This part will consist of doing the basic configurations that make ConfigMgr 2012 actually work in a domain.
There are a couple of steps that we need to do before we can distribute the client across our domain.
First of we can start the console ( Usually located on the desktop ) Go into the administration tab.
then from the left menu select Boundaries and right click and select create boundary.
Since I only have 1 domain that I wish to create a boundary for, I choose Active Directory sites from the drop down menu, I choose browse and select
the (Default-first-site-name) And give it a good description.
Click Apply then OK. As of now, you just created a boundary but you haven’t linked it to a ConfigMgr site so It doesn’t do much until we’ve done the rest.
Next we have to create a Boundary group. Go back to the Administration –> Hierarchy Configuration –> Boundary Group. Right click and select create new boundary group.
Start by giving it a valid name, adding the boundary that we created in the previous step. Then click references, then select “Use this boundary group for my site assignment”.
Then click the add button below and choose the site server that you’ve installed Configmgr on.Click apply and OK.
What you’ve done now is create a boundary for this Site. Which means when a client installs the SCCM agent, it will query the system. The System will check “hmm is this client within my boundary?, it sees that it belongs to the Active
directory site that you listed in the boundary and say ok it is part of my boundary so I will give to access to this site”
Next we have to activate Active Directory discovery, so that the configmgr system will find our users, groups and computers from AD.
So Go to the Administration tab again –> Hierarchy Configuration –> Discovery Methods.
What we are looking for now is Active Directory system discovery (Since we want Configmgr to find our computers from the domain)
Right click on system discovery, and choose properties. Press the enable Active Directory system discovery, then press the star button and choose browse. Then choose the OU which your clients are located, then click OK.
go to the polling schedule and change it to 1 day.
Click apply, choose yes on the “Run discovery as soon as possible?” question and press OK.
If you go to the Monitoring tab and into the Site system –> component status. And find the SMS_AD_SYSTEM_DISCOVERY_AGENT, right click
show messages, all. And you can see that the discovery process has already run, and according to the log it found 3 valid systems.
If we go into the Assets and compliance menu, then into devices, and all systems we find our 3 computers.
Now we could basically just deploy our client to our computers but we are missing some other pieces that we need to put in place first.
Since of configmgr 2012 Microsoft has labeled it User-centric meaning that we are very interested in the user not so much the computer the user sits on (well we are a little bit interested ) but the
user sitting behind the computer isn’t. He/her wants his/hers software available on every computer they sit on. So in order to deploy software to the user, we have to import our users from AD into ConfigMgr.
So again we go back to Administration tab again –> Hierarchy Configuration –> Discovery Methods. And enable user discovery just as we enabled system discovery (If you want to deploy software to spesific groups, which most are) enable the
group discovery as well.
When you have activated the user discovery, and the process has run, your users will now appear under Assets and compliance –> Users.
If you right-click a user and press properties you will see that it was the discovery that populated this user in to ConfigMgr.
As you can see it says “SMS_AD_USER_DISCOVERY” under agent name.
Now we have done much of the configuration that we need. Next we need to install the other required roles to our site before we start rolling out the agent to our domain. So go to Administration –> Site configuration –> Servers and site system roles, on the right side choose your primary Configrmgr, right click and select Add Site System Role
On the first screen that appears, just leave it as the default. Since this is not a internet facing site we don’t need to enter FQDN.
And Since the computer account still has administrator access I can leave it at that.
The roles I am going to install now are
“Application Catalog Web Service Point” This is the service that the application catalog website Is going to query, if you have a large domain I suggest to install 2 servers with the application catalog website, and 1 dedicated web service point.
”Application Catalog Website Point” This is the self-service portal that users can enter to choose software that they want to install.
”Reporting Services Point” Provides the communication between ConfigMgr server and the SQL reporting services server, and installing the default reports.
”Software update point” Used for patching computers in the SCCM site (Requires WSUS 3.0 SP2) It also required if you wish to deploy Endpoint Protection Point, which we are going to install later.
So click next,
If you don’t have a proxy server just click next here,
Here you have to select if WSUS is already configured on which ports in the IIS,
If you are uncertain start the IIS config and check the bindings to see what ports it is configured to.
In my case it is a custom website, so I choose that and click next.
Now in order to save a lot of screenshots, but its pretty straight forward from here.
On the next pane, choose Synchronize from Microsoft Update, click next, on Synchronization Schedule leave it at the default, on Supersedence Rules leave it at default, on Classifications you choose what patches you are interested in Critical, features, service packs etc, on Products ( Choose those products you are have in your environment ot you might end up with a lot of data that you don’t need. On the Languages pane also choose those languages you have.
Now that we are done with that we continue on to the Reporting Services Point.
Then click next, during the Application Catalog Web Services just leave it at the default, unless you have a certificate that you want to use for https.
Then click next, now for the Application Web site role, just leave that also at the default.
And click next and you can choose a color theme for your portal and enter a title for it.
Click next, then the summary will appear then click finish. And the server roles will become installed.
Now that the roles are installed, lets check that they are functioning as they should.
Lets start by checking the reporting service, go into monitoring and then choose reporting –> reports (might take a while before the reports appear) Then run a random report (Administration Activity Log)
The report seems to be running fine, so it appears the the reporting service is functioning. I can also doublecheck that the component is reporting as it should by going into Monitoring –> System Status –> Componets status and checking the
Now on to the software updating point, go into the software library –> Software updates –> right click on All Software updates and choose syncronize now.
As you can see down below, it says busy. And if you open Windows Update Services console you will see that it is synchronizing. This might take some time, depending on what products and languages you choosed.
As this is synchronizing, I will check that the role has been installed probably.
It seems to be functioning as it should. After the sync it seems to we working properly. Well this will not be tested until we have some clients to test it on
Now back to the application web portal, I get an error, I right click on SMS_PORTALWEB_CONTROL_MANAGER and choose show all messages.
In order to fix this, you have to run the command, aspnet_regiis.exe –I from c:\windows\microsoft.net\framework\v4.0.30319 in CMD.
Then I reinstall the Application web role from the server and volia! now It seems to be functioning as it should.
Now open internet explorer to the server http://server/cmapplicationcatalog
Remember that you have to have Silverlight installed in order for it to function.
Voila! I haven’t created any applications that should be avalible yet. But you should always create the framework before you create the content.
Now we are finished with part 2 of this SCCM guide, next one will focus on client settings, endpoint , software update, remote control and how to push your sccm agents out to the domain.