Multiple Users Accessing SCCM 2012 Console

My SCCM 2012 server is running on a Server 2008 R2. That means only 2 users can be actively logged/remoted in at the same time. In my situation I needed to give our helpdesk access to use the SCCM Console and it starts to get messy with who can be logged into the server actively. An easy way to get around this is Microsoft now includes an .exe of the SCCM 2012 Console that can be installed on other machines.

-You can find this on the .iso here: \SMSSETUP\BIN\I386\ConsoleSetup.exe
-Alternatively you can search for ConsoleSetup.exe on your SCCM server and it will reside somewhere in the ConfigMgr directory.

If you have many machines to install the Console on, Microsoft provides the following command line switches for automation:

•  /q – runs in quiet/silent mode. 
• /uninstall – removes the console. Example: consolesetup.exe/uninstall /q 
• LangPackDir – use this switch if installing the console for a different language than the default.
• TargetDir – where to install the console, otherwise it uses the default. Example: TargetDir=D:\CfgMgr
• EnableSQM – enables the Customer Experience Improvement Program option for the console, i.e., collects usage data for improving the product/application. 1 = enable, 0 = disable. Example: EnableSQM=0
• DefaultSiteServerName – FQDN of SCCM server Example: DefaultSiteServerName=SystemCenter.payneb.com

*Don't forget to lock down those users using the Security Roles in the SCCM Administration. Allow only what you want them to be able to do.

Installing Software From a DVD on a vSphere VM

This was a little different scenario than usual. I had a dual-layer DVD, 7.5GB's worth of software that I needed to install on a vSphere VM (server). The software wouldn't allow install through a remote desktop connection. The second approach I took was to create a folder on the VM desktop and copy the files over. That didn't work because I was getting "file name too long" error's, so the copy would not fully complete. What I ended up doing was using ImgBurn to create an .iso of the DVD, then I uploaded the .iso to the desired datastore in vSphere, attached the iso to the cd/dvd drive of the VM, then done deal! A little extra work, but it got the job done.

*Edit* - It was brought to my attention of a much easier way to do this Go to the Properties of the VM, CD/DVD Drive, then (o) Client Device

Install SQL Server Reporting Services and the Reporting Services Role on SCCM 2012

Mostly posting for my own notes. This post lists step-by-step instructions on how to install MS SQL Server Reporting Services and adding the Reporting Services role on SCCM 2012
Keep in mind - Some settings that I list below could be different from your network or situation and may not necessarily apply to best practices.


----------------------------------------------------------------------------------------------------------
Install SQL Server Reporting Services and the Reporting Services Role on SCCM
----------------------------------------------------------------------------------------------------------

1. Run SQL Setup from iso
2. Add Features to an existing instance of SQL Server 2008 R2
1. Choose MSSQLSERVER
3. Feature Selection
1. [x] Reporting Services
2. For this feature, I could not specify the D: drive to install, this option was greyed out
4. Service Accounts
1. Choose SYSTEM (add other accounts later)
5. (o) Install, but do not configure the report server (other options were greyed out)
6. Next til finished

Login as payneb\Administrator and Open “Reporting Services Configuration Manager” and connect to database

1. Verify service has started
1. Check SQL Server Instance Product Version, should read “10.50.2500.0”
2. If reads “10.50.1600”, then you need to reinstall SQL 2008 R2 SP1, otherwise the Reporting Services role in SCCM will NOT WORK!!!!
1. http://www.microsoft.com/download/en/details.aspx?id=26727
2. An explanation is provided here: http://bit.ly/LFzrHw
2. Database tab
1. Change database
2. Create a new report server database
3. Database Name: ReportServer  (go w/ defaults)
1. (o) Native Mode
4. Finish
3. Still logged in as payneb\Administrator, go to http://systemcenter/Reports (Use IE)
1. Click on Site Settings
2. Security tab > Add New Role Assignment as needed
1. Add sccm.reporting user and other desired users
4. Open SQL Management Studio and grant sccm.reporting user rights (and whoever else) to the new ReportServer databases

