Post 9 – Deploying Client and managing client settings

In the previous post we in this post we set boundaries and discovered some of the systems. In this post we will deploy the client to the servers.

Post 9 – Deploying Client and managing client settings

Deployment of the Client (Agent) to the computer. You can deploy by the agent by many different ways; Client pushing, group policy, software update point (Wsus), manually installing it, login script, software distrubition, OS deployment, or have it by part of the image placed on the computer.

There are three different client installation files in Configuration Manager:

Client.msi = never used directly, this is called by CCMsetup.exe during an install

CCMSetup.msi = Used exclusively by Group Policy. Used in addition with a pair of custom ADM files

CCMSetup.exe = Used for everything else

the Technet article helps explain more information about these different client installation files: http://technet.microsoft.com/en-us/library/gg699356.aspx

 

The first thing we have to do is set up Client Settings. Open Configuration Manager, select Administration and select Client settings. You can now set more than one client setting and set priorities. For example the default client settings aren’t set and have a priority of 10,000 (lowest priority).

client settings

Configuration Manager client settings

BITS is a fantastic bandwidth throttling function. You can ensure your network will not become overburdened during the time-frame you specify and you can set up the maximum transfer rate. On a Wan you would probably want this value to be true, if the clients are on your local network you may want to leave it off.

bits

BITS settings

Client Policy – The client policy is by default every 60 minutes. User policy polling helps deploy out applications to users.

client policy polling

Client Policy settings

Computer Agent- these identify what sorts of notification users will get. What is the organization name, What are the install permissions, etc. Other settings will be covered later.

computer agent settings

Computer Agent settings

Computer Restart – How do you want to notify users that a restart is pending? When do you want to notify users a restart is going to occur?

computer restart

Computer Restart settings

Power Management – Do you want to allow power management of devices? Do you want users to be able to turn this on and off?

Power Management options

Power Management settings

Remote Tools – This determines the experience settings to remotely connect from ConfigMgr to someones computer. Some important settings for an Enterprise include allowing you to connect to someone’s computer, and will you prompt them when you connect to their computer or server.

Remote Tools

Remote Tools settings

State Messaging – How often do you want clients to report the current state?

State Messaging settings

State Messaging settings

State Messaging

Deployment to a client

To deploy new client, first you want to add a new site role to your server. The site role is called the Failback status point. When clients fail there needs to be another endpoint state message or errror messages when there are problems. We will install the failback status  (FSP) role on our existing server (although you could install it to a different server to help generate a more streamlined environment.

Installing the Fallback Status Role

To add the fallback status Role go to:

Administration, Site Configuration, Servers and Site System Roles. Now right mouse click on site to bring up a menu. Select Add Site System Roles,

site selector

Servers and Site System Roles

On the Add Site System Roles Wizard, Select Next.

Add Site System Roles Wizard

Add Site System Roles Wizard

Don’t specify a proxy, and select Next.

ad site system 2

Proxy selection

On Specify Roles for this Server, select Fallback status point and select Next.

fallback status point selected

Specifying roles for the server

10,000 state messages is the default. Select Next.

fallback 2

Fallback status point settings

The confirmation of the settings is shown, select Next.

fallback3

Confirm the settings

The role has been added to the server successfully.Select Close.

fallback 4

Role added successfully

Install the configmgr client on servers

The share on your server is: \\configmgr\sms_bp1\client  This is where ccmsetup is residing.

This is the main program share on your site server.

Sometimes it is helpful, to share out this folder to your environment. Do so by going to \\configmgr\sms_bp1 and selecting client. 

sharing

Client Properties

On the folder properties select Advanced Sharing, Share this folder. On the Advanced Sharing select Permissions and set Everyone to read.

sharing 2

Permissions for Client

Also go to the security tab and make sure everyone has access to this folder. Select Allow, and read permissions for the users.

sharing 3

Permissions for users

 

Client Installation

 Method 1 Manual installation

The manual Mode of Client Installation is really just running this command:

CCMSetup.exe /mp:ConfigMgr /logon SMSSITECODE=BP1 FSP=ConfigMgr

Go to c:\Program Files\Microsoft Configuration Manager\Client and run:

CCMSetup.exe /mp:ConfigMgr /logon SMSSITECODE=BP1 FSP=ConfigMgr

 

This will run CCmsetup.exe on the computer to install the client.

ccmsetup

Running CCMsetup.exe

It can take a couple of minutes to run. Once the client installs, it gets the policy from the configuration manager server. The entire process can take up to 20 minutes. If you check the Control Panel on your computer, you are looking for the Configuration Manager icon (which means Configuration Manager has been installed).

You can use this method to apply the client on your servers. However applying to a large amount of servers is time consuming.

