Update – 01/11/12: Added WAIK installation notes and download link.
Update – 01/12/12: Updated WSUS install script to not store content locally.
Update – 01/13/12: Fixed scripts – changed " to “.
I found an excellent guide to installing SCCM 2007; but wanted to re-blog my own experience of installation and getting things ready for Windows 7 Operating System Deployment. Please understand that I’m sure I’ve done things wrong and would -love- your help with shortening this process through automation and scripting, better understandings and explanations, corrections, etc. Leave a comment and I’ll reply and edit the post as best I can. I’ll promise to add credit\links as appropriate.
The scope of this blog post is installation-only. Configuration information will be found in a follow-up post.
- Active Directory Environment
- An IP Address with DNS entry for the SCCM server
- DHCP Server
- A blank Windows Server 2008 R2 VM
Prereqs – Install Media and Downloads
- SQL Server 2008 with latest SP and CU
- WSUS Installer with latest SP
- SCCM Install media
- SCCM SP2 if not slipstreamed
- SCCM R3 Install media
- SCCM R3 Prerequisite Hotfix KB933784
- Windows Automated Installation Kit (AIK) for Windows 7
- Windows Automated Installation Kit (AIK) Supplement for Windows 7 SP1
- Create a domain group called “SCCM Admins” and add your user account to this group. Make this domain group a member of the server’s local administrators group.
- Create a domain account and add it to the “SCCM Admins” group. I also added it to the “Domain Admins” group during SCCM testing as a shortcut. This is not the best practice. It must have local admin on the SCCM server and your clients.
- Create 3 extra volumes on your VM’s
- D: – SQL Data
- E: – SQL Logs
- F: – Shares
- Create the following folder structure on the F: shares volume
- Here’s a quick script:
MKDIR F:\sccm_downloads MKDIR F:\Shares MKDIR F:\Shares\Source MKDIR F:\Shares\Source\Drivers MKDIR F:\Shares\Source\Applications MKDIR F:\Shares\Source\OSImages MKDIR F:\Shares\Source\OSCustomizations MKDIR F:\Shares\Source\Updates MKDIR F:\shares\source\Packages MKDIR F:\shares\source\packages\sccm_kb977384 MKDIR F:\Shares\Captures MKDIR F:\Shares\Images
- Create file shares for the following folders
- F:\Shares\Source as share name “source$”
- F:\Shares\Images as share name “images$”
- F:\Shares\Captures as share name “captures$”
- Here’s a quick script:
NET SHARE source$=F:\Shares\Source NET SHARE captures$=F:\Shares\Captures NET SHARE images$=F:\Shares\Images
- Assign the following permissions to these shares:
- Reference: SCCM Share and NTFS permissions
- Share Permissions
- Everyone: Read
- SYSTEM: Full
- SCCM Admins: Full
- NTFS Permissions
- Everyone: Read & Execute, List Folder Contents
- System: Full Control
- SCCM Admins: Full Control
- Note, to secure this further see the TechNet article “Security and Privacy for Configuration Manager 2007“. Also, you can use the “Security Configuration Wizard Template” found in the “Configuration Manager 2007 Toolkit“.
- Install Roles and Features
- Install SQL Server 2008
- Install SQL Server 2008 SP’s and CU’s
- Configure IIS Authentication
- Configure IIS WebDAV
- Configure IIS RequestFiltering
- Install WSUS
- Extend the AD Schema
- Create the Systems Management container and set permissions
- Run SCCM Prereq Checker
- Install SCCM 2007 with SP2
- Install SCCM R3 Upgrade
- Configure the SCCM Network Access Account
- Install WAIK for Windows 7
Let’s Get Started!
(1) Installing the Roles and Features
Import-Module ServerManager #Install all required SCCM features and roles Add-WindowsFeature -Name Web-Common-Http, Web-Asp-Net, Web-Net-Ext, Web-ASP, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Basic-Auth, Web-Windows-Auth, Web-IP-Security, Web-DAV-Publishing, Web-Url-Auth, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Stat-Compression, Web-Mgmt-Tools, Web-Mgmt-Compat, BITS, WDS, Desktop-Experience, RDC, NET-Framework-Core, Web-Scripting-Tools, Web-Mgmt-Service
Easy as pie.
(2-3) Install SQL 2008 with SP & CU
I’ve already written a post on installing Server 2008, so I’ll skip these instructions. See: Optimizing SQL Server 2008 Standard Installation.