Add the Reporting Services role in SCCM. At this point, I logged in as myself on the SCCM server

1. Administration tab > Servers and Site System Roles > Add Site System Role
2. [x] Reporting Services Point
3. Verify all information is correct, then click on Verify button
4. UN: sccm.reporting, enter password
5. Next, Finish
6. [OPTIONAL] You can verify that the role installs successfully by using CMTrace and open the SRSRP.LOG and/or SRSRPSetup.log file

Monitoring tab > Reports

1. Wait a few minutes and SCCM will populate this area w/ about 423 items
2. At this point you can log back into http://systemcenter/Reports provided you gave yourself permission from the steps above. When using Internet Explorer, choose Run As Administrator. or use a different browser. You should also see reports listed here as well.

From here on, you can view reports, create subscriptions, etc.

Two Printers to One Print Server Port

A while back, the idea of duplex printing for our computer labs was thrown around. Once approved we had to come up with an easy way to implement this while still giving the student an option to print simplex. To make things easier, we have a print manager software called Papercut. There is a duplex feature to turn on duplex printing for the specified printer, however, from there on - duplex is strictly enforced, even if a student turned off duplex in their favorite program. This presented a challenge as most of our labs only contain one physical printer. So, to get around that challenge, we setup a "new printer" using an existing port on the print server. Essentially this is like having two virtual printers to one physical printer.

So as you can see, I have printer 1C05-1 with Duplex enforced (on Papercut side). To add a "Simplex" printer, using the same port click on "Add a printer." 

Next, click on "Add a local printer"

Choose the same port, in this case "1C05P1" which is the dns name in which printer 1C05-1 is assigned

Once the printer is added, you now have two virtual printers, using the same port. So essentially, a student can now choose the "1C05-1-Simplex" printer to print 1-sided print jobs, while leaving 1C05-1 as the default, duplex virtual printer. Keep in mind, this is still one - physical printer.

On the server, if you go to Print Server Properties, you can see two (virtual) printers are assigned to the one port.

Setting up MS System Center Configuration Manager 2012 in a Test Lab Environment

To keep all of the System Center stuff separate from our network and production, I decided to set up an ESXi lab to do some testing first. Some settings that I list below could be different from your network or situation and may not necessarily apply to best practices. Active Directory is heavily involved with System Center and in some cases, extending the AD Schema can be one of the most important steps. For this test, SCCM and MS SQL will be on the same server.

Test Hardware:
 Lenovo 3269, Intel i5 processor, 16GB's ram, two ssd's

Prep (a couple hours):

• Install ESXi hypervisor
• Get vSphere setup, create two datastores, setup two vSwitches - 1 for management (public ip), 1 - for vm's (private ip's)
• Setup one Domain Controller VM (Server 2008 R2)
• Setup one System Center VM (Server 2008 R2)
• Setup four Win7 VM's (clients)

System Center Configuration Manager 2012 Prep Install:

In AD, create some users and place them in a special OU

• sql.sa (for sql server agent account, domain user recommended)
• sccm.install (for client push installs, software installs, needs to be local admin on all client computers)
• sccm.admin (used if you don't want to deal with multiple Windows user profiles on SystemCenter server, however not necessary)

Install MS SQL 2008 R2
**Go with the defaults unless specified below
 SQL Server Agent: payneb\sql.sa or Choose SYSTEM
 SQL Server Analysis Services: choose SYSTEM account
Database Engine Configuration 
  (o) Windows Authentication Mode
  Remove your user account from Administrators, add payneb\sql.sa (add domain admins group if desired)
Analysis Services Configuration
  Add payneb\sql.sa  (add domain admins group if desired)

Install MS SQL 2008 R2 SP1
 http://www.microsoft.com/download/en/details.aspx?id=26727

