How can I configure client settings and install the ConfigMgr client agent in System Center Configuration Manager Current Branch

Introduction

At the start of this series of step by step guides you installed System Center Configuration Manager (Current Branch), then you configured discovery methods. Next you configured boundaries to get an understanding of how automatic site assignment and content location works. After that you learned how to update ConfigMgr with new features and fixes using a new ability called Updates and Servicing and you learned how to configure ConfigMgr to use Updates and Servicing in one of these two modes:

To prepare your environment  for Windows 10 servicing (coming in a later guide) you learned how to setup Software Updates using an automated method (via a PowerShell script) or manually using the ConfigMgr console. In this post you’ll use a PowerShell script to prepare some device collections, then you’ll configure client settings for your enterprise and finally you’ll deploy the ConfigMgr client agent using the software updates method which is the least intensive method of deploying the Configuration Manager client agent.

Step 1. Create collections using PowerShell

Note: Perform this step using an account with full administrative permissions on the ConfigMgr server.

Collections are used to group together users or devices into one place in ConfigMgr. Collections can either be a user based or device based but not both. After installing a brand new ConfigMgr infrastructure by default there are a few device collections as shown below.

device collections.png

Those collections are useful but it’s a good idea to create collections that separate servers from workstations and to create collections used for Operating System Deployment (OSD) and Software Update Management (SUM). This script will create a simple structure for you that is easy to implement.

Note: This script does not add any membership queries for the Software Update Management (SUM) collections, you can decide yourself how to populate them. For example you could create Active Directory Security Groups in AD and query for them, and later add computers to those security groups in order to populate the collections. Any ADSG that you create will in turn need to be discovered by your discovery methods in order for ConfigMgr to discover resources.

To create some device collections using PowerShell, download the CreateDeviceCollections.ps1 contained in a zip file in the Downloads section at the bottom of this guide and extract it to C:\Temp. On CM01, start Windows PowerShell ISE as Administrator and open the CreateDeviceCollections.ps1 script. Edit any variables in the script to match your environment before proceeding (for example if you want to rename the collections or define what drive ConfigMgr is on). The variables are found lines 74-83 as shown below.

define variables used in this script.png

Save any changes, then run the script by pressing F5 or clicking on the Green arrow. Below you can see the script has completed.

script has run.png

and the new device collections are present in the ConfigMgr console (in Assets and Compliance, Device Collections).

New collections listed in ConfigMgr.png

Step 2. Add site roles required for user based apps

System Center Configuration Manager (Current Branch) comes with a lot of new features including a new Software Center which is capable of showing user as well as device targeted applications. However in order to show user apps in the new software center you need the back-end infrastructure to be in place and that means you need to install the following site roles:

  • Application catalog web service point
  • Application catalog website point

To install the roles do as follows. In the ConfigMgr console expand Administration and click on Servers and Site System Roles and right click on the Primary Site Server (P01), choose Add Site System Roles. When the add site system roles wizard appears click next and select both the above roles and click next.

app catalog roles.png

In the specify settings for the application catalog web service point, stay with the defaults (these are what will be displayed in IIS Manager)

specify settings for the application catalog web service point.png

and next specify settings for configuring IIS for this application catalog website point, these are the settings that control the URL your users will see, so you might want to configure it to something useful or just leave it as default as I have here:

specify settings to configure IIS for this application catalog website point.png

You can customize the Application Catalog somewhat (although there’s a bug open on Microsoft connect currently about the theme color) to a certain degree, enter your Organization name and choose a corresponding Website theme.

windows noob blue theme.png

and continue through that wizard until it is completed

add site system roles wizard complete.png

To confirm that the web service point role installed successfully review the awebsvcMSI.log file stored in <Configuration Manager Installation Path>\Logs\ and look for the following line – Product: Application Web Service — Installation operation completed successfully.

awebsvcmsi log.png

Step 3. Configure custom client device settings

Note: Perform this step using an account with full administrative permissions on the ConfigMgr server.

The default client settings apply to all devices in your enterprise. To target a smaller sub-set you can use custom client device settings to target devices within a collection. These settings will apply to all systems within the collection that they are deployed to on that site. You can configure multiple custom client device settings and target them to different collections to control how devices behave in your hierarchy. For a detailed explanation of what each setting does see the following page on Technet: https://technet.micr…y/gg682067.aspx

Note: Custom client settings always take priority over default client settings. For information about Planning for client settings please see this link on Technet. If you want to configure settings that apply to all sites in your hierarchy create custom client agent settings on the CAS server.

In the Administration workspace, right-click on Client Settings in Site Configuration and choose Create Custom Client Device Settings.

create custom client device settings.png

Give the custom device settings a descriptive name which reveals what they are and the intended target, such as Client Device settings for All Workstations

custom client device settings for workstations.png

select the following custom settings from the list (you can add/configure more later)

  • Client Policy
  • Computer Agent
  • Software Updates

In the left pane, click on the first of the three selected above, Client Policy. This controls how often your ConfigMgr clients poll the management point looking for policy. Policy can be thought of as a list of instructions telling a client what to do (such as install an application or check for Windows update availability). The default of 60 minutes is fine for most production environments so let’s leave it alone.

Note: Lowering the client policy polling interval (minutes) value to something like 5, will mean you can test things much faster in a lab. That setting however, would not be suitable in a production environment due to the increased network traffic and server load.

Client Policy.png

Next, select Computer Agent in the left pane and configure the default application catalog website by clicking on Set Website. Using the drop down menu select the URL you want to use.

select application catalog website point.png

Next, add your organization name to the organization name displayed in Software Center field and then configure how the Software Center appears to your end users. You have two choices, the old default software center or the new one. Select Yes which will give you the ability to target User and Device applications using one UI, the Software Center.