(4) Configure IIS Authentication
This script is modified directly from the IIS.net authentication documentation.
@ECHO OFF ECHO Enabling Windows Authentication %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/authentication/windowsAuthentication /enabled:"True" /commit:apphost ECHO Enabling Anonymous Authentication %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:"True" /commit:apphost ECHO Disabling Basic Authentication %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/authentication/basicAuthentication /enabled:"False" /commit:apphost
(5) Configure IIS WebDAV
This script is modified directly from the guide linked at the top on part 7 page 2. There were a few small formatting errors preventing it from running out-of-box.
@ECHO OFF Echo Enabling WebDAV %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /enabled:true /commit:apphost Echo Configuring WebDAV Echo Creating and configure a WebDAV authoring rule %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoringRules /+[users='*',path='*',access='Read'] /commit:apphost Echo Allowing anonymous property queries %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /properties.allowAnonymousPropfind:true /commit:apphost Echo Allowing Custom Properties %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /properties.allowCustomProperties:false /commit:apphost Echo Allowing property queries with infinite depth %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /properties.allowInfinitePropfindDepth:true /commit:apphost Echo Allowing hidden files to be listed %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /fileSystem.allowHiddenFiles:true /commit:apphost Echo Allowing access to hidden files %windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /fileSystem.allowHiddenFiles:true /commit:apphost
(6) Configure IIS RequestFiltering
Configuring request filtering is only necessary if you’re going to be using BITS, HTTP, or HTTPS to communicate with distribution points. Since this is a single-server install it should not be necessary. Please read the microsoft provided documentation here for more information and for instructions: How to Configure Windows Server 2008 for Configuration Manager 2007 Site Systems – Request Filtering.
(7) Installing WSUS with SP2
If using the default SQL server instance, the silent install command for WSUS will be the following.
Reference: Install the WSUS 3.0 SP2 Server Software in Unattended Mode
WSUS30-KB972455-x64.exe /q CONTENT_LOCAL="0" SQLINSTANCE_NAME="%COMPUTERNAME%" CONSOLE_INSTALL="0" MU_ROLLUP="1" DEFAULT_WEBSITE="0" CREATE_DATABASE="1"
(8) Extend the AD Schema
First, read the docs and decide if you really need to extend the schema. Then, follow the guide. I always try to do the schema updates when possible.
- Decide If You Should Extend the Active Directory Schema
- How to Extend the Active Directory Schema Using ExtADSch.exe
(9) Create the Systems Management Container and Set Permissions
Reference straight from the source:
- How to Create the System Management Container in Active Directory Domain Services
- How to Set Security on the System Management Container in Active Directory Domain Services
Step 1 – Create the container in PowerShell
This will get you out of needing to launch ADSI Edit. This script was directly copied from this blog post: PowerShell: Creating the System Management Container
# Get the distinguished name of the Active Directory domain $DomainDn = ([adsi]"").distinguishedName # Build distinguished name path of the System container $SystemDn = "CN=System," + $DomainDn # Retrieve a reference to the System container using the path we just built $SysContainer = [adsi]"LDAP://$SystemDn" # Create a new object inside the System container called System Management, of type "container" $SysMgmtContainer = $SysContainer.Create("Container", "CN=System Management") # Commit the new object to the Active Directory database $SysMgmtContainer.SetInfo()
Step 2 – Apply Permissions
I have no automated process for this. From the reference link above:
- Start ADUC
- Click View -> “Advanced Features”
- Right-click the “/System/Systems Managerment” OU and click “Properties”
- Click the “Security” tab then click the “Advanced” button.
- Give the SCCM server’s account full permissions to this OU.
(10) SCCM Prerequisite Checker
- Run your SCCM install media, and choose, “Run the prerequisite checker.”
- On the “Prerequisite Options” screen, enter ‘LOCALHOST’ for the first two options, and leave the last option empty or add the FQDN of your server, then click “next”.
- Once the checker is complete, it will show configuration errors and warnings. Double-click any item to see more information. When satisfied, click “OK”.
(11) Install Configuration Manager 2007 SP2
- Restart your installation media and select “Configuration Manager 2007 SP2”. If your media does not contain SP2 slipstreamed, install it immediately after the vanilla SCCM 2007 RTM or SP1 product install.
- At the welcome screen, click “next”.
- On the screen “Available Setup Options”, choose “Install a Configuration Manager Site Server” then click “next”.
