SCCM 2007 Single-Server Install Process (part 1)

Update – 01/11/12: Added WAIK installation notes and download link.
Update – 01/12/12: Updated WSUS install script to not store content locally.
Update – 01/13/12: Fixed scripts – changed " to “.

I found an excellent guide to installing SCCM 2007; but wanted to re-blog my own experience of installation and getting things ready for Windows 7 Operating System Deployment. Please understand that I’m sure I’ve done things wrong and would -love- your help with shortening this process through automation and scripting, better understandings and explanations, corrections, etc. Leave a comment and I’ll reply and edit the post as best I can. I’ll promise to add credit\links as appropriate.

The scope of this blog post is installation-only. Configuration information will be found in a follow-up post.

The guide?  Ahmed Group: Step by step guide installing SCCM 2007 Part 1

Prereqs (Environment)

  • Active Directory Environment
  • An IP Address with DNS entry for the SCCM server
  • DHCP Server
  • A blank Windows Server 2008 R2 VM

Prereqs – Install Media and Downloads


  • Create a domain group called “SCCM Admins” and add your user account to this group. Make this domain group a member of the server’s local administrators group.
  • Create a domain account and add it to the “SCCM Admins” group. I also added it to the “Domain Admins” group during SCCM testing as a shortcut. This is not the best practice. It must have local admin on the SCCM server and your clients.
    • sccm2007-naa
  • Create 3 extra volumes on your VM’s
    • D: – SQL Data
    • E: – SQL Logs
    • F: – Shares
  • Create the following folder structure on the F: shares volume
    • F:\sccm_downloads
    • F:\Shares
    • F:\Shares\Source
    • F:\Shares\Source\Drivers
    • F:\Shares\Source\Applications
    • F:\Shares\Source\OSImages
    • F:\Shares\Source\OSCustomizations
    • F:\Shares\Source\Updates
    • F:\shares\source\Packages
    • F:\shares\source\packages\sccm_kb977384
    • F:\Shares\Captures
    • F:\Shares\Images
    • Here’s a quick script:
      MKDIR F:\sccm_downloads
      MKDIR F:\Shares
      MKDIR F:\Shares\Source
      MKDIR F:\Shares\Source\Drivers
      MKDIR F:\Shares\Source\Applications
      MKDIR F:\Shares\Source\OSImages
      MKDIR F:\Shares\Source\OSCustomizations
      MKDIR F:\Shares\Source\Updates
      MKDIR F:\shares\source\Packages
      MKDIR F:\shares\source\packages\sccm_kb977384
      MKDIR F:\Shares\Captures
      MKDIR F:\Shares\Images
  • Create file shares for the following folders
    • F:\Shares\Source as share name “source$”
    • F:\Shares\Images as share name “images$”
    • F:\Shares\Captures as share name “captures$”
    • Here’s a quick script:
      NET SHARE source$=F:\Shares\Source
      NET SHARE captures$=F:\Shares\Captures
      NET SHARE images$=F:\Shares\Images
  • Assign the following permissions to these shares:
    • Reference: SCCM Share and NTFS permissions
    • Share Permissions
      • Everyone: Read
      • SYSTEM: Full
      • SCCM Admins: Full
    • NTFS Permissions
      • Everyone: Read & Execute, List Folder Contents
      • System: Full Control
      • SCCM Admins: Full Control
  • Note, to secure this further see the TechNet article “Security and Privacy for Configuration Manager 2007“. Also, you can use the “Security Configuration Wizard Template” found in the “Configuration Manager 2007 Toolkit“.


  1. Install Roles and Features
  2. Install SQL Server 2008
  3. Install SQL Server 2008 SP’s and CU’s
  4. Configure IIS Authentication
  5. Configure IIS WebDAV
  6. Configure IIS RequestFiltering
  7. Install WSUS
  8. Extend the AD Schema
  9. Create the Systems Management container and set permissions
  10. Run SCCM Prereq Checker
  11. Install SCCM 2007 with SP2
  12. Install SCCM R3 Upgrade
  13. Configure the SCCM Network Access Account
  14. Install WAIK for Windows 7

Let’s Get Started!

(1) Installing the Roles and Features

Here’s a PowerShell script to install the needed roles and features:
Import-Module ServerManager
#Install all required SCCM features and roles
Add-WindowsFeature -Name Web-Common-Http, Web-Asp-Net, Web-Net-Ext, Web-ASP, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Basic-Auth, Web-Windows-Auth, Web-IP-Security, Web-DAV-Publishing, Web-Url-Auth, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Stat-Compression, Web-Mgmt-Tools, Web-Mgmt-Compat, BITS, WDS, Desktop-Experience, RDC, NET-Framework-Core, Web-Scripting-Tools, Web-Mgmt-Service

Easy as pie.

(2-3) Install SQL 2008 with SP & CU

I’ve already written a post on installing Server 2008, so I’ll skip these instructions. See: Optimizing SQL Server 2008 Standard Installation.

