System Center Configuration Manager (SCCM) 2007 Unleashed

Description

• Copyright 2010
• Dimensions: 7" x 9-1/8"
• Edition: 1st

• Book
• ISBN-10: 0-672-33023-7
• ISBN-13: 978-0-672-33023-0

This book is your most complete source for in-depth information about Microsoft System Center Configuration Manager 2007!

System Center Configuration Manager 2007 Unleashed is a comprehensive guide to System Center Configuration Manager (ConfigMgr) 2007. ConfigMgr 2007 helps you manage servers and desktops, integrates SMS 2003 “feature pack” functionality, and adds new capabilities. It enables you to assess, deploy, and update servers, clients, and devices across physical, virtual, distributed, and mobile environments, including clients that connect only over the Internet. This book guides you through designing, deploying, and configuring ConfigMgr 2007 with detailed information on topics such as capacity planning, security, site design and hierarchy planning, server placement, discovery, native mode, and using Windows Server 2008. You will learn how to tackle challenges such as setting up DCM and OSD, customizing inventory, creating queries and using query results, and configuring asset intelligence.

Detailed information on how to…

•  Understand how ConfigMgr works

•  Plan your ConfigMgr deployment

•  Manage Windows Management Instrumentation (WMI)

•  Architect for performance

•  Install or migrate to ConfigMgr 2007 with Windows 2003 or Windows 2008

•  Discover and manage clients

•  Create and distribute packages

•  Understand patch and compliance management

•  Create queries

•  Use reports

•  Deploy operating systems

•  Secure ConfigMgr 2007

•  Perform site maintenance

•  Back up ConfigMgr components



Downloads

Downloads

Download ConfigMgr_Visio_Template.zip

Download Appendix B: Reference URLs



Sample Content

Online Sample Chapter

Microsoft System Center Configuration Management Basics

Sample Pages

Download the sample pages (includes Chapter 1 and Index)

