Deploying Microsoft System Center Configuration Manager 2007 Part

Deploying Microsoft System Center Configuration Manager 2007, Part 2: Client Deployment Wally Mead Senior Program Manager Microsoft Corporation Session Code: MGT 305

Session Agenda Overview of Configuration Manager client deployment Site system roles used in client deployment Client push deployment Software update client deployment Group Policy client deployment Client upgrades

Supported Configuration Manager Clients Windows 2000 Professional and Server SP 4 Windows XP Professional SP 2 and SP 3 Windows Server 2003 SP 1 and SP 2 Windows Server 2003 R 2 Windows Vista Business, Enterprise, and Ultimate Including Vista RTM and SP 1

Supported Configuration Manager Clients (2) Windows Server 2008 No Server Core client support with Configuration Manager RTM Supported with Configuration Manager SP 1 Windows XP Tablet SP 2 Windows XP Embedded SP 2 Windows Embedded Point of Sale (WEPOS) Windows Foundation for Legacy Platforms (Win. FLP)

Issues with SMS 2003 Client Deployment Client push issues Firewalls cause issues on Windows Vista / Windows XP SP 2 Need to provision an admin push account Multiple binaries used for client deployment Client install is not bandwidth-aware No visibility into the progress of client install

Client Deployment Methods Those that are the same as Systems Management Server (SMS) 2003: Client push installation Automated client push or admin controlled Can now use the site server computer account as the Client Push Installation account Logon installation for high-rights users No support for low rights installation Software distribution Upgrades from SMS 2003 Upgrades to Configuration Manager SP 1 Manual installation

Client Deployment Methods (2) Those that are new deployment methods in Configuration Manager 2007 Software update point (SUP) client deployment Client is installed through Windows Server Update Services (WSUS) Group policy installation Use software installation feature to deploy Ccmsetup. msi You can use whatever methods that meet your requirements

Supported Client Numbers Site Role Maximum # of Client Systems Hierarchy (Central site) 200, 000 Primary site 100, 000 System Health Validator 200, 000 Management point Distribution point (non-OSD) 25, 000 4, 000 Distribution point (OSD) Limited by Network & Disk I/O State migration point Limited by Network & Disk I/O Software update point (WSUS) Fallback status point Branch distribution point 25, 000 100, 000 Limited by OS License, Network & Disk I/O

Components Used in Client Deployment Ccmsetup. exe Install, uninstall, upgrade Bandwidth aware Background Intelligent Transfer Service (BITS) BITS 2. 0 for Windows 2000 clients BITS 2. 5 for most other Windows clients BITS 3. 0 already installed on Windows Vista

Components Used in Client Deployment (2) Windows Installer 3. 1 v 2 KB 893803 update to all except Windows Server 2003 SP 1 and later Windows Update Agent For Windows Server Update Services 3. 0 Installed if same or newer version not already installed Core XML Services (MS XML 6 SP 1) MSXML 6. msi

Components Used in Client Deployment (3) MSRDC (Remote Differential Compression) Required for branch distribution points to support binary differential replication Wimgapi. msi Imaging API for custom tools for image management Client. msi Windows Installer package of the Configuration Manager 2007 client

Client Assignment Configuration Manager clients can only be assigned to Configuration Manager sites They cannot be assigned to SMS 2003 sites In order to validate site assignment, they must verify the intended site’s version Required for automatic or manual assignment This occurs from one of two methods Active Directory if the schema is extended for Configuration Manager server locator point

Client Registration Configuration Manager clients must be registered as a client to be able to send data to it, or retrieve data from it Automatic process after assignment Client finds the default management and issues a registration request to the site This provides the client identity (self-signed certificate) to the site for validation

Client Approval Method Configuration Manager clients must be approved to use the Network Access account Can’t download the policy that contains the account until the client is approved Approval has three options in mixed mode No automatic approval (manual) Automatic approval for domain joined clients Automatic approval for all clients

demo Configuring the Client Approval Method

Session Agenda Overview of Configuration Manager client deployment Site system roles used in client deployment Client push deployment Software update client deployment Group Policy client deployment Client upgrades

Site System Roles Used in Client Deployment Site server When deploying via client push Management point Used to download client files for deployment Retrieve policies after deployment Server locator point Used to validate assignment to the site in a nonextended Active Directory environment

Site System Roles Used in Client Deployment (2) Distribution point (including branch DP) Used for a software distribution client upgrade Can be used for operating system deployment Software update point Used when deploying the client through Windows Server Update Services Fallback status point (FSP) Client sends state messages for the deployment to the FSP if configured to do so

Site System Roles Used in Client Deployment (3) PXE service point Can be used in operating system deployment in bare metal system scenarios State migration point Can be used in operating system deployment in machine replacement scenarios

Site Systems used in Client Deployment SQL Server Management Point Primary Site Server Branch DP Server Locator Point Distribution Point Fallback Status Point Software Update Point PXE Service Point State Migration Point

demo Configuring a Fallback Status Point

Session Agenda Overview of Configuration Manager client deployment Site system roles used in client deployment Client push deployment Software update client deployment Group Policy client deployment Client upgrades

Client Push Installation Essentially the same as in SMS 2003 Automated push or Client Push Installation Wizard The default is now SMSSITECODE=local site code The SMS 2003 default was AUTO The site server computer account can be used as the Client Push Installation account Is tried automatically if all other accounts fail

