Top Banner
1 A Short notes on ' SCCM-2007 Basics' I've been looking for short notes that facilitate quick understanding knowledge on SCCM 2007. I finally put my efforts to bring consolidated notes on SCCM-2007 to help those who are already familiar with Systems Management Server (SMS) 2003 and who wish to quickly develop understanding knowledge on 'Microsoft System Center Configuration Manager 2007' . Microsoft SCCM -2007 (ConfigMgr) provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively, Allows IT staff to monitor and manage the hardware and software in a modern distributed environment. SCCM 2007 Features HW/SW Inventory Software Distribution Software Update Software Metering Operating System Deployment (Image capture/deployment, User State Migration, Task sequence) Manage site accounts tool (MSAC) Asset Intelligence Remote tools What’s New?? Branch distribution point
38
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: SCCM Short Notes

1

A Short notes on ' SCCM-2007 Basics'I've been looking for short notes that facilitate quick understanding knowledge on SCCM 2007. I finally put my efforts to bring consolidated notes on SCCM-2007 to help those who are already familiar with Systems Management Server (SMS) 2003 and who wish to quickly develop understanding knowledge on 'Microsoft System Center Configuration Manager 2007'.

Microsoft SCCM -2007 (ConfigMgr) provides a comprehensive solution for change and configuration management for the Microsoft platform, enabling organizations to provide relevant software and updates to users quickly and cost-effectively, Allows IT staff to monitor and manage the hardware and software in a modern distributed environment.

SCCM 2007 FeaturesHW/SW Inventory

Software Distribution

Software Update

Software Metering

Operating System Deployment (Image capture/deployment, User State Migration, Task sequence)

Manage site accounts tool (MSAC)

Asset Intelligence Remote tools

What’s New??

Branch distribution point

Desired configuration management

Wake On LAN

Page 2: SCCM Short Notes

2

Network Access Protection (NAP) - Works with Windows Server 2008 operating system Network Policy Server to restrict computers from accessing the network if they do not meet specified requirements. The System Center Family The products included under the System Center umbrella address the challenges of managing information technology in organizations of different sizes.

In addition to SCCM 2007, the System Center products include:

System Center Operations Manager 2007 -Allows IT staff to monitor and manage the hardware and software in a modern distributed environment.

System Center code name “Service Desk” When released, “Service Desk” is expected to provide implementations of fundamental IT Service Management processes, including incident management, problem management, and change management.

System Center Data Protection Manager 2006 Provides data backup and restore for Windows file servers. System Center Essentials 2007 Provides tools for less-specialized IT staff in smaller organizations to manage their environments more effectively with the three most important management functions: monitoring distributed systems, automating software updates and installing applications.

System Center Virtual Machine Manager Helps management staff with the process of consolidating applications onto virtualized servers.

System Center Capacity Planner 2006 Capacity Planner is a tool for determining what hardware resources will be required to run an application, such as Exchange Server 2003, to meet specific performance and availability goals. For more information about Microsoft System Center, see

SCCM Sites A site consists of a site server, site system roles, clients, and resources. A site always requires access to a Microsoft SQL Server database. There are several types of SCCM 2007 sites. A SCCM 2007 site uses boundaries to determine the clients belonging to the site. Multiple sites can be configured into site hierarchies and connected such that you can manage bandwidth utilization between sites. A SCCM 2007 site is identified by the three-character code and the friendly site name configured during Setup and types of sites as follows.

Primary Sites-A primary site stores SCCM 2007 data for itself and all the sites beneath it in a SQL Server database.

Page 3: SCCM Short Notes

3

Secondary Sites-A secondary site has no SCCM 2007 site database. It is attached to and reports to a primary site. The secondary site is managed by a SCCM 2007 administrator running a Configuration Manager 2007 console that is connected to the primary site. The secondary site forwards the information it gathers from Configuration Manager 2007 clients, such as computer inventory data and Configuration Manager 2007 system status information, to its parent site. The primary site then stores the data of both the primary and secondary sites in the SCCM 2007 site database. The advantages of using secondary sites are that they require no additional SCCM 2007 server license and do not require the overhead of maintaining an additional database. Secondary sites are managed from the primary site it is connected to, so they are frequently used in sites with no local administrator present.

The disadvantage of secondary sites is that they must be attached to a primary site and cannot be moved to a different primary site without deleting and recreating the site. Also, secondary sites cannot have sites beneath (under) them in the hierarchy.

Parent Sites - A parent site is a primary site that has one ore more sites attached to it in the hierarchy. Only a primary site can have child sites. A secondary site is always a child site. A parent site contains pertinent information about its lower level sites, such as computer inventory data and SCCM 2007 system status information, and can control many operations at the child sites.

Child Sites-A child site is a site that is attached to a site above it in the hierarchy. The site it reports to is its parent site. A child site can have only one parent site. SCCM 2007 copies all the data that is collected at a child site to its parent site. A child site is either a primary site or a secondary site.