 

use new software center.png

Note: Previously you had to use the application catalog for applications deployed to the user and the software center to show applications targeted to the device. The new software center can now show user based applications however it cannot do application approvals or allow the user to set their primary device.

And finally set the Disable deadline randomization value to no.

disable deadline randomization.png

Note: This setting determines whether the client uses an activation delay of up to two hours to install required software updates when the deadline is reached. By default, the activation delay is disabled. Setting this value to no will mean that updates are not installed at the same time thus saving a distribution point from undesired behavior (slowing to a crawl).

For Software Updates set “When any software update deadline is reached, install all other software update deployments with deadline coming within a specified period of time” to Yes to speed up software update installation, reduce system restarts and increase security. For more info see this page on Technet.

when any software update is.png

Now that you’ve configured the client settings, you need to deploy them to a collection containing computers you want to target with these settings. To deploy the client settings, right click and choose Deploy.

Deploy client settings.png

 

when prompted to select a collection, choose the previously created All Workstations collection.

All Workstations.png

Click OK when done.

Step 4. Configure client installation properties

Note: Perform this step using an account with full administrative permissions on the ConfigMgr server.

You can configure client.msi installation properties to specify certain preferences as these properties are published to Active Directory Domain Services and used during the client installation process.

 

Note: When you extend the Active Directory schema for System Center 2012 Configuration Manager and the site is published to Active Directory Domain Services, many client installation properties are published to Active Directory Domain Services. If a computer can locate these client installation properties, it can use them during Configuration Manager client deployment. [Source: Technet]

 

To configure client.msi installation properties, in the ConfigMgr console select Administration and choose Site Configuration, Sites then right click on the primary server and choose Client Installation Settings, then Client Push Installation and finally click on the Client Installation Properties tab. Enter some installation properties such as those added below to increase the cache size to 20gb and the log file size to 10mb.

SMSCACHESIZE=20480 CCMLOGMAXHISTORY=3 CCMLOGMAXSIZE=10485760

client msi installation settings.png

 

Step 5. Configure a GPO

Note: Perform the following on the Active Directory Domain Controller server (AD1) as Local Administrator

 

To distribute the Configuration Manager client agent as a software update requires a GPO in place. Start the Group Policy Management tool (GPMC.MSC) and create a new GPO.

 

create a gpo.png

 

Note: In the preceding screenshot I link the GPO to the domain GPO however you should consider creating an OU specifically for computers you want to target and apply this GPO only to that OU.

 

Give the GPO a name such as Install the Configuration Manager client agent.

 

gpo name.png

 

When done, right click on the GPO and choose Edit. Select and expand Computer Configuration, select Policies then expand Administrative Templates, expand Windows Components, and then scroll down to Windows Update. Next select Specify intranet Microsoft update service location, and set it to Enabled, and enter the fully qualified domain name (FQDN) and port of your ConfigMgr primary server Software Update Point as per the screenshot below:

 

specify intranet Microsoft update service location.png

 

Click Apply and click OK.

 

Step 6. Enable Software Update based client installation

Note: Perform this step using an account with full administrative permissions on the ConfigMgr server.

 

In order for on-premise devices to be managed by ConfigMgr they need the ConfigMgr client agent installed. There are several ways to install the client as listed below, each method has its’ advantages and disadvantages, take a look at this post on Technet for a summary.

  • Client push installation
  • Software update point-based installation
  • Group Policy installation
  • Logon script installation
  • Manual Installation

In this step you will use the Software update point based installation method which is listed as a Best Practise method of deploying the client. Navigate to the Administration workspace, select Site Configuration, Sites, and select the P01 site, right click and choose Client Installation Settings and then Software Update based client installation

 

Software Update based client installation.png

 

and now comes the really hard part, place a check mark in the Enable software update based client installation box. Done.

 

enable software update based client installation.png

 

Click Apply and then OK.

 

Step 7. Monitor client installation

On a computer that is joined to the domain check windowsupdate.log to see what is happening, if that computer happens to run Windows 10 then you’ll need to use the following PowerShell cmdlet to generate a readable windowsupdate.log file.

Get-WindowsUpdateLog

If prompted to accept Microsoft Internet Symbol Store answer Yes

 

windows 10 get-windowsupdatelog.png

 

and after a while it’s done processing the ETL files and creates your logfile on the Desktop (if you have administrative permssions on that computer, otherwise it’s copied to the Administrators desktop).

 

Using CMTrace, open the WindowsUpdate.log file and review it, below you can see the ConfigMgr client is referenced in the WindowsUpdate.log

 

configuration manager client.png

 

Once the update becomes available it will install

 

configmgr client update available.png

 

Once the client is installed and has retrieved it’s policy you can review the new Software Center, cool huh !

 

new software center.png

 

and check out the ConfigMgr client cache size which we set in Step 4 above

 

client cache size.png

 

and the MSI properties are revealed in the CCMSetup.log file

 

ccmsetup switches.png

 

Job done !

 

Summary

In this guide you created device collections using PowerShell and learned about configuring custom device client settings and deploying them to a collection called All Workstations. You then deployed the ConfigMgr client agent using Software Updates.

 

Related Reading

Downloads

You can download a Microsoft Word copy of this guide here dated 2016/1/26 Attached File  how to configure client settings and the client agent.zip   1.37MB   10 downloads

 

You can download the PowerShell script used above here Attached File  CreateDeviceCollections.zip   1.73KB   13 downloads

This entry was posted in System Center Configuration Manager (Current Branch). Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.