Windows 7 : Installing Configuration Manager 2007 (part 1) - Prepare for a ConfigMgr Installation

11/23/2012 2:53:44 AM
Before we go any further, let's consider the versions of Configuration Manager you can use to deploy Windows 7:

Configuration Manager 2007/2007 R2 with Service Pack 2

This provides support for Windows Server 2008 R2 and Windows 7. You can install Configuration Manager 2007 and undergo the process of deploying Service Pack 2. Alternatively, you can install from slip-streamed media that deploys ConfigMgr 2007 and Service Pack 2 in one sweep.

We are going to install Configuration Manager 2007 with Service Pack 2 with Configuration Manager 2007 R2 in our lab onto the server DeploySrv. The lab network consists of an Active Directory domain controller called DC in the domain, the deployment server called DeploySrv, some Windows XP virtual machines, and a blank virtual machine that we can deploy Windows 7 to. DHCP is enabled and configured for the lab network on the domain controller—which is required to provide a network configuration to any machine booting up with the Windows PE client.

Configuration Manager 2007 R3

Configuration Manager 2007 R3 was still an unfinished product as of this writing.

The newest release of ConfigMgr focuses mainly on power management. It allows the application of power-saving policies and reporting on the savings.

There is one new feature that will be beneficial in operating system deployment. Prestaged media support allows you to create an OSD when new PCs are going to be prepared by resellers or OEMs. When the new PC is delivered, it will boot up into the Windows PE client, connect to the network, and initiate the deployment.

The requirements for ConfigMgr are long and complex, and change depending on the architecture you decide on. It is best that you refer to the Microsoft site with all of the relevant information at As you saw with WDS, you should have a second volume for storing data. Our DeploySrv has a D: drive. You will need Internet access for a fully functional ConfigMgr installation to download various updates, as you will see as you read on.

We'll now move on with an actual installation of the product. Your first steps will be to prepare the environment. There is a deep integration with Active Directory, and you should configure this before you install Configuration Manager.

1. Prepare for a ConfigMgr Installation

A significant amount of work is required before you even start to install ConfigMgr. Prerequisites in the Active Directory forest and domain must be configured, and the server must be prepared.

1.1. Prepare Active Directory

A container will be created in Active Directory to contain information that will help ConfigMgr clients find the management point for their site. The contents of this container will be populated by ConfigMgr site servers. You'll want to ensure that write access is controlled, and this requires a security group. Take the following steps:

  1. Create a security group in Active Directory to contain the computer accounts of all your planned ConfigMgr site servers. The name of this group in our lab will be ConfigMgrSiteServers but you should name your group according to your organization's naming standards.

  2. Be sure to add the computer accounts for your site servers into the group.

  3. Reboot the servers to pick up the new group membership (once the local domain controllers have replicated).

    The next few steps will require domain administrator rights for your domain.

  4. You will use ADSI Edit (ADSIedit.msc) to create the container. Navigate into System and create a new container object called System Management.

    You now need to grant the site servers full control access rights to the new System Management container.

  5. Right-click on System Management to access the properties of the container. Select the Security tab.

  6. Click the Add button and add the ConfigMgrSiteServers group.

  7. Grant that group Full Control rights to the container. You will end up with something similar to Figure 1.

  8. Edit the entry for ConfigMgrSiteServers in the Advanced view to ensure the permissions apply to this object and all descendent objects.

    The final step in the Active Directory preparation is to extend the schema. This will allow you to create ConfigMgr-specific objects in the Active Directory forest. This task will require Schema Admins group membership in the root domain of the forest.

    Figure 1. The System Management container

    Extending the Schema for Configuration Manager

    The schema extension is highly tested and we've yet to hear of a problem with the process or results. But you might want to do a few things just in case. You could temporarily power down a domain controller before the schema extension. If there is a problem, then you at least have a copy of your domain before the new objects were added. However, the ConfigMgr schema extension is quite small and is unlikely to cause a problem.

    You should also try to do this extension process from a computer that is located physically close to the Schema Master FSMO role holder in the Active Directory forest.

  9. Extending the schema is pretty simple. All you have to do is run the Extadsch.exe utility in \SMSSetup\Bin\i386\ from the ConfigMgr 2007 with SP2 installation media. You should end up with a result like the one shown in Figure 2.

