Configure Reporting Services
Before configuring the reporting point, some configuration needs to be made on the SQL side. The virtual instance needs to be created for SCCM to connect and store its reports.
If you installed Reporting Services during the installation of the SQL Server instance, SSRS will be configured automatically for you. If you install SSRS later, then you will have to go back and configure it as a subsequent step.
To configure, Open Reporting Services Configuration Manager
- Click Connect to connect to the SQL instance
- On the left-hand side of the Reporting Services Configuration Manager, click Database.
- Click the Change Database button
- Select Create a new report server database and click Next
This wizard creates two databases: ReportServer, used to store report definitions and security, and ReportServerTempDB which is used as scratch space when preparing reports.
- Click the Web Service URL tab
- Click Apply
This step sets up the SSRS web service. The web service is the program that runs in the background that communicates between the web page, which you will set up next, and the databases.
- Select the Report Manager URL
- Accept the default settings and click Apply.
If the Apply button was already grayed out, this means the SSRS was already configured. This step sets up the Report Manager web site where you will publish reports
Exit Reporting Service Configuration Manager.
How to Create Custom Client Device Settings
When you deploy a custom client settings, they override the Default Client Settings.
Before you begin, ensure that you created a collection that contains the devices that require these custom client settings.
For our blog post, we will set the Client Policy polling interval to 15 minutes.
- Open the SCCM console
- Go to Administration / Client Settings
- On the top ribbon, click Create Custom Client Device Settings
- In the Create Custom Device Settings page, specify a name for the custom settings and description
- Select one or more of the available settings. We will select Client Policy
- On the left pane, Client Policy will be displayed, click on it
- We will set the Client Policy polling interval to 15 minutes
- Click Ok
- Your newly created setting will be displayed in the console
SCCM Service Connection Point Installation
The SCCM 1511 installation or upgrade wizard will ask to install the Service Connection Point. If you select to skip the role installation, you can manually add it to SCCM using the following steps.
- Go to Administration / Site Configuration / Servers and Site System Roles
- Right-click the Site System you wish to add the role
- Click Add Site System Role in the Ribbon
- On the General tab, click Next
- On the Proxy tab, click Next
- On the Site System Role tab, select Service Connection Point and click Next
- On the Service Connection Mode, select the desired option :
- In Online mode, the Service Connection Point automatically downloads updates that are available for your current infrastructure and product version, making them available in the SCCM console
- In Offline mode, the Service Connection Point does not connect to the Microsoft cloud service and you must manually use the service connection tool when your Service Connection Point is in Offline mode to import available updates
- On the Summary screen, wait for the setup to complete and close the wizard
Обзор архитектуры System Center 2012 Configuration Manager Роли
Стандартные роли
• Site server
• Site system
• Component server
Дополнительные роли
• Certificate registration
point
• Distribution point
• Site database server
• Management point
• SMS Provider: не
отображается в консоли
• Software update point
• Reporting services point
• State migration point
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
8
More SCCM Ressources
System Center Dudes offers numerous
configurations guides and custom reports to ease your Configuration Manager
day-to-day operations.
Consult our product page to see the complete list.
That conclude this SCCM Installation Guide, we hope that it was hepful. Feel free to leave your comment in the section below.
ДРУГИЕ ФУНКЦИИ
»
Управление параметрами соответствия (Compliance)
»
Управление мобильными устройствами (Mobile Device Management)
»
Wake-on-LAN (WOL)
»
Управление электропитанием
ДРУГИЕ ФУНКЦИИ
64
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
Prerequisites
Using Windows Server 2012, the following features must be installed before the role installation:
Application Catalog web service point
Features:
- .NET Framework 3.5 SP1 and 4.0
WCF activation:
- HTTP Activation
- Non-HTTP Activation
IIS Configuration:
- ASP.NET (and automatically selected options)
- IIS 6 Management Compatibility
- IIS 6 Metabase Compatibility
Application Catalog website point
Features:
- .NET Framework 4.0
IIS Configuration:
- Common HTTP Features
- Static Content
- Default Document
- Application Development
- ASP.NET (and automatically selected options)
- Security
- Windows Authentication
- IIS 6 Management Compatibility
- IIS 6 Metabase Compatibility
SCCM Application Catalog Installation
For this post, we will be installing both roles on our stand-alone Primary site using HTTP connections. If you split the roles between different machines, do the installation section twice, once for the first site system (selecting Application Catalog web service point during role selection)and a second time on the other site system (selecting Application Catalog website point during role selection).
- Open the SCCM console
- Navigate to Administration / Site Configuration / Servers and Site System Roles
- Right-click your Site System and click Add Site System Roles
- On the General tab, click Next
- On the Proxy tab, click Next
- On the Site System Role tab, select Application Catalog web service point and Application Catalog website point, click Next
- On the Application Catalog Web Service Point
- In the IIS Website and Web application name fields,leave both to the default values
- This is just the name that you’ll see in IIS after the installation (see next screenshot). It has nothing to do with your user facing portal
- Enter the port and protocol that you want to use
- On the Application Catalog WebSite Point
- In the IIS Website keep the default value
- In Web application name, enter the name that you want for your Application Catalog. This is the URL that will be published to your users
- Enter the port and protocol that you want to use
- On the Application Catalog Customizations tab, enter your organization name and the desired colour for your website
- On the Summary tab, review your settings, click Next and complete the wizard
Verification and Logs files
You can verify the role installation in the following logs:
- ConfigMgrInstallationPath\Logs\SMSAWEBSVCSetup.log and awebsvcMSI.log – Records details of about the Application Catalog Web Service Point installation
- ConfigMgrInstallationPath\Logs\SMSPORTALWEBSetup.log and portlwebMSI.log – Records details of about the Application Catalog Website Point installation
In the console :
- Open the SCCM Console
- Go to Monitoring / System Status / Component Status
- See status of the components SMS_PORTALWEB_CONTROL_MANAGER and SMS_AWEBSVC_CONTROL_MANAGER
Web browser
Verify that the Application Catalog is accessible :
- Open a web browser
- Browse to http://YourServerName/CMApplicationCatalog
- Replace YourServerName with the server name on which you installed the Application Catalog Website Point
- Replace CMApplicationCatalog with the name that you give your Application Catalog. (Default is CMApplicationCatalog)
If everything is set up correctly, you’ll see a web page like this :
URL Redirection
The default URL to access the Application Catalog is not really intuitive for your users.