Client Push Installation (2) No longer uses Remote Registry to the target system Now use Remote WMI If Active Directory is extended for Configuration Manager, the Client Push Installation parameters are published Then used often when Ccmsetup. exe is run with no command line parameters Not used for push installs as they use the Client Push Installation method parameters

demo Installing a client using the Client Push Installation Wizard

Session Agenda Overview of Configuration Manager client deployment Site system roles used in client deployment Client push deployment Software update client deployment Group Policy client deployment Client upgrades

Software Update Point Client Installation Client installed as a WSUS mandatory update to non-client systems No firewall issues if Windows Update Agent works No issues with low rights users Client must point to the SUP via Group Policy Client will then install automatically getting parameters from Active Directory

Software Update Point Client Installation Configuration Site admin enables the Software Update Point Client Installation method Requires a software update point site system Publishes the current Configuration Manager client to WSUS as a mandatory application update Only required to publish at the central site All child sites sync content from the parent site

demo Installing a Client Using a Software Update Point

Session Agenda Overview of Configuration Manager client deployment Site system roles used in client deployment Client push deployment Software update client deployment Group Policy client deployment Client upgrades

Group Policy Client Deployment True Active Directory client deployment integration Use software installation to deploy the Configuration Manager client CCMSetup. MSI for software installation package Auto publish client deployment settings to AD ADM templates for settings No more “auto removal” of clients

demo Installing a Client Through Group Policy

Group Policy Client Assignment Allows assignment of resources based on business model instead of network Not constrained to Boundaries ADM template for OU assignment configuration

demo Assigning a Client to a Site Using Group Policy Client Assignment

Session Agenda Overview of Configuration Manager client deployment Site system roles used in client deployment Client push deployment Software update client deployment Group Policy client deployment Client upgrades

Client Upgrades The most common client upgrade methods are: Software distribution Can control targets and timing with advertisements Client push installation Use the Client Push Installation Wizard Can also use: Manual installation Automated push (must clear the Install flag)

Service Pack 1 Client Upgrades There is a new client for Configuration Manager 2007 SP 1 Configuration Manager RTM clients can exist in a SP 1 site Configuration Manager SP 1 clients not supported in an RTM site There is no new client with Configuration Manager R 2 The client remains at Configuration Manager SP 1 code base

demo Upgrading Clients Using Software Distribution

Client Deployment Tips Consider pre-deploying required client files For example, BITS may require a reboot Ensure that the Active Directory schema has been extended If not, you need a server locator point for client assignment Recommended to have a fallback status point available Provides access to great client deployment status reports

Client Deployment Tips (2) Deploy clients in a phased manner Validate success throughout deployment No more than a few thousand a day After initial deployment, deploy a test application to upgraded clients Validates client can access the management point and distribution point For brand new installs, may want to consider configuring Heartbeat Discovery and inventory cycles for daily Validates client functionality and performance

Session Summary There are many unique methods to deploy clients in Configuration Manager 2007 For the most part, the same methods as SMS 2003 supported are available to Configuration Manager 2007 No longer manual Client. msi deployment New methods for Configuration Manager Software update point client installation Group Policy client deployment

question & answer

Resources www. microsoft. com/teched www. microsoft. com/learning Sessions On-Demand & Community Microsoft Certification & Training Resources http: //microsoft. com/technet http: //microsoft. com/msdn Resources for IT Professionals Resources for Developers www. microsoft. com/learning Microsoft Certification and Training Resources

Related Content MGT 304, MGT 305, MGT 306 – Deploying System Center Configuration Manager 2007: Part 1 – Monday, 2: 45 – 4: 00 Part 2 – Wednesday, 1: 00 – 2: 15 Part 3 – Friday, 9: 00 – 10: 15 MGT 05 -INT – General Questions on Microsoft System Center Configuration Manager Tuesday, 10: 15 – 11: 30 MGT 01 -INT – Deploying Microsoft System Center Configuration Manager Thursday, 1: 00 – 2: 15 MGT 03 -HOL – Deploying Microsoft System Center Configuration Manager MGT 12 -HOL – Managing Microsoft Updates with System Center Configuration Manager MGT 04 -HOL – Deploying OS Images Using Microsoft System Center Configuration Manager and Network Boot MGT 20 -HOL – Upgrading from Microsoft System Center Configuration Manager 2007 to Microsoft System Center Configuration Manager SP 1 MGT 21 -HOL – Upgrading from SMS S 2003 SP 2 to Microsoft System Center Configuration Manager MGT 02 -HOL - Microsoft System Center Configuration Manager: Migrating from Mixed Mode to Native Mode MGT 05 -HOL – Device Management with Microsoft System Center Configuration Manager

Track Resources Key Microsoft Sites System Center on Microsoft. com: http: //www. microsoft. com/systemcenter System Center on Tech. Net: http: //technet. microsoft. com/systemcenter/ Virtualization on Microsoft. com: http: //www. microsoft. com/virtualization Community Resources System Center Team Blog: http: //blogs. technet. com/systemcenter System Center Central: http: //www. systemcentercentral. com System Center Community: http: //www. my. ITforum. com System Center on Tech. Net Edge: http: //edge. technet. com/systemcenter System Center on Twitter: http: //twitter. com/system_center Virtualization Feed: http: //www. virtualizationfeed. com System Center Influencers Program: Content, connections, and resources for influencers in the System Center Community. For information, contact scnetsup@microsoft. com

Complete an evaluation on Comm. Net and enter to win!

© 2009 Microsoft Corporation. All rights reserved. Microsoft, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U. S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.