In these series of posts, we will go through the steps required to install Configuration Manager in a simple LAB environment. The LAB environment will be referenced in future posts as we explore Configuration Manager further. See Part 1 for an overview of the LAB environment.
Quick Jump:
Part 1 – Overview and Domain Controller installation
Part 2 – Management Server Installation
Part 3 – Installing SQL Server
Part 4 – Configuration Manager Prerequisites
Part 5 – Installing Configuration Manager
In this post we will install and configure all the prerequisites required to install Configuration Manager. Make sure the server (LABCM01) is restarted after completing all these tasks.
Local Admin Rights
The Configuration Manager server needs to be a local administrator, use the PowerShell script below to make LABCM01 part of the local Administrators group or add it manually using Computer Management.
$CMServer = "LABCM01"
$Domain = "lab.local"
$group = "WinNT://$CMServer/Administrators,group"
$member = "WinNT://$domain/$CMServer`$"
([ADSI]$group).add($member)The local Administrator group should look like this:
ConfigMgr Content Share and Structure
We need to create a content share where the source files for our applications, packages and operating system images will be located. The script below will create the share along with an example structure. The LocalDrive variable at the top should be the disk letter assigned to the Content disk.
$LocalDrive="F:"
Set-Location $LocalDrive
New-Item -Type Directory -Name ConfigMgr -Force | Out-Null
Set-Location "$LocalDrive\ConfigMgr"
New-Item -Type Directory -Name "Content" -Force | Out-Null
New-Item -Type Directory -Name "Content\Software" -Force | Out-Null
New-Item -Type Directory -Name "Content\Updates" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 7" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 7\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 7\HP" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 7\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 8" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 8\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 8\HP" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 8\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 10" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 10\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 10\HP" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\Windows 10\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\3.0" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\3.0\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\3.0\HP" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\3.0\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\4.0" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\4.0\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\4.0\HP" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\4.0\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\5.0" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\5.0\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\5.0\HP" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\5.0\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\10" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\10\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\10\HP" -Force | Out-Null
New-Item -Type Directory -Name "Content\Drivers\WinPE\10\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Content\App-V" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\BootImages" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\OSImages" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\OSImages\Windows 7" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\OSImages\Windows 8" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\OSImages\Windows 10" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\OSInstall" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\OSInstall\Windows 7" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\OSInstall\Windows 8" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\OSInstall\Windows 10" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\MDTToolkit" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\MDTSettings" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\Drivers" -Force | Out-Null
New-Item -Type Directory -Name "Content\OSD\MDTSettings\Deploy" -Force | Out-Null
New-Item -Type Directory -Name "InstallationUpdates" -Force | Out-Null
New-Item -Type Directory -Name "BootImageFiles" -Force | Out-Null
New-Item -Type Directory -Name "Captures" -Force | Out-Null
New-Item -Type Directory -Name "Hotfixes" -Force | Out-Null
New-Item -Type Directory -Name "Scripts" -Force | Out-Null
New-Item -Type Directory -Name "Scripts\PS" -Force | Out-Null
New-Item -Type Directory -Name "Scripts\VBS" -Force | Out-Null
New-Item -Type Directory -Name "StateCapture" -Force | Out-Null
New-Item -Type Directory -Name "Tools" -Force | Out-Null
New-Item -Type Directory -Name "Tools\PSTools" -Force | Out-Null
New-Item -Type Directory -Name "Stuff" -Force | Out-Null
New-Item -Type Directory -Name "MDTLogs" -Force | Out-Null
New-Item -Type Directory -Name "Import" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 7" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 7\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 7\HP" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 7\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 8" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 8\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 8\HP" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 8\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 10" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 10\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 10\HP" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\Windows 10\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\3.0" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\3.0\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\3.0\HP" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\3.0\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\4.0" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\4.0\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\4.0\HP" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\4.0\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\5.0" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\5.0\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\5.0\HP" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\5.0\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\10" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\10\Dell" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\10\HP" -Force | Out-Null
New-Item -Type Directory -Name "Import\Drivers\WinPE\10\Lenovo" -Force | Out-Null
New-Item -Type Directory -Name "Import\MOFs" -Force | Out-Null
New-Item -Type Directory -Name "Import\Baselines" -Force | Out-Null
New-SmbShare -Name ConfigMgr -Path "$LocalDrive\ConfigMgr" -FullAccess Everyone -ErrorAction 'SilentlyContinue'Windows Server Prerequisites
There are several roles and features like IIS we need to install, to make this easier Nickolaj Andersen has created an application called the ConfigMgr Prerequisite Tool that installs the required components. Download and extract the tool, then run ConfigMgrPrerequisitesTool.exe as an administrator.
