Throughout this blog, we're only going to be working in the Site Management node.
You'll first want to right click your site name, and go to properties.
Once there, you'll want to head to the Advanced tab. In the advanced tab you'll want to check the boxes for "Publish this site in Active Directory" and "Publish the default management point in DNS". Once they're selected, press Ok.
Next, move down to the Boundaries section. Boundaries are extremely important in ConfigMgr to help manage your clients. You can create boundaries based on an IP Subnet, IP range, or an Active Directory site. So start out by click "New Boundary", enter a description, then put in either an IP Subnet, IP Range, or a AD Site name followed up by select if the boundary is connected to the Primary Site server by a slow connection or a fast connection.
Once your boundary is configured, click the Client Agents section. In this you should see the follow agents if you followed my previous guide.
Start out by double clicking the Hardware agent to configure it's settings. (The settings I put in here might not be the recommended, but it's what I use in my 1,000 client production environment and it works fine.) Change the schedule to custom, then click Customize and change the recurrence to 10 minutes. Then click Ok, and Ok.
The next agent that needs modified is the Computer Client agent. Double click it to open it up, and then start out by configuring the Network Access Account by click Set.
In my case I'm using a service account that I setup for ConfigMgr called smsadmin. Enter the information for your service account then click Ok.
Next ( and once again I point out that my settings work great in my environment but might not in yours) check the Policy polling interval to 2 and the state message reporting cycle to 4.
Now switch over to the Customization tab and enter whatever you want into the customizable fields.
On the BITS tab, I've disabled BITS by selecting the Not configured option. Obviously in your environment you might want this, but in my virtual environment I don't need it.
Finally switch over to the Restart tab and mine and my companies preferance is to have the restart countdown at 30 minutes and the final notification at 3.After setting that, click Ok to close out of the Client agent.
The next agent to configure is the Remote Tools agent. For this you'll want to create a security group containing all the users that you want to allow to remotely control any clients in your site. In my case I've got three security groups for this purpose that also tie into other ConfigMgr security settings. They are Desktop Administrators, Server Administrators, and Help Desk. Below you'll see pictures for each tab of the Remote Tools client, and you'll see where I've put these groups in. You'll just need to do something similair.
That's all the agents that I'm going to cover, next go down to Client Installation Methods, and double click Client Push Installation to configure it. You'll want to enable it, then select what type of systems to push the client to. In my case, I only want it to push to workstations since if a server system doesn't have BITS installed the server will reboot automatically. (Not good for production).
Next under accounts, list the accounts that ConfigMgr should try to use to push the client onto a workstation. In my environment I'm going to have it first try the smsadmin account, followed up by the local administrator on the box.
After configuring Client Push, you should head to Discovery Methods so that ConfigMgr can find workstations and server to have as clients. Of course you can manually add clients to your site, but it's easier to combine client push and discovery. As long as you've configured your boundaries you don't need to worry about ConfigMgr getting out of control with installing clients and such. In the Discovery Methods section, set everything according to your environment. In my lab I've geared Active Directory towards working easily with ConfigMgr so all my stuff is pretty simple. But say your company has all your users split up in AD based on Country, State, and then City. If that's the case then you can add multiple discovery points like in the picture below. When it comes to how often ConfigMgr looks to AD, I prefer at most every hour. In some cases I have it set to every 5-10 minutes.
At this point you should begin seeing clients in the All Systems collection. If you're not then you've prolly got some security settings messed up somewhere. A quick way of seeing if something is really wrong is by going to the System Status section in ConfigMgr. You might find a log were ConfigMgr is unable to find the System Management container. If that's the case then you need to give the computer name account that hosts your primary site full control over the System container in AD. You also need to make sure that your network access account has Administrative rights on any workstation in your domain. You can do this via GPO. From here you can start creating packages and advertisements, along with task sequences for OSD.
No comments:
Post a Comment