Table of Contents

Foreword     xxi

Introduction     1

Part I: Configuration Management Overview and Concepts     2

Part II: Planning, Design, and Installation     2

Part III: Configuration Manager Operations     2

Part IV: Administering Configuration Manager 2007     3

Part V: Appendixes     3

Part I: Configuration Management Overview and Concepts

Chapter 1   Configuration Management Basics     7

Ten Reasons to Use Configuration Manager      8

The Evolution of Systems Management     9

Hurdles in the Distributed Enterprise     10

The Automation Challenge     10

Configuration “Shift and Drift”     11

Lack of Security and Control     11

Timeliness of Asset Data     12

Lack of Automation and Enforcement     12

Proliferation of Virtualization     13

Lack of Process Consistency     13

The Bottom Line     14

Systems Management Defined     14

Microsoft’s Strategy for Service Management     15

Microsoft’s Dynamic Systems Initiative      16

IT Infrastructure Library (ITIL) and Microsoft Operations Framework (MOF)     19

Service Management Mastery: ISO 20000     24

Optimizing Your Infrastructure     25

Bridging the Systems Management Gap     29

Central Control in the Distributed Enterprise     30

Automation and Control     32

Securing Systems     34

Visibility     35

Overview of Microsoft System Center     39

Reporting in System Center     39

Operations Management     40

System Center Essentials     41

Service Manager: A Complete Service Desk Solution     41

Protecting Data     43

Capacity Planning     44

Virtual Machine Management     44

The Value Proposition of Configuration Manager 2007     45

Summary     46

Chapter 2   Configuration Manager 2007 Overview     47

The History of Configuration Manager     47

The Earliest Versions     47

Systems Management Server 1.2     48

Systems Management Server 2.0     48

SMS 2003     50

SMS 2003 Service Packs and R2     52

Configuration Manager 2007     53

Configuration Manager Technology and Terminology     56

Site Servers     56

Site Systems     58

Site Hierarchy     60

Configuration Manager Client     60

Inventory     61

Configuration Manager Console     64

Collections     66

Discovery     67

Software Metering     67

Packages     68

Advertisements     68

Distribution Points     69

Senders     69

Addresses     69

BITS     70

Task Sequences     70

Status System     71

Desired Configuration Management     71

Network Access Protection     72

Reporting     73

Security     74

Key Concepts     75

Standardization.     75

Remote Management     76

Software Distribution     76

Minimizing Impact on the Network Infrastructure     77

What’s New in ConfigMgr 2007     80

Branch Distribution Points     80

Software Update Point     80

Fallback Status Point     82

PXE Service Point     82

Other Site Systems     82

Operating System Deployment     83

Asset Intelligence     83

Device Management     83

Internet-Based Client Management     85

DCM and NAP     85

SQL Support     85

Client Support     86

Feature Dependencies     86

Summary     88

Chapter 3   Looking Inside Configuration Manager     89

Design Concepts     90

Active Directory Integration     91

Schema Extensions     93

Benefits of Extending Active Directory     102

Configuration Manager and WMI     104

WMI Feature Set and Architecture     104

Managing WMI     108

Inside the WMI Object Model     113

Looking Inside the CIMV2 Namespace     116

The Root\CCM Namespace     125

Hardware Inventory Through WMI     126

The Configuration Manager Client WMI Namespace     129

WMI on Configuration Manager Servers     134

Components and Communications     139

Inside the ConfigMgr Database     149

SQL Access to the Database     150

Using SQL Server Management Studio     150

Status Messages and Logs     156

Example: Joining a Site to a New Parent     159

Viewing Intersite Replication     168

Summary     172

Part II: Planning, Design, and Installation

Chapter 4   Configuration Manager Solution Design     175

MSF Process Phases for Configuration Manager     175

Envisioning the Solution.     176

Assessing the Current Environment     177

Envisioning the Network Infrastructure     177

Envisioning the Solution Architecture     178

Envisioning Server Architecture     179

Envisioning Client Architecture     179

Licensing Requirements     179

Training Requirements     182

Planning for Implementation     183

Planning the Proof of Concept     184

Planning the Pilot     185

Planning for Implementation     186

Developing the Solution Architecture     186

Developing the Network Infrastructure     189

Extending the Schema     191

Secondary Site Considerations     192

