Understanding Configuration Manager Clients
Microsoft System Center Configuration Manager 2007 supports many Windows-based platforms as clients. You must install Configuration Manager 2007 client software on the clients you want to manage.
注意
Configuration Manager 2007 supports only Windows-based platforms. Support for non-Windows platforms like Macintosh and Unix platforms might be provided by other software vendors as add-on products to Configuration Manager.
Types of Clients
You can install Configuration Manager 2007 client software on desktop and laptop computers, which are typically thought of as "client computers". In addition, you can install Configuration Manager 2007 client software on server computers and manage them as clients of Configuration Manager 2007. While servers often have specific operational requirements, for example the times you are allowed to reboot server computers might be more limited than desktop computers, Configuration Manager 2007 makes no functional distinction between server or client computers. Throughout the documentation, the term client computer can mean either a server in a server room or a computer on a user's desktop.
Client computers typically connect into the organization network directly, either by being attached directly to the network or by using VPN or dial-up access. In Configuration Manager 2007, client computers can also be managed by Configuration Manager 2007 sites if they have a connection to the Internet but never connect directly to the organization network. For example, a home-based worker could be managed by Configuration Manager 2007 without ever dialing into the corporate network. These clients are called Internet-based clients, and they require additional infrastructure support. For more information, see Deploying Configuration Manager Sites to Support Internet-Based Clients.
Configuration Manager 2007 also supports installing the client components on mobile devices, such as devices running Windows Mobile or Windows CE. Mobile device clients support many but not all of the features supported by standard clients. For example, you can deploy software to a client cell phone, but you cannot use remote control to provide troubleshooting assistance to the cell phone user. For more information, see Mobile Device Management in Configuration Manager.
Microsoft supports running an embedded version of Windows on devices that are not traditional desktop, laptop, or server computers. For example, Windows XP Embedded can be installed on automated teller machines or medical devices. Configuration Manager 2007 components can be installed by the manufacturer on these devices along with the embedded operating system. Devices support many but not all of the features supported by standard clients.
Throughout the documentation, the term client is used to refer to all clients that run the Configuration Manager 2007 client components, while client computer is used to refer servers, desktops, and laptops.
Discovering Clients
Configuration Manager 2007 has the ability to discover resources on the network using several different discovery mechanisms. The following table describes the available discovery methods.
| Discovery Method | Description |
|---|---|
Active Directory System Discovery |
Retrieves details about the computer, such as computer name, Active Directory container name, IP address, and Active Directory site. |
Active Directory System Group Discovery |
Cannot discover a computer that has not already been discovered by another method. If a resource has been discovered and is assigned to the site, Active Directory System Group Discovery extends other discovery methods by retrieving details such as organizational unit, global groups, universal groups, and nested groups. |
Active Directory User Discovery |
Retrieves information about user accounts created in Active Directory. |
Active Directory Security Group Discovery |
Retrieves security groups created in Active Directory. |
Heartbeat Discovery |
Refresh Configuration Manager client computer discovery data in the site database. Unlike the other methods, this method works only on computers that already have the Configuration Manager 2007 installed. |
Network Discovery |
Searches the network for resources that meet a specific profile. Network discovery can discover resources that are
|
Each discovery method creates data discovery records (DDRs) for resources and sends them to the site database, even if the discovered resource is not capable of being a Configuration Manager 2007 client. For example, Network Discovery might discover routers and printers, which could be helpful for tracking purposes, but those devices will not actually be managed by Configuration Manager 2007. Mobile devices cannot be discovered until the mobile device client is installed. Computers running ActiveSync (for Windows XP clients) or Mobile Device Center (for Vista clients) to synchronize with mobile devices can be discovered and targeted to install the mobile device client on connected mobile devices.
注意
All resources for which DDRs have been created show up in the Configuration Manager 2007 console under the following part of the tree: Configuration Manager / Site Database / Computer Management / Collections / All Systems.
While it is possible to discover resources but never install a single client, usually discovery is related to locating potential clients either prior to or as part of installing the client software that makes a computer manageable by Configuration Manager 2007. Active Directory User Discovery and Active Directory Security Group Discovery allow you to target software distribution packages to users and groups instead of computers.
