization.

The New Site Role Wizard Update classifications dialog box appears displaying the various product categories of updates that are available in Configuration Manager for reporting and deployment. Notice that by default, security updates, service packs, and update rollups are to be managed by Configuration Manager. Notice also that there is a message at the bottom of the dialog box indicating that you can‘t modify the update classifications when you are not configured to sync from a source. You may want to sync additional classifications such as critical updates.

11. Click Next.

The New Site Role Wizard Products dialog box appears allowing you to configure the various Microsoft software products that can be updated by Configuration Manager. Notice that there is a message at the bottom of the dialog box indicating that you can‘t modify the products when you are not configured to sync from a source.

12. Click Next.

The New Site Role Wizard Languages dialog box appears displaying the languages that content will be managed for through Configuration Manager. Notice that multiple languages are enabled by default. To make the synchronization and management process of updates quicker, you will clear all languages except the local language.

13. Under Update File, clear each language as appropriate, leaving only the local language

(such as English), and then click Next.

14. Click Next.

The New Site Role Wizard Wizard Completed dialog box appears indicating that you have now configured the software update point.

15. Click Close.

The Configuration Manager Console window appears displaying the site systems in the site in the results pane. Notice that the computer is configured as a ConfigMgr component server, a ConfigMgr distribution point, a ConfigMgr fallback status point, a ConfigMgr management point, a ConfigMgr reporting point, a ConfigMgr site server, a ConfigMgr site system, a ConfigMgr software update point and a ConfigMgr site database server.

In the following procedure, you will verify the configuration of the ConfigMgr software update point was

successful.

To verify the software update point role

1. Open <systempartition>\Program Files\Microsoft Configuration Manager\Logs\

SUPSetup.log.

Notepad appears displaying the contents of the Configuration Manager software update point installation log. Notice that the log indicates that the required WSUS version was detected, and that the installation was successful.

2. Close the SUPSetup.log, and then open

<systempartition>\Program Files\Microsoft Configuration Manager\Logs\

WSUSCtrl.log.

Notepad appears displaying the contents of the Configuration Manager WSUS Control Manager‘s log. Notice that the log indicates there was a successful connection to the WSUS server, and that the local database connection was successful.

You have now successfully installed an Configuration Manager software update point on the WSUS 3.0 server.

In the following procedure, you will force synchronization of the Configuration Manager site database with

updates from the software update point.

To force catalog synchronization

Software Updates.

The home page for software updates appears in the results pane. Notice that by default, the home page displays current compliance for security updates for the current month. Also notice that there are no results to display, as no synchronization has occurred yet.

2. In the tree pane, expand Software Updates, and then click Update Repository.

The updates synchronized with Configuration Manager are displayed in the results pane. Notice that by default, no updates are listed. This is due to the fact that synchronization has not yet occurred.

3. In the tree pane, click Update Repository, and then in the Actions pane, click Run

Synchronization.

A Run Update Synchronization message box appears prompting to run the synchronization process on the site.

4. Click Yes.

The synchronization process is initiated. This process may take some time to complete. There is no visual indication that the process has completed, so you‘ll need to view status messages or Configuration Manager log files to verify that the process has completed successfully.

expand <sitecode>, and then click Component Status.

The list of Configuration Manager server components and their current status appears in the results pane.

6. In the results pane, click WSUS_Sync_Manager, and then in the Actions pane, click Show

Messages.

A new menu appears.

7. Click All.

The ConfigMgr Status Message Viewer for <your_db_name> window appears displaying the status messages for the WSUS Sync Manager. Notice the most recent messages with IDs of 6701, 6705 and 6702. These messages indicate the sync process has started, is in progress, and completed, respectively.

9. Open <systempartition>\Program Files\Microsoft Configuration Manager\Logs\

Wsyncmgr.log.

Notepad appears displaying the contents of the WSUS Sync Manager‘s log file.

10. Search for synchronizing.

Notepad displays the first occurrence of the text ―synchronizing‖. Notice that the line indicates that the synchronization process is happening with Configuration Manager and the WSUS server <yourSMSServer>. On later lines of the log, notice the following processes occurring:

Successful connection to the local WSUS server

Requested localization languages – one for each language configured in WSUS (likely only English in the lab)

Requested update classification – one for each type of update to be managed (multiple different classifications in the lab)

Synchronizing updates – this begins the process of synchronization of individual updates (numerous pages of updates being synchronized in the lab)

Done synchronizing SMS with WSUS Server <yourSMSServer> – signals the end of the synchronization process

Updated x items in SMS database – the number depends on the specific lab configuration, catalog, etc. There should be some updates in the Configuration Manager database.

11. Close Notepad.

The Configuration Manager Console appears.

Software Updates.

The home page for software updates appears in the results pane. Notice that there currently is not information to display.

This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a moment to complete.

Wait a moment here to allow the summarization process to complete before refreshing. If you refresh and the data is not update, wait another moment and then proceed.

This will refresh the data in the software updates home page.

15. In the tree pane, expand Software Updates, click Update Repository, and then in the

Actions pane, click Refresh.

This will update the Update Repository node to include Critical Updates and Service Packs.

16. In the tree pane, expand Software Updates, expand Update Repository, expand Critical

Updates, and then click All Updates.

The critical updates synchronized with Configuration Manager are displayed in the results pane. Notice that there are now may be some critical updates that have been synchronized with Configuration Manager from WSUS.

17. In the tree pane, expand Software Updates, expand Update Repository, expand Service

Packs, and then click All Updates.

The service packs synchronized with Configuration Manager are displayed in the results pane. Notice that there are now may be some service packs that have been synchronized with Configuration Manager from WSUS.

Exercise 2

Generating Update Status on the Configuration Manager Client

In this exercise, you will force the client to run a software updates scan cycle. This will cause the client to scan

for updates through WSUS, and then store the information in WMI. Configuration Manager will then

automatically send the data to the Configuration Manager site through state messages.

Complete this procedure from the Configuration Manager client computer. If you have multiple computers in the site, you can complete this procedure on all clients.

To force the software updates scan cycle on the client

The Configuration Manager Properties dialog box displays the available actions for the client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory Cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, Software Updates Scan Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle.

3. Click Software Updates Scan Cycle, and then click Initiate Action.

If the ―Software Updates Scan Cycle‖ task does not appear, you can force a policy retrieval cycle ―Machine Policy Retrieval & Evaluation Cycle‖, wait two minutes, and then check again.

The client will force a scan for software updates. A Software Updates Scan Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

4. Click OK.

5. Click OK.

It will take at least 15 minutes (the default for state message forward interval) for the client to be scanned, and the results to be returned to the Configuration Manager site through state messages.

In the following procedure, you will verify that the Configuration Manager client computer has successfully

reported software update compliance data.

Complete this procedure from the primary site server with the Configuration Manager Console running. Do not begin this procedure for a few minutes to allow time for the client to complete the scan process.

To view results of the software updates scan cycle

Software Updates.

The home page for software updates appears in the results pane. Notice that the home page displays current compliance for security updates for the current month.

By default, Configuration Manager only summarizes the software updates information every four hours. By forcing the summarization process, you will get up to date information more quickly.

Wait a moment here to allow the summarization process to complete before refreshing. If you refresh and the data is not update, wait another moment and then proceed.

4. In the results pane, configure the Vendor to <your_variable_here>, configure the

Update classification to Critical Updates, configure the Month and year to August,

2007, and then click Go.

The Software Update Compliance Status Summary information appears in the details pane.

The critical updates synchronized with Configuration Manager are displayed in the results pane. Notice that there are now may be some critical updates that have been synchronized with Configuration Manager from WSUS. Also notice the status of each update with the number of systems requiring this update (should be two clients) and the number of not compliant (zero) systems.

6. In the tree pane, expand Software Updates, expand Update Repository, expand Service

Packs, and then click All Updates.

The service packs synchronized with Configuration Manager are displayed in the results pane. Notice that there now may be some service packs that have been synchronized with Configuration Manager from WSUS and all are listed as required updates for both clients.

Exercise 3

Generating Software Update Compliance Reports

In this exercise, you will use generate reports for analysis and reporting of software update status.

Complete this exercise from the Configuration Manager site server.

To generate an update status report for software updates

expand Reporting.

The available Configuration Manager Reporting tool functions appear in the tree pane.

The list of available reports appears in the results pane. Notice that there are 353 reports available.

3. In the results pane, click Compliance 6 - Specific computer, and then in the Actions

pane, click Run.

The Compliance 6 - Specific computer Report Information appears in the results pane. Notice this is a prompted report, and requires the computer name, with vendor and update class as optional attributes.

4. In the Computer Name box, type the name of the Configuration Manager client you want

to report on (it can be either of the clients).

5. Click Display.

A ConfigMgr Report window appears. Notice the list of updates available for the Configuration Manager client computer. Notice the information in the report includes the vendor, update class, bulletin ID, article ID, title, whether the computer is compliant with the update, the update ID, and an information URL.

The Compliance 6 - Specific computer Report Information appears in the results pane displaying the designated computer name, vendor and update class.

The list of available reports appears in the results pane.

8. In the results pane, click Management 1 - Updates required but not deployed, and

then in the Actions pane, click Run.

The Management 1 - Updates required but not deployed Report Information appears in the results pane. Notice this is a prompted report, and requires the collection to report on and the vendor and update class.

9. After Collection ID, click Values.

The Select Value dialog box appears displaying the list of available collections.

10. Click All Systems.

The Management 1 - Updates required but not deployed Report Information appears in the results pane allowing configuration of the prompted values.

11. After Vendor, click Values.

A Select Value dialog box appears displaying the available vendors. In our case, the options are <your_variable_here> , Local Publisher and Microsoft.

12. Click Lab.

13. After Update Class, click Values.

A Select Value dialog box appears displaying the available update classes. Notice that the classes are the same as configured in SCCM for synchronization with WSUS.

14. Click Critical Updates.

The Management 1 - Updates required but not deployed Report Information appears in the results pane displaying the configured prompted values.

15. Click Display.

A ConfigMgr Report window appears. Notice the report displays information for the appropriate update, including the article ID, bulletin ID, title, the number of client‘s requiring the update, and information URLs for the collection members. Notice also that some updates are listed as being required but not yet deployed.

The Management 1 - Updates required but not deployed Report Information appears in the results pane.

Exercise 4

Distributing Software Updates Using Configuration Manager Software Update Management

In this exercise, you will distribute a specific update using Configuration Manager and the software updates

management feature. The lab procedures will use a synthetic update.

Complete this procedure from the Configuration Manager site server with the Configuration Manager Console running.

To distribute the update to the Configuration Manager client

The information for all critical updates appears in the results pane. Notice that there may be some updates available.