Central Site -A central site has no parent site. Typically, a central site has child and grandchild sites and aggregates all of their client information to provide centralized management and reporting. A site with no parent and no child site is still called a central site although it is also referred to as a standalone site. Central site to collect all of the site information for centralized management.

Site Systems: Each site contains one site server and one or more site systems. The site server is the computer where you install SCCM 2007 and it hosts services required for SCCM 2007. A site system is any computer running a supported version of Windows® or a shared folder that hosts one or more site system roles. A site system role is a function required to use SCCM 2007 or to use a feature of SCCM 2007. Multiple site roles can be combined on a single site system, including running all site roles on the site

Page 4: SCCM Short Notes

4

server, but this is usually appropriate only for very small and simple environments.

Site System Roles Management Point-The site system role that serves as the primary point of contact between SCCM 2007 clients and the Configuration Manager 2007 site server.

Server locator Point -A site system role that locates management points for SCCM 2007 clients.

Distribution Point-A site system role that stores packages for clients to install. Software Update Point-A site system role assigned to a computer running Microsoft Windows Server Update Services (WSUS).

Reporting Point-A site system role hosts the Report Viewer component for Web-based reporting functionality.

Fallback Status Point - A site system role that gathers state messages from clients that cannot install properly, cannot assign to a Configuration Manager 2007 site, or cannot communicate securely with their assigned management point.

PXE Service Point-A site system role that has been configured to respond to and initiate operating system deployments from computers whose network interface card is configured to allow PXE boot requests.

User State Migration Point-A site system role that stores user state data while a computer is being migrated to a new operating system.

How Site communicates?

Clients communicate with site systems hosting site system roles. Site systems communicate with the site server and with the site database. If there are multiple sites connected in a hierarchy, the sites communicate with their parent, child, or sometimes grandchild sites. Site Boundaries SCCM 2007 uses boundaries to determine when clients and site systems are in the site and outside of the site. Boundaries can be IP subnets, IP address ranges, IPv6 prefixes, and Active Directory sites. Two sites should never share the same boundaries. Assigning the same IP subnet, IP address range, IPv6 prefix or Active Directory site to two different sites makes it difficult to determine which clients should be managed in the site.

Inter-Site Communication: When you have separate sites, SCCM 2007 uses senders to connect the two sites. Senders have sender addresses that

Page 5: SCCM Short Notes

5

help them locate the other site. When sending data between sites, senders provide fault tolerance and bandwidth management.

Intra-site Communications: They use either server message block (SMB), HTTP, or HTTPS, depending on various site configuration choices you make. Because all of these communications are unmanaged, that is, they happen at any time with no consideration for bandwidth consumption, it is beneficial to make sure these site elements have fast communication channels.

Discovery Methods:

Active Directory System Discovery -Discovers details about the computer Active Directory System Group Discovery - Discovers details such as organizational unit, global groups, universal groups, and nested groups. Active Directory User Discovery-Retrieves Active Directory User Discovery Active Directory Security Group Discovery-Discovers security groups created in Active Directory. Heartbeat Discovery-Refresh Configuration Manager client computer discovery data in the site database. Network Discovery-Searches the network for resources that meet a specific profile, From router's ARP cache, SNMP agent and DHCP.

Each discovery method creates data discovery records (DDRs) for resources and sends them to the site database, even if the discovered resource is not capable of being a SCCM 2007 client. Active Directory User Discovery and Active Directory Security Group Discovery allow you to target software distribution packages to users and groups instead of computers.

Client Installation: SCCM 2007 provides several options for installing the client software. The following table lists the client computer installation methods.

Software update point installation -Uses the Automatic Update configuration of a client to direct the client computer to a WSUS computer configured as a SCCM 2007 software update point.

Client push installation -Uses an account with administrative rights to access the client computers and install the SCCM 2007 client software.

Page 6: SCCM Short Notes

6

Manual client installation -A user with administrative rights can install the client software by running CCMSetup on the client computer. A variety of switches modify the installation options.

Group Policy installation -Uses Group Policy software installation to install CCMSetup.msi.

Imaging -The client software can be added to an image, including images created and deployed with SCCM 2007 operating system deployment.

Software Distribution -Existing clients can be upgraded or redeployed using SCCM 2007 software distribution.

Mobile devices use different installation methods Client Assignment Clients must be assigned to a site before they can be managed by that site. Clients can be assigned to a site during installation or after installation. Assigning a client involves either telling it a specific site code to use, or configuring the client to automatically assign to a site based on boundaries. If the client is not assigned to any site during the client installation phase, the client installation phase completes, but the client cannot be managed by SCCM 2007.

Clients cannot be assigned to secondary sites; they are always assigned to the parent primary site, but can reside in the boundaries of the secondary site, taking advantage of any proxy management points and distribution points at the secondary site. This is because clients communicate with management points and management points must communicate with a site database.

Secondary sites do not have their own site database, They use the site database at their parent primary site. Authenticating ClientsBefore SCCM 2007 trusts a client, it requires some manner of authentication. In mixed mode, clients must be approved, either by manually approving each client or by automatically approving all clients or all clients in a trusted Windows domain. In native mode, clients must be issued client authentication certificates prior to installing the SCCM 2007 client software.

Blocking Clients: If a client computer is no longer trusted, the Configuration Manager administrator can block the client in the SCCM 2007 console.

Client Agents: Client agents are SCCM 2007 components that run on top of the base client components. Computer Client Agent Properties-Configures how often client computers retrieve the policy that gives them the rest of their configuration settings.

Page 7: SCCM Short Notes

7

Device Client Agent Properties-Configures all of the properties specific to mobile device clients.

Hardware Inventory Client Agent-Enables and configures the agent that collects a wide variety of information about the client computer.

Software Inventory Client Agent-Enables and configures which files Configuration Manager inventories and collects.

Advertised Programs Client Agent-Enables and configures the software distribution feature.

Desired Configuration Management Client Agent-Enables the client agent that evaluates whether computers are in compliance with configuration baselines that are assigned to them.

Remote Tools Client Agent-Enables Configuration Manager remote control

Network Access Protection Client Agent-Enables Configuration Manager Network Access Protection

Software Metering Client Agent-Enables the agent that monitors which software is run

Software Updates Client Agent-Enables the agent that scans for and installs software updates on client computers.

Administrator Console: You can run the console from the site server or install additional consoles on your desktop or help desk computers to facilitate management. One console can manage many sites or many consoles can manage a single site. The SCCM 2007 console runs as a Microsoft Management Console (MMC) snap-in, although you must run SCCM 2007 Setup on the computer so that the snap-in is available.

Collections: Collections represent groups of resources and can consist not only of computers, but also of Microsoft Windows users and user groups as well as other discovered resources. Collections provide you with the means to organize resources into easily manageable units, enabling you to create an organized structure that logically represents the kinds of tasks that you want to perform.

Inventory: Hardware inventory gives you system information Software inventoried file types and versions present on client computers

Page 8: SCCM Short Notes

8

Queries: It uses WBEM query language (WQL) to query the site database. Query results are returned in the SCCM 2007 console, where they can be exported using the MMC export list feature.

Reporting: Reporting is a supporting feature to many other SCCM 2007 features. Reports are returned in Web pages in the browser. With reporting you can create reports that show the inventory you have collected or the software updates successfully deployed. You can also create dashboards, which combine several different views of information. Several pre-created reports are available to support common reporting scenarios. For more information about the reports provided for each feature, see the feature documentation.

Software distribution: Software distribution allows you to push just about anything to a client computer. Packages in software distribution can contain source files to deploy software applications and commands called programs that tell the client what executable file to run. A single package can contain multiple programs, each configured to run differently. Packages can also contain command lines to run files already present on the client, without actually containing additional source files.

Software updates: The software updates feature provides a set of tools and resources that can help manage the complex task of tracking and applying software updates to client computers in the enterprise. Software updates in SCCM 2007 requires a Windows Server Update Services (WSUS) server to be installed and uses that to scan the client computers for applicable software updates.

The administrator views which updates are needed in the environment and creates packages and deployments containing the source files for the software updates. Clients then install the software updates from distribution points and report their status back to the site database.

Software metering: Software metering enables you to collect and report software program usage data. The data provided by these reports can be used by many groups within the organization such as IT and corporate purchasing.Software metering in SCCM 2007 supports the following scenarios:Identify which software applications are being used, and who is using them.Identify the number of concurrent usages of a specified software application.Identify actual software license requirements.Identify redundant software application installations.Identify unused software applications which could be relocated.

Mobile Device management: Mobile devices are supported as SCCM 2007 clients. For documentation purposes, mobile clients are treated as a separate feature. Mobile clients can run a subset of SCCM 2007 features such as

Page 9: SCCM Short Notes

9

inventory and software distribution, but cannot be managed by remote control and cannot receive operating system deployments like desktop clients.

Operating system deployment: Operating system deployment enables you to install new operating systems and software onto a computer. You can use operating system deployment to install operating system images to new or existing computers as well as to computers with no connection your SCCM 2007 site. By using task sequences and the driver catalog operating system deployment streamlines new computer installations by allowing you to install software using one dynamic image that can be installed on different types of computers and configurations. Operating system deployment provides the following solutions for deploying operating system images to computers:Provide a secure operating system deployment environment.Assist with managing the cost of deploying images by allowing one image to work with different computer hardware configurations.Assist with unifying deployment strategies to help provide a solid deployment foundation for future operating system deployment methods.Desired configuration managementDesired configuration management enables you to define configuration standards and policies, and audit compliance throughout the enterprise against those defined configurations.

Best practices configurations can be used from Microsoft and vendors in the form of Microsoft System Center SCCM 2007 Configuration Packs. These Configuration Packs can then be refined to meet customized business requirements. Additionally, desired configuration management supports an authoring environment for customized configurations.This feature is designed to provide data for use by many groups within the organization, including IT and corporate security.

