Microsoft System Center Configuration Manager

2007 Administrators Companion Steve Kaczmarek

Microsoft Corporation download

https://ebookbell.com/product/microsoft-system-center-
configuration-manager-2007-administrators-companion-steve-
kaczmarek-microsoft-corporation-4124680

Explore and download more ebooks at ebookbell.com

Here are some recommended products that we believe you will be
interested in. You can click the link to download.

Microsoft System Center Configuration Manager Advanced Deployment

Martyn Coupland

https://ebookbell.com/product/microsoft-system-center-configuration-
manager-advanced-deployment-martyn-coupland-50195210

Microsoft System Center Configuration Manager Field Experience Rushi

Faldu

https://ebookbell.com/product/microsoft-system-center-configuration-
manager-field-experience-rushi-faldu-4420076

Microsoft System Center Configuration Manager High Availability And

Performance Tuning Marius Sandbu

https://ebookbell.com/product/microsoft-system-center-configuration-
manager-high-availability-and-performance-tuning-marius-sandbu-4701808

Microsoft System Center Configuration Manager Advanced Deployment

Martyn Coupland

https://ebookbell.com/product/microsoft-system-center-configuration-
manager-advanced-deployment-martyn-coupland-6809048
Microsoft System Center 2012 Configuration Manager Administration
Cookbook Mason Brian

https://ebookbell.com/product/microsoft-system-
center-2012-configuration-manager-administration-cookbook-mason-
brian-2620362

Microsoft System Center Troubleshooting Configuration Manager Rushi

Faldu

https://ebookbell.com/product/microsoft-system-center-troubleshooting-
configuration-manager-rushi-faldu-4544592

Microsoft System Center Troubleshooting Configuration Manager

Introducing Faldu

https://ebookbell.com/product/microsoft-system-center-troubleshooting-
configuration-manager-introducing-faldu-23889620

Deploying Windows 10 Automating Deployment By Using System Center

Configuration Manager Monica

https://ebookbell.com/product/deploying-windows-10-automating-
deployment-by-using-system-center-configuration-manager-
monica-22062060

Microsoft System Center Enterprise Suite Unleashed Amaris

Chriskopczynski

https://ebookbell.com/product/microsoft-system-center-enterprise-
suite-unleashed-amaris-chriskopczynski-22105662
PUBLISHED BY
Microsoft Press
A Division of Microsoft Corporation
One Microsoft Way
Redmond, Washington 98052-6399
Copyright © 2008 by Steven D. Kaczmarek
All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or
by any means without the written permission of the publisher.
Library of Congress Control Number: 2008920200

Printed and bound in the United States of America.

1 2 3 4 5 6 7 8 9 QWT 3 2 1 0 9 8

Distributed in Canada by H.B. Fenn and Company Ltd.

A CIP catalogue record for this book is available from the British Library.

Microsoft Press books are available through booksellers and distributors worldwide. For further infor-
mation about international editions, contact your local Microsoft Corporation office or contact Microsoft
Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress.
Send comments to [email protected].

Microsoft, Microsoft Press, Active Directory, BitLocker, Excel, ForeFront, Internet Explorer, MSDN,
PowerPoint, SQL Server, Windows, Windows Mobile, Windows NT, Windows Server, and Windows
Vista are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or
other countries. Other product and company names mentioned herein may be the trademarks of their
respective owners.

The example companies, organizations, products, domain names, e-mail addresses, logos, people, places,
and events depicted herein are fictitious. No association with any real company, organization, product,
domain name, e-mail address, logo, person, place, or event is intended or should be inferred.

This book expresses the author’s views and opinions. The information contained in this book is provided
without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its
resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly
or indirectly by this book.

Acquisitions Editor: Martin DelRe

Developmental Editor: Jenny Moss Benson
Project Editor: Melissa von Tschudi-Sutton
Editorial Production: Abshier House
Technical Reviewer: Greg Ramsey; Technical Review services provided by Content Master, a member
of CM Group, Ltd.
Cover: Design by Tom Draper Design
Body Part No. X14-58149
I would like to dedicate this book to my parents, who proudly tell anyone who will listen that there
is an author in the family. I am especially grateful to my partner, William, for his support and
encouragement and to Scruffy, our Cairn terrier, who kept me from working too many continuous
hours at my many computers by subtly reminding me of the importance of the occasional walk or
wrestle. Finally, I want to call out the terrific writers who work with me in publishing all that great
content about Configuration Manager and who continually impress me with their dedication to
quality, their passion for you, our customers, and their incredible knowledge of and ability to
navigate the often complicated synapses that is Configuration Manager.
Contents at a Glance
Part I
Planning, Deploying, and Configuring
1 Introducing Microsoft System Center Configuration
Manager 2007 3
2 Planning for and Deploying Configuration Manager Sites . . . . . . . 23
3 Configuring Site Server Properties and Site Systems . . . . . . . . . . . 93
4 Implementing Multiple-Site Structures . . . . . . . . . . . . . . . . . . . . . . 143
5 Upgrading to Configuration Manager . . . . . . . . . . . . . . . . . . . . . . 187
6 Analysis and Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . 211

