Sunday, March 28, 2010

SCCM Basics & FAQ

A Short notes on ' SCCM 2007 Basics'
I've been looking for short notes that facilitate quick
understanding knowledge on SCCM 2007. I finally ut !y efforts
to bring a short notes on SCCM 2007 to hel those who are
already fa!iliar with Syste!s Manage!ent Server "SMS# 200$
and who wish to quickly develo understanding knowledge on
'Microsoft Syste! Center Configuration Manager 2007'.
Microsoft SCCM %2007 "ConfigMgr# rovides a co!rehensive
solution for change and configuration !anage!ent for the
Microsoft latfor!& enabling organi'ations to rovide relevant
software and udates to users quickly and cost%effectively& (llows
I) staff to !onitor and !anage the hardware * software in a
!odern distributed environ!ent.
SCCM 2007 Features
+,-S, Inventory
Software .istribution
Software /date
Software Metering
0erating Syste! .eloy!ent "I!age cature-deloy!ent&
/ser State Migration& )ask sequence#
Manage site accounts tool "MS(C#
(sset Intelligence 1e!ote tools
2(3 ,orks with ,indows Server 2004 oerating syste! 2etwork
3olicy Server to restrict co!uters fro! accessing the network if
they do not !eet secified require!ents )he Syste! Center
5a!ily& )he roducts included under the Syste! Center u!brella
address the challenges of !anaging infor!ation technology in
organi'ations of different si'es.
What's New
6ranch distribution oint
.esired configuration !anage!ent
,ake 0n 7(2
2etwork (ccess 3rotection "2(3#
Topics
SCCM BASICS FA! SCCM
SCCM 5(8
SMS 200$
,in39 6ootable 0S I!age
:6 Scrits
3rivacy 3olicy
Software (licatin * 3ackaging 5(8
Greetings
Followers
Join this site
with Google Friend Connect
Members (20)
Already a member?Sign in
Follow by Email
Search Blog
Search
Flags
1 More Next Blog Create Blog Sign In
SCCM Basics & FAQ
This blog provides quick understanding knowledge on SCCM 2007. I finall put ! efforts to bring a short
notes on SCCM"2007 to help those who are alread fa!iliar with Sste!s Manage!ent Server #SMS$ 200%
and who wish to quickl develop understanding knowledge on &Microsoft Sste! Center Configuration
Manager 2007&.
Submit
Page 1 of 10 SCCM Basics & FAQ
8/3/2014 http://sccmfaq!"ogspoti#/
In addition to SCCM 2007& the Syste! Center roducts include;
Syste! Center 0erations Manager 2007 %(llows I) staff to
!onitor and !anage the hardware and software in a !odern
software distributed environ!ent. Syste! Center code na!e
<Service .esk= ,hen it released& <Service .esk= is e>ected to
rovide i!le!entations of funda!ental I) Service Manage!ent
rocesses& including incident !anage!ent& roble!
!anage!ent& and change !anage!ent.
Syste! Center .ata 3rotection Manager 200? 3rovides data
backu and restore for ,indows file servers. Syste! Center
9ssentials 2007 3rovides tools for less%seciali'ed I) staff in
s!aller organi'ations to !anage their environ!ents !ore
effectively with the three !ost i!ortant !anage!ent functions;
!onitoring distributed syste!s& auto!ating software udates and
installing alications. Syste! Center :irtual Machine Manager
+els !anage!ent staff with the rocess of consolidating
alications onto virtuali'ed servers. Syste! Center Caacity
3lanner 200? Caacity 3lanner is a tool for deter!ining what
hardware resources will be required to run an alication& such as
9>change Server 200$& to !eet secific erfor!ance and
availability goals.
5or !ore infor!ation about Microsoft Syste! Center&
SCCM Sites
( site consists of a site server& site syste! roles& clients& and
resources. ( site always requires access to a Microsoft S87
Server database. )here are several tyes of SCCM 2007 sites. (
SCCM 2007 site uses boundaries to deter!ine the clients
belonging to the site. Multile sites can be configured into site
hierarchies and connected such that you can !anage bandwidth
utili'ation between sites. ( SCCM 2007 site is identified by the
three%character code and the friendly site na!e configured during
Setu and tyes of sites as follows.
