以前也看到过一些朋友在询问如何使用AD的GPO来安装SCCM的客户端,今天正好转一篇文章与大家分享。

所需要的文件

为了可以通过GPO来安装sccm的客户端我们需要以下文件:

  • Microsoft provides 2 ADM files for installing the ConfigMgr 2007 client. They are located here:

· ConfigMgr_install_CD\TOOLS\ConfigMgrADMTemplates

    • 文件名称:
      • ConfigMgr2007Assignment.adm
      • ConfigMgr2007Installation.adm

Note: Copy these files to the system where you are going to run GPMC from. The best place to copy them is the default location for ADM files %windir%\inf

Note: More information about the ADM files can be found here

  • Microsoft also provides an MSI for the installed located here:
    • (Install location)\Microsoft Configuration Manager\bin\i386\ccmsetup.msi

Note: More information on using AD to deploy an MSI can be found here


创建 GPO

Once you’ve gathered these files you are ready to create a GPO for the installation. In order to setup the GPO do the following steps:

  1. Copy ccmsetup.msi to a share that is accessable to everyone. I will use the ConfigMgr server in this example
    1. Create share here

i. {ConfigMgr Install Location}\Client

1. Set security so that the group everyone has read access

ii. Copy the ccmsetup.msi to the Client Share

  1. clip_image002
  2. Create a new GPO
    1. Open the Group Policy Management Console (GPMC)
    2. Right click Group policy objects and choose new
    3. Name it “ConfigMgr_Install”
    4. Right Click the new object and choose edit
    5. clip_image004
    6. Import the ADM Files

i. Right click the administrative templates and choose Add/Remove Templates

ii. Click Add and browse to the ADM files we retrieved earlier

iii. clip_image006

Once imported close the window.


配置 GPO

Once the GPO is created you will need to configure the GPO. Do the following:

clip_image008

  1. With the GPO created above open Click View and choose Filtering
  2. Uncheck “Only show policy settings that can be fully managed”
  3. Now open the administrator templates
    1. Select Configuration manager 2007 Clients

i. You should see 2 items, one has a red box and the other has a blue box

ii. The 2 policies should be

1. clip_image010

Configure ConfigMgr2007 Site Assignment

2. Configure ConfigMgr2007 Client Deployment settings.

    1. Open the site assignment item and choose enable then enter your site code.

Note: this will help keep clients assigned to the correct site in your infrastructure.

    1. Open the Client Deployment Settings and enable it.

i. clip_image012

Enter the command line parameters that you want to do.

Note: Only do step C if you have not extended your AD schema and published your site to AD. If you have already done this then the install command line is already published to AD based on the command line that you used for the client install parameters.

For more information of publishing to AD read this

  1. Create Client Install
    1. clip_image014
    2. Click Computer configurationà Software settings—Software installation
    3. Enter the UNC path to the CCMSetup.MSI

i. Example: \\SCCMServer.domain\SCCM_Client\CCMSetup.MSI

clip_image016

Note: Make sure you use the FQDN in the UNC if you have multiple domains. This will make finding the file easier.

    1. Click open
    2. Choose Assigned
    3. Click OK

Note: There is no need to modify this install. It will be created correctly for you.

  1. Save and Close the policy

GPO 策略报告

If you open your GPO Settings tab it should look similar to this.

Computer Configuration (Enabled)hide

Software Settingshide

Assigned Applicationshide

SMS Client Setup Bootstraphide

Product Informationhide

Name

SMS Client Setup Bootstrap

Version

4.0

Language

English (United States)

Platform

Intel

Support URL

 

Deployment Informationhide

General

Setting

Deployment type

Assigned

Deployment source

\\oaconfigmgr01.smslab.oa\SCCM_Client\ccmsetup.msi

Uninstall this application when it falls out of the scope of management

Disabled

Advanced Deployment Options

Setting

Ignore language when deploying this package

Disabled

Make this 32-bit X86 application available to Win64 machines

Enabled

Include OLE class and product information

Enabled

Diagnostic Information

Setting

Product code

{52468fb8-50d0-41f9-afc7-6bd0da224a6b}

Deployment Count

0

Securityhide

Permissions

Type

Name

Permission

Inherited

Allow

SMSLAB\Domain Admins

Full control

No

Allow

NT AUTHORITY\Authenticated Users

Read

No

Allow

NT AUTHORITY\SYSTEM

Full control

No

Allow

SMSLAB\Domain Admins

Read, Write

Yes

Allow

SMSLAB\Enterprise Admins

Read, Write

Yes

Allow

NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS

Read

Yes

Allow

NT AUTHORITY\Authenticated Users

Read

Yes

Allow

NT AUTHORITY\SYSTEM

Read, Write

Yes

Allow

CREATOR OWNER

Read, Write

Yes

Allow inheritable permissions from the parent to propagate to this object and all child objects

Enabled

Advancedhide

Upgrades

Setting

Required upgrade for existing packages

Enabled

Packages that this package will upgrade

GPO

None

Packages in the current GPO that will upgrade this package

None

Categories

None

Transforms

None

Administrative Templateshide

Configuration Manager 2007/Configuration Manager 2007 Clienthide

Policy

Setting

Configure Configuration Manager 2007 Site Assignment

Enabled

Assigned Site

CM1

Site Assignment Retry Interval (Mins)

60

Site Assignment Retry Duration (Hours)

12

应用策略

Once the policy is created you will need to link it to an OU in GPMC.


策略排错

Once you apply the policy it should replicate to your systems. In GPMC you can use the Group Policy Results checker to verify that the policy is applied.

Once you know the policy is replicated to the system, reboot the system. On boot-up before your logon screen appears you will see a window that looks like this.

clip_image018

Open the application event log and you should see this:

************************************************************

Event Type: Information

Event Source: MsiInstaller

Event Category: None

Event ID: 11728

Date: 11/19/2008

Time: 10:58:26 AM

User: NT AUTHORITY\SYSTEM

Computer: OASMSLABXP03

Description:

Product: SMS Client Setup Bootstrap -- Configuration completed successfully.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Data:

0000: 7b 35 32 34 36 38 46 42 {52468FB

0008: 38 2d 35 30 44 30 2d 34 8-50D0-4

0010: 31 46 39 2d 41 46 43 37 1F9-AFC7

0018: 2d 36 42 44 30 44 41 32 -6BD0DA2

0020: 32 34 41 36 42 7d 24A6B}

************************************************************

Event Type: Information

Event Source: Application Management

Event Category: None

Event ID: 305

Date: 11/19/2008

Time: 10:58:26 AM

User: NT AUTHORITY\SYSTEM

Computer: OASMSLABXP03

Description:

The reinstall of application SMS Client Setup Bootstrap from policy SCCM-CM1 succeeded.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

************************************************************

Event Type: Information

Event Source: Application Management

Event Category: None

Event ID: 308

Date: 11/19/2008

Time: 10:58:26 AM

User: NT AUTHORITY\SYSTEM

Computer: OASMSLABXP03

Description:

Changes to software installation settings were applied successfully.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

************************************************************

If you have everything listed above and still need to troubleshoot the install, look at the ccmsetup\ccmsetup.log and the client.log for problems.