Archive for the ‘SCCM’ Category

Sometime,we need to deploy OS with predefined software,company background,regional setting,etc…

In this post we’ll upload custom OS image to SCCM server and deploy it to client machine.

First,we need to create “capture”  ISO file,wich in fact,is about to “snapshot” current OS setting on client computer and upload it to SCCM later.

In SCCM console click Administration-Task sequence-Create Task Sequence Media

Untitled

Click Capture Media:

Untitled2

Specify where ISO file should be saved:

Untitled3

Specify Boot image (by default SCCM is shipped with 2 boot images X86 and X64) and Distribution Point

Untitled4

After wizard finishes,burn new created ISO to CD/DVD media

Untitled5

and connect it to client computer from which we need to “capture” image from (make sure you have no recovery partition or sysprep will fail),make sure client computer is not domain joined,browse the media and click “launch media”:

Untitled6

Untitled7

For destination,specify shared folder on SCCM server:

Untitled8

Untitled9

Untitled10

Untitled11

After restart,capturing will continue:

Untitled12

Untitled13

Now we need to deploy captured wim file,from SCCM console click Software Library-Operating System-Add operating system image

Untitled14

Untitled15

Right click reference image and Update distributed Points:

Untitled16

And finally,deploy image:

Untitled17

Untitled18

Untitled19

Optionally,we can set computer name during OS Deployement sequence,right click on Unknown computer collection choose properties

Untitled20

and click on Collection Variables tab

Untitled21

Click new and type OSDComputerName

Untitled22

Now create Task Sequence:

Software Library-Task Sequence-Create Task Sequence

Untitled23

Untitled24

Choose boot image:

Untitled25

When prompted,choose custom image we captured from client Windows 10 computer

Untitled26

Select 2-2 (1-1 is just 350 MB partition)

Untitled27

Set parameters for domain join

Untitled28

Select Configuration Manager Client Package (make sure it’s published first)

Untitled29

Untick all options

Untitled30

Choose if you wish to install updates during deployement

Untitled31

Although we specified domain details it simply didn’t work for me,so i added domain join task in Task Sequence

(After Setup and Configuration step)

Untitled33

Now deploy TS:to All Unknown computers collection

Untitled34

Untitled35

Make sure Task Sequence is available to media and PXE

Untitled36

Turn on client computer,press F12 for network boot,double click on OSDComputerName

Untitled36

Set computer name

Untitled36

As you can see,reference image is downloading from SCCM server

Untitled36

Advertisements

Great contributors for this posts were Matija Resimic and Saša Ljubobratović

In this scenario DHCP server and SCCM are on separate servers,so we must first configure DHCP server to give PXE clients information where TFTP server and boot image is located

Untitled

On DHCP server,right click scope options and choose configure options

Untitled

Check 066 Boot server name and enter name of SCCM server

Untitled
Now check 067 Boot File Name and entet path to boot file
Untitled
File is located in RemoteInstall folder,Wdsnbp.com validates the DHCP/PXE response packet and proceeds to download PXEBoot.com (PXEBoot.com downloads Bootmgr.exe and the BCD store)
Untitled

Untitled
In SCCM console click Administration-Distribution Points,right clik on Distribution Point and select Properties
Untitled

In PXE tab enable PXE support (optional,you can set a password)
Untitled
Network Access Account is used during operating system deployment when the computer installing the operating system does not yet have a computer account on the domain.

To configure Network Access Account click Administration-Sites,from ribbon click Configure Site Components and chose Software Distribution

Untitled

Click Network Access Account tab,click Specify account to access network locations and specify account
Untitled
Configuration Manager Client Package can be found under the Packages node of the Software Library and is used during Operating System Deployement (OSD) in the Setup Windows And ConfigMgr step to install the ConfigMgr client.We need to distribute this package.

