View RSS Feed


How to - System Centre Configuration Manager - Part 1 (Pre-req's)

Rate this Entry
by , 8th January 2012 at 06:10 PM (15477 Views)
Ive had a lot of contact from people asking about installing System Centre Configuration Manager (SCCM) – having all sorts of issues with it. Normally – this install and config to the basics of doing a build and capture, through to the end game of it deploying your network clients for you!

Im not going to cover AD or DHCP – other than saying have 2 accounts setup ready to use, something like SCCMAdmin and SCCMClient. Make sure that you arent running SCCM on the same server as DHCP; and if at all possible, run it on dedicated hardware.

This is going to be a 3 part post – this one (the first) will deal with the getting started bits. The stuff you really need to read and follow to avoid issues later.

First Steps

Rule 1 – make sure you have all your prerequisites done. No, seriously – really do. The amount of times this happens!

1. Do the AD Schema update
Its not as terrible as it sounds! If you’ve not extended the Active directory schema before – this is a good guide… WindowsNoob SCCM Schema Update.

2. Remote Differential Compression
It is needed, so in Server Manager, on the Features node, start the Add Features Wizard.On the Select Features page, select Remote Differential Compression. Job done.

3. Windows Deployment Services
WDS – well, Im assuming you will be wanting to use the killer automated Operating Systems deployment! Add the WDS role – but do not (I repeat really DO NOT) configure it. Don’t even open its console!a

[I]4. IIS[/I
]IIS – yes, SCCM “needs” IIS, make sure you give it all this bits of it that it needs. There are a few, and 9 times out of 10 – you will miss one!

The following Web Server role services should be installed.

IIS Role Services

Web Server
Common HTTP Features (in IIS 7.5 [Server 2008 R2] – you will find WebDav here which you also need to add)
Static Content
Default Document
Directory Browsing
HTTP Errors
HTTP Redirection

Application Development
.NET Extensibility
ISAPI Extensions
ISAPI Filters

Health and Diagnostics
HTTP logging
Logging tools
Request Monitor

Basic Authentication
Windows Authentication
URL Authorization
Request Filtering
IP and Domain Restrictions

Static Content Compression

Management Tools
IIS Management Console
IIS Management Scripts and Tools
Management Service
IIS 6 Management Compatibilty
IIS 6 Metabase Compatibility
IIS 6 WMI Compatibility
IIS 6 Scripting Tools
IIS 6 Management Console

Now, after you’ve got that little lot all installed, time to do a bit of configuring!

URL Authorization Feature:
When the Authorization feature opens, make sure that an Allow rule is defined that includes the administrator account

Authentication Feature:
Right click on Windows Authentication and choose Enable

WebDav Feature:
This one should come with a health warning! In IIS7.5 [Server 2008 R2]– this is a role service not an additional install. For IIS7 [Server 2008] – download and install from Microsoft download centre.

Then configure as follows…

1.Startup IIS Manager and in the Connections pane, expand the Sites node in the tree, then click the Default Web Site, then double-click the WebDAV Authoring Rules icon.
2. Click enable webdav in the Actions pane on the right side. Once you've clicked it it will then say 'Disable webdav' so be sure not to click there again, now we need to click the Add Authoring Rule task in the Actions pane.

Allow actions To All
Allow access to this content to All Users
Permissions Source, Read, Write
3. Start IIS Manager, select the server and select Stop from the actions.
4. Start Explorer and navigate to C:\Windows\System32\inetsrv\config\schema.
5. Right-click WebDAV_schema.xml and select Properties.
6. Select the Security tab and click the Advanced button.
7. Select the Owner tab and click Edit. Change the owner to administrators so the permissions can be changed.
8. Select the Permissions tab and grant your user or administrators Full Control via the Change Permissions button. Click OK, and then open the WebDAV_schema.xml file in Notepad. Find the area below and make sure the values are set as shown:

<attribute name="allowAnonymousPropfind" type="bool" defaultValue="true" />
<attribute name="allowInfinitePropfindDepth" type="bool" defaultValue="true" />
<attribute name="allowCustomProperties" type="bool" defaultValue="false" />
9. Click Save.
10. Start the IIS service in IIS Manager

These settings you can make in IIS Manager, but Ive found that they don’t actually set in the xml file 9 times out of 10 – so doing it this way prevents it being a worry. IIS reads this file when it starts so it appears correctly.

Now you should be ready to do the install, which will be covered in Post 2 in a few days time.


  1. denzal2k4's Avatar
    Brilliant looking forward to part 2, been wanting to set this up for a while.Only issue is we currently already have WDS configured and running, is this a problem? Should we just remove the role and start again whilst keeping the images we already have?
  2. TheScarfedOne's Avatar
    No, and no! I will cover what to do if you already have WDS already installed. It depends whether you are putting SCCM on the same server, or if you want to keep your current WDS running while you test and set up SCCM. I would go with option 2 if you can....
  3. denzal2k4's Avatar
    Ok, i'm gonna give it a test on a clean vm, any ideas when part 2 is out?

  4. TheScarfedOne's Avatar
    Part 2 is live, Parts 3 and 4a will be live by Wednesday.
  5. FN-GM's Avatar

    Just to say thanks for posting. I will be following this guide in my test lab.

  6. FN-GM's Avatar

    I have just been skimming over your posts. At the moment we use another bit of software that uses PXE to image computers. If i install WDS on a server but do not configure when a client PXE boots will it boot into WDS?

  7. TheScarfedOne's Avatar
    Hi - sorry didn't see this, Im not getting the alert emails from blog comments. No, SCCM/WDS will only boot PXE if its own provider is set up. So - just installing the role isn't enough to take over the other software. Im guessing FOG? This is what I did - just disabled the PXE service when I wanted to carry on using FOG.


Total Trackbacks 0
Trackback URL: