Now that you understand the basic concepts behind Systems Management Server 2003 SP1, you can install a site server and create a site hierarchy! In this section, you learn how to install a site server, configure a site, and enable and configure site systems.
As you know, SMS may publish data in the Active Directory database so that advanced clients can discover site systems on the network. For this to happen, the active directory schema has to be extended, a container named System Management has to be created in Active Directory, and the SMS Service account (or Site Server computer account in advanced security) must have Read, Write, Create All Child Objects, and Delete All Child Objects rights to this container.
All of these actions can be done by the SMS installation, as long as the logged-on user account during installation has all the necessary rights to create objects in Active Directory and extend the Active Directory schema. However, these actions may need to be performed by someone other than the SMS administrator in some situations. If this is the case, these tasks need to be performed manually according to the instructions that follow.
To create the system management container, execute the following steps:
Log on to a domain controller using an account with rights to create objects in Active Directory.
Click on the Start menu, and select Run.
Type ADSIedit.msc and click OK. The ADSI Edit management console appears, as shown in Figure 4-8.
Expand the domain node, and then expand the System container. The ADSI Edit management console appears, as shown in Figure 4-9.
Right-click the System container and then select New Object. The Create Object dialog box appears, as shown in Figure 4-10.
Select container in the Select a class list box and click Next. The Create Object dialog box appears, as shown in Figure 4-11.
Type the container name, System Management. Click Next. The Create Object dialog box appears, as shown in Figure 4-12.
Click the Finish button. The new container is created.
Once the container is created, you need to give the required rights on it to the SMS Service account (if using Standard Security) or the SMS computer account (if using Advanced Security). To give the account the correct rights, execute the following steps:
Log on to a domain controller using an account with administrative rights.
Click the Start menu, select Administrative Tools, and click Active Directory Users and Computers.
Click the View menu and select Advanced features. Notice that system containers will be displayed in the Active Directory Users and Computers management console, as shown in Figure 4-13.
Right-click on the System Management container and click Properties. In the System Management Properties dialog box, click the Security tab. The System Management Properties dialog box appears, as shown in Figure 4-14.
Click the Add button. The Select Users, Computers, or Groups dialog box appears, as shown in Figure 4-15.
Click the Object Types button. The Object Types dialog box appears, as shown in Figure 4-16.
Make sure the Users and Computers check boxes are selected. Click OK.
Click the Advanced button. The Select Users, Computers, or Groups dialog box appears, as shown in Figure 4-17.
Click the Find Now button to view all user and computer accounts.
Select the SMS Service account for standard security, or the SMS computer account for advanced security. Click OK.
With the account selected, enable the Allow option for the following rights:
Create All Child Objects
Delete All Child Objects
Now that the System management container is created and correctly configured, you still need to extend the Active Directory schema if you want to allow SMS 2003 to publish data to the Active Directory database. To do so, execute the following steps:
Log on to a domain controller using an account with schema administrative rights (a member of the Schema Admins group).
Click the Start menu and select Run.
Click the Browse button and navigate to the SMSSETUP\BIN\I386 folder in the SMS installation CD.
Select the extadsch.exe file and click OK. Click OK again to start the schema extension. A command prompt window appears, as shown in Figure 4-18.
In Windows 2000, you will need to enable schema updates before running the preceding instructions. To enable schema updates, follow the steps provided at http://www.support.microsoft.com/default.aspx?kbid=285172.
Now that you know what options you will use for the SMS implementation in your environment, it's time to install the software. Because this will be the first SMS installation in your environment, you will install a primary server. The instructions that follow take you step by step through this process. In our example, we install SMS in advanced security mode using a local SQL Server 2000 database.
Using an administrative account, log on to the computer where SMS will be installed.
Start the SMS setup from the CD. If the setup screen does not appear after inserting the CD, run the autorun.exe file in the root folder of the CD. The Systems Management Server 2003 Setup window appears, as shown in Figure 4-19.
Click the SMS 2003 link. The Welcome dialog box of the Systems Management Server Setup Wizard appears, as shown in Figure 4-20.
Click Next. The System Configuration dialog box of the Systems Management Server Setup Wizard appears, as shown in Figure 4-21.
Click Next and the Setup Options dialog box appears, as shown in Figure 4-22.
Select the Install an SMS primary site radio button to install a primary site server, and click Next. The Installation Options dialog box appears, as shown in Figure 4-23.
Select the Custom Setup radio button to specify what components to install, or the Express Setup to install the SMS Server software and the SMS Administrator Console. In this example, we selected Custom Setup.
Click Next and the System Management Server License Agreement dialog box appears, as shown in Figure 4-24.
