How can I install System Center Configuration Manager and Endpoint Protection Technical Preview 4

Introduction

Microsoft have been hard at work developing the next release of Configuration Manager, and you can test the 4th iteration of it now, called System Center Configuration Manager and Endpoint Protection Technical Preview 4. This post will guide you through installing it from scratch using some automation via scripts.

New Features

New features in this technical preview include:

  • Mobile Device management (MDM): enhanced feature parity with Intune standalone – With this technical preview, many of the MDM features that are supported via Intune standalone (cloud only) are also enabled for Configuration Manager integrated with Intune (hybrid). We will publish additional information later this year about the specific capabilities which will be supported with a hybrid deployment.
  • Integration with Windows Update for Business – With Technical Preview 4, you have the ability to view the list of devices that are controlled by Windows Update for Business.
  • Certificate provisioning for Windows 10 devices managed via on-premises mobile device management

Limitations

Note that this evaluation is limited as described below:

  • Each install remains active for 60 days before it becomes inactive.
  • English is the only language supported.
  • Only a stand-alone primary site is supported. There is no support for a central administration site, multiple primary sites, or secondary sites.
  • Only the following versions of SQL Server are supported:
    • SQL Server 2012 with cumulative update 2 or later
    • SQL Server 2014
  • The site supports up to 10 clients, which must run one of the following:
    • Windows 7
    • Windows 8
    • Windows 8.1
    • Windows 10
  • There is no support for upgrade to this preview build.
  • There is no support for upgrade to a later build from this preview build.
  • Only the following install flags (switches) are supported:
    • /silent
    • /testdbupgrade
  • There is no support for migration to or from this preview build.

Assumptions

In this guide I assume you have already installed two servers running Server 2012 R2 as listed below, I also assume you have some knowledge of PowerShell, if you don’t, start learning it now !

 

* AD1 active directory domain controller with DNS, DHCP.

* CM01 the Configuration Manager server, joined to the domain.

 

Make sure you have a copy of SQL Server 2014 ready to install as that is the version used in this guide.

 

Step 1. Define some GPO’s

Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

 

To allow SQL to replicate data, open the following TCP ports in the Configuration Manager firewall, 1433, 4022. You can do this by targetting  your ConfigMgr servers with a GPO. To create the GPO do as follows. Start the Group Policy Management tool (GPMC.MSC) and create a new GPO.

 

create a gpo in this domain.png

Note: In the example screenshot below  I link the GPO to the domain GPO however you should consider creating an OU specifically for your Configuration Manager servers and target this GPO only to that OU (your Configuration Manager servers require this GPO for SQL replication).

 

Give the GPO a name such as SQL Ports for System Center Configuration Manager.

 

give the gpo a name.png

 

When done, right click on the GPO and choose Edit.

 

editing a gpo.png

 

Select Computer Configuration, Policies, Windows Settings, Security Settings, Windows Firewall with Advanced Security and select Inbound Rules, choose New Rule and follow the wizard for opening up TCP port 1433 as per this guide on Technet. Once done, repeat the above for TCP Port 4022.

 

tcp ports opened.png

 

Optional: Once the above is done, and if you intend on using the PowerShell script in Step 2 to create users and to make a user a local admin on the CM01 server, create another GPO called Allow Inbound File and Printer sharing exception which sets Windows Firewall: Allow inbound file and printer sharing exception to Enabled.

 

This policy is located in Computer Configuration, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile.

 

allow inbound.png

 

Once done, apply the GPO’s by running gpupdate /force on CM01.
gpo applied.png

 

Step 2. Create users
Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

You can do this manually, or automated using the supplied PowerShell script.

 

To create users manually, add the following users in AD using Active Directory Users and Computers

 

* <your user name>, a domain user, this user will become a local administrator on CM01
* Testuser, a domain user
* CM_BA, used for building ConfigMgr created images

* CM_JD, used for joining computers to the domain
* CM_SR used for reporting services.
* CM_CP, a domain user used when installing the Configuration Manager Client for Client Push.
* CM_NAA, a domain user, (Network Access Account) used during OSD

 

or use the supplied PowerShell script

 

Attached File  Create Users Usergroups and OU in AD.zip   1.89KB   8 downloads

 

Download and the unzip the script, run it by opening Windows PowerShell ISE as Administrator on AD1. You may need to edit the script and adjust the variables to your liking for example if you want to change the default password, you may also want to rem out the MDT and MBAM user/groups that are created and change some of the user names within.
After running the PowerShell script in Windows PowerShell ISE you’ll see something like the following.

 

script to add users to ad.png

 

and in Active Directory Users and Groups you can see the OU and structure it created

 

users and groups createde.png

 

Step 3. Create the System Management Container
Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

 

Open ADSI Edit, click on Action, Connect To and click Ok, Double Click on Default Naming Context and the DC= that appears below it. Click on the + and scroll down to CN=System.

Right Click on CN=System and choose New, Object, choose Container from the options, click Next and enter System Management as the value as shown below

 

system management.png

 

Step 4. Delegate Permission

Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

 

Open Active Directory Users and Computers. Click on view, select Advanced Features. Select the System Management Container, and right click it, choose All Tasks and Delegate Control. When the Welcome to Delegation of Control Wizard appears click next, then click Add. click on Object Types, select Computers.

 

Type in your Configuration Manager server name  (CM01) and click on Check Names, it should resolve.

 

delegation of control.png

 

Click Ok, then Next. Choose Create a Custom Task to Delegate, click next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected.

 

Click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in Full Control.

 

full control.png

 

Tip: Repeat the above for each site server that you install in a Hierarchy.

 

Step 5. Install Roles and Features on CM01

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

To support the various features in System Center Configuration Manager, requires some Roles and Features pre-installed on CM01, so let’s go ahead and install them. On CM01, login as the username you added to the Local Administrators group and create a folder on C: called temp. Download the following zip file into C:\Temp, the XML file was created using the Export Configuration File option in Server Manager after manually installing roles and features and the accompanying PowerShell script simply installs it. Make sure your Server 2012R2 media is in the drive specified in the script.

 

Attached File  roles and features and setup ADK.zip   10.03KB   11 downloads

 

Run the script in Windows PowerShell ISE

 

running the script in ise.png

 

Step 6. Download and install ADK 10

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

The Technical Preview prerequisite checker will check for various things, including ADK components such as USMT, Windows Preinstallation Environment, so install it on your server. To do so, either download ADKsetup from here.

 

Or run the following PowerShell script to download and install it for you (including installing Windows Deployment Services).

 

setup ADK.png

 

Step 7. Install SQL on CM01

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

Before you install the Configuration Manager you need SQL installed, both SQL Server 2012 and SQL Server 2014 are supported however you will use the latest release, SQL 2014.

 

This line below will install SQL Server with the correct collation needed for ConfigMgr to C:\Program Files\Microsoft SQL Server.

 

If you don’t want to use that location you can change it by changing the /INSTANCEDIR in the line listed below in addition, make sure to place your SQL Server 2014 media in D:\ before running the script, if it’s on a different drive letter, modify D:\setup.exe accordingly. To start the install, open an administrative cmd prompt on CM01 and change “windowsnoob\niall” to match your domain\username, after you’ve made the edit, press enter to install SQL Server 2014.

D:\setup.exe /q /ACTION=Install /ERRORREPORTING="False" /FEATURES=SQLENGINE,RS,IS,SSMS,TOOLS,ADV_SSMS,CONN /INSTANCENAME=MSSQLSERVER /INSTANCEDIR="C:\Program Files\Microsoft SQL Server" /SQLSVCACCOUNT="NT AUTHORITY\System" /SQLSYSADMINACCOUNTS="BUILTIN\ADMINISTRATORS" "windowsnoob\niall" /SQLSVCSTARTUPTYPE=Automatic /AGTSVCACCOUNT="NT AUTHORITY\SYSTEM" /AGTSVCSTARTUPTYPE=Automatic /RSSVCACCOUNT="NT AUTHORITY\System" /RSSVCSTARTUPTYPE=Automatic /ISSVCACCOUNT="NT AUTHORITY\System" /ISSVCSTARTUPTYPE=Disabled /ASCOLLATION="Latin1_General_CI_AS" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /TCPENABLED="1" /NPENABLED="1" /IAcceptSQLServerLicenseTerms

For a list of options for installing SQL Server 2014, see this page on Technet: https://technet.micr…v=sql.120).aspx

 

Once installed, you should see success messages like below, if not, troubleshoot the error and/or review your command line for typos.