Installing the Client Components
Configuration Manager 2007 provides several options for installing the client software. The following table lists the client computer installation methods.
| Client Computer Installation Method | Description |
|---|---|
Software update point installation |
Uses the Automatic Update configuration of a client to direct the client computer to a WSUS computer configured as a Configuration Manager 2007 software update point. The client computer installs the Configuration Manager 2007 client software as though it was a software update. |
Client push installation |
Uses an account with administrative rights to access the client computers and install the Configuration Manager 2007 client software. This method requires File and Print sharing and the related ports to be enabled on the client computer. |
Manual client installation |
A user with administrative rights can install the client software by running CCMSetup on the client computer. A variety of switches modify the installation options. |
Group Policy installation |
Uses Group Policy software installation to install CCMSetup.msi. |
Imaging |
The client software can be added to an image, including images created and deployed with Configuration Manager 2007 operating system deployment. |
Software Distribution |
Existing clients can be upgraded or redeployed using Configuration Manager 2007 software distribution. |
Mobile devices use different installation methods. A client computer that synchronizes with a mobile device can be targeted to install the mobile device client the next time the device is docked. Mobile devices can also install the client software from a memory card.
Client Assignment
Clients must be assigned to a site before they can be managed by that site. Clients can be assigned to a site during installation or after installation. Assigning a client involves either telling it a specific site code to use, or configuring the client to automatically assign to a site based on boundaries. If the client is not assigned to any site during the client installation phase, the client installation phase completes, but the client cannot be managed by Configuration Manager 2007.
Clients cannot be assigned to secondary sites; they are always assigned to the parent primary site, but can reside in the boundaries of the secondary site, taking advantage of any proxy management points and distribution points at the secondary site. This is because clients communicate with management points and management points must communicate with a site database. Secondary sites do not have their own site database; they use the site database at their parent primary site.
Authenticating Clients
Before Configuration Manager 2007 trusts a client, it requires some manner of authentication. In mixed mode, clients must be approved, either by manually approving each client or by automatically approving all clients or all clients in a trusted Windows domain. In native mode, clients must be issued client authentication certificates prior to installing the Configuration Manager 2007 client software.
Blocking Clients
If a client computer is no longer trusted, the Configuration Manager administrator can block the client in the Configuration Manager 2007 console. Blocking applies to both native mode and mixed mode sites. Blocked clients are ignored by the Configuration Manager 2007 infrastructure. This is especially useful for laptop computers that are lost or stolen, to help prevent attackers from using a trusted client to attack the site or the network.
Client Agents
Client agents are Configuration Manager 2007 components that run on top of the base client components. If you install only the Configuration Manager Client without enabling any client agents, Configuration Manager 2007 cannot manage anything about the client. Every client agent that you enable lets you use a different feature of Configuration Manager 2007. You can configure the client agents to suit your environment. The following table describes the client agents in Configuration Manager 2007.
| Client Agent | Description |
|---|---|
Computer Client Agent Properties |
Configures how often client computers retrieve the policy that gives them the rest of their configuration settings. For example, after you configure the other client agent settings, Configuration Manager puts those settings into policy and sends them to the management point and client computers poll for them on the schedule you configure. This agent also controls settings that are common to several Configuration Manager features like how often users are prompted with reminders and what customized organization names users see with the reminders. |
Device Client Agent Properties |
Configures all of the properties specific to mobile device clients. Mobile device clients have settings for software distribution, software inventory, hardware inventory, and file collection. This agent also controls the polling interval used by mobile device clients. |
Hardware Inventory Client Agent |
Enables and configures the agent that collects a wide variety of information about the client computer. Information about the computer hardware is most commonly collected, but you can inventory any information stored in the Windows Management Instrumentation (WMI) repository of the computer, such as registry keys. You can configure how often the client computer takes inventory. |
Software Inventory Client Agent |
Enables and configures which files Configuration Manager inventories and collects. Copies of collected files are stored in the Configuration Manager database. |
Advertised Programs Client Agent |
Enables and configures the software distribution feature. |
Desired Configuration Management Client Agent |
Enables the client agent that evaluates whether computers are in compliance with configuration baselines that are assigned to them. You can also configure the default compliance evaluation schedule for assigned configuration baselines. |
Remote Tools Client Agent |
Enables Configuration Manager remote control and configures Configuration Manager integration with Remote Assistance. |
Network Access Protection Client Agent |
Enables Configuration Manager Network Access Protection and configures how client computers are evaluated for compliance by the Windows Network Policy Server. If client computers are not in compliance with the configured policies, for example if they do not have specified software updates, NAP can prevent the client computers from access network resources until they complete remediation measures. Configuring this client agent without proper planning and deployment can prevent your client computers from accessing the network. |
Software Metering Client Agent |
Enables the agent that monitors which software is run and how often and configures how often software metering data is collected. |
Software Updates Client Agent |
Enables the agent that scans for and installs software updates on client computers. This agent allows you to configure how often clients are re-evaluated for software updates that were previously installed. Before you can use the software update feature, you must also install Windows Server Update Services (WSUS) and configure a software update point. |
There is no client agent for operating system deployment.