Just a general rant:
So I am trying to install the evaluation of SCCM but am getting really annoyed with the documentation. Why do MS have such a hard job of making straightforward documentation without having subdocuments within subdocuments within sub...etc etc!
Example: I am currently working through the prerequisites and wanted to install all the necessary things to get all the features working off the bat. So I work through these linked documents "Getting started with Configuration Manager" -> "Prerequisites for installing Configuration Manager" -> "Prerequisites for Native Mode" -> "Certificate requirements for Native Mode" -> "Deploying the PKI Certificates required for Native Mode" -> "Step by step example deployment of the PKI certificates required for Configuration Manager Native Mode: Windows Server 2008 Certification Authority"
The first annoying thing is that after wading through all the rubbish the actual instructions are very straightforward and more annoyingly after reading these, not insubstantial, documents I find that there is a step that requires SCCM to be installed! How can the certificates be a requirement of SCCM when SCCM needs to be installed to install the certificates :mad::mad::mad:
Anyone else find this a throughly frustrating experience.
Argh!! Now I install SCCM it tells me I need the certificates in place :mad:
In order to use SCCM in native mode, you have to have a PKI already setup and ready to use. The cert can be requested using the MMC snap-in for certificate management and you have to have document signing (which I believe requires a CA running on an enterprise server if you are using MSFT CA) server auth and client auth. I do not believe mixed mode has that same limitation. ALl of your client computers need a cert too for signed communication to the server(s)
Ok I worked through it and have SCCM up and running.
The confusion came from a badly worded section of the setup instructions. During the certificate creation you have to have to input some info that it says to get from the SCCM management console (which of course isn't installed yet). You actually have to make a decision in advance and setup SCCM to match the info in the certificate.
Where did you find the documentiation? I'm looking for a setup guide in another post thats all...
Originally Posted by sparkeh
Well the technet homepage for SCCM is here
I would look at Getting started with SCCM. Then weep.
Just ask if you need any help as I have it installed now. Just gotta configure it now.
Your fun has only just begun!
Originally Posted by sparkeh
" If Configuration Manager 2007 is deployed without sufficient planning, it is possible to disrupt your entire network "
Thats the first bit that worries me, and it's only in the introduction!
The important parts where are the 'client push' installation of config manager, 'boundaries' and 'unsupported computers' with PXE booting.
Originally Posted by adamchapman
We have 2 domains at the moment, I set the site boundary to be an AD domain. This'll limit pushing config manager onto CC3 machines which I really don't want. If you have one domain, plan your boundary and method of boundary carefully.
Although it easy to create a default task sequence (build) and let unknown computers run a task sequence you could destroy a site very quickly. Best stick passwords on your task sequence and don't support unknown computers.... just build the ones you want to build until you get the hang of things.
As TheBlackSheep says it could destroy your network but I think you would have to be pretty reckless to actually do this.
Originally Posted by adamchapman
I have SCCM installed on a DC but have left DHCP settings to point my FOG box (which SCCM is going to replace) and haven't installed the client or the certificates to any workstations yet so I can't see it causing any issues. I believe I can setup boundaries to only include one OU in AD so I can essentially cordon off a test area before I roll it out.
Checkout www.windows-noob.com they have pages of easy to follow guides on SCCM
I have finally got ours to play ball and its a lot lot easier than messing about building images with ghostcast
myitforum.com is also very good.
Originally Posted by robbie-w
windows-noob.com has it all with nice guides for your test lab tho.
Thanks for all the advice guys. I think I'm going to test, then deploy over summer - just in case!
I am setting up SCCM 2007 in a test environment and I have 3 workstations in the lab, A Windows 2008 Standard server as a DC, a Windows 2008 standard server for MDT and SCCM2007 and finally 1 Windows 7 enterprise workstation has a client.
Originally Posted by msnriggs
I am in the process of creating a PKI infrastructure before I install SCCM but have learnt from the notes I am following that I need a DC with enterprise edition installed and also hosts the active directory certificate services role and is configured as an enterprise root certificate authority. http://technet.microsoft.com/en-us/l.../cc872789.aspx
When setting up SCCM there is a mixed mode, if I use this what functionality will i use, we dont use SMS 2003 and i know mixed mode is more for sites who are using SMS.
Any help would be appreciated.
So will I not be able to a PKI without enterprise, that is a problem because our production DC's are all 2008 standard.
Shame I didnt notice this earlier really.
With one domain, I followed windows-noob and went for mixed mode for an array of reasons [this was last year now so dont ask me what they were other than the native needing cert etc :)] and found it to be quite fun (the guides on there are good but its not always exactly clear) getting things to play ball.
Dont under estimate how much there is to learn with SCCM... theres so many functions and settings that even the best of brain sponges out there probably havent found everything.
BTW Respond to Unknown Computers for PXE booting is only in the R2 of SCCM 2007 btw just for info ;) and yes, SP2 is required for full Win 7 compatibility [well, i use full compatibility loosely as we havent got that far yet to know if thats exactly true or not ;)]
On a diff domain, I followed a MS best practice type of guide - cant find the link right now but I did find after I'd finished what was in the guide this:
Windows Administrator's Forum • View topic - Windows 7 Deployment: with MDT 2010 and SCCM 2007
which is basically the guide that someone has turned into a web page and added some handy screenshots etc.
The snag about this guide [the MS one] is that it doesnt explain anything to you, you just follow steps until your done and then it seems to be assumed that you know what to do hehe
S'all good fun I guess.