It’s possible to create a DNS entry to redirect it to something easier (ex: http://ApplicationCatalog)
The following Coretech article describe how to achieve that.
Client Settings
Ensure that the client settings for your clients are set correctly to access the Application Catalog
- Open the SCCM Console
- Go to Administration / Client Settings
- Right-click your client settings and select Properties
- On the left pane, select Computer Agent
- Click the Set Website button and select your Application Catalog (the name will be automatically populated if your Application Catalog is installed)
- Select Yes on both Add Default Application Catalog website to Internet Explorer trusted site zone and Allow Silverlight application to run in elevated trust mode
- Enter your organisation name in Organisation name displayed in Software Center
That’s it, you’ve installed your SCCM Application Catalog, publish the link to your user and start publishing your applications.
Сценарии установки ОС
«Чистая» установка ОС – установка операционной системы с форматированием и
переразбиением жестких дисков. Все данные на дисках затираются.
Переустановка ОС с сохранением пользовательских данных и настроек – ОС
переустанавливается, но данные и настройки сохраняются. Для сохранения и загрузки
пользовательских данных используются утилиты USMT (User State Migration Tools). С
помощью утилит осуществляется копирование заданных настроек и пользовательских
данных на специальный сервер хранения пользовательских данных, либо данные
остаются на компьютере, с использованием ссылок на данные (HardLinks).
Установка нового компьютера с миграцией пользовательских данных – сначала данные
сохраняются со старого компьютера, затем устанавливается ОС на новом компьютере,
после чего пользовательские данные загружаются на новый компьютер.
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
53
Distribution Point Monitoring
If you have multiple Distribution Points, I suggest you read our post on 8 ways to monitor your distribution points. This post explains in detail the various options to make sure that your DP is healthy.
You can also check our custom report about Distribution Point Monitoring to display all your DP status using a single click.
Active Directory System Discovery
Discovers computers in your organization from specified locations in Active Directory. In order to push the SCCM client to the computers, the resources must be discovered first. You can specify to discover only computers that have logged on to the domain in a given period of time. This option is useful to exclude obsolete computer accounts from Active Directory. You also have the option to fetch custom Active Directory Attributes. This is useful if your organization store custom information in AD. You can read our blog post concerning this topic.
- Open the SCCM Console
- Go to Administration / Hierarchy Configuration / Discovery Methods
- Right-Click Active Directory System Discovery and select Properties
- On the General tab, you can enable the method by checking Enable Active Directory System Discovery
- Click on the Star icon and select the Active Directory container that you want to include in the discovery process
- On the Polling Schedule tab, select the frequency on which you want the discovery to happen
- A 7-day cycle with a 5 minutes delta interval is usually fine in most environment
- On the Active Directory Attribute tab, you can select custom attributes to include during discovery
- This is useful if you have custom data in Active Directory that you want to use in SCCM
- On the Options tab, you can select to discover only accounts that have logged or updated their passwords since a specific number of days
- This is useful if your Active Directory isn’t clean. Use this to discover only good records
Архитектура Системы ФГУП «Почта России»
Варшавское шоссе, 37
РВЦ
Primary Site 3
Central Administration Site
Site Server
Domain Controller Certification Authority
Primary Site 1
Hierarchy Admin
Site Server
Database
Database
Primary Site 2
MP3.2
SUP3.1
DP3.1
DP3.2
MP3.1
Site Server Database
DP1.1
SUP1.1
MP1.2
DP1.2
MP1.1
MP2.2
DP1.3
SUP2.1
DP2.1
MP1.3
DP2.2
MP2.1
Public IP#1
УФПС 1
App
Admins
…….
УФПС 82
App
Admins
100 000 АРМ
КСПД Клиенты
DP
200-1000 АРМ
DMZ
Primary Site 2 Primary Site 3
Primary Site 1
Site Server Database
IP#2
IP#3
DP2.3
MP2.3
IP#4
DP3.3
MP3.3
IP#5
IP#6
https
50 000 АРМ
Интернет Клиенты
DP
200-1000 АРМ
~ 3 000 АРМ на УФПС
ОПС
Почтамт
1-5 АРМ
10-50 АРМ
1 Management Point = до 20 000 Клиентов
1 Software Update Point = до 40 000 клиентов
1 Distribution Point = до 2000 клиентов
1 SCCM Site = до 50 000 Клиентов
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
9
Отслеживание использования программного обеспечения (Software Metering)
Monitored
program
Monitored
program
Monitored
program
1
Software
Metering
Agent
3
2
4
When you enable the Software Metering Agent, it:
Site
1 Collects data each time a monitored program
runs and terminates
Server
2 Uploads data to the management point on a scheduled basis
3 Forwards data to the site server
4 Adds data to the site database
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
30
РАЗВЕРТЫВАНИЕ И УПРАВЛЕНИЕ ОБНОВЛЕНИЯМИ ПРОГРАММНОГО ОБЕСПЕЧЕНИЯ
»
Обзор обновлений ОС и некоторого ПО с помощью Configuration Manager
»
Особенности применения политики обновлений с помощью Configuration
Manager ФГУП «Почта России»
РАЗВЕРТЫВАНИЕ И УПРАВЛЕНИЕ
44
ОБНОВЛЕНИЯМИ ПРОГРАММНОГО ОБЕСПЕЧЕНИЯ
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
Part 10 – Enrollment Point Installation
We will describe how to install SCCM Current Branch Enrollment Point and Enrollment Proxy Point site system roles.
Role Description
The Enrollment Point uses PKI certificates for Configuration Manager to enroll mobile devices, Mac computers and to provision Intel AMT-based computers.
The Enrollment Proxy Point manages Configuration Manager enrollment requests from mobile devices and Mac computers.