Part II
Managing Clients
7 Discovering Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
8 Configuration Manager Client Installation . . . . . . . . . . . . . . . . . . . 287
9 Defining Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
10 Collecting Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
11 Distributing Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391
12 Deploying Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455
13 Deploying Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505
14 Implementing Desired Configuration Management . . . . . . . . . . . 567
15 Implementing Network Access Protection . . . . . . . . . . . . . . . . . . . 597
16 Managing Clients Across the Internet . . . . . . . . . . . . . . . . . . . . . . 631
17 Managing Clients Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647
18 Monitoring Software Usage with Software Metering . . . . . . . . . . 665

v
vi Contents at a Glance

Part III
Site Database Management
19 Extracting Information Using Queries and Reports . . . . . . . . . . . 685
20 Configuration Manager 2007 Security . . . . . . . . . . . . . . . . . . . . . . 723
21 Backing Up and Recovering the Site . . . . . . . . . . . . . . . . . . . . . . . . 763
22 Maintaining the Configuration Manager Database through
SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793

Part IV
Appendixes
A Recommended Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815
B Backup Control File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819
C Understanding Windows Management Instrumentation . . . . . . . 823
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .825

Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .839
Table of Contents
Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xxvii
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxix

Part I
Planning, Deploying, and Configuring
1 Introducing Microsoft System Center Configuration
Manager 2007 3
What Is System Center Configuration Manager 2007? . . . . . . . . . . . . . . . . . . . . . 4
What’s Changed Since System Management Server 2003? . . . . . . . . . . . . . . . . . 6
New Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Integrated Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Enhanced Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Security and Site Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Features and Functions of Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . 8
Inventory and Resource Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Diagnosis and Troubleshooting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
System Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Remote Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Logs and Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Computer Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Key Elements of Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuration Manager Client. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Configuration Manager Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Configuration Manager Site Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Configuration Manager Site System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Configuration Manager Console. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Configuration Manager Site Hierarchy . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Microsoft is interested in hearing your feedback about this publication so we can
What do you think of this book? continually improve our books and learning resources for you. To participate in a brief
We want to hear from you! online survey, please visit: www.microsoft.com/learning/booksurvey/

vii
viii Table of Contents

2 Planning for and Deploying Configuration Manager Sites . . . . . . . 23

Planning for Configuration Manager Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Preplanning Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
Examine and Document Your Current Computing Environment . 24
Identify Business and Technical Needs . . . . . . . . . . . . . . . . . . . . . . . 25
Create a Test Lab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Planning Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Active Directory Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Checkpoints for Extending the Active Directory Schema for
Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Site Mode Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Mixed Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Native Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Checkpoints for Planning Configuration Manager Installations . . 31
Preinstallation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
General Site Server Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Site Database Server Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
SMS Provider Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Configuration Manager Console Prerequisites . . . . . . . . . . . . . . . . . . . . . 34
Downloading Client Setup Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Configuration Manager Setup Prerequisites . . . . . . . . . . . . . . . . . . . . . . . 37
Configuration Manager Setup Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Configuration Manager Setup Command-Line Options . . . . . . . . . . . . . . . . . . 39
Using the Configuration Manager Setup Wizard . . . . . . . . . . . . . . . . . . . 41
Configuration Manager Setup Wizard Installation
Settings Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Performing Unattended Configuration Manager Installations . . . . . . . . 43
Installing Configuration Manager Primary Sites . . . . . . . . . . . . . . . . . . . . . . . . . 43
Primary Site Installation Using the Configuration Manager
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
Configuration Manager Setup Wizard Pages for Installing
Primary Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Configuration Manager Primary Site Unattended Installation . . . . . . . . . . . . . 60
 Table of Contents ix

Installing Configuration Manager Secondary Sites . . . . . . . . . . . . . . . . . . . . . . . 60

Secondary Site Installation Using the Configuration Manager
Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
SSecondary Site Installation Using the Configuration
Manager Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Secondary Site Unattended Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
SSecondary Site Installation Using the Configuration
Manager Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Secondary Site Unattended Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Installing Configuration Manager Consoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuration Manager Console Installation Using the Configuration
Manager Setup Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Configuration Manager Console Unattended Installation . . . . . . . . . . . . 76
Checkpoints for Installing Configuration Manager Sites
and Consoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Navigating the Configuration Manager Console . . . . . . . . . . . . . . . . . . . . . . . . 77
Modifying the Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Address Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Boundaries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Client Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Client Installation Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Component Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Discovery Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Site Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Checkpoints for Navigating the Configuration Manager Console 84
Removing Configuration Manager Installations . . . . . . . . . . . . . . . . . . . . . . . . . 85
Uninstalling Primary Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Uninstalling Secondary Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Uninstalling Configuration Manager Consoles . . . . . . . . . . . . . . . . . . . . . 89
Checkpoints for Removing Configuration Manager Installations . 90
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90

3 Configuring Site Server Properties and Site Systems . . . . . . . . . . . 93

Defining and Configuring the Configuration Manager Site . . . . . . . . . . . . . . . 94
x Table of Contents

Configuring Site Properties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98

The General Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
The Wake On LAN Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
The Ports Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
The Advanced Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
The Site Mode Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
The Security Tab . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Site Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
The Site Configuration Process Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Monitoring Status and Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117
Enabling Configuration Manager Log Files . . . . . . . . . . . . . . . . . . 117
Defining and Configuring Site Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 120
Site System Connection Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 122
Assigning Site System Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 124
Distribution Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
BITS-Enabled Distribution Points . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Protected Distribution Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 128
Branch Distribution Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Management Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131
Management Point Component Configuration . . . . . . . . . . . . . . . 134
Proxy Management Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 135
Reporting Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136
Server Locator Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
Fallback Status Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 139
Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Planning and Identifying Site Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
Disk Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142

4 Implementing Multiple-Site Structures . . . . . . . . . . . . . . . . . . . . . . 143

Defining Parent-Child Relationships . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143
 Table of Contents xi

Installing a Secondary Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145

Installing the Secondary Site from Its Parent Primary Site . . . . . 147
Installing the Secondary Site Locally from the Configuration
Manager CD . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152
The Secondary Site Installation Process Flow . . . . . . . . . . . . . . . . . 153
Differences in Installation Between Primary and
Secondary Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153
Uninstalling a Secondary Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Implementing a Parent-Child Relationship Between Primary Sites . . . 156
Creating an Address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Creating an Address to Another Site . . . . . . . . . . . . . . . . . . . . . . . . 158
Identifying the Parent Site . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164
Implementing Site Hierarchies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167
Network Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 169
Client Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
Location and Number of Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 173
International Site Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
Administrative Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
Active Directory Domain Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Communicating Through Senders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177
Sender Process Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 178
Defining a Sender . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
Courier Sender . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 183
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 186

5 Upgrading to Configuration Manager . . . . . . . . . . . . . . . . . . . . . . 187

Planning the Site Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 187
Maintaining Mixed Sites within the Same Site Structure . . . . . . . . . . . . . . . . . 188
Site Version Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 188
Site Administration Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
Upgrading to Configuration Manager 2007 . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
Preparing to Upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
Setup Prerequisite Checker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Client Prerequisite Component Downloader . . . . . . . . . . . . . . . . . 193
xii Table of Contents

Upgrading Primary Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194

In-Place Upgrade Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 194
Side-by-Side Upgrade Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
Upgrading Secondary Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202
Upgrading Secondary Sites Using the Configuration
Manager Console . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
Upgrading Secondary Sites Using Configuration
Manager Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Upgrading Administrator Consoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206
Post-Upgrade Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208

6 Analysis and Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . 211

Working with Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Viewing Site Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
Setting Status Message Viewer Options . . . . . . . . . . . . . . . . . . . . . . . . . . 218
The Status Viewer Options Dialog Box . . . . . . . . . . . . . . . . . . . . . . 220
Filter Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
Understanding Status Summarizers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
Display Interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226
Status Message Thresholds . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227
Configuring Status Summarizers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Component Status Summarizer . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228
Site System Status Summarizer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
Advertisement Status Summarizer . . . . . . . . . . . . . . . . . . . . . . . . . . 234
Filtering Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 235
Configuring Status Reporting Properties . . . . . . . . . . . . . . . . . . . . . . . . . 236
Status Filter Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
Working with Status Message Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242
Status Message Process Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247
Reporting Status on Site Servers and Site Systems . . . . . . . . . . . . . . . . . 248
Reporting Status from Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
Reporting Status to the Configuration Manager Database . . . . . . . . . 250
Using Configuration Manager Service Manager . . . . . . . . . . . . . . . . . . . . . . . . 251
Using Windows System Monitor with Configuration Manager . . . . . . . . . . . 253
 Table of Contents xiii

Using System Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253

Creating a System Monitor Chart . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Creating a System Monitor Log . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259
Viewing a Log File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
Configuration Manager Specific Objects and Counters . . . . . . . . . . . . . 261
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 264

Part II
Managing Clients
7 Discovering Resources. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 267
Understanding Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 268
Examining Resource Discovery Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Network Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 269
Enabling Network Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 271
Network Discovery Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 278
Checkpoints for Using Network Discovery . . . . . . . . . . . . . . . . . . . 279
Heartbeat Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Enabling Heartbeat Discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 279
Checkpoints for Using Heartbeat Discovery . . . . . . . . . . . . . . . . . 280
Active Directory Discovery Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281
Enabling and Configuring an Active Directory
Discovery Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282
Checkpoints for Using an Active Directory
Discovery Method . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Discovery Data Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 286

8 Configuration Manager Client Installation . . . . . . . . . . . . . . . . . . . 287

Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287
Planning for Client Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
Understanding and Configuring Boundaries . . . . . . . . . . . . . . . . . . . . . . 288
Understanding and Configuring Client Approval . . . . . . . . . . . . . . . . . . 290
Choosing Client Installation Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
Choosing Client Agents to Enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292
xiv Table of Contents

