Posts Tagged ‘SCCM 2012’

As example,i used CCleaner,from default location (C:\Program Files\CCleaner) i created shortcut in installation folder, (Right click CCleaner64.exe),if i were using x86 OS i would Right click CCleaner.exe)

Untitled.png

 

 

Untitled

Copy whole CCleaner folder to shared empty folder on SCCM server (i created empty folder install)

create batch script in install folder

Batch will take parameter (Install folder path),exported to %~1 variable,if that path doesn’t exist,it will be created

if not exist "%~1" mkdir "%~1"

rem ~dp0 is current directory (where .bat exists),it will copy all from CCleaner folder to path specified as .bat parameter (parameter will be specified later on),and will copy shortcut to user Desktop

copy /y "%~dp0CCleaner\*.*" "%~1"
copy /y "%~dp0CCleaner\ccleaner.lnk" "%Public%/Desktop"

Don’t forget to share folder install and to give SCCM server computer account Full Control NTFS permissions

Untitled.png

 

You can now deploy CCleaner as Application or as a package

Package = “run a command”
Application = “keep a program installed on this system”

Software Center can deploy and manage both packages and applications, but the Installed Software tab in Software Center only shows applications (a package could be simply a script that was run, not a real application that was installed). The Application Catalog supports both packages and applications, but there is limited information for a package that can be shown to users in the application catalog.

I decided to deploy CCleaner as Application.

From SCCM console click Software Library-Applications-Create Application

Untitled1.png

Click Manually specify the application information

Untitled2.png

Give application name and (optionally) version number

Untitled3.png

Click Next

Untitled4.png

For deployement tipe click Add

Untitled5

Again,click manually

Untitled6.png

Specify app name and click Next

Untitled7.png

Specify path to shared folder where bat file and CCleaner folder is located,

in installation progam type bat file name and parameter (Path for folder where CCleaner files will be located).

Script will check if folder specified in path  (C:\Program Files\CCleaner) exists,if not it first will create it and copy all files from \install\CCleaner folder on SCCM server to C:\Program Files\CCleaner on client computer

Untitled9

Specify how SCCM will check if program we want to deploy already exists,

click Add Clause

Untitled10.png

 

 

 

Untitled11.png

Choose install for system and specify whether app should be installed if user is logged on

Untitled12.png

Now when CCleaner is published,we need to deploy it,right click on app and select Deploy

Untitled13.png

 

Untitled14.png

Choose Distribution Point

Untitled15.png

 

Untitled16.png

 

Untitled17.png

After wizard finishes,CCleaner is available in Application Catalog on client computer,after click Install,it will create folder C:\Program Files\CCleaner

copy all files from CCleaner folder on SCCM server to C:\Program Files\CCleaner on client computer and will throw shortcut to desktop also

 

Untitled18.png

Advertisements

The primary site serves clients in well-connected networks.We can install secondary sites to extend the primary site for managing devices that have slow network connectivity to the primary site.If secondary site is not deployed, clients will submit inventories and download policies to the primary site that may be located in the remote location on a slow link.

You can  install secondary sites in SCCM 2012 in following scenarios:

  • More than 500 clients in a remote location
  • Need a local Management Point
  • Need a local Software Update Point
  • Need a local State Migration Point

 

In this post i simulated situation where 2 site exist,connected via VPN tunnel.I combined GNS3 and VMWare virtual machines.

Untitled0

Guide for creating site to site VPN can be found here.I covered installing primary SCCM site in this post

Preparing server where secondary SCCM 2012 site will be installed

Roles:

Web Server (IIS)

  • Application Development:
    • ISAPI Extensions
  • Security:
    • Windows Authentication
  • IIS 6 Management Compatibility
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility\

Features:

  • Remote Differential Compression
  • BITS
  • .NET Framework 3.5
  • .NET Framework 4

You can install them using this PowerShell code:

install-windowsfeature web-server, Web-App-Dev,web-isapi-ext,web-windows-auth,web-mgmt-compat,web-metabase,web-wmi,rdc,bits,net-framework-core

Open ports 1433 and 4022 (SQL),135 (RPC/WMI) and 445 (SMB)

