Deploying Configuration Manager Current Branch with PKI - Step by Step

Free!

Minimum price

$49.95

Suggested price

505
Readers
215
Pages

English
PDF

This book is 99% complete

Last updated on 2018-02-21

About the Book

This book covers the entire end-to-end planning, installing, updating, configuring and deploying a complete system with a full PKI infrastructure to boot! That element alone, documented in Chapter 2, cannot be overemphasized and is worth the cost of the book all by itself! When I was looking into the implementation of the then-new and shiny Internet Based Client Management (IBCM) feature many years ago, all I knew of PKI was how to spell it. I would have given anything for this information back then. For you, it’s all crystal clear, and found right here in chapter 2.

Beyond that element, you will first see listed out all the prerequisites necessary, the various roles and features to be implemented, the black magic that is SQL Server, your domain configurations clearly explained and necessary (which will keep your Domain Admins away from your desk!), and then walk you through how to install it all. You’ll then end up with SSL security, the MDT Toolkit fully integrated, updated to Current Branch 1710, initial configuration settings applied, and clients deployed. In other words, you’ll create a completely functional system with all of the latest-and-greatest. If you’re naturally lazy like me, and you don’t particularly want to go through all of this yourself but just want it DONE so you can get on with it, guess what? There’s a SCRIPT to do it all FOR you!!!

Lastly, the authors’ then go on to also manage all of that hocus-pocus called networking! I never pretended to be a network engineer. As far as I’m concerned, they all live in a foreign land complete with its own language. NAT? Wasn’t that a famous singer back in the day??? What’s that got to do with anything? Well, in a simple-to-follow procedure in the prerequisites section, they make it all clear, and why.

Share this book
Feedback
- Email the Author(s)

Dave Kawula

Dave is a Microsoft Most Valuable Professional (MVP) with over 20 years of experience in the IT industry. His background includes data communications networks within multi-server environments, and he has led architecture teams for virtualization, System Center, Exchange, Active Directory, and Internet gateways. Very active within the Microsoft technical and consulting teams, Dave has provided deep-dive technical knowledge and subject matter expertise on various System Center and operating system topics.

Dave is well-known in the community as an evangelist for Microsoft, 1E, and Veeam technologies. Locating Dave is easy as he speaks at several conferences and sessions each year, including TechEd, Ignite, MVP Days Community Roadshow, and VeeamOn.

Recently Dave has been honored to take on the role of Conference Co-Chair of TechMentor with fellow MVP Sami Laiho. The lineup of speakers and attendees that have been to this conference over the past 20 years is really amazing. Come down to Redmond or Orlando in 2018 and you can meet him in person.

As the founder and Managing Principal Consultant at TriCon Elite Consulting, Dave is a leading technology expert for both local customers and large international enterprises, providing optimal guidance and methodologies to achieve and maintain an efficient infrastructure.

BLOG: www.checkyourlogs.net

Twitter: @DaveKawula

Emile Cabot

Émile is a three-time Microsoft Most Valuable Professional (MVP) who started in the industry during the mid-90s working at an ISP and designing web sites for celebrities. He has a strong background specializing in datacenter and deployment solutions, and has spent many years performing infrastructure analyses and solution implementations for organizations ranging from 20 to over 200,000 employees.

Émile organizes the Calgary Microsoft User Group, blogs on CheckYourLogs.net, and has presented at several conferences, including Ignite, VeeamOn, TechReady, and MVPDays.

He actively volunteers as a member of the Canadian Ski Patrol, providing over 250 hours each year for first aid services and public education at Castle Mountain Resort and in the community.

Allan Rafuse

Allan is a Microsoft Most Valuable Professional (MVP) and a Veeam Vanguard. Throughout his career, his skills have allowed him to work in variety of different industries (Oil and Gas, Banking and Healthcare) and also move to several Canadian provinces and even live in Europe. He has worked in many job roles that support the data center stack and cloud components and is also well versed in designing and deploying robust, highly available enterprise solutions in single or multi datacenter environments.

Integrating products and automation are passions of Allan. His solutions usually employ virtual environments (Hyper-V, VMware), Active Directory, SQL Server, System Center (SCCM, SCOM, SCVMM, SCORCH), Windows Server, Exchange, PowerShell, Veeam products and even Linux. He is an expert at scripting solutions and has an uncanny ability to reduce complexity and maximize the functionality of PowerShell.

Allan is a huge tech evangelist and the founder and Managing Principal Consultant at BroadArc Consulting. His consulting skills, vision, methodologies and frameworks have allowed many projects and solutions to thrive and succeed.

If you haven’t had the chance to personally meet Allan’s at an IT community speaking, you can always virtually follow him and introduce yourself on his blog or twitter.

BLOG: www.checkyourlogs.net | Twitter: @AllanRafuse | LinkedIn: www.linkedin.com/in/allanrafuse/

Cristal Kawula

Cristal Kawula is the co-founder of MVPDays Community Roadshow and #MVPHour live Twitter Chat. She is the President of TriCon Elite Consulting where she manages the day to day operations of the field consulting and sales teams.

Cristal is also only the 2nd Woman in the world to receive the prestigious Veeam Vanguard Community excellence award. In July of 2017 she was awarded the designation of Microsoft MVP.

Early in her career Cristal worked as a consultant with Microsoft authoring content for internal SMSGR and GTR teams. This content was used to train internal support engineers and global escalation engineering teams.

Cristal can be found speaking at Microsoft Ignite, MVPDays, and other local user groups. She is extremely active in the community and has recently helped publish a book for other Women MVP’s called Voices from the Data Platform.

