8/22/2019 NSE Training on SCCM 2007
1/59
Vinodkumar Vanga
Microland Ltd
8/22/2019 NSE Training on SCCM 2007
2/59
Microsoft System Center Configuration Manager 2007(ConfigMgr) provides a comprehensive solution forchange and configuration management for theMicrosoft platform, enabling organizations to providerelevant software and updates to users quickly andcost-effectively.
8/22/2019 NSE Training on SCCM 2007
3/59
Configuration Manager 2007
provides the following features: Collecting hardware and software inventory.
Distributing and installing software applications.
Distributing and installing updates to software, for example security fixes.
Works with Windows Server 2008 operating system Network Policy Server to restrictcomputers from accessing the network if they do not meet specified requirements, forexample having certain security updates installed.
Deploying operating systems.
Specifying what a desired configuration would be for one or more computers and then
monitoring adherence to that configuration.
Metering software usage.
Remotely controlling computers to provide troubleshooting support.
8/22/2019 NSE Training on SCCM 2007
4/59
Other Information MS SCCM 2007 Certification paper 70-401
8/22/2019 NSE Training on SCCM 2007
5/59
8/22/2019 NSE Training on SCCM 2007
6/59
SCCM Components The SCCM Site
Primary Site
Secondary Site
Parent Site Child Site
Central Site
A site consists of Site Server
Site System roles
Clients
Resources
8/22/2019 NSE Training on SCCM 2007
7/59
Site SystemAsite system is any computer running a supported
version of Microsoft Windows or a shared folder thathosts one or more site system roles.
8/22/2019 NSE Training on SCCM 2007
8/59
Site System Role Description Required?
Site server
The role assigned to the server on which Configuration Manager 2007 Setup has been run
successfully. Yes. Every site must have exactly one site server role.
Site database server
The role assigned to the computer running Microsoft SQL Server and hosting the Configuration
Manager 2007 site database. You can use only Microsoft SQL Server 2005, Standard or
Enterprise Edition, to host the s ite database. SQL Server 2005 Express is not a supported
SQL Server 2005 version for hosting the site database. Every primary site requires a site database server role, but secondary sites do not require them.
Configuration Manager console Any computer running the Configuration Manager console.
No. The Configuration Manager console is automatically installed by default on primary site
servers during Setup. You can install additional Configuration Manager consoles on remote
computersfor example, the workstation of the Configuration Manager administrator.
However, some organizations write their own user interface using the Configuration Managersoftware developer kit (SDK) and never use the Configuration Manager console.
SMS Provider computer
The Configuration Manager console does not access the database directly, but instead uses
Windows Management Instrumentation (WMI) as an intermediary layer. The SMS Provider is the
WMI Provider for Configuration Manager.
Yes, for primary sites. When you install a primary site, you select which computer will host the
SMS Providerusually, it's the site s erver or the site database server.
Component server
Any computer hosting a Configuration Manager 2007 site role that requires installing special
Configuration Manager 2007 services.
The only site system role that does not require the installation of a special Configuration
Manager 2007 service is the distribution point.
Distribution point A site system role that stores packages for clients to install.
Required for the following features: software distribution, software updates, and advertised task
sequences used in operating system deployment.
Fallback status point
A site system role that gathers state messages from clients that cannot install properly, cannot
assign to a Configuration Manager 2007 site, or cannot communicate securely with their
assigned management point. Not required, but very helpful to troubleshoot issues with clients.
Management point
The site system role that serves as the primary point of contact between Configuration Manager
2007 clients and the Configuration Manager 2007 site server.
Every site with intranet clients must have one default management point, though the default
management point might be a cluster of several site s ystems configured as management points.
PXE service point
A site system role that has been configured to respond to and initiate operating system
deployments from computers whose network interface card is configured to allow PXE bootrequests. Required only for operating system deployment using PXE boot requests.
8/22/2019 NSE Training on SCCM 2007
9/59
Site System Role Description Required?
Reporting point A site system role hosts the Report Viewer component for Web-based reporting functionality.
Required only to use the reporting feature. Reports are often helpful when diagnosing client
issues.
