Installing SMS — Step by Step
Now that you understand the basic concepts
behind Systems Management Server 2003 SP1, you can install a site
server and create a site hierarchy! In this section, you learn how
to install a site server, configure a site, and enable and
configure site systems.
Extending Active Directory
As you know, SMS may publish data in the
Active Directory database so that advanced clients can discover
site systems on the network. For this to happen, the active
directory schema has to be extended, a container named System
Management has to be created in Active Directory, and the SMS
Service account (or Site Server computer account in advanced
security) must have Read, Write, Create All Child Objects, and
Delete All Child Objects rights to this container.
All of these actions can be done by the SMS
installation, as long as the logged-on user account during
installation has all the necessary rights to create objects in
Active Directory and extend the Active Directory schema. However,
these actions may need to be performed by someone other than the
SMS administrator in some situations. If this is the case, these
tasks need to be performed manually according to the instructions
that follow.
To create the system management container, execute
the following steps:
-
Log on to a domain controller using an
account with rights to create objects in Active Directory.
-
Click on the Start menu, and select Run.
-
Type ADSIedit.msc and
click OK. The ADSI Edit management console appears, as shown in
Figure 4-8.
Figure
4-8
-
Expand the domain node, and then expand the
System container. The ADSI Edit management console appears, as
shown in Figure
4-9.
Figure
4-9
-
Right-click the System container and then select New
Object. The Create Object dialog
box appears, as shown in Figure 4-10.
Figure
4-10
-
Select container in the Select a class list
box and click Next. The Create Object dialog box appears, as shown
in Figure 4-11.
Figure
4-11
-
Type
the container name, System Management. Click Next. The Create
Object dialog box appears, as shown in Figure 4-12.
Figure
4-12
-
Click the Finish button. The new container is
created.
Once the container is created, you need to give the
required rights on it to the SMS Service account (if using Standard
Security) or the SMS computer account (if using Advanced Security).
To give the account the correct rights, execute the following
steps:
-
Log on to a domain controller using an
account with administrative rights.
-
Click the Start menu, select Administrative
Tools, and click Active Directory Users and Computers.
-
Click the View menu and select Advanced
features. Notice that system containers will be displayed in the
Active Directory Users and Computers management console, as shown
in Figure 4-13.
Figure
4-13
-
Right-click on the System Management
container and click Properties. In the System Management Properties
dialog box, click the Security tab. The System Management
Properties dialog box appears, as shown in Figure 4-14.
Figure
4-14
-
Click the Add button. The Select Users,
Computers, or Groups dialog box appears, as shown in Figure 4-15.
Figure
4-15
-
Click
the Object Types button. The Object Types dialog box appears, as
shown in Figure
4-16.
Figure
4-16
-
Make sure the Users and Computers check boxes
are selected. Click OK.
-
Click the Advanced button. The Select Users,
Computers, or Groups dialog box appears, as shown in Figure 4-17.
Figure
4-17
-
Click the Find Now button to view all user
and computer accounts.
-
Select the SMS Service account for standard
security, or the SMS computer account for advanced security. Click
OK.
-
With the account selected, enable the Allow
option for the following rights:
-
Read
-
Write
-
Create All Child Objects
-
Delete All Child Objects
-
Click OK.
Now that the System management container is created
and correctly configured, you still need to extend the Active
Directory schema if you want to allow SMS 2003 to publish data to
the Active Directory database. To do so, execute the following
steps:
-
Log on to a domain controller using an
account with schema administrative rights (a member of the Schema
Admins group).
-
Click the Start menu and select Run.
-
Click the Browse button and navigate to the
SMSSETUP\BIN\I386 folder in the SMS installation CD.
-
Select the extadsch.exe file and
click OK. Click OK again to start the schema extension. A command
prompt window appears, as shown in Figure 4-18.
Figure
4-18
In Windows 2000, you will need to enable
schema updates before running the preceding instructions. To enable
schema updates, follow the steps provided at http://www.support.microsoft.com/default.aspx?kbid=285172.
Installing SMS 2003 SP1
Now that you know what options you will use
for the SMS implementation in your environment, it's time to
install the software. Because this will be the first SMS
installation in your environment, you will install a primary
server. The instructions that follow take you step by step through
this process. In our example, we install SMS in advanced security
mode using a local SQL Server 2000 database.