Method 2 Client Push method

To use the client push method you have to first set up a couple things. Go to Sites, on the top of the page select Hierarchy Settings, and select to Use a failback site

hiearchy settings

Site Settings Properties

Select the Client Approval and Conflicting Records tab. Here you can choose the client approval method. Most environments the default automatically approve computers in trusted domains is fine. If you want a lot more control you can manually approve each computer.

client approval settings

client approval settings

The Automatic client upgrade tab, is for automatically updating the clients.

automatic client upgrades

automatic client upgrades

Close this dialog box.

Select your site, and at the top of the screen select Client Installation settings,

This will give you the option of pushing the client to newly discovered machines.. this is basically the easy button of adding new machines and making sure they get the client pushed to them. I have used this option to ensure machines I just create and add to Active Directory will get the client pushed to them.

client push easy

Client Push installation general properties

The second option of deploying the client to domain controllers is a tricky one. At times it’s not a good idea for Domain Controllers to receive the same update packages other servers may be getting. So keeping this off is generally recommended.

The accounts tab is critical to pushing out the client. A client account must be defined in order to push the package to machines in the domain. For example, I have set the following user account to push clients to users. You can also check to make sure everything is working correctly by selecting Test Connection at the bottom of the screen.

set admin acctr

Windows User Account

On the Installation Properties tab you can set specific installation properties to the client install. Add FSP=configmgr in order to set it to the fallback point.

fsp

Client Push Installation specific properties

Method 3 Installing client using the wizard.

Go to Assets and Compliance, and select devices. Select a computer without the configuration manager client.

Select Install client. 

inital setting

Selecting install client

 

Select Next,

firstpage

Install Configuration Manager first page

The defaults; always install the client software and install the software from the following site should be selected, if not select them. Select next.

client1

Specify Client Push Options

Client push summary is presented, Select Next.

client push summary

client push summary

Client push summary success , select Next.

client push summary2

Client push summary success

Select Close. The agent will now be pushed to the one object selected.

Of the different methods, the direct manual install method is the fastest, but may require more time. I have used pstools and psexec to connect to machines to install the client in the background however this may take time in a large environment. If you have a lab environment and can keep the computer on for extended periods of time you can try the second method and see if the computers get the client.

Method 4 Group policy push to clients

Log on to your domain controller,in this case DC1.

Connect to your configuration manager server, and browse to: \\configmgr\SMS_BP1\bin\i386  and run the ccmsetup.msi package. This will install the needed adm objects to create a configuration manager installation policy.

Go to your domain controller, open the group policy management icon.

Go to domains, your domain, group policy objects,and right click to select New.

new gpo

Group Policy Management

Name the group policy Install ConfigMgr Client and select Ok.

Two things need to happen to make this work you need to use the group policy software installation piece, the second is the pair of the custom ADM files will be used to manage the installation.

Select Edit on the Install ConfigMgr client and you are presented with the definition of the policy.

define policy

Install ConfigMgr policy

Expand Policies under Computer configuration by selecting it.  Under the Software Settings, this is where you can create a new software installation. Selecting Software installation and New, Package will define the software package for all of the machines that will be given this policy. This location has to be accessible to the machines that will receive this policy. I have copied the ccmsetup.msi package to the configmgr\share directory. I changed the directory on open to \\configmgr\share, and have selected the ccmsetup.msi package.

select package

Selecting configmgr share

Select Open after selecting the package.

The ConfigMgr Client Setup Bootstrap properties dialog box has the following tabs; General, Deployment, Upgrades, Categories, Modifications and Security. Deployment identifies how the package will be deployed. You aren’t modifying things so there is nothing in the Upgrades or Modifications tab. Click OK.

You can now see the agent linked in the software installation.

clientpkg

ConfigMgr Client Setup Bootstrap

Just adding the package doesn’t seem to work as you will need to add additional ADM management templates in order to configure the client installation.Go to Administrative Templates, and right click to select Add/Remove Templates. In the Add/Remove Templates Dialog box, select Add. You can find the needed administrative templates on the configmgr server located at \\configmgr\SMS_BP1\tools\ConfigMgrADMTemplates

add remove templates

Add/Remove Templates

Select Close. One template is for assignment and another is for installation. Go to Classic Administrative Templates (ADM), Configuration Manager 2012, Configuration Manager 2012 Client, and you can see the Site Assignment and Client Deployment Settings.

extra templates

Configuration Manager 2012 Client Settings

Select the Site Assignment tab, Set to enabled, and enter BP1 as the assigned site.

site assigned

Configuration Manager 2012 Site Assignment

Click on the Next Setting Tab. The Client Deployment settings tab allows you to set specific instructions for the client, in this case where we define the sitecode and the fallback status point. Click on enabled, and in CCMsetup type:

SMSSITECODE=BP1 FSP=configmgr.

client deployment

Configuration Manager 2012 Client Deployment settings

Select Apply to save the changes, and close.

The group policy has now been defined. Now select File and Exit to save the changes to the group policy. Selecting Group Policy Objects under Group the bluepalace lab domain, let me know that the policy has been enabled.

policy enabled

Group policy enabled

Next we will learn more about Hardware and Software Inventory. Where we can create collections of the Hardware and Software running on our domain.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s