You are previewing Microsoft® System Center Configuration Manager 2007 Administrators Companion.
O'Reilly logo
Microsoft® System Center Configuration Manager 2007 Administrators Companion

Book Description

Get the definitive guide for administering System Center Configuration Manager 2007 straight from an expert. This comprehensive reference delivers all the information you need to plan, design, deploy, and manage mission-critical software updates and help maximize your organization s productivity. This comprehensive administrator s reference drills into Configuration Manager 2007 features and capabilities for change and configuration management for Windows® based desktop and server systems, providing easy-to-follow procedures, practical workarounds, and key troubleshooting tactics for everyday, on-the-job results. The author, a Configuration Manager 2007 expert who has written extensively about the technology, provides in-depth information for remotely installing, administering, diagnosing, and troubleshooting applications, and deploying patches, monitoring system usage, and tracking assets must-know details for protecting and optimizing your technology investment. The companion CD features a fully searchable eBook and job aids.

Delivers expert, end-to-end guidance from a leading System Center Configuration Manager expert

Features easy-to-follow procedures, practical workarounds, and key troubleshooting tactics

Includes a fully searchable eBook and job aids on CD

Table of Contents

  1. Microsoft® System Center Configuration Manager 2007 Administrator’s Companion
  2. Dedication
  3. A Note Regarding Supplemental Files
  4. Acknowledgments
  5. Introduction
    1. Part I: Planning, Deploying, and Configuring
    2. Part II: Managing Clients
    3. Part III: Site Database Management
    4. Part IV: Appendixes
    5. How to Use This Book
      1. System Requirements
      2. About the Companion CD
      3. Support
  6. I. Planning, Deploying, and Configuring
    1. 1. Introducing Microsoft System Center Configuration Manager 2007
      1. What Is System Center Configuration Manager 2007?
      2. What’s Changed Since System Management Server 2003?
        1. New Features
        2. Integrated Features
        3. Enhanced Features
        4. Security and Site Modes
      3. Features and Functions of Configuration Manager
        1. Inventory and Resource Management
        2. Diagnosis and Troubleshooting
          1. System Monitor
          2. Remote Tools
          3. Logs and Status Messages
          4. Reports
        3. Computer Configuration Management
        4. Security
      4. Key Elements of Configuration Manager
        1. Configuration Manager Client
        2. Configuration Manager Site
        3. Configuration Manager Site Server
        4. Configuration Manager Site System
        5. Configuration Manager Console
        6. Configuration Manager Site Hierarchy
      5. Summary
    2. 2. Planning for and Deploying Configuration Manager Sites
      1. Planning for Configuration Manager Sites
        1. Preplanning Phase
          1. Examine and Document Your Current Computing Environment
          2. Identify Business and Technical Needs
          3. Create a Test Lab
        2. Planning Phase
          1. Active Directory Planning
          2. Checkpoints for Extending the Active Directory Schema for Configuration Manager
        3. Site Mode Considerations
          1. Mixed Mode
          2. Native Mode
          3. Checkpoints for Planning Configuration Manager Installations
      2. Preinstallation Requirements
        1. General Site Server Prerequisites
        2. Site Database Server Prerequisites
        3. SMS Provider Prerequisites
        4. Configuration Manager Console Prerequisites
        5. Downloading Client Setup Prerequisites
        6. Configuration Manager Setup Prerequisites
      3. Configuration Manager Setup Options
        1. Configuration Manager Setup Command-Line Options
        2. Using the Configuration Manager Setup Wizard
          1. Configuration Manager Setup Wizard Installation Settings Options
            1. Configuration Manager Simple Setup
            2. Configuration Manager Custom Setup
        3. Performing Unattended Configuration Manager Installations
      4. Installing Configuration Manager Primary Sites
        1. Primary Site Installation Using the Configuration Manager Setup Wizard
          1. Configuration Manager Setup Wizard Pages for Installing Primary Sites
        2. Configuration Manager Primary Site Unattended Installation
      5. Installing Configuration Manager Secondary Sites
        1. Secondary Site Installation Using the Configuration Manager Setup Wizard
        2. Secondary Site Installation Using the Configuration Manager Console