Server locator point A site system role that locates management points for Configuration Manager 2007 clients. Required for some client deployment scenarios.
Software update point
A site system role assigned to a computer running Microsoft Windows Server Update Services
(WSUS). Required only for the software update feature.
State migration point
A site system role that stores user state data while a computer is being migrated to a new
operating system. Required for operating system deployment when migrating user state.
System Health Validator point The site system role assigned to a computer running Network Policy Service. Required only for the Configuration Manager 2007 Network Access Protection feature.
Asset Intelligence
synchronization point
A site role that is used to connect to System Center Online to manage Asset Intelligence catalog
information updates.
Required only to synchronize the local Asset Intelligence catalog with System Center Online by
Microsoft SA license customers.
Out of band service point
A site system role that discovers, provisions, and manages desktop computers that have
management controllers (such as AMT-based computers). Required only for the out of band management feature.
Reporting Services point A site system role assigned to a computer running SQL Reporting Services.
Required only if you want to use SQL Reporting Services to report Configuration Manager 2007 R2
data. Integrating Configuration Manager 2007 R2 reports with SQL Reporting Services provides a
richer reporting experience. However, the reporting point still works and does not require SQL
Reporting Services or a Reporting Services point.
Client status reporting host
system
Although the client status reporting host system site system role is not actually a site systemconfigured in the Configuration Manager console, it is a role that can be added to a client or
server computer to report back to the site server about the client computers it monitors. Required only if using the client status reporting feature.
8/22/2019 NSE Training on SCCM 2007
10/59
Types of Sites
Primary Sites : The first Configuration Manager 2007 site youinstall must be a primary site. A primary site storesConfiguration Manager 2007 data for itself and all the sitesbeneath it in a SQL Server database.
Secondary Sites :A secondary site has no ConfigurationManager 2007 site database. The secondary site forwards theinformation it gathers from Configuration Manager 2007 clients,such as computer inventory data and Configuration Manager2007 system status information, to its parent site.
The advantages of using secondary sites are that they do not
require any additional Configuration Manager 2007 serverlicense and do not incur the overhead of maintaining anadditional database.
8/22/2019 NSE Training on SCCM 2007
11/59
A parent site is a primary site that has one or moresites attached to it in the hierarchy. Only a primary sitecan have child sites. A secondary site is always a childsite. A parent site contains pertinent informationabout its lower level sites, such as computer inventorydata and Configuration Manager 2007 system statusinformation, and it can control many operations at thechild sites.
Parent Sites
8/22/2019 NSE Training on SCCM 2007
12/59
Child SitesA child site is a site that is attached to a site above it in
the hierarchy. The site it reports to is its parent site. Achild site can have only one parent site. ConfigurationManager 2007 copies all the data that is collected at achild site to its parent site. A child site is either aprimary site or a secondary site.
8/22/2019 NSE Training on SCCM 2007
13/59
Central SiteA central site has no parent site. Typically, a central site
has child and grandchild sites and aggregates all oftheir client information to provide centralizedmanagement and reporting. A site with no parent andno child site is still called a central site although it isalso referred to as a stand-alone site.
8/22/2019 NSE Training on SCCM 2007
14/59
Ports Used for SCCM 2007
8/22/2019 NSE Training on SCCM 2007
15/59
8/22/2019 NSE Training on SCCM 2007
16/59
The following features are new to ConfigurationManager 2007:
Desired configuration management
Network Access Protection for Configuration Manager
Wake On LAN
8/22/2019 NSE Training on SCCM 2007
17/59
The following features were previously available only inFeature Packs but are now incorporated into the coreproduct:
Mobile device management
Operating system deployment
Transfer site settings wizard
Manage site accounts tool (MSAC)
Asset Intelligence
8/22/2019 NSE Training on SCCM 2007
18/59
The following features have changed significantly fromSMS 2003:
Backup and recovery
Software updates
8/22/2019 NSE Training on SCCM 2007
19/59
The following features have been improved but stillfunction very much as they did in SMS 2003:
The administrator console
Collections
Software distribution
Software metering
Remote tools
8/22/2019 NSE Training on SCCM 2007
20/59
The following features either have not changed or haveminor changes:
Discovery
Inventory
Queries
Reporting
8/22/2019 NSE Training on SCCM 2007
21/59
Configuration Manager 2007 R2 Application Virtualization. For more information, About Virtual Application PackagesAbout Virtual ApplicationPackages.