New-NetFirewallRule -Displayname "Allow port 1433" -direction inbound -LocalPort 1433 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 4022" -direction inbound -LocalPort 4022 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 135" -direction inbound -LocalPort 135 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 445" -direction inbound -LocalPort 445 -Protocol tcp -Action allow

Add SCCM server computer account (SCCM-192.168.10.11) to local administrator group of server where we will install secondary site (SCCM1 -192.168.30.11)

Run next commands on secondary (SCCM1) server

#to which computer SCCM needs to be added to Local Administrators Group

$Group = [ADSI]"WinNT://SCCM1/Administrators"

#computer which needs to be added to Administrator group to SCCM1 server

$Computer = [ADSI]"WinNT://test.com/SCCM$"

#Adding SCCM to Local Administrator groups in SCCM1 

$Group.Add($Computer.Path)

 

Give the Secondary Site computer account (SCCM1) full control of the System Management container. This will allow the Secondary Site Server to publish information about itself to Active Directory

In Active Directory Users and Computers click View-Advanced Features:

Untitled

In Object Types click computers

Untitled1

Add computer account of secondary server ang give it full controll

Untitled2.png

During installing primary site,we are prompted to choose folder where SCCM will download updates,among updates it will download SQL Server Express.

I copied content of this folder to shared folder on secondary  server (SCCM1) ,and gave SCCM and SCCM1 computer account (where main SCCM site is located) Full Control NTFS permissions

In this folder i copied SMSSETUP folder from installation media

Untitled.png

Next,in SMSSETUP folder,create another folder Redist

During installation of primary site,on the Prerequisite Downloads page, wizard ask for folder location where to download the updates

Untitled5

From that location on primary (SCCM) server,copy all files to Redist folder on secondary server (SCCM1)

Untitled0.png

On primary server,from SCCM console click Administration-Sites-Create Secondary Site

Untitled.png

Enter site code,name and server where secondary SCCM site will ne installed

Untitled0.png

Enter path to shared folder where installation files are located

Untitled0.png

New instance of SQL Server Express will be installed

Untitled.png

Because we already installed IIS,don’t check Install and configure IIS,optionally,we can install branch cache,i am using self-signed certificate,it’s not advisable for production

Untitled.png

Specify Drive Space for Distribution Point

Untitled.png

Choose wether or not to set boundry groups.Boundaries represent network locations on the intranet where Configuration Manager clients are located. Boundary groups are logical groups of boundaries that provide clients access to resources

Untitled.png

We can check installation status clicking on “Show Install Status”

Untitled.png

Check sender.log file on primary server

Untitled0.png

And ConfigMgrSetup.log on root drive on secondary server (SCCM1)

Untitled0.png

 

First,download Windows upgrade task sequence-http://blogs.technet.com/cfs-filesystemfile.ashx/__key/telligent-evolution-components-attachments/01-6965-00-00-03-65-10-29/Windows10Upgrade1506.zip and extract it’s content to shared folder-C:\win10_upgrade,in my case, (don’t forget to give SCCM computer account full control NTFS permissions).

Untitled13

In downoladed unziped folder,there is empty Windows vNext Upgrade Media folder

(C:\win10_upgrade\Windows10Upgrade1506\Windows10Upgrade2012R2SP1\Windows vNext Upgrade_files),copy all files from windows 10 installation in that folder

Untitled13
Now import task sequence,located in zip file we’ve just downoloaded

Untitled13

In SCCM console click Software Library-Operating Systems-Task Sequence-Import Task Sequence

Untitled

Point to zipped file marked in previous screenshoot and click Next

Untitled3

After wizard finishes,2 packages will be created

Untitled4

Distribute both packages to distribution point(s)

Right click on package-distribute content

Untitled5

Untitled6

Untitled7

Publishing Task Sequence

Imported Task sequence has following parameters

Untitled8a

Check Readiness: minimum system requirements for Windows

PreSetup: This runs a corresponding Windows PowerShell script (PreSetup.ps1) to perform a variety of necessary actions prior to running Windows Setup (Located in Windows vNext Upgrade Scripts),we downloaded zip which contains these files at beginning

Stage Content: Copy some scripts to a known, local staging directory to be referenced elsewhere in the process.