"ri#ary Sites%( ri!ary site stores SCCM 2007 data for itself
and all the sites beneath it in a S87 Server database.
Secondary Site%( secondary site has no SCCM 2007 site
database. It is attached to and reorts to a ri!ary site. )he
secondary site is !anaged by a SCCM 2007 ad!inistrator running
a Configuration Manager 2007 console that is connected to the
ri!ary site. )he secondary site forwards the infor!ation it
gathers fro! Configuration Manager 2007 clients& such as
co!uter inventory data and Configuration Manager 2007 syste!
status infor!ation& to its arent site. )he ri!ary site then stores
the data of both the ri!ary and secondary sites in the SCCM
2007 site database. )he advantages of using secondary sites are
that they require no additional SCCM 2007 server license and do
not require the overhead of !aintaining an additional database.
Secondary sites are !anaged fro! the ri!ary site it is
connected to& so they are frequently used in sites with no local
ad!inistrator resent. )he disadvantage of secondary sites is that
they !ust be attached to a ri!ary site and cannot be !oved to
a different ri!ary site without deleting and recreating the site.
(lso& secondary sites cannot have sites beneath the! in the
hierarchy.
Live Fee
Blog Archive
20@0 "@#
0$-24 % 0A-0A"@#
SCCM 6asics * 5(8
!"#$%&
:iew !y co!lete rofile
Live Traffic Feed
Real-time view Menu
A visitor from Pune,
Maharashtra viewed "SCCM
asics ! FA"" # mins a$o
A visitor from %arrow viewed
"SCCM asics ! FA"" &'
mins a$o
A visitor from %arrow viewed
"SCCM asics ! FA"" ('
mins a$o
A visitor from %)dera*ad,
Andhra Pradesh viewed "SCCM
asics ! FA"" + hr ,& mins
a$o
A visitor from %)dera*ad,
Andhra Pradesh viewed "SCCM
asics ! FA"- SCCM asics !
FA"" + hr ./ mins a$o
A visitor from an$alore,
0arnata1a viewed "SCCM
asics ! FA"" + hr (# mins
a$o
A visitor from 2nited Ara*
3mirates viewed "SCCM asics
! FA"" . hrs , mins a$o
A visitor from Muscat, Mas4at
viewed "SCCM asics ! FA""
( hrs (+ mins a$o
A visitor from 5ellore, Andhra
Pradesh viewed "SCCM asics
! FA"" # hrs +' mins a$o
A visitor from 6ndia viewed
"SCCM asics ! FA"- SCCM
asics ! FA"" # hrs &+ mins
Pa$e & of +7 SCCM asics ! FA"
/8,8&7+. htt9-88sccmfa4:*lo$s9ot:in8
"arent Site%( arent site is a ri!ary site that has one ore !ore
sites attached to it in the hierarchy. 0nly a ri!ary site can have
child sites. ( secondary site is always a child site. ( arent site
contains ertinent infor!ation about its lower level sites& such as
co!uter inventory data and SCCM 2007 syste! status
infor!ation& and can control !any oerations at the child sites.
Chi$d Sites%( child site is a site that is attached to a site above it
in the hierarchy. )he site it reorts to is its arent site. ( child
site can have only one arent site. SCCM 2007 coies all the data
that is collected at a child site to its arent site. ( child site is
either a ri!ary site or a secondary site.
Centra$ Site %( central site has no arent site. )yically& a
central site has child and grandchild sites and aggregates all of
their client infor!ation to rovide centrali'ed !anage!ent and
reorting. ( site with no arent and no child site is still called a
central site although it is also referred to as a standalone site. (
central site to collect all of the site infor!ation for centrali'ed
!anage!ent.
Site Syste#s
9ach site contains one site server and one or !ore site syste!s.