Site Modes     193

Configuration Manager 2007 Roles     193

Developing the Server Architecture     201

Capacity Planning.     207

Site Boundaries     210

Roaming.     211

Site Design     213

Client Architecture     216

Multilanguage Scenarios     218

Testing     221

Stabilizing During the Pilot     223

Deploying     225

Summary     226

Chapter 5   Network Design    227

Configuration Manager Network Communications     228

Intrasite Server Communications     228

Client-to-Server Communications     234

Site-to-Site Communications     251

Fast Networks and Slow Networks     262

Use of BITS     263

BITS Versions for Configuration Manager Clients     265

Modifying BITS Functionality Through Group Policy     266

Modifying BITS Functionality Within Configuration Manager     267

Comparative Advantages of Group Policy and ConfigMgr Settings for BITS.     267

Other BITS Features     269

Enabling a Distribution Point for BITS     269

Server Placement     269

Disconnected Users and Sometimes-Connected Users     271

Network Discovery     272

Discovering Network Topology     274

Topology and Client Discovery     275

Discovering Topology, Client, and Client Operating Systems     276

Using Subnets in Configuration Manager     277

Troubleshooting Configuration Manager Network Issues     277

Network Configuration Issues     278

Basic Connectivity Problems     279

Name Resolution Issues     279

Blocked or Unresponsive Ports     280

Timeout Issues     282

Identifying Network Issues Affecting Configuration Manager     282

Summary     290

Chapter 6   Architecture Design Planning    291

Hierarchy Planning     293

About Sites     293

Primary Sites Versus Secondary Sites     295

Planning Your Hierarchy Structure     296

Site Planning     299

Site Servers and Site Systems Planning     299

Planning Site Boundaries     306

Planning for Site Security Modes     306

Software Update Planning     307

Software Updates Solution Planning     307

Software Updates Architecture     309

Device Management Planning     312

Windows CE Operating Systems     313

Communicating with Site Systems     314

Installing Client Software     315

Configuring Client Agent Settings     317

Planning for Internet-Based Clients     318

Choosing a Solution for Internet-Based Clients     318

IBCM Features and Requirements     319

Deploying Servers to Support Internet-Based Clients     320

Certificate Requirements Planning     323

About PKI     324

Planning to Use PKI with Configuration Manager     324

Windows Server 2008 Planning     326

Operating System Deployment Planning     328

Planning for Wake On LAN     330

Out of Band (OOB) Management Planning     331

Summary     333

Chapter 7   Testing and Stabilizing     335

Proving the Concepts     337

Building the Proof of Concept Environment     338

Testing in the POC Phase     347

POC Exit Criteria and Deliverables     350

Pilot Phase     355

Results and Adjustments     357

Customizing the Solution     357

Summary     358

Chapter 8   Installing Configuration Manager 2007     359

Pre-Installation     360

Windows Components     361

SQL Server     362

Windows Server Update Services     363

The Prerequisite Checker     363

Site Installation     363

Installing ConfigMgr     364

Installing a ConfigMgr Service Pack     374

Installing ConfigMgr 2007 R2     378

Configuring Site Properties     380

Installing Site Systems     390

New Site System Server Wizard     401

New Site System Server Share Wizard     401

Using Replicas and Offloading Site Roles     403

Configuring Site Boundaries     415

Multisite Configuration     417

Configuring Addresses     417

Configuring Senders     420

Attaching to Parent     421

Installing Child Primary Sites     422

Installing Secondary Sites     422

Troubleshooting Secondary Site Installation     424

Transfer Site Settings Wizard     426

Copy Packages Wizard     428

Preload Package Tool     429

Troubleshooting Site Installation     429

ConfigMgr Service Manager     429

Summary     431

Chapter 9   Migrating to Configuration Manager 2007     433

Planning Your Migration from SMS 2003     433

Planning Hierarchy Changes During Migration     435

Conducting an In-place Upgrade     435

Feature Packs     436

Upgrade Prerequisites     436

Running the Prerequisite Checker     437

Upgrading SQL Server     442

Database Upgrade Tips and Tricks     445

Upgrading a Primary Site     447

Upgrading Secondary Sites     453

Upgrading SMS 2003 Clients     455

Post-Upgrade Considerations     457

Migrating WSUS to Configuration Manager     458

Side-by-Side Migrations     459

Migrating Site Boundaries     460