Desired configuration management supports the following scenarios:

Detect production server configuration drift and confirm provisioned servers meet expected build requirements. Provide the help desk with probable cause information, reducing the time-to-resolve (TTR) of incidents and provide probable cause analysis for problems Report compliance with regulatory policies, and in-house security policies Provide change verification and tracking

Remote tools: Remote tools in SCCM 2007 includes the remote control feature which allows an operator with sufficient access rights the ability to remotely administer client computers in the SCCM 2007 site hierarchy.

Page 10: SCCM Short Notes

10

Network Access Protection: Network Access Protection (NAP) is a policy enforcement platform built into the Windows Vista and Windows Server® 2008 operating systems that helps you to better protect network assets by enforcing compliance with system health requirements. You can configure DHCP Enforcement, VPN Enforcement, 802.1X Enforcement, IPSec Enforcement, or all four, depending on your network needs.

Wake On LAN: The Wake On LAN feature helps to achieve a higher success rate for scheduled SCCM 2007 activities, reducing associated network traffic during business hours, and helps organizations to conserve power by not requiring computers to be left on for maintenance outside business hours.Wake On LAN in SCCM 2007 supports the following scenarios:Sending a wake-up transmission prior to the configured deadline for a software update deployment.Sending a wake-up transmission prior to the configured schedule of a mandatory advertisement, which can be for software distribution or a task sequence.

Security Modes: There are two security modes in SCCM 2007.Native mode is the recommended site configuration for new SCCM 2007 sites because it offers a higher level of security by integrating with a public key infrastructure (PKI) to help protect client-to-server communication. PKIs can help companies meet their security and business requirements, but they must be carefully designed and implemented to meet the current and future needs. Installing a PKI solely to support SCCM 2007 operations could fulfill certain short term goals but could hamper a more extensive PKI rollout to support other applications at a later time. If your organization already has a well-designed, industry-standard PKI, SCCM 2007 should be able to use certificates from the existing PKI.

Backup and Recovery: Like any enterprise software, your site should be backed up to provide recoverability in case of unexpected events. Backing up a SCCM 2007 site involves backing up the database, the file system, and the registry all at the same point in time - backing up just one of these elements is not sufficient to restore a working site. SCCM 2007 uses the Volume Shadow Copy Service (VSS) to take small, frequent snapshots of the necessary components, making it easier to restore a failed site. The Site Repair Wizard walks you through the necessary steps to complete the site recovery.

Q. Can a site have more than one default management point?

A. No. You can configure more than one management points in a site, but only one of those management points can be configured as the default management point to support intranet clients in the site.

Page 11: SCCM Short Notes

11

If you are concerned about performance, you can configure more than one management point, configure them to be part of a Network Load Balancing (NLB) cluster, and them configure the NLB cluster as the default management point.

Q. Can a secondary site have child sites?

A. No. A secondary site cannot have a primary or secondary site reporting to it. Secondary sites are always child sites to a primary site.

Q. Can you install the Configuration Manager client components without discovering the computer first?

A. Yes. Client Push Installation is the only client installation method that requires clients to be discovered first.

Q. Does Configuration Manager 2007 mixed mode require a public key infrastructre (PKI)?

A. No. Configuration Manager 2007 native mode requires a PKI, but Configuration Manager 2007 does not. PKI authentication helps provide a greater level of security, but Configuration Manager 2007 does not help you install or configure the PKI infrastructure. If you do not already have the expertise to install and configure the PKI infrastructure, you can start with mixed mode and then change to native mode later.

Q. Can computers show up in the Configuration Manager console before they have the Configuration Manager client installed?

A. Yes. If you use a discovery method, Configuration Manager can find many resources and create data discovery records (DDRs) for them, and those DDRs are stored in the database. However, you cannot use Configuration Manager features such as software distribution, software updates management, and inventory until you install the client components.

Q. Can you assign clients to a secondary site?

A. If you have a secondary site, the client must be assigned to the primary parent of the secondary site. However, Configuration Manager knows how to manage clients at the child secondary site. If there is a distribution point at the secondary site that has the content the clients need, the clients will probably get the content

Page 12: SCCM Short Notes

12

from the local distribution point instead of crossing the WAN link to the primary site.

Q. Can Configuration Manager 2007 be used to package software for distribution?

A. No. Configuration Manager 2007 delivers command lines to clients and can force those command lines to run with administrative rights using the Local System account. Configuration Manager 2007 command lines can be batch files, scripts, Windows Installer files with .msi extensions, executable files – any file that the operating system can run, Configuration Manager 2007 can distribute. However, Configuration Manager 2007 does not actually package any software for distribution.

1. What is the process behind the client installation or How does the Client push installation works ?

When SMS discovers the client computer and then generates a client configuration request (CCR) file. The CCR file contains the client computer name and additional information.

The SMS Client Configuration Manager connects to the ADMIN$ share on the client. This is based on the information in the CCR file.

The Client Configuration Manager connects to the client registry and gathers information about the client. This process is displayed as a log entry in the Ccm.log as connecting to IPC$.

The SMS core component files, MobileClient.tcf and Ccmsetup.exe, are located in the SMS\bin\I386\ folder. These files are downloaded to the %windir%\System32\ccmsetup folder on the client computer.