    Figure 2. Extending the Active Directory schema
  10. You will require some Active Directory user accounts. Create these on your domain controller:


    This is an account that will have rights to create computer accounts in the OU where you normally store those Active Directory objects. You can use it to automatically join new computers to the domain.


    You will require at least one user account that will have local administrator rights on the computers that you wish to manage using ConfigMgr. Initially, it will be used to deploy the ConfigMgr client from a central location. You can grant it local administrator rights using the Restricted Groups feature of Group Policy.


    Some operations in ConfigMgr require that a client provide domain credentials to access network resources. This account can be used for those operations.

  11. Create any OUs that you need to store any computer accounts. Ensure that the ConfigMgrJoin user account has the required rights. To start with, these two advanced permissions are required on the OU (This Object And All Descendent Objects):

    • Create Computer Objects

    • Delete Computer Objects

  12. You also need to grant some advanced permissions to ConfigMgrJoin on the OU(s). Set the following to Allow For The Descendent Computer Objects:

    • Read All Properties

    • Write All Properties

    • Read Permissions

    • Modify Permissions

    • Change Password

    • Reset Password

    • Validate Write To DNS Host Name

    • Validate Write To Service Principal Name

You're now ready to start preparing your very first ConfigMgr site server. There are a number of things you need to do to it before you install ConfigMgr.

1.2. Prepare the ConfigMgr Site Server

You should install a server operating system on your site server. This OS can be either a 32-bit or a 64-bit operating system. We recommend a 64-bit operating system to future-proof the installation. Our example server, DeploySrv, is set up with Windows Server 2008 R2.

The next step is to install SQL Server. For this example, we are installing SQL Server 2008 and Service Pack 1 onto the site server. Once the installation of both the server and service pack is complete, you will need to make one change to the standard configuration: Named pipes must be enabled in SQL. You can do so using the SQL Server Configuration Manager.

From that point, take the following steps:

  1. Launch the SQL Server Configuration Manager from Configuration Tools in the Microsoft SQL Server 2008 program group.

  2. Navigate into SQL Server Network Configuration and expand Protocols for MSSQLSERVER.

  3. Right-click on Named Pipes and select Enable. You are informed that the SQL services will need to be restarted in order to pick up this new configuration change. Make sure you coordinate with other administrators before doing the restart if this machine is monitored or if this SQL instance is used by other applications. You should end up with the setup shown in Figure 3.

    Figure 3. SQL Server with Named Pipes enabled

    Managing Windows Server 2008 or 2008 R2

    You should read Mastering Microsoft Windows Server 2008 R2 (Sybex, 2010) if you wish to learn more about installing or configuring Windows Server 2008 or Windows Server 2008 R2.

    Server Manager is used to add roles and features. For example, Windows Server Update Services (WSUS) 3.0 can be enabled and installed as a role on Windows Server 2008 R2 using Server Manager. IIS can be enabled and installed as a role on Windows Server 2008 or Windows Server 2008 R2.

  4. Install IIS. This is a mandatory requirement. You will also use Server Manager to enable this role.

    A few additional pieces will be needed. A handy tip from Microsoft is to install IIS by enabling the BITS Server Extensions feature. BITS is a requirement and it subsequently requires IIS.

  5. Choose to add the Remote Differential Compression features.

  6. The Add Features Wizard will ask if you want to customize the IIS role installation. Add the following IIS role services and any dependencies:

    • Common HTTP Features\WebDAV Publishing

    • Application Development\ASP.NET

    • Application Development\ASP

    • Security\Windows Authentication

    • Management Tools\IIS 6 Management Compatibility\IIS 6 Metabase Compatibility

    • Management Tools\IIS 6 Management Compatibility\IIS 6 WMI Compatibility

    The last role service, WebDAV, is not included with Windows Server 2008; you must download it from the official Microsoft IIS site at

  7. Next, WebDAV must be configured with an authoring rule to enable your ConfigMgr clients to use it. Open the IIS Manager from Administrative Tools. Navigate into the Default Web Site in the left navigation pane and enter the WebDav Authoring Rules in the center contents pane.