BLOG: http://www.checkyourlogs.net

Twitter: @supercristal1

Foreword by: Ed Aldrich iii

Acknowledgements iv

From Dave iv

About the Authors v

Dave Kawula - MVP v

Allan Rafuse – MVP vi

Cristal Kawula – MVP vii

Emile Cabot - MVP viii

Technical Editors ix

Cary Sun – CCIE #4531 (Future Microsoft MVP) ix

Contents xi

Introduction 16

North American MVPDays Community Roadshow 16

Sample Files 17

Additional Resources 17

Chapter 1 19

Pre-Requisites 19

Lab Server Names 19

Building the Lab with BigDemo_CM.PS1 21

Enable Routing in the Lab 25

Software Requirements 39

Configure Certificate Authority to Support SHA256 certificates 40

Create Configuration Manager Groups and Users 41

Configuration Manager Service Accounts Required for Build 43

Chapter 2 45

Configuring PKI for Configuration Manager Current Branch 45

Create and Issue Web Certificates 45

Enroll Web Certificate on the site server 52

Create and Issue Windows Client Certificate 58

Create and issue the Workstation Authentication certificate template on the certification authority 60

Configure Autoenrollment of the Workstation Authentication Template by using Group Policy 66

Automatically enroll the Workstation Authentication certificate and verity its installation on computers 69

Deploy the Client Certificate to Distribution Points 71

Create and issue a custom Workstation Authentication certificate on the Certificate Authority 71

Request the custom Workstation Authentication Certificate on the Distribution Points 78

Export the Client Certificate for the rest of the Distribution Points 82

Chapter 3 86

Install required Roles and Features 86

Using the ConfigMgr Prerequisites Tool 3.01 86

Download and Install the ConfigMgr Prerequisite Tool 87

Install the core Features / Roles for a Single Primary Site Server 89

Install the core Features / Roles for a Management Point 90

Install the core Features / Roles for a Distribution Point 91

Download and Install Windows ADK for Windows 10, version 1709 92

Install WSUS Role 93

Add a 2 VHDx drives to the Config MGR Server for the Site Server and SQL Install 95

Chapter 3 104

Install SQL Server 2016 SP1 104

SQL Server Service Accounts 104

Configure SQL Firewall Port Exceptions 105

Install Default Instance of SQL 2016 SP1 109

Download and Install SQL Server Managemetn Studio (SSMS) 118

Configure SQL Server Memory Limits 120

Chapter 5 124

Configure Domain Settings 124

Configure Firewall Group Policy for Configuration Manager Client Communication 124

Mount Configuration Media on Site Server 130

Extend AD Schema 132

Create System Management Container 134

Chapter 4 140

Install Configuration Manager Current Branch 1702 140

Configure SSL Bindings 140

Install MDT 2013 Update 2 build 8443 145

Configure No_SMS_on_Drive.sms 149

Install Site Server Role 150

Perform MDT Integration with CM 163

Verify Console Status and System Health 166

Chapter 5 168

Update to Configuration Manager Current Branch 1710 168

Upgrade to Current Branch 1710 using In-Console Upgrade 168

Chapter 6 178

Configuring Initial Site Settings 178

Enable Discovery Methods 178

Configure the Subnets in AD Sites and Services 183

Configure Boundaries 185

Configure Boundary Groups 187

Configure Client Push Installation Settings 190

Chapter 7 192

Deploy Clients 192

Configure Client Push Installation Settings 192

Deploy Clients to the Lab 194

Appendix 199

BigDemo_CM.PS1 199

Contact Info 215

Join us at MVPDays and meet great MVP’s like this in person 215

Live Presentations 215

Video Training 215

Live Instructor-led Classes 216

Consulting Services 216

Twitter 217

Master Storage Spaces Direct

Dave Kawula, Thomas Rayner, Allan Rafuse, and Cristal Kawula

Master PowerShell Tricks Volume 1

Dave Kawula, Thomas Rayner, and Allan Rafuse

Master PowerShell Tricks Volume 2

Dave Kawula, Thomas Rayner, Allan Rafuse, and Will Anderson

Master PowerShell Tricks Volume 3

Dave Kawula, Thomas Rayner, Allan Rafuse, and Will Anderson

Migrating from Exchange 2010 to Exchange 2016 - Step-by-Step

Dave Kawula and Cary Sun

Creating Azure Site to Site VPN's Step-By-Step

Dave Kawula and Cary Sun

Deploying System Center Virtual Machine Manager 2016

Dave Kawula, Cary Sun, Allan Rafuse, and Cristal Kawula

Deploying System Center Virtual Machine Manager Volume 2

Dave Kawula, Cary Sun, Allan Rafuse, and Cristal Kawula

Migrating to Office 365 - Step by Step

Dave Kawula and Cary Sun

Deploying System Center Data Protection Manager Volume 1

Dave Kawula, Cary Sun, and Cristal Kawula

Master Veeam Tricks Volume 1

Dave Kawula, Cristal Kawula, Markus Kraus, Didier Van Hoye, Karl Widmer, Craig Dalrymple, Mike Conjoice, Eugene Kashperovetskyi, Ian Sanderson, and Rhys Hammond

Building Real World Labs in Azure Volume 1

Dave Kawula, Cary Sun, Emile Cabot, and Angus

The Leanpub 45-day 100% Happiness Guarantee

Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms...

Write and Publish on Leanpub

Authors, publishers and universities use Leanpub to publish amazing in-progress and completed books and courses, just like this one. You can use Leanpub to write, publish and sell your book or course as well! Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks. Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. It really is that easy.

Learn more about writing on Leanpub