In Part 1 of this series we created our new LAB, we got the System Center 2012 Configuration Manager ISO and extracted it, then copied it to our Active Directory server. We then created the System Management container in AD, delegated permissions to the container, extended the Schema for Configuration Manager. We then opened TCP ports 1433 and 4022 for SQL replication between sites, installed some prerequisites like .NET Framework 4.0, added some features and then downloaded and installed SQL Server 2008 R2 SP1 CU6. We then configured SQL Server using SQL Server Management Studio for security and memory configurations prior to running the Configuration Manager 2012 setup to assess server readiness. Finally we installed a central administration site (CAS).
In Part 2 we setup our Primary server with SQL Server 2008 R2 SP1 CU6. We then installed Configuration Manager 2012 on our primary server (P01) and verified that it was replicating to our central administration site (CAS) server. We then configured Discovery methods for our Hierarchy and then configure Boundaries and Boundary Groups.
In Part 3 we configured Discovery methods and configured boundaries and created a boundary group, we then configured them for Automatic Site Assignment and Content Location. Now we will add some roles to our Hierarchy and then configure Custom Client Device Settings and then deploy those settings to the All Systems collection on site P01. After that we will create Custom Client User Settings and deploy them to the All Users collection in order to allow users to define their own User and Device affinity settings.
I would recommend that you review the the links below on Technet to get Best Practice configuration advise in relation to the Application Catalogroles we are about to install.
- Prerequisites for Application Management in Configuration Manager – http://technet.micro…y/gg682145.aspx
- Configuring the Application Catalog and Software Center in Configuration Manager – http://technet.micro…y/hh489603.aspx
You will add the Application Catalog roles to your Primary server as the catalog provides new functionality for your clients as part of application deployment later on in this series. If you are wondering why are there two Application Catalog roles, well they perform different functions as outlined below:-
- Application Catalog web service point: This site system role provides information about available software from the Software Library to the Application Catalog website.
- Application Catalog website point: This site system role provides users with a list of available software.
Tip: You must install both these site system roles in the same site but you do not have to install them on the same site system server, or in the same Active Directory forest. However, the Application Catalog web service point must reside in the same forest as the site database.
Step 1. Add the Application Catalog Web Service Point and Application Catalog Website Point Roles
Note: Perform the following on the Primary Site server (P01) as SMSadmin.
Tip: In a multi-site hierarchy setup (CAS + Primaries), you need to add the roles to your Primary site as the Application Catalog roles listed below won’t be available for the CAS server. You can do this configuration (adding the site system roles) on the CAS server by selecting the P01 server listed in Servers and Site System Roles), however in our example below we will do the configuration of this step on the actual site server (P01).
In the ConfigMgr console expand Administration and click on Servers and Site System Roles and right click on the Primary Site Server (P01), choose Add Site System Roles.
when the add site system roles wizard appears click next
select both the Application Catalog Web Service Point and Application Catalog Website Point roles and click next
now we get to specify settings for the Application Catalog web service point, this catalog web service point provides information from the software library to the application catalog website.
we are not using HTTPS in this example so click next or if you want to change the IIS website and Web application name make your changes and click next
and now we can specify settings for configuring IIS for this application catalog website point, we will stay with the defaults
one of the nice things about our Application Catalog website is that we can customize it to a certain degree (name and colour theme) so lets input our Organization name and choose a corresponding Website theme.
click next through summary and to completion.
Tip: you can review the awebsvcMSI.log file stored in D:\Program Files\Microsoft Configuration Manager\Logs\ to find the following line:- Product: Application Web Service — Installation operation completed successfully.
Tip: In addition to the log above please review the awebsctl.log file and look for the following line: AWEBSVCs http check returned hr=0. bFailed=0. Give the role an hour or so to report this correctly in this log.
Note: You will probably want to verify that the Application Catalog website is working properly at this point but to do so you’ll need a computer that has Microsoft Silverlight installed. The Application Catalog requires Microsoft Silverlight, which is automatically installed as a Configuration Manager client prerequisite. If you access the Application Catalog directly from a browser by using a computer that does not have the Configuration Manager client installed, first verify that Microsoft Silverlight is installed on your computer.