)he site server is the co!uter where you install SCCM 2007 and
it hosts services required for SCCM 2007. ( site syste! is any
co!uter running a suorted version of ,indowsB or a shared
folder that hosts one or !ore site syste! roles. ( site syste! role
is a function required to use SCCM 2007 or to use a feature of
SCCM 2007. Multile site roles can be co!bined on a single site
syste!& including running all site roles on the site server& but this
is usually aroriate only for very s!all and si!le
environ!ents.
Site Syste# %o$es
Mana&e#ent "oint% )he site syste! role that serves as the
ri!ary oint of contact between SCCM 2007 clients and the
Configuration Manager 2007 site server.
Ser'er $ocator "oint %( site syste! role that locates
!anage!ent oints for SCCM 2007 clients.
(istri)ution "oint%( site syste! role that stores ackages
for clients to install. Software /date 3oint%( site syste! role
assigned to a co!uter running Microsoft ,indows Server
/date Services ",S/S#.
%e*ortin& "oint%( site syste! role hosts the 1eort :iewer
co!onent for ,eb%based reorting functionality.
Fa$$)ac+ Status "oint % ( site syste! role that gathers state
!essages fro! clients that cannot install roerly& cannot
assign to a Configuration Manager 2007 site& or cannot
co!!unicate securely with their assigned !anage!ent oint.
",- Ser'ice "oint%( site syste! role that has been
configured to resond to and initiate oerating syste!
deloy!ents fro! co!uters whose network interface card is
configured to allow 3C9 boot requests. /ser
State Mi&ration "oint%( site syste! role that stores user
state data while a co!uter is being !igrated to a new
oerating syste!.
Pa$e , of +7 SCCM asics ! FA"
/8,8&7+. htt9-88sccmfa4:*lo$s9ot:in8
.ow Site co##unicates/
Clients co!!unicate with site syste!s hosting site syste! roles.
Site syste!s co!!unicate with the site server and with the site
database. If there are !ultile sites connected in a hierarchy& the
sites co!!unicate with their arent& child& or so!eti!es
grandchild sites. Site 6oundaries& SCCM 2007 uses boundaries to
deter!ine when clients and site syste!s are in the site and
outside of the site. 6oundaries can be I3 subnets& I3 address
ranges& I3v? refi>es& and (ctive .irectory sites. )wo sites should
never share the sa!e boundaries. (ssigning the sa!e I3 subnet&
I3 address range& I3v? refi> or (ctive .irectory site to two
different sites !akes it difficult to deter!ine which clients should
be !anaged in the site.
Inter%Site Co!!unication ,hen you have a searate sites& SCCM
2007 uses senders to connect the two sites. Senders have sender
addresses that hel the! locate the other site. ,hen sending
data between sites& senders rovide fault tolerance and
bandwidth !anage!ent.
Intra%site Co!!unications )hey use either server !essage block
"SM6#& +))3& or +))3S& deending on various site configuration
choices you !ake. 6ecause all of these co!!unications are
un!anaged& that is& they haen at any ti!e with no
consideration for bandwidth consu!tion& it is beneficial to !ake
sure these site ele!ents have fast co!!unication channels.
(isco'ery Methods
Acti'e (irectory Syste# (isco'ery %.iscovers details
about the co!uter
Acti'e (irectory Syste# 0rou* (isco'ery % .iscovers
details such as organi'ational unit& global grous& universal
grous& and nested grous.
Acti'e (irectory 1ser (isco'ery%etrie'es (ctive
.irectory /ser .iscovery
Acti'e (irectory Security 0rou* (isco'ery%.iscovers
security grous created in (ctive .irectory.
.eart)eat (isco'ery%1efresh Configuration Manager client
co!uter discovery data in the site database.
Networ+ (isco'ery%Searches the network for resources that
!eet a secific rofile& 5ro! router's (13 cache& S2M3 agent
and .+C3 9ach discovery !ethod creates data discovery
records "..1s# for resources and sends the! to the site
database& even if the discovered resource is not caable of
being a SCCM 2007 client.
