Introduction
When people that are new to Microsoft System Center Configuration Manager 2007, start playing around with the product in a test lab, they often want to start with a simple OS deployment setup. But if you are new to the product and wants to deploy Windows XP, getting started could be a bit challenging. This article (not sure how many parts it will contain yetJ), will be a guide through the basic steps, that needs to be configured in order to successful deploy Microsoft Windows XP Professional with Service Pack 3 and Windows Vista Enterprise with Service Pack 1.
This article is based on System Center Configuration Manager 2007 with Service Pack 1 and Windows Server 2008 RTM. All roles will be installed on a single box (virtual machine). Installing everything on the same box is not “best practice” in production.
The headlines for the first parts are:
- Part 1: Pre-Configuration Manager Installation tasks
- Part 2: Installing and Configuring Configuration Manager 2007 with Service Pack 1.
- Part 3: Preparing and Configuring Configuration Manager for OS deployment
- Part 4: Building the reference image
- Part 5: Deploying the client Operating System
Before we get started there are a few things that need to be configured. In my test lab I’m running Windows Server 2008 Enterprise Edition with Hyper-V, and I recommend the following settings for the virtual machine:
- CPU: 1 core (2 core recommended)
- RAM: min. 1024 MB (2048 recommended)
- Disk: 127 GB
- Network: 1 adapter (local only)
This guide assumes that Windows Server 2008 Enterprise Edition x86 with Service Pack 1 is installed and configured with the following settings:
(Installing Windows Server 2008 and Active Directory is not within the scope of this article).
- Static IPv4 address: 192.168.0.10
- Subnet mask: 255.255.255.0
- Default Gateway: 192.168.0.1
- Server name: SERVER1
- Active Directory Domain Service
- Domain DNS name: corp.demo.lab
- Domain NetBIOS Name: CORP
- Forest Functional Level: Windows Server 2008
- DNS Server
- DHCP Server
- Scope Name: SCCM Lab
- Starting IP Address: 192.168.0.50
- Ending IP Address: 192.168.0.99
- Subnet Mask: 255.255.255.0
- Default Gateway: 192.168.0.1
- Subnet Type: Wired (lease duration will be 6 days)
- Activate this scope: Yes
Part 1: Pre-Configuration Manager Installation Tasks
The System Center Configuration Manager 2007 requires a few things to be configured before installing the product. This part will guide you through these steps.
Extending the Active Directory Schema
Extending the Active Directory schema is a forest-wide action and must only be done once per forest. Extending the schema is an irreversible action and must be done by a user who is a member of the Schema Admins Group or by someone who has been delegated sufficient permissions to modify the schema.
Four actions need to be taken in order to successfully enable Configuration Manager Clients to query Active Directory Domain Services to locate site resources:
- Extend the Active Directory schema.
- Create the System Management container.
- Set security permissions on the System Management container.
- Enable Active Directory publishing for the Configuration Manager site.
How to Extend the Active Directory Schema Using ExtADSch.exe
You can extend the Active Directory schema by running the ExtADSch.exe file located in the SMSSETUPBINI386 folder on the Configuration Manager 2007 installation media. The ExtADSch.exe file does not display output when it runs; however, it does generate a log file in the root of the system drive called extadsch.log, which will indicate whether the schema update completed successfully or any problems were encountered while extending the schema.
Step by step guide
- Backup the System State on the Domain Controller that holds the Schema Master role.
- Disconnect the Schema Master Domain Controller from the network.
- Run extadsch.exe, located at SMSSETUPBINI386 on the installation media, to add the new classes and attributes to the Active Directory schema.
- Verify that the schema extension was successful by reviewing the extadsch.log located in the root of the system drive.
- If the schema extension procedure was successful, reconnect the schema master domain controller to the network and allow it to replicate the schema extensions to the global catalog servers throughout the Active Directory forest.
- If the schema extension procedure was unsuccessful, restore the schema master’s previous system state from the backup created in step 1 to reverse the schema extension actions before reconnecting the schema master domain controller to the network.
How to Create the System Management container using ADSIEdit
Configuration Manager does not automatically create the System Management container in Active Directory Domain Services, when the schema is extended. The container needs to be created once for each domain that includes a Configuration Manager Site server that will publish site information to Active Directory Domain Services. To manually create the System Management container using ADSI Edit, do the following steps:
- Log on as an account that has the Create All Child Objects permission on the System container in Active Directory Domain Services.