2. In the Look for box, type English update and then click Find Now.

The results for the search for English updates appear in the results pane. Notice that there are now leses updates displayed in the results pane, filtered from the original updates.

3. Under Title, notice you can also multi-select here to view greater details or pursue specific

actions.

Configuration Manager supports multi-selection of items in most nodes. Notice that in the lower portion of the Actions pane, under Description, is displayed a message that three items are selected.

4. In the Actions pane, click Update List.

The Update List Wizard Update List dialog box appears allowing you to select an existing update list or create a new one.

5. Click Create a new update list.

6. In the Name box, type <an_update_name>

7. In the Description box, type <an_update_name>

8. Click Next.

The Update List Wizard Security dialog box appears allowing you to configure security on the update list.

9. Click Next.

The Update List Wizard Summary dialog box appears indicating the wizard has all the information it needs to successfully complete.

10. Click Next.

The ―Update List Wizard” Wizard Completed dialog box appears indicating the wizard successfully completed.

11. Click Close.

The Configuration Manager Console appears.

12. In the tree pane, expand Software Updates, expand Update Lists, and then click

<your_update_name>

The list of software updates in the update list appears in the results pane.

13. In the Actions pane, click Deploy Software Updates.

The Deploy Software Updates Wizard General dialog box appears.

14. In the Name box, type <your_update_name>

15. In the Description box, type <your_update_name>and then click Next.

The Deploy Software Updates Wizard Deployment Template dialog box appears prompting to create a deployment template for distributing software updates.

16. Click Next to create a new deployment definition.

The Deploy Software Updates Wizard Collection dialog box appears prompting for the collection to be targeted with the update.

17. Click Browse.

The Browse Collection dialog box appears displaying the collections in the site.

18. Under Collections, click All Systems, and then click OK.

The Deploy Software Updates Wizard Collection dialog box appears displaying the designated collection to be targeted with the updates.

19. Click Next.

The Deploy Software Updates Wizard Display/Time Settings dialog box appears allowing you to configure whether notifications will be displayed to the user, whether displayed time is the client time or UTC, and how of a time period do users have to deploy mandatory updates before forced on the computer.

20. Click Next to accept the default values to display user notifications, use UTC, and allow

two weeks before updates become mandatory.

The Deploy Software Updates Wizard Restart Settings dialog box appears allowing you to configure the reboot behavior when updates require a system restart, including whether or not reboots should occur outside any configured maintenance windows. Notice that the default is not to suppress restarts and that restarts can not occur outside maintenance windows.

21. Under Suppress the system restart on, click Servers, and then click Next.

The Deploy Software Updates Wizard Event Generation dialog box appears allowing you to configure whether or not any failure in the update deployment will generate a Windows event.

22. Click Next to not generate a Windows event in the case of a failure.

The Deploy Software Updates Wizard Update Binary Download – ConfigMgr Client Settings dialog box appears allowing you to configure whether or not clients can install updates when in slow network boundaries, or when the client‘s protected distribution point does not contain the update content.

23. Click Next to not support slow network boundaries and to allow fallback to unprotected

distribution points.

The Deploy Software Updates Wizard Create Template dialog box appears allowing you to save the configuration as a deployment template. Doing so will make deployment of future updates much quicker, as you can use the template and not have to respond to configure all the settings you have done so on the last set of wizard pages.

24. In the Template name box, type Standard update deployment template

25. In the Template description box, type Normal software update deployments with

suppression for servers

26. Click Next.

The Deploy Software Updates Wizard Deployment Package dialog box appears prompting to name the new deployment package to add the updates to. Notice that the default is to use an existing deployment package. As this is your first deployment, you do not have one yet, so will need to create a deployment package.

27. Click Create a new deployment package.

28. In the Name box, type Critical Updates

29. In the Description box, type Critical updates for all clients

30. In the Package source box, type \\<yourSMSServer>\<systempartition>\Critical

31. Click Next.

The Deploy Software Updates Wizard Distribution Points dialog box appears allowing you to designate the distribution points to distribute the package to.

32. Click Browse.

The Add Distribution Points dialog box appears displaying the site(s) that can be targeted. Notice in our implementation, only one site is listed.

33. Under Distribution points, expand <sitecode>.

The list of distribution points for the local site appears.

34. Under Distribution points, click <sitecode> to select all distribution points in the site,

and then click OK.

The Deploy Software Updates Wizard Distribution Points dialog box appears displaying the distribution points to distribute the package to. Notice that the local site server (as a distribution point) is listed.

35. Click Next.

The Deploy Software Updates Wizard Download Location dialog box appears allowing you to configure whether or not to download updates automatically from the Internet or to retrieve them from a network location.

36. Click Download software updates from a location on the local network (or your

internet connection), and then click Browse.

The Browse For Folder dialog box appears allowing you to select the source of they updates.

37. Click <systempartition>\WSUS Synthetic, and then click OK.

The Deploy Software Updates Wizard Download Location dialog box appears displaying the configured source folder.

38. Click Next.

The Deploy Software Updates Wizard Language Selection dialog box appears allowing you to configure which languages updates should be downloaded for. Notice that the default is the same as you configured during the configuration of the software update point.

39. Click Next to accept the configured languages.

The Deploy Software Updates Wizard Deployment Schedule dialog box appears allowing you to configure when the update deployment will be made available to clients, and when the deployment becomes mandatory. Notice that the default values are to become available now, and become mandatory in two weeks time. Also notice that Wake on LAN is not enabled for this deployment, and updates can only be deployed within any configured maintenance windows for the targeted collection.

40. Click Next to accept the default values.

The Deploy Software Updates Wizard Summary dialog box appears indicating you have successfully completed the wizard.

41. Click Next.

The Deploy Software Updates Wizard Progress dialog box appears displaying the progress of the deployment, which includes the downloading of each update to be deployed, and creating the deployment template and deployment package. When complete, the Deploy Software Updates Wizard Wizard Completed dialog box appears displaying the status on each phase of the deployment.

42. Verify that each phase of the process was successful, and then click Close.

The Configuration Manager Console appears displaying the list of critical updates in the results pane.

In the following procedure, you will verify the software update deployment objects created.

Complete this procedure on the Configuration Manager primary site server only.

To view the software update distribution objects

1. In the tree pane, click Deployment Management.

The Deployment Management information appears in the results pane. Notice the deployment name and values listed from the DSUW.

2. In the tree pane, expand Deployment Management, expand <your_update_name>, and

then click Software Updates.

The list of software updates in this deployment appears in the results pane. Notice the list of updates includes the <updates you selected> prior to starting the DSUW.

3. In the tree pane, expand Deployment Templates, and then click Standard update

deployment template.

The Standard update deployment template information appears in the results pane. Notice the template name and description. You can use this template for future deployments and not have to complete all the pages of the DSUW.

4. In the tree pane, expand Deployment Packages, expand Critical Updates, and then click

Software Updates.

The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is those you selected prior to launching the DSUW.

Distribution Points.

The distribution points assigned to this deployment package appears in the results pane. Notice that this matches the distribution points you selected in the DSUW.

6. In the tree pane, expand Deployment Packages, expand Critical Updates, expand

Package Status, and then click Package Status.

The deployment status of the deployment package to the assigned distribution points appears in the results pane. Notice that deployment package has been successfully deployed (listed as Installed) to the only distribution point in our site.

In the following procedure, you will install the update on the client computer. For the lab, you will force the

client to check for new advertisements instead of waiting for the automated detection to occur.

Complete this procedure on each client computer that is to receive the update (which may include the site server computer).

To install the update on the Configuration Manager client

The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client.

4. Click OK.

5. Click OK.

This causes the Configuration Manager client to check for new policies. When it has finished the check, the update will be available for installation. This is an attended update, so you will see the new Configuration Manager user interface.

It will take a few minutes for the policy to be downloaded and evaluated before the software update will be available.

A Software Updates Installation icon appears in the System Tray indicating that new software updates are available, that they will be installed automatically after the configured optional period (two weeks in our case) and that a system restart may be required to complete the installation.

6. In the System Tray, double-click the Software Updates Installation icon.

The ConfigMgr - Software Update Management dialog box appears. Notice the default values of ―IT Organization‖ and ―Protecting your PC‖. These are configurable in the Software Updates Client Agent. Notice also that ConfigMgr detected multiple update for the client, and that you can perform an express or custom installation.

7. Click Install to perform an express installation of the updates.

The updates are applied to the system. It will take some time for the updates to be applied, and the status to be reported through state messages. Your updates may require a system restart.

It will take a few minutes for the new state messages to be sent to the site. Wait a few minutes here before proceeding to exercise 5.

Exercise 5

Validating Current Software Update Compliance

In this exercise, you will validate that the update has been deployed successfully. You will begin by generating

reports for analysis and reporting of Microsoft update status, and then will validate using the Software

Updates node.

Complete this exercise from the Configuration Manager site server.

To generate an update status report for Microsoft updates

expand Reporting.

2. In the tree pane, expand Reports, and then expand Visited Reports.

The list of reports that have already been run appears in the results pane. Notice that you ran two reports earlier.

3. In the tree pane, click Compliance 6 - Specific computer.

The Compliance 6 - Specific computer Report Information appears in the results pane. Notice this is a prompted report, and requires the computer name, with vendor and update class as optional attributes.

to report on (use one that you successfully ran the update deployment on earlier in this

5. Click Display.

A ConfigMgr Report window appears. Notice the list of updates available for the Configuration Manager client computer. Notice the information in the report includes the vendor, update class, bulletin ID, article ID, title, whether the computer is compliant with the update, the update ID, and an information URL. Notice also that <the_updates_you_deployed> listed as being compliant (approved and installed).

7. In the tree pane, under Visited Reports, click Management 1 - Updates required but

not deployed.

The Management 1 - Updates required but not deployed Report Information appears in the results pane. Notice this is a prompted report, and requires the collection to report on and the vendor and update class.

A Select Value dialog box appears displaying the available vendors. In our case, the options are <your_variable_here>,, Local Publisher and Microsoft.

11. Click <your_variable_here>.

A Select Value dialog box appears displaying the available update classes. Notice that the classes are the same as configured in Configuration Manager for synchronization with WSUS.

13. Click Critical Updates.

The Management 1 - Updates required but not deployed Report Information appears in the results pane displaying the configured prompted values.

14. Click Display.

A ConfigMgr Report window appears. Notice the report displays information for the appropriate update, including the article ID, bulletin ID, title, the number of client‘s requiring the update, and information URLs for the collection members. Notice also that there are some updates listed as being required but not yet deployed.

The Software updates that are required, but not yet deployed Report Information appears in the results pane.

In the following procedure, you will view the updated status data for the Microsoft update directly from the

Configuration Manager Console.

