Sunday, February 3, 2013

Office 2013 deployment with SCCM 2012 SP1

1.     Customise Office Installation

1.1   Extract office 2013

Extract office 2013 to one folder, and open CMD ( I use ‘run as administrator’).

D:\sources\Applications\Office2013>setup /admin download

Download and extract the customization tool to the installation point


1.2   Location and organization name

1.3   Licensing and user interface

1.4   Feature Selection

1.5   Save the file LeoLi - Office2013.msp


2.     Create Application in SCCM
2.1 Create new application (\Software Library\Overview\Application Management\Applications)

Please find and locate proprww.msi under office installation folder.

2.2 Application info:

2.3 Change the Application Properties

Right Click “Microsoft Office Professional Plus 2013”  under “\Software Library\Overview\Application Management\Applications”


Change “\\w-sr-2\sources\Applications\Office2013\proplusr.ww “ to “\\w-sr-2\sources\Applications\Office2013” under “Content” tab.



Check box “Allow this application to be installed from the install Application task sequence action without being deployed.


2.4  change Installation program: “msiexec /i "proplusrww.msi" /q” to setup /adminfile "LeoLi - Office2013.msp" in Programs tab, Uninstall program to “setup /x {91150000-0011-0000-1000-0000000FF1CE} /q”

NOTE: LeoLi - Office2013.msp  is the name you named in step 1




3.     Distribute Content and Deployment


3.1  Select the Microsoft Professional Plus 2013 application and click Distribute Content


Select the Distribution Point

3.2  Select the Microsoft Professional Plus 2013 application and click Distribute Content


Select the Deploy


We select “All Systems” , as we will use this as OSD deployment.





Sunday, January 13, 2013

SCCM 2012 SP1 Software Update Point and Endpoint Protection Point

1.       Open ‘Configmgr’ -> ‘administration’->’site Configuration’ -> ‘Server and Site System Roles’ -> Right click the site server which you want to add the roles to -> ‘add site system roles’



2.       As I am using Win2012, so for WSUS setting as follow


3.       Auto sync


Configure Alerts for Collections

Next let's configure Alerts for a Collection, but first let's create a collection called All Windows 7 Computers (in a LAB this is fine for what we want to do, in Production you should create EndPoint Protection specific Collections).

Note:- You cannot configure alerts for User Collections.Click on Assets and Complicance in the console,click on Device Collections and in the ribbon click on Create Device Collection.


Call the collection All Windows 7 Computers and limit it to All Systems

click next, choose Query Rule from the drop down menu and fill in a Query like so (edit query statement, criteria, show query language and replace the code with the below)

select *  from  SMS_R_System where SMS_R_System.OperatingSystemNameandVersion like "%Workstation 6.1%"

set the schedule as follows (it's a LAB)

click next through the wizard, the collection is now created.


In Assets and Compliance select Devices and choose Device Collections, select the All Windows 7 Computers collection (we have no computers in this collection yet but we will have soon), choose properties

Click on the Alerts tab and place a checkmark in View this collection in the Endpoint Protection Dashboard


click on Add and select all the options

click ok and leave the other Alert settings as they are

Configure SUP to deliver Definition Updates

1.    ‘\Software Library\Overview\Software Updates\Automatic Deployment Rules’
















SCCM - Configuring Client settings and Add Roles

Applied to:         SCCM
13 January 2013

About This Lab:

Install SCCM client by ‘push’ mode, all the targeted clients( in one device collection) will be pushed to install Sccm Client.

Will add the Application Catalog Web site Roles to SCCM server ( donot have to be same box), and tested this after SCCM Client Installed.


Pre request

Enable Discovery Methods

I have configured and enabled the ‘AD  User,Group and System Discovery Methods’, also created ‘Boundaries’ and one ‘Boundaries Group’ so far.


Define ‘Bondaries’ and create ‘Boundary Groups’


The site has ‘Component Server’ ‘Distribution Point’ ‘Management Point’, ‘Site Database Server’,  ‘Site Server’, ‘Site System’ roles installed.