 

sql server installed.png

 

Step 8. SQL Memory Configuration.

Depending on your memory configuration and server setup, you may also want to configure SQL memory limits as per the following guidance prior to installing ConfigMgr otherwise you’ll get warnings when you run the Server Readiness checks.

  • Configuration Manager requires SQL Server to reserve a minimum of 8 gigabytes (GB) of memory for the central administration site and primary site and a minimum of 4 gigabytes (GB) for the secondary site. This memory is reserved by using the Minimum server memory setting under Server Memory Options and is configured by using SQL Server Management Studio. For more information about how to set a fixed amount of memory, see here.
  • If your SQL Server is configured for unlimited memory usage, you should configure SQL Server memory to have a maximum limit.

Based on the above recommendations i’ve configured the SQL Server memory for this standalone primary in my lab as follows:

 

min max sql ram.png

 

Step 9. Restart the Server

 

open an administrative command prompt and issue the following

shutdown /r

shutdown reboot.png

 

Step 10. Install the WSUS role

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

Now that SQL server is installed, we can utilise that for the WSUS database. To install WSUS and configure it to use the database created above, do as follows:

 

browse to the location where you extracted the scripts, C:\Temp

 

Start Windows PowerShell ISE as administrator, then run the install roles and features_WSUS.ps1 script.

 

wsus installed.png

 

Step 11. Download and extract the content

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

You’ll need the Technical Preview content in order to install ConfigMgr, and to get it you have to click this link and register (registration is required).

 

Once you have registered you’ll be able to download the self extracting exe called SC_Configmgr_SCEP_TechPreview.exe which is 802MB in size. Double click the EXE and let it extract to the default folder C:\SC_Configmgr_SCEP_TechPreview.

 

Step 12. Download the ConfigMgr Prerequisites

 

Open a command prompt with administrative permissions and Navigate to C:\SC_Configmgr_SCEP_TechPreview\smssetup\bin\X64

 

Run the following line

SetupDL.exe C:\Downloads

Note: Do not continue until the pre-requisites are downloaded.

 

Step 13. Extend the Schema

Note: Perform the following on the Domain controller server (AD1) as Administrator

 

Using Windows File Explorer on the Domain Controller, browse to

 

\\cm01\c$\SC_Configmgr_SCEP_TechPreview\SMSSETUP\BIN\X64

 

locate extadsch.exe, right click and choose Run As Administrator.

 

A command prompt window will appear briefly as the schema is extended, check in C:\ for a log file called ExtADSch.log it should look similar to this

 

schema extended.png

 

Step 14. Install Configuration Manager Technical Preview 4

Note: Perform the following on the Configuration Manager server (CM01) as a Local Administrator

 

Browse to C:\SC_Configmgr_SCEP_TechPreview and click on Splash.HTA

 

splash.png

 

click on Install and then click on Next

 

next.png

 

place a checkmark in Use typical installation options for a stand-alone primary site and click next

 

typical.png

 

accept the two pages of EULAs

 

eula.png

 

select Use Previously downloaded files and specify C:\Downloads

 

previously downloaded.png

 

fill in your desired site code and name/path.

 

site code.png

 

review your CEIP options

 

usage data.png

 

and select your Service Connection Point settings (hard coded for now), this is the setting which allows you to decide to keep up to date with Configmgr releases, by being notified about them, or not. You can change the choice later in the console.

 

service connection point.png

 

review the Settings Summary

 

settings summary.png

 

and enjoy the fact that you are following a windows-noob.com guide, so no errors or warnings are reported.

 

prerequisite check ok.png

 

Click on Begin Install to install.

 

off it goes…

 

installing.png

 

click on View Log to see what’s being logged about the install

 

log innotepad.png

 

and after a certain period, you are done !

 

core setup completed.png

 

Step 15. Restart the Server

 

open an administrative command prompt and issue the following

 

shutdown /r

shutdown reboot.png

 

Step 16. Open the Console

 

Now that everything is installed, open the Configuration Manager console, click on Help, About, here’s the version.

 

console version.png

 

Download a copy of this guide

If you’d like a Microsoft Word copy of this guide download the following (last updated 20, November 2015):

 

Attached File  Installation of System Center Configuration Manager TP4.zip   1.31MB   4 downloads

 

cheers !

niall

This entry was posted in System Center Configuration Manager Technical Preview. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.