In my previous article Zero Touch Implementation with Configuration Manager 2007 R3, we went over installing and configuring the required Windows, and Configuration Manager Roles for ZTI. We've also installed System Center Configuration Manager 2007 R3 version to benefit from the latest enhancements.
In this article, we will go over configuring SCCM components, followed by installing and integrating MDT with Configuration Manager.
One of the major settings to define is the Site Boundary. To begin with that open the Configuration Manager Console, expand Site Database, expand Site Management, expand Central Site, and expand Site Settings.
Right click Boundaries, and click New Boundary
In the New Site Boundary dialog box, Select Active Directory site in the Type drop list.
In the Site name field, click browse and select Default-First-Site-Name, then click OK
The reference images that we will be creating later on will be installed by default in workgroup. For that, we will define a second site boundary by IP subnet.
Right click Boundaries, and click New Boundary
In the New Site Boundary dialog box, Select IP subnet in the Type drop list.
SCCM 2007 client computers use the Local System account to perform most Configuration Manager 2007 client operations, but Local System cannot access network resources. When the client computer accesses the distribution point to download the operating system deployment packages, a network access account will allow the client from workgroup to access resources in the site server's domain. For that purpose, we have already created a network access account in Active Directory Users and Computers named ConfigMgr-NA.
To define that account, in Configuration Manager console, click Client Agents, and double click Computer Client Agent.
In the General tab, under the Network Access Account properties, click Set.
Type ConfigMgr-NA and click OK twice
Next step would be to configure system discovery. From the Configuration Manager console, click Discovery Methods, and double click Active Directory System Discovery. On the General tab, check Enable Active Directory System Discovery, and locate the Computers container
In our scenario, we'll be installing the configuration manager agent along with the image. For the purpose of this article, I'll be using the push agent installation method. Having that in mind, the account specified for that purpose must have administrative credentials on the computer that will have the client software installed.
An easy way to enable administrative privileges to multiple computers is to define the client push installation account in a security group and assign that security group through the help of Group Policy administrators priviliges on the local machines.
To get the picture clearer, we have first created a security group named ConfigMgr-LocalAdmins. Second, we have created the client push installation account ConfigMgr-ClientPush and added that account to ConfigMgr-LocalAdmins.
Next, we need to create a Group Policy Object (GPO) and assign ConfigMgr-LocalAdmins group administrative privileges by adding that group to the administrators group on local machines.
To create a GPO, open Group Policy Management from the Administrative Tools, expand Forest: elieb.com, expand Domains, expand elieb.com, and click on Configuration Manager OU
Right click the Configuration Manager OU, and select Create a GPO in this domain, and Link it here...
In the New GPO dialog box, in the Name: text box, type in Set Local Admins, and click OK
Click Configuration Manager OU, and under Linked Group Policy Objects, right click the newly create GPO, and click Edit
Expand Computer Configuration, Policies, Windows Settings, and Security Settings, right click Restricted Groups and click Add Group...
Click Browse ..., and in Select Groups, type ConfigMgr-LocalAdmins, click Check Names, then click OK
In the properties dialog box, in the This group is a member of, click Add, type Administrators, and click OK
Click Apply, then OK
In Configuration Manager console, expand Site Settings, click Client Installation Methods, and double click Client Push Installation.
In the Accounts tab, add ConfigMgr-ClientPush account, and click OK
Next, we'll need to define the distribution point drive where the packages will be stored.
From the Configuration Manager console, expand Site Settings click Component Configuration, and double click Software Distribution, then type E:\ (as E drive is considered our second drive where the OS is not installed) and click OK
Now that we've configured SCCM 2007 SP2/R3 settings, let's install the Microsoft Deployment Toolkit (MDT 2010) and integrate it with configuration manager.
Run the MDT setup file, and on the Welcome screen, click Next
Read and accept the therms in the license agreement, then click Next
On the Custom Setup page, accept the default settings and click Next, then Install
Before running the integration between MDT and SCCM, let's first create the MDT Deployment share.
For that, launch the Deployment Workbench console from the Start menu.
Right click Deployment Shares, and click New Deployment Share
On the Path page, specify the Deployment share path. In our environment, it will be E:\MDTDeploymentShare
On the Share page, type MDTDeploymentShare$
For the remaining pages, accept the default settings until you hit the Finish button.
To setup the configuration manager integration, close the Configuration Manager console, click the Start menu, and go to Microsoft Deployment Toolkit, then click Configure ConfigMgr Integration
On the Options page, click Next, and Finish.
This comes to the end of part2 of ZTI with Configuration Manager 2007 R3 series. In this article, we have configured the configuration manager components related to ZTI, installed and configured MDT integration with SCCM.
In our future article, we will go step-by-step on creating Windows 7 reference image.