Wednesday, April 30, 2008 12:10 AM jhinkle

MMS 2008: Deploying System Center Configuration Manager - Part 2

Presented by Wally Mead. I carbed up for this at lunch. Maybe he slows down at lunch.

  • Supported client platforms
    • Windows 2000 SP4
    • Windows XP SP2 and SP3 (upcoming)
    • Windows Server 2003 SP1 and SP2
    • Windows Server 2003 R2
    • Windows Vista Ultimate, Enterprise, and Ultimate including SP1
    • Windows Server 2008 - no server core
    • Windows XP Tablet SP2
    • Windows XP Embedded SP2
    • Windows Mobile 6

  • Issues with 2003 client deployment
    • Client push - No visibility, firewalls.
    • Not bandwidth aware
    • Multiple binaries needed

  • Client deployment methods
    • Client push installation - Auto or admin controlled, can use site server computer account as the installation account
    • Logon installation for high-rights users - must be an admin
    • Software distribution - upgrade from 2003 or to SP1
    • Manual installation
    • Software update point client deployment through WSUS
    • Group Policy installation

  • Components
    • CCMSETUP.EXE - bandwidth aware, used for install, uninstall, and upgrade
    • BITS - 2.0 for W2K, 2.5 for most Windows Clients, 3.0 already on Vista
    • Windows Installer 3.1 v2 - KB893803 for all except Windows Server 2003 SP1 and later
    • Windows Update Agent
    • MSXML6 SP1
    • MSRDC - Remote Differential Compression required for branch distribution point
    • wimgapi.msi - custom tools for image management
    • client.msi

  • Client Assignment
    • Configuration Manager clients can only be assigned to ConfigMrg sites
    • In order to validate site assignment, must verify site version - AS Schema or SLP, can't point to an invalid site

  • Client Registration
    • Must be registered as a client to talk to site server
    • Automatic process with PKI or self-signed certificates
    • For multiple forests - FQDN publishing of MP (ConfigMgr AD Schema extension)

  • Client approval
    • Clients must be approved to use the network access account
    • Can't download policy until approved
    • Three approval options - automatic for domain joined, automatic for all, no automatic approval
    • Only in mixed mode - not necessary for any other modes

  • Site roles for client installation
    • Site server - for client push
    • Management Point - download client files for deployment, retrieve policies after install
    • Server locator point
    • Distribution Point - software distribution client upgrade
    • Software Update Point - deploying clients through WSUS
    • Fallback Status Point - failed client installs report here
    • PXE service point - bare metal installs
    • State Migration Point - moving settings from one PC to another through USMT

  • Client push installation
    • Basically the same as 2003
    • Default site code is now SMSSITECODE=Local
    • Site server account can be the client push installation account - tried if others fail
    • No longer uses remote registry - now uses remote WMI ("netsh firewall set service remoteamin enable" for windows firewall support)
    • If AD is extended, settings a published to AD - used when CCMSETUP is used with no parameters
    • FSP=SERVERNAME for Fallback Status Point in push settings
    • SMSSLP=SERVERNAME for Server Locator Point in push settings or it needs to be in WINS
    • Site server computer account must be a local admin on remote boxes
    • For verbose logging - HKLM\software\Microsoft\SMS\DiscoveryDataManager Verbose logging = 1
    • Windows 2000 clients require a reboot

  • Software update client deployment
    • Client installed as a WSUS mandatory update to non-client systems- no firewall or low-rights issues
    • Client must point to the SUP via group policy
    • Site admin enables the Software Update Point Client install method - checkbox

  • Group Policy client deployment
    • True AD deployment - CCMSetup.msi
    • No more auto-removal because of the additional MSI
    • ADM templates for settings - one for command line client install, another for client assignment

  • Client upgrades - Software distribution or client push
  • New client in SP1, SP1 clients can not connect to SP0
  • No new client in SP1
  • No SMSClient share - installdir\client directory, programs for CCMSETUP.EXE, include params in override needed
  • Tips
    • Consider pre-deploying BITS because of reboot on W2K
    • Configure heartbeat and discovery to daily while deploying
    • Extend AD Schema
    • Deploy clients in phased manner
    • Deploy a test application to upgraded clients


Filed under: ,

Comments

No Comments