Add the Application Catalog Web site Roles



b.      Web Service point

c.       IIS Settings

Push SCCM client

Configure Client Agent Settings

a.     Client Policy

Click on Client Policy and we'll set this to every 20 minutes as it's a LAB (the Default setting is 60 minutes), this means that once every 20 minutes the Client will contact it's Management Point for any new policy.

b.    Computer Agent

c.     Software Updates: again, this is a lab environment

Methods to install Configmgr client (SCCM Push)

We can install ConfigMGR Client with the following method:

·         Group Policy

·         SCCM Push

·         Manu

Some ports we need consider to open:

Ports Used During Configuration Manager Client Deployment


Windows Firewall Settings for Configuration Manager Clients





Remote Control (control)



Remote Control (data)



Remote Control (RPC Endpoint Mapper)



Remote Assistance (RDP and RTC)



Server Message Block (SMB)







Push Client:

Confirm the client has been installed






SCCM2012-SP1 SQL2012 WindowsServer2012

Prepare for installation:

<![if !supportLists]>1.       <![endif]>Join the server(w-sr-2) to Domain
<![if !supportLists]>2.       <![endif]>AD accounts:
Sccm_smsadmin  - Domain user, member of ‘Administrators’ on SCCM machine(W-SR-2), I will use this account to install SQL,WSUS and
Sccm_clientInstall - Domain user, admin of all the client computers.
<![if !supportLists]>3.       <![endif]>Create ‘System Management’ Container in AD
<![if !supportLists]>·         <![endif]>Open ‘ADSI Edit’,  ‘Default naming context’ -> ‘CN=System’ –> right click ‘New’ ‘Object…’->’Container’ ->  ‘Next’ -> type in ‘System Management’ as value.
<![if !supportLists]>·         <![endif]>Open ‘Active Directory Users and computers’ -> Click ‘view’ on the top manu,  ‘advanced Features’ -> ‘ System Management’ -> ‘All Tasks’ -> ‘Delegate Control’

When the ‘Welcome to Delegation of Control’ Wizard appears click next, -> ‘Add’ -> ‘Object Types’ ->  ‘Computers’. Type in your SCCM server name (w-sr-2 in my case)  -> ‘Check Names’, it should resolve. -> ‘next’ -> ‘Create a Custom Task to Delegate’ -> ‘Next’ -> ‘This folder, existing objects in this folder and creation of new objects in this folder’.
click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in FULL CONTROL, and click next then Finish.

Failure to do the above will mean that the System Management Container in AD will NOT POPULATE with ConfigMgr site info needed by the Clients and you will see many errors in your site status warning you of same.
Note: Repeat the above for Each site server that you install in a Hierarchy.
Step C needs ‘Domain Admin’ or ‘Enterprise Admin’ privilege rights.

<![if !supportLists]>4.       <![endif]>Extend AD Schema
Find \SMSSetup\Bin\x64\Extadsch.exe, right click and choose Run As another user, run it under ‘Schema Admin’ privilege.

Install SQL2012

Beta supports SQL 2012 RTM with a minimum of CU 2. ConfigMgr has very strict SQL collation requirement, pretty much across the entire System Center range, essentially only SQL_Latin1_General_CP1_CI_AS collation is supported. This has to be selected during installation if you are running a non-USA regional\system OS
Something handy to know ahead of the installs is that you can use CMTrace to view the resulting log files for the SQL 2012 RTM and CU 2 installations. Each execution creates a new folder on the following path called detail.txt:
C:\Program Files\Microsoft SQL Server\110\Setup Bootstrap\Log

To open a port in the Windows firewall for TCP access, open 1433 and 4022 on the SQL server.
netsh advfirewall firewall add rule name=”SQLServer” dir=in action=allow protocol=TCP localport=1433
netsh advfirewall firewall add rule name=”SQL Service Broker” dir=in action=allow protocol=TCP localport=4022
<![if !supportLists]>1.       <![endif]>Server stand-alone installation or add features to an existing installation

<![if !supportLists]>2.       <![endif]>SQL Server Feature Installation

<![if !supportLists]>3.       <![endif]>Select the following
<![if !supportLists]>·         <![endif]>Database Engine Services
<![if !supportLists]>·         <![endif]>Reporting Services – Native
<![if !supportLists]>·         <![endif]>Management Tools – Basic
<![if !supportLists]>·         <![endif]>Management Tools – Complete

<![if !supportLists]>4.       <![endif]>By default each of the services will be configured using a service-specific user account, we need to revert back to using NT AUTHORITY\SYSTEM
Do this for the SQL Server Agent, the SQL Server Database Engine and the SQL Server Reporting Services services
Click Account Name
Browse locally for SYSTEM and accept
Set the services Start-up Type to automatic

<![if !supportLists]>5.       <![endif]>When done, Select the Collation tab

If SQL_Latin1_General_CP1_CI_AS is not shown, click Customize otherwise skip this part
Select SQL collation, used for backwards compatibility Scroll down the list and choose SQL_Latin1_General_CP1_CI_AS

<![if !supportLists]>6.       <![endif]>Choose ‘Windows authentication mode’