-
Using an administrative account, log on to
the computer where SMS will be installed.
-
Start the SMS setup from the CD. If the setup
screen does not appear after inserting the CD, run the
autorun.exe file in the root folder of the CD. The Systems
Management Server 2003 Setup window appears, as shown in Figure 4-19.
Figure
4-19
-
Click the SMS 2003 link. The Welcome dialog
box of the Systems Management Server Setup Wizard appears, as shown
in Figure
4-20.
Figure
4-20
-
Click Next. The System Configuration dialog
box of the Systems Management Server Setup Wizard appears, as shown
in Figure 4-21.
Figure
4-21
-
Click Next and the Setup Options dialog box
appears, as shown in Figure 4-22.
Figure
4-22
-
Select the Install an SMS primary site radio
button to install a primary site server, and click Next. The
Installation Options dialog box appears, as shown in Figure 4-23.
Figure
4-23
-
Select the Custom Setup radio button to
specify what components to install, or the Express Setup to install
the SMS Server software and the SMS Administrator Console. In this
example, we selected Custom Setup.
-
Click Next and the System Management Server
License Agreement dialog box appears, as shown in Figure 4-24.
Figure
4-24
-
Click Print to print the license agreement in
case you want to file the agreement with your server
documentation.
-
Select the I Agree radio button to accept the
agreement.
|
Note |
If you select the I do not agree radio
button, you will not be able to continue the setup application.
|
-
Click Next. The Product Registration dialog
box appears, as shown in Figure 4-25.
Figure
4-25
-
Type your name in the Name text box, your
company name in the Organization text box, and your Product Key in
the Product Key text box. The product key can be found in the
installation CD cover or in the documentation for your Enterprise
Agreement.
-
Click Next. The SMS Site Information dialog
box appears, as shown in Figure 4-26.
Figure
4-26
-
Type a
three-character site code to represent your site in the Site code
text box.
|
Note |
SMS site codes have to be unique across the
enterprise and cannot be changed once SMS is installed.
|
-
Type a site name in the Site name text
box.
-
Verify that your domain name appears in the
Site domain text box.
-
Click Next. The SMS Active Directory Schema
dialog box appears, as shown in Figure 4-27.
Figure
4-27
-
Enable the Extend the Active Directory Schema
check box if you want to extend the schema at this moment. Remember
that the logged-on account must have schema administrative rights
in order for this to work. You do not need to enable this check box
if you have extended the schema manually.
-
Click Next. The SMS Security Information
dialog box appears, as shown in Figure 4-28.
Figure
4-28
-
Select the Advanced Security or Standard
Security radio button, according to the desired security mode. If
you choose standard security you must use a user account for the
SMS Service. In our example, we will use advanced security.
-
Click Next. The SMS Primary Site Client Load
dialog box appears, as shown in Figure 4-29.
Figure
4-29
-
Type the approximate number of SMS clients to
be supported by the site in the Number of SMS clients text box.
This number is only used to calculate the initial size for the SMS
database. You will be able to add more clients if
necessary.
-
Click
Next and the Installation Options dialog box appears, as shown in
Figure 4-30.
Figure
4-30
-
Enable the check boxes that represent the
components you wish to install according to the following list:
-
System Management Server:
Installs the SMS software. This option cannot be unchecked when
installing a site server.
-
SMS Administrator
Console: Installs the MMC console used to manage SMS. This
option cannot be unchecked when installing a site server.
-
Remote Tools: Installs
the SMS Remote Tools to allow remote access to the server.
We discuss Remote Tools
later in this book. In our example, we will not enable Remote Tools
at this point.
-
Click the Browse button to select a folder to
install the SMS software. The default folder is displayed to the
right of this button as C:\SMS.
-
Click Next. The SQL Server Information for
SMS Site Database dialog box appears, as shown in Figure 4-31.
Figure
4-31
-
Type the name of the SQL Server computer that
will store the SMS database in the Computer running SQL Server text
box. The SMS Setup Wizard can create the database for you if the
database is located on the same computer as the SMS site server. If
this is not the case you will have to create the database manually.