(4) Configure IIS Authentication

This script is modified directly from the authentication documentation.

ECHO Enabling Windows Authentication
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/authentication/windowsAuthentication /enabled:"True" /commit:apphost
ECHO Enabling Anonymous Authentication
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/authentication/anonymousAuthentication /enabled:"True" /commit:apphost
ECHO Disabling Basic Authentication
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site" -section:system.webServer/security/authentication/basicAuthentication /enabled:"False" /commit:apphost

(5) Configure IIS WebDAV

This script is modified directly from the guide linked at the top on part 7 page 2. There were a few small formatting errors preventing it from running out-of-box.

Echo Enabling WebDAV
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /enabled:true /commit:apphost
Echo Configuring WebDAV
Echo Creating and configure a WebDAV authoring rule
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoringRules /+[users='*',path='*',access='Read'] /commit:apphost
Echo Allowing anonymous property queries
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /properties.allowAnonymousPropfind:true /commit:apphost
 Echo Allowing Custom Properties
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /properties.allowCustomProperties:false /commit:apphost
 Echo Allowing property queries with infinite depth
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /properties.allowInfinitePropfindDepth:true /commit:apphost
Echo Allowing hidden files to be listed
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /fileSystem.allowHiddenFiles:true /commit:apphost
Echo Allowing access to hidden files
%windir%\system32\inetsrv\appcmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /fileSystem.allowHiddenFiles:true /commit:apphost

(6) Configure IIS RequestFiltering

Configuring request filtering is only necessary if you’re going to be using BITS, HTTP, or HTTPS to communicate with distribution points. Since this is a single-server install it should not be necessary. Please read the microsoft provided documentation here for more information and for instructions: How to Configure Windows Server 2008 for Configuration Manager 2007 Site Systems – Request Filtering.

(7) Installing WSUS with SP2

If using the default SQL server instance, the silent install command for WSUS will be the following.
Reference: Install the WSUS 3.0 SP2 Server Software in Unattended Mode


(8) Extend the AD Schema

First, read the docs and decide if you really need to extend the schema. Then, follow the guide. I always try to do the schema updates when possible.


(9) Create the Systems Management Container and Set Permissions

Reference straight from the source:

Step 1 – Create the container in PowerShell

This will get you out of needing to launch ADSI Edit. This script was directly copied from this blog post: PowerShell: Creating the System Management Container

# Get the distinguished name of the Active Directory domain
$DomainDn = ([adsi]"").distinguishedName
# Build distinguished name path of the System container
$SystemDn = "CN=System," + $DomainDn
# Retrieve a reference to the System container using the path we just built
$SysContainer = [adsi]"LDAP://$SystemDn"
# Create a new object inside the System container called System Management, of type "container"
$SysMgmtContainer = $SysContainer.Create("Container", "CN=System Management")
# Commit the new object to the Active Directory database

Step 2 – Apply Permissions

I have no automated process for this. From the reference link above:

  1. Start ADUC
  2. Click View -> “Advanced Features”
  3. Right-click the “/System/Systems Managerment” OU and click “Properties”
  4. Click the “Security” tab then click the “Advanced” button.
  5. Give the SCCM server’s account full permissions to this OU.

(10) SCCM Prerequisite Checker

  1. Run your SCCM install media, and choose, “Run the prerequisite checker.”
  2. On the “Prerequisite Options” screen, enter ‘LOCALHOST’ for the first two options, and leave the last option empty or add the FQDN of your server, then click “next”.
  3. Once the checker is complete, it will show configuration errors and warnings. Double-click any item to see more information. When satisfied, click “OK”.

(11) Install Configuration Manager 2007 SP2

  1. Restart your installation media and select “Configuration Manager 2007 SP2”. If your media does not contain SP2 slipstreamed, install it immediately after the vanilla SCCM 2007 RTM or SP1 product install.
  2. At the welcome screen, click “next”.
  3. On the screen “Available Setup Options”, choose “Install a Configuration Manager Site Server” then click “next”.
  4. On the screen “Microsoft Software license Terms”, accept the license then click “next”.
  5. On the screen “Installation Settings”, choose “Simple Settings” and click “next”.
  6. On the screen “Customer Experience Improvement Program Configuration” choose Yes! and click “next”.
  7. On the “Product Key” page, enter a product key if one is not already provided.
  8. On the “Site Settings” screen, enter a three-digit site code and a site name then click “next”.
  9. On the “Updated Prerequisite Components” screen choose, “Check for updates” then click “next”.
  10. One the screen “Updated Prerequisite Component Path”, choose enter “F:\sccm_downloads” then click “next”.
  11. Allow the downloads to complete.

  12. On the “Settings Summary” screen, review the settings then click “next”.
  13. SCCM setup will run another  prerequisite check. Review the results, then click “Begin Install”.
  14. SCCM setup will now -actually- install the product. The screen “Setup Action Status Monitoring”  will display setup progress.
  15. Once setup is finished, click “next”.
  16. On the “Completing the Microsft System Center Configuration Manager 2007 SP2 Setup Wizard”, click “Finish”.