(ctive .irectory /ser .iscovery and (ctive .irectory Security
Drou .iscovery allow you to target software distribution
ackages to users and grous instead of co!uters.
C$ient Insta$$ation
Pa$e . of +7 SCCM asics ! FA"
/8,8&7+. htt9-88sccmfa4:*lo$s9ot:in8
SCCM 2007 rovides several otions for installing the client
software.
)he following table lists the client co!uter installation !ethods.
So2tware u*date *oint insta$$ation %/ses the (uto!atic
/date configuration of a client to direct the client co!uter
to a ,S/S co!uter configured as a SCCM 2007 software
udate oint.
C$ient *ush insta$$ation %/ses an account with
ad!inistrative rights to access the client co!uters and install
the SCCM 2007 client software.
Manua$ c$ient insta$$ation %( user with ad!inistrative rights
can install the client software by running CCMSetu on the
client co!uter. ( variety of switches !odify the installation
otions.
0rou* "o$icy insta$$ation %/ses Drou 3olicy software
installation to install CCMSetu.!si.
I#a&in& %)he client software can be added to an i!age&
including i!ages created and deloyed with SCCM 2007
oerating syste! deloy!ent.
Software .istribution %9>isting clients can be ugraded or
redeloyed using SCCM 2007 software distribution.
Mobile devices use different installation !ethods Client
(ssign!ent Clients !ust be assigned to a site before they can be
!anaged by that site. Clients can be assigned to a site during
installation or after installation. (ssigning a client involves either
telling it a secific site code to use& or configuring the client to
auto!atically assign to a site based on boundaries. If the client is
not assigned to any site during the client installation hase& the
client installation hase co!letes& but the client cannot be
!anaged by SCCM 2007.
Clients cannot be assigned to secondary sitesE they are always
assigned to the arent ri!ary site& but can reside in the
boundaries of the secondary site& taking advantage of any ro>y
!anage!ent oints and distribution oints at the secondary site.
)his is because clients co!!unicate with !anage!ent oints and
!anage!ent oints !ust co!!unicate with a site database.
Secondary sites do not have their own site database& )hey use
the site database at their arent ri!ary site. (uthenticating
Clients 6efore SCCM 2007 trusts a client& it requires so!e
!anner of authentication. In !i>ed !ode& clients !ust be
aroved& either by !anually aroving each client or by
auto!atically aroving all clients or all clients in a trusted
,indows do!ain. In native !ode& clients !ust be issued client
authentication certificates rior to installing the SCCM 2007 client
software.
Pa$e ( of +7 SCCM asics ! FA"
/8,8&7+. htt9-88sccmfa4:*lo$s9ot:in8
Blocking Clients- If a client computer is no longer trusted, the
Configuration Manager administrator can block the client in the
SCCM 2007 console.
Client Agents
Client agents are SCCM 2007 components that run on top of the
base client components.
Computer Client Agent Properties-Configures how often client
computers retriee the polic! that gies them the rest of their
configuration settings.
Device Client Agent Properties-Configures all of the properties
specific to mobile deice clients. "ardware Inentor! Client #gent
-$nables and configures the agent that collects a wide ariet! of
information about the client computer.
Software Inventory Client Agent-$nables and configures
which files Configuration Manager inentories and collects.
Advertised Programs Client Agent-$nables and configures the
software distribution feature.
Desired Configuration Management Client Agent-$nables the
client agent that ealuates whether computers are in compliance
with configuration baselines that are assigned to them
Remote Tools Client Agent-$nables Configuration Manager
remote control
etwork Access Protection Client Agent-$nables
Configuration Manager %etwork #ccess &rotection
Software !pdates Client Agent-$nables the agent that scans
for and installs software updates on client computers.
Administrator Console
'ou can run the console from the site serer or install additional
consoles on !our desktop or help desk computers to facilitate
management. (ne console can manage man! sites or man!
consoles can manage a single site. )he SCCM 2007 console runs
as a Microsoft Management Console *MMC+ snap-in, although !ou
must run SCCM 2007 Setup on the computer so that the snap-in
is aailable.