  8. Click Enable WebDAV in the Actions pane. It will be disabled by default.

  9. Click Add Authoring Rule in the Actions pane. Allow all users to have read access to all content, as shown in Figure 4.

    Figure 4. Add Authoring Rule
  10. You also need to set up how WebDAV will behave. Do this by clicking on WebDAV Settings in the Actions pane. You should configure the following settings:

    • Set Property Behavior\Allow Anonymous Property Queries to True

    • Set Property Behavior\Allow Custom Properties to False

    • Set Property Behavior\Allow Property Queries With Infinite Depth to True

  11. If you plan on enabling BITS on this distribution point (which you probably will in order to optimize how clients connect and download content), set WebDAV Behavior\Allow Hidden Files To Be Listed to True. You can see the final configuration in Figure 5.

    Figure 5. WebDAV settings and behavior
  12. ConfigMgr will use components of WDS, so install this role.

  13. When it is installed, launch the WDS console and configure the server to use D:\RemoteInstall as the Remote Installation Folder Location. Accept all the default settings in the Windows Deployment Services Configuration Wizard. At the end, do not add any images to the server.

  14. It is likely that you will want to manage Windows updates using ConfigMgr if you are using it to deploy operating systems. If so, you will need to install WSUS 3.0 SP2. This is a simple task in Server Manager if you are using Windows Server 2008 R2. Install this role, but be sure not to configure WSUS in any way. The configuration will be handled by ConfigMgr if you decide to enable the Software Update Point site server role.

  15. A number of file shares will be used for ConfigMgr OS deployment. You will need to create these file shares. Create the folders on the D: drive of the ConfigMgr site server ( and share them with the appropriate permissions. You'll note that they are hidden shares, as detailed in Table 1.

Table 1. Shared folders that ConfigMgr will need
Share nameShare permissionsNTFS permissionsNotes
Packages$All Site Servers: Read ConfigMgr Administrators: Change This is used to store Configuration Manager packages that you will create. They will be copied from here to the distribution points by ConfigMgr.
Images$Everyone: ChangeConfigMgrNW: ModifyOSD images are kept here.
USMT$Everyone: ChangeEveryone: ModifyUser state data can be captured and stored here temporarily while a computer is being rebuilt. You may need to use an alternative location with more available storage when performing large concurrent deployments. The User State Migration Toolkit might not be required in tightly controlled environments where all user data is stored on the network.
Drivers$Everyone: Change You can extract and store drivers here that will be required for OS distribution and for boot images.

You have now configured Active Directory and set up the server prerequisites for the Configuration Manager installation. It's time to install it.

Most View
Intel NUC D54250WYK 2013 (Part 2)
Upgrade Your Apps (Part 3) - January 2013
Lap Test – JBL Pulse_Lights And Sound
IBM WebSphere Process Server 7 and Enterprise Service Bus 7 : Monitoring WPS/WESB applications
Canon EOS 700D Digital SLR Camera Review (Part 1)
Windows Server 2003 : Supporting and Troubleshooting Terminal Server (part 5) - Managing User Sessions
Microsoft Lync Server 2010 : Planning for Internal Non-Voice Deployment - Planning for Conferencing
Samsung ST150F – A Compact Camera With A 5x Optical Zoom Lens
Epic Gear Meduza - Super Competitive Mid-Range Mouse
Windows 7 : Migrating User Profiles (part 2) - User State Migration Tool
Top 10
Mitsubishi Hybrids – One Direction
Race To The Clouds – Honda R&D’S ’91 NSX (Part 2)
Race To The Clouds – Honda R&D’S ’91 NSX (Part 1)
Volkswagen Plug-In Hybrid Up – Double Act
Pre/Power Amplifier Marantz SA8005/PM8005 Review (Part 2)
Pre/Power Amplifier Marantz SA8005/PM8005 Review (Part 1)
Smart TV Finlux 50FME242B-T Review (Part 2)
Smart TV Finlux 50FME242B-T Review (Part 1)
The Best Money Can Buy: Motherboards (Part 2) - Asus Rampage IV Black Edition, Asus Crosshair V Formula-Z
The Best Money Can Buy: Motherboards (Part 1) - ASRock X79 Extreme 11, Asus Intel Z97 ROG Bundle, Gigabyte Z97X-GAMING G1