Before we go any further, let's consider the versions of Configuration Manager you can use to deploy Windows 7:
Configuration Manager 2007/2007 R2 with Service Pack 2
This provides support
for Windows Server 2008 R2 and Windows 7. You can install Configuration
Manager 2007 and undergo the process of deploying Service Pack 2.
Alternatively, you can install from slip-streamed media that deploys
ConfigMgr 2007 and Service Pack 2 in one sweep.
We are going to
install Configuration Manager 2007 with Service Pack 2 with
Configuration Manager 2007 R2 in our lab onto the server DeploySrv. The
lab network consists of an Active Directory domain controller called DC
in the domain deploy.com,
the deployment server called DeploySrv, some Windows XP virtual
machines, and a blank virtual machine that we can deploy Windows 7 to.
DHCP is enabled and configured for the lab network on the domain
controller—which is required to provide a network configuration to any
machine booting up with the Windows PE client.
|
Configuration Manager 2007 R3 was still an unfinished product as of this writing.
The newest release of
ConfigMgr focuses mainly on power management. It allows the application
of power-saving policies and reporting on the savings.
There is one new feature
that will be beneficial in operating system deployment. Prestaged media
support allows you to create an OSD when new PCs are going to be
prepared by resellers or OEMs. When the new PC is delivered, it will
boot up into the Windows PE client, connect to the network, and initiate
the deployment.
|
The requirements for
ConfigMgr are long and complex, and change depending on the architecture
you decide on. It is best that you refer to the Microsoft site with all
of the relevant information at http://technet.microsoft.com/en-us/1ibrary/bb680717.aspx.
As you saw with WDS, you should have a second volume for storing data.
Our DeploySrv has a D: drive. You will need Internet access for a fully
functional ConfigMgr installation to download various updates, as you
will see as you read on.
We'll now move on with an
actual installation of the product. Your first steps will be to prepare
the environment. There is a deep integration with Active Directory, and
you should configure this before you install Configuration Manager.
1. Prepare for a ConfigMgr Installation
A significant amount of work is
required before you even start to install ConfigMgr. Prerequisites in
the Active Directory forest and domain must be configured, and the
server must be prepared.
1.1. Prepare Active Directory
A container will be created
in Active Directory to contain information that will help ConfigMgr
clients find the management point for their site. The contents of this
container will be populated by ConfigMgr site servers. You'll want to
ensure that write access is controlled, and this requires a security
group. Take the following steps:
Create
a security group in Active Directory to contain the computer accounts
of all your planned ConfigMgr site servers. The name of this group in
our lab will be ConfigMgrSiteServers but you should name your group according to your organization's naming standards.
Be sure to add the computer accounts for your site servers into the group.
Reboot the servers to pick up the new group membership (once the local domain controllers have replicated).
The next few steps will require domain administrator rights for your domain.
You will use ADSI Edit (ADSIedit.msc) to create the container. Navigate into System and create a new container object called System Management.
You now need to grant the site servers full control access rights to the new System Management container.
Right-click on System Management to access the properties of the container. Select the Security tab.
Click the Add button and add the ConfigMgrSiteServers group.
Grant that group Full Control rights to the container. You will end up with something similar to Figure 1.
Edit the entry for ConfigMgrSiteServers in the Advanced view to ensure the permissions apply to this object and all descendent objects.
The
final step in the Active Directory preparation is to extend the schema.
This will allow you to create ConfigMgr-specific objects in the Active
Directory forest. This task will require Schema Admins group membership
in the root domain of the forest.
|
The schema extension is highly
tested and we've yet to hear of a problem with the process or results.
But you might want to do a few things just in case. You could
temporarily power down a domain controller before the schema extension.
If there is a problem, then you at least have a copy of your domain
before the new objects were added. However, the ConfigMgr schema
extension is quite small and is unlikely to cause a problem.
You should also try to do this
extension process from a computer that is located physically close to
the Schema Master FSMO role holder in the Active Directory forest.
|
Extending the schema is pretty simple. All you have to do is run the Extadsch.exe utility in \SMSSetup\Bin\i386\ from the ConfigMgr 2007 with SP2 installation media. You should end up with a result like the one shown in Figure 2.
You will require some Active Directory user accounts. Create these on your domain controller:
ConfigMgrJoin
This is an account
that will have rights to create computer accounts in the OU where you
normally store those Active Directory objects. You can use it to
automatically join new computers to the domain.
ConfigMgrSvc
You will require at least
one user account that will have local administrator rights on the
computers that you wish to manage using ConfigMgr. Initially, it will be
used to deploy the ConfigMgr client from a central location. You can
grant it local administrator rights using the Restricted Groups feature
of Group Policy.
ConfigMgrNW
Some operations in
ConfigMgr require that a client provide domain credentials to access
network resources. This account can be used for those operations.
Create any OUs that you need to store any computer accounts. Ensure that the ConfigMgrJoin
user account has the required rights. To start with, these two advanced
permissions are required on the OU (This Object And All Descendent
Objects):
Create Computer Objects
Delete Computer Objects
You also need to grant some advanced permissions to ConfigMgrJoin on the OU(s). Set the following to Allow For The Descendent Computer Objects:
You're now ready to
start preparing your very first ConfigMgr site server. There are a
number of things you need to do to it before you install ConfigMgr.