The Client Configuration Manager verifies that the Ccmsetup service started successfully before disconnecting. The CCR file is added to the SMS\Inboxes\Ccrretry.box folder for verification that the installation succeeded. On a second verification pass, SMS determines that the SMS Agent Host is running, and then deletes the CCR file.

If the Client Configuration Manager encounters any errors during this process, the CCR file is renamed to the name of the target client computer and is put in the SMS\Inboxes\Ccrretry.box folder. The Client Configuration Manager checks for files in this inbox folder every 60

Page 13: SCCM Short Notes

13

minutes and tries to reprocess them 168 times (7 days) before they are discarded. This information is logged in the Ccm.log.

For more information look at here http://support.microsoft.com/kb/9252822.

what is .mif files and where do u see such type of file. What u will find when u open .mif file and how it is named (is there thumb rule for this). ?

It is Management information file and it collects information about the client’s inventory and processed into Database. It contains Machine name, Inventory date and its classes also GUID.

Management Information Format (MIF) files can be used to extend hardware inventory information collected from clients by the Configuration Manager 2007 hardware inventory client agent. During hardware inventory, the information stored in MIF files is added to the client inventory report and stored in the site database, where you can use the data in the same ways that you use default client inventory data. Two MIF files can be used when performing client hardware inventories: NOIDMIF and IDMIF.

By default, NOIDMIF and IDMIF file information is not inventoried by Configuration Manager 2007 sites. To enable NOIDMIF and IDMIF file information to be inventoried, NOIDMIF and IDMIF collection must be enabled. You can choose to enable one or both types of MIF file collection for Configuration Manager 2007 sites on the MIF Collection tab of the hardware inventory client agent properties. For more information about enabling MIF collection for Configuration Manager 2007 sites during hardware inventory, see Hardware Inventory Client Agent Properties: MIF Collection Tab.

Important

Configuration Manager 2007 creates new tables or modifies existing tables in the site database to

accommodate the properties in IDMIF and NOIDMIF files. However, IDMIF and NOIDMIF files are not

validated, so they could be used to alter tables that you do not want altered. Valid data could be

overwritten by invalid data. Large amounts of data could be loaded, causing delays in all Configuration

Manager 2007 functions. To mitigate this risk, you should enable IDMIF and NOIDMIF collection only

when needed.

NOIDMIF Files

Standard MIF files used in Configuration Manager 2007 hardware inventory are called NOIDMIF files. NOIDMIF files do not contain a unique identifier for the data. Configuration

Page 14: SCCM Short Notes

14

Manager 2007 automatically associates NOIDMIF file data with the client that the NOIDMIF file is collected from when reporting inventory information.

Note

NOIDMIF files themselves are not sent to the site server during a client hardware inventory cycle. The information contained within the NOIDMIF file is collected and added to the client inventory report.

If the classes defined in an inventoried NOIDMIF file do not already exist in the Configuration Manager 2007 site database, new inventory class tables are created in the site database to store the inventoried information. Subsequent inventories will inventory the data stored in the NOIDMIF file and update the existing inventory data for the client in the site database. If the NOIDMIF file is removed from the client, all the classes and properties relating to the NOIDMIF file are deleted from the current inventory information for the client in the site database.

In order for NOIDMIF file information to be inventoried by default, the NOIDMIF file must be stored in the following directory on Configuration Manager 2007 clients:

%Windir%\System32\CCM\Inventory\Noidmifs

IDMIF Files

Custom MIF files, called IDMIF files, can also be used in Configuration Manager 2007 hardware inventory. IDMIF files contain a unique ID and are not associated with the computer they are collected from. IDMIF files can be used to collect inventory data about devices that are not Configuration Manager 2007 clients; for example, a shared network printer, DVD player, photocopier, or similar equipment that is not associated with a client-specific computer.

When IDMIF collection is enabled for a site, IDMIF files are only collected if they are within the size limit specified for custom MIF files defined in the General tab of the hardware inventory client agent properties. For more information about specifying maximum custom MIF file size, see Hardware Inventory Client Agent Properties: General Tab.

Important

Page 15: SCCM Short Notes

15

Because IDMIF files are not associated with a Configuration Manager 2007 client, they are collected by the hardware inventory client agent and sent to the site server along with the client hardware inventory report. Depending on the maximum custom MIF size specified for the site, IDMIF collection may cause increased network bandwidth usage during client inventories and should be planned for before enabling IDMIF file collection.

IDMIF files are identical to NOIDMIF files, with these exceptions:

IDMIF files must have a delta header that provides architecture, and a unique ID. NOIDMIF files are automatically given a similar header by the system during processing on the client.

IDMIF files must include a top-level group with the same class as the architecture being added or changed, and that group must include at least one property.

Like NOIDMIF files, IDMIF files have key properties that must be unique. Any class that has more than one instance must have at least one key property defined, or subsequent instances overwrite previous instances.

Removing IDMIF files from clients does not cause the associated data in the site database to be deleted during subsequent hardware inventories.

IDMIF file information is not added to client inventory reports and the files themselves are sent across the network to be processed at the site server.