Complete this step from the primary site server with the Configuration Manager Console running.

To view the update status data

Software Updates.

The home page for software updates appears in the results pane.

This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a moment to complete.

It will take a moment for the summarization process to complete. Wait for a moment before refreshing the home page.

The home page is refreshed. You now will set the values to identify current status of the deployed updates.

4. In the results pane, configure the Vendor to <your_variable_here> (perhaps choose

Microsoft) , configure the Update classification to <your_preference>, configure the

Month and year to <a_specific_date>, and then click Go.

The Software Update Compliance Status Summary information appears in the details pane. Notice that the update status now reflects that the three updates were successfully installed to the Configuration Manager client, and are now compliant.

5. In the tree pane, expand Software Updates, expand Update Repository, and then

expand Critical Updates (or some other preference), and then click All Updates.

The Critical Updates (or your choice you made above) information appears in the results pane. Notice that updates are displayed for the selected month. This displays the current status for the updates for the current month, including bulletin ID, article ID, name, status of compliance, severity, size and other information.

6. In the Look for box, type English Updates and then click Find Now.

The results for the search for English updates appear in the results pane. Notice that only the specific updates are displayed.

Notice that the updates are now compliant.

Software Updates.

The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is displayed along with the status of the updates. You should see some changes in the compliance as a result of the distribution.

You have now explored a simple scenario for deploying Microsoft updates in Configuration Manager. There are many other aspects in the software updates role for Configuration Manager that you‘ll experience outside this simple scenario.

Section 7: Managing Custom Application Updates using Systems Center Configuration Manager 2007 Objectives

Install the System Center Updates Publisher.

Create a catalog for a custom update.

Import a catalog for a synthetic application (if available – download required).

Publish custom catalog information to Configuration Manager for scanning.

Perform a scan for custom updates.

Analyze required updates.

Distribute an update using Configuration Manager.

Use Configuration Manager Reporting to report update status.

Before You Begin In this lab, you need a Configuration Manager 2007 primary site server and a Configuration Manager client.

These could be the same computer. You can have additional Configuration Manager clients if you want to

scan for and deploy updates to multiple client platforms. The machines for this section include a Windows

Server 2003 SP2 site server configured as a WSUS 3.0 server and Configuration Manager software update

point (<yourSMSServer>) and a Windows XP SP2 Professional client

3. In the console tree, expand Site Database, expand Collections, and then click All

Systems.

The members of the All Systems collection appear in the details pane. Notice that there are multiple members, including the site server computer (<yourSMSServer>) and the Windows XP Professional client computer.

4. On the Action menu, point to All Tasks, and then click Update Collection Membership.

The All Systems message box appears prompting to update subcollection membership.

5. Click OK, and then on the Action menu, click Refresh.

then on the Action menu, click Delete.

7. Click Yes.

Exercise 1

Installing the System Center Updates Publisher

In this exercise, you will install the System Center Updates Publisher. This is one of the tools in the

Configuration Manager source.

Complete this exercise from the primary site server computer.

To install the System Center Updates Publisher

1. Start <your SCCM eval download location> \Splash.hta.

The Microsoft System Center Configuration Manager 2007 Start window appears displaying various installation options, including the System Center Updates Publisher.

2. Click System Center Updates Publisher.

The Setup Wizard for System Center Updates Publisher window appears.

3. Click Next.

The Setup Wizard for System Center Updates Publisher License agreement dialog box appears displaying the end user license agreement.

4. Read the end user license agreement, click I accept the license agreement, and then click

The Setup Wizard for System Center Updates Publisher Select Database Server and Instance Name dialog box appears prompting for the local or remote database server to use.

5. Click Next to use the default instance on the local server.

The Setup Wizard for System Center Updates Publisher Select instance name dialog box appears prompting for the instance of SQL Server to use. Notice that the default value is MSSQLSERVER.

6. Click Next to use the SQL Server installation.

The Setup Wizard for System Center Updates Publisher Destination Folder dialog box appears prompting for the location to install the System Center Updates Publisher.

7. Click Next to accept the default location of

C:\Program Files\System Center Updates Publisher.

The Setup Wizard for System Center Updates Publisher Installation dialog box appears indicating the installation is ready to complete.

8. Click Next.

The System Center Updates Publisher is installed. This process will take a few minutes to complete. When complete, a Setup Wizard for System Center Updates Publisher Setup Complete dialog box appears indicating the installation was successfully completed.

9. Click Finish.

Exercise 2

Synchronizing Custom Updates with Configuration Manager

In this exercise, you can create a custom catalog that will be imported into Configuration Manager for

scanning with the standard Configuration Manager software updates scan process. You can also import 3rd

party catalogs that contain updates, available from the System Center website on Microsoft.com

(http://www.microsoft.com/systemcenter)

Complete this procedure from the Configuration Manager site server.

To create a custom catalog

1. On the Configuration Manager server Start menu, point to All Programs, point to

System Center Updates Publisher, and then click System Center Updates Publisher.

The System Center Updates Publisher window appears. If you do not have the Updates Publisher installed, this can be found here. http://www.microsoft.com/downloads/details.aspx?FamilyID=DC2329DD-304B-4725-9D4C-9C3F339F9D85&displaylang=en

2. In the Actions pane, click Create Update.

The Create Update Wizard Update Information dialog box appears prompting for update information.

3. In the Update Title box, type <a_name_for_an_update>

4. In the Description box, type Test update

5. In the Classification box, click Security Updates.

6. In the Vendor box, type Evaluation.

7. In the Product box, type Synthetic Software and then click Next.

The Create Update Wizard Extended Properties dialog box appears prompting for additional update information.

8. In the Severity box, click Moderate.

9. In the More Info URL box, type http://<yourSMSServer>

10. In the Reboot Behavior box, click Never reboots, and then click Next.

The Create Update Wizard Define Prerequisite Rules dialog box appears prompting for information on how to identify systems the update is applicable for. We will create rules to apply this update to only Windows XP SP1 and SP2 systems that are running English for their language.

11. Click Add Rule (button with a ―+‖).

The Add Rule dialog box appears prompting for the type of rule to create.

12. Click Create Basic rule, and then in the Rule Type box, click Windows Version.

The Add Rule dialog box appears expands to allow for configuration of a ―Windows Version‖ rule.

13. In the Comparison box, click Greater Than or Equal To.

14. In the Major Version box, type 5

15. In the Minor Version box, type 1

16. In the SP Major Version box, type 1

17. In the SP Minor Version box, type 0

18. In the Build Number box, type 2600

19. In the Product Type box, click Workstation, and then click OK.

This creates a rule to identify Windows XP SP1 and later systems.

The Create Update Wizard Define Prerequisite Rules dialog box appears displaying the rule created.

21. Click Create Basic rule, and then in the Rule Type box, click Windows Version.

The Add Rule dialog box appears expands to allow for configuration of a ―Windows Version‖ rule.

22. In the Comparison box, click Less Than or Equal To.

23. In the Major Version box, type 5

24. In the Minor Version box, type 1

25. In the SP Major Version box, type 2

26. In the SP Minor Version box, type 0

27. In the Build Number box, type 2600

28. In the Product Type box, click Workstation, and then click OK.

This creates a rule to identify Windows XP SP2 and earlier systems.

The Create Update Wizard Define Prerequisite Rules dialog box appears displaying the rule created. Notice that you now have two rules, with an ―Or‖ operator for the two rules. We want this to be an ―And‖ operator. This will allow the rule to filter out all operating systems that are not Window XP SP1 or Windows XP SP2.

29. Under Operation, select And from the drop down list, and then click Add Rule (button

with a ―+‖).

30. Click Create Basic rule, and then in the Rule Type box, click Windows Language.

The Add Rule dialog box appears expands to allow for configuration of a ―Windows Language‖ rule.

31. In the Language box, click English, and then click OK.

The Create Update Wizard Define Prerequisite Rules dialog box appears displaying the rule created.

32. Make sure both operators are set to And, and then click Next.

The Create Update Wizard Select Package dialog box appears prompting the location and type of update to be deployed.

33. In the Installer Type box, click Command Line Installation (.exe).

34. Click Browse.

The Select File dialog box appears prompting the location of update to be deployed.

35. At this point you can choose anything you would like to test this available feature. For

example, making a copy of any install such as a Windows update you have will be fine.

Once completed, open the path to that file.

The Create Update Wizard Select Package dialog box appears prompting the location and type of update to be deployed.

36. In the Download URL (or UNC) box, type \\<yourSMSServer>\<SCUP install location>

\yourfile.exe

Notice the default values for success and pending reboot return codes as well as default command line switch for unattended installation are not provided for command line installations as they are for Windows Installer updates.

37. In the Success Return Codes box, type 0

38. In the Command line (quiet) box, type –I and then click Next.

The Create Update Wizard Define Applicability Rules dialog box appears prompting for information on how to identify the file to be updated. You will a create rule to apply this update to only clients without a specific registry value configured.

40. Click Create Basic rule, and then in the Rule Type box, click Registry Value Exists.

The Add Rule dialog box appears expands to allow for configuration of a ―Registry Value Exists‖ rule.

41. After Rule Type, click Not rule.

42. In the Registry Path box, type HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\

yourfile.exe

43. In the Registry value box, type Installed

44. In the Registry value type box, click REG_SZ.

45. Click Save your rule as, and then in the Save your rule as box, type Update Test

Registry Check and then click OK.

This creates a rule to identify systems that do not have the specific registry value configured. If the value is not present, that indicates the update is required.

The Create Update Wizard Define Applicability Rules dialog box appears prompting for information on how to identify the file to be updated. Notice that your one rule is now displayed.

46. Click Next.

The Create Update Wizard Define Installed Rules dialog box appears prompting for information on how to identify whether or not the file is already installed. Notice that there are no default rules.

48. Click Use existing rule, and then in the Rule Type box, click Update Test Registry

Check.

The rule you just created is imported and is now used to validate whether or not the update has already been deployed. However, you need to clear the ―Not rule‖ configuration, so that it evaluates correctly for the query.

49. After Rule Type, click to clear Not rule, and then click OK.

The Create Update Wizard Define Installed Rules dialog box appears displaying your configured rule.

50. Click Next.

The Create Update Wizard Summary dialog box appears indicating the wizard is ready to create the update.

51. Click Next.

The update is created. When complete, the Create Update Wizard Confirmation dialog box appears indicating the update was created successfully.

52. Click Close.

The System Center Updates Publisher window appears. Notice that the SCCM Lab vendor appears in the tree pane.

In the following procedure, you will configure the custom update to be published to Configuration Manager.

Complete this procedure from the primary site server only with the System Center Updates Publisher window active.