Install CU4 for SQL
 http://support.microsoft.com/kb/2633146

*Only needed if separate servers
Create 2 InBound Firewall Rules on SystemCenter
 Name: “SQL Server Port 1433” TCP, port 1433
 Name: “SQL Broker Service”, TCP, port 4022

Add SystemCenter computer object to local admin group on System Center server

Add sql.sa and sccm.admin users to local administrators group on System Center server

Create the System Management container in AD

• In ADSI Edit, click on the + and scroll down to CN=System > Right Click on CN=System and choose New, Object
• Choose Container from the options, click Next and enter System Management as the value

Delegate Permission to the System Management Container

• Open Active Directory Users and Computers. Click on view, select Advanced Features.
• Select the System Management Container, and right click it, choose All Tasks and Delegate Control.
• Click Add. Type in your SCCM server name and click on Check Names. Choose Create a Custom Task to Delegate, click next, make sure This folder, existing objects in this folder and creation of new objects in this folder is selected., click next, select the 3 permissions General, Property-Specific and Creation-deletion of specific child objects are selected then place a check mark in FULL CONTROL

Failure to do the above will mean that the System Management Container in AD will NOT POPULATE with ConfigMgr site info needed by the Clients and you will see many errors in your site status warning you of same.

Extend the Active Directory schema for Configuration Manager

• Browse to the System Center 2012 iso and copy \Bin\x64\Extadsch.exe to AD server
• In AD, open up a command prompt, run Extadsch.exe
• After ran, log file is located on C:\

Add .NET 3.5.1 and WCF Activation and IIS roles on System Center server
    Add Features, Select .NET Framework 3.5.1, also select WCF Activation and when prompted answer Add Required Role Services
    Check these IIS Components
        Common HTTP Features
        Static Content
        Default Document
        Directory Browsing
        HTTP Errors
        HTTP Redirection

        Application Development
        ASP.NET
        .NET Extensibility
        ASP
        ISAPI Extensions
        ISAPI Filters
     
        Health and Diagnostics
        HTTP logging
        Logging tools
        Request Monitor
        Tracing
        
        Security
        Basic Authentication
        Windows Authentication
        URL Authorization
        Request Filtering
        IP and Domain Restrictions

        Performance
        Static Content Compression

        Management Tools
        IIS Management Console
        IIS Management Scripts and Tools
        Management Service
        IIS 6 Management Compatibilty
        IIS 6 Metabase Compatibility
        IIS 6 WMI Compatibility
        IIS 6 Scripting Tools
        IIS 6 Management Console


Install .NET 4 Full
 http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=17718

Add BITS and Remote Differential Compression

• Add Features, place a selection mark in BITS and Remote Differential Compression (RDC).

Install System Center Configuration Manager 2012

    (o) Install a Configuration Manager primary site
        Download files when prompted. If it fails, try again
    Site and Installation Settings
        Site Code: P01 (Primary 01)
        Site Name: SCCM 2012
        Installation Folder: Data drive (E:)
    Primary Site Install
        (o) install the Primary site as a stand-alone site
    Database Information
        Leave Database Information as defaults
        Instance name - leave blank
    FQDN of server for SMS Provider, leave as default
    Communication Settings
        (o) Configure the communication method on each site system role
    Site System Roles
        [x] Install a management point, stay with default FQDN
        [x] Install a distribution point, stay with default FQDN
    Prerequisite checks
        Ignore SQL memory limit and WSUS warnings
    You can use the CMTrace tool and watch the log - C:\ConfigMgrSetup.log

Remotely Remove a User From the Local Administrators Group

Here's an easy way to remotely remove a user from the local administrators group using Psexec

What you'll need:

• psexec
• Elevated privileges 
• Allow inbound remote administration on pc you are reaching

Pull up the command prompt. It may be good to double check what users are in the Administrators group first.

C:\>  psexec \\2E01-Computer net localgroup Administrators

Now that you know the user you want to remove, insert the command below

C:\>  psexec \\2E01-Computer net localgroup administrators User /delete

That's it.