Migrating Clients     460

Migrating SMS Database Objects     462

Migrating Hardware Inventory Customizations     462

Interoperability Considerations     463

Troubleshooting Upgrade Issues     463

Summary     464

Part III: Configuration Manager Operations

Chapter 10   The Configuration Manager Console     467

Using Microsoft Management Console 3.0     467

Touring the Console     468

New Console Features     469

Console Nodes     473

Console Keystrokes     477

Launching Reports     478

Console Deployment     482

Supported Platforms     482

Prerequisites     483

Installation Using the Configuration Manager Setup Wizard     483

Unattended Console Installation     490

Customizing the Console     491

Security Considerations     497

Configuring Required DCOM Permissions for the ConfigMgr Console     497

Verifying and Configuring WMI Permissions     498

Configuration Manager Service Manager     500

Starting the Configuration Manager Service Manager     500

Using the Configuration Manager Service Manager     500

Troubleshooting Console Issues     501

Enable Verbose Logging     501

Common Issues     502

Summary     505

Chapter 11   Related Technologies and References     507

PKI Management References     508

Cryptography Basics     508

How SSL Works     511

Establishing a PKI     512

Certificate Templates     516

Certificate Validation     517

Deploying Certificates     517

Certificate and PKI References     519

Network Access Protection in Windows Server 2008     519

NPS Overview in Windows Server 2008     520

ConfigMgr NAP Policies     521

ConfigMgr NAP Evaluation     522

NAP Health State     523

Windows Imaging and Image Management     524

New PC Scenario     525

Refresh PC Scenario     525

Replace PC Scenario     526

ImageX     527

File Versus Sector Imaging     528

Boot Images     529

Driver Injection     530

Image Capture     531

Windows Deployment Integration     533

AMT and vPro     534

Summary     537

Chapter 12   Client Management     539

Configuring the Management Point     540

Configuring Client Agents     541

Hardware Inventory     542

Modifying the SMS_Def.mof File     545

Software Inventory     546

Advertised Programs     549

Computer Client     550

Desired Configuration Management     553

Mobile Devices     553

Remote Tools     554

Network Access Protection     556

Software Metering     557

Software Updates     559

Client Discovery     560

Active Directory System Group Discovery     561

Active Directory Security Group Discovery     562

Active Directory System Discovery     562

Active Directory User Discovery     562

Heartbeat Discovery     564

Network Discovery    564

Client Deployment    567

Command-Line Properties    567

Manual Installation    569

Client Push Installation    570

Client Push Installation Wizard    572

Client Installation in Image Deployment     574

Software Update Point Client Installation     574

Client Uninstall     575

Client Upgrade     575

Client Patches     576

Client Troubleshooting     576

General Scenarios     576

Online Assistance     577

Conflicting Hardware IDs     579

ConfigMgr Toolkit     579

General Troubleshooting Information     581

The ConfigMgr Client Agent     582

Out of Band Management     584

Fallback Status Point     584

Client Approval     585

Summary     585

Chapter 13   Creating Packages     587

The Case for ConfigMgr Software Packaging     588

Automated Deployment     589

Consistency     589

Targeted Deployment     589

Software Removal     590

Software Package Reuse     590

Comparing GPO-based Software Distribution

to ConfigMgr Software Distribution     590

About Packages, Programs, Collections,

Distribution Points, and Advertisements     592

Packages     593

Programs     593

Collections     594

Distribution Points     594

Advertisements     595

How These Combine     595

Creating a Package     596

OpsMgr Client     597

Forefront Client     620

Custom Packages     626

Integrating Virtual Applications     627

What Is SoftGrid?     627

Activating Application Virtualization in ConfigMgr 2007 R2     629

Creating Adobe Reader as a Virtual Application in ConfigMgr R2     631

Avoiding Common ConfigMgr Software Packaging Issues     636

Program and Package Properties     637

Testing, Testing, Testing     637

Summary     638

Chapter 14   Distributing Packages     639

About Queries     639

Creating Collections     641

Static Collections     642

Dynamic Collections     649

Subcollections     657

Using Distribution Points    666

Standard Distribution Points     667

Protected Distribution Points     672

Branch Distribution Points     674