To configure the custom update to be published to Configuration Manager

1. In the tree pane, expand your node, and then click Synthetic Software.

The list of updates for the SCCM Lab vendor appears in the results pane. Notice that your custom update for the Synthetic Software Update is listed. Notice also that it is not flagged to be published to Configuration Manager.

2. In the Actions pane, under Update Test Software Update, click Set Publish Flag.

The list of updates for the SCCM Lab vendor appears in the results pane. Notice also that your synthetic update is now flagged to be published to Configuration Manager. This will happen when synchronization is forced between SCUP and WSUS, and then Configuration Manager synchronizes from WSUS.

In the following procedure, you will import two 3rd party catalogs to be published to Configuration Manager.

To import a custom catalog

1. In the tree pane, click System Center Updates Publisher, and then in the Actions pane,

click Import Updates.

The Import Software Updates Catalog Wizard Select Import Method dialog box appears.

2. Click Next to import a single catalog.

The Import Software Updates Catalog Wizard Select File dialog box appears prompting for the file to import.

3. Click Browse. Browse to the catalog.

The Select Catalog to Import dialog box appears.

The Import Software Updates Catalog Wizard Select File dialog box appears displaying the file to be imported.

4. Click Next.

The Import Software Updates Catalog Wizard Summary dialog box appears displaying the catalog to be imported.

5. Click Next.

A Catalog Validation – Security Warning message box appears prompting to import the catalog.

6. Click Accept.

The file is imported. When complete, the Import Software Updates Catalog Wizard Confirmation dialog box appears.

7. Click Close.

The System Center Updates Publisher window appears displaying the two catalogs. Notice that both the catalogs are listed.

8. You will not actually publish the 3rd party updates to WSUS (to be synchronized with

Configuration Manager). In order to publish custom and 3rd party updates to WSUS, you

have to download the content for the updates, which you will not do in the VPC

environment.

In the following procedure, you will configure the System Center Updates Publisher to synchronize updates

with WSUS so that Configuration Manager can synchronize the updates as with Microsoft Updates.

To configure SCUP and WSUS for publishing

In order to follow this section, you must create and deploy a certificate. As well, there is a policy that must be set to allow 3rd party content to be installed from WSUS, which is not set by default. If not set, then no updates can be deployed. This is documented here. http://technet.microsoft.com/en-us/library/bb633114.aspx

1. In the tree pane, click System Center Updates Publisher, and then in the Actions pane,

click Settings.

The Settings dialog box appears.

2. Click the Update Server tab.

The Settings dialog box appears displaying synchronization settings. Notice that the tool is currently not configured to publish to an update server (WSUS 3.0).

3. Click Enable publishing to an update server.

4. Verify that Connect to a local update server is selected, and then click Test Connection.

The connection is validated, and then a Test Connection message box appears indicating that the connection was validated.

5. Click OK.

The Settings dialog box appears displaying synchronization settings. Notice that the bottom portion of the property page displays the WSUS signing certificate information.

6. Click OK.

The System Center Updates Publisher window appears.

7. In the Actions pane, click Publish Updates.

The Publish Wizard Summary dialog box appears indicating it is ready to publish one update.

8. Click Next.

A Content Validation – Security Warning message box appears validating that you want to publish the Synthetic Software Update, as the publisher is not known.

9. Click Accept.

The update is published to WSUS. This process can take a few minutes depending on how many updates you are publishing to WSUS. When complete, the Publish Wizard Confirmation dialog box appears indicating the synchronization was successful.

10. Click Close.

The System Center Updates Publisher window appears.

In the following step, you will force the custom update to be published to Configuration Manager.

Complete this step from the primary site server only with the Configuration Manager Console window active.

To force catalog synchronization

Software Updates.

The home page for software updates appears in the results pane. Notice that by default, the home page displays current compliance for Microsoft security updates for the current month.

2. In the tree pane, expand Software Updates, and then click Update Repository.

The update categories synchronized with Configuration Manager are displayed in the results pane. Notice that there are folders for Critical Updates and Service Packs, as these have been synchronized with WSUS previously.

3. In the tree pane, click Update Repository, and then in the Actions pane, click Run

Synchronization.

A Run Update Synchronization message box appears prompting to run the synchronization process on the site. This will sync Configuration Manager with WSUS and will add the synthetic software update we created in the Synthetic Updates Publishing Tool into the Configuration Manager database.

4. Click OK.

The synchronization process is initiated. This process may take a few minutes to complete. There is no visual indication that the process has completed, so you‘ll need to view status messages or Configuration Manager log files to verify that the process has completed successfully.

expand <your_db_name>, and then click Component Status.

The list of Configuration Manager server components and their current status appears in the results pane.

6. In the results pane, click WSUS_Sync_Manager, and then in the Actions pane, click Show

Messages.

A new menu appears.

7. Click All.

The ConfigMgr Status Message Viewer for <your_db_name> window appears displaying the status messages for the WSUS Sync Manager. Notice the most recent messages with IDs of 6701, 6705 and 6702. These messages indicate the sync process has started, is in progress, and completed, respectively.

Software Updates.

This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a minute to complete.

It will take a minute for the summarization process to complete. Wait a moment before refreshing the console.

This will refresh the data in the software updates home page.

12. In the tree pane, expand Software Updates, click Update Repository, and then in the

Actions pane, click Refresh.

This will update the Update Repository node to include Security Updates, in addition to the Critical Updates and Service Packs that had already been synchronized. Remember that you had configured the Synthetic Software Update to be a Security Update.

13. In the tree pane, expand Software Updates, expand Update Repository, expand <your

chosen update>, and then click All Updates.

The security updates synchronized with Configuration Manager are displayed in the results pane.

Exercise 3

Generating Status of Custom Updates on the Configuration Manager Client

In this exercise, you will force the client to run a scan cycle to identify applicable and installed updates, both

Microsoft Updates as well as custom updates.

Complete this procedure from each of the Configuration Manager client computers. If you have multiple computers in the site, you can complete this procedure on all collection members but must complete this on at least one client.

To force the software updates scan cycle on the client

The Configuration Manager Properties dialog box displays the available actions for the client. Notice the default actions of Branch Distribution Point Maintenance Task, Discovery Data Collection Cycle, File Collection Cycle, Hardware Inventory Cycle, Machine Policy Retrieval & Evaluation Cycle, Software Inventory Cycle, Software Metering Usage Report Cycle, Software Updates Deployment Evaluation Cycle, Software Updates Scan Cycle, User Policy Retrieval & Evaluation Cycle and Windows Installer Source List Update Cycle.

3. Click Software Updates Scan Cycle, and then click Initiate Action.

The client will force a scan for software updates. A Software Updates Scan Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

4. Click OK.

5. Click OK.

It will take a few minutes for the client to be scanned, and the results to be returned to the Configuration Manager site through state messages.

In the following procedure, you will verify that the Configuration Manager client computer has successfully

reported software update compliance data.

Complete this procedure from the primary site server with the Configuration Manager Console running. Do not begin this procedure for a few minutes to allow time for the client to complete the scan process.

To view results of the software updates scan cycle

Software Updates.

By default, Configuration Manager only summarizes the software updates information every four hours. By forcing the summarization process, you will get up to date information more quickly.

It will take a minute for the summarization process to complete. Wait a moment before refreshing the console.

4. In the tree pane, expand Software Updates, expand Update Repository, expand <your

chosen update>, and then click All Updates.

The updates synchronized with Configuration Manager are displayed in the results pane.

Exercise 4

Generating Software Update Compliance Reports for Custom Updates

In this exercise, you will use generate reports for analysis and reporting of the custom software update status.

Complete this exercise from the site server.

To generate an update status report for software updates

expand Reporting.

The list of available reports appears in the results pane. Notice that there are 353 reports available.

3. In the results pane, click Compliance 6 - Specific computer, and then in the Actions

pane, under Compliance 6 - Specific computer, click Run.

The Compliance 6 - Specific computer Report Information appears in the results pane. Notice this is a prompted report, and requires the computer name, vendor and update class.

to report on (it can be either of the clients though <yourSMSClient> is the only one the

update is applicable for according to our rules).

A Select Value dialog box appears displaying the available vendors. In our case, the options are <your_variable_here>, Local Publisher, and Microsoft.

6. Click the <vendor_name_you_created>.

The Compliance 6 - Specific computer Report Information appears in the results pane allowing configuration of the prompted values.

A Select Value dialog box appears displaying the available update classes. Notice that the classes are the same as configured in Configuration Manager for synchronization with WSUS.

8. Click Security Updates.

9. Click Display.

A ConfigMgr Report window appears. Notice the list of security updates available for the Configuration Manager client computer. As the only security update synchronized is the custom update <your_update_you_created> there is only data available for one update. Notice the information in the report includes the vendor, update class, bulletin ID, article ID, title, whether the computer is compliant with the update, the update ID, and an information URL.

The list of available reports appears in the results pane.

12. In the results pane, click Compliance 2 - Specific software update, and then in the

Actions pane, under Compliance 2 - Specific software update, click Run.

The Compliance 2 - Specific software update Report Information appears in the results pane. Notice this is a prompted report, and requires the collection to report on and update.

The Compliance 2 - Specific software update Report Information appears in the results pane allowing configuration of the prompted values.

15. After Update, Title, Bulletin ID or Article ID, click Values.

A Select Value dialog box appears displaying the available updates. Notice that the list includes all updates synchronized with WSUS, including the Synthetic Software Update.

16. Click <your_update_you_created>

The Compliance 2 - Specific software update Report Information appears in the results pane displaying the configured prompted values.

17. Click Display.

A ConfigMgr Report window appears. Notice the report displays information for the synthetic update, including the article ID, bulletin ID, title, the number of client‘s requiring the update, and information URLs for the collection members. Notice that you have one client that requires the update, and one client that does not require it.

18. Click the left arrow next to the <vendor_name_you_created>

The Compliance 7 - Specific software update states report appears displaying the number of clients in various states for this update. Notice that you have one client with a state of ―Update is required‖ and one client with a state of ―Update is not required‖.

19. Click the left arrow next to Update is required.

The Compliance 9 - Computers in a specific compliance state for an update report appears displaying the number of clients that require this software update. Notice that the Windows XP client, <yourSMSClient>, is the only one that is listed.

The Compliance 2 - Specific software update Report Information appears in the results pane.

Exercise 5

Software Update Deployment Options

In this exercise, you will distribute a specific update using Configuration Manager and the software updates

management feature. The lab procedures will use a synthetic update.

Complete this procedure from the Configuration Manager site server with the Configuration Manager Console running.

To distribute the update to the Configuration Manager client

1. In the tree pane, expand Software Updates, expand Update Repository, expand

Security Updates, and then click All Updates.

The information for all security updates appears in the results pane. Notice that there is only one update available.

2. Under Title, click <your software update>, and then in the Actions pane, click Deploy

Software Updates.

The Deploy Software Updates Wizard General dialog box appears.

3. In the Name box, type Synthetic Custom Update

4. In the Description box, type Test of a custom update and then click Next.

The Deploy Software Updates Wizard Deployment Template dialog box appears prompting to use an existing deployment template for distributing software updates. Notice that there is an existing template titled ―Standard update deployment template‖.

5. Click Next to use the existing deployment template.

The Deploy Software Updates Wizard Deployment Package dialog box appears prompting to name the new deployment package to add the updates to. Notice that the default is to use an existing deployment package. You will create a new deployment package.

6. Click Create a new deployment package.

7. In the Name box, type Synthetic Custom Update

8. In the Description box, type Custom update test for all Windows XP clients

9. In the Package source box, type \\<yourSMSServer>\<path to your software update>

10. Click Next.

The Deploy Software Updates Wizard Distribution Points dialog box appears allowing you to designate the distribution points to distribute the package to.

11. Click Browse.

The Add Distribution Points dialog box appears displaying the site(s) that can be targeted. Notice in our implementation, only one site is listed.

12. Under Distribution points, click <site code> to select all distribution points in the site,

and then click OK.

The Deploy Software Updates Wizard Distribution Points dialog box appears displaying the distribution points to distribute the package to. Notice that the local site server (as a distribution point) is listed.

13. Click Next.

The Deploy Software Updates Wizard Download Location dialog box appears allowing you to configure whether or not to download updates automatically from the Internet or to retrieve them from a network location.

14. Click Download software updates from the Internet to pull the updates from the

published location (which was configured to a UNC path on the site server in the custom

catalog), and then click Next.

The Deploy Software Updates Wizard Language Selection dialog box appears allowing you to configure which languages updates should be downloaded for. Notice that the default is the same as you configured during the configuration of the software update point.

15. Click Next to accept the configured languages.

The Deploy Software Updates Wizard Set Deployment Schedule dialog box appears allowing you to configure when the update deployment will be made available to clients, and when the deployment becomes mandatory. Notice that the default values are to become available now, and become mandatory in two weeks time. Also notice that Wake on LAN is not enabled for this deployment, and updates can only be deployed within any configured maintenance windows for the targeted collection.

Click Next to accept the default values.

The Deploy Software Updates Wizard Summary dialog box appears indicating you have successfully completed the wizard.

16. Click Next.

The Deploy Software Updates Wizard Progress dialog box appears displaying the progress of creating the deployment. When complete, the Deploy Software Updates Wizard Wizard Completed dialog box appears displaying the status on each phase of the deployment.

17. Verify that each phase of the process was successful, including the download of the update

file, and then click Close.

The Configuration Manager Console appears displaying the list of security updates in the results pane, which only includes the one synthetic update.

In the following procedure, you will verify the software update deployment objects created.

Complete this procedure on the primary site server only.

To view the software update distribution objects

1. In the tree pane, click Deployment Management.

The Deployment Management information appears in the results pane. Notice the deployment name and values listed from the DSUW.

2. In the tree pane, expand Deployment Management, if you created a site hierarchy -

expand <your site hierarchy>.

The list of software updates in this deployment appears in the results pane.

3. In the tree pane, expand Deployment Packages (if you named it this way), expand <your

update>.

The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is those you selected prior to launching the DSUW, which only included your update (unless you added others).

4. In the tree pane, expand Deployment Packages, expand <your update>, expand

Package Status, and then click Package Status.

The status of the distribution of the deployment package to the distribution point appears in the results pane. Notice that only one distribution point was targeted, and it received the package successfully (Installed = 1).

In the following procedure, you will install the update on the client computer. For the lab, you will force the

client to check for new advertisements instead of waiting for the automated detection to occur.

Complete this procedure on each client computer that is to receive the update (the update is only applicable to the Windows XP client computer however you can retrieve policies on both of your systems).

To install the update on the Configuration Manager client

The Configuration Manager Properties dialog box displays the available actions for the Configuration Manager client.

The Configuration Manager client will request new policies, which will include the policy related to the software update deployment. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

4. Click OK.

5. Click OK.

This causes the Configuration Manager client to check for new policies. When it has finished the check, the update will be available for installation. This is an attended update, so you will see the new Configuration Manager user interface.

It will take a few minutes for the policy to be downloaded and evaluated before the software update will be available.

A Software Updates Installation icon appears in the System Tray of the Windows XP client computer indicating that new software updates are available, that they will be installed automatically after the configured optional period (two weeks in our case) and that a system restart may be required to complete the installation.

6. In the System Tray, double-click the Software Updates Installation icon.

The ConfigMgr - Software Update Management dialog box appears. Notice the default values of ―IT Organization‖ and ―Protecting your PC‖. These are configurable in the Software Updates Client Agent. Notice also that Configuration Manager detected a single update for the client, and that you can perform an express or custom installation.

7. Click Install to perform an express installation of the updates.

The update is applied to the system. It will take a few minutes for the update to be applied, and the status to be reported through state messages. Your update may require a reboot – this will vary by package.

It will take a minute for the update to be deployed and updated state messages to be sent. Wait a few minutes before moving onto the next exercise.

Exercise 6

Validating Current Software Update Compliance

In this exercise, you will validate that the update has been deployed successfully. You will begin by generating

reports for analysis and reporting of Microsoft update status, and then will validate using the Software

Updates node.

Complete this exercise from the site server.

To generate an update status report for custom updates

expand Reporting.

2. In the tree pane, expand Reports, and then expand Visited Reports.

The list of reports that have already been run appears in the results pane. Notice that you ran two reports earlier.

3. In the results pane, click Compliance 2 - Specific software update, and then in the

Actions pane, under Compliance 2 - Specific software update, click Run.

The Compliance 2 - Specific software update Report Information appears in the results pane. Notice this is a prompted report, and requires the collection to report on and update.

The Compliance 2 - Specific software update Report Information appears in the results pane allowing configuration of the prompted values.

6. After Update, Title, Bulletin ID or Article ID, click Values.

A Select Value dialog box appears displaying the available updates. Notice that the list includes all updates synchronized with WSUS.

7. Click < Name/title/update that is appropriate>

The Compliance 2 - Specific software update Report Information appears in the results pane displaying the configured prompted values.

8. Click Display.

A ConfigMgr Report window appears. Notice the report displays information for the synthetic update, including the article ID, bulletin ID, title, the number of client‘s requiring the update, and information URLs for the collection members. Notice that you have one client that installed the update, and one client that does not require it.

9. Click the left arrow next to SCCM Lab.

The Compliance 7 - Specific software update states report appears displaying the number of clients in various states for this update. Notice that you have one client with a state of ―Update is installed‖ and one client with a state of ―Update is not required‖.

10. Click the left arrow next to Update is installed.

The Compliance 9 - Computers in a specific compliance state for a software update

report appears displaying the number of clients that have installed this software update. Notice that the Windows XP client, <yourSMSClient>, is the only one that is listed.

The Compliance 2 - Specific software update Report Information appears in the results pane.

In the following procedure, you will view the updated status data for the custom update directly from the

Configuration Manager Console.

Complete this step from the primary site server with the Configuration Manager Console running.

To view the update status data

Software Updates.

This forces the software updates data in the results pane to be summarized, which is a requirement for display in the console. The summarization process will take a minute to complete.

The home page for software updates appears in the results pane. Validate that the ―Last Updated‖ time is the current date and time.

4. In the results pane, you can configure the Vendor to <SCCM as a vendor name>,

configure the Update classification to Security Updates, configure the Month and year

to the current month and year, and then click Go.

The Software Update Compliance Status Summary information appears in the details pane. Notice that the update status now reflects that the update was successfully installed on the client, and is now compliant for one client and not required for the second client.

5. In the tree pane, expand Software Updates, expand Update Repository, and then

expand Security Updates, and then click All Updates.

The Security Updates information appears in the results pane. Notice that updates are displayed. This displays the current status for the updates for the current month, including bulletin ID, article ID, name, status of compliance, severity, size and other information.

Notice that the update is now compliant.

7. In the tree pane, expand Deployment Packages, expand <your update> and then click

Software Updates.

The Software Updates information appears in the results pane. Notice that the list of updates available in this deployment package is displayed along with the status of the updates. You should see some changes in the compliance as a result of the distribution.

You have now explored another scenario in System Center Configuration Manager software updates management that being the ability to distribute updates for 3rd party and custom applications just as easily as you can do so for Microsoft updates.

Section 8: Implementing Desired Configuration Management in System Center Configuration Manager 2007 Objectives

Create a configuration item for compliance.

Import pre-created configuration items from the System Center Pack website.

Create baselines for assignment.

Assign baselines to collections.

Verify compliance for the assigned baselines.

Prerequisites

Before working on this lab, one virtual computer should be booted as a Microsoft Windows Server 2003 SP1

computer installed as a Configuration Manager primary site server <yourSMSServer>. The second virtual

computer is booted as a Windows XP Professional SP2 client installed as a Configuration Manager client in

the Configuration Manager site <yourSMSClient> . Configuration Packs are available for download from

the System Center web site, located here. http://www.microsoft.com/systemcenter .

1. Log on as administrator.

expand Collections.

8. Click Yes.

10. Update the membership for the All Windows XP Systems and All Windows Server 2003

Systems collections.

Exercise 1

Creating and Importing Configuration Items

In this exercise, you will configure configuration items, which are used to identify specific configurations for

determining compliance. You will begin by manually creating a configuration item.

To create a configuration item

Desired Configuration Management.

The Desired Configuration Management home page appears in the results pane. Notice that by default, the home page displays configuration baselines that are reported as being out of compliance with at least one violation of the severity of ―Error‖. Notice also that there are no items to display, as no configuration baselines have been deployed.

3. In the tree pane, expand Desired Configuration Management, and then click

Configuration Items.

The list of configuration items, which are used to create configuration baselines, appears in the results pane. Notice that by default there are no configuration items created.

4. In the Actions pane, click New.

A new menu appears. Notice that you can create three types of configuration items – application, business or operating system.

5. Click Application Configuration Item.

The Create Application Configuration Item Wizard Identification dialog box appears allowing the configuration of the CI.

6. In the Name box, type SCCM Client

7. In the Description box, type Looks for SCCM clients not using the standard

Windows\System32\Ccm folder and then click the Categories button.

The Categories dialog box appears allowing you to select an existing category, or create your own. Notice the default categories for client, IT infrastructure, line of business, and server.

8. In the Add a new category box, type SCCM Client and then click Add.

The Categories dialog box appears displaying the available categories. Notice that the SCCM Client category has been added, and automatically selected for this application configuration item.

9. Click OK.

The Create Application Configuration Item Wizard Identification dialog box appears allowing the configuration of the CI. Notice that the information you supplied is displayed.

10. Click Next.

The Create Application Configuration Item Wizard Detection Method dialog box appears allowing you to configure the method of detection for this configuration item. Notice that the default option is to assume the application is always installed, however you can also do detection via Microsoft Installer or a VB script.

11. Verify that Always assume application is installed is selected, and then click Next.

The Create Application Configuration Item Wizard Objects dialog box appears allowing you to configure the configuration item you want to monitor compliance with. This configuration is if you wish to check security (Access Control Lists) on objects instead of the object settings themselves.

12. Click Next to not define objects for security checks.

The Create Application Configuration Item Wizard Settings dialog box appears allowing you to configure the settings for the configuration item you want to monitor compliance with.

13. Click New.

A new menu appears with various options for configuring the object.

14. Click Registry.

The New Registry Setting Properties dialog box appears allows the configuration of the registry value to query.

15. In the Display name box, type SCCM Install Directory

16. In the Hive box, verify that HKEY_LOCAL_MACHINE is displayed.

17. In the Key box, type SOFTWARE\Microsoft\SMS\Client\Configuration\Client

Properties

18. In the Value name box, type Local SMS Path and then click the Validation tab.

The New Registry Setting Properties dialog box appears allows the configuration of the registry value for validation.

19. In the Data Type box, verify that String is displayed, and then click New.

The Configure Validation dialog box appears allows the configuration of the registry value for validation.

20. In the Name box, type Install folder

21. In the Operator box, verify that Equals is displayed.

22. In the Value box, type <systempartition>\Windows\System32\Ccm\

Be sure to include the trailing backslash, as that is how it is stored in the Registry.

23. In the Severity box, click Warning, and then click OK.

The New Registry Setting Properties dialog box appears displaying the rule for validation.

24. Click OK.

The Create Application Configuration Item Wizard Settings dialog box appears displaying the settings you are using for this application rule.

25. Click Next.

The Create Application Configuration Item Wizard Applicability dialog box appears allowing you to configure the client operating systems that this rule is appropriate for. Notice that by default, the rule is applicable for all Windows operating systems.

26. Click Next to use all Windows platforms.

The Create Application Configuration Item Wizard Summary dialog box appears indicating it is ready to create the configuration item.

27. Click Next.

The configuration item is created, and then the ―Create Application Configuration Item Wizard” Wizard Completed dialog box appears indicating that the configuration item was successfully created.

28. Click Close.

The list of configuration items, which are used to create configuration baselines, appears in the results pane. Notice that your configuration item is now listed.

In the following procedure, you will import pre-created configuration items that will be used to create a

configuration baseline.

To import or create configuration items

Desired Configuration Management, and then click Configuration Items.

The list of configuration items appears in the results pane. Notice that your configuration item is listed.

2. In the Actions pane, click Import Configuration Data.

The Import Configuration Data Wizard Choose Files dialog box appears displaying the files to import. Notice that by default no files are listed to be imported.

3. Click Add.

The Open dialog box appears allowing you to select the file to import.

The Configuration Pack downloads are located here:

http://www.microsoft.com/systemcenter

Download these to be used in this section.

4. If you have downloaded any Configuration Packs, path to your downloaded CPs and then

click Open.

A Microsoft Management Console – Security Warning message box may appear for some Configuration Packs, indicating the publisher of the file Windows Server 2003 SP1.cab could not be validated and prompting to run the cab file anyway.

5. Click Run.

A Microsoft Management Console – Security Warning message box may appear indicating the publisher of the Windows XP SP2.cab file could not be validated and prompting to run the cab file anyway.

6. Click Run.

The Import Configuration Data Wizard Choose Files dialog box appears displaying the files to import. Notice that the two selected files are listed to be imported.

7. Click Next.

The Import Configuration Data Wizard Summary dialog box appears indicating that there are two configuration items ready to be imported.

8. Click Finish.

9. The list of configuration items appears in the results pane. Notice that there are now three

configuration items listed. To create an Operating System Configuration Item for the next

section follow the next set of steps.

10. To create an Operating System Configuration Item, Select the Desired Configuration

Management section within your Configuration Manager console, and expand to show

the two subsections.

11. Select Configuration Items, and in the Actions pane, select New, Operating System

Configuration Item.

12. The Create Operating System Configuration Item Wizard launches. In the Dialog box

that appears, type in the name of the Operating System Configuration Item you intend

to create.

13. In the Description dialog box, place the name a short description of the Operating System

Configuration Item you are creating. You are also able to select existing or create new

Categories in the same window. Select Next when complete.

14. In the next step, you begin to have some choices. For example, you may Specify a

particular Windows Operating System by description in the drop down menu, or

specify more granular details of an Operating System, such as Major/Minor versions, Build

numbers, Service Pack version (major or minor). This particular customization can be very

useful for organizations that may have their own build revisions that they monitor and

administrate outside of Microsoft official releases. Select Next when complete.

15. In the next step, you also have the option of adding additional objects you may want to

use to verify an Operating System version. Some customers or partners for example use

elements such as Registry key values. This section is optional. Select Next when complete.

16. In the next step, you have the option of querying additional resources from places such as

Active Directory, registry and others. This is an optional step. Select Next when complete.

17. The final step in the wizard is a summary Detail list. Here you can review your choices, and

also you have the option of going to Previous steps if modifications are needed. Select

Next when complete.

18. Once the Wizard finished the Configuration Item creation, you will be given a Details page.

Select Close when complete.

You have now created an Operating System Configuration Item that you may reference later

in your evaluation.

Exercise 2

Creating Configuration Baselines

In this exercise, you will create configuration baselines that will be used to determine compliance of your

Configuration Manager clients.

To create a configuration baseline for operating systems

Desired Configuration Management, and then click Configuration Baselines.

The list of configuration baselines appears in the results pane. Notice that there are no configuration baselines displayed.

2. In the Actions pane, click New Configuration Baseline.

The Create Configuration Baseline Wizard Identification dialog box appears allowing the configuration of the baseline.

3. In the Name box, type Client Operating Systems

4. In the Description box, type Verifies all clients are running <your Operating system

Configuration Item you created> and then click the Categories button.

The Categories dialog box appears allowing you to select the category of items to display.

5. Under Available categories, click both Client and Server, and then click OK. If you do

not see these options, they are easily added at the top under the section called ‗Add a new

category‘

The Create Configuration Baseline Wizard Identification dialog box appears displaying the configuration of the baseline.

6. Click Next.

The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears allowing the configuration of the rules that are used to validate the baseline. Notice the default rule configuration options.

7. Under Rules, click operating system.

The Choose Configuration Items dialog box appears allowing you to select the operating system configuration items you created earlier.

8. Under Name, select the Operating System you would like to include in your baseline.

What you see here is dependent on what OS packages you have created in your

Configuration Manager – Desired Configuration Manager environment in the previous

excercise.

The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears allowing the configuration of the rules that are used to validate the baseline. Notice that <your OS choice> configuration items are now listed under operating systems.

9. Click Next.

The Create Configuration Baseline Wizard Summary dialog box appears indicating it is ready to create the configuration baseline.

10. Click Next.

The configuration baseline is created. When complete, the Create Configuration Baseline Wizard Wizard Completed dialog box appears indicating the configuration baseline was successfully created.

11. Click Close.

The list of configuration baselines appears in the results pane. Notice that the operating system configuration baseline is displayed.

In the following procedure, you will create a configuration baseline to check for the Configuration Manager

client configuration. You can also add the an Operating Systems baseline to the new baseline.

To create a configuration baseline for SCCM client installation

The list of configuration baselines appears in the results pane. Notice that the Client Operating Systems configuration baseline is displayed.

2. In the Actions pane, click New Configuration Baseline.

The Create Configuration Baseline Wizard Identification dialog box appears allowing the configuration of the baseline.

3. In the Name box, type SCCM Client

4. In the Description box, type Uses all SCCM client configuration items and then click

the Categories button.

The Categories dialog box appears allowing you to select an existing category, or create your own. Notice the default categories for client, IT infrastructure, line of business, and server as well as the SCCM Client category you created earlier.

5. Under Available categories, click SCCM Client, and then click OK.

The Create Configuration Baseline Wizard Identification dialog box appears displaying the configuration of the baseline.

6. Click Next.

The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears allowing the configuration of the rules that are used to validate the baseline. Notice the default rule configuration options.

7. Under Rules, click applications and general.

The Choose Configuration Items dialog box appears allowing you to select the application or general rule configuration items created. Notice that there is only one configuration item listed, which is the SCCM Client configuration item you created. Also notice that the category is ―SCCM Client‖, which you had configured as the filter earlier in this procedure.

8. Under Name, click SCCM Client, and then click OK.

The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears allowing the configuration of the rules that are used to validate the baseline. Notice that the SCCM Client configuration item is now listed under ―application and general‖.

9. Under Rules, click configuration baselines.

The Choose Configuration Baselines dialog box appears allowing you to select the configuration baselines potentially already created. You may only see one configuration baseline listed, which is the Operating Systems configuration baseline you created earlier. You can add one baseline as a requirement of another one. This is a very powerful feature of Desired Configuration Management, allowing the nesting of Parent and Child relationships to exist, and for Configuration Items and Baselines to have relationships.

10. Under Name, click Client Operating Systems, and then click OK.

The Create Configuration Baseline Wizard Set Configuration Baseline Rules dialog box appears displaying the rules for the new configuration baseline. Notice that both the SCCM Client configuration item and the Client Operating Systems baseline are added as rules.

11. Click Next.

The Create Configuration Baseline Wizard Summary dialog box appears indicating it is ready to create the configuration baseline.

12. Click Next.

The configuration baseline is created. When complete, the Create Configuration Baseline Wizard Wizard Completed dialog box appears indicating the configuration baseline was successfully created.

13. Click Close.

The list of configuration baselines appears in the results pane. Notice that both the Operating System and SCCM Client configuration baselines are displayed.

Exercise 3

Scanning Configuration Manager Clients for Compliance

In this exercise, you will generate compliance data for your Configuration Manager clients. You will begin by

assigning the configuration baselines to the appropriate collections.

To assign the baselines to collections

The list of configuration baselines appears in the results pane. Notice that both the Operating Systems (you created earlier) and SCCM Client configuration baselines are displayed.

2. In the results pane, click both configuration baselines (if you created both), and then in the

Actions pane, click Assign to a Collection.

The Assign Configuration Baseline Wizard Choose Configuration Baselines dialog box appears allowing you to configure the baselines to assign. Notice that both baselines are already listed, as you had selected both when you launched the wizard.

3. Click Next.

The Assign Configuration Baseline Wizard Choose Collection dialog box appears allowing you to configure the collection the baselines are to be assigned to.

4. Click Browse.

The Browse Collection dialog box appears prompting for the collection to target with the configuration baselines.

5. Under Collections, click All Systems, and then click OK.

The Assign Configuration Baseline Wizard Choose Collection dialog box appears displaying the All Systems collection as the collection the baselines are to be assigned to.

6. Click Next.

The Assign Configuration Baseline Wizard Set Schedule dialog box appears allowing the configuration of the schedule clients in the assigned collection should use for compliance scanning. Notice that the default schedule is weekly.

7. Click Next to use the default schedule of weekly scans.

The Assign Configuration Baseline Wizard Summary dialog box appears indicating it is ready to create the assignment.

8. Click Next.

The assignment process completes, and then the Assign Configuration Baseline Wizard Wizard Completed dialog box appears indicating the process was successful.

9. Click Close.

The list of configuration baselines appears in the results pane.

The Desired Configuration Management home page appears in the results pane. Notice that by default, the home page displays configuration baselines that are reported as being out of compliance with at least a Severity of ―Error‖. Notice also that there are no items to display, as no configuration baselines have been deployed.

11. In the results pane, after Minimum severity, click None.

The Desired Configuration Management home page appears in the results pane. Notice that the home page displays configuration baselines that have no compliance data reported, which includes your configuration baselines. As you scan your clients, and receive compliance data from them, data will appear in the home page.

In the following procedure, you will initiate the retrieval of policies on your SCCM client computers. Desired

configuration management baselines are delivered to clients through policies.

Complete this procedure from each of the Configuration Manager client computers in the site.

To search for new policies

2. Click the Configurations tab.

The Configuration Manager Properties dialog box displays the configuration baselines assigned to the client. Notice that by default there are no configuration baselines assigned.

The Configuration Manager client will request new policies, which will include the policies related to configuration baselines. A Machine Policy Retrieval & Evaluation Cycle message box appears indicating the action was initiated, and may take several minutes to complete.

5. Click OK.

6. Click OK.

It will take a couple of minutes for the client to download the policies and then implement them. Wait at least two minutes before moving onto the next step.

8. Click the Configurations tab.

The Configuration Manager Properties dialog box displays the configuration baselines assigned to the client. Notice that by default there are now two configuration baselines assigned to the client. Depending on which client you are looking at, the SCCM Client configuration baseline may be listed as not being compliant (the site server computer‘s Configuration Manager client is installed in C:\Program Files\SMS_CCM\ instead of C:\Windows\System32\Ccm\).

9. Click OK.

In the following procedure, you will view the compliance status of each Configuration Manager client for the

two configuration baselines.

To view the compliance status

The Desired Configuration Management home page appears in the results pane. Notice that the home page displays configuration baselines that are configured. Notice that in our case, we have two baselines, both with a severity of None.

The Desired Configuration Management home page displays the current status in the results pane. Notice that statistics on each baseline and a a pie chart for the selected baseline are displayed in the results pane. The pie chart is for the highlighted baseline, which is the SCCM Client baseline. This baseline should have one non-compliant system and one compliant system.

4. In the results pane, under Name, click SCCM Client.

The Summary compliance by configuration baseline report appears in the results pane. Notice that it reports that you have one compliant and one non-compliant system reporting for this baseline.

5. Click the arrow to the left of SCCM Client.

The Compliance details for a configuration baseline by configuration item report appears in the results pane. Notice that this report displays each configuration item and the state of each configuration item at each client.

6. Click the arrow to the left of the SCCM Client configuration item.

The Summary compliance for a configuration item by computer report appears in the results pane. Notice that it displays an entry for each SCCM client reporting status for this baseline. Notice that it displays the baseline name, version, configuration item, configuration type, desired state, compliance state, and applicability and detected states for each client.

7. Click the arrow to the left of SCCM Client, for the Computer Name of <yourSMSServer>,

and the Actual Compliance State of Non-Compliant.

The Non-compliance details for a configuration item on a computer report appears in the results pane. Notice that it displays the results of this configuration item on this specific client. If you scroll to the right, you‘ll see the current value of the key, which is why the item is listed as non-compliant. This is expected, as the SCCM client was installed into the management point folder, not the normal client folder.

9. In the results pane, in the list of baselines, under Severity, click None.

This will select the Operating System baseline but not launch a report that would happen if you clicked the Operating Systems baseline name under Name. The Desired Configuration Management home page displays the results of the Operating Systems baseline in the pie chart. Notice that all clients have reported that they are compliant with this baseline.

The Configuration Manager Console window appears. You have now used Configuration Manager 2007 to monitor compliance of systems using the desired configuration management feature of Configuration Manager. You created and imported configuration items, created configuration baselines, assigned the baselines to collections, scanned clients for compliance, and reported system compliance through the DCM home page and reports.

Section 9: Implementing Asset Intelligence in System Center Configuration Manager 2007

Overview Microsoft System Center Configuration Manager 2007 contains the second release of Asset Intelligence which

continues and enhances the focus on improving asset & license visibility in the enterprise.

Asset Intelligence enhances the inventory capabilities of SCCM 2007 by extending hardware and software

inventory and adding license management functionality. Many inventory classes improve the breadth of

information gathered about hardware and software assets.

In the following sections we will cover the ‗what‘s new in this release‘, examine some of the enhancements

made to performance and briefly talk about the updated knowledge base catalog. In addition, we will cover

the reporting classes and their correlation to the Asset Intelligence reports and finally, we will provide some

hands-on exercises that will help you get acquainted with this feature set.

What’s new Setup experience

In Configuration Manager 2007, Asset Intelligence is fully integrated into the setup experience. This means

that the knowledge base catalog as well as all reports are installed during SCCM 2007 setup and are no

longer treated as optional components. To avoid unintentional or unnecessary data collection, we ship the

Asset Intelligence reporting classes in a disabled state, and it is up to you to decide which reporting classes to

enable.

Note: If you do not enable the Asset Intelligence reporting classes, reports will contain no data and will

instead display a message stating:"No matching records could be found".

Additional reports

We have added additional reports and functionality that can be broken into the following high level buckets:

Recent Usage Inventory:

o SCCM metering agent will inventory the last time any executable was running in the user

context.

o Data returned through hardware inventory.

o Additional reports will help you answer the ―When was the last time this was used?‖

question.

Auto-created Metering Rules:

o Last Usage Inventory can be used to auto-create full metering rules which you can decide

to enable.

o Simplifies the process of creating metering rules.

Asset Change Summarization:

o A summary of changes to computer assets is stored in a central table.

o Managing deltas help reduce the complexity of asset management.

o Additional reports help you answer the ―What has changed recently in my environment?‖

question.

Client Access Licenses usage tracking for Microsoft Windows and Exchange:

o Both User and Device CALs usage is tracked.

o Based on Security audit logs.

o Additional reports answer the ―who used up the CALs‖ , ―when did they do that‖ questions.

Performance enhancements

Several performance enhancements were included in this release of Asset Intelligence with special

optimization for large environments. These include a wide range of changes from more efficient data

collection to fewer reporting ‗Joins‘. The end result is a faster, more robust product.

Data enhancements

As the heart of Asset intelligence is the knowledge base catalog, we invested effort in adding additional titles,

cleaning up older ones as well work around title schema rationalization. Several fixes we introduced to

address issues we discovered in SMS 2003 SP3, which resulted in higher quality data to work with.

Enabling the Asset Intelligence Reporting Classes Asset Intelligence data collection is controlled via SCCM WMI classes. These classes are contained in the

SMS_DEF.MOF and each classes correlates to specific report(s). By default, these classes are disabled and you

will need to enable the ones that control report you wish to utilize.

Note: Enabling classes increases the bandwidth consumed by the inventory process. Likewise, disabling

classes will decrease the bandwidth consumed by the inventory process but, will adversely affect the reports

that depend upon that class for data. For more information, see the Microsoft TechNet article Customizing

with MOF Files (http://go.microsoft.com/fwlink/?LinkId=87301).

The following classes are available and are listed with the reports that depend on them. If you want to utilize

a given report, you must enable the WMI class on which it depends.

Note: If you are upgrading from Systems Management Server 2003 Service Pack 3, and Asset Intelligence is

already installed and enabled, then Asset Intelligence data collection will remain enabled.

A Description of the Different Classes The classes that support Asset Intelligence functionality are listed below with the reports that depend on

them for data.

SMS_InstalledSoftware This class tracks information about installed software. The following reports are dependent on this class:

License 1C - Computers with a specific Microsoft License Ledger Item and Sales Channel

Software 1A - Summary of Installed Software in a Specific Collection

Software 2A - Software Families

Software 2B - Software Categories with a Family

Software 2C - Software by Category and Family

Software 2D - Computers with a Specific Software Product

Software 2E - Installed Software on a Specific Computer

Software 3A - Uncategorized Software

Software 6A - Search for Installed Software

SMS_InstalledSoftwareMS This class tracks information specifically about installed Microsoft software. The following reports are

dependent on this class:

License 1A - Microsoft License Ledger for Microsoft License Statements

License 1B - Microsoft License Ledger Item by Sales Channel

License 1D - Microsoft License Ledger products on a specific computer

SMS_SystemConsoleUsage This class polls the System Security Event Log for information about all console usage. The following reports

are dependent on this class:

Hardware 1A - Summary of Computers in a Specific Collection

Hardware 2B - Computers within an age range with a collection

Hardware 3A - Primary computer users

Hardware 3B - Computers for a Specific Primary Console User

Hardware 4A - Shared (multi-user) Computers

Hardware 5A - Console Users on a Specific Computer

Hardware 6A - Computers for Which Console Users Could not be Determined

Hardware 7C - Computers with a Specific USB Device

Hardware 8A - Hardware that is Not Ready for a Software Upgrade

Hardware 9A - Search for computers

License 2B - Computers with Licenses Nearing Expiration

License 3B - Computers with a Specific License Status

License 4B - Computers with a Specific Product Managed by Software Licensing Service

Software 2D - Computers with a Specific Software Product

Software 4B - Computers with a Specific Auto-Start Software

Software 5B - Computers with a Specific Browser Helper Object

SMS_SystemConsoleUser This class polls the System Security Event Log for information about specific console users. The following

reports are dependent on this class:

Hardware 3A - Primary computer users

Hardware 3B - Computers for a Specific Primary Console User

Hardware 4A - Shared (multi-user) Computers

Hardware 5A - Console Users on a Specific Computer

All CAL Reports

This class only reads the last 90 days of the event log, regardless of the length of the log. If the log has less

than 90 days of data, the entire log is read.