Click software library-packages right click on Configuration Manager Client Package and from ribbon,click update distribution points
Untitled
Click OK

Untitled
Right click again on package and chose Distribute Content-Chose Distribution Point and select your distribution point
Untitled

Untitled

Now this package should be accessible during OS Deployement,male sure that status is success
Untitled
Now,deploy boot image.During install of SCCM,two boot images are installed x86-X64

Boot images are located in Sofrware Libraries-Operating Systems-Boot Images

Untitled

If you want to install X86 OS,deploy x86 boot image and vice-versa

Right click desired boot image and update distribution point,now click again on boot image,choose Data Source and make sure that Deploy this image from the PXE-enabled distribution point  option is selected
Untitled

Optionally,if you wish to set custom background during OS deployement,you can do it choosing Customization tab and clicking Specify Custom background image file (UNC path),
Untitled
make sure that SCCM computer object has

read-write shared permissions
Untitled

and full control NTFS permissions

Untitled
Deploy boot image right clicking and selecting Distribute content
Untitled
Steps are the same as for distributing Configuration Manager Client Package

Creating Operating System Image

From OS instalation media,from source folder,copy install.wim file and place it in shared folder,SCCM computer object has to have Full control NTFS permission

Click Software Library-Operating Systems,right click Operating System images-Add Operating system images
Untitled

Untitled
Distribute image the same way as boot image and Configuration Manager client package in previous examples

Creating Task Sequence

Task sequences  are used for applying images, configuring windows, installing drivers, installing applications and installing application packages,etc…

Software Libary-Operating Systems,right click Task sequences-Crete Task sequence
Untitled

Install an existing image package

Untitled
Name sequence,and browse to previously deployed boot image (x86/x64)
Untitled

Click next and browse for Operating System image we deployed earlier
Untitled
Uncheck BitLocker Sequence,set Local Administrator Password and click next
Untitled
Enter domain details,but be advised,for me,this step didn’t work,client computer wasn’t domain joined,i’ll post my fix

shortly,click next and select Configuration Manager client package we deployed earlier
Untitled
Uncheck all options and click next
Untitled
Chose weather or not to install updates and click next
Untitled
If you previously deployed any application/package,specify it here to be installed alongside with OS
Untitled

After Task sequence is created,right click on it and chose edit
Untitled
Click on last entry under Setup Operating System,Add-General-Join Domain or workgroup
Untitled
Enter Domain Details and click OK
Untitled
Now we need to deploy this task sequence

Right click on sequence and chose Deploy
Untitled
For collection click browse and select All unknown computers
Untitled
Click Next and select Configuration Manager Client,Media and PXE
Untitled
Click Next on remaining windows.

Now power on client computer,press F 12,if you set PXE password,enter when prompted
Untitled
Chose Task sequence and click next
Untitled
Untitled

SCCM 2016 Main features:

Support for Windows 10

Support for running Configuration Manager in the cloud—specifically on Azure VMs

Physical sites may have multiple management points assigned in a network boundary

To install SCCM 2016,a lot of prerequisites have to be meet

Creating container in AD 

In AD container SCCM will publish object which need to be published in Active Directory.

I used PS script to create container

# Get the distinguished name of the Active Directory domain
$DomainDn = ([adsi]"").distinguishedName
# Build distinguished name path of the System container
$SystemDn = "CN=System," + $DomainDn
# Retrieve a reference to the System container using the path we just built
$SysContainer = [adsi]"LDAP://$SystemDn"
# Create a new object inside the System container called System Management, of type "container"
$SysMgmtContainer = $SysContainer.Create("Container", "CN=System Management")
# Commit the new object to the Active Directory database
$SysMgmtContainer.SetInfo()

Setting permissions on the System Management container

Setting permissions allows SCCM site servers to publish site information to the container

Open Active Directory Users And Computers (start-run-dsa.msc) ,click on Advanced Features

Untitled10.

Expand System Folder,right click System Manager and click Delegare Control

Untitled

Click on Add, on select users,computers or groups window click on Object Types and check for Computers as object types. Click on OK. Type the name of the SCCM server computer account and click on OK.

Untitled1

Untitled2

Click create custom task to delegate

Untitled3

Make sure This folder,existing objects in this folder,and creation of new objects in this folder is selected and click next

Untitled4

Untitled5

choose General, Property Specific and Creation/deletion of specific child objects. For the permissions, click on Full Control

Extending AD schema

SCCM uses AD to publish information about its sites and services, making it easily accessible to Active Directory clients. To leverage AD, we must extend the schema to create classes of objects specific to SCCM.