Forefront Client Security Integration. For more information, seeAbout Forefront Client Security Integration withConfiguration Manager 2007 R2.
SQL Reporting Services Reporting. Allows you to report on Configuration Manager activity using SQL ReportingServices.
Client Status Reporting. Provides a set of tools and Configuration Manager 2007 reports to assess the status of clientcomputers, sometimes referred to as "client health." Clients that show a change in activity patterns might needadministrative intervention.
Operating System Deployment Enhancements. The following enhancements are included in ConfigurationManager 2007 R2:
Unknown computer supportIn Configuration Manager 2007 R2, you can deploy operating systems to computers using aPXE service point without first adding the computer to the Configuration Manager database. For more information, see
About Unknown Computer Support for Operating System Deployment.
Multicast deploymentPreviously, all operating system deployments used unicast. Multicast can make more efficient useof network bandwidth when deploying large images to several computers at the same time. For more information, see
About Multicast for Operating System Deployment.
Running command lines in task sequences with credentials other than the local system account.
8/22/2019 NSE Training on SCCM 2007
22/59
Knowing SCCM 2007
8/22/2019 NSE Training on SCCM 2007
23/59
Some Concepts / Terms The administrator console
Collections
Inventory
Queries
Reporting
Software distribution
Software updates
Software metering
Mobile Device management
Operating system deployment
Desired configuration management
Remote tools
Network Access Protection
Wake On LAN
Out of band management
8/22/2019 NSE Training on SCCM 2007
24/59
Supported Platforms
8/22/2019 NSE Training on SCCM 2007
25/59
Admin Console The Configuration Manager 2007 console is the most
common way that Configuration Manager administratorsuse Configuration Manager 2007, although some
organizations use the Software Development Kit (SDK) tobuild custom user interfaces and many administrators usescripting to manage repetitive tasks more efficiently.
You can run the console from the site server or install
additional consoles on your desktop or help deskcomputers to facilitate management. One console canmanage many sites or many consoles can manage a singlesite.
8/22/2019 NSE Training on SCCM 2007
26/59
Collections Collections represent groups of resources and can
consist not only of computers, but also of MicrosoftWindows users and user groups as well as other
discovered resources. Collections provide you with themeans to organize resources into easily manageableunits, enabling you to create an organized structurethat logically represents the kinds of tasks that you
want to perform.
Collection membership can be either direct or querybased
8/22/2019 NSE Training on SCCM 2007
27/59
Inventory hardware and software on Configuration Manager
2007 clients
Hardware inventory gives you system information(such as available disk space, processor type, andoperating system) about each computer. You canconfigure the information returned in hardwareinventory by modifying the SMS_def.mof file.Software inventory agent gives you information such asinventoried file types and versions present on clientcomputers
8/22/2019 NSE Training on SCCM 2007
28/59
Queries The query feature in Configuration Manager 2007 uses
WBEM query language (WQL) to query the sitedatabase. Query results are returned in the
Configuration Manager 2007 console, where they canbe exported using the MMC export list feature.Queries can also be used to create collections ofresources that meet the query criteria.
8/22/2019 NSE Training on SCCM 2007
29/59
Reporting Reporting is a supporting feature to many other
Configuration Manager 2007 features.
Reports are returned in Web pages in the browser.Programming is not required, but knowledge aboutcreating SQL queries is extremely helpful.
8/22/2019 NSE Training on SCCM 2007
30/59
Software distribution Software distribution allows you to push just about
anything to a client computer. Packages in softwaredistribution can contain source files to deploy software
applications and commands calledprograms that tellthe client what executable file to run.
8/22/2019 NSE Training on SCCM 2007
31/59
Software updates The software updates feature provides a set of tools
and resources that can help manage the complex taskof tracking and applying software updates to client
computers in the enterprise.