On the left hand side select Settings then select Sources at the top. The Windows Server 2019 installation media should be in the DVD drive. Browse to the sources\sxs folder on the installation media.
Switch to “Sites” on the left hand side and select “Preferences” from the top menu. Select all the drives EXCEPT for the Distribution Point disk (E:) and click “Create”. This creates a blank file called NO_SMS_ON_DRIVE.SMS at the root level of each selected disk. If Configuration Manager sees this file on a disk, the drive is ignored. This means that we are forcing Configuration Manager to only use the Distribution Point disk which is what we want.
Change to the “Site Type” tab at the top. Then select “Primary Site” from the dropdown list and select the “Retry with alternate source location” box before pressing “Install”.
Wait for the installation to complete, this could take a little while.
Once the install has been completed press “Roles” on the left hand side. Select “Management Point” in the dropdown list and press “Install”.
Repeat the process but this time select “Distribution Point” in the dropdown list.
Windows 10 Assessment and Deployment Kit (ADK)
The Windows 10 Assessment and Deployment Kit or ADK is a set of tools that can be used to customize and deploy Windows. The ADK can be downloaded here. At the time of writing the latest version of ADK is 1903, make sure to download the Windows PE add-on as well.
Start by running the ADK installer (adksetup.exe). Select a path where the ADK will be installed (as before we will be using the ConfigMgr disk) then press “Next”.
Select at least the following 4 features and click “Install”.
The download is around 850MB and could take a while depending on internet speed.
Once the ADK is installed we need to install the Windows PE add-on (adkwinpesetup.exe).
There is only one option so make sure that Windows PE is selected.
The Windows PE add-on is 5.7GB and could take a while depending on internet speed.
Creating the System Management Container
The System Management Container is where Configuration Manager will publish site information in Active Directory. This information will be used by clients and servers joined to Active Directory to find the Configuration Manager server. Below is a PowerShell script that will automatically create the Management Container in Active Directory.
Note: These steps need to be performed on LABADM01, where we earlier installed the required Active Directory tools. If you decided not to install a management server, then install the required administration tools on LABCM01. See the earlier post on Installing a Management Server for how to install the tools.
$CMServer = "LABCM01"
try
{
$adDomain = Get-ADDomain
$managementContainerPath = "CN=System," + $adDomain.DistinguishedName
New-ADObject -path $managementContainerPath -Type container -name "System Management" -WarningAction 'SilentlyContinue' -ErrorAction 'SilentlyContinue' | Out-Null
$managementContainerPath = "ad:CN=System Management,CN=System," + $adDomain.DistinguishedName
$ACL = Get-Acl $managementContainerPath
$SID = (Get-ADComputer $CMServer).SID
$ActiveDirectoryRights = "GenericAll"
$AccessControlType = "Allow"
$Inherit = "All"
$nullGUID = [guid]'00000000-0000-0000-0000-000000000000'
$ACE = New-Object System.DirectoryServices.ActiveDirectoryAccessRule $SID, $ActiveDirectoryRights, $AccessControlType, $Inherit, $nullGUID
$ACL.AddAccessRule($ACE)
Set-Acl -AclObject $ACL $managementContainerPath
Write-Host "Created the Management Container"
}
catch
{
Write-Host "Failed to create the Management Container. Does it allready exist?"
}The Management Container can also be created/verified manually by performing the following steps:
Open ADSI Edit in Administrative Tools, from the Control Panel or Start Menu.
Right click on ADSI Edit and select “Connect To”, leave the defaults and press “OK”.
Locate CN=System and see if the CN=System Management container is present. If not, right click on CN=System and select New -> Object.
Select “Container” from the list and click “Next”.
Type “System Management” into the value field. Make sure to spell this correctly or else it won’t work.
Once the System Management container is created right click on it and select “Properties”, then select the Security tab. Add LABCM01 (remember to add Computer as an object type) and give it Full Control.
Click on Advanced to open the Advanced Security Settings page. Find LABCM01 in the list and click edit.
Under “Applies to” select “This object and all descendant objects”. Press “OK” and apply the settings. Close the remaining security windows.
We have now installed all of the prerequisites required, in the next post we will finally be installing Configuration Manager. Make sure that the server is restarted as there have been a lot of changes made.