Preparing for Client Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293

Client Prerequisites for Client Deployment . . . . . . . . . . . . . . . . . . . . . . . 293
Server Prerequisites for Client Deployment . . . . . . . . . . . . . . . . . . . . . . . 294
Management Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Server Locator Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294
Fallback Status Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
Installing Clients Using Client Push Installation . . . . . . . . . . . . . . . . . . . . . . . . . 298
Preparing for Client Push Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
Using the Client Push Installation Wizard . . . . . . . . . . . . . . . . . . . . . . . . . 302
Overview of Other Available Client Installation Methods . . . . . . . . . . . . . . . . 303
Software Update Point Based Installation . . . . . . . . . . . . . . . . . . . . . . . . . 303
Group Policy Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Manual Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Logon Script Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Software Distribution Upgrade Installation . . . . . . . . . . . . . . . . . . . . . . . 305
Installation Using Computer Imaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305
Understanding the Client Deployment Process . . . . . . . . . . . . . . . . . . . . . . . . 306
The Client Installation Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
The Client Assignment Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Site Assignment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Site Compatibility Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 309
Locating the Default Management Point . . . . . . . . . . . . . . . . . . . . 310
Locating Site Mode and Related Settings . . . . . . . . . . . . . . . . . . . . 312
Managing the Configuration Manager Client . . . . . . . . . . . . . . . . . . . . . . . . . . 313
Removing the Configuration Manager Client . . . . . . . . . . . . . . . . . . . . . 313
Understanding the Configuration Manager Client in Control Panel . . 314
The Configuration Manager Icon . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Using Client Deployment Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319
Checkpoints for Client Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320

9 Defining Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321

Defining Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Collection Membership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323
Predefined Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
 Table of Contents xv

Creating Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325

Creating a Direct Membership Collection . . . . . . . . . . . . . . . . . . . . . . . . 326
Creating a Query-Based Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332
Creating Subcollections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336
Unlinking Subcollections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337
Updating Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Forcing an Update . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Updating All Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Updating an Individual Collection . . . . . . . . . . . . . . . . . . . . . . . . . . 340
Deleting a Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Assigning a Maintenance Window to a Collection . . . . . . . . . . . . . . . . . 348
Collection Evaluator Update Process Flow . . . . . . . . . . . . . . . . . . . . . . . . 351
Status Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 353
Collections and the Configuration Manager Site Hierarchy . . . . . . . . . . . . . . 354
Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 355

10 Collecting Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357

Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 357
Enabling Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Client Requirements and Inventory Frequency . . . . . . . . . . . . . . . 362
Hardware Inventory Collection Process Flow . . . . . . . . . . . . . . . . . . . . . . 362
Hardware Resynchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 364
Status Messages and Log Files for Hardware Inventory . . . . . . . . . . . . . 364
Viewing Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 368
Customizing Hardware Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370
SMS_def.mof and configuration.mof . . . . . . . . . . . . . . . . . . . . . . . . 371
MIF Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 373
Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 377
Enabling Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 378
Client Requirements and Inventory Frequency . . . . . . . . . . . . . . . 383
Software Inventory Collection Process Flow . . . . . . . . . . . . . . . . . . . . . . . 383
Software Resynchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 384
Status Messages and Log Files for Software Inventory . . . . . . . . . . . . . . 385
Viewing Software Inventory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 385
xvi Table of Contents

Asset Intelligence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388

Asset Intelligence Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 389

11 Distributing Software Packages . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391

Defining Package Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 392
Understanding Package Distribution Terminology . . . . . . . . . . . . . . . . . 392
Preparing for Package Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Creating Packages for Distribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 394
Gathering Source Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Creating a Package from Scratch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395
Defining Access Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 401
Defining Distribution Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 403
Creating Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 409
Creating a Package from a Definition File . . . . . . . . . . . . . . . . . . . . . . . . 417
Package Distribution Process Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 423
Configuring the Software Distribution Component . . . . . . . . . . . . . . . . . . . . . 425
Distributing Software from a Resource . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Creating an Advertisement . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 432
Configuring the Client Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 439
Running Advertised Programs on Clients . . . . . . . . . . . . . . . . . . . . . . . . . 441
Run Advertised Programs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 441
Program Download Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 443
Managing the Configuration Manager Client Download Cache . . . . . 444
Advertised Programs Process Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Monitoring Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 446
Working with Branch Distribution Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Creating a Branch Distribution Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450
Managing Branch Distribution Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . 452
Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454

12 Deploying Operating Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 455

Understanding the Working Components of Operating System
Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456
A05T623856.fm Page xvii Monday, January 28, 2008 2:09 PM

Table of Contents xvii

Understanding Task Sequences . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 456

Creating an Image for Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Understanding Boot Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 464
Understanding Operating System Images . . . . . . . . . . . . . . . . . . . . . . . . 466
Configuring a Reference Computer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 466
Editing the Reference Computer Task Sequence . . . . . . . . . . . . . . . . . . . 473
Advertising the Task Sequence to the Reference Computer . . . . . . . . . 478
Deploying the Operating System Image . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 481
Distribute the Operating System Image . . . . . . . . . . . . . . . . . . . . . . . . . . 483
Deploying the Operating System Image to Target Computers . . . . . . . 483
Create the Deployment Task Sequence . . . . . . . . . . . . . . . . . . . . . . 483
Editing the Deployment Task Sequence . . . . . . . . . . . . . . . . . . . . . . . . . . 490
Advertising the Deployment Task Sequence to the
Target Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Monitoring Status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 494
Manual Deployment Methods . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 496
Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 504