8/22/2019 NSE Training on SCCM 2007
32/59
Software metering Software metering enables you to collect and report software program usagedata. The data provided by these reports can be used by many groups withinthe organization such as IT and corporate purchasing.
Software metering in Configuration Manager 2007 supports the following
scenarios:
Identify which software applications are being used, and who is using them.
Identify the number of concurrent usages of a specified software application.
Identify actual software license requirements.
Identify redundant software application installations.
Identify unused software applications which could be relocated.
8/22/2019 NSE Training on SCCM 2007
33/59
Mobile Device management Mobile devices are supported as Configuration
Manager 2007 clients.
Mobile clients can run a subset of ConfigurationManager 2007 features such as inventory and softwaredistribution, but cannot be managed by remotecontrol and cannot receive operating systemdeployments like desktop clients.
8/22/2019 NSE Training on SCCM 2007
34/59
Operating system deployment Operating system deployment enables you to install new operating systems and softwareonto a computer.
Operating system deployment provides the following solutions for deploying operating
system images to computers:
Provide a secure operating system deployment environment.
Assist with managing the cost of deploying images by allowing one image to work with differentcomputer hardware configurations.
Assist with unifying deployment strategies to help provide a solid deployment foundation forfuture operating system deployment methods.
8/22/2019 NSE Training on SCCM 2007
35/59
Desired configuration management
Desired configuration management enables you to define configurationstandards and policies, and audit compliance throughout the enterprise againstthose defined configurations.
This feature is designed to provide data for use by many groups within theorganization, including IT and corporate security. Desired configuration
management supports the following scenarios: Detect production server configuration drift and confirm provisioned servers
meet expected build requirements.
Provide the help desk with probable cause information, reducing the time-to-resolve (TTR) of incidents and provide probable cause analysis for problems
Report compliance with regulatory policies, and in-house security policies
Provide change verification and tracking
8/22/2019 NSE Training on SCCM 2007
36/59
Remote tools Remote tools in Configuration Manager 2007 includes
the remote control feature which allows an operatorwith sufficient access rights the ability to remotely
administer client computers in the ConfigurationManager 2007 site hierarchy.
You can use remote control to troubleshoot problemson client computers and to provide remote help desksupport where access to the user's computer isnecessary.
8/22/2019 NSE Training on SCCM 2007
37/59
Network Access Protection Network Access Protection (NAP) is a policy enforcement platform
built into the Windows Vista and Windows Server 2008 operatingsystems that helps you to better protect network assets by enforcingcompliance with system health requirements. You can configure DHCP
Enforcement, VPN Enforcement, 802.1X Enforcement, IPSecEnforcement, or all four, depending on your network needs.
Network Access Protection in Configuration Manager 2007 works withWindows Network Policy Server (NPS) on Windows Server 2008, toenforce software update compliance through client remediation.Wake On LAN
8/22/2019 NSE Training on SCCM 2007
38/59
Wake On LAN The Wake On LAN feature helps to achieve a higher success rate for scheduled
Configuration Manager 2007 activities, reducing associated network trafficduring business hours, and helps organizations to conserve power by notrequiring computers to be left on for maintenance outside business hours.
Wake On LAN in Configuration Manager 2007 supports the followingscenarios:
Sending a wake-up transmission prior to the configured deadline for a
software update deployment.
Sending a wake-up transmission prior to the configured schedule of amandatory advertisement, which can be for software distribution or a tasksequence.
8/22/2019 NSE Training on SCCM 2007
39/59
Out of band management Applies only to Configuration Manager 2007 SP1
The out of band management feature in Configuration Manager 2007 SP1 provides powerful management controlfor computers that have the Intel vPro chip set and Intel Active Management Technology (Intel AMT) firmware
versions 3.2 or later.
Out of band management requires a Microsoft public key infrastructure (PKI) and supports the followingscenarios:
Powering on one or many computers (for example, for maintenance on computers outside business hours).
Powering off one or many computers (for example, the operating system stops responding).
Restarting a nonfunctioning computer or booting from a locally connected device or known good boot imagefile.