(12) Install SCCM R3 Upgrade

Before installing the SCCM R3 Upgrade, check your version from the SCCM Console.

Step 1- Checking the SCCM Version

  1. Launch the “ConfigMgr Console” from the Start Menu.
  2. Expand the tree: “Site Database” -> “Site Management” -> “your site name”.
  3. Right-click your site and choose “Properties”.
  4. Check the properties window for the version and “Is R2 installed?” status and refer to the table below to determine if you have the latest version.
4.00.5931.0001 SCCM 2007 RTM
4.00.6221.1000 SCCM 2007 SP1
4.00.6487.2000 SCCM 2007 SP2

Step 2 – Install KB977384 Hotfix

  1. Attempting to install SCCM 2007 R3 before installing the hotfix will result in the error message, “Microsoft System Center Configuration Manager 2007 R3 requires Configuration Manager 2007 QFE KB97”.
  2. Download the hotfix from the Microsoft KB977384 article.
  3. Run the downloaded hotfix file.
  4. Choose “F:\sccm_downloads” as the extraction path.
  5. On success, click “OK”.
  6. Run this command to start the hotfix installer:
    start /wait msiexec /i F:\sccm_downloads\SCCM2007-SP2-KB977384-ENU.msi
  7. On the “Welcome” screen, click “Next”.
  8. On the screen  “End-User License Agreement”, accept the license then click “Next”.
  9. On the screen “Ready to Install”, click “Install”.
  10. Allow the hotfix installer to copy files.
  11. The hotfix installer will launch a sub-installer to help create a client patch file. Select “Yes” and click “Next”.
  12. On the screen “Create a package and program” accept the defaults and click “next”.
  13. On the screen “Specify Package Source Location” enter “\\servername\source$\packages\sccm_kb977384” then click, “next”.
  14. On the screen showing release notes, click “Next”. If you would like to review these notes after the hotfix install, I have created a blog post named “SCCM KB977384 Install Notes” because I can’t seem to find them elsewhere.
  15. On the screen “Completing the Software Update”, click “Finish”.

Step 3 – Install SCCM R3

  1. Once the hotfix is installed, launch the SCCM R3 media and select “Configuration Manager 2007 R3”
  2. On the screen “Welcome”, click “next”.
  3. On the screen “License Agreement” accept the license and click “Next”.
  4. On the screen “Registration Information” enter your name, organization, and product key. The product key is typically pre-entered by setup.
  5. On the screen “Installation”, click “next”.
  6. The screen “Installation Progress” will appear. Wait for installation to complete.
  7. The screen “Setup Complete” should appear after just a few moments. Click “Finish”.
  8. Open ConfigMgr Console and check your site version again. It should now read “R3 Installed: Yes”

(13) Configure the SCCM 2007 Network Access Account

  1. Open ConfigMgr Console.
  2. Expand the tree: Site Database -> Site -> Site Settings -> Client Agents
  3. Double-click “Computer Client Agent” to open “Computer Client Agent Properties”
  4. Under the “Network Access Account” frame, click  the “Set” button to open a user account selection dialog. Enter the sccm2007-naa user created at the beginning of this post in the format domain\username. Then, enter the user’s password and click “OK”.
  5. On the screen “Computer Client Agent Properties”, verify that the account name is correct and hit “OK”.

(14) Install WAIK for Windows 7

  • I was recently informed that I neglected to mention installing WAIK for Windows 7. This is a necessary step if you want to deploy Windows 7 from SCCM.
  • I don’t have screen shots, but the install was straightforward — just mount the media and install.
Congratulations! SCCM 2007 is now installed. This will leave you with a few questions:
  • How do I install clients and get them connected?
  • How do I actually do anything useful with this product?
  • What features should I focus on first?
I will attempt to satisfactorily answer these in upcoming blog posts. Look here soon for how to configure SCCM 2007 for PXE-Based Windows 7 Operating System Deployment!

4 thoughts on “SCCM 2007 Single-Server Install Process (part 1)

  1. Pingback: SCCM 2007 – Microsoft Software Updates (part 1) « windowsmasher

  2. Greetings,

    Thanks for sharing your adventures on your blog, I have been following along and wanted to share some details\links for building a SCCM 2007 system with a remote SQL configuration.

    SQL Server 2005 SP3 Note – If the following is true:

    – The SQL Server used by SCCM is running as a user other than Local System. That is, the SQL Server is running using a low-rights domain user account.

    – You must register a Service Principal Name (SPN) for the SQL Server service account (when the local system account will not be used) to allow clients to identify and authenticate the service using Kerberos authentication.

    How to Install Configuration Manager Using a Remote SQL Server

    Appendix B: Configure Remote SQL for WSUS

  3. Pingback: Table of Contents | windowsmasher

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s