In order for IDMIF file information to be inventoried by default, the IDMIF file must be stored in the following directory on Configuration Manager 2007 clients:

%Windir%\System32\CCM\Inventory\Idmifs

Management Information Format (MIF file) is a format used to describe a hardware or software component. MIF files are used by Desktop Management Interface (DMI) to report system configuration information. Although MIF is a system-independent format, it is used

Page 16: SCCM Short Notes

16

primarily by Windows systems. To install a new device in a Windows 95 system, the corresponding MIF file is needed.

SCCM can use MIF files to determine the success or failure of an installation. After a program has finished executing, SCCM will look in the %windir% and %temp% directories for new MIF files (created after the time of the program execution start) and then match them on any or all of the following criteria:

•Name of the MIF file (only need to specify the name portion, leaving off the “.MIF”, in package properties)

•Publisher

•Name

•Version

3.what is Dataldr ? what is the default period of deleting the badmif ?

This folder stores corrupted .mif files for hardware inventory or custom IDMIF files. A backlog of files may indicate a bad custom MIF file or that a client computer cannot transfer the file correctly. SMS automatically deletes all files in the \Badmifs folder that are older than 14 days.

4.What is DDR ?what is period of deletiong bad DDr?

This folder stores .ddr files that are corrupted. A backlog of files may indicate a network corruption problem or a problem with the DDM. SMS automatically deletes .ddr files that are older than 25 hours

5.How will u come know that,data received from child or parent sites ?

\Despoolr.box\Receive – This folder stores the data that is received from a child SMS site or a parent SMS site. Typically, files are processed and moved as soon as SMS receives the instruction file (.ins file).

6.What is inventory folder ? and how will it process the files?

This folder temporarily stores hardware inventory files from CAPs after clients transfer their hardware inventory to the CAP. The Inventory

Page 17: SCCM Short Notes

17

Processor converts the .nhm file to a binary .mif file and then moves the file to the \Dataldr.box folder.

7.What is replmgr folder and how it process the files?

This folder receives files from the SMS despooler after processing files from other SMS sites. The SMS Replication Manager determines whether the file is transaction-oriented and then verifies that the serial numbers are correct. If the file is not transaction-oriented, no additional verification is performed. The Replication Manager transfers the file to the recipient component for final processing.

8.what is mobileclient.tcf file and what is the use of it ?

It is located in SMS_sitecode/bin/i386 folder and it is mainly used for the installation of SMS client. When we install the sms client, it first gets sms core components files, mobileclient.tcf and ccmsetup.exe and downloaded to system32\ccmsetup folder.Mobileclient.tcf file contains information about ccmsetup,network access account,server path for sms server client,and also about the sitecode information i.e sitecode,log file size,MP,port number also about auto sitecode and subnets.

9.How you troubleshoot Newly discovered client computers are not assigned to the current site ?

This issue typically occurs when the SMS site boundaries are configured incorrectly, or the site boundaries do not align with the type of discovery data that has been gathered. If this is the case, no CCR files are created for the client computers by the SMS Discovery Data Manager, and the installation process does not occur.

10. What are the possible causes that, I am unable to install sms client via SMS client push installation method?

The network path was not found.

Error code 53 is usually preceded by the following error message:

000004b3 – “No network provider accepted the given network path.”

This log entry may occur before the error 53, or there may be additional information between this log entry and error 53 in the log file.This issue may occur when one or more of the following conditions are true:

Page 18: SCCM Short Notes

18

• There are network connectivity problems.

• There are name resolution issues with, for example, Windows Internet Name Service (WINS) or Domain Name System (DNS).

• The Remote Registry service is disabled on the client computer.

• The Microsoft Windows XP or Microsoft Windows Server 2003 firewall is blocking communications between the SMS Advanced Client and the SMS site server.

• The Server service on the client is not started.

• File and Printer Sharing for Microsoft Networks is not installed on the client computer.

Note If File and Printer Sharing for Microsoft Networks is not installed on the client, you receive the following error message:

Error 67 – The network name cannot be found.

11.How will you come to know that, The SMS Advanced Client Push Installation account is configured incorrectly or is missing or is locked out ?

When this issue occurs, an error code 5 message appears in the Ccm.log file on the site server. In the following example, Computer is the computer name of the SMS Advanced Client computer:

Attempting to connect to administrative share ‘\\COMPUTER1\Admin$’ using account ‘domain\account’WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account domain\account (0000052e)LogonUser failed (LOGON32_LOGON_INTERACTIVE) using account domain\account (0000052e)ERROR: Unable to connect to remote registry for machine name “Computer“, error 5.ERROR: Unable to access target machine for request: “Computer“, machine name: “Computer“, error code: 5

Note Error code 5 is an Access Denied error.

Solution The Advanced Client Push Installation account must have administrative credentials on the computers where you want to install the SMS Advanced Client components.On all potential client computers, the Advanced Client Push Installation

Page 19: SCCM Short Notes

19

process requires that you grant administrator rights and permissions to either of the following accounts:

• The SMS Service account when the site is running in standard security mode

• The Advanced Client Push Installation accounts that you define

You can create multiple Advanced Client Push Installation Accounts. Clients that are not members of a domain cannot authenticate domain accounts. For clients that are not members of a domain, you can use a local account on the client computers.For example, if you set up a standard account on each computer for administrative purposes, and all the accounts have the same password, you can define an Advanced Client Push Installation account as %machinename%\account.

13.How do u check what is SMS site server name and site domain and all of its configurations about what features that have been selected at the time of installation ?

We can look at sms setup.log file to know above information.

How do u check whether the client is able to talk with MP or not?

Ans : http://NAME:80/SMS_MP/.sms_aut?MPLIST Gives blank pagehttp://NAME:80/SMS_MP/.sms_aut?MPCERT gives some random numbers

What is the difference between status messages and state messages?

Status –>provide information about components behavior and data flow

State—> provide snapshot of state of process at specific time

What are SCCM site servers Roles?

Site Server - The server on which you install the SCCM software.

Site Database Server - The server running SQL and hosting the SCCM Site Database (only required for Primary Sites)

Page 20: SCCM Short Notes

20

Configuration Manager Console - The interface for administering SCCM. Installed by default on Primary Site Servers this role can also be installed on workstations to allow remote administration.

SMS Provider - The intermediate Windows Management Instrumentation (WMI), layer that sits between the Configuration Manager Console and the Site Database (the Configuration Manager Console accesses the Site Database via the SMS Provider). Only required for Primary Sites.

Component Server - All SCCM Site System roles (except for the Distribution Point (DP)), requires SCCM-specific software to be installed in order for the Site System role to function.  When such software is installed on a computer that computer becomes a Component Server.

Distribution Point (DP) - Stores SCCM Packages from where Clients can access them to install them.  Only required for the Software Distribution, Software Updates, and Advertised Task Sequences functions of SCCM.

[NEW] Fallback Status Point - A “catch all” Site System for Clients that cannot be installed because of various issues such as assignment, or their inability to communicate with their Management Point (MP).  Not required by default, but recommended to help with Client installation issues.

Management Point (MP) - SCCM Clients do not communicate directly with the SCCM Site Server and vice versa.  Instead all communication is facilitated via the Management Point.  A Default Management Point needs to be defined in every Site that has Intranet Clients.

[NEW] Pre-boot Execution Environment (PXE) Service Point - The Site System that responds to any computers requesting deployment of their Operating System (OS), via a PXE request.  Only required if Operating System Deployments (OSD), are going to take place using PXE boot requests.

Reporting Point (RP) - Hosts the Report Viewer component that provides the web-based reporting functionality of SCCM. Only required if Reports need to be run on a particular Primary Site.

Server Locator Point (SLP) -  Responsible for informing SCCM Clients which MP they should access in order to install the SCCM Client software. Only required in some Client Deployment scenarios.

[NEW] Software Update Point (SUP) - Assigned to the computer running Windows Server Update Services (WSUS).  Only required if the Software Updates feature is going to be used.

Page 21: SCCM Short Notes

21

[NEW] State Migration Point (SMP) - Stores the user’s state migration data when a computer’s OS is migrated.  Only required if the OSD feature is going to be used.

[NEW] System Health Validator Point (SHVP) - This role is assigned to the computer running the Network Policy Service.  Only required if the Network Access Protection (NAP) feature is going to be used.

Package distribution process flow?

Software Distribution Package Creation and Distribution Flowchart

Flowchart showing the Microsoft System Center Configuration Manager 2007 process for package

creation and distribution

The following flowchart shows the process for Microsoft System Center Configuration Manager 2007 package creation and distribution.

The following flowchart shows the process for Microsoft System Center Configuration Manager 2007 package creation and distribution.

The following flowchart shows the process for Microsoft System Center Configuration Manager 2007 package creation and distribution.

1. Software Distribution Package Creation and Distribution Flowchart

2. Software Distribution Advertisement Flowchart

3. Client Program Download Request Flowchart

Page 22: SCCM Short Notes

22

What is SMS provider?

The SMS Provider is a WMI provider that allows both read and write access to the Configuration Manager 2007 site database. The SMS Provider is used by the Configuration Manager console, Resource Explorer, tools, and custom scripts used by Configuration Manager 2007 administrators to access site information stored in the site database. The SMS Provider also helps ensure that Configuration Manager 2007 object security is enforced by only returning site information that the user account running the Configuration Manager console is authorized to view

Important If the SMS Provider computer is offline, all Configuration Manager 2007 consoles for the site will not function.

The SMS Provider NamespacesA WMI schema exists to describe the structure of the SMS Provider. Schema namespaces describe the location of Configuration Manager 2007 data within the SMS Provider schema. The following table contains the common namespaces used by the SMS Provider

Namespace Description

Root\SMS\site_<site code>The SMS Provider, which is extensively used by the Configuration Manager 2007 console, Resource Explorer, Configuration Manager 2007 tools, and scripts.

Root\SMS\SMS_ProviderLocation Provides the location of the SMS provider server for a site.

Root\CIMv2 Location inventoried for WMI namespace information during hardware and software inventory.

Root\CCM Configuration Manager 2007 client configuration policies and client data.

root\CIMv2\SMS

Location of inventory reporting classes that are collected by the inventory client agent. These settings compiled by clients during computer policy evaluation and are based on the contents of the SMS_def.mof file.

Page 23: SCCM Short Notes

23

SCCM 2007 client agent deployment using Software updates

Sccm 2007 has a new client deployment method called Software update point based client installation. The idea behind Software update point based client installation is to publish the Sccm 2007 client as a critical update, and hence its name is installed from the Software update point. Most of you will probably now that Software Update management in Sccm 2007 integrates with Wsus 3.0 Sccm 2007 relies on Wsus to synchronize the catalog and to scan clients, but that’s food for another post.

Why?

Why does Sccm 2007 require a new installation method? What was wrong with the previous installation methods we had in sms 2003? To be honest, not much, but they all had their drawbacks. Let’s just have a look at each of the installation methods and their drawbacks before we continue and see what Software update point based installation has in store for us.

Manual installation: This installation method lacks automation and requires the end-user to be a local administrator on the machine which is obviously a big NONO security wise.

Login script installation: Lacks from the same security issue as manual installation and is by consequence a NOGO.

Software Distribution based installation: Good installation method but this is often a chicken or egg kinda problem, you already need to have a software distribution mechanism out there for this to work.

Client Push Installation (Wizard): Great installation method but it has some requirements that could prove to be problematic in a real secure environment. It requires remote local admin privileges which is usually fine. But it also requires remote registry and access to the admin$ share. A secure environment should have file and print sharing disabled on desktops or laptops, or at the very least have them blocked by a personal firewall.

GPO based installation: Nice installation method with very modest requirements on the machine to be installed, but it suffers from its own drawbacks. The main problem with GPO based installation is that it is end-user driven. GPO’s software installation only happens at logon or after a restart. Both events normally only happen after the end-user gave their user name and password or powered on the machine. If you have pesky users that just close their laptop lid in the evening and open it back up the next morning then your out of luck with gpo’s. With today’s more stable os’s like Windows XP and Windows Vista It could take a pretty long time before the machine actually needs to be rebooted on the lan.

Page 24: SCCM Short Notes

24

Software update based client installation: Superb installation method that mixes the benefits of GPO based installation with those of software distribution based installation. In other words it has pretty low requirements on the target machine, even lower as software distribution based installation as it does not require a software distribution solution in place and doesn’t require the target machine to be in active directory. (You’ll need a different way than adm templates to set the registry keys though). On top of that it offers a Schedule based installation which eliminates the end-user initiated drawback of gpo’s. By the way if you install a newer version of the SCCM 2007 beta or install a Service pack after RTM you will be able to update your publication so that you can use this method to easily upgrade your existed install base to the new version.

How?

How do you get this to work? Remarkably easy actually.

STEP 1 Configure the Windows Update agent GPO:

1. Open a GPO

2. Go to Computer configuration\Windows Components\Windows Update

3. Configure the Configure automatic updates option, Set it to auto download and shedule the install

4. Choose your own schedule

5. Configure the Specify intranet microsoft update service location

6. Configure both options with the value http://Wsusserver

STEP 2 Import the SCCM-2007 adm template: 

Download the adm template to configure SCCM 2007 client installation command line parameters http://www.blogcastrepository.com/files/folders/documents/entry15469.aspx

7. Open a GPO

8. In Computer Configuration Right-click on Administrative templates

9. Browse to the SCCM-2007 and add the template.

10. Go to Computer configuration\Windows Components\SCCM 2007\Software Update point client installation

11. Configure the command line with the parameters you want.

STEP 3 Publish the SCCM 2007 client (As documented in the SCCM 2007 help file)

Page 25: SCCM Short Notes

25

To publish the Configuration Manager 2007 client to the WSUS server:

1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Site Management / <site code> – <site name> / Site Settings / Client Installation Methods.

2. Right-click Software Update Point Client Installation, and click Properties.

3. To enable client installation, select the Enable Software Update Point Client Installation check box.

4. If the client software on the Configuration Manager 2007 site server is newer than that stored on the software update point, the Upgrade Client Package Version dialog box will open. You should click yes in this dialog box to publish the most recent version of the client software to he software update point.

5. To finish configuring the software update point client installation, click ok

Does status message descriptions are stored in SQL?

Ans: No, They are stored inside the server’s DLL files as Windows message table resources.

If you open climsgs.dll with a tool like Resource Hacker or CFF Explorer, you’ll see the message table resource and all the status message descriptions stored inside it.

A reasonable way to do this would be to download the status message spreadsheet from the Microsoft web site, and upload it into your own SQL table in the site database.

Page 26: SCCM Short Notes

26

Page 27: SCCM Short Notes

27

Page 28: SCCM Short Notes

28

Page 29: SCCM Short Notes

29

Page 30: SCCM Short Notes

30

Page 31: SCCM Short Notes

31