In addition to enabling this class, you will also need to enable audits on these servers. To enable the auditing

of Logon/Logoff policy you will need to go to the Local Security Settings->Local Policies -> Audit Policy ->

Audit logon events and allow ―Success‖ auditing.

SMS_AutoStartSoftware This class tracks information about software that starts automatically with the operating system. The following

reports are dependent on this class:

Software 4A - Auto-Start Software

Software 4B - Computers with a Specific Auto-Start Software

Software 4C - Auto-Start Software on a Specific Computer

SMS_BrowserHelperObject This class tracks browser helper objects. While some browser helper objects are beneficial, most software

considered "malware" is in the form of browser helper objects. The following reports are dependent upon this

class:

Software 5A - Browser Helper Objects

Software 5B - Computers with a Specific Browser Helper Object

Software 5C - Browser Helper Objects on a Specific Computer

Win32_USBDevice This class tracks devices connected to USB ports. The following reports are dependent upon this class:

Hardware 7A - USB Devices by Manufacturer

Hardware 7B - USB Devices by Manufacturer and Description

Hardware 7C - Computers with a Specific USB Device

Hardware 7D - USB Devices on a Specific Computer

SMS_Processor This is an existing SMS class to which new properties have been added to provide more complete data about

processors. The following reports are dependent upon this class:

Hardware 1A - Summary of Computers in a Specific Collection

Hardware 2A - Estimated Computer Age by Ranges within a Collection

Hardware 2B - Computers within an age range with a collection

Hardware 8A - Hardware that is Not Ready for a Software Upgrade

Hardware 9A - Search for computers

SMS_InstalledExecutable This class is not currently used to support existing Asset Intelligence reports. However, it can be enabled to

support custom reports.

SMS_SoftwareShortcut This class is not currently used to support existing Asset Intelligence reports. However, it can be enabled to

support custom reports.

SoftwareLicensingService This class is specific to Windows Vista. For more information, see the Microsoft TechNet article Windows Vista

Volume Activation 2.0 Technical Attributes (http://go.microsoft.com/fwlink/?LinkId=87205). The following

reports are dependent upon this class:

License 2C - License Information on a Specific Computer

License 5A - Computers Acting as a Key Management Service

SoftwareLicensingProduct This class is specific to Windows Vista. For more information, see the Microsoft TechNet article Windows Vista

Volume Activation 2.0 Technical Attributes (http://go.microsoft.com/fwlink/?LinkId=87205). The following

reports are dependent upon this class:

License 2A - Count of Licenses Nearing Expiration by Time Ranges

License 2B - Computers with Licenses Nearing Expiration

License 2C - License Information on a Specific Computer

License 3A - Count of Licenses by License Status

License 3B - Computers with a Specific License Status

License 4A - Count of Products Managed by Software Licensing

License 4B - Computers with a Specific Product Managed by Software Licensing Service

Note: In addition to this, we will provide more in-depth cover to rach of the classes in the SCCM 2007 SDK

documentation.

Exercise 1 Editing the SMS_Def.mof

First we will need to enable the Asset Intelligence reporting classes. The SMS_def.mof file consists of a list of

classes and attributes. You can find the file on the SCCM site server, in the \SMS\Inboxes\Clifiles.src\Hinv

folder. For Configuration Manager, the path is C:\Program Files\Microsoft Configuration Manager\. When

you open the file, you will see the following format:

//**************************************************************************

//* Class: SMS_InstalledSoftwareMS

//* Derived from: (nothing)

//* Key = SoftwareCode

//* This Asset Intelligence class provides specific to Installed Microsoft Software information.

//**************************************************************************

[ dynamic, provider("AAInstProv"),

SMS_Report(TRUE),

SMS_Group_Name ("Installed Software MS"),

SMS_Namespace (TRUE),

SMS_Class_ID ("MICROSOFT|INSTALLED_SOFTWARE_MS|1.0") ]

class SMS_InstalledSoftwareMS : SMS_Class_Template

[SMS_Report (TRUE), key]

string SoftwareCode;

[SMS_Report (TRUE)]

string ProductCode;

[SMS_Report (TRUE)]

string MPC;

[SMS_Report (TRUE)]

string ChannelID;

[SMS_Report (TRUE)]

string ChannelCode;

Note: The highlighted line (i.e. SMS_Report) acts as the ‗on/off‘ switch, indicating whether or not the class is

to be reported in SMS inventory.

Classes that are set to TRUE are collected and those set to FALSE are not. However, there is an exception: if a

class is set to TRUE (as it is in the example above), then any attributes with the key property are collected,

even if the individual attribute is set to FALSE.

You can use Notepad to modify the SMS_def.mof file. If there are attributes and classes that you no longer

want to collect, set them to FALSE. If you want to add attributes, set them to TRUE.

After you have complied and tested the file, you can replace the default SMS_def.mof file by replacing the file

in the \SMS\Inboxes\Clifiles.src\Hinv folder on the site server. For Configuration Manager, the path is

C:\Program Files\Microsoft Configuration Manager\. From there, it is sent to each client in your site.

Note: Hardware inventory will require time to start, collect and send data to the site server. While this is

taking place, you can explore the new Asset Intelligence reports or enable the logon audit to allow for

additional data collection (e.g. for CAL usage).

Estimating network Impact based on Reporting Classes A key question you will need to answer before enabling these classes in Production will be network

bandwidth. Based on testing we did, the anticipated range for a client is about 54KB-75KB (that‘s for a

machine that has 60 installed applications, 11 auto-start items etc (see breakdown in table)).

Class Payload Size (Bytes)

Example of #

Installed item File Size (Bytes)

SMS_InstalledSoftware 1047 60 62791

SMS_InstalledSoftwareMS 290 14 4065

SMS_SystemConsoleUsage 330 1 330

SMS_SystemConsoleUser 294 2 589

SMS_AutoStartSoftware 681 11 7495

SMS_BrowserHelperObject 589 2 1178

Win32_USBDevice 606 0 0

SMS_Processor 496 1 496

SMS_InstalledExecutable 739 0 0

SMS_SoftwareShortcut 775 0 0

SoftwareLicensingService 813 0 0

SoftwareLicensingProduct 401 0 0

When testing Asset Intelligence, you can use these numbers guidelines to start the evaluation. It is important

to note that true to life testing (e.g. using a production image of a client) will yield the best approximation for

production time rollout.

Examine the hardware inventory files as they come from the client to perform this analysis.

Asset Intelligence Reports In this section, we encourage you to explore the new Asset Intelligence reports.

License Management Reports Nine new license management reports have been added, providing the means to track Client Access Licenses

(CAL) in addition to the existing volume license reports. One of these new reports identifies the number of

processors in computers running software that can be licensed using the per-processor licensing model. The

remaining 8 new reports identify User CAL usage and Device CAL usage summaries, details, and history.

For more information, see the SCCM help file under License Management Reports.

Hardware Reports Three new hardware reports help identify computers that have changed since the last inventory cycle. The

changes identified in these reports include both hardware and software changes.

For more information, see the SCCM help file under Hardware Reports.

Software Reports Six new software reports extend previous inventory capabilities by adding software metering. These new

reports identify recently used executables, which users ran them, and the devices on which the executables

were run.

For more information, see the SCCM help file under Hardware Reports.

Exercise 2 Viewing and Running Reports

To view the Asset Intelligence Reports

3. In the console tree, expand Site Database, expand Computer Management, expand Reporting, and

then click Reports.

4. On the ‗Look For’ filter, type Asset Intelligence and hit Enter.

You now see all 57 Asset Intelligence reports.

Note: After Hardware Inventory runs and sends data to the SCCM site database, information will become

available for you to generate the different reports. The reporting structure is similar in most cases, where

report 1A provides a high level view and then allows drill-down.

Running Reports

To run Asset Intelligence Reports In order to have data available to report on, you need to retrieve

polices, and then force a Hardware Inventory Cycle.

1. Click on a report (e.g. Software 02A – Software Families)

2. In the Actions pane click Run

3. In the Collection box, type SMS00001 (All Systems)

4. In the Family box, type OS (if desired)

5. To generate the report, click on Display

Note: Each batch of reports may require different variables. To see the possible options, you can click on the

Values box to see a menu that you can select from.

Know Issues and Limitations CAL Reports will only provide accurate data on single purpose servers (e.g. File Server, Exchange

Server) since e the auditing data collected is per machine and not per role.

If you repackage applications and in the process modify the MSI data, it is very likely that the

application will appear as ‗uncategorized‘.

You can see the SKU of an installed SQL Server but not the licensing mode in which it runs.

Exchange 2007 does not appear in the License Leger report because it does not have a ProductID.

During testing it is important that you cover key scenarios and examine the results carefully. Asset Intelligence

offers a powerful set of tools and you need to see what can and can‘t be done in this release.

Additional Resources

The Asset Intelligence Forum:

http://forums.microsoft.com/TechNet/ShowForum.aspx?ForumID=1816&SiteID=17

System Center Configuration Manager in-the-box help file

System Center Configuration Manager On-line: http://technet.microsoft.com/en-

us/configmgr/default.aspx

Unofficial SCCM 2007 Reviewers Guide

Documents

SCCM 2007-Day2

ASPEN-SCCM 2009

SCCM & PowerShell

Deverill SCCM Presentation

CONFIGURE SCCM/ SQL FOR OPTIMAL PERFORMANCEschd.ws/hosted_files/mms2017/4e/MMS2017 SCCM SQL Optimal... · CONFIGURE SCCM/ SQL FOR OPTIMAL PERFORMANCE Benjamin Reynolds blogs.technet.microsoft.com

Tutorial SCCM 2007

SCCM Installation

Mark Morgan - NNCI WNF Dry Etch Equipment Mark Morgan ... –Niobium –Tungsten . ICP-Chlorine . ... (100 sccm), CF4 (100 sccm), SF6 (100 sccm), O2

Objectives - SCCM

SCCM User's Guide - Department of Physicsatmosp.physics.utoronto.ca/.../sccm_doc.pdf · SCCM User's Guide ... 2.9 Troubleshooting 3. The User ... The SCCM numerically integrates these

Wyse sccm wes7_admin_guide_aug2013

SCCm installation full

SCCM Short Notes

Presentasjon om SCCM

UPGRADING YOUR 2012 SCCM Documents/SCCM-System Center...SCCM 1602 5.00.8355.1000 8355 N/A Upgrade guide NOTES: ADK needs to match your version of SCCM. Sccm 2012 is initially installed

Sccm Program Creation

Seminario SCCM

Troubleshooting SCCM

OSD in SCCM

SCCM Patching Tutorial