13 Deploying Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 505

The Need for Effective Software Updates Management . . . . . . . . . . . . . . . . . 506
Introduction to the Software Updates Management Process . . . . . . . . . . . . . 506
The Microsoft Operations Framework . . . . . . . . . . . . . . . . . . . . . . . . . . . 507
The Microsoft-Recommended Software Updates
Management Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Preparing for Software Updates Management . . . . . . . . . . . . . . . . . . . . . . . . . 511
Identifying IT Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Inventorying IT Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Configuring IT Assets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Building the Configuration Manager Software Updates Infrastructure 513
Establishing and Training the Software Updates
Management Team . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
The Four-Phase Software Updates Management Process . . . . . . . . . . . . . . . . 516
The Assess Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516
A05T623856.fm Page xviii Monday, January 28, 2008 2:11 PM

xviii Table of Contents

Inventorying and Discovering Existing Computing Assets . . . . . . 516

Assessing Security Threats and Vulnerabilities . . . . . . . . . . . . . . . . 516
Determining the Best Source for Information about
Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517
Assessing the Existing Software Updates Infrastructure . . . . . . . 517
Assessing Operational Effectiveness . . . . . . . . . . . . . . . . . . . . . . . . 517
Leaving the Assess Phase and Moving to the Identify Phase . . . 518
The Identify Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 518
Discovering New Software Updates Reliably . . . . . . . . . . . . . . . . . 518
Determining Whether Software Updates Are Relevant . . . . . . . . 519
Obtaining and Verifying Software Update Source Files . . . . . . . . 520
Determining the Nature of the Software Update and
Submitting a Request for Change . . . . . . . . . . . . . . . . . . . . . . . . . . 521
Leaving the Identify Phase and Moving to the Evaluate &
Plan Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
The Evaluate & Plan Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Determining the Appropriate Response . . . . . . . . . . . . . . . . . . . . 522
Planning the Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 524
Building the Release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Conducting Acceptance Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . 525
Leaving the Evaluate & Plan Phase and Moving to the
Deploy Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
The Deploy Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Preparing the Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Deploying the Software Update to Targeted Computers . . . . . . 527
Reviewing the Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
Leaving the Deploy Phase . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
Integrating Configuration Manager 2007 into the Software Updates
Management Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
Software Updates General Requirements . . . . . . . . . . . . . . . . . . . . . . . . . 529
Software Updates Client Agent Settings . . . . . . . . . . . . . . . . . . . . . . . . . . 530
The Software Update Point . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 532
Choosing the Software Update Point Computer . . . . . . . . . . . . . . 533
WSUS 3.0 Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533
Software Update Point Site System Role . . . . . . . . . . . . . . . . . . . . . 537
 Table of Contents xix

Software Updates Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 542

Scanning for Software Updates Compliance . . . . . . . . . . . . . . . . . . . . . . 543
Completing the Software Updates Infrastructure . . . . . . . . . . . . . . . . . . 545
Software Updates Fundamentals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Preparing for the Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Deployment Templates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
Deployment Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 549
The Update List . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 552
Deploying Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555
Creating the Software Update Deployment . . . . . . . . . . . . . . . . . . 556
Monitoring the Progress of the Deployment . . . . . . . . . . . . . . . . . 559
Responding to Emergencies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
Releases with Accelerated Timelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . 559
Halting a Software Update Deployment . . . . . . . . . . . . . . . . . . . . . . . . . . 561
Rolling Back Software Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561
Creating and Publishing Custom Updates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 561
Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 564
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565

14 Implementing Desired Configuration Management . . . . . . . . . . . 567

The Need for Desired Configuration Management . . . . . . . . . . . . . . . . . . . . . 568
Understanding the Components of Desired Configuration Management . . 570
Configuration Items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 570
Configuration Baselines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 572
Preparing to Use Desired Configuration Management . . . . . . . . . . . . . . . . . . 573
Enabling Desired Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . 574
Using Desired Configuration Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . 575
Organizing Configuration Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 583
Search Folders . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 584
Configuration Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 585
Understanding Compliance Evaluation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 586
How to View Compliance Results in Desired Configuration Management . . 589
The Desired Configuration Management Home Page . . . . . . . . . . . . . . 589
Using Reports to View Compliance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 590
xx Table of Contents

Viewing Compliance Directly at the Client Computer . . . . . . . . . . . . . . 591

Remediating Noncompliant Computers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
Creating a Collection of Noncompliant Computers . . . . . . . . . . . . . . . . 593
Checkpoints for Using Desired Configuration Management . . . . . . . . . . . . . 598
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599