        3. Secondary Site Unattended Installation
      6. Installing Configuration Manager Consoles
        1. Configuration Manager Console Installation Using the Configuration Manager Setup Wizard
        2. Configuration Manager Console Unattended Installation
          1. Checkpoints for Installing Configuration Manager Sites and Consoles
      7. Navigating the Configuration Manager Console
      8. Modifying the Installation
        1. Address Properties
        2. Boundaries
        3. Client Agents
        4. Client Installation Methods
        5. Component Configuration
        6. Discovery Methods
        7. Site Maintenance
          1. Checkpoints for Navigating the Configuration Manager Console
      9. Removing Configuration Manager Installations
        1. Uninstalling Primary Sites
        2. Uninstalling Secondary Sites
        3. Uninstalling Configuration Manager Consoles
          1. Checkpoints for Removing Configuration Manager Installations
      10. Summary
    3. 3. Configuring Site Server Properties and Site Systems
      1. Defining and Configuring the Configuration Manager Site
        1. Configuring Site Properties
          1. The General Tab
          2. The Wake On LAN Tab
          3. The Ports Tab
          4. The Advanced Tab
          5. The Site Mode Tab
          6. The Security Tab
        2. Site Settings
      2. The Site Configuration Process Flow
      3. Monitoring Status and Flow
        1. Status Messages
        2. Log Files
          1. Enabling Configuration Manager Log Files
      4. Defining and Configuring Site Systems
        1. Site System Connection Accounts
        2. Assigning Site System Roles
        3. Distribution Points
          1. BITS-Enabled Distribution Points
          2. Protected Distribution Points
          3. Branch Distribution Points
        4. Management Points
          1. Management Point Component Configuration
          2. Proxy Management Points
        5. Reporting Points
        6. Server Locator Points
        7. Fallback Status Points
      5. Checkpoints
        1. Planning and Identifying Site Systems
        2. Disk Space
      6. Summary
    4. 4. Implementing Multiple-Site Structures
      1. Defining Parent-Child Relationships
        1. Installing a Secondary Site
          1. Installing the Secondary Site from Its Parent Primary Site
          2. Installing the Secondary Site Locally from the Configuration Manager CD
          3. The Secondary Site Installation Process Flow
          4. Differences in Installation Between Primary and Secondary Sites
          5. Uninstalling a Secondary Site
        2. Implementing a Parent-Child Relationship Between Primary Sites
          1. Creating an Address
          2. Creating an Address to Another Site
          3. Identifying the Parent Site
      2. Implementing Site Hierarchies
        1. Network Performance
        2. Client Components
        3. Location and Number of Clients
        4. International Site Considerations
        5. Administrative Model
        6. Active Directory Domain Model
      3. Communicating Through Senders
        1. Sender Process Flow
        2. Defining a Sender
        3. Courier Sender
      4. Summary
    5. 5. Upgrading to Configuration Manager
      1. Planning the Site Structure
      2. Maintaining Mixed Sites within the Same Site Structure
        1. Site Version Considerations
        2. Site Administration Considerations
      3. Upgrading to Configuration Manager 2007
        1. Preparing to Upgrade
          1. Setup Prerequisite Checker
          2. Client Prerequisite Component Downloader
        2. Upgrading Primary Sites
          1. In-Place Upgrade Method
          2. Side-by-Side Upgrade Method
        3. Upgrading Secondary Sites
          1. Upgrading Secondary Sites Using the Configuration Manager Console
          2. Upgrading Secondary Sites Using Configuration Manager Setup
        4. Upgrading Administrator Consoles
      4. Post-Upgrade Tasks
      5. Summary
    6. 6. Analysis and Troubleshooting Tools
      1. Working with Status Messages
        1. Viewing Site Status Messages
        2. Setting Status Message Viewer Options
          1. The Status Viewer Options Dialog Box
            1. The General Tab
            2. The Columns Tab
            3. The Export Tab
            4. The Font Tab
          2. Filter Options
      2. Understanding Status Summarizers
        1. Display Interval
        2. Status Message Thresholds
        3. Configuring Status Summarizers
          1. Component Status Summarizer
          2. Site System Status Summarizer
          3. Advertisement Status Summarizer
      3. Filtering Status Messages
        1. Configuring Status Reporting Properties
        2. Status Filter Rules
      4. Working with Status Message Queries
      5. Status Message Process Flow
        1. Reporting Status on Site Servers and Site Systems
        2. Reporting Status from Clients
        3. Reporting Status to the Configuration Manager Database
      6. Using Configuration Manager Service Manager
      7. Using Windows System Monitor with Configuration Manager
        1. Using System Monitor
          1. Creating a System Monitor Chart
          2. Creating a System Monitor Log
          3. Viewing a Log File
        2. Configuration Manager Specific Objects and Counters
      8. Summary
  7. II. Managing Clients
    1. 7. Discovering Resources
      1. Understanding Discovery
      2. Examining Resource Discovery Methods
        1. Network Discovery
          1. Enabling Network Discovery
          2. Network Discovery Process
          3. Checkpoints for Using Network Discovery
        2. Heartbeat Discovery
          1. Enabling Heartbeat Discovery
          2. Checkpoints for Using Heartbeat Discovery
        3. Active Directory Discovery Methods
          1. Enabling and Configuring an Active Directory Discovery Method
          2. Checkpoints for Using an Active Directory Discovery Method
      3. Discovery Data Manager
      4. Summary
    2. 8. Configuration Manager Client Installation
      1. Introduction
      2. Planning for Client Installation
        1. Understanding and Configuring Boundaries
        2. Understanding and Configuring Client Approval
        3. Choosing Client Installation Methods
        4. Choosing Client Agents to Enable
      3. Preparing for Client Deployment
        1. Client Prerequisites for Client Deployment
        2. Server Prerequisites for Client Deployment
          1. Management Point
          2. Server Locator Point
          3. Fallback Status Point
            1. Installing and Configuring the Fallback Status Point
            2. How to Configure Clients to Use the Fallback Status Point
      4. Installing Clients Using Client Push Installation
        1. Preparing for Client Push Installation
        2. Using the Client Push Installation Wizard
      5. Overview of Other Available Client Installation Methods
        1. Software Update Point Based Installation
        2. Group Policy Installation
        3. Manual Installation
        4. Logon Script Installation
        5. Software Distribution Upgrade Installation
        6. Installation Using Computer Imaging
      6. Understanding the Client Deployment Process
        1. The Client Installation Process
        2. The Client Assignment Process
          1. Site Assignment
            1. Manual Site Assignment
            2. Automatic Site Assignment
          2. Site Compatibility Check
          3. Locating the Default Management Point
            1. Active Directory Domain Services
            2. DNS
            3. Server Locator Point
            4. WINS
          4. Locating Site Mode and Related Settings
      7. Managing the Configuration Manager Client
        1. Removing the Configuration Manager Client
        2. Understanding the Configuration Manager Client in Control Panel
          1. The Configuration Manager Icon
            1. General Tab
            2. Components Tab
            3. Actions Tab
            4. Advanced Tab
            5. Updates Tab
            6. Configurations Tab
          2. Internet Tab
        3. Using Client Deployment Reports
      8. Checkpoints for Client Deployment
      9. Summary
    3. 9. Defining Collections
      1. Defining Collections
        1. Collection Membership
        2. Predefined Collections
      2. Creating Collections
        1. Creating a Direct Membership Collection
        2. Creating a Query-Based Collection
        3. Creating Subcollections
        4. Unlinking Subcollections
      3. Updating Collections
        1. Forcing an Update
          1. Updating All Collections
          2. Updating an Individual Collection
        2. Deleting a Collection
        3. Assigning a Maintenance Window to a Collection
        4. Collection Evaluator Update Process Flow
        5. Status Messages
      4. Collections and the Configuration Manager Site Hierarchy
      5. Checkpoints
      6. Summary
    4. 10. Collecting Inventory
      1. Hardware Inventory
        1. Enabling Hardware Inventory
          1. Client Requirements and Inventory Frequency
        2. Hardware Inventory Collection Process Flow
        3. Hardware Resynchronization
        4. Status Messages and Log Files for Hardware Inventory
        5. Viewing Hardware Inventory
        6. Customizing Hardware Inventory
          1. SMS_def.mof and configuration.mof
          2. MIF Files
            1. Creating a NOIDMIF
            2. Creating an IDMIF
            3. Viewing an IDMIF
      2. Software Inventory
        1. Enabling Software Inventory
          1. Client Requirements and Inventory Frequency