Preinstall the SCCM machine:

<![if !supportLists]>a.       <![endif]>Make sure windows server is updated
<![if !supportLists]>b.      <![endif]>Install AIK
Nothing special, the following features installed:
Un-tick everything short of
Deployment Tools
Windows Preinstallation Environment (Windows PE)
User State Migration Tool (USMT)

<![if !supportLists]>c.       <![endif]>OS Features

Open a PowerShell prompt and type
Import-Module servermanager
Add-WindowsFeature BITS,RDC,Web-WMI,WDS
I’ve really cut this down, magic happens during the installs that results in what we need being switched on or installed
Note: .NET Framework 4.0 is built in to Server 2012 now, so no need to install it anymore!
<![if !supportLists]>d.      <![endif]>WSUS
Previously the WSUS installer wizard would be launched after we’d elected to install the role,  that would then allow us to configure the Database and Website settings. We now have this integrated pretty much into the role creation
Tick WSUS Services
Tick Database

<![if !supportLists]>e.     <![endif]>Configure SQL 2012 Maximum server memory usage
SQL will consume all your memory, as I installed it to same SCCM server box.  It needs to be throttled back:
Open SQL Server Management Studio and get the properties for the database up
Select Memory and change the maximum server memory setting

Features installed on the SCCM box

As I am using one VM to host both SQL and SCCM, I have experienced some issues, when I tried to installed so SCCM roles, and did quite a bit troubleshooting, but at the end, here is all the features installed.

[X] File And Storage Services

    [X] File and iSCSI Services

        [X] File Server

    [X] Storage Services

[X] Web Server (IIS)

    [X] Web Server

        [X] Common HTTP Features

            [X] Default Document

            [X] Directory Browsing

            [X] HTTP Errors

            [X] Static Content

            [X] HTTP Redirection

        [X] Health and Diagnostics

            [X] HTTP Logging

            [X] Logging Tools

            [X] Request Monitor

            [X] Tracing

        [X] Performance

            [X] Static Content Compression

            [X] Dynamic Content Compression

        [X] Security

            [X] Request Filtering

            [X] Basic Authentication

            [X] Centralized SSL Certificate Support

            [X] Client Certificate Mapping Authentic...

            [X] Digest Authentication

            [X] IP and Domain Restrictions

            [X] Windows Authentication

        [X] Application Development

            [X] .NET Extensibility 3.5

            [X] .NET Extensibility 4.5

            [X] ASP

            [X] ASP.NET 3.5

            [X] ASP.NET 4.5

            [X] ISAPI Extensions

            [X] ISAPI Filters

    [X] Management Tools

        [X] IIS Management Console

        [X] IIS 6 Management Compatibility

            [X] IIS 6 Metabase Compatibility

            [X] IIS 6 Management Console

            [X] IIS 6 Scripting Tools

            [X] IIS 6 WMI Compatibility

        [X] IIS Management Scripts and Tools

        [X] Management Service

[X] Windows Deployment Services

    [X] Deployment Server

    [X] Transport Server

[X] Windows Server Update Services

    [X] WSUS Services

    [X] Database

[X] .NET Framework 3.5 Features

    [X] .NET Framework 3.5 (includes .NET 2.0 and 3.0)

    [X] HTTP Activation

    [X] Non-HTTP Activation

[X] .NET Framework 4.5 Features

    [X] .NET Framework 4.5

    [X] ASP.NET 4.5

    [X] WCF Services

        [X] TCP Port Sharing

[X] Background Intelligent Transfer Service (BITS)

    [X] IIS Server Extension

[X] Remote Differential Compression

[X] Remote Server Administration Tools

    [X] Feature Administration Tools

        [X] BITS Server Extensions Tools

    [X] Role Administration Tools

        [X] Windows Server Update Services Tools

            [X] API and PowerShell cmdlets

            [X] User Interface Management Console

[X] User Interfaces and Infrastructure

    [X] Graphical Management Tools and Infrastructure

    [X] Server Graphical Shell

[X] Windows Internal Database

[X] Windows PowerShell

    [X] Windows PowerShell 3.0

    [X] Windows PowerShell 2.0 Engine

    [X] Windows PowerShell ISE

[X] Windows Process Activation Service

    [X] Process Model

    [X] .NET Environment 3.5

    [X] Configuration APIs

[X] WoW64 Support

SCCM installation

<![if !supportLists]>1.       <![endif]> 

<![if !supportLists]>2.       <![endif]> 

<![if !supportLists]>3.       <![endif]>Database Info.

<![if !supportLists]>4.       <![endif]>Client Comuter Communication settings: