Laboratory – Virtual Machines
Windows Server 2019 Data Center – Active Directory, DNS, DHCP – 2GB of ram – 4 core
Windows Server 2019 Data Center – SCCM, SQL – 4GB of ram – 6 core
Windows 10 Pro build 21H1 – 2GB Ram – 2 core
Microsoft Endpoint Configuration Manager download link:
Try Microsoft Endpoint Configuration Manager (Technical Preview) on Microsoft Evaluation Center
Then we go to the step-by-step installation and configuration of the service.
How to migrate files from Google Drive to Microsoft 365
Storing SSH keys in Active Directory for easy deployment
How to recover files permanently deleted from Onedrive
Email attacks, do you know how to defend yourself?
What is Microsoft LAPS?
Creating the Management Container in Active Directory
We will create a container in our Active Directory and we will assign the full permissions to the SCCM service user and also to the host (virtual machine). This step is necessary for the server to create objects or make any changes.
Follow the steps below to create the container: 1. Log in to the domain controller. Click Server Manager, Tools, click EDIT ADSI.
1. Log in to the domain controller. Click Server Manager, Tools, click EDIT ADSI.
2. Right-click the ADSI edition and click Connect.
3. In the connection settings window, keep the default settings. Click OK.
4. Expand the default naming context. Right-click CN=System. Click New and create an Object.
5. Select the class as container and click Next.
6. Name it System Management.
7. Click Next and click Finish to close the wizard.
Grant permissions to the SCCM server in the systems management container
After creating the container, the next step is to delegate the full permissions to the service user and also to the server in the container created earlier.
To do this, follow the steps below:
1. Start active users and computers.
2. Click View and click Advanced Features.
3. Expand the system, right-click System Management, and click Delegate control.
4. Click Add. In select users, computers or groups, click object types and make sure the computer is selected, if not, click the check-box. Click OK. 5. Enter the computer account name of the main site server and click OK.
6. Add the main site server computer account and click next.
7. On the Tasks to Delegate page, click create a custom task…as pictured. Click Next.
8. Select “this folder…”. Click Next.
9. Select the three check-boxes: “general, property and creation”. Then select the “full control” check-box. Click next.
10. Click Next and click Finish to close the wizard.
Extending Active Directory Schema
Now let's see the steps to extend the active directory scheme using utility "extadsch". To extend the schema, use an account that is a member of the security group Schema Admins. Be connected to the schema master domain controller.
1. Locate the extadsch which can be found in SMSSETUP\BIN\X64, it is inside the sccm installer file (Configmgr_TechPreview2103).
2. Hold the shift key on your keyboard and right-click on extadsch and click copy as path.
3. Start command prompt with elevated permissions. Right-click and click paste and hit enter.
4. You should see the line successfully extended Active Directory Schema.
5. Open the extadsch.log log file located at the root of the system drive. You should see the line “Succesfully extended the active directory schema”.
Let's install the IIS feature on the SCCM server, this is necessary for some web reports or access to some services on the server.
Follow the steps below and install:
– Net Framework 3.5 Features (Install all sub-features)
– Net Framework 4.5 Features (Install all sub-features)
– BITS (Background Intelligent Transfer Service)
– Remote Differential Compression
Now let's add the roles services:
– Common HTTP Features – Default Document, Static Content.
– Application Development: .NET Extensibility 3.5 and 4.5. Select ASP.NET 3.5, ISAPI extensions, ASP.NET 4.5.
– Security: Windows Authentication.
– IIS 6 Management Compatibility: IIS Management Console, IIS 6 Metabase Compatibility, WMI Compatibility and IIS Management Scripts and Tools.
Installing Windows 10 ADK and WinPE
Now we will download a fundamental component to assemble our image structure, in this step we will download Windows ADK and WINpe. The Windows Assessment and Deployment Kit (Windows ADK) contains tools that IT professionals can use to deploy Windows.
After the download run the ADK installer. Then select the check-box as shown in the image below and click install.
With the ADK installed now let's install WinPe, follow the image below.
ADK & WinPe download link:
Installing SQL Server 2019 and SQL Studio
Now we will install SQL Server, follow the steps below, start the installation with the sccm service account.
Select “New SQL Server…”
Define the installation location of the instances and select the “Database Engine Services” check-box.
Select Windows Authentication mode and enter the sccm service account.
SQL installed successfully.
SQL Server Downloads | Microsoft
SQL Management Studio download link:
Windows firewall configuration
For the sccm clients to be installed successfully we need to release the firewall ports and rules. To make management easier, I recommend creating a GPO.
Download link for the GPO I created:
The ports we need to release are: 1433 and 4022, these correspond to the SQL services that SCCM uses. Create an inbound/outbound rule on the firewall.
Link to port documentation:
Configure Windows Firewall – SQL Server | Microsoft Docs
Next, we will release the File and Printer Sharing service on the firewall and also the Windows Management Instrumentrion (WMI).
Create a new inbound rule and under predefined select: File and printer Sharing.
Check all check-box and then allow the connection and terminate. Repeat the same process for the outbound rule.
Once the settings are done, we will now run the SCCM installation (Configmgr_TechPreview2103).
Extract the file to a folder, by default it will play on disk C and then locate the folder and run the file: splash.
Let's install SCCM as the primary site
Now we will download the installation prerequisites, make sure the server is connected to the internet and choose the location to save the files.
Choose a language.
Set your site's initials and its name as well.
Now we will see the information about the database, click on next.
Specify the location of the database files, if you want to keep the default that is defined.
Keep the default communication setting.
In site role keep the default setting to install distribution point & management point.
Keep the default setting and click next.
Now it will list the settings made in this wizard.
Now comes the validation of prerequisites. If you come across the SQL service account error, this link can help you.
SCCM 2016 Troubleshooting: Resolve SQL Server Service Account Issue during setup – TechNet Articles – United States (English) – TechNet Wiki (microsoft.com)
Now wait for installation
And now we have the SCCM console open.
So that's it guys, I hope you like the documentation and see you next time.
Link to MEM documentation (SCCM)
Setup wizard – Configuration Manager | Microsoft Docs
Microsoft Endpoint Manager documentation | Microsoft Docs
What is Configuration Manager? – Configuration Manager | Microsoft Docs
Channel 9 - SCCM:
System Center Configuration Manager | Brands | Channel 9 (msdn.com)
Was this article helpful?
To maintain a quality standard for you, we have invested in a great hosting plan, Paid CDN, Website Optimization Plugins, etc ...
Help us to keep the project active!