Also, the SMS Service account (standard security) or the SMS
computer account (advanced security) must have local administrative
privilege on the computer running SQL Server.
-
Click Next. The Creation of SMS Site Database
dialog box appears, as shown in Figure 4-32.
Figure
4-32
-
Specify whether the SMS Setup Wizard will
create the SMS site database. Remember that this is possible only
if the database server is the same computer as the SMS site
server.
-
Click Next. The SMS Site Database Name dialog
box appears, as shown in Figure 4-33.
Figure
4-33
-
Type the name of the SMS database in the
Database name text box.
-
Click Next. The SQL Server Directory Path for
SMS Site Database dialog box appears, as shown in Figure 4-34.
Figure
4-34
-
Type
the path to a folder that will hold the database and transactional
log files for the SMS site database or use the Browse button to
select the folder.
|
Note |
For performance and maintenance issues, we
recommend that the data file and log file for a database be located
in different drives. This cannot be done during SMS setup. It must
be done through SQL Server at a later time.
|
-
Click Next. The Concurrent SMS Administrator
Consoles dialog box appears, as shown in Figure 4-35.
Figure
4-35
-
Type the estimated number of concurrent
connections to the SMS Administrator Console in the Number of SMS
Administrator consoles text box. This information is used to
configure SQL Server memory usage.
-
Type the estimated number of connections to
the SQL Server database in the Minimum number of SQL Server
connections text box. This information is used to configure SQL
Server memory usage.
-
Click Next. The Completing the Systems
Management Setup Wizard dialog box appears, as shown in Figure 4-36.
Figure
4-36
-
Check the information displayed in the text
box. If changes are necessary, click the Back button and execute
the changes.
-
Click the Finish button. The installation
initiates and a screen similar to the one in Figure 4-37 appears.
Figure
4-37
Congratulations! If everything worked as
expected, you now have SMS installed and ready to use!
Basic Site Configuration
Once
your server is installed, it still needs to be configured in order
for the SMS environment to work correctly. In this section, we
cover the basic configuration steps necessary for an SMS site
server to work properly. You learn how to use the SMS Administrator
Console to configure site systems, computer discovery, and client
installation.
Configuring Site Systems
Once your SMS site server is installed,
certain settings have to be configured to allow the SMS environment
to work correctly. A Server Locator Point site system is required
to allow clients to locate the site server, and a Management Point
is required for advanced clients to function properly.
Such settings are managed through the SMS
Administrator Console. The SMS Administrator Console is an MMC tool
that allows SMS Administrators to view and manage settings in an
SMS hierarchy. The console is installed by default in any server
running SMS and can also be installed on a workstation.
Before we start configuring the SMS hierarchy,
let's explore the SMS Administrator Console. To view settings in
the SMS Administrator Console, perform the following steps:
-
In the Start menu, point to All Programs
Systems Management Server, and
click SMS Administrator Console. The SMS administrator console
appears, as shown in Figure 4-38.
Figure
4-38
-
Once
the console connects to the site database, expand the Site Database
node. The SMS administrator console appears, as shown in Figure 4-39.
Figure
4-39
-
To view the site systems in use, expand Site
Hierarchy, your site name, Site Settings, and click Site Systems.
The list of site systems appears, as shown in Figure 4-40.
Figure
4-40
-
As you
can see, the site system plays the roles of Client Access Point and
Distribution Point by default. To enable the Server Locator Point
and Management Point roles for the site server, right-click the
site server and click Properties. The Site Systems Properties
dialog box appears, as shown in Figure 4-41.
Figure
4-41
-
Click the Server Locator Point tab, as shown
in Figure 4-42.
Figure
4-42
-
Enable the Use this site system as a server
locator point check box.
-
Select Use this site database in the Database
list to connect to the site database.
-
Click on the Management Point tab of the Site
Systems Properties dialog box, as shown in Figure 4-43.
Figure
4-43
-
Enable
the Use this site system as a management point check box.
-
Select Use this site database in the Database
list to connect to the site database.
-
Click OK. Because this isn't a default
management point for your site, the message in Figure 4-44 appears.
Figure
4-44
-
Click Yes. SMS begins installing the
management point.