Untitled8a

Now deploy Task Sequence to Distribution Point(s)

Right click on Task Sequence and click Deploy

Choose collection (i picked All Systems)

Untitled8

Choose whether to make package available or mandatory (required)

Untitled9

Performing upgrade 

Switch to Windows 7 computer,package should be available in Software Center

Untitled10

Untitled11

Untitled12

Untitled8a

Sometime,we need to deploy OS with predefined software,company background,regional setting,etc…

In this post we’ll upload custom OS image to SCCM server and deploy it to client machine.

First,we need to create “capture”  ISO file,wich in fact,is about to “snapshot” current OS setting on client computer and upload it to SCCM later.

In SCCM console click Administration-Task sequence-Create Task Sequence Media

Untitled

Click Capture Media:

Untitled2

Specify where ISO file should be saved:

Untitled3

Specify Boot image (by default SCCM is shipped with 2 boot images X86 and X64) and Distribution Point

Untitled4

After wizard finishes,burn new created ISO to CD/DVD media

Untitled5

and connect it to client computer from which we need to “capture” image from (make sure you have no recovery partition or sysprep will fail),make sure client computer is not domain joined,browse the media and click “launch media”:

Untitled6

Untitled7

For destination,specify shared folder on SCCM server:

Untitled8

Untitled9

Untitled10

Untitled11

After restart,capturing will continue:

Untitled12

Untitled13

Now we need to deploy captured wim file,from SCCM console click Software Library-Operating System-Add operating system image

Untitled14

Untitled15

Right click reference image and Update distributed Points:

Untitled16

And finally,deploy image:

Untitled17

Untitled18

Untitled19

Optionally,we can set computer name during OS Deployement sequence,right click on Unknown computer collection choose properties

Untitled20

and click on Collection Variables tab

Untitled21

Click new and type OSDComputerName

Untitled22

Now create Task Sequence:

Software Library-Task Sequence-Create Task Sequence

Untitled23

Untitled24

Choose boot image:

Untitled25

When prompted,choose custom image we captured from client Windows 10 computer

Untitled26

Select 2-2 (1-1 is just 350 MB partition)

Untitled27

Set parameters for domain join

Untitled28

Select Configuration Manager Client Package (make sure it’s published first)

Untitled29

Untick all options

Untitled30

Choose if you wish to install updates during deployement

Untitled31

Although we specified domain details it simply didn’t work for me,so i added domain join task in Task Sequence

(After Setup and Configuration step)

Untitled33

Now deploy TS:to All Unknown computers collection

Untitled34

Untitled35

Make sure Task Sequence is available to media and PXE

Untitled36

Turn on client computer,press F12 for network boot,double click on OSDComputerName

Untitled36

Set computer name

Untitled36

As you can see,reference image is downloading from SCCM server

Untitled36

Great contributors for this posts were Matija Resimic and Saša Ljubobratović

In this scenario DHCP server and SCCM are on separate servers,so we must first configure DHCP server to give PXE clients information where TFTP server and boot image is located

Untitled

On DHCP server,right click scope options and choose configure options

Untitled

Check 066 Boot server name and enter name of SCCM server

Untitled
Now check 067 Boot File Name and entet path to boot file
Untitled
File is located in RemoteInstall folder,Wdsnbp.com validates the DHCP/PXE response packet and proceeds to download PXEBoot.com (PXEBoot.com downloads Bootmgr.exe and the BCD store)
Untitled

Untitled
In SCCM console click Administration-Distribution Points,right clik on Distribution Point and select Properties
Untitled

In PXE tab enable PXE support (optional,you can set a password)
Untitled
Network Access Account is used during operating system deployment when the computer installing the operating system does not yet have a computer account on the domain.

To configure Network Access Account click Administration-Sites,from ribbon click Configure Site Components and chose Software Distribution

Untitled

Click Network Access Account tab,click Specify account to access network locations and specify account
Untitled
Configuration Manager Client Package can be found under the Packages node of the Software Library and is used during Operating System Deployement (OSD) in the Setup Windows And ConfigMgr step to install the ConfigMgr client.We need to distribute this package.

