System Center Configuration Manager, formerly named Systems Management Server, is a Microsoft product that is a part of the System Center Suite. It provides management capabilities for large groups of different device types such as workstations, servers, laptops, and mobile devices. These devices can run on different operating systems such as Windows, Windows Embedded, Linux, UNIX, Mac OS X, Windows Phone, iOS, Symbian OS, and Android. Not only does it provide management of such device types, but it also provides these features: remote control for some of the devices' OSes, software distribution, patches and patch management, operating system deployment, and creating devices' software and hardware inventory. So, System Center Configuration Manager provides both efficient and effective IT services with the help of scalable software deployment, devices compliance management, as well as the asset management of discovered hardware and software resources.
System Center Configuration Manager helps with the control of its IT infrastructure and assets. The asset management functionality provides IT engineers with a detailed image of the software and hardware inventory, which clients are using them, and where they are located in the infrastructure. This asset management functionality provides reports that help enterprises to optimize their hardware and software usage and take better strategic decisions regarding software licenses and compliance with these licenses.
System Center Configuration Manager has multiple requirements that you need to take into consideration before executing any deployment of System Center Configuration Manager 2012 R2. The following are the requirements:
Site systems cannot be installed on Server Core installations for the following operating systems:
Windows Server 2008 or Windows Server 2008 R2
Windows Server 2008 Foundation or Windows Server 2008 R2 Foundation
Windows Server 2012 or Windows Server 2012 R2; an exception to this is that starting with System Center 2012 R2 Configuration Manager, these operating systems support the distribution point site system role, without PXE or multicast support
Windows Server 2012 Foundation or Windows Server 2012 R2 Foundation
After a site system server is installed, you cannot change the following:
The domain name of the domain where the site system server is located
The domain membership of the server
The name of the server
Configuration Manager Site system roles cannot be installed on an instance of a Windows Server Failover Cluster. You can only install the site database server on Windows Server Failover Cluster.
Before you start deploying System Center Configuration Manager, you must make sure that your infrastructure meets all of the prerequisites. What follows is a list and a step-by-step guide that shows you how to meet these prerequisites.
When the Active Directory schema is extended, the System Management container in Active Directory is not created by default. The container has to be created in all Active Directory domains that contain a primary site server or a secondary site server that publishes site information to Active Directory. In order to create the System Management container, take a look at the following steps:
You have to log on to your Domain Controller and open ADSI Edit. You can also do this from any other machine that has ADSI Edit installed on it and connect to the Domain Controller. The account that you use to connect to the Domain Controller must have permissions to modify objects in ADSI Edit. You can open ADSI Edit from Server Manager Console, from the
Security\Administrative Toolslocations or by opening Run under the Start icon and typing
With this, the System Management container is created in Active Directory. Next, we have to join the site server to the Active Directory domain and give computer account permissions to the site server to publish the site information to the container. A primary site server computer account must have full control permissions on the System Management container. To do this, perform the following steps:
Navigate to the System Management container, right-click on it, and select Delegate Control…. When you click on Delegate Control…, a wizard starts, which guides you through the process:
In the first window, just click on Next.
We have now delegated full permissions to the primary site server's computer account on the System Management container. To find out how to create the System Management container in a different way, check this link:
In order to extend the Active Directory Schema for System Center Configuration Manager 2012 R2, you need to use a tool that is located in the installation media of System Center Configuration Manager 2012 R2. You can also use the
ldif file. This file will enable you to import or export information to or from Active Directory.
Open the installation media, go to SMSSETUP, then open BIN, and go to x64; you will find extadsch.exe. You can either click on this or copy the path and run it from the command prompt. To run
extadsch.exe, you have to use an account with Schema Admin permissions.
Created the System Management container
Assigned permissions to the primary site server or multiple primary, secondary, and a CAS server
Extended the Active Directory schema
You can use the prerequisites checker tool that is provided with the System Center Configuration Manager 2012 R2 installation media, which is located in \
SMSSETUP\BIN\x64\prereqchk.exe. You can also use PowerShell or the tool from the following link to install all the prerequisites:
The following is a list of the Windows Server roles, features, and role services required by System Center Configuration Manager 2012 R2:
Windows Server role
Windows Server features
.NET Framework 3.5 (with all subfeatures)
.NET Framework 4.5 (with all subfeatures)
Remote Differential Compression
Security (Windows authentication)
The Windows Assessment and Deployment Kit (ADK) is a set of tools that allow you to customize, assess, and deploy Windows operating systems to new machines. The installation process is simple and straightforward. You can download the ADK from the following location:
The only thing that you need to keep in mind is feature selection. Proceed with the following steps:
In the first step, choose the Install Path tab and click on Next:
After fulfilling all the requirements and installing the prerequisites for System Center Configuration Manager 2012 R2, you need to install MS SQL Server. There are two different deployment scenarios for MS SQL Server. You can deploy it locally, on the same machine as System Center Configuration Manager 2012 R2, or you can deploy it on a remote server. Deploying MS SQL Server locally requires less administration and better performance. Deploying it on a remote server requires specific firewall ports to be opened in order to allow communication between System Center Configuration Manager 2012 R2 and the database server. Use the following link to see which firewall ports need to be open in order for System Center Configuration Manager 2012 R2 to function normally:
When you set up MS SQL Server for System Center Configuration Manager and if you choose to go with a remote database server, you need to choose whether you will use Windows Server Failover Clustering. System Center Configuration Manager 2012 R2 cannot be deployed on a Windows Server Failover Cluster, but MS SQL Server can. If you use Windows Server Failover Cluster for the database server, it will give you high availability and resilience in case of an equipment malfunction. This is not a requirement, and it is totally up to you to decide whether to use it or not. Use the following link to see how to create a MS SQL Server failover cluster:
Insert the installation media and double-click on it or run the setup.
Click on Installation from the left-hand side pane and select New SQL Server stand-alone installation or add features to an existing installation, as shown in the following screenshot:
In the Feature Selection window, select all the features that you will need. System Center Configuration Manager 2012 R2 only requires Database Engine Services and Reporting Services – Native. You can also install the SQL Management tools so that you can connect to this server and administer it. After you have selected the options, click on Next:
In this step, you have to select the run as account for the MS SQL Server Services and the collation. If you are running an English OS, you can use the default collation type; if not, you have to choose another collation type. For the run as account, you can select the default, local accounts, or domain account. After you have input the accounts and their respective passwords, click on Next:
In this step, you have to configure the authentication mode. You can choose between Windows authentication mode and Mixed Mode. Also, click on Add Current User to add the current logged-on user as a SQL administrator. Then, click on Next:
The final step is to review all the settings. You can also download and install additional MS SQL Server updates and service packs that are not required. Go through them and click on Next to start the installation:
The final prerequisite for System Center Configuration Manager 2012 R2 is WSUS. This is a standalone product used to distribute updates to systems running the Windows operating system. To install WSUS using a PowerShell command, you have to open PowerShell and type
Install-WindowsFeature -Name UpdateServices-Services, UpdateServices-DB -IncludeManagementTools.
To use an alternative database server, use the following command:
.\wsusutil.exe postinstall SQL_INSTANCE_NAME="servername" CONTENT_DIR="D:\ WSUS"
In this section, we will go through the installation process for System Center Configuration Manager 2012 R2. So far, we have gone through the requirements, prerequisites, and MS SQL Server installation. The next step is to install System Center Configuration Manager 2012 R2 itself:
Insert the installation media and when the wizard starts, click on Install:
Then, just click on Next:
Install a Configuration Manager primary site
This is an option for small- and medium-sized organizations that run less than 100,000 clients.
Install a Configuration Manager central administration site
This is an option for large organizations that run more than 100,000 clients. You can install a central administration site and have multiple primary sites under it.
Select your option and click on Next:
In this step, you can either download the required files or use the previously downloaded files. In the Prerequisites for System Center Configuration Manager 2012 R2 section, two tools have been explained, which can be used to predownload these files. If the files are predownloaded, you have to choose the path to the location of the files. Choose your option and click on Next:
This is the code that uniquely identifies your site and can consist of numbers and letters.
This is the name that uniquely identifies your site.
This is the location of System Center Configuration Manager 2012 R2 in the filesystem. You can find more guidelines on installation folder recommendations for production environments at the following link:
Select Install the Configuration Manager console and click on Next:
In this step, you can choose from the following options:
In this step, you have to enter your MS SQL Server's name. If you are using MS SQL Server Cluster, enter your MS SQL Server cluster's name for SQL Server name (FQDN). Enter the instance's name and the database's name and click on Next:
In this step, you have to enter your SMS provider (FQDN). The SMS provider is used by the System Center Configuration Manager console and Resource Explorer, and it uses WMI to read and write to the site database. Enter your primary site server's name in the SMS Provider (FQDN) field and click on Next:
In this step, check the Install a management point and Install a distribution point checkboxes. These site system roles are used for content distribution and management with configuration data from clients:
After installing System Center Configuration Manager 2012 R2, the next step in the configuration process is to design your System Center Configuration Manager site hierarchy. You have to go through the entire content of this topic in order to have a more efficient and scalable environment.
