System Center Configuration Manager 1511 (4. díl) - Instalace prerekvizit pro CM 1511

Před započetím instalace Configuration Manageru je nutné provést několik kroků. Nejdříve se budeme zabývat změnami, které je nutné udělat na úrovni domény a tudíž je děláme pouze při instalaci prvního serveru. Na závěr si shrneme všechny kroky do jednoho PowerShell skriptu. Pokud využijeme grafické rozhraní musíme se přihlásit na doménový řadič jako administrátor. PowerShell skript můžeme využít z počítače SCCM1, protože na začátku skriptu si pro zjednodušení nainstalujeme nástroje pro správu služby Active Directory.

Změny na úrovni domény

Na doménovém řadiči provedeme následující úlohy – vytvoříme skupinu SiteServers, ve které budou všechny počítače, které budou mít právo zapisovat do kontejneru System Management. Dále vytvoříme i samotný kontejner a na závěr rozšíříme schéma domény Active Directory.

Skupina SiteServers

Nejdříve si vytvoříme skupinu SiteServers, ve které budou počítače, které budou mít právo zapisovat do kontejneru System Management. Druhou možností je přidávání jednotlivých počítačů, ale pro zjednodušení správy je vhodné použít skupinu. Otevřeme si správu uživatelů a počítačů služby Active Directory (Active Directory Users and Computers, dsa.msc), rozbalíme si podložku Users a v horní části klikneme na vytvoření nové skupiny.

Pojmenujeme skupinu SiteServers, přičemž to bude globální skupina zabezpečení.

Na nově vytvořenou skupinu klikneme pravým tlačítkem a zvolíme vlastnosti (Properties).

Do skupiny přidáme počítač SCCM1.

Při přidávání počítače do skupiny musíme nejdříve zvolit v typech objektů také položky počítače.

Počítač SCCM1 je posléze nalezen a my můžeme uzavřít systémový dialog.

Vytvoření kontejneru System Management

Nejdříve si otevřeme editor ADSI (ADSI Edit, adsiedit.msc) a klikneme pravým tlačítkem na ADSI Edit a zvolíme připojit k (Connect to…).

Klikneme pravým tlačítkem na kontejner System a zvolíme vytvoření nového objektu.

Jeho typ bude container.

Nový kontejner pojmenujeme System Management.

Pro přiřazení práv k nově vytvořenému kontejneru použijeme správu uživatelů a počítačů služby Active Directory (Active Directory Users and Computers, dsa.msc). V nastavení zobrazení si necháme zobrazit pokročilé funkce.

Následně si rozbalíme kontejner System a klikneme pravým tlačítkem na nově vytvořený kontejner System Management.

V dialogu pro delegování přidáme skupinu SiteServes.

Vytvoříme si vlastní úlohu, kterou budeme chtít delegovat.

Přičemž tato bude platit pro celý kontejner a  všechny podsložky.

Práva k objektu nastavíme na Full Control.

Rozšíření schématu domény

Otevřeme si složku D:\SMSSETUP\BIN\X64 (musí být vložen disk s instalací Configuration Manageru 1511) a spustíme si příkazový řádek jako správce.

Do příkazového řádku napíšeme jméno programu extadsch.exe a program spustíme, čímž se rozšíří schéma domény.

Prerekvizity pro Windows Server 2012 R2

Všechny potřebné informace k prerekvizitám je k dispozici na TechNetu. Neb se jedná o poměrně rozsáhlou problematiku, budeme se zabývat jen instalací prerekvizit pomocí PowerShellu, protože se jedná o nejjednodušší možnost a nemůžeme zapomenout na žádnou potřebnou roli.

Další možností je využít nástroj ConfigMgr Prerequisites Tool, který je k dispozici zdarma na Technet Gallery.

Prerekvizity pro jednotlivé role

Central Administration Site

Install-WindowsFeature "NET-Framework-Core","BITS","BITS-IIS-Ext","BITS-Compact-Server","RSAT-Bits-Server","RDC","WAS-Process-Model","WAS-Config-APIs","WAS-Net-Environment","Web-Server","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Net-Ext","Web-Net-Ext45","Web-ASP-Net","Web-ASP-Net45","Web-ASP","Web-Windows-Auth","Web-Basic-Auth","Web-URL-Auth","Web-IP-Security","Web-Scripting-Tools","Web-Mgmt-Service","Web-Stat-Compression","Web-Dyn-Compression","Web-Metabase","Web-WMI","Web-HTTP-Redirect","Web-Log-Libraries","Web-HTTP-Tracing","UpdateServices-RSAT","UpdateServices-API","UpdateServices-UI"

Primary Site

Install-WindowsFeature "NET-Framework-Core","FS-FileServer","BITS","BITS-IIS-Ext","BITS-Compact-Server","RSAT-Bits-Server","RDC","WAS-Process-Model","WAS-Config-APIs","WAS-Net-Environment","Web-Server","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Net-Ext","Web-Net-Ext45","Web-ASP-Net","Web-ASP-Net45","Web-ASP","Web-Windows-Auth","Web-Basic-Auth","Web-URL-Auth","Web-IP-Security","Web-Scripting-Tools","Web-Mgmt-Service","Web-Stat-Compression","Web-Dyn-Compression","Web-Metabase","Web-WMI","Web-HTTP-Redirect","Web-Log-Libraries","Web-HTTP-Tracing","UpdateServices-RSAT","UpdateServices-API","UpdateServices-UI"

Secondary Site

Install-WindowsFeature "NET-Framework-Core","BITS","BITS-IIS-Ext","BITS-Compact-Server","RDC","WAS-Process-Model","WAS-Config-APIs","WAS-Net-Environment","Web-Server","Web-ISAPI-Ext","Web-Windows-Auth","Web-Basic-Auth","Web-URL-Auth","Web-IP-Security","Web-Scripting-Tools","Web-Mgmt-Service","Web-Metabase","Web-WMI"

Management Point

Install-WindowsFeature "NET-Framework-Core","NET-Framework-45-Features","NET-Framework-45-Core","NET-WCF-TCP-PortSharing45","NET-WCF-Services45","BITS","BITS-IIS-Ext","BITS-Compact-Server","RSAT-Bits-Server","Web-Server","Web-WebServer","Web-ISAPI-Ext","Web-WMI","Web-Metabase","Web-Windows-Auth","Web-ISAPI-Ext","Web-ASP","Web-Asp-Net","Web-Asp-Net45"

Distribution Point

Install-WindowsFeature "FS-FileServer","RDC","Web-WebServer","Web-Common-Http","Web-Default-Doc","Web-Dir-Browsing","Web-Http-Errors","Web-Static-Content","Web-Http-Redirect","Web-Health","Web-Http-Logging","Web-Performance","Web-Stat-Compression","Web-Security","Web-Filtering","Web-Windows-Auth","Web-App-Dev","Web-ISAPI-Ext","Web-Mgmt-Tools","Web-Mgmt-Console","Web-Mgmt-Compat","Web-Metabase","Web-WMI","Web-Scripting-Tools"

Application Catalog

Install-WindowsFeature "NET-Framework-Features","NET-Framework-Core","NET-HTTP-Activation","NET-Non-HTTP-Activ","NET-WCF-Services45","NET-WCF-HTTP-Activation45","RDC","WAS","WAS-Process-Model","WAS-NET-Environment","WAS-Config-APIs","Web-Server","Web-WebServer","Web-Common-Http","Web-Static-Content","Web-Default-Doc","Web-App-Dev","Web-ASP-Net","Web-ASP-Net45","Web-Net-Ext","Web-Net-Ext45","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Security","Web-Windows-Auth","Web-Filtering","Web-Mgmt-Tools","Web-Mgmt-Console","Web-Scripting-Tools","Web-Mgmt-Compat","Web-Metabase","Web-Lgcy-Mgmt-Console","Web-Lgcy-Scripting","Web-WMI"

Enrollment Point

Install-WindowsFeature "Web-Server","Web-WebServer","Web-Default-Doc","Web-Dir-Browsing","Web-Http-Errors","Web-Static-Content","Web-Http-Logging","Web-Stat-Compression","Web-Filtering","Web-Net-Ext","Web-Asp-Net","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Mgmt-Console","Web-Metabase","NET-Framework-Core","NET-Framework-Features","NET-HTTP-Activation","NET-Framework-45-Features","NET-Framework-45-Core","NET-Framework-45-ASPNET","NET-WCF-Services45","NET-WCF-TCP-PortSharing45"

Enrollment Proxy Point

Install-WindowsFeature "Web-Server","Web-WebServer","Web-Default-Doc","Web-Dir-Browsing","Web-Http-Errors","Web-Static-Content","Web-Http-Logging","Web-Stat-Compression","Web-Filtering","Web-Windows-Auth","Web-Net-Ext","Web-Net-Ext45","Web-Asp-Net","Web-Asp-Net45","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Mgmt-Console","Web-Metabase","NET-Framework-Core","NET-Framework-Features","NET-Framework-45-Features","NET-Framework-45-Core","NET-Framework-45-ASPNET","NET-WCF-Services45","NET-WCF-TCP-PortSharing45"

State Migration Point

Install-WindowsFeature "Web-Server","Web-Common-Http","Web-Default-Doc","Web-Dir-Browsing","Web-Http-Errors","Web-Static-Content","Web-Http-Logging","Web-Dyn-Compression","Web-Filtering","Web-Windows-Auth","Web-Mgmt-Tools","Web-Mgmt-Console"

Prerekvizity pro SCCM1

Protože SCCM1 bude prvním serverem v naší hierarchii, nainstalujeme na něj pomocí PowerShellu role pro Primary Site.