Navigate to \SMSSETUP\Bin\X64 folder and run extadsch.exe

Untitled6

Installing Windows Features

For SCCM to work we need to install IIS,Net Framework 3.5,Background Intelligent Transfer (BITS),Windows Update Service,Common HTTP Features – Default Document, Static Content,Application Development – ASP.NET 3.5, .NET Extensibility 3.5, ASP.NET 4.5, .NET Extensibility 4.5, ISAPI extensions,Security – Windows Authentication,IIS 6 Management Compatibility – IIS Management Console, IIS 6 Metabase Compatibility, IIS 6 WMI Compatibility, IIS Management Scripts and Tools:

install-windowsfeature web-server,net-framework-features,bits,rdc,web-net-ext,web-net-ext45,web-wmi,web-scripting-tools,web-windows-auth,updateservices

Then install Windows Assessment and Deployment Kit (for windows 8.1 or Windows 10),choose component as per picture

Untitled7

Installing SQL Server 2014

For SQL Service Accounts,(SQL Server Agent,SQL Server Database Engine,SQL Server Reporting Service) best practice is to use domain account created only for this purpose

New-ADUser -Name sccm -UserPrincipalName sccm@example.com -DisplayName sccm1 -AccountPass
word (ConvertTo-SecureString "Pass1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true

add-adgroupmember -identity "Domain Admins" -members "sccm"


For installing SQL Server,i used ini file:
;SQL Server 2014 Configuration File
[OPTIONS]

IACCEPTSQLSERVERLICENSETERMS="True"

; Specifies a Setup work flow, like INSTALL, UNINSTALL, or UPGRADE. This is a required parameter. 

ACTION="Install"

; Use the /ENU parameter to install the English version of SQL Server on your localized Windows operating system. 

ENU="True"

 
; Setup will not display any user interface. 

QUIET="True"

; Setup will display progress only, without any user interaction. 

QUIETSIMPLE="False"

; Specify whether SQL Server Setup should discover and include product updates. The valid values are True and False or 1 and 0. By default SQL Server Setup will include updates that are found. 

UpdateEnabled="True"

; Specify if errors can be reported to Microsoft to improve future SQL Server releases. Specify 1 or True to enable and 0 or False to disable this feature. 

ERRORREPORTING="False"

; If this parameter is provided, then this computer will use Microsoft Update to check for updates. 

USEMICROSOFTUPDATE="False"

; Specifies features to install, uninstall, or upgrade. The list of top-level features include SQL, AS, RS, IS, MDS, and Tools. The SQL feature will install the Database Engine, Replication, Full-Text, and Data Quality Services (DQS) server. The Tools feature will install Management Tools, Books online components, SQL Server Data Tools, and other shared components. 

FEATURES=SQLENGINE,RS,SSMS,ADV_SSMS

; Specify the location where SQL Server Setup will obtain product updates. The valid values are "MU" to search Microsoft Update, a valid folder path, a relative path such as .\MyUpdates or a UNC share. By default SQL Server Setup will search Microsoft Update or a Windows Update service through the Window Server Update Services. 

UpdateSource="MU"

; Displays the command line parameters usage 

HELP="False"

; Specifies that the detailed Setup log should be piped to the console. 

INDICATEPROGRESS="False"

; Specifies that Setup should install into WOW64. This command line argument is not supported on an IA64 or a 32-bit system. 

X86="False"

; Specify the root installation directory for shared components. This directory remains unchanged after shared components are already installed. 

INSTALLSHAREDDIR="C:\Program Files\Microsoft SQL Server"

; Specify the root installation directory for the WOW64 shared components. This directory remains unchanged after WOW64 shared components are already installed. 

INSTALLSHAREDWOWDIR="C:\Program Files (x86)\Microsoft SQL Server"

; Specify a default or named instance. MSSQLSERVER is the default instance for non-Express editions and SQLExpress for Express editions. This parameter is required when installing the SQL Server Database Engine (SQL), Analysis Services (AS), or Reporting Services (RS). 