Click software library-packages right click on Configuration Manager Client Package and from ribbon,click update distribution points
Untitled
Click OK

Untitled
Right click again on package and chose Distribute Content-Chose Distribution Point and select your distribution point
Untitled

Untitled

Now this package should be accessible during OS Deployement,male sure that status is success
Untitled
Now,deploy boot image.During install of SCCM,two boot images are installed x86-X64

Boot images are located in Sofrware Libraries-Operating Systems-Boot Images

Untitled

If you want to install X86 OS,deploy x86 boot image and vice-versa

Right click desired boot image and update distribution point,now click again on boot image,choose Data Source and make sure that Deploy this image from the PXE-enabled distribution point  option is selected
Untitled

Optionally,if you wish to set custom background during OS deployement,you can do it choosing Customization tab and clicking Specify Custom background image file (UNC path),
Untitled
make sure that SCCM computer object has

read-write shared permissions
Untitled

and full control NTFS permissions

Untitled
Deploy boot image right clicking and selecting Distribute content
Untitled
Steps are the same as for distributing Configuration Manager Client Package

Creating Operating System Image

From OS instalation media,from source folder,copy install.wim file and place it in shared folder,SCCM computer object has to have Full control NTFS permission

Click Software Library-Operating Systems,right click Operating System images-Add Operating system images
Untitled

Untitled
Distribute image the same way as boot image and Configuration Manager client package in previous examples

Creating Task Sequence

Task sequences  are used for applying images, configuring windows, installing drivers, installing applications and installing application packages,etc…

Software Libary-Operating Systems,right click Task sequences-Crete Task sequence
Untitled

Install an existing image package

Untitled
Name sequence,and browse to previously deployed boot image (x86/x64)
Untitled

Click next and browse for Operating System image we deployed earlier
Untitled
Uncheck BitLocker Sequence,set Local Administrator Password and click next
Untitled
Enter domain details,but be advised,for me,this step didn’t work,client computer wasn’t domain joined,i’ll post my fix

shortly,click next and select Configuration Manager client package we deployed earlier
Untitled
Uncheck all options and click next
Untitled
Chose weather or not to install updates and click next
Untitled
If you previously deployed any application/package,specify it here to be installed alongside with OS
Untitled

After Task sequence is created,right click on it and chose edit
Untitled
Click on last entry under Setup Operating System,Add-General-Join Domain or workgroup
Untitled
Enter Domain Details and click OK
Untitled
Now we need to deploy this task sequence

Right click on sequence and chose Deploy
Untitled
For collection click browse and select All unknown computers
Untitled
Click Next and select Configuration Manager Client,Media and PXE
Untitled
Click Next on remaining windows.

Now power on client computer,press F 12,if you set PXE password,enter when prompted
Untitled
Chose Task sequence and click next
Untitled
Untitled

SCCM 2016 Main features:

Support for Windows 10

Support for running Configuration Manager in the cloud—specifically on Azure VMs

Physical sites may have multiple management points assigned in a network boundary

To install SCCM 2016,a lot of prerequisites have to be meet

Creating container in AD 

In AD container SCCM will publish object which need to be published in Active Directory.

I used PS script to create container

# Get the distinguished name of the Active Directory domain
$DomainDn = ([adsi]"").distinguishedName
# Build distinguished name path of the System container
$SystemDn = "CN=System," + $DomainDn
# Retrieve a reference to the System container using the path we just built
$SysContainer = [adsi]"LDAP://$SystemDn"
# Create a new object inside the System container called System Management, of type "container"
$SysMgmtContainer = $SysContainer.Create("Container", "CN=System Management")
# Commit the new object to the Active Directory database
$SysMgmtContainer.SetInfo()

Setting permissions on the System Management container

Setting permissions allows SCCM site servers to publish site information to the container

Open Active Directory Users And Computers (start-run-dsa.msc) ,click on Advanced Features

Untitled10.

Expand System Folder,right click System Manager and click Delegare Control

Untitled

Click on Add, on select users,computers or groups window click on Object Types and check for Computers as object types. Click on OK. Type the name of the SCCM server computer account and click on OK.

Untitled1

Untitled2

Click create custom task to delegate

Untitled3

Make sure This folder,existing objects in this folder,and creation of new objects in this folder is selected and click next

Untitled4

Untitled5

choose General, Property Specific and Creation/deletion of specific child objects. For the permissions, click on Full Control

Extending AD schema

SCCM uses AD to publish information about its sites and services, making it easily accessible to Active Directory clients. To leverage AD, we must extend the schema to create classes of objects specific to SCCM.