Site system roles specify the support operations at each site. Machines that host Configuration Manager sites are named site servers, and machines that host other site system roles are called site system servers. Servers within one site communicate with each other using SMB, HTTP, or HTTPS, depending on the site's configuration. So, review your available network bandwidth before installing a site system server and configure your site system roles. Within each site, you can install site system roles on the site server or you can install site system roles on other site system servers. There is no limit to the number of site system roles on a site system server. The only limitation is that you cannot install a site system role from a different site. Some specific roles are only available to some sites in a hierarchy. In order to install site system roles, you can use the account of the site server or create a Site System Installation account. This account can be a local system account or a domain account. Here is a list of some of the site system roles:
Distribution point: This site system role contains all the source files enabled for download by clients, such as applications, software packages and updates, OS images, and their respective boot images.
Fallback status point: This role provides an alternative location for clients to send messages to during installation when they cannot reach their management point. This role monitors client installation and identifies clients that are unmanaged because they cannot reach their management point.
Asset intelligence synchronization point: This connects to System Center Online in order to download Asset Intelligence catalog information and upload uncategorized titles so that they can be considered for future inclusion in the catalog.
Site administration activities include planning, analysis, installation, management, and monitoring of the System Center Configuration Manager 2012 R2 site hierarchy. There are three scenarios with respect to site hierarchy, and they are as follows:
Different configurations apply to different parts in the site hierarchy. This means that some site system roles are only available in the central administration site and some are only available at a child primary or a standalone site. When you have a single standalone primary site, you have all of the site system roles at your disposal.
Deploying your first site defines the entire structure of your hierarchy. This primary site supports secondary sites, and it can be extended with a central administration site. You can get more information on how to extend a primary site with a central administration site at the following link:
If you plan to use certificates in your System Center Configuration Manager hierarchy, you need to plan the dependencies for PKI in your infrastructure. You can read more about PKI certificate requirements for System Center Configuration Manager at the following link:
For each site that you install, you have to install and configure site system roles for management. You have to review all the site system roles and see how to deploy them. For example, some roles require only one instance in the hierarchy and some roles require instances in each site. Finally, there are site system roles that can have multiple instances within a site.
If you deploy a central administration site, you can deploy site system roles that are used to monitor the entire hierarchy or roles that provide services for the entire hierarchy, such as the Endpoint Protection point. For primary sites, you need system roles for client communication, such as the software update point and the management point.
After you deploy the first site, you can start configuring settings for hierarchy-wide operations and settings that are site-specific. Both configurations affect how sites operate and how clients function. The following is a list of some of the hierarchy-specific configurations:
Client settings: These settings specify how System Center Configuration Manager clients perform different tasks on the client machine. These tasks can check for new applications, check the hardware and software inventory, and so on.
The summarization of status messages collected from the clients
Site components that control how site system roles work in a site
Monitoring and maintaining the status of the hierarchy is very important. The status can change over time and changes need to be addressed. To keep all the systems in prime condition, you must monitor the hierarchy for problems and take actions in order to prevent problems.
You can perform the monitoring tasks for the hierarchy by using the Monitoring section in the System Center Configuration Manager console and also configure maintenance tasks at each site to help maintain efficiency. System Center Configuration Manager provides built-in tasks that can be used to monitor and maintain the following:
Reports that inform about the failure of tasks and operational status
Receive alerts for current or upcoming problems
Client statuses, which can show which clients are active
View status of endpoint protection clients
This chapter was all about the initial setup of Configuration Manager 2012 R2. It showed you how to install and set up all of the prerequisites and requirements. After that, it explained the benefits of using Windows Server Failover Cluster on a database level and how to set up the database on a single server or on a Windows Server Failover Cluster. Then, the entire process of System Center Configuration Manager 2012 R2 installation was explained. In the end, there was an explanation on System Center Configuration Manager sites and site hierarchy as well as of the site features and functionalities.
In the next chapter, we will take a look at the Assets and Compliance section of System Center Configuration Manager 2012 R2 and learn how to configure it and use its functionalities, such as compliance management and configuring Endpoint Protection.