During the installation of site systems, SMS uses a
service called the SMS Server Bootstrap. To view this service and
verify if the Server Locator Point and Management Point roles were
installed successfully, perform the following steps:
-
In the Start menu, point to Administrative
Tools, and click Services. The services window appears, as shown in
Figure 4-45.
Figure
4-45
|
Note |
You may have to scroll down to see the
SMS_BOOTSTRAP service. If you still do not see it, click the
Refresh button in the toolbox.
|
-
To verify if the Management Point site system
role is running, keep refreshing the services window. Once the
service is installed, the service windows appear, as shown in
Figure 4-46.
Figure
4-46
The Management Point system role
requires Background Intelligent Transfer Service (BITS Service
Extensions). To install BITS, follow the steps in
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/.mspx.
Computer Discovery
Now that your SMS environment is set up, you
need to deploy SMS clients on your network. Before deploying
clients, SMS must discover the resources available in your network
and identify what resources will require the client to be
installed. SMS uses multiple discovery methods to gather
information related to resources on your network. A resource is any
object discovered by SMS, such as user accounts, groups, computers,
routers, and printers.
Once SMS discovers a resource, it creates a
discovery data record (DDR) in the site database. DDRs are used to
populate collections, and for querying and reporting. DDRs are
gathered using one or more of the following discovery methods:
-
Windows User Account
Discovery: Used to discover user accounts in a Windows domain
without Active Directory.
-
Windows User Group
Discovery: Used to discover group accounts in a Windows domain
without Active Directory.
-
Heartbeat Discovery: Used
to contact computers that have been previously discovered to
identify if they are still in the network. By default, this
discovery process runs once a week.
-
Network Discovery: Used
to find devices connected to the network, such as computers,
printers, and routers. It can be used to scan specific subnets,
Windows domains, and SNMP communities.
-
Active Directory System
Discovery: Used to discover computers based on computer
accounts in Active Directory.
-
Active Directory User
Discovery: Used to discover users based on Active Directory
user accounts.
-
Active Directory System Group
Discovery: Used to discover groups based on Active Directory
group accounts.
Running Discovery
Now that we know about the different
discovery methods, let's run discovery and populate the site
database with DDRs. If this is the first time you run discovery, it
is interesting to verify the existence of any resource in the site
database prior to running the discovery process, just to make sure
discovery is really populating data. This is done by checking the
SMS collections. A collection is a group of users, user groups, or
computers in SMS. To verify the existence of resources, perform the
following steps:
-
In the SMS Administrator Console, expand Site
Database, and Collections. The list of collections is displayed, as
shown in Figure
4-47.
Figure
4-47
-
Select the All Systems collection. Verify
that the details pane is empty.
To run system discovery, perform the following
steps:
-
In the SMS Administrator Console, expand Site
Database, Site Hierarchy, your site, Site Settings, and click
Discovery Methods. The list of discovery methods is displayed, as
shown in Figure
4-48.
Figure
4-48
-
Right-click Active Directory System Discovery and
click Properties. The Active Directory System Discovery Properties
dialog box appears, as shown in Figure 4-49.
Figure
4-49
-
Enable the Enable Active Directory System
Discovery check box to enable discovery to happen.
-
In the Active Directory Containers list,
click the asterisk button to add an entry. The Browse for Active
Directory appears, as shown in Figure 4-50.
Figure
4-50
-
Enable one of the following options:
-
Local domain: To search
the local domain.
-
Local forest: To search
the entire forest.
-
Custom LDAP or GC query:
To use an LDAP query.
In this example, we will use the custom LDAP
option. Therefore, enable this option and click the Browse button.
The Select New Container dialog box appears, as shown in Figure 4-51.
Figure
4-51
-
Select the Computers container in your domain
and click OK. The Browse for Active Directory dialog box appears,
as shown in Figure
4-52.
Figure
4-52
-
Enable the Recursive check box to discover computer
accounts in subcontainers within the Computers container. Click
OK.
-
Click the Polling Schedule tab of the Active
Directory System Discovery Properties dialog box to schedule the
discovery. See Figure
4-53.
Figure
4-53
-
You may click the Schedule button to schedule
discovery in a different interval. For testing purposes, enable the
Run discovery as soon as possible check box and click OK.
