Author: NetworkAdminKB.com
Created: 2010-02-23
Modified: 2011-07-23
In this guide we will walk through installing SCCM 2007 SP1/SP2 and SCCM 2007 R2 in your current Active Directory 2003 or 2008 domain. Installing SCCM can take a fair amount of planning, and therefore it can be a little overwhelming. This guide will provide a basic design plan that should work in most environments and provide very good performance in most situations.
Optional but recommended
1) Install the SCCM Schema Extensions
a. Log on to the Schema Master domain controller with a user that is a member of the Schema Admins group
b. From the SCCM 2007 SP1/SP2 DVD run the following
i. \SsmsSetup\Bin\i386\extadsch.exe
c. Verify that the schema extension was installed successful by reviewing the extadsch.log located in the root of the system drive.
…
<02-18-2010 14:47:20> Successfully extended the Active Directory schema.
2) See Best Practices to prepare for Schema Extension installation for more information.
Requirements:
If considering separate servers for different SCCM function please note that the SQL Server, SMS Provider, and SCCM Site Server must all be in installed on servers in the same domain.
Prerequisites for Installing Configuration Manager
Assumptions:
In this document we will assume the following:
- A single server for most roles and functions required for SCCM 2007 R2
- WSUS is the only exception, see below.
- Separate drives for the OS, SQL Data, SQL Logs, SQL Backup, SCCM / WSUS Installation
- Windows 2008 R2 Server OS will be used
- See Windows 2008 R2 Setup notes below
- SQL Server 2005 SP3 already installed
- Windows Authentication is recommended
- Default Instance
- Reporting Services are installed (required for the SCCM Reporting Point).
- Dictionary order, case-insensitive, for use with 1252 Character Set.
- Install the default configuration for Report Server
- Visual Studio 2005 SP1 Installed
- WSUS 3.0 SP1 installed on same server or different server
- Must be a new installation
- If WSUS is installed on a separate server, then the WSUS administration console must be installed on the SCCM server.
- SCCM will be installed in Mixed Mode
- BITS Enabled Distribution Point will be used
- Differential Compression will be used
- Windows Update has been used to install the latest updates on the SCCM server.
- An internet connection is available to download SCCM updates as needed during installation.
Active Directory Security Requirements
The first SCCM primary site server needs access to the computer domain’s System container during the installation to create a sub container called System Management. Once this container is created, all other SCCM servers (primary, secondary, and distribution points, and roles) will need to be able to Read, Write, Create, and Delete objects in the System Management container only.
In general to achieve this security requirement you should do the following.
1) Manually create the System Management container before the installation of SCCM for the first time.
a. You must use ADSIEdit.mmc to create the System Management container
b. Using Active Directory Users and Computers
i. Create a group to assign permissions.
1. Place the SCCM server(s) into this group, to make future changes / additional servers easy.
2. Full Control is not needed, only Read, Write, Create All Child Objects and Delete All Child Objects are needed.
ii. When assigning permissions you must click the Advance button and in the Apply onto list, select This object and all child objects.
c. Reboot the server for the change to take effect.
d. Add any future SCCM computers to this group.
2) Verify the SCCM Server Security Token contains the updated group membership
a. On the SCCM server run the following command
Gpresult /H report.htm
i. View Report.htm in Internet Explorer
ii. Look for the domain group the assigned permission in AD.
b. Important: A Global Group must be used if the Domain is Mixed Mode, otherwise a Domain Local group can be used.
3) More information:
a. About the Local System Account/Computer$ in Configuration Manager
b. How to Create the System Management Container in Active Directory Domain Services
c. How to Set Security on the System Management Container in Active Directory Domain Services
Windows 2008 R2 Setup
1) Follow the follow documentation from Microsoft.
How to Configure Windows Server 2008 for SCCM
2) Note the following changes
a. When installing IIS 7.5 for Windows Server 2008 R2
i. Include the WebDAV Publishing feature
ii. Include ASP
iii. Include IIS Management Scripts and Tools
b. ApplicationHost.config
i. Suggested files extensions to enable? None
SCCM 2007 SP1 (or SP2) Installation
1) Logon to the computer that will be the SCCM central/primary site server
a. User should be a local Administrator
b. Note: The computer account needs access to the Domain, so a Domain Administrator account is not needed.
2) Insert the SCCM 2007 SP1 DVD
a. Or launch splash.hta from the DVD
3) Run the Prerequisite Checker
a. Select Primary Site
i. SQL Server: LOCALHOST
ii. SDK Server (aka SMS Provider): LOCALHOST
iii. Management Point: servername.domain.com
iv. Click OK
b. Ignore the following Warnings if present
i. Schema Extensions
1. You did not install the Schema Extensions, or the version is not up to date, or the installation account you are using does not have access to read Active Directory information. This warning can be ignored, but it is recommended to install the newest version of the schema extensions.
ii. .NET update for Configuration Manager (Software Updates)
1. Directs you to this link: http://go.microsoft.com/fwlink/?LinkId=98350.
iii. SQL Server Security mode
1. You installed SQL with Mixed Mode authentication. You can safely ignore.
iv. WSUS SDK on site server
1. This warning assumes WSUS is installed to a remote server, thus the WSUS administration console needs to be installed on the SCCM server.
2. WSUS is not needed until you add the software updates role to SCCM.
v. Setup Prerequisite Checks
c. Determine cause of any errors and resolve.
d. Determine if any warnings need to be addressed. Resolve as needed or ignore.
e. Click OK to close
4) Launch splash.hta from the DVD
a. It closed automatically when you launched the Prerequisite Checker
5) Run the Configuration Manager SP1 (or SP2) installation
a. Welcome Message
i. Click Next
b. Available Setup Options
i. Accept Default
1. Install a Configuration Manager site server
ii. Click Next
c. License Agreement
i. Accept license agreement
ii. Click Next
d. Installation Settings
i. Select Custom Settings
ii. Click Next
e. Site Type
i. Select Primary Site
ii. Click Next
f. Customer Experience
i. Select NO
ii. Click Next
g. Product Key
i. Enter Product Key
ii. Click Next
h. Destination Folder
i. Change destination drive letter as required for you server.
1. Best Practice: do not install the C: drive or a drive SQL server is using.
ii. Click Next
i. Site Settings
i. Site Code: enter a 3 letter code to indicate the current site.
ii. Site Name: type a friendly name for the current site.
iii. Click Next
j. Site Mode
i. Select Configuration Manager Mixed Mode
ii. Click Next
k. Client Agent Selection
i. Recommendation: Accept Defaults
ii. Note: No client agents are enabled by default, at this point you are just installing them.
iii. Click Next
l. Database Server
i. SQL Server and instance: SERVERNAME
ii. ConfigMgr site database: Accept default or change as needed.
iii. Click Next
m. SMS Provider Location
i. Installation Location: Accept the default of the local servername
ii. Click Next
n. Management Point
i. Select Install a management point
1. Accept the defaults:
a. The FQDN of the local server.
b. Do not change this setting. A DNS alias cannot be used here.
2. Click Next
o. Port Settings
i. Accept Defaults
1. Use default port (80)
ii. Click Next
p. Updated Components
i. Accept Default
1. Check for updates and download to an alternate path
ii. Click Next
q. Updated Components Path
i. Alternate Path: Specify a local drive and folder or a remote UNC path
ii. Click Next
r. Downloading updates
i. Updates will download if an internet connection is found
ii. Approximately 89 downloads
iii. Wait until they are completed.
s. Summary
i. Review Summary
ii. Click Next
t. Prerequisite Checker Runs
i. Review warnings, correct as needed, then continue.
ii. Click Begin Install
6) Wait as the installation takes place.
7) Summary Page
a. Click Finish
Verify Installation Health
1) Verify System Management container in AD was updated
2) Launch SCCM Console and verify installation
a. Check the following, verify no errors.
i. Component Status
ii. Site System
Install SCCM R2
1) Insert the SCCM 2007 R2 DVD
a. Or launch splash.hta from the DVD
2) Welcome Screen
a. Click Next
3) License Agreement
a. Accept
b. Click Next
4) Registration Information
a. Type information in
b. Enter License Key as required
c. Click Next
5) Installation
a. Click Next to start the install
6) Setup Complete
a. Click Finish
Configure Additional Administrators
1) Create a group in the domain
a. Example: SCCM Admins
b. Best Practice: Use a domain local group (assumes Native Mode or higher domain).
c. Add users to the group.
2) On the SCCM Server launch ConfigMgr Console
a. Expand Site Database…Security Rights
b. Right Click Users
c. Select Manage ConfigMgr Users
d. Welcome Screen
i. Click Next
e. User Name
i. Select Add a new user
ii. Click Browse and enter the Group name you previously created.
iii. Click Next
f. Copy Right
i. Select Copy rights from an existing ConfigMgr user or user group.
ii. Click Next
g. Copy Right – select source user
i. Source User: Select the user that installed SCCM.
1. The rights the selected user has are listed below.
ii. Click Next
h. User Rights
i. Accept Defaults
1. The listed rights are sufficient
ii. Click Next
i. Summary
i. Review
ii. Click Next
j. Confirmation
i. Review the message for Success
ii. Click Close
3) Have a new admin log into the server and launch ConfigMgr Console
a. If needed grant Remote Desktop access to the server for non-administrators.
Client Push Installation user
To remotely push the SCCM agent to workstations and servers you must configure the Client Push Installation user id. The user needs to be a local administrator on every server or workstation that you will push the agent too. More than one ID can be specified.
Double click the Client Push Installation under Client Installation Methods. Enter one or more user id as needed.
Article ID: 25, Created On: 9/16/2011, Modified: 9/16/2011