Advertised Programs Client Agent     677

Creating Advertisements     678

Forefront Advertisement     679

OpsMgr Advertisement     686

Distributing Adobe Reader as a Virtual Application in ConfigMgr R2     692

Troubleshooting ConfigMgr Software Distribution Issues     702

Start Simple     702

Checking Status     702

Summary     703

Chapter 15   Patch Management     705

Planning Your Software Updates Strategy     706

Software Update Options in Microsoft Products     708

The Windows Update Agent     708

The SMS Inventory Tool for Microsoft Updates     708

Standalone WSUS     709

Configuration Manager 2007     709

Preparing for Software Updates     710

Software Updates Prerequisites     710

Creating Software Update Points     712

Synchronization Process     718

Agent Configuration     719

Group Policy Settings     721

Software Updates Process     722

Putting It All Together–A Quick-Start Example     727

Update Repository     728

Update Lists     731

Deployment Templates     733

Update Deployments     736

Deployment Packages     738

Creating and Managing Deployments     740

A Recommended Approach     740

A Few Best Practices     743

Maintenance Windows     744

SMS 2003 Clients     747

Native Mode and Software Updates     749

Using Wake On LAN Capability     751

WOL Prerequisites     751

Two Types of WOL     752

Configuring WOL     753

Using WOL     754

Using NAP to Protect Your Network     754

NAP Prerequisites     755

Agent Settings     755

System Health     756

Client Compliance     758

Remediation     760

Troubleshooting Software Updates     760

Monitoring Software Updates     761

WSUS and SUP     762

Downloading Updates     762

Client Update Scanning and Deployment     763

Summary     764

Chapter 16   Desired Configuration Management     765

Configuring Desired Configuration Management     767

Configurations     769

Configuration Items     769

Configuration Baselines     772

Creating and Modifying Configurations     777

Console Authoring     777

External Authoring     797

Authoring with CP Studio     798

DCM Strategies     800

Reporting     801

On-demand Results     802

Alerting     802

Remediation     803

Troubleshooting     805

Summary     808

Chapter 17   Configuration Manager Queries     809

Viewing Queries and Query Results     809

Creating Queries     811

The Query Language     811

Objects, Classes, and Attributes     812

ConfigMgr Query Builder     814

Criterion Type, Operators, and Values     819

Advanced Queries     821

Example: Querying for Systems with a Hardware

Scan in the Last 30 Days     823

Example: Querying for Systems Discovered Since Midnight     823

Relationships, Operations, and Joins     824

Querying Discovery Data     824

Querying Inventory Data     825

Using Query Results     826

Exporting Query Results to a Text File     826

Importing and Exporting Queries Between Sites     827

Creating a Collection Based on Query Results     827

Status Message Queries     828

Summary     830

Chapter 18   Reporting     831

ConfigMgr Classic Reports Versus SQL Reporting Services     832

Reporting Configuration     834

Configuring the Reporting Point for Classic Reporting     835

Configuring the Reporting Services Point for SRS Reporting     837

Copying ConfigMgr Classic Reports to SQL Reporting Services     839

Report Categories     842

Console Reporting Links     844

Relational Database Concepts     844

Available Reports and Use Cases     847

Reporting on Inventory and Discovery Data     848

Reporting on Sites     856

Reporting on Configuration Manager Operations     857

Client Status Reporting     865

Asset Intelligence     868

Reporting on Application Compatibility     873

Dashboards     875

Customizing Configuration Manager Reports     876

Customizing Report Layout and Display     878

Customizing Report Data Selection     879

Reporting on Custom Data     884

Creating New Reports     894

Creating Classic Reports     894

Creating SQL Reporting Services Reports     896

Creating SQL Reporting Services Subscriptions     898

Troubleshooting     900

Summary     902

Chapter 19   Operating System Deployment     903

Tools Overview     904

Sysprep     904

User State Migration Tool     905

Microsoft Deployment Toolkit     905

Windows Automated Installation Kit     906

ImageX     906

System Image Manager     907

Windows PE     907

What Works Best for You     908

OSD Scenarios     908

Imaging Goals     909

Hardware Considerations     913

Site Systems     915

Distribution Points     916

PXE Service Point     918

State Migration Point     921

Boot Images     922

PXE Booting     922

Removable Media     922