15 Implementing Network Access Protection . . . . . . . . . . . . . . . . . . . 597

Understanding Network Access Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
The Many Layers of Network Access Protection . . . . . . . . . . . . . . . . . . . 598
The Network Policy Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
Remediating Noncompliant Configuration Manager Clients . . . . . . . . 601
Planning for Network Access Protection in Configuration Manager . . . . . . . 602
Confirm the Windows Network Access Protection Infrastructure . . . . 602
Extend the Active Directory Schema . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 602
Decide on Server Placement for the System Health Validator Points . 603
Identify and Configure Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Confirm Software Updates Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Engage Other Business Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604
Educate Your Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
Identify Users and Computers That Need Exemptions . . . . . . . . . . . . . . 606
Checkpoints for Identifying Which Clients Can Support Network
Access Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
Implementing Network Access Protection in Configuration Manager 608
Creating and Configuring the System Health Validator Point . . . . . . . 608
Installing a System Health Validator Point . . . . . . . . . . . . . . . . . . . 609
Configuring the System Health Validator Points . . . . . . . . . . . . . . 611
Enabling and Configuring Network Access Protection
Client Settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
Checkpoints for Enabling Network Access Protection in Configura-
tion Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 614
Creating and Managing Network Access Protection Policies . . . . . . . . 617
Monitoring Network Access Protection . . . . . . . . . . . . . . . . . . . . . . . . . . 621
Using the Network Access Protection Home Page to Monitor Network
Access Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 625
Using Reports to Monitor Network Access Protection . . . . . . . . . 627
 Table of Contents xxi

Using Performance Counters and Event Logs to Monitor Network

Access Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 628
Using Log Files to Monitor Network Access Protection . . . . . . . . 628
Checkpoints for Phasing in Network Access Protection . . . . . . . . 628
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 630

16 Managing Clients Across the Internet . . . . . . . . . . . . . . . . . . . . . . 631

Understanding Internet-Based Client Management . . . . . . . . . . . . . . . . . . . . . 631
Checkpoints for Managing Internet-Based Clients . . . . . . . . . . . . . . . . . 633
Planning for Internet-Based Client Management . . . . . . . . . . . . . . . . . . 634
Implementing Internet-Based Client Management . . . . . . . . . . . . . . . . 637
Checkpoints for Using Internet-Based Client Management . . . . . . . . . 644
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646

17 Managing Clients Remotely . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647

Configuring a Client for Remote Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
Client System Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 648
Configuring the Remote Tools Client Agent . . . . . . . . . . . . . . . . . . . . . . 649
Setting Remote Options at the Client System . . . . . . . . . . . . . . . . . . . . . 655
Exploring Remote Tools Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 657
Running Diagnostic Tools for Windows Clients . . . . . . . . . . . . . . . . . . . . 657
Remote Tools Session Process Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 659
Monitoring Status and Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
Monitoring Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 660
Monitoring a Remote Tools Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661
Remote Assistance and Remote Desktop Support . . . . . . . . . . . . . . . . . . . . . . 662
Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 664

18 Monitoring Software Usage with Software Metering . . . . . . . . . . 665

Understanding Software Metering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 665
Software Metering Process Flow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666
Configuring Software Metering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667
Configuring the Software Metering Client Agent . . . . . . . . . . . . . . . . . . 667
Configuring Software Metering Rules . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669
Creating a Software Metering Rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 669
xxii Table of Contents

Automatically Generating Software Metering Rules . . . . . . . . . . . . . . . . 671

Enabling and Disabling a Software Metering Rule . . . . . . . . . . . . . . . . . 673
Summarizing Data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673
Running Software Metering Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677
Checkpoints . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680
Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 680

Part III
Site Database Management
19 Extracting Information Using Queries and Reports . . . . . . . . . . . 685
Working with Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 685
Query Elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688
Creating a Query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692
Modifying a Query . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698
Combining Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701
Viewing the Query Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 703
Creating Prompted Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 704
Executing Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705
Working with Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706
Using Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 710
Creating and Modifying a Report . . . . . . . . . . . . . . . . . . . . . . . . . . 710
Copying an Existing Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713
Importing and Exporting Reports . . . . . . . . . . . . . . . . . . . . . . . . . . 714
Scheduling a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 714
Running a Report . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 716
Using Dashboards . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
Creating a Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718
Running a Dashboard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719
Checkpoints for Using Queries and Reports . . . . . . . . . . . . . . . . . . . . . . . . . . . 721
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 721

20 Configuration Manager 2007 Security . . . . . . . . . . . . . . . . . . . . . . 723

Security Planning and Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724
Basic Security Configurations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724
 Table of Contents xxiii

Security Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 727

Native Mode versus Mixed Mode . . . . . . . . . . . . . . . . . . . . . . . . . . 727
Publishing to Active Directory Domain Services . . . . . . . . . . . . . . 729
Configuring Additional Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . 729
Administration Models . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 730
Privacy Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 730
Certificates and PKI Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731
Site Server Signing Certificate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732
Client and Site System Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733
Client Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733
Site System Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734
Mobile Device Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735
Operating System Deployment Certificates . . . . . . . . . . . . . . . . . . . . . . . 736
Deploying the Certificates . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736
Security Controls in Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
Network Security Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
IPsec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737
DCOM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 738
WMI Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 739
Group Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740
Access Control Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 741
Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 742
Configuration Manager Object Security . . . . . . . . . . . . . . . . . . . . . . . . . . 743
Classes and Instances . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 744
Common Object Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745
Special Object Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 746
Delegating Object Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 747
Account Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 753
Accounts in Sites with Multiple Forests . . . . . . . . . . . . . . . . . . . . . . 754
Accounts Used for Task Sequences . . . . . . . . . . . . . . . . . . . . . . . . . . 756
Client Push Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 757
Proxy Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 757
Configuration Manager Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . 758
xxiv Table of Contents