Click Print to print the license agreement in case you want to file the agreement with your server documentation.
Select the I Agree radio button to accept the agreement.
If you select the I do not agree radio button, you will not be able to continue the setup application.
Click Next. The Product Registration dialog box appears, as shown in Figure 4-25.
Type your name in the Name text box, your company name in the Organization text box, and your Product Key in the Product Key text box. The product key can be found in the installation CD cover or in the documentation for your Enterprise Agreement.
Click Next. The SMS Site Information dialog box appears, as shown in Figure 4-26.
Type a three-character site code to represent your site in the Site code text box.
SMS site codes have to be unique across the enterprise and cannot be changed once SMS is installed.
Type a site name in the Site name text box.
Verify that your domain name appears in the Site domain text box.
Click Next. The SMS Active Directory Schema dialog box appears, as shown in Figure 4-27.
Enable the Extend the Active Directory Schema check box if you want to extend the schema at this moment. Remember that the logged-on account must have schema administrative rights in order for this to work. You do not need to enable this check box if you have extended the schema manually.
Click Next. The SMS Security Information dialog box appears, as shown in Figure 4-28.
Select the Advanced Security or Standard Security radio button, according to the desired security mode. If you choose standard security you must use a user account for the SMS Service. In our example, we will use advanced security.
Click Next. The SMS Primary Site Client Load dialog box appears, as shown in Figure 4-29.
Type the approximate number of SMS clients to be supported by the site in the Number of SMS clients text box. This number is only used to calculate the initial size for the SMS database. You will be able to add more clients if necessary.
Click Next and the Installation Options dialog box appears, as shown in Figure 4-30.
Enable the check boxes that represent the components you wish to install according to the following list:
System Management Server: Installs the SMS software. This option cannot be unchecked when installing a site server.
SMS Administrator Console: Installs the MMC console used to manage SMS. This option cannot be unchecked when installing a site server.
Remote Tools: Installs the SMS Remote Tools to allow remote access to the server.
We discuss Remote Tools later in this book. In our example, we will not enable Remote Tools at this point.
Click the Browse button to select a folder to install the SMS software. The default folder is displayed to the right of this button as C:\SMS.
Click Next. The SQL Server Information for SMS Site Database dialog box appears, as shown in Figure 4-31.
Type the name of the SQL Server computer that will store the SMS database in the Computer running SQL Server text box. The SMS Setup Wizard can create the database for you if the database is located on the same computer as the SMS site server. If this is not the case you will have to create the database manually. Also, the SMS Service account (standard security) or the SMS computer account (advanced security) must have local administrative privilege on the computer running SQL Server.
Click Next. The Creation of SMS Site Database dialog box appears, as shown in Figure 4-32.
Specify whether the SMS Setup Wizard will create the SMS site database. Remember that this is possible only if the database server is the same computer as the SMS site server.
Click Next. The SMS Site Database Name dialog box appears, as shown in Figure 4-33.
Type the name of the SMS database in the Database name text box.
Click Next. The SQL Server Directory Path for SMS Site Database dialog box appears, as shown in Figure 4-34.
Type the path to a folder that will hold the database and transactional log files for the SMS site database or use the Browse button to select the folder.
For performance and maintenance issues, we recommend that the data file and log file for a database be located in different drives. This cannot be done during SMS setup. It must be done through SQL Server at a later time.
Click Next. The Concurrent SMS Administrator Consoles dialog box appears, as shown in Figure 4-35.
Type the estimated number of concurrent connections to the SMS Administrator Console in the Number of SMS Administrator consoles text box. This information is used to configure SQL Server memory usage.
Type the estimated number of connections to the SQL Server database in the Minimum number of SQL Server connections text box. This information is used to configure SQL Server memory usage.
Click Next. The Completing the Systems Management Setup Wizard dialog box appears, as shown in Figure 4-36.
Check the information displayed in the text box. If changes are necessary, click the Back button and execute the changes.
Click the Finish button. The installation initiates and a screen similar to the one in Figure 4-37 appears.
Congratulations! If everything worked as expected, you now have SMS installed and ready to use!
Once your server is installed, it still needs to be configured in order for the SMS environment to work correctly. In this section, we cover the basic configuration steps necessary for an SMS site server to work properly. You learn how to use the SMS Administrator Console to configure site systems, computer discovery, and client installation.
Once your SMS site server is installed, certain settings have to be configured to allow the SMS environment to work correctly. A Server Locator Point site system is required to allow clients to locate the site server, and a Management Point is required for advanced clients to function properly.
Such settings are managed through the SMS Administrator Console. The SMS Administrator Console is an MMC tool that allows SMS Administrators to view and manage settings in an SMS hierarchy. The console is installed by default in any server running SMS and can also be installed on a workstation.
Before we start configuring the SMS hierarchy, let's explore the SMS Administrator Console. To view settings in the SMS Administrator Console, perform the following steps:
In the Start menu, point to All Programs Systems Management Server, and click SMS Administrator Console. The SMS administrator console appears, as shown in Figure 4-38.
Once the console connects to the site database, expand the Site Database node. The SMS administrator console appears, as shown in Figure 4-39.
To view the site systems in use, expand Site Hierarchy, your site name, Site Settings, and click Site Systems. The list of site systems appears, as shown in Figure 4-40.
As you can see, the site system plays the roles of Client Access Point and Distribution Point by default. To enable the Server Locator Point and Management Point roles for the site server, right-click the site server and click Properties. The Site Systems Properties dialog box appears, as shown in Figure 4-41.
Click the Server Locator Point tab, as shown in Figure 4-42.
Enable the Use this site system as a server locator point check box.
Select Use this site database in the Database list to connect to the site database.
Click on the Management Point tab of the Site Systems Properties dialog box, as shown in Figure 4-43.
Enable the Use this site system as a management point check box.
Select Use this site database in the Database list to connect to the site database.
Click OK. Because this isn't a default management point for your site, the message in Figure 4-44 appears.
Click Yes. SMS begins installing the management point.
During the installation of site systems, SMS uses a service called the SMS Server Bootstrap. To view this service and verify if the Server Locator Point and Management Point roles were installed successfully, perform the following steps:
In the Start menu, point to Administrative Tools, and click Services. The services window appears, as shown in Figure 4-45.
You may have to scroll down to see the SMS_BOOTSTRAP service. If you still do not see it, click the Refresh button in the toolbox.
To verify if the Management Point site system role is running, keep refreshing the services window. Once the service is installed, the service windows appear, as shown in Figure 4-46.
The Management Point system role requires Background Intelligent Transfer Service (BITS Service Extensions). To install BITS, follow the steps in http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/.mspx.
Now that your SMS environment is set up, you need to deploy SMS clients on your network. Before deploying clients, SMS must discover the resources available in your network and identify what resources will require the client to be installed. SMS uses multiple discovery methods to gather information related to resources on your network. A resource is any object discovered by SMS, such as user accounts, groups, computers, routers, and printers.
Once SMS discovers a resource, it creates a discovery data record (DDR) in the site database. DDRs are used to populate collections, and for querying and reporting. DDRs are gathered using one or more of the following discovery methods:
Windows User Account Discovery: Used to discover user accounts in a Windows domain without Active Directory.
Windows User Group Discovery: Used to discover group accounts in a Windows domain without Active Directory.
Heartbeat Discovery: Used to contact computers that have been previously discovered to identify if they are still in the network. By default, this discovery process runs once a week.
Network Discovery: Used to find devices connected to the network, such as computers, printers, and routers. It can be used to scan specific subnets, Windows domains, and SNMP communities.
Active Directory System Discovery: Used to discover computers based on computer accounts in Active Directory.
Active Directory User Discovery: Used to discover users based on Active Directory user accounts.
Active Directory System Group Discovery: Used to discover groups based on Active Directory group accounts.
Now that we know about the different discovery methods, let's run discovery and populate the site database with DDRs. If this is the first time you run discovery, it is interesting to verify the existence of any resource in the site database prior to running the discovery process, just to make sure discovery is really populating data. This is done by checking the SMS collections. A collection is a group of users, user groups, or computers in SMS. To verify the existence of resources, perform the following steps:
In the SMS Administrator Console, expand Site Database, and Collections. The list of collections is displayed, as shown in Figure 4-47.
Select the All Systems collection. Verify that the details pane is empty.
To run system discovery, perform the following steps:
In the SMS Administrator Console, expand Site Database, Site Hierarchy, your site, Site Settings, and click Discovery Methods. The list of discovery methods is displayed, as shown in Figure 4-48.
Right-click Active Directory System Discovery and click Properties. The Active Directory System Discovery Properties dialog box appears, as shown in Figure 4-49.
Enable the Enable Active Directory System Discovery check box to enable discovery to happen.
In the Active Directory Containers list, click the asterisk button to add an entry. The Browse for Active Directory appears, as shown in Figure 4-50.
Enable one of the following options:
Local domain: To search the local domain.
Local forest: To search the entire forest.
Custom LDAP or GC query: To use an LDAP query.
In this example, we will use the custom LDAP option. Therefore, enable this option and click the Browse button. The Select New Container dialog box appears, as shown in Figure 4-51.
Select the Computers container in your domain and click OK. The Browse for Active Directory dialog box appears, as shown in Figure 4-52.