Install-WindowsFeature "NET-Framework-Core","FS-FileServer","BITS","BITS-IIS-Ext","BITS-Compact-Server","RSAT-Bits-Server","RDC","WAS-Process-Model","WAS-Config-APIs","WAS-Net-Environment","Web-Server","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Net-Ext","Web-Net-Ext45","Web-ASP-Net","Web-ASP-Net45","Web-ASP","Web-Windows-Auth","Web-Basic-Auth","Web-URL-Auth","Web-IP-Security","Web-Scripting-Tools","Web-Mgmt-Service","Web-Stat-Compression","Web-Dyn-Compression","Web-Metabase","Web-WMI","Web-HTTP-Redirect","Web-Log-Libraries","Web-HTTP-Tracing","UpdateServices-RSAT","UpdateServices-API","UpdateServices-UI"

Poslední prerekvizitou pro instalaci Configuration Manageru je Windows Assessment and Deployment Kit (Windows ADK). Protože ve verzi Windows 10 ADK 1511 je bug, nainstalujeme RTM verzi Windows 10 ADK. Více informací o této chybě naleznete přímo na blogu týmu vyvíjející Configuration Manager.

Po spuštění adksetup.exe nás přivítá okno, kde musíme zvolit umístění instalace.

Dále můžeme zvolit, jestli se zapojíme do CEIP.

Odsouhlasíme podmínky použití.

A na závěr vybereme potřebné funkce – tedy Deployment Tools, Windows PE a User State Migration Tool.

Instalace prerekvizit pomocí PowerShellu.

Následující akce budeme provádět na počítači SCCM1.

# Install roles needed for Active Directory management
Install-WindowsFeature -Name RSAT-AD-PowerShell

# Create Group SiteServer and add current computer
New-ADGroup -Name SiteServers
ADD-ADGroupMember SiteServers -members "$env:COMPUTERNAME$"

# Create System Management container
# https://blogs.technet.microsoft.com/joec/2013/04/25/active-directory-delegation-via-powershell/
# Figure out our domain
$root = (Get-ADRootDSE).defaultNamingContext
# Get or create the System Management container
$ou = $null
try
{
$ou = Get-ADObject “CN=System Management,CN=System,$root”
}
catch
{
Write-Verbose “System Management container does not currently exist.”
}
if ($ou -eq $null)
{
$ou = New-ADObject -Type Container -name “System Management” -Path “CN=System,$root” -Passthru
}
# Get the current ACL for the OU
$acl = get-acl “ad:CN=System Management,CN=System,$root”
# Create a new access control entry to allow access to the OU
$identity = New-Object System.Security.Principal.SecurityIdentifier (Get-ADGroup "SiteServers").SID
$adRights = [System.DirectoryServices.ActiveDirectoryRights] "GenericAll"
$type = [System.Security.AccessControl.AccessControlType] "Allow"
$inheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"
$ace = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $identity,$adRights,$type,$inheritanceType
# Add the ACE to the ACL, then set the ACL to save the changes
$acl.AddAccessRule($ace)
Set-acl -aclobject $acl “ad:CN=System Management,CN=System,$root”

# Install prerequisites for Windows Server 2012 R2 - Primary Site
Install-WindowsFeature -Name "NET-Framework-Core","FS-FileServer","BITS","BITS-IIS-Ext","BITS-Compact-Server","RSAT-Bits-Server","RDC","WAS-Process-Model","WAS-Config-APIs","WAS-Net-Environment","Web-Server","Web-ISAPI-Ext","Web-ISAPI-Filter","Web-Net-Ext","Web-Net-Ext45","Web-ASP-Net","Web-ASP-Net45","Web-ASP","Web-Windows-Auth","Web-Basic-Auth","Web-URL-Auth","Web-IP-Security","Web-Scripting-Tools","Web-Mgmt-Service","Web-Stat-Compression","Web-Dyn-Compression","Web-Metabase","Web-WMI","Web-HTTP-Redirect","Web-Log-Libraries","Web-HTTP-Tracing","UpdateServices-RSAT","UpdateServices-API","UpdateServices-UI"

# Install ADK for Windows 10 RTM
# https://blogs.technet.microsoft.com/configmgrteam/2015/11/20/issue-with-the-windows-adk-for-windows-10-version-1511/
$url = " https://download.microsoft.com/download/8/1/9/8197FEB9-FABE-48FD-A537-7D8709586715/adk/adksetup.exe"
$output = "$PSScriptRoot\adksetup.exe"
$start_time = Get-Date
Invoke-WebRequest -Uri $url -OutFile $output
Write-Output "Time taken: $((Get-Date).Subtract($start_time).Seconds) second(s)"
$adk = "$PSScriptRoot\adksetup.exe"
&$adk /quiet /features OptionId.DeploymentTools OptionId.WindowsPreinstallationEnvironment OptionId.UserStateMigrationTool

# Extend Schema
Start-Process cmd - ArgumentList "/c D:\SMSSETUP\BIN\X64\extadsch.exe & ping localhost -n 5"

- Jiří Janata, MSP (Microsoft Student Partner)

Mohlo by vás také zajímat:

Migrate your infrastructure to Configuration Manager 1511 - Notes from the Field