Database Roles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 758

Accounts Used by Humans . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 759
Checkpoints for Configuring Accounts Correctly . . . . . . . . . . . . . 760
Custom Configuration Manager Consoles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762

21 Backing Up and Recovering the Site . . . . . . . . . . . . . . . . . . . . . . . . 763

Database Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764
General Maintenance Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 764
Daily Maintenance Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 765
Weekly Maintenance Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 766
Monthly Maintenance Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767
Scheduling Maintenance Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767
Scheduling SQL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 767
Scheduling Tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769
Backing Up the Site Through Configuration Manager . . . . . . . . . . . . . . . . . . . 772
Backing Up the Site Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772
The Backup Control File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774
Configuring Backup ConfigMgr Site Server . . . . . . . . . . . . . . . . . . 775
Recovering Configuration Manager Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777
Recovering the Site Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 777
Recovering the Site Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778
Using the Configuration Manager Site Repair Wizard . . . . . . . . . . . . . . 781
Restoring Site Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 789
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791

22 Maintaining the Configuration Manager Database through

SQL Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793
SQL Server Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 795
Creating a Database in SQL Server 2005 . . . . . . . . . . . . . . . . . . . . . . . . . 796
Configuration Manager Database Components . . . . . . . . . . . . . . . . . . . . . . . . 798
SQL Server Management Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 800
Database Maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 801
Commands Used for Performing Essential Maintenance Tasks . . . . . . . 801
Executing a Maintenance Command Using SQL Server 2005 . . . . . . . . 802
 Table of Contents xxv

Backing Up and Restoring the Database . . . . . . . . . . . . . . . . . . . . . . . . . 804

Backing Up and Restoring Using SQL Server 2005 . . . . . . . . . . . . . . . . . 805
Modifying SQL Server Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 808
Modifying Parameters for SQL Server 2005 . . . . . . . . . . . . . . . . . . . . . . . 809
Using SQL Replication to Enhance Configuration Manager
Site Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 811

Part IV
Appendixes
A Recommended Web Sites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 815
B Backup Control File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819
C Understanding Windows Management Instrumentation . . . . . . . 823
Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .825

Index. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .839

Microsoft is interested in hearing your feedback about this publication so we can

What do you think of this book? continually improve our books and learning resources for you. To participate in a brief
We want to hear from you! online survey, please visit: www.microsoft.com/learning/booksurvey/
Acknowledgments
Having authored and participated in the publication of several books in recent years, I
can assert with conviction that the process takes the commitment of many people. This
book was certainly no exception.
First and foremost, many thanks to the editorial team at Microsoft Press. Its dedication
and hard work were outstanding in every respect. The editorial review process can be
frustrating, but team members made the process comfortable for me, and I greatly appre-
ciate their efforts, their comments, and their patience. In particular, thanks to Martin
DelRe, my publisher, and to Melissa von Tschudi-Sutton and the excellent editorial team
who made sure I dotted the i’s and crossed the t’s.
This book is intended to get the new administrator up and running and using the features
quickly, and for the more experienced administrator as a quick reference for common tasks.
Consequently, you’ll notice that the book does not cover every nuance of this product. The
Configuration Manager writing team whom I manage has already done a terrific job of doc-
umenting to that level of granularity in the Configuration Manager Documentation Library.
Nevertheless, I realized early that I would reach the limits of my own expertise with this
product quickly. So, I engaged five great additional writers from my team who are experts
in their areas. I want to acknowledge them and their contributions to this book. Carol
Bailey wrote Chapter 15, “Implementing Network Access Protection,” and Chapter 16,
“Managing Clients Across the Internet.” Jeff Gilbert wrote Chapter 2, “Planning for and
Deploying Configuration Manager Sites,” and Chapter 5, “Upgrading to Configuration
Manager.” Rob Stack wrote Chapter 8, “Planning for and Installing Configuration Manager
Clients,” and Chapter 14, “Implementing Desired Configuration Management.” Doug Eby,
who also is architect of the Configuration Manager SuperFlow series, wrote Chapter 13,
“Deploying Software Updates.” Cathy Moya, my terrific project lead for Configuration Man-
ager, wrote Chapter 20, “Configuration Manager 2007 Security.”
One of our great partners in the community, Greg Ramsey, was our technical reviewer
and did a superb job of keeping us on track and technically accurate. Thanks, Greg! Also,
I'd like to acknowledge the particular assistance given by the following members of the
Configuration Manager product team for their assistance in reviewing, researching, and
gathering content. Thank you to Sangeetha Visweswaran, Development Lead, and
Michael Wray, Software Development Engineer in Test, for your assistance with Chapter
15, and to Adam Meltzer, Software Development Engineer in Test, for your assistance
with Chapter 16.
Finally, thanks to all of you—my customers, partners, and friends in the management
community. Your support of our writing efforts has been invaluable.

xxvii
Introduction
Microsoft has traditionally geared its development of Windows Server applications
toward providing network administrators with tools that can facilitate the functionality
and management of its Windows networks. For example, applications such as Microsoft
Exchange 2007 and Microsoft SQL Server 2008 provide exceptional mail and database
support through centralized management. Microsoft Systems Center Configuration Man-
ager 2007 is just such a product. In this new release you have a superior product that pro-
vides centralized management and support for your install base of computers. Those of
you who have grown up with Systems Management Server (SMS) 2003 and its plethora
of tools, add-ons, and feature packs will be particularly impressed with the improvements
made in this version, which enhances the functionality and scalability within large enter-
prise networks and the integration of features such as operating system deployment and
mobile device management.
This book is designed to provide you with both a learning and practical guide to the
administrative tasks you’ll be performing with Configuration Manager. It is intended to
get the new administrator up and running, and using the features quickly, and for the
more experienced administrator as a quick reference for common tasks. Consequently,
you’ll notice that this book does not cover every nuance of this product. The Configura-
tion Manager Writing Team at Microsoft has already done a terrific job of documenting to
that level of granularity in the Configuration Manager Documentation Library. In fact,
you’ll find many references throughout the book that point you to the core documenta-
tion for more detailed information.

Part I: Planning, Deploying, and Configuring

Part I introduces the reader to Configuration Manager, outlining its features and function-
ality and comparing and contrasting it to the previous version, SMS 2003. This part also
covers a wide range of topics specific to the installation and planning of a Configuration
Manager site. Chapter 1, “Introducing System Center Configuration Manager 2007,” pre-
sents an overview of Configuration Manager and identifies the new and updated features
of the product, as well as an overview to navigating the Configuration Manager console.
Chapter 2, “Planning for and Deploying Configuration Manager Sites,” provides a
detailed discussion of the installation process for a Configuration Manager primary site,
including preinstallation requirements as well as postinstallation system modifications.
You’ll also learn how to navigate administrative functions using the Configuration Man-
ager console, which uses the Microsoft Management Console (MMC) 3.0 format. In

xxix
xxx Introduction

Chapter 3, “Configuring Site Server Properties and Deploying Site Systems,” you’ll learn
how to define and configure the Configuration Manager site and site systems. Chapter 4,
“Implementing Multiple-Site Structures,” suggests planning considerations for a multiple-
site structure, including developing parent-child relationships among primary sites, creat-
ing secondary sites, and establishing Configuration Manager communication mecha-
nisms between sites. Chapter 5, “Upgrading to Configuration Manager,” shows you how
to identify the decision points, and make the best choices, to plan your upgrade strategy
and upgrade Configuration Manager successfully. Chapter 6, “Analysis and Trouble-
shooting Tools,” introduces the reader to the various tools available in Configuration
Manager that enable the administrator to monitor activity in the Configuration Manager
site, track the flow of information, and analyze network and server performance. These
tools are examined in more detail in subsequent chapters.

Part II: Managing Clients

Part II discusses three main areas of client system support through Configuration Man-
ager: resource discovery, client installation, and remote control. Part II also discusses
what is probably a Configuration Manager administrator’s primary reason for purchasing
Configuration Manager—the distribution of software and other packages to client sys-
tems through the network with little or no user intervention and the management of that
software once it’s installed.
Chapter 7, “Discovering Resources,” and Chapter 8, “Planning for and Installing Configu-
ration Manager Clients,” describe the discovery and assignment process for Configuration
Manager client systems. Before a client can be installed as a Configuration Manager client,
it must be discovered and assigned to a Configuration Manager site. The various client
setup methods are described, with the chapter focus being on the Client Push deployment
method. Chapter 9, “Defining Collections,” explains the concept of a collection in Config-
uration Manager and describes how collections are created and maintained.
Configuration Manager supports software inventory and hardware inventory, and the
collection process for the Configuration Manager client is defined for both hardware and
software inventory in Chapter 10, “Collecting Inventory.” Chapter 11, “Distributing Soft-
ware Packages,” describes the package distribution process, including creating packages
and programs, identifying package recipients through collections, and executing package
commands at the client system. Chapter 12, “Deploying Operating Systems,” discusses
the operating system deployment feature of Configuration Manager—a tool for creating
and managing images that can be deployed to computers managed by Configuration
Manager 2007, and to unmanaged computers using bootable media such as a CD set,
DVD, or USB. Chapter 13, “Deploying Software Updates,” explains how you can use the
 Introduction xxxi

software updates feature in Configuration Manager 2007 along with the Microsoft-
recommended software updates management process to provide an effective system for
updating software in your environment. Chapter 14, “Implementing Desired Configura-
tion Management,” introduces one of the key new features in Configuration Manager,
desired configuration management. You’ll learn how to configure this feature, download
best practices configuration data, and how to evaluate your computers against this data.
Chapter 15, “Implementing Network Access Protection,” explores how you can use Con-
figuration Manager’s integration with Windows Network Access Protection (NAP) to
help protect network assets, and extend central management of software updates with
compliance enforcement. In Chapter 16, “Managing Clients Across the Internet,” you’ll
learn how to use Configuration Manager to manage clients that are connected to your net-
work through an Internet connection. In Chapter 17, “Managing Clients Remotely,” you’ll
learn how to remotely monitor and troubleshoot a client system through the Configura-
tion Manager console