1.2. Prepare the ConfigMgr Site Server
You should install a server
operating system on your site server. This OS can be either a 32-bit or a
64-bit operating system. We recommend a 64-bit operating system to
future-proof the installation. Our example server, DeploySrv, is set up
with Windows Server 2008 R2.
The next step is to install SQL
Server. For this example, we are installing SQL Server 2008 and Service
Pack 1 onto the site server. Once the installation of both the server
and service pack is complete, you will need to make one change to the
standard configuration: Named pipes must be enabled in SQL. You can do
so using the SQL Server Configuration Manager.
From that point, take the following steps:
Launch the SQL Server Configuration Manager from Configuration Tools in the Microsoft SQL Server 2008 program group.
Navigate into SQL Server Network Configuration and expand Protocols for MSSQLSERVER.
Right-click
on Named Pipes and select Enable. You are informed that the SQL
services will need to be restarted in order to pick up this new
configuration change. Make sure you coordinate with other administrators
before doing the restart if this machine is monitored or if this SQL
instance is used by other applications. You should end up with the setup
shown in Figure 3.
|
You should read Mastering Microsoft Windows Server 2008 R2 (Sybex, 2010) if you wish to learn more about installing or configuring Windows Server 2008 or Windows Server 2008 R2.
Server Manager is used to add
roles and features. For example, Windows Server Update Services (WSUS)
3.0 can be enabled and installed as a role on Windows Server 2008 R2
using Server Manager. IIS can be enabled and installed as a role on
Windows Server 2008 or Windows Server 2008 R2.
|
Install IIS. This is a mandatory requirement. You will also use Server Manager to enable this role.
A
few additional pieces will be needed. A handy tip from Microsoft is to
install IIS by enabling the BITS Server Extensions feature. BITS is a
requirement and it subsequently requires IIS.
Choose to add the Remote Differential Compression features.
The
Add Features Wizard will ask if you want to customize the IIS role
installation. Add the following IIS role services and any dependencies:
Common HTTP Features\WebDAV Publishing
Application Development\ASP.NET
Application Development\ASP
Security\Windows Authentication
Management Tools\IIS 6 Management Compatibility\IIS 6 Metabase Compatibility
Management Tools\IIS 6 Management Compatibility\IIS 6 WMI Compatibility
The
last role service, WebDAV, is not included with Windows Server 2008;
you must download it from the official Microsoft IIS site at www.iis.net/download/webdav.
Next,
WebDAV must be configured with an authoring rule to enable your
ConfigMgr clients to use it. Open the IIS Manager from Administrative
Tools. Navigate into the Default Web Site in the left navigation pane
and enter the WebDav Authoring Rules in the center contents pane.
Click Enable WebDAV in the Actions pane. It will be disabled by default.
Click Add Authoring Rule in the Actions pane. Allow all users to have read access to all content, as shown in Figure 4.
You
also need to set up how WebDAV will behave. Do this by clicking on
WebDAV Settings in the Actions pane. You should configure the following
settings:
Set Property Behavior\Allow Anonymous Property Queries to True
Set Property Behavior\Allow Custom Properties to False
Set Property Behavior\Allow Property Queries With Infinite Depth to True
If
you plan on enabling BITS on this distribution point (which you
probably will in order to optimize how clients connect and download
content), set WebDAV Behavior\Allow Hidden Files To Be Listed to True.
You can see the final configuration in Figure 5.
ConfigMgr will use components of WDS, so install this role.
When it is installed, launch the WDS console and configure the server to use D:\RemoteInstall
as the Remote Installation Folder Location. Accept all the default
settings in the Windows Deployment Services Configuration Wizard. At the
end, do not add any images to the server.
It
is likely that you will want to manage Windows updates using ConfigMgr
if you are using it to deploy operating systems. If so, you will need to
install WSUS 3.0 SP2. This is a simple task in Server Manager if you
are using Windows Server 2008 R2. Install this role, but be sure not to
configure WSUS in any way. The configuration will be handled by
ConfigMgr if you decide to enable the Software Update Point site server
role.
A
number of file shares will be used for ConfigMgr OS deployment. You
will need to create these file shares. Create the folders on the D:
drive of the ConfigMgr site server (deploysrv.deploy.com) and share them with the appropriate permissions. You'll note that they are hidden shares, as detailed in Table 1.
Table 1. Shared folders that ConfigMgr will need
| Share name | Share permissions | NTFS permissions | Notes |
|---|
| Packages$ | All Site Servers: Read
ConfigMgr Administrators: Change | | This
is used to store Configuration Manager packages that you will create.
They will be copied from here to the distribution points by ConfigMgr. |
| Images$ | Everyone: Change | ConfigMgrNW: Modify | OSD images are kept here. |
| USMT$ | Everyone: Change | Everyone: Modify | User
state data can be captured and stored here temporarily while a computer
is being rebuilt. You may need to use an alternative location with more
available storage when performing large concurrent deployments. The
User State Migration Toolkit might not be required in tightly controlled
environments where all user data is stored on the network. |
| Drivers$ | Everyone: Change | | You can extract and store drivers here that will be required for OS distribution and for boot images. |
You
have now configured Active Directory and set up the server
prerequisites for the Configuration Manager installation. It's time to
install it.