INSTANCENAME="MSSQLSERVER"

; Specify that SQL Server feature usage data can be collected and sent to Microsoft. Specify 1 or True to enable and 0 or False to disable this feature. 

SQMREPORTING="False"

; Specify the Instance ID for the SQL Server features you have specified. SQL Server directory structure, registry structure, and service names will incorporate the instance ID of the SQL Server instance. 

INSTANCEID="MSSQLSERVER"

; RSInputSettings_RSInstallMode_Description 

RSINSTALLMODE="DefaultNativeMode"

; Specify the installation directory. 

INSTANCEDIR="C:\Program Files\Microsoft SQL Server"

; Agent account name 

AGTSVCACCOUNT="EXAMPLE\sccm"

; Auto-start service after installation. 

AGTSVCSTARTUPTYPE="Manual"

; CM brick TCP communication port 

COMMFABRICPORT="0"

; How matrix will use private networks 

COMMFABRICNETWORKLEVEL="0"

; How inter brick communication will be protected 

COMMFABRICENCRYPTION="0"

; TCP port used by the CM brick 

MATRIXCMBRICKCOMMPORT="0"

; Startup type for the SQL Server service. 

SQLSVCSTARTUPTYPE="Automatic"

; Level to enable FILESTREAM feature at (0, 1, 2 or 3). 

FILESTREAMLEVEL="0"

; Set to "1" to enable RANU for SQL Server Express. 

ENABLERANU="False"

; Specifies a Windows collation or an SQL collation to use for the Database Engine. 

SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS"

; Account for SQL Server service: Domain\User or system account. 

SQLSVCACCOUNT="EXAMPLE\sccm"

; Windows account(s) to provision as SQL Server system administrators. 

SQLSYSADMINACCOUNTS="EXAMPLE\Administrator"

; Provision current user as a Database Engine system administrator for %SQL_PRODUCT_SHORT_NAME% Express. 

ADDCURRENTUSERASSQLADMIN="False"

; Specify 0 to disable or 1 to enable the TCP/IP protocol. 

TCPENABLED="1"

; Specify 0 to disable or 1 to enable the Named Pipes protocol. 

NPENABLED="0"

; Startup type for Browser Service. 

BROWSERSVCSTARTUPTYPE="Automatic"

; Specifies which account the report server NT service should execute under. When omitted or when the value is empty string, the default built-in account for the current operating system.
; The username part of RSSVCACCOUNT is a maximum of 20 characters long and
; The domain part of RSSVCACCOUNT is a maximum of 254 characters long. 

RSSVCACCOUNT="EXAMPLE\sccm"

; Specifies how the startup mode of the report server NT service. When 
; Manual - Service startup is manual mode (default).
; Automatic - Service startup is automatic mode.
; Disabled - Service is disabled 

RSSVCSTARTUPTYPE="Automatic"

F:Path to SQL install media

Mypass1-password for sccm Domain Admin account (created in prevoius step)

PS F:\> .\setup.exe /configurationfile="c:\ConfigurationFile.ini" /sqlsvcpassword="Mypass1"  /agtsvcpassword="Mypass1" /assvcpassword="Mypass1" /issvcpassword="Mypass1" /rssvcpassword="Mypass1"

We need to open ports for SQL Server,1433 (instance connection) and 4022 (Service Broker)

New-NetFirewallRule -Displayname "Allow port 1433" -direction inbound -LocalPort 1433 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 4022" -direction inbound -LocalPort 4022 -Protocol tcp -Action allow

Prior installation,SCCM checks if SQL server’s memory is limited,if not it throws an warning,to suppres it,set memory boundaries for SQL server,open SQL Server management studio:

Untitled7

Right click SQL server name and choose properties:

Untitled8

Set min/max memory:

Untitled9

Installing SCCM 2016 Technical Preview 3

Run splash.hta from installation media

Untitled

Untitled1

Untitled2

Untitled3

Untitled4

Choose path for file needed by SCCM server

Untitled5

Enter Site Code,Name and installation directory

Untitled6