This is not a mandatory site system but you need both Enrollment Point and Enrollment Proxy Point if you want to enroll legacy mobile devices, Mac computers and to provision Intel AMT-based computers. Since modern mobile devices are mostly managed using Windows Intune, this post will focus mainly on Mac computer enrollment.
Site System Role Placement in Hierarchy
The SCCM Enrollment Point and Enrollment Proxy Point are site-wide options. It’s supported to install those roles on a stand-alone or child Primary site. It’s not supported to install it on a Central Administration site or Secondary site.
You must install an SCCM Enrollment Point in the user’s forest so that the user can be authenticated if a user enrolls mobile devices by using SCCM and their Active Directory account is in a forest that is untrusted by the site server’s forest.
When you support mobile devices on the Internet, as a security best practice, install the Enrollment Proxy Point in a perimeter network and the Enrollment Point on the intranet.
Prerequisites
Beginning with System Center 2012 Configuration Manager SP2, the computer that hosts the SCCM Enrollment Point or Enrollment Proxy Point site system role must have a minimum of 5% of the computers available memory free to enable the site system role to process requests. When those site system role are co-located with another site system role that has this same requirement, this memory requirement for the computer does not increase, but remains at a minimum of 5%.
Using Windows Server 2012, the following features must be installed before the role installation:
Enrollment Point
Features:
- .NET Framework 3.5
- .NET Framework 4.5
- HTTP Activation (and automatically selected options)
- ASP.NET 4.5
- Common HTTP Features
- Default Document
- Application Development
- ASP.NET 3.5 (and automatically selected options)
- .NET Extensibility 3.5
- ASP.NET 4.5 (and automatically selected options)
- .NET Extensibility 4.5
- IIS 6 Management Compatibility
- IIS 6 Metabase Compatibility
Enrollment Proxy Point
Features:
- .NET Framework 3.5
- .NET Framework 4.5
- HTTP Activation (and automatically selected options)
- ASP.NET 4.5
IIS Configuration:
- Common HTTP Features
- Default Document
- Static Content
- Application Development
- ASP.NET 3.5 (and automatically selected options)
- ASP.NET 4.5 (and automatically selected options)
- .NET Extensibility 3.5
- .NET Extensibility 4.5
- Security
- Windows Authentication
- IIS 6 Management Compatibility
- IIS 6 Metabase Compatibility
SCCM Enrollment Point Installation
For this post we will be installing both roles on a stand-alone Primary site using HTTPS connections. If you split the roles between different machine, do the installation section twice, once for the first site system (selecting Enrollment Point during role selection)and a second time on the other site system (selecting Enrollment Proxy Point during role selection).
- Open the SCCM console
- Navigate to Administration / Site Configuration / Servers and Site System Roles
- Right click your Site System and click Add Site System Roles
- On the General tab, click Next
- On the Proxy tab, click Next
- On the Site System Role tab, select Enrollment Point and Enrollment Proxy Point, click Next
- On the Enrollment Point tab
- In the IIS Website and Virtual application name fields,leave both to the default values
- This is the names that you’ll see in IIS after the installation
- Enter the port number you want to use. The HTTPS setting is automatically selected and requires a PKI certificate on the server for server authentication to the Enrollment Proxy Point and for encryption of data over SSL. For more information about the certificate requirements, see PKI Certificate Requirements for Configuration Manager.
- In the IIS Website and Virtual application name fields,leave both to the default values
- On the Enrollment Proxy Point tab,
- The Enrollment point will be populated by default and can’t be changed
- Keep the Website name to it’s default value
- Enter the port and protocol that you want to use
- The Virtual application name can’t be changed. This will be used for client installation (https://servername/EnrollmentServer)
- On the Summary tab, review your settings, click Next and complete the wizard
Verification and Logs files
Logs
You can verify the role installation in the following logs:
- ConfigMgrInstallationPath\Logs\enrollsrvMSI.log and enrollmentservice.log – Records details of about the Enrollment Point installation
- ConfigMgrInstallationPath\Logs\enrollwebMSI.log – Records details of about the Enrollment Proxy Point installation
- ConfigMgrInstallationPath\Logs\enrollmentweb.log – Records communication between mobile devices and the Enrollment Proxy Point
That’s it, you’ve installed your SCCM Enrollment Point, follow this Technet Guide if you want to proceed to next steps for Mac computers enrollment
Варианты удаленного управления
Configuration
Manager
Radmin
TeamViewer
RDP
VNC
0$
$$$
$$$
0$
0$
КСПД АРМ
КСПД АРМ
КСПД\Интернет
АРМ
КСПД АРМ
КСПД АРМ
Подключение в
сеансы
Текущий сеанс
Текущий сеанс
Текущий сеанс
Переключение
сеанса
Текущий
сеанс
Запрос
разрешения от
пользователя
Да
Да
Да
Нет
Да
Уровень
безопасности
Высокий
Высокий
Низкий
Средний
Средний
Стоимость
использования
Управление АРМ
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
63
Строка установки клиента
CCMSetup.exe [свойства ccmsetup] [свойства установки client.msi]
Интернет-клиент:
ccmsetup.exe /UsePKICert CCMHOSTNAME=R00SCCMPS2MD1EX.main.russianpost.ru SMSSITECODE=PS2
SMSMP=https://R00SCCMPS2MD1EX.main.russianpost.ru FSP=R00SCCMPS1MD1EX.main.russianpost.ru CCMALWAYSINF=1
КСПД (с указанием серверов и сайта):
ccmsetup.exe /mp:R00SCCMPS2MP1.main.russianpost.ru SMSMP=R00SCCMPS2MP1.main.russianpost.ru SMSSITECODE=PS2
FSP=R00SCCMPS1MP1.main.russianpost.ru
КСПД(автоопределение сайта и серверов):
ccmsetup.exe SMSSITECODE=AUTO SMSMP=R00SCCMPS2MP1.main.russianpost.ru FSP=R00SCCMPS1MP1.main.russianpost.ru
КСПД(автонахождение серверов):
ccmsetup.exe SMSSITECODE=AUTO FSP=R00SCCMPS1MP1.main.russianpost.ru
Подробно о параметрах установки написано в документации по адресу
https://technet.microsoft.com/ru-ru/library/gg699356.aspx
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
22
Установка клиента на компьютерах ФГУП «Почта России»
Дистрибутив клиента и инструкции:
«\\r00sccmfs.main.russianpost.ru\Distribs\ClientInstallation_v.1.10»
«ftp://ftp2.russianpost.ru/ClientInstallation_v.1.10» – для доступа из Интернет
«ftp://ftp.russianpost.ru/ClientInstallation_v.1.10» – для доступа из КСПД
«ftp://ftp.crt-service.ru/Проекты/MS_SCCM/ClientInstallation_v.1.10»
StartClientInstallation.bat – исполняемый файл для запуска установки;
ConfigMgrPreCheck-v1.4.vbs – скрипт для проверки предварительных условий и управления процессом установки.