Re-imaging a computer by booting from a boot image file that is located on the network or by using a PXEserver.
Reconfiguring the BIOS settings on a selected computer (and bypassing the BIOS password if this issupported by the BIOS manufacturer).
Booting to a command-based operating system to run commands, repair utilities, or diagnostic applications(for example, upgrading the firmware or running a disk repair utility).
Configuring scheduled software update deployments and advertisements to wake up computers prior to
running.
8/22/2019 NSE Training on SCCM 2007
40/59
Site Operations Client Deployment Logs
Server Recovery ( Backup / Recovery)
Routine Maintenance Status Message
State Message
8/22/2019 NSE Training on SCCM 2007
41/59
Client Deployment Logs The Configuration Manager 2007 client logs are located in one of the following
locations:
On computers that serve as management points, the client logs are located inthe SMS_CCM\Logs folder.
On all other computers, the client log files are located in the%Windir%\System32\CCM\Logs folder or the%Windir%\SysWOW64\CCM\Logs.
8/22/2019 NSE Training on SCCM 2007
42/59
Log File Name Description
CAS Content Access service. Maintains the local package cache.
CcmExec.log Records activities of the client and the SMS Agent Host service.
CertificateMaintenance.log Maintains certificates for Active Directory directory service and management points.
ClientIDManagerStartup.log Creates and maintains the client GUID.
ClientLocation.log Site assignment tasks.
ContentTransferManager.logSchedules the Background Intelligent Transfer Service (BITS) or the Server Message Block (SMB) to download or to access SMSpackages.
DataTransferService.log Records all BITS communication for policy or package access.
Execmgr.log Records advertisements that run.
FileBITS.log Records all SMB package access tasks.
Fsinvprovider.log (renamed to FileSystemFile.log in all
SMS 2003 Service Packs) Windows Management Instrumentation (WMI) provider for software inventory and file collection.
InventoryAgent.log Creates discovery data records (DDRs) and hardware and software inventory records.
LocationServices.log Finds management points and distribution points.
Mifprovider. log The WMI provider for .MIF files.
Mtrmgr.log Monitors all software metering processes.
PolicyAgent.log Requests policies by using the Data Transfer service.
PolicyAgentProvider.log Records policy changes.
PolicyEvaluator.log Records new policy settings.
RemoteControl.log Logs when the remote control component (WUSER32) starts.
Scheduler.log Records schedule tasks for all client operations.
Smscliui.log Records usage of the Systems Management tool in Control Panel.
StatusAgent.log Logs status messages that are created by the client components.
SWMTRReportGen.log Generates a usage data report that is collected by the metering agent. (This data is logged in Mtrmgr.log.)
8/22/2019 NSE Training on SCCM 2007
43/59
Backup and Recovery The Site Repair Wizard walks you through the necessary steps to
complete the site recovery.
Like any enterprise software, your site should be backed up to providerecoverability in case of unexpected events. Backing up a ConfigurationManager 2007 site involves backing up the database, the file system,and the registry all at the same point in time - backing up just one ofthese elements is not sufficient to restore a working site. Configuration
Manager 2007 uses the Volume Shadow Copy Service (VSS) to takesmall, frequent snapshots of the necessary components, making iteasier to restore a failed site.
8/22/2019 NSE Training on SCCM 2007
44/59
Routine Maintenance Routine monitoring operations for the site consist
primarily of checking status messages, file backlogs, andkey log files. Some database tasks are automated and
configurable in the Configuration Manager console.
8/22/2019 NSE Training on SCCM 2007
45/59
Status Message Informational and success status messages indicate
that the site is performing as expected. Error andWarning status messages indicate that problems exist.
The status messages often contain troubleshootinginformation like possible causes and solutions
8/22/2019 NSE Training on SCCM 2007
46/59
State MessageWhich are different than status messages, to track the
current state of some site operations. Unlike statusmessages, there is no viewer for state messages. All
state messages are viewed using reports.
