Configuration Manager

Microsoft Endpoint Configuration Manager Current Branch

Configuration Manager and Intune are now integrated as part of Microsoft Endpoint Manager. This makes device management much easier. By automating processes, you can boost productivity and efficiency.

Most of you have probably worked with MECM/SCCM before. Have you ever wondered how it is configured or how it works if you have used it at the entry-level? If that’s the case, this post is for you.

This is the first in new series of installation and configuration labs for MECM Current Branch. Please take a look at the YouTube videos below that are linked to this article. I believe it will assist you in gaining a better understanding.

Part 1:

Part 2:

You will need a baseline version of Configuration Manager when installing on new infrastructure. In this lab, I have used current branch version 2103. And the download links are at the bottom of this post.

Configuration Manager
Configuration Manager Version

Part 1 consists of the following topics:

1. Lab Structure.

2. Domain Creation.

3. Prepare Active Directory.

4. Create GPO.

5. Extend the AD Schema.

Stage 1 – Lab structure

  • All the virtual machines have been hosted on a VMware workstation.
  • Windows Server 2022 datacenter evaluation edition was deployed on DC and CM servers.
  • On the workstations, Windows 10 Enterprise evaluation edition was installed.
  • I used licensed copies of SQL Server 2019 and Microsoft Endpoint Configuration Manager current branch. But you can use the evaluation edition if you don’t have a license.
  • Offline versions of the Windows ADK and WinPE Add-ons have been downloaded.
  • Because this is a lab, the ‘Default administrator’ account has been used on all occasions. Nevertheless, for security concerns, this is not a recommended best practice in a real-world context.
  • On the VM’s local drive, all of the required software has been copied.
Configuration Manager
Lab Structure

Stage 2 -Domain creation

  1. Configure the hostname and IP address for DC and CM servers.
  2. Install the roles ADDS, DHCP, and DNS.
  3. Promote the server to Domain Controller.
  4. Then, for workstations, configure the DHCP scope.

Stage 3 – Prepare Active Directory

  1. Create the appropriate OUs (Member Servers and Workstations) as well as computer objects (e.g dc01, sc01, pc01, and pc02).
  2. According to your environment, change the hostname and assign a static IP address to the CM server and Domain Controller. Also for workstations, change the hostname and leave the IP assignment to DHCP.
  3. Ensure that workstations have obtained IP addresses from the previously created DHCP scope.
  4. Join the CM server (sc01) and two workstations (pc01 and pc02) to the domain.

Stage 4 – GPO

  1. Create the following two GPOs on DC. And link them to the OUs you created earlier (if the firewall is switched off, you can skip this step):
    • Allow SQL server connectivity on port 4022.
    • Allow file and printer sharing, as well as WMI.
  2. Force the update of group policies on CM server and workstations (gpupdate /force).

Stage 5 – Extend Schema

  1. Run extadsch.exe from the CM setup location on the DC to expand the AD schema, and make sure it’s successful.

Part 2 consists of the following topics:

  1. Installation of SQL Server.
  2. Enabling IIS and WSUS roles.
  3. Installation of the Windows ADK and WinPE Add-ons.
  4. Installation of MECM server.
  5. Configuration of the MECM Server.
  6. Prepare your workstations for the client push.
  7. Deploy the client and keep an eye on its progress.
  8. Check the status of the client on the Configuration Manager server.

Stage 1 – SQL Server installation

  1. On the CM server, navigate to the SQL Server 2019 setup folder and install (choose evaluation version if you don’t have a license key). And make sure service accounts, collation, authentication mode, and administrator accounts are all updated correctly.
  2. If a hotfix is available, install it.
  3. Install SQL Server Management Studio and Microsoft SQL Server 2019 Reporting Services.

Stage 2 – IIS and WSUS roles

  1. Launch Server Manager and add the IIS and WSUS roles. Also, enable the following additional features:
    • .Net Framework 3.5 features and all the sub-features.
    • .Net Framework 4.8 features and all the sub-features.
    • BITS.
    • Remote Differential Compression.
    • Security > Windows Authentication.
    • Application Development > ASP.Net 3.5.
    • Management Tools and all the sub-features.
  2. Because we installed SQL on the same CM server, enter the CM server hostname as the database server name when configuring the WSUS role and proceed with the installation.
  3. Run the WSUS post-installation task and wait for it to finish.

Stage 3 – Windows ADK Installation

  1. You have the option to download the relevant files and use them offline on other computers when you run the Windows ADK and ADK WinPE Add-ons setup from an internet-connected computer. That is just what I did.
  2. Navigate to the setup folder, and then Install the Windows ADK and ADK WinPE Add-ons.

Stage 4 – Install Microsoft Endpoint Configuration Manager

  1. On the CM server, navigate to the MECM setup folder, and then run the ‘splash.hta’ file and click ‘Install’.
  2. Similar to Windows ADK offline download, if you run the ‘splash.hta’ file from an internet-connected computer you have the option to download the required files and use them offline on other computers. That is just what I did.
  3. If you don’t have a license, you can use the evaluation edition.
  4. Select the source files location where you downloaded the files in Step 2 on the Prerequisite Downloads screen.
  5. Complete the remaining configurations and the installation.
Configuration Manager

Stage 5 – Microsoft Endpoint Configuration Manager configuration

  1. To begin, open the Configuration Manager console.
  2. Enable discovery methods in the Administration workspace so that the CM server can identify the devices.
  3. Create a boundary as well as boundary groups.
  4. Make sure devices have been reported in the Assets and Compliance workspace.
  5. Again, under the Administration workspace, update the service account for Client Push Installation.

Stage 6 – Prepare workstations for client push

  1. To monitor the client push progress, switch to pc01 and pc02 and enable the logs.

Stage 7 – Deploy client and monitor deployment status

  1. Switch to sc01 and deploy the client to pc01 and pc02 under Assets and Compliance > Devices.
  2. The progress can be seen in the ccm log and the ccmsetup process will be removed from Task Manager once the setup is finished.
  3. Configuration Manager will also appear in Control Panel.
  4. Initially, there will only be two actions listed under the Actions tab in Configuration Manager, but once the client initiates the sync with the CM server, there will be more.

Stage 8 – Client status check

  1. Under Assets and Compliance > Devices > sc01, select sc01. A question mark will appear on the icon tab, which will then turn green.

This concludes the lab. Through the CM console, you can now control the devices.

The following are the download links for the resources:

I hope this post helped you with your educational endeavors. If you have a few minutes, check out my other blogs as well.

In the following post, I’ll show you how to upgrade configuration manager server to the most recent version.

In the meantime, stay tuned and happy learning!

Let’s keep in touch!

YouTube
LinkedIn
Instagram
Twitter

Leave a Comment

Your email address will not be published.