Collections
Collections represent groups of resources and can consist not onl!
of computers, but also of Microsoft ,indows users and user
groups as well as other discoered resources. Collections proide
!ou with the means to organi-e resources into easil! manageable
units, enabling !ou to create an organi-ed structure that logicall!
represents the kinds of tasks that !ou want to perform.
Inventory
"ardware inentor! gies !ou s!stem information Software
inentoried file t!pes and ersions present on client computers
.ueries It uses ,/$M 0uer! language *,.1+ to 0uer! the site
Page 6 of 10 SCCM Basics & FAQ
8/3/2014 http://sccmfa!"#ogspot!i$/
database. .uer! results are returned in the SCCM 2007 console,
where the! can be e2ported using the MMC e2port list feature.
Reporting
3eporting is a supporting feature to man! other SCCM 2007
features. 3eports are returned in ,eb pages in the browser. ,ith
reporting !ou can create reports that show the inentor! !ou
hae collected or the software updates successfull! deplo!ed. 'ou
can also create dashboards, which combine seeral different
iews of information. Seeral pre-created reports are aailable to
support common reporting scenarios. 4or more information about
the reports proided for each feature, see the feature
documentation.
Software Distri"ution
Software distribution allows !ou to push 5ust about an!thing to a
client computer. &ackages in software distribution can contain
source files to deplo! software applications and commands called
programs that tell the client what e2ecutable file to run. # single
package can contain multiple programs, each configured to run
differentl!. &ackages can also contain command lines to run files
alread! present on the client, without actuall! containing
additional source files.
Software updates
)he software updates feature proides a set of tools and
resources that can help manage the comple2 task of tracking and
appl!ing software updates to client computers in the enterprise.
Software updates in SCCM 2007 re0uires a ,indows Serer
6pdate Serices *,S6S+ serer to be installed and uses that to
scan the client computers for applicable software updates. )he
administrator iews which updates are needed in the enironment
and creates packages and deplo!ments containing the source files
for the software updates. Clients then install the software updates
from distribution points and report their status back to the site
database.
Software Metering
Software metering enables !ou to collect and report software
program usage data. )he data proided b! these reports can be
used b! man! groups within the organi-ation such as I) and
corporate purchasing. Software metering in SCCM 2007 supports
the following scenarios7 Identif! which software applications are
being used, and who is using them. Identif! the number of
concurrent usages of a specified software application. Identif!
actual software license re0uirements. Identif! redundant software
application installations. Identif! unused software applications
which could be relocated.
#perating System Deployment
(perating s!stem deplo!ment enables !ou to install new
operating s!stems and software onto a computer. 'ou can use
operating s!stem deplo!ment to install operating s!stem images
to new or e2isting computers as well as to computers with no
connection !our SCCM 2007 site. /! using task se0uences and
the drier catalog operating s!stem deplo!ment streamlines new
computer installations b! allowing !ou to install software using
one d!namic image that can be installed on different t!pes of
computers and configurations. (perating s!stem deplo!ment
proides the following solutions for deplo!ing operating s!stem
images to computers7 &roide a secure operating s!stem
deplo!ment enironment. #ssist with managing the cost of
deplo!ing images b! allowing one image to work with different
computer hardware configurations. #ssist with unif!ing
Page 7 of 10 SCCM Basics & FAQ
8/3/2014 http://sccmfa!"#ogspot!i$/
deplo!ment strategies to help proide a solid deplo!ment
foundation for future operating s!stem deplo!ment methods.
Desired Configuration Management
8esired configuration management enables !ou to define
configuration standards and policies, and audit compliance
throughout the enterprise against those defined configurations.
/est practices configurations can be used from Microsoft and
endors in the form of Microsoft S!stem Center SCCM 2007
Configuration &acks. )hese Configuration &acks can then be
refined to meet customi-ed business re0uirements. #dditionall!,
desired configuration management supports an authoring
enironment for customi-ed configurations. )his feature is
designed to proide data for use b! man! groups within the
organi-ation, including I) and corporate securit!.