- On the screen “Microsoft Software license Terms”, accept the license then click “next”.
- On the screen “Installation Settings”, choose “Simple Settings” and click “next”.
- On the screen “Customer Experience Improvement Program Configuration” choose Yes! and click “next”.
- On the “Product Key” page, enter a product key if one is not already provided.
- On the “Site Settings” screen, enter a three-digit site code and a site name then click “next”.
- On the “Updated Prerequisite Components” screen choose, “Check for updates” then click “next”.
- One the screen “Updated Prerequisite Component Path”, choose enter “F:\sccm_downloads” then click “next”.
- Allow the downloads to complete.
- On the “Settings Summary” screen, review the settings then click “next”.
- SCCM setup will run another prerequisite check. Review the results, then click “Begin Install”.
- SCCM setup will now -actually- install the product. The screen “Setup Action Status Monitoring” will display setup progress.
- Once setup is finished, click “next”.
- On the “Completing the Microsft System Center Configuration Manager 2007 SP2 Setup Wizard”, click “Finish”.
(12) Install SCCM R3 Upgrade
Step 1- Checking the SCCM Version
- Launch the “ConfigMgr Console” from the Start Menu.
- Expand the tree: “Site Database” -> “Site Management” -> “your site name”.
- Right-click your site and choose “Properties”.
- Check the properties window for the version and “Is R2 installed?” status and refer to the table below to determine if you have the latest version.
|4.00.5931.0001||SCCM 2007 RTM|
|4.00.6221.1000||SCCM 2007 SP1|
|4.00.6487.2000||SCCM 2007 SP2|
Step 2 – Install KB977384 Hotfix
- Attempting to install SCCM 2007 R3 before installing the hotfix will result in the error message, “Microsoft System Center Configuration Manager 2007 R3 requires Configuration Manager 2007 QFE KB97”.
- Download the hotfix from the Microsoft KB977384 article.
- Run the downloaded hotfix file.
- Choose “F:\sccm_downloads” as the extraction path.
- On success, click “OK”.
- Run this command to start the hotfix installer:
start /wait msiexec /i F:\sccm_downloads\SCCM2007-SP2-KB977384-ENU.msi
- On the “Welcome” screen, click “Next”.
- On the screen “End-User License Agreement”, accept the license then click “Next”.
- On the screen “Ready to Install”, click “Install”.
- Allow the hotfix installer to copy files.
- The hotfix installer will launch a sub-installer to help create a client patch file. Select “Yes” and click “Next”.
- On the screen “Create a package and program” accept the defaults and click “next”.
- On the screen “Specify Package Source Location” enter “\\servername\source$\packages\sccm_kb977384” then click, “next”.
- On the screen showing release notes, click “Next”. If you would like to review these notes after the hotfix install, I have created a blog post named “SCCM KB977384 Install Notes” because I can’t seem to find them elsewhere.
- On the screen “Completing the Software Update”, click “Finish”.
Step 3 – Install SCCM R3
- Once the hotfix is installed, launch the SCCM R3 media and select “Configuration Manager 2007 R3”
- On the screen “Welcome”, click “next”.
- On the screen “License Agreement” accept the license and click “Next”.
- On the screen “Registration Information” enter your name, organization, and product key. The product key is typically pre-entered by setup.
- On the screen “Installation”, click “next”.
- The screen “Installation Progress” will appear. Wait for installation to complete.
- The screen “Setup Complete” should appear after just a few moments. Click “Finish”.
- Open ConfigMgr Console and check your site version again. It should now read “R3 Installed: Yes”
(13) Configure the SCCM 2007 Network Access Account
- Open ConfigMgr Console.
- Expand the tree: Site Database -> Site -> Site Settings -> Client Agents
- Double-click “Computer Client Agent” to open “Computer Client Agent Properties”
- Under the “Network Access Account” frame, click the “Set” button to open a user account selection dialog. Enter the sccm2007-naa user created at the beginning of this post in the format domain\username. Then, enter the user’s password and click “OK”.
- On the screen “Computer Client Agent Properties”, verify that the account name is correct and hit “OK”.
(14) Install WAIK for Windows 7
- I was recently informed that I neglected to mention installing WAIK for Windows 7. This is a necessary step if you want to deploy Windows 7 from SCCM.
- I don’t have screen shots, but the install was straightforward — just mount the media and install.
- How do I install clients and get them connected?
- How do I actually do anything useful with this product?
- What features should I focus on first?