Navigate to \SMSSETUP\Bin\X64 folder and run extadsch.exe

Untitled6

Installing Windows Features

For SCCM to work we need to install IIS,Net Framework 3.5,Background Intelligent Transfer (BITS),Windows Update Service,Common HTTP Features – Default Document, Static Content,Application Development – ASP.NET 3.5, .NET Extensibility 3.5, ASP.NET 4.5, .NET Extensibility 4.5, ISAPI extensions,Security – Windows Authentication,IIS 6 Management Compatibility – IIS Management Console, IIS 6 Metabase Compatibility, IIS 6 WMI Compatibility, IIS Management Scripts and Tools:

install-windowsfeature web-server,net-framework-features,bits,rdc,web-net-ext,web-net-ext45,web-wmi,web-scripting-tools,web-windows-auth,updateservices

Then install Windows Assessment and Deployment Kit (for windows 8.1 or Windows 10),choose component as per picture

Untitled7

Installing SQL Server 2014

For SQL Service Accounts,(SQL Server Agent,SQL Server Database Engine,SQL Server Reporting Service) best practice is to use domain account created only for this purpose

New-ADUser -Name sccm -UserPrincipalName sccm@example.com -DisplayName sccm1 -AccountPass
word (ConvertTo-SecureString "Pass1" -AsPlainText -Force) -ChangePasswordAtLogon $false -Enabled $true

add-adgroupmember -identity "Domain Admins" -members "sccm"


For installing SQL Server,i used ini file:
;SQL Server 2014 Configuration File
[OPTIONS]

IACCEPTSQLSERVERLICENSETERMS="True"

; Specifies a Setup work flow, like INSTALL, UNINSTALL, or UPGRADE. This is a required parameter. 

ACTION="Install"

; Use the /ENU parameter to install the English version of SQL Server on your localized Windows operating system. 

ENU="True"

 
; Setup will not display any user interface. 

QUIET="True"

; Setup will display progress only, without any user interaction. 

QUIETSIMPLE="False"

; Specify whether SQL Server Setup should discover and include product updates. The valid values are True and False or 1 and 0. By default SQL Server Setup will include updates that are found. 

UpdateEnabled="True"

; Specify if errors can be reported to Microsoft to improve future SQL Server releases. Specify 1 or True to enable and 0 or False to disable this feature. 

ERRORREPORTING="False"

; If this parameter is provided, then this computer will use Microsoft Update to check for updates. 

USEMICROSOFTUPDATE="False"

; Specifies features to install, uninstall, or upgrade. The list of top-level features include SQL, AS, RS, IS, MDS, and Tools. The SQL feature will install the Database Engine, Replication, Full-Text, and Data Quality Services (DQS) server. The Tools feature will install Management Tools, Books online components, SQL Server Data Tools, and other shared components. 

FEATURES=SQLENGINE,RS,SSMS,ADV_SSMS

; Specify the location where SQL Server Setup will obtain product updates. The valid values are "MU" to search Microsoft Update, a valid folder path, a relative path such as .\MyUpdates or a UNC share. By default SQL Server Setup will search Microsoft Update or a Windows Update service through the Window Server Update Services. 

UpdateSource="MU"

; Displays the command line parameters usage 

HELP="False"

; Specifies that the detailed Setup log should be piped to the console. 

INDICATEPROGRESS="False"

; Specifies that Setup should install into WOW64. This command line argument is not supported on an IA64 or a 32-bit system. 

X86="False"

; Specify the root installation directory for shared components. This directory remains unchanged after shared components are already installed. 

INSTALLSHAREDDIR="C:\Program Files\Microsoft SQL Server"

; Specify the root installation directory for the WOW64 shared components. This directory remains unchanged after WOW64 shared components are already installed. 

INSTALLSHAREDWOWDIR="C:\Program Files (x86)\Microsoft SQL Server"

; Specify a default or named instance. MSSQLSERVER is the default instance for non-Express editions and SQLExpress for Express editions. This parameter is required when installing the SQL Server Database Engine (SQL), Analysis Services (AS), or Reporting Services (RS). 