        2. Software Inventory Collection Process Flow
        3. Software Resynchronization
        4. Status Messages and Log Files for Software Inventory
        5. Viewing Software Inventory
      3. Asset Intelligence
        1. Asset Intelligence Reports
      4. Summary
    5. 11. Distributing Software Packages
      1. Defining Package Distribution
        1. Understanding Package Distribution Terminology
        2. Preparing for Package Distribution
      2. Creating Packages for Distribution
        1. Gathering Source Files
        2. Creating a Package from Scratch
          1. Defining Access Accounts
          2. Defining Distribution Points
          3. Creating Programs
        3. Creating a Package from a Definition File
        4. Package Distribution Process Flow
      3. Configuring the Software Distribution Component
      4. Distributing Software from a Resource
      5. Creating an Advertisement
      6. Configuring the Client Agent
        1. Running Advertised Programs on Clients
          1. Run Advertised Programs
          2. Program Download Monitor
        2. Managing the Configuration Manager Client Download Cache
        3. Advertised Programs Process Flow
      7. Monitoring Status
      8. Working with Branch Distribution Points
        1. Creating a Branch Distribution Point
        2. Managing Branch Distribution Points
      9. Checkpoints
      10. Summary
    6. 12. Deploying Operating Systems
      1. Understanding the Working Components of Operating System Deployment
      2. Understanding Task Sequences
      3. Creating an Image for Deployment
        1. Understanding Boot Images
        2. Understanding Operating System Images
        3. Configuring a Reference Computer
        4. Editing the Reference Computer Task Sequence
        5. Advertising the Task Sequence to the Reference Computer
      4. Deploying the Operating System Image
        1. Distribute the Operating System Image
        2. Deploying the Operating System Image to Target Computers
          1. Create the Deployment Task Sequence
        3. Editing the Deployment Task Sequence
        4. Advertising the Deployment Task Sequence to the Target Computers
        5. Monitoring Status
      5. Manual Deployment Methods
      6. Checkpoints
      7. Summary
    7. 13. Deploying Software Updates
      1. The Need for Effective Software Updates Management
      2. Introduction to the Software Updates Management Process
        1. The Microsoft Operations Framework
        2. The Microsoft-Recommended Software Updates Management Process
      3. Preparing for Software Updates Management
        1. Identifying IT Assets
        2. Inventorying IT Assets
        3. Configuring IT Assets
        4. Building the Configuration Manager Software Updates Infrastructure
          1. Establishing and Training the Software Updates Management Team
      4. The Four-Phase Software Updates Management Process
        1. The Assess Phase
          1. Inventorying and Discovering Existing Computing Assets
          2. Assessing Security Threats and Vulnerabilities
          3. Determining the Best Source for Information about Software Updates
          4. Assessing the Existing Software Updates Infrastructure
          5. Assessing Operational Effectiveness
          6. Leaving the Assess Phase and Moving to the Identify Phase
        2. The Identify Phase
          1. Discovering New Software Updates Reliably
          2. Determining Whether Software Updates Are Relevant
          3. Obtaining and Verifying Software Update Source Files
          4. Determining the Nature of the Software Update and Submitting a Request for Change
          5. Leaving the Identify Phase and Moving to the Evaluate & Plan Phase
        3. The Evaluate & Plan Phase
          1. Determining the Appropriate Response
          2. Planning the Release
          3. Building the Release
          4. Conducting Acceptance Testing
          5. Leaving the Evaluate & Plan Phase and Moving to the Deploy Phase
        4. The Deploy Phase
          1. Preparing the Deployment
          2. Deploying the Software Update to Targeted Computers
          3. Reviewing the Implementation
          4. Leaving the Deploy Phase
      5. Integrating Configuration Manager 2007 into the Software Updates Management Process
        1. Software Updates General Requirements
        2. Software Updates Client Agent Settings
        3. The Software Update Point
          1. Choosing the Software Update Point Computer
          2. WSUS 3.0 Installation
          3. Software Update Point Site System Role
        4. Software Updates Synchronization
        5. Scanning for Software Updates Compliance
        6. Completing the Software Updates Infrastructure
      6. Software Updates Fundamentals