-
Repeat Steps 2 through 9 for Active Directory
User Discovery and Active Directory System Group Discovery. Make
sure to select Local domain for Step 5.
-
To verify if discovery was successful,
right-click the All Systems collection, point to All tasks, and
click Update Collection Membership. The All Systems dialog box
appears, as shown in Figure 4-54.
Figure
4-54
-
Click OK. The list of systems is displayed,
as shown in Figure
4-55.
Figure
4-55
It may take a while for
the collection to update. You may have to click the Refresh button
in the toolbar. You may also have to click another container and
click back on the All Systems collection to force the list of
systems to be displayed.
-
Right-click one of the discovered computers
and click Properties. The system Properties dialog box appears, as
shown in Figure 4-56.
Verify the Agent name entry; it displays the discovery agent used
to gather the information related to this DDR.
Figure
4-56
Installing the SMS Client
SMS
Clients are divided into two main types: Advanced and Legacy. A
third client, the Mobile Client, is used for Windows Pocket PC
devices. We focus on advanced clients and legacy clients in this
chapter.
Basically, a client type is selected based on the
client computer operating system. The Legacy Client supports the
Windows 98 and Windows NT4 SP6 and later operating systems, while
the Advanced Client supports only Windows 2000 or later versions.
The table that follows summarizes the differences between the
clients.
Once you have decided what client or clients will
be installed you still have to determine how installation will
occur. You can use Group Policy, logon scripts, pre-imaged
installation, manual installation, or even push the installation
from SMS 2003.
To properly install the SMS client, you need to
know what file, or files, are used for setup. The table that
follows lists the different setup files available in a share called
SMSClient, which is automatically created by the SMS installation
wizard.
Because we
are focusing on SMS and MOM technologies, we will use the SMS
Client Push installation to install the SMS client. Once Client
Push Installation is enabled, it will push the installation to
newly discovered and assigned computers by connecting using a
specific account and running ccmsetup.exe (for Advanced clients) as
a service in the local client. Needless to say, the account in
question needs local administrative privilege on the client
computer. To enable the Client Push Installation process, perform
the following steps:
-
In the SMS Administrator Console, expand Site
Database, Site Hierarchy, your site, Site Settings, and click
Client Installation Methods. The list of installation methods is
displayed, as shown in Figure 4-57.
Figure
4-57
-
Right-click Client Push Installation and
click Properties. The Client Push Installation dialog box appears,
as shown in Figure
4-58.
Figure
4-58
-
Enable the Enable Client Push Installation to
assigned resources check box.
-
In the System types panel, enable the check
boxes that represent the types of systems on which to install the
SMS client. In our example, enable Servers, Workstations, and
Domain controllers.
-
Enable the Enable Client Push Installation to
site systems check box to allow the SMS client to be pushed to SMS
site systems.
-
In the Client types panel, select the types
of clients to be installed according to the list that follows:
-
Legacy Client: Install
only legacy clients.
-
Advanced Client: Install
only advanced clients.
-
Platform Dependent:
Install legacy clients on computers running Windows 98 and Windows
NT4 SP6, and advanced client on computers running Windows 2000 or
later.
-
Click the Accounts tab of the Client Push
Installation dialog box, as shown in Figure 4-59.
Figure
4-59
-
In the Accounts list, click the asterisk
button. The Windows User Account dialog box appears, as shown in
Figure 4-60.
Figure
4-60
-
In the User name box, type the name of the
user account to be used for installation; remember to type it as
DOMAIN\USER.
-
In the Password and Confirm password boxes,
type the account password. Click OK twice.
|
Note |
Installation occurs the next time discovery
runs. You can either force discovery to start the installation
process, or right-click a computer in a collection, point to All
Tasks, and click Install Client to use the Client Push Installation
on the selected computers.
|
-
To verify the installation process, open Task
Manager on the client computer. You should be able to see the
ccmsetup.exe process, as displayed in Figure 4-61.
Figure
4-61
-
Once the installation is done, you will be
able to verify in the client computer that a new applet, called
Systems Management, is available in Control Panel, as shown in
Figure 4-62.
Figure
4-62
-
Back on the SMS server, refresh the All
Systems collection. Verify that the computers that have the client
installed display client information in the detail pane.
|