ConfigMgrPrepareCert.ps1 – скрипт для запроса сертификата клиента. Определяет расположение клиента (КСПД
или Интернет) и в случае необходимости отправляет запрос на получение сертификата.
PrepareInventoryData.ps1 – скрипт вывода на экран формы для сбора данных установки и формирования
конфигурационного файла ConfigMgrSetup.ini.
Regions.csv – файл со списком соответствия регионов и кодов первичных сайтов Системы.
ConfigMgrSetup-v.3.76.vbs – скрипт для запуска установки и проверки состояния клиента Configuration Manager.
Журналы скрипта установки (%windir%\TEMP\SCCM_SETUP\):
<имя компьютера>_ConfigMgrPreCheck.log – содержит лог проверки и установки дополнительных компонентов
<имя компьютера>_ConfigMgrPrepareCerts.log – содержит лог процесса получения сертификата
<имя компьютера>_ConfigMgrDiag.Log – содержит лог проверки системы и установки клиента, получения
политик.
Журналы установки клиента (%windir%\ccmsetup\logs\):
ccmsetup.log – журнал работы программы установки
client.msi.log – журнал установщика клиента
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
25
РАЗВЕРТЫВАНИЕ И УПРАВЛЕНИЕ ОБНОВЛЕНИЯМИ ПРОГРАММНОГО ОБЕСПЕЧЕНИЯ
»
Обзор обновлений ОС и некоторого ПО с помощью Configuration Manager
»
Особенности применения политики обновлений с помощью Configuration
Manager ФГУП «Почта России»
РАЗВЕРТЫВАНИЕ И УПРАВЛЕНИЕ
44
ОБНОВЛЕНИЯМИ ПРОГРАММНОГО ОБЕСПЕЧЕНИЯ
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
УПРАВЛЕНИЕ КЛИЕНТОМ CONFIGURATION MANAGER
» Обзор клиента Configuration Manager
» Развертывание клиентов Configuration Manager
» Настройка агентов клиента
» Отслеживание статуса клиента
» Установка клиента на компьютерах ФГУП «Почта России»
УПРАВЛЕНИЕ КЛИЕНТОМ CONFIGURATION MANAGER
19
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
Поиск программ через System Center Configuration Manager
Когда вы устанавливаете у себя в операционной системе любой софт, то он у вас будет в большинстве случаев отображаться в окне “Программы и компоненты”, если вы его намеренно не скрыли. В общей сводной таблице, есть два полезных столбца, это “Имя” и “Издатель”. Именно по этим критериям мы будем осуществлять свой поиск.
Те же столбцы вы можете посмотреть и через обозреватель ресурсов. Для этого откройте “Активы и соответствие – Обзор – Устройства (Assets and Compliance – Overview – Devices)”, где в поисковой строке введите имя вашего сервера, где нужно посмотреть установленные программы. Щелкните по нему правым кликом и выберите пункт “Запустить – Обозреватель ресурсов (Start – Resource Explorer)”.
В открывшемся окне выберите пункт “Оборудование – Установленные программы (Hardware – Installe Software)”. У вас появится список всех инсталлированных программных продуктов на сервере. У каждого из них есть так же два полезных поля:
- Название продукта (Product Name)
- Издатель (Publisher)
Предположим, что я хочу составить отчет в котором будет информация по всем установленным версиям JAVA на серверах. Чтобы его сформировать вам необходимо перейти в меню “Мониторинг – Запросы (Monitoring – Queries)”. Щелкаем правым кликом и из контекстного меню выбираем пункт “Создать запрос (Create Query)”.
В открывшемся окне указываем имя нашего запроса, в моем случае, это будет Java-Verison, в типе объекта (Object Type) выберите системный ресурс (System Resource), после чего нажимаем “Изменить инструкцию запроса (Edit Querty Statement)”. У вас откроется окно “Свойства формы запроса”, где нам необходимо указать критерии поиска.
Первое, что нам нужно сделать, это добавить класс с атрибутом. Для этого нажимаем кнопку в виде солнышка. У вас откроется окно свойств результата. Нажмите кнопку “Выбрать (Select)”. Далее выбираем класс атрибутов “Системный ресурс (System Resource)” и в поле атрибут “Имя (Name)”. Нажимаем три раза “Ок”.
Точно так же добавляем класс:
- Установленные программы с атрибутом название продукта
- Установленные программы с атрибутом версией продукта
Переходим на вкладку “Критерии (Criterion)”. Нажимаем кнопку “Выбрать (Select)”. В классе атрибутов задаем значение “Установленные программы (Installed Software)”, в качестве атрибута задайте “Название продукта (Product Name)”.
В качестве оператора советую выставить “Похоже на (is like)” и в значении напишите %Java%. Благодаря этому неважно, где в имени может встречаться слово, оно будет подходить, это такое неточное вхождение. Если нужно по издателям, то выберите пункт “Установленные программы с атрибутом издатель (nstalled Software – Publisher)”.
Остается только добавить коллекцию серверов к кому вы будите применять запрос. Через кнопку “Обзор” выбираем коллекцию. В моем случае, это будет “All Servers”. Сохраняем наш запрос.
Пробуем сформировать отчет, для этого кликаем по нему два раза мышкой и смотрим результат. В итоге я получил удобную выборку по всем версия Java на моих серверах, данные можно отфильтровать или выстроить по именам или версиям. Чтобы выгрузить данный отчет, достаточно все выделить, через сочетание клавиш CTRL+A и скопировать, все данные попадут в буфер Windows.
На этом у меня все, надеюсь вы научились делать запросы по установленным программам в системах через System Center Configuration Manager. С вами был Иван Семин, автор и создатель IT блога Pyatilistnik.org.
Site System Role Placement in Hierarchy
The System Health Validator Point is a hierarchy-wide option. It’s supported to install this role on a Central Administration site, stand-alone Primary site, child Primary site. It’s not supported to install it on a Seconday site. The System Health Validator Point must be installed on a NAP health policy server.
SCCM 2012 OSD integrated with HTA including offline backup – Part 2
I have read here, here, here, here and here for HTA .I used HTA available here and modified and used in my task sequence.
I have read here, here, here and here to learn about log capture and used in my task sequence.
I have read here for how to sequence steps in task sequence
If you are new to HTA with SCCM it could take you 1 or 2 days to just setup your environment so just in keep in mind that it is a lengthy drawn out process.
In Part 1 I explained the code in HTA , various HTA options and created package for HTA.
Part 2 – Creating custom USMT package for wallpaper
In part 2 I am going to create a custom USMT package and adding and an xml file for wallpaper migration .
I do not like to modify the default USMT package so I am creating new one for using with my task sequence.
Link to download wallpaper xml file is provided in part 1
USMT package is created when SCCM is installed , Let me check the location of that package first
Default USMT package is stored in c:\Program files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\User State Migration tool\
Let review the content of this folder
This package has two folder amd64 and x86.
Now to create new USMT package , Create a new folder in your sources directory and copy both amd64 and x86 folders in there.
Now copy Wallpaper.xml file in Amd64
Now copy the same Wallpaper.xml file to x86 folder
Now create the package with USMTv1 as source folder for the package. No programs needed for USMT package .
Distribute the package to all distribution points . Now USMT package is ready for offline migration along with wallpaper
This concludes Part 2
Управление параметрами соответствия (Compliance)
1
Configuration items
imported or created
Configuration
Management Packs
Configuration
Manager
database
Configuration baseline
2 imported
or created
Compliance reports
7 are
run
Compliance
data stored
in database
Configuration
Baseline
Configuration
Manager server
Managed client
4
Configuration baseline
downloaded with
policy
Evaluation run on
5 schedule
6
Compliance state
messages sent from
the client
Configuration
3 baseline
deployed
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
65
SCCM 2012 OSD integrated with HTA including offline backup – Part 3
I have read here, here, here, here and here for HTA .I used HTA available here and modified and used in my task sequence.
I have read here, here, here and here to learn about log capture and used in my task sequence.
I have read here for how to sequence steps in task sequence
If you are new to HTA with SCCM it could take you 1 or 2 days to just setup your environment so just in keep in mind that it is a lengthy drawn out process.
In Part 1 I explained the code in HTA , various HTA options and created package for HTA.
In Part 2 I explained how to create a custom USMT
Part 3 – Importing the task sequence in SCCM
Download the zip file for the task sequence as mentioned in part 1 and then go to configuration manager console
Go to Software library , Operating system deployment , Task sequence
Click on Import task sequence and ignore the dependencies
Open the task sequence and you will see following steps
These are ALL the steps in the task sequence. I have highlighted what each group does . I will explain each group in next post . At this time you time you resolve package dependencies before moving forward.
Some groups use task sequence variables created and set by HTA . Some groups use task sequence variables set by MDT and SCCM .
This concludes part 3
Part 23 – Backup your Server after SCCM Installation
In the last part of this SCCM Installation Guide, we will setup automation backup for Configuration Manager sites by scheduling the predefined Backup Site Server maintenance task. This task has the following features:
- Runs on a schedule
- Backs up the site database
- Backs up specific registry keys
- Backs up specific folders and files
- Backs up the CD.Latest folder
Plan to run the default site backup task at
a minimum of every five days. This schedule is because Configuration Manager
uses a SQL Server change tracking retention period of five days.
To simplify the backup process, you can
create an AfterBackup.bat file. This
script automatically runs post-backup actions after the backup task completes
successfully. Use the AfterBackup.bat file to archive the backup snapshot to a
secure location. You can also use the AfterBackup.bat file to copy files to
your backup folder, or to start other backup tasks.
Site backup status information is written
to the Smsbkup.log file. This file
is created in the destination folder that you specify in the properties of the
Backup Site Server maintenance task.
To enable the site backup maintenance task
- Go to the Administration workspace, expand Site Configuration
- Click Site Maintenance Tasks in the ribbon.
- Select the Backup Site Server task, and click Edit.
- Select the option to Enable this task. Click Set Paths to specify the backup destination. You have the following options:
- Local drive on site server for site data and database: Specifies that the task stores the backup files for the site and site database in the specified path on the local disk drive of the site server. Create the local folder before the backup task runs. The Local System account on the site server must have Write NTFS file permissions to the local folder for the site server backup. The Local System account on the computer that’s running SQL Server must have Write NTFS permissions to the folder for the site database backup.
- Network path (UNC name) for site data and database: Specifies that the task stores the backup files for the site and site database in the specified network path. Create the share before the backup task runs. The computer account of the site server must have Write NTFS and share permissions to the shared network folder. If SQL Server is installed on another computer, the computer account of the SQL Server must have the same permissions.
- Local drives on site server and SQL Server: Specifies that the task stores the backup files for the site in the specified path on the local drive of the site server. The task stores the backup files for the site database in the specified path on the local drive of the site database server. Create the local folders before the backup task runs. The computer account of the site server must have Write NTFS permissions to the folder that you create on the site server. The computer account of the SQL Server must have Write NTFS permissions to the folder that you create on the site database server. This option is available only when the site database isn’t installed on the site server.
Verify that the Backup Site Server maintenance task is
running
- Check the timestamp on the files
in the backup destination folder that the task created. Verify that the
timestamp updates to the time when the task was last scheduled to run.- Go to the Component
Status node of the Monitoring workspace. Review the status messages for SMS_SITE_BACKUP. When site backup completes successfully, you see message ID 5035. This message indicates that the site backup completed without any
errors.
- When you configure the backup
task to create an alert when it fails, look for backup failure alerts in
the Alerts node of the Monitoring workspace.
- Go to the Component
SQL Backup
It’s also possible to backup your SCCM server using SQL Maintenance task. The biggest advantage of this method is that it offers compression. Please read this blog post if you prefer this method. Be aware that this backup method doesn’t backup the CD.Latest folder which is important. You could also have both backup methods enabled if needed.
Planning for SCCM Boundaries and Boundary Groups
Before designing your strategy choose wisely on which boundary type to use.
If you’re unsure of which type of boundary to use you can read Jason Sandys excellent post about why you shouldn’t use IP Subnet boundaries.
Microsoft recommends the following :
- When designing your boundary strategy, we recommend you use boundaries that are based on Active Directory sites before using other boundary types. Where boundaries based on Active Directory sites are not an option, then use IP subnet or IPv6 boundaries. If none of these options are available to you, then leverage IP address range boundaries. This is because the site evaluates boundary members periodically, and the query required to assess members of an IP address range requires a substantially larger use of SQL Server resources than queries that assess members of other boundary types
- It’s also recommended to split your Site Assignment and Content location group
Содержание
1.
Обзор System Center 2012 Configuration Manager
2.
Организация ресурсов
3.
Управление клиентом Configuration Manager
4.
Управление инвентаризацией и учетом использования программных продуктов
5.
Отчеты
6.
Развертывание программного обеспечения
7.
Развертывание и управление обновлениями программного обеспечения
8.
Развертывание операционных систем
9.
Ролевая модель разграничения прав доступа
10.
Удаленное управление
11.
Другие функции
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
2
Part 12 – Fallback Status Point
We will describe how to install SCCM Fallback Status Point (FSP).
Role Description
The FSP helps monitor client installation and identify unmanaged clients that cannot communicate with their management point.
This is not a mandatory Site System but we recommend to install a FSP for better client management and monitoring. This is the Site System that receive State Message related to client installation, client site assignment, and clients unable to communicate with their HTTPS Management Point.
If the FSP is not configured properly you’ll end up having A fallback status point has not been specified errors in your logs.
Site System Role Placement in Hierarchy
This Site System is a hierarchy-wide option. It’s supported to install this role on a child Primary Site or stand-alone Primary Site but it’s not supported on a Central Administration site nor Secondary Site.
FSP Installation
- Open the SCCM console
- Navigate to Administration / Site Configuration / Servers and Site System Roles
- Right click your Site System and click Add Site System Roles
- On the General tab, click Next
- On the Proxy tab, click Next
- On the Site System Role tab, select Fallback Status Point, click Next
- On the Fallback Status Point tab, specify the number of state messages to process. We recommend to leave the default value, click Next
- On the Summary tab, review your setting and click Next
- Wait for the setup to complete and close the wizard
Verification and Logs files
- Smsfspsetup.log – DetailedFSP Installation status
- Fspmgr.log – Verify whether clients are successfully sending state messages to the FSP
You can also check if reports that depend on the FSP are populated with data. See the full list of reports that rely on the FSP here.
Configure clients
Use the FSP client properties to point your clients to your newly created FSP
- Navigate to Administration / Site Configuration / Site
- Click the Client Installation Setting icon on the ribbon
- Select Client Push Installation
- On the Installation Properties tab
- Enter your server FQDN in the FSP properties
SCCM 2012 OSD integrated with HTA including offline backup – Part 7
Posted by on August 13, 2014
I have read here, here, here, here and here for HTA .I used HTA available here and modified and used in my task sequence.
I have read here, here, here and here to learn about log capture and used in my task sequence.
I have read here for how to sequence steps in task sequence
In Part 1 I explained the code in HTA , various HTA options and created package for HTA.
In Part 2 I explained how to create a custom USMT Package
In Part 3 I explained different groups in the task sequence highlight what each group does.
In Part 4 I explained hard drive partition group
In Part 5 I explained the offline USMT and Reinstall OS Step
In Part 6 I explained New Computer Install , Post Install and Applications Install Group
Part 7 – Copy logs Group
This group is set to continue on error because if there any error in copying logs , It will appear as if entire task sequence has failed. However it is up to you if you think copy logs is critical then uncheck continue on error.
Next Sub Group is OSD Failed.
This sub group only runs if the if there is an error in steps before Copy Logs group. The is done by setting a task sequence variable as a condition
If _SMSTSLastActionSucceeded is false then only this sub group “OSD Failed” runs . Else the subgroup is skipped
If the task sequence variable condition is true then next step is
Connect to OSD Logs Folder . This is a shared folder on the server (in my case SCCM Server) and everyone has change permissions to this folder.
HOWEVER ..I was not able to connect to this folder if I used any other account other than Domain admin account.I don’t why yet.
Next step is Delete Folder if exists
This step has a checked Continue on error . This is done because if the folder for machine does not exist this step will fail because there is nothing to delete.
However if the folder with machine name exists
Command as shown in screen below runs and deletes the folder
Next create Folder to copy logs
If this step is run under sub group OSD Successful the folder will be Z:\OSD_Success rest everything will be same.
Next step is Copy Logs
If this step is run under sub group OSD Successful the folder will be Z:\OSD_Success rest everything will be same.
Next Sub Group is OSD Successful
This sub group only runs if the if all the steps before Copy Logs group complete. The is done by setting a task sequence variable as a condition
If _SMSTSLastActionSucceeded is True then only this sub group “OSD Successful” runs . Else the subgroup is skipped
All the steps under OSD Successful are same as under OSD Failed described above. Any differences in path is noted in steps above.
This concludes the Part 7 and entire task sequence 🙂
РОЛЕВАЯ МОДЕЛЬ РАЗГРАНИЧЕНИЯ ПРАВ ДОСТУПА
»
Роли
»
Области безопасности
»
Коллекции
»
Итоговые полномочия администраторов
»
Группы безопасности и разделение прав в Системе
РОЛЕВАЯ МОДЕЛЬ РАЗГРАНИЧЕНИЯ ПРАВ ДОСТУПА
55
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
ОБЗОР SYSTEM CENTER 2012 CONFIGURATION MANAGER
» Общий обзор продуктов семейства System Center 2012 R2
» Введение в System Center 2012 Configuration Manager
» Обзор архитектуры System Center 2012 Configuration Manager
» Обзор консоли управления System Center 2012 Configuration
Manager
ОБЗОР SYSTEM CENTER 2012 CONFIGURATION MANAGER
3
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
Отслеживание использования программного обеспечения (Software Metering)
Monitored
program
Monitored
program
Monitored
program
1
Software
Metering
Agent
3
2
4
When you enable the Software Metering Agent, it:
Site
1 Collects data each time a monitored program
runs and terminates
Server
2 Uploads data to the management point on a scheduled basis
3 Forwards data to the site server
4 Adds data to the site database
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
30
ОБЗОР SYSTEM CENTER 2012 CONFIGURATION MANAGER
» Общий обзор продуктов семейства System Center 2012 R2
» Введение в System Center 2012 Configuration Manager
» Обзор архитектуры System Center 2012 Configuration Manager
» Обзор консоли управления System Center 2012 Configuration
Manager
ОБЗОР SYSTEM CENTER 2012 CONFIGURATION MANAGER
3
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
Установка System Center Configuration Manager
Ниже будут представлен скрипт добавляющий все компоненты, но для понимания пройдемся по шагам. Открываем “Диспетчер сервера-Управление-Добавить роли и компоненты”.
Далее
Далее, оставляем выбранным пункт “Установка ролей и компонентов”
Указываем сервер для установки System Center Configuration Manager, напоминаю, что диспетчер серверов позволяет делать удаленную установку компонентов и ролей.
Пропускаем окно со списком ролей, они нам не нужны.
Выбираем “Функции Net.Framework 3.5”
Выбираем “Фоновая интеллектуальная служба передачи (BITS)”
Выбираем “Удаленное разносное сжатие”.
После выбора нужных компонентов для System Center Configuration Manager, нажимаем далее.
Далее. Служба “Bits” добавит роль веб-сервера IIS.
Запустится мастер установки компонентов IIS, выбираем ASP.NET 3.5 и 4.5.
Добавляем компонент ASP.NET 4.5
Выбираем проверка подлинности Windows.
Также выбираем Совместимость WMI в IIS6
Далее для установки System Center Configuration Manager, нажимаем соответствующую кнопку.
Следим за ходом инсталляции компонентов.
Тоже самое можно было сделать скриптом
Содержание скрипта
Add-WindowsFeature NET-Framework-Core,BITS,RDC,Web-Asp-Net,Web-Windows-Auth,Web-WMI -Restart
Дальше нам нужно подготовить SQL 2012. Начнем установку, запускаем setup.exe. Открывается мастер, выбираем “Установка”.
Новая установка.
Произойдет проверка требований к установке SQL 2012
Вводим ключ
Соглашаемся с лицензией
Если нашлись обновления, то я советую их применить.
Вот так выглядит процесс установки обновлений для SQL
Далее
Устанавливаем компоненты
Выбираем Службы компонента Database Engine, Службы Reporting Service, Средства управления.
Проверяются правила установки.
Экземпляр оставляем по умолчанию
Далее.
Выбираем от имени кого будут запускаться службы.
Выбираем параметры сортировки (колейшен) должно стоять как на картинке.
Добавляем в админы нужных вам пользователей.
Установить и настроить
Далее.
Далее
Установить
Процесс инсталляции SQL 2012
После накатываем все SP и CU для SQL. После того как все поставили нужно произвести интеграцию с AD. Для этого открываем ADSIEDIT.msc
Подключаемся к Контекст именования по умолчанию
Выбираем System и щелкаем правым кликом создать-объект
Выбираем container.
В названии пишем System Management
Готово.
Теперь дадим на него права серверу с sccm. Открываем Active Directory Users and Computers (Пользователи и компьютеры) Выбираем Вид-Дополнительные компоненты.
Открываем System-System Management и правым кликом Свойства.
Вкладка Безопасность-Добавить ищем наш сервер и жмем добавить
Даем полный доступ и жмем Дополнительно.
Меняем Только этот объект на Этот объект и все дочерние.
Теперь проверим правильно ли мы расширили схему Active Directory. Для этого заходим в дистрибутив SCCM2012 по пути\SMSSETUP\BIN\X64, находим файл extadsch.exe копируем его в корень диск С, после этого запускаем этот файл на диске С, должен создастся лог файл ExtADSch.txt, у меня он имел следующий вид.
Вы должны быть в группе Администраторы схемы, чтобы он отработал
Видим файлик лог
Обращаем внимание , что отработало успешно.
Все необходимые требования выполнены переходим к установке SCCM 2012R2.
Part 6 – Asset Intelligence Synchronization Point
This part will describe the Asset Intelligence Synchronization Point (AISP).
Role description
The AISP is used to connects to Microsoft in order to download Asset Intelligence catalog information and upload uncategorized titles. For more information about planning for Asset Intelligence, see Prerequisites for Asset Intelligence in Configuration Manager.
This is not a mandatory Site System but we recommend to install the AISP if you are planning to use Asset Intelligence. Read our blog post on Why should you use Asset Intelligence in SCCM.
Site System Role Placement in Hierarchy
The AISP is a hierarchy-wide option. SCCM supports a single instance of this site system role in a hierarchy and only at the top-level site. Install it on your Central Administration Site or stand-alone Primary Site depending of your design.
AISP Installation
- Open the SCCM console
- Navigate to Administration / Site Configuration / Servers and site System Roles
- Right-click your Site System and click Add Site System Roles
- On the General tab, click Next
- On the Proxy tab, enter your Proxy server information if needed and click Next
- On the Site System Role Selection tab, select Asset Intelligence Synchronization Point, click Next
- On the Certificate page, click Next
- By default, the Use this Asset Intelligence Synchronization Point setting is selected and cannot be configured on this page. System Center Online accepts network traffic only over TCP port 443, therefore the SSL port number setting cannot be configured on this page of the wizard
- You can specify a path to the System Center Online authentication certificate (.pfx) file. Typically, you do not specify a path for the certificate because the connection certificate is automatically provisioned during site role installation
- Specify the desired catalog Synchronization Schedule, click Next
- On the Summary tab, review your setting and click Next
- Wait for the setup to complete and close the wizard
AISP Logs
- AIUSSetup.log – Information about the installation of the Asset Intelligence catalog synchronization point site system role
- AIUpdateSvc.log – Information about the Asset Intelligence catalog synchronization service
- Aikbmgr.log – Information about the Asset Intelligence catalog manager service
Verification
- Verify that the role installation is completed in AIUSSetup.log
- Open the SCCM console
- Navigate to Assets and Compliance / Overview / Asset Intelligence
- Verify that the Sync is Enabled and Successful
Enable Inventory Reporting Classes
In order to have inventory data, first ensure that Hardware Inventory is enabled in your Client Settings.
- Navigate to Administration / Client Settings
- Right-click your Client Settings and choose Properties
- On the Hardware Inventory Tab
- Ensure that your hardware inventory is Enabled
Once confirmed, enable inventory reporting classes :
- Open the SCCM console
- Navigate to Assets and Compliance / Asset Intelligence
- Right-click Asset Intelligence and select Edit Inventory Classes
- Select Enable only the selected Asset Intelligence reporting classes
- Select SMS_InstalledSoftware, SMS_ConsoleUsage and SMS_SystemConsoleUser
- On the warning, click Yes
Maintenance Tasks
2 maintenance tasks are available for Asset Intelligence :
- Check Application Title with Inventory Information
- This maintenance task checks that the software title that is reported in software inventory is reconciled with the software title in the Asset Intelligence catalog.
- Summarize Installed Software Data
- This maintenance task provides the information that is displayed in the Assets and Compliance workspace. When the task runs, Configuration Manager gathers a count for all inventoried software titles at the primary site.
To set the maintenance tasks :
- Navigate to Administration / Site Configuration / Sites
- Select Site Maintenance on the top ribbon
- Select the desired schedule for both tasks
You’re now done installing the AISP.
Part 13 – Management Point Installation
We will describe how to install an SCCM Management Point (MP).
Role Description
Every SCCM hierarchy must have a Management Point to enable client communication. The Management Point is the primary point of contact between Configuration Manager clients and the site server. Management Points can provide clients with installation prerequisites, configuration details, advertisements and software distribution package source file locations. Additionally, Management Points receive inventory data, software metering information and state messages from clients.
Multiple Management Points are used for load-balancing traffic and for clients to continue receiving their policy after Management Point failure. Read about SCCM High-Availability options in this Technet article.
Prior to SCCM 2012 R2 SP1, it was not possible to assign client directly to a specific Management Point. It’s now possible using the new Preferred Management Point feature. Read about how clients choose their Management Point in this Technet article.
Site System Role Placement in Hierarchy
The Management Point is a site-wide option. It’s supported to install this role on a stand-alone Primary site, child Primary site or Seconday site. It’s not supported to install a Management Point on a Central Administration site.
Each primary site can support up to 10 Management Points.
By default, when you install a Secondary site, a Management Point is installed on the Secondary site server. Secondary sites do not support more than one Management Point and this Management Point cannot support mobile devices that are enrolled by Configuration Manager.
See the full Supported Configuration in the following Technet article.
Prerequisites
On Windows 2012, the following features must be installed before the Management Point Installation:
Features:
- .NET Framework 4.5
- BITS Server Extensions or Background Intelligent Transfer Services (BITS)
IIS Configuration:
- Application Development
- ISAPI Extensions
- Security
- Windows Authentication
- IIS 6 Management Compatibility
- IIS 6 Metabase Compatibility
- IIS 6 WMI Compatibility
SCCM Management Point Installation
- Open the SCCM console
- Navigate to Administration / Site Configuration / Servers and Site System Roles
- Right click your Site System and click Add Site System Roles
- On the General tab, click Next
- On the Proxy tab, click Next
- On the Site System Role tab, select Management Point, click Next
- On the Management Point tab
- Select the desired client connections methods. HTTPS required to have a valid PKI certificate for client authentication
- Click Next
- On the Management Point Database tab, specify if you want to use the site database or a database replica. Read about database replica here
- Specify if you want to use the computer account of the Management Point to connect to the database or a specified account
- On the Summary tab, review your settings, click Next and complete the wizard
Verification and Logs files
You can verify the installation in the following logs:
- ConfigMgrInstallationPath\Logs\mpMSI.log – Records details of about the management point installation
- ConfigMgrInstallationPath\Logs\MPSetup.log.log – Records the management point installation wrapper process
РАЗВЕРТЫВАНИЕ ОПЕРАЦИОННЫХ СИСТЕМ
»
Обзор развертывания операционных систем
»
Установка по сети, установка со съемного носителя
»
Образы ОС
»
Загрузочные образы
»
Каталог драйверов
»
Последовательности задач
»
Сценарии установки ОС
»
Шаги по развертыванию ОС по сети с помощью Configuration Manager
РАЗВЕРТЫВАНИЕ ОПЕРАЦИОННЫХ СИСТЕМ
46
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012
УПРАВЛЕНИЕ ИНВЕНТАРИЗАЦИЕЙ И УЧЕТОМ ИСПОЛЬЗОВАНИЯ ПРОГРАММНЫХ ПРОДУКТОВ
» Инвентаризация (Inventory)
» Аналитика активов (Asset Intelligence)
» Отслеживание использования программного обеспечения
(Software Metering)
УПРАВЛЕНИЕ ИНВЕНТАРИЗАЦИЕЙ И УЧЕТОМ
27
ИСПОЛЬЗОВАНИЯ ПРОГРАММНЫХ ПРОДУКТОВ
ОСНОВЫ РАБОТЫ С MICROSOFT CONFIGURATION MANAGER 2012