        1. Preparing for the Deployment
          1. Deployment Templates
          2. Deployment Package
            1. Strategies for Managing Deployment Packages
            2. Preparing the Package Source Folders
          3. The Update List
            1. Creating the Update List
        2. Deploying Software Updates
          1. Creating the Software Update Deployment
          2. Monitoring the Progress of the Deployment
      7. Responding to Emergencies
        1. Releases with Accelerated Timelines
        2. Halting a Software Update Deployment
        3. Rolling Back Software Updates
      8. Creating and Publishing Custom Updates
      9. Checkpoints
      10. Summary
    8. 14. Implementing Desired Configuration Management
      1. The Need for Desired Configuration Management
      2. Understanding the Components of Desired Configuration Management
        1. Configuration Items
        2. Configuration Baselines
      3. Preparing to Use Desired Configuration Management
        1. Enabling Desired Configuration Management
      4. Using Desired Configuration Management
      5. Organizing Configuration Data
        1. Folders
        2. Search Folders
        3. Configuration Categories
      6. Understanding Compliance Evaluation
      7. How to View Compliance Results in Desired Configuration Management
        1. The Desired Configuration Management Home Page
        2. Using Reports to View Compliance
        3. Viewing Compliance Directly at the Client Computer
      8. Remediating Noncompliant Computers
        1. Creating a Collection of Noncompliant Computers
      9. Checkpoints for Using Desired Configuration Management
      10. Summary
    9. 15. Implementing Network Access Protection
      1. Understanding Network Access Protection
        1. The Many Layers of Network Access Protection
        2. The Network Policy Server
        3. Remediating Noncompliant Configuration Manager Clients
      2. Planning for Network Access Protection in Configuration Manager
        1. Confirm the Windows Network Access Protection Infrastructure
        2. Extend the Active Directory Schema
        3. Decide on Server Placement for the System Health Validator Points
        4. Identify and Configure Firewalls
        5. Confirm Software Updates Operation
        6. Engage Other Business Groups
        7. Educate Your Users
        8. Identify Users and Computers That Need Exemptions
          1. Checkpoints for Identifying Which Clients Can Support Network Access Protection
      3. Implementing Network Access Protection in Configuration Manager
        1. Creating and Configuring the System Health Validator Point
          1. Installing a System Health Validator Point
          2. Configuring the System Health Validator Points
        2. Enabling and Configuring Network Access Protection Client Settings
          1. Checkpoints for Enabling Network Access Protection in Configuration Manager
        3. Creating and Managing Network Access Protection Policies
        4. Monitoring Network Access Protection
          1. Using the Network Access Protection Home Page to Monitor Network Access Protection
          2. Using Reports to Monitor Network Access Protection
          3. Using Performance Counters and Event Logs to Monitor Network Access Protection
          4. Using Log Files to Monitor Network Access Protection
          5. Checkpoints for Phasing in Network Access Protection
      4. Summary
    10. 16. Managing Clients Across the Internet
      1. Understanding Internet-Based Client Management
        1. Checkpoints for Managing Internet-Based Clients
        2. Planning for Internet-Based Client Management
        3. Implementing Internet-Based Client Management
        4. Checkpoints for Using Internet-Based Client Management
      2. Summary
    11. 17. Managing Clients Remotely
      1. Configuring a Client for Remote Control
        1. Client System Requirements
        2. Configuring the Remote Tools Client Agent
        3. Setting Remote Options at the Client System
      2. Exploring Remote Tools Functions
        1. Running Diagnostic Tools for Windows Clients
      3. Remote Tools Session Process Flow
      4. Monitoring Status and Flow
        1. Monitoring Configuration
        2. Monitoring a Remote Tools Session
      5. Remote Assistance and Remote Desktop Support
      6. Checkpoints
      7. Summary
    12. 18. Monitoring Software Usage with Software Metering
      1. Understanding Software Metering
      2. Software Metering Process Flow
      3. Configuring Software Metering
        1. Configuring the Software Metering Client Agent
        2. Configuring Software Metering Rules
        3. Creating a Software Metering Rule
        4. Automatically Generating Software Metering Rules