8/22/2019 NSE Training on SCCM 2007
47/59
8/22/2019 NSE Training on SCCM 2007
48/59
8/22/2019 NSE Training on SCCM 2007
49/59
8/22/2019 NSE Training on SCCM 2007
50/59
Client Deployment and Discovery
Hardware / Software InventorySoftware Metering
Remote tools
Software distributionPatch management
Reporting
8/22/2019 NSE Training on SCCM 2007
51/59
Client Deployment Configuration Manager 2007 provides several options for installing the client software.
Client Computer Installation Method Description
Software update point installation
Uses the Automatic Update configuration of a client todirect the client computer to a WSUS computerconfigured as a Configuration Manager 2007 softwareupdate point. The client computer installs theConfiguration Manager 2007 client software as thoughit was a software update.
Client push installation
Uses an account with administrative rights to accessthe client computers and install the ConfigurationManager 2007 client software. This method requiresFile and Print sharing and the related ports to beenabled on the client computer.
Manual client installation
A user with administrative rights can install the clientsoftware by running CCMSetup on the client computer.A variety of switches modify the installation options.
Group Policy installationUses Group Policy software installation to installCCMSetup.msi.
Imaging
The client software can be added to an image,including images created and deployed withConfiguration Manager 2007 operating systemdeployment.
Software DistributionExisting clients can be upgraded or redeployed usingConfiguration Manager 2007 software distribution.
8/22/2019 NSE Training on SCCM 2007
52/59
Discovery Methods
Adding clients and resources to the site
Discovery Methods
Six methods of discovery are available in Configuration Manager 2007:
Network Discovery
Heartbeat Discovery
Active Directory System Group Discovery
Active Directory Security Group Discovery
Active Directory System Discovery Active Directory User Discovery
8/22/2019 NSE Training on SCCM 2007
53/59
Network Discovery as it's the most generalized form of discovery. It allows
Configuration Manager 2007 to perform a broadsearch of your network by checking the DHCP leases,
looking at routers' Address Resolution Protocol (ARP)caches, or looking for SNMP)-enabled devices in acommunity. Because of the broad spectrum ofresources connected to your network, network
discovery is also likely to find resources such asprinters that are not capable of becomingConfiguration Manager 2007 clients.
8/22/2019 NSE Training on SCCM 2007
54/59
Heartbeat Discovery Configuration Manager 2007 also uses HeartbeatDiscovery, but instead of it being used to create newdatabase records, it is used to keep existing records up
to date. Heartbeat Discovery is the only configurablediscovery method that is automatically enabled whenConfiguration Manager 2007 is installed.
Heartbeat Discovery updates existing DDRs ratherthan creating new ones. By default, it generates anupdated DDR for each client every seven days,although this timing is configurable.
8/22/2019 NSE Training on SCCM 2007
55/59
Heartbeat Discovery Process Heartbeat Discovery runs on installed Configuration
Manager clients according to the schedule you specify.With this method enabled, the Client Component
Installation Manager (CCIM) on the client causes theCliex32.dll to generate a DDR, which is then written tothe management point. This file is the same size as anormal DDR (approximately 1 KB per client), and so it
will generate approximately the same network traffic.
8/22/2019 NSE Training on SCCM 2007
56/59
Active Directory based Discovery Configuration Manager 2007 can also communicate
with Active Directory to locate resources such ascomputer accounts, user accounts, system groups, and
security groups already existing in your accountsdatabase.
8/22/2019 NSE Training on SCCM 2007
57/59
DDR RecordAs Configuration Manager 2007 discovers resources, it
creates records in the Configuration Managerdatabase. This record is called a data discovery record(DDR) and the file generated has a .DDR extension.
include data such as the NetBIOS name of a computer,IP address and IP subnet of a computer or device,operating system, MAC address, and so on.
Depending on the discovery method used, resourceDDRs are periodically regenerated to keep thediscovery data up to date
8/22/2019 NSE Training on SCCM 2007
58/59
OS deployment
8/22/2019 NSE Training on SCCM 2007
59/59
Desired Configuration Management
Network Access ProtectionGeneral Guidelines
Troubleshooting guidelinesSCCM Backup and Recovery
Questions and Answers
Top Related