INSTANCENAME="MSSQLSERVER"

; Specify that SQL Server feature usage data can be collected and sent to Microsoft. Specify 1 or True to enable and 0 or False to disable this feature. 

SQMREPORTING="False"

; Specify the Instance ID for the SQL Server features you have specified. SQL Server directory structure, registry structure, and service names will incorporate the instance ID of the SQL Server instance. 

INSTANCEID="MSSQLSERVER"

; RSInputSettings_RSInstallMode_Description 

RSINSTALLMODE="DefaultNativeMode"

; Specify the installation directory. 

INSTANCEDIR="C:\Program Files\Microsoft SQL Server"

; Agent account name 

AGTSVCACCOUNT="EXAMPLE\sccm"

; Auto-start service after installation. 

AGTSVCSTARTUPTYPE="Manual"

; CM brick TCP communication port 

COMMFABRICPORT="0"

; How matrix will use private networks 

COMMFABRICNETWORKLEVEL="0"

; How inter brick communication will be protected 

COMMFABRICENCRYPTION="0"

; TCP port used by the CM brick 

MATRIXCMBRICKCOMMPORT="0"

; Startup type for the SQL Server service. 

SQLSVCSTARTUPTYPE="Automatic"

; Level to enable FILESTREAM feature at (0, 1, 2 or 3). 

FILESTREAMLEVEL="0"

; Set to "1" to enable RANU for SQL Server Express. 

ENABLERANU="False"

; Specifies a Windows collation or an SQL collation to use for the Database Engine. 

SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS"

; Account for SQL Server service: Domain\User or system account. 

SQLSVCACCOUNT="EXAMPLE\sccm"

; Windows account(s) to provision as SQL Server system administrators. 

SQLSYSADMINACCOUNTS="EXAMPLE\Administrator"

; Provision current user as a Database Engine system administrator for %SQL_PRODUCT_SHORT_NAME% Express. 

ADDCURRENTUSERASSQLADMIN="False"

; Specify 0 to disable or 1 to enable the TCP/IP protocol. 

TCPENABLED="1"

; Specify 0 to disable or 1 to enable the Named Pipes protocol. 

NPENABLED="0"

; Startup type for Browser Service. 

BROWSERSVCSTARTUPTYPE="Automatic"

; Specifies which account the report server NT service should execute under. When omitted or when the value is empty string, the default built-in account for the current operating system.
; The username part of RSSVCACCOUNT is a maximum of 20 characters long and
; The domain part of RSSVCACCOUNT is a maximum of 254 characters long. 

RSSVCACCOUNT="EXAMPLE\sccm"

; Specifies how the startup mode of the report server NT service. When 
; Manual - Service startup is manual mode (default).
; Automatic - Service startup is automatic mode.
; Disabled - Service is disabled 

RSSVCSTARTUPTYPE="Automatic"

F:Path to SQL install media

Mypass1-password for sccm Domain Admin account (created in prevoius step)

PS F:\> .\setup.exe /configurationfile="c:\ConfigurationFile.ini" /sqlsvcpassword="Mypass1"  /agtsvcpassword="Mypass1" /assvcpassword="Mypass1" /issvcpassword="Mypass1" /rssvcpassword="Mypass1"

We need to open ports for SQL Server,1433 (instance connection) and 4022 (Service Broker)

New-NetFirewallRule -Displayname "Allow port 1433" -direction inbound -LocalPort 1433 -Protocol tcp -Action allow
New-NetFirewallRule -Displayname "Allow port 4022" -direction inbound -LocalPort 4022 -Protocol tcp -Action allow

Prior installation,SCCM checks if SQL server’s memory is limited,if not it throws an warning,to suppres it,set memory boundaries for SQL server,open SQL Server management studio:

Untitled7

Right click SQL server name and choose properties:

Untitled8

Set min/max memory:

Untitled9

Installing SCCM 2016 Technical Preview 3

Run splash.hta from installation media

Untitled

Untitled1

Untitled2

Untitled3

Untitled4

Choose path for file needed by SCCM server

Untitled5

Enter Site Code,Name and installation directory

Untitled6