- Open the ADSIEdit MMC console, and connect to the domain in which the site server resides.
- In the console pane, expand Domain [computer fully qualified domain name], expand <distinguished name>, and right-click CN=System. On the context menu, click New and then click Object.
- In the console pane, expand Domain [computer fully qualified domain name], expand <distinguished name>, and right-click CN=System. On the context menu, click New and then click Object.
- In the Create Object dialog box, select Container and click Next.
- In the Value field, type System Management and click Next.
- Click Finish.
How to configure the security permissions on the System Management container.
After the System Management container has been created in Active Directory Domain Services, the primary site server’s computer account must be granted the necessary permissions to publish site information to the container.
- Click Start, click Run, and enter adsiedit.msc to launch the ADSIEdit MMC console.
- If necessary, connect to the site server’s domain.
- In the console pane, expand the site server’s domain, expand DC=<server distinguished name>, expand CN=System, and right-click CN=System Management. On the context menu, click Properties.
- In the CN=System Management Properties dialog box, click the Security tab.
- Click Add to add the “SCCM Servers” Security Group and grant the account Full Control permissions.
- Click Advanced, select the “SCCM Servers” Security Group, and click Edit.
- In the Apply onto list, select “This object and all child objects”.
- Click OK. (3 times)
Enable Active Directory publishing for the Configuration Manager site.
Before Configuration Manager can publish site data to Active Directory Domain Services, the Active Directory schema must be extended to create the necessary classes and attributes, the System Management container must be created, and the primary site server’s computer account must be granted full control of the System Management container and all of its child objects. Each site publishes its own site-specific information to the System Management container within its domain partition in the Active Directory schema.
This part cannot be completed before Configuration Manager has been installed.
Configuring Windows Server 2008 for Site System Roles
Configuration Manager requires the WebDAV component to be installed and enabled on the management points and BITS-enabled distribution points. The WebDAV component is not included in Windows Server 2008 operating system and must be downloaded and configured manually.
Installing and configuring WebDAV for BITS-enabled distribution points and management points
- In Server Manager, on the Features node, start the Add Features Wizard.
- On the Select Features page, select BITS Server Extensions.
- When prompted, click Add Required Role Services to add the dependent components, including the Web Server (IIS) role.
- On the Select Features page, select Remote Differential Compression, and then click Next.
- On the Web Server (IIS) page, click Next.
- On the Select Role Services page, under IIS 6 Management Compatibility, select IIS 6 WMI Compatibility.
- Under Application Development, select ASP.NET and, when prompted, click Add Required Role Services to add the dependent components.
- Update: Add ASP (required for ConfigMgr Reporting Point to function – thanks to Jens Ole Kragh for pointing this out)
- Under Security, select Windows Authentication, and then click Next.
- On the Confirmation page, click Install, and then complete the rest of the wizard.
- Download the x86 or x64 version of WebDAV at http://go.microsoft.com/fwlink/?LinkId=108052.
- Run either webdav_x86_golive.msi or webdav_x64_golive.msi, depending on your processor.
- Enable WebDAV and create an Authoring Rule, as follows:
- Open Internet Information Services (IIS) Manager.
- In the Connections pane, expand the Sites node in the tree, and then click SMSWEB if you are using a custom Web site or click Default Web Site if you are using the default Web site for the site system.
- In the Features View, double-click WebDAV Authoring Rules.
- When the WebDAV Authoring Rules page is displayed, in the Actions pane, click Enable WebDAV.
- After WebDAV has been enabled, in the Actions pane, click Add Authoring Rule.
- In the Add Authoring Rule dialog box, under Allow access to, click All content.
- Under Allow access to this content to, click All users.
- Under Permissions, click Read, and then click OK.
- Change the property behavior as follows:
- In the WebDAV Authoring Rules page, in the Actions pane, click WebDAV Settings.
- In the WebDAV Settings page, under Property Behavior, set Allow anonymous property queries to True.
- Set Allow Custom Properties to False.
- Set Allow property queries with infinite depth to True.
- If this is a BITS-enabled distribution point, under WebDAV Behavior, set Allow access to hidden files to True.
- In the Action pane, click Apply.
- Close Internet Information Services (IIS) Manager.
Summary
This completes part 1 of this article. In the next part we’ll install Microsoft SQL Server 2005, Windows Server Update Service (WSUS) 3.0 and System Center Configuration Manager 2007 with Service Pack 1.
Enjoy.