        5. Enabling and Disabling a Software Metering Rule
        6. Summarizing Data
      4. Running Software Metering Reports
      5. Checkpoints
      6. Summary
  8. III. Site Database Management
    1. 19. Extracting Information Using Queries and Reports
      1. Working with Queries
        1. Query Elements
        2. Creating a Query
          1. Modifying a Query
          2. Combining Attributes
          3. Viewing the Query Language
          4. Creating Prompted Queries
        3. Executing Queries
      2. Working with Reports
        1. Using Reports
          1. Creating and Modifying a Report
          2. Copying an Existing Report
          3. Importing and Exporting Reports
          4. Scheduling a Report
          5. Running a Report
        2. Using Dashboards
          1. Creating a Dashboard
          2. Running a Dashboard
      3. Checkpoints for Using Queries and Reports
      4. Summary
    2. 20. Configuration Manager 2007 Security
      1. Security Planning and Considerations
        1. Basic Security Configurations
        2. Security Planning
          1. Native Mode versus Mixed Mode
          2. Publishing to Active Directory Domain Services
          3. Configuring Additional Accounts
          4. Administration Models
        3. Privacy Planning
      2. Certificates and PKI Security
        1. Site Server Signing Certificate
        2. Client and Site System Certificates
          1. Client Certificates
          2. Site System Certificates
          3. Mobile Device Clients
        3. Operating System Deployment Certificates
        4. Deploying the Certificates
      3. Security Controls in Configuration Manager
        1. Network Security Controls
          1. Firewalls
          2. IPsec
          3. DCOM
          4. WMI Security
          5. Group Policy
        2. Access Control Lists
        3. Auditing
        4. Configuration Manager Object Security
          1. Classes and Instances
          2. Common Object Rights
          3. Special Object Rights
            1. Special Rights on Collection Objects
            2. Special Rights on Site Objects
            3. Special Rights for Operating System Deployment Objects
            4. Special Rights on Configuration Items
          4. Delegating Object Rights
            1. Using the ConfigMgr User Wizard
            2. Granting Rights to Security Groups
            3. Granting Rights Using the Object Properties
            4. Cloning Users
            5. Role-Based Access Control
        5. Account Security
          1. Accounts in Sites with Multiple Forests
            1. Site Systems Supporting Internet-Based Clients
            2. Network Policy Servers for Network Access Protection
            3. Other Site Systems
            4. Maintaining Site Systems in Other Forests
          2. Accounts Used for Task Sequences
          3. Client Push Installation
          4. Proxy Accounts
          5. Configuration Manager Groups
          6. Database Roles
          7. Accounts Used by Humans
          8. Checkpoints for Configuring Accounts Correctly
      4. Custom Configuration Manager Consoles
      5. Summary
    3. 21. Backing Up and Recovering the Site
      1. Database Maintenance
        1. General Maintenance Tasks
        2. Daily Maintenance Tasks
        3. Weekly Maintenance Tasks
        4. Monthly Maintenance Tasks
      2. Scheduling Maintenance Tasks
        1. Scheduling SQL Commands
        2. Scheduling Tasks
      3. Backing Up the Site Through Configuration Manager
        1. Backing Up the Site Server
          1. The Backup Control File
          2. Configuring Backup ConfigMgr Site Server
      4. Recovering Configuration Manager Sites
        1. Recovering the Site Database
        2. Recovering the Site Server
      5. Using the Configuration Manager Site Repair Wizard
      6. Restoring Site Systems
      7. Summary
    4. 22. Maintaining the Configuration Manager Database through SQL Server
      1. SQL Server Components
        1. Creating a Database in SQL Server 2005
      2. Configuration Manager Database Components
      3. SQL Server Management Tools
      4. Database Maintenance
        1. Commands Used for Performing Essential Maintenance Tasks
        2. Executing a Maintenance Command Using SQL Server 2005
      5. Backing Up and Restoring the Database
        1. Backing Up and Restoring Using SQL Server 2005
      6. Modifying SQL Server Parameters
        1. Modifying Parameters for SQL Server 2005
      7. Using SQL Replication to Enhance Configuration Manager Site Performance
      8. Summary
  9. IV. Appendixes
    1. A. Recommended Web Sites
    2. B. Backup Control File
    3. C. Understanding Windows Management Instrumentation
  10. Glossary
  11. D. About the Author
  12. Index
  13. About the Authors
  14. Copyright