Tip: For users who use the Application Catalog, Configure Internet Explorer to exclude the ActiveX control Microsoft.ConfigurationManager.SoftwareCatalog.Website.ClientBridgeControl.dll from ActiveX filtering and allow it to run in the browser. Details of how to do that are found here.
Step 2. Configure Custom Client Device Settings
Note: Perform the following on the Primary Site server (P01) as SMSadmin.
We will now configure custom client device settings on our Primary server. This will apply to all systems that we deploy them to on that site, you can configure multiple custom client device settings and target them (deploy them) to different collections to control how your computers behave in your hierarchy. if you want to configure settings that apply to all sites in your hierarchy create custom client agent settings on your CAS server.
Tip: Custom Client settings always take priority over Default Client Settings.
In the Administration workspace, right-click on Client Settings in Site Configuration and choose Create Custom Client Device Settings.
give the custom device settings a suitable name for where you are targetting them, as we are going to use these settings for All Systems in our P01 primary site, we will call them Custom Client Device Settings for site P01
select the following custom settings from the list (we can add/configure more later)
- Client Policy
- Computer Agent
- Software Updates
in the left pane, click on the first selected, Client Policy, this is a LAB so lets be more aggresive than the Default setting of 60 minutes in the client policy polling interval, we will set it to 5 minutes in the LAB. This means that once every 5 minutes the Client will contact it’s Management Point for any new policy. It’s probably best not to set it this aggressively in production as you could generate a lot of traffic from the clients to your Management Point and that will mean two things, increased network load and increased load on the Management Point server, and we all know that the more you load your servers, the slower they get (usually).
Next we will configure the Computer Agent settings from the options in the left pane. The first thing you’ll want to configure is the Default Application Catalog Website (which we installed above !), so click on Set Website.
in the select application catalog website point drop down menu select your choice
Set Add default Application Catalog website to Internet Explorer trusted sites zone to True and fill in the Organization Name you want displayed in Software Center (the modern day equivalent of Run Advertised Programs which we had in Configuration Manager 2007)
In the left pane select Software Updates and set the Software updates scan schedule from 7 days to 1 day, this will be because we want to synchronize Endpoint Protection definition updates on a daily basis. We will be configuring Endpoint Protection fully in a later part of this series.
Apply your changes by clicking OK.
Step 3. Deploy our Custom Client Device Settings.
Note: Perform the following on the Primary Site server (P01) as SMSadmin.
Creating custom client device settings will not take effect until they are deployed to a collection. Right click on our newly created Custom Client Device settings for site P01 and click Deploy.
Select the All Systems Collection and click OK. By doing this action you are applying the Custom Client Device settings for site P01 to all devices in the All Systems collection. As this is a LAB we don’t have many computers in there but that will grow over time.
Tip: Now that you have created and deployed our Custom Client Device Settings you can go ahead and create more Custom Client Device Settings with different options as appropriate and then Deploy them to different collections. In addition you can change the priority of the Custom Client Device Settings so that one takes priority over another (highest priority wins).
Step 4. Configure Custom Client User Settings
Note: Perform the following on the Primary Site server (P01) as SMSadmin.
Now that we have our Custom Client Device settings done, let’s turn our attention to creating Custom Client User Settings, there are not so many options in these settings but they are useful none-the-less and they are also user specific. They allow you to define whether users can define their Mobile devices and also allow users to set their own User Device Affinity.
In the Administration workspace, right-click on Client Settings in Site Configuration and choose Create Custom Client User Settings
.
Give the new Custom Client User Settings a suitable name and select User and Device Affinity as per the screenshot below
for User and Device Affinity, set the drop down menu to True as per the screenshot below, this allows users to decide for themselves if the computer they are using is their primary device (in the My Devices section within the Application Catalog)
Click ok to apply the changes.
Step 5. Deploy our Custom Client User Settings.
Note: Perform the following on the Primary Site server (P01) as SMSadmin.
Right click on our newly created Custom Client User settings for site P01 and click Deploy.
As these are custom Client User settings you need to deploy them to a User Collection, as this is a LAB we don’t have to be fussy so we will select the All Users collection, in production you’ll probably want to have more than one Custom Client User Settings defined with different settings for different User Collections.
In the Next part of this series we will add the Software Update Point role and use it to deploy the Configuration Manager Client to our computers and then we will verify that they are receiving the Custom Client Device Settings and Custom Client User Settings we’ve defined above.