Enable the Recursive check box to discover computer accounts in subcontainers within the Computers container. Click OK.
Click the Polling Schedule tab of the Active Directory System Discovery Properties dialog box to schedule the discovery. See Figure 4-53.
You may click the Schedule button to schedule discovery in a different interval. For testing purposes, enable the Run discovery as soon as possible check box and click OK.
Repeat Steps 2 through 9 for Active Directory User Discovery and Active Directory System Group Discovery. Make sure to select Local domain for Step 5.
To verify if discovery was successful, right-click the All Systems collection, point to All tasks, and click Update Collection Membership. The All Systems dialog box appears, as shown in Figure 4-54.
Click OK. The list of systems is displayed, as shown in Figure 4-55.
It may take a while for the collection to update. You may have to click the Refresh button in the toolbar. You may also have to click another container and click back on the All Systems collection to force the list of systems to be displayed.
Right-click one of the discovered computers and click Properties. The system Properties dialog box appears, as shown in Figure 4-56. Verify the Agent name entry; it displays the discovery agent used to gather the information related to this DDR.
SMS Clients are divided into two main types: Advanced and Legacy. A third client, the Mobile Client, is used for Windows Pocket PC devices. We focus on advanced clients and legacy clients in this chapter.
Basically, a client type is selected based on the client computer operating system. The Legacy Client supports the Windows 98 and Windows NT4 SP6 and later operating systems, while the Advanced Client supports only Windows 2000 or later versions. The table that follows summarizes the differences between the clients.
Support for Windows 98 and Windows NT 4 SP6
Controlled SMS client version upgrade (2 to 2003)
Ability to download a program from a distribution point prior to installation
Connection management through BITS
Once you have decided what client or clients will be installed you still have to determine how installation will occur. You can use Group Policy, logon scripts, pre-imaged installation, manual installation, or even push the installation from SMS 2003.
To properly install the SMS client, you need to know what file, or files, are used for setup. The table that follows lists the different setup files available in a share called SMSClient, which is automatically created by the SMS installation wizard.
Windows Installer package containing the Advanced Client. This file is copied to the client computer, allowing a local reinstall, if necessary.
Advanced Client Installer. Responsible for copying the client.msi file to the client and initiating the install. Ccmsetup uses Active Directory to assign the client to a site and locate a management point.
Legacy client installer. Used to manually install the legacy client.
Used to install either a legacy or advanced client. Normally called from a logon script.
Because we are focusing on SMS and MOM technologies, we will use the SMS Client Push installation to install the SMS client. Once Client Push Installation is enabled, it will push the installation to newly discovered and assigned computers by connecting using a specific account and running ccmsetup.exe (for Advanced clients) as a service in the local client. Needless to say, the account in question needs local administrative privilege on the client computer. To enable the Client Push Installation process, perform the following steps:
In the SMS Administrator Console, expand Site Database, Site Hierarchy, your site, Site Settings, and click Client Installation Methods. The list of installation methods is displayed, as shown in Figure 4-57.
Right-click Client Push Installation and click Properties. The Client Push Installation dialog box appears, as shown in Figure 4-58.
Enable the Enable Client Push Installation to assigned resources check box.
In the System types panel, enable the check boxes that represent the types of systems on which to install the SMS client. In our example, enable Servers, Workstations, and Domain controllers.
Enable the Enable Client Push Installation to site systems check box to allow the SMS client to be pushed to SMS site systems.
In the Client types panel, select the types of clients to be installed according to the list that follows:
Legacy Client: Install only legacy clients.
Advanced Client: Install only advanced clients.
Platform Dependent: Install legacy clients on computers running Windows 98 and Windows NT4 SP6, and advanced client on computers running Windows 2000 or later.
Click the Accounts tab of the Client Push Installation dialog box, as shown in Figure 4-59.
In the Accounts list, click the asterisk button. The Windows User Account dialog box appears, as shown in Figure 4-60.
In the User name box, type the name of the user account to be used for installation; remember to type it as DOMAIN\USER.
In the Password and Confirm password boxes, type the account password. Click OK twice.
Installation occurs the next time discovery runs. You can either force discovery to start the installation process, or right-click a computer in a collection, point to All Tasks, and click Install Client to use the Client Push Installation on the selected computers.
To verify the installation process, open Task Manager on the client computer. You should be able to see the ccmsetup.exe process, as displayed in Figure 4-61.
Once the installation is done, you will be able to verify in the client computer that a new applet, called Systems Management, is available in Control Panel, as shown in Figure 4-62.
Back on the SMS server, refresh the All Systems collection. Verify that the computers that have the client installed display client information in the detail pane.