Zero Touch Implementation with Configuration Manager 2007 R3 – Part2

In my previous article Zero Touch Implementation with Configuration Manager 2007 R3 - Part1, we went over installing and configuring the required Windows, and Configuration Manager Roles for ZTI. We’ve also installed System Center Configuration Manager 2007 R3 version to benefit from the latest enhancements.

In this article, we will go over configuring SCCM components, installing and integrating MDT with Configuration Manager.

One of the major settings to define is the Site Boundary. To begin with that open the Configuration Manager Console, expand Site Database, expand Site Management, expand Central Site, and expand Site Settings.

Right click Boundaries, and click New Boundary

In the New Site Boundary dialog box, Select Active Directory site in the Type drop list.

In the Site name field, click browse and select Default-First-Site-Name, then click OK

The reference images that we will be creating later on will be installed by default in workgroup. For that, we will define a second site boundary by IP subnet.

Right click Boundaries, and click New Boundary

In the New Site Boundary dialog box, Select IP subnet in the Type drop list.

SCCM 2007 client computers use the Local System account to perform most Configuration Manager 2007 client operations, but Local System cannot access network resources. When the client computer accesses the distribution point to download the operating system deployment packages, we need to define a network access account so that client from workgroup can access resources in the site server’s domain. For that purpose, we have already created a network access account in Active Directory Users and Computers named ConfigMgr-NA.

To define that account, in Configuration Manager console, click Client Agents, and double click Computer Client Agent.

In the General tab, under the Network Access Account properties, click Set.

Type ConfigMgr-NA and click OK twice

Next step would be to discover the system. From the Configuration Manager console, click Discovery Methods, and double click Active Directory System Discovery. On the General tab, check Enable Active Directory System Discovery, and locate the Computers container

In our scenario, we’ll be installing the configuration manager agent along with the image. For the purpose of this article, I’ll be using the push agent installation method. Having that in mind, the account specified for that purpose must have administrative credentials on the computer that will have the client software installed.

An easy way to work around that is to define the client push installation account in a security group and assign that security group through the help of Group Policy as local administrators on the local machines.

To get the picture clearer, we have first created a security group named ConfigMgr-LocalAdmins. Second, we have created the client push installation account ConfigMgr-ClientPush and added that account to ConfigMgr-LocalAdmins.

Next, we need to create a Group Policy Object (GPO) and assign ConfigMgr-LocalAdmins group administrative privileges on local machines where we will be installing the configuration manager 2007 agents.

To create a GPO, open Group Policy Management from the Administrative Tools, expand Forest: elieb.com, expand Domains, expand elieb.com, and click on Configuration Manager OU

Right click the Configuration Manager OU, and select Create a GPO in this domain, and Link it here…

In the New GPO dialog box, in the Name: text box, type in Set Local Admins, and click OK

Click Configuration Manager OU, and under Linked Group Policy Objects, right click the newly create GPO, and click Edit

Expand Computer Configuration, Policies, Windows Settings, and Security Settings, right click Restricted Groups and click Add Group…

Click Browse … , and in Select Groups, type ConfigMgr-LocalAdmins, click Check Names, then click OK

In the properties dialog box, in the This group is a member of, click Add, type Administrators, and click OK

Click Apply, then OK

In Configuration Manager console, expand Site Settings, click Client Installation Methods, and double click Client Push Installation.

In the Accounts tab, add ConfigMgrClient account, and click OK

Next, we'll need to define the distribution point drive where the packages will be stored.

From the Configuration Manager console, expand Site Settingsclick Component Configuration, and double click Software Distribution, then type E:\ (as E drive is considered our second drive where the OS is not installed) and click OK

Now that we’ve configured SCCM 2007 SP2/R3 settings, let’s install the Microsoft Deployment Toolkit (MDT 2010) and integrate it with configuration manager.

Run the MDT setup file, and on the Welcome screen, click Next

Read and accept the therms in the license agreement, then click Next

On the Custom Setup page, accept the default settings and click Next, then Install

Before running the integration between MDT and SCCM, let’s first create the MDT Deployment share.

For that, launch the Deployment Workbench console from the Start menu.

Right click Deployment Shares, and click New Deployment Share

On the Path page, specify the Deployment share path. In our environment, it will be E:\MDTDeploymentShare

On the Share page, type MDTDeploymentShare$

For the remaining pages, accept the default settings until you hit the Finish button.

To setup the configuration manager integration, close the Configuration Manager console, click the Start menu, and go to Microsoft Deployment Toolkit, then click Configure ConfigMgr Integration

On the Options page, click Next, and Finish

This comes to the end of part2 of ZTI with Configuration Manager 2007 R3 series. In this article, we have configured the configuration manager components related to ZTI, installed and configured MDT integration with SCCM.

In our future article, we will go step-by-step on creating Windows 7 reference image.