Using a Distribution Point     924

Incorporating Windows PE     925

Computer Associations     925

Recovery     926

Unknown Computer Support     928

Operating System Install Packages and Image Packages     930

Automated Image Creation and Capture     931

Manual Image Creation     935

Image Deployment     937

User State Migration     940

Task Sequences     942

Variables     943

Task Conditions and Grouping     944

Tasks     947

Custom Commands     960

Task Sequence Targeting     960

Change Control and Portability     962

Customizing Task Sequences     963

Tips and Techniques     963

Confirm Packages Are Available     964

Control PXE Network Boots     964

Don’t Add Unnecessary Windows XP Drivers     964

Conflicting Hardware IDs     965

Test Task Sequences     965

Beware the Überbug     965

Test Thoroughly     966

Drivers     966

Drivers in the Image     969

Drivers After the Image     970

Post Deployment Tasks      971

ConfigMgr Software Deployment     971

Group Policy     971

Troubleshooting     972

Operating System Deployment Home Page     972

Check Advertisement Status     972

The Smsts.log File     972

Status Reports     973

Command Line Support     974

Native Mode     974

Upgrading from SMS 2003     976

Summary     977

Part IV: Administering Configuration Manager 2007

Chapter 20   Security and Delegation in Configuration Manager 2007     981

Basic Security Concepts     983

Securing Administrative Access to Configuration Manager     987

Administrative Access at the Operating System Level     989

Administrative Access Within Configuration Manager     996

Security for Remote Administration     1003

Auditing Configuration Manager Administration     1003

SQL Server Administrative Security     1003

Securing the Configuration Manager Infrastructure    1004

Building Security into Your Hierarchy     1004

Securing Site Systems     1007

Securing Configuration Manager Communications     1015

Securing Configuration Manager Accounts     1019

Securing Service Dependencies for Configuration Manager     1026

Securing Configuration Manager Reporting     1027

Securing Configuration Manager Operations     1029

Best Practices for Configuration Manager Administration     1029

Operational Security for Software Distribution     1030

Operational Security for Operating System Deployment     1032

Operational Security for Remote Tools Administration     1032

Operational Security for Configuration Manager Inventory     1033

Operational Security for Mobile Device Management     1034

Summary     1035

Chapter 21   Backup, Recovery, and Maintenance     1037

Site and SQL Server Backups     1037

Backing Up ConfigMgr     1037

Restoring ConfigMgr Backups     1041

Using Back Up and Restore to Migrate

to New Environments     1048

Site Maintenance     1049

Site Maintenance Tasks     1049

Data Discovery Record (DDR) Retention     1055

Obsolete Records     1060

Database Maintenance     1062

Making the Status Message System Work for You     1065

Maintaining Status Data     1070

Status Filter Rules     1070

Monitoring Configuration Manager with Operations Manager     1073

Services and Descriptions     1073

Summary     1075

Part V: Appendixes

Appendix A   Configuration Manager Log Files     1079

Related Documentation     1079

Enabling Logging     1080

Debug and Verbose Logging     1080

Using ConfigMgr Service Manager     1080

SQL Logging     1081

NAL Logging     1081

Reporting Point Logging     1081

ConfigMgr Setup Logs     1082

Client Log Files     1082

Site Server Log Files     1084

Backup Log Files     1086

Management Point Log Files     1086

Admin User Interface Log Files     1087

Mobile Device Log Files     1087

Mobile Device Management Log Files     1087

Mobile Device Management Client Logs     1088

OSD Log Files     1089

Multicast for OSD Log Files     1091

Network Access Protection Log Files     1092

Desired Configuration Management Log Files     1093

Wake On LAN Log Files     1094

Software Updates Log Files     1094

Software Updates Site Server Log Files     1094

Software Updates Client Computer Log Files     1095

WSUS Server Log Files     1096

Windows Update Agent Log File     1097

Out of Band Management Log Files     1097

Out of Band Service Point Log Files     1097

Out of Band Management Console Log File     1098

Out of Band Management Computer Log File     1098

Appendix B   Reference URLs 1099

General Resources     1099

More Specific Information     1103

Blogs     1107

The System Center Family     1109

Public Forums     1110

Free Utilities     1111

Other Utilities     1113

Index    1115



Updates

Errata

Download the errata

Submit Errata