Mo"ile Device
Management
Mobile deices are
supported as SCCM 2007
clients. 4or documentation
purposes, mobile clients are
treated as a separate
feature. Mobile clients can
run a subset of SCCM 2007
features such as inentor!
and software distribution,
but cannot be managed b!
remote control and cannot
receie operating s!stem deplo!ments like desktop clients.
Remote Tools
3emote tools in SCCM 2007 includes the remote control feature
which allows an operator with sufficient access rights the abilit!
to remotel! administer client computers in the SCCM 2007 site
hierarch!.
etwork Access Protection
%etwork #ccess &rotection *%#&+ is a polic! enforcement platform
built into the ,indows 9ista and ,indows Serer: 200;
operating s!stems that helps !ou to better protect network assets
b! enforcing compliance with s!stem health re0uirements. 'ou
can configure 8"C& $nforcement, 9&% $nforcement, ;02.<=
$nforcement, I&Sec $nforcement, or all four, depending on !our
network needs.
Asset Intelligence
)racking I) asset > reporting -Is an inentor! monitoring
capabilit! of SCCM 2007
$ake #n %A
)he ,ake (n 1#% feature helps to achiee a higher success rate
for scheduled SCCM 2007 actiities, reducing associated network
traffic during business hours, and helps organi-ations to consere
power b! not re0uiring computers to be left on for maintenance
outside business hours. ,ake (n 1#% in SCCM 2007 supports the
following scenarios7
Sending a wake-up transmission prior to the configured deadline
for a software update deplo!ment. Sending a wake-up
transmission prior to the configured schedule of a mandator!
Page 8 of 10 SCCM Basics & FAQ
8/3/2014 http://sccmfa!"#ogspot!i$/
adertisement, which can be for software distribution or a task
se0uence.
Security Modes
)here are two securit! modes in SCCM 2007.%atie mode is the
recommended site configuration for new SCCM 2007 sites
because it offers a higher leel of securit! b! integrating with a
public ke! infrastructure *&?I+ to help protect client-to-serer
communication. &?Is can help companies meet their securit! and
business re0uirements, but the! must be carefull! designed and
implemented to meet the current and future needs. Installing a
&?I solel! to support SCCM 2007 operations could fulfill certain
short term goals but could hamper a more e2tensie &?I rollout
to support other applications at a later time. If !our organi-ation
alread! has a well-designed, industr!-standard &?I, SCCM 2007
should be able to use certificates from the e2isting &?I.
Backup and Recovery
1ike an! enterprise software, !our site should be backed up to
proide recoerabilit! in case of une2pected eents. /acking up a
SCCM 2007 site inoles backing up the database, the file
s!stem, and the registr! all at the same point in time - backing
up 5ust one of these elements is not sufficient to restore a
working site. SCCM 2007 uses the 9olume Shadow Cop! Serice
*9SS+ to take small, fre0uent snapshots of the necessar!
components, making it easier to restore a failed site. )he Site
3epair ,i-ard walks !ou through the necessar! steps to complete
the site recoer!.
&orts 6sed b! SCCM-2007
&ort used for client to site s!stem communication -port ;0 *"))&+ and
default "))&S port @@A
&ort used for Site Serer to Site Serer -SM/ @@B*Serer Message /lock+
and its bi-directional
&re'uently Asked (uestions )&A( SCCM *++,
I would appreciate !our aluable feed back or suggestions to
improe this blog, &lease feel free to reach me for further
assistance > support.
'ou can reach me thru m! email, )hank !ou er! much for
isiting ...
&osted b! 96A3C' at<27<0 #M <D comments7 1inks to this post
1abels7SCCM 2007 /asics
"ome
Subscribe to7&osts *#tom+
+1 Recommend this on Google
Page 9 of 10 SCCM Basics & FAQ
8/3/2014 http://sccmfa!"#ogspot!i$/
Page 10 of 10 SCCM Basics & FAQ
8/3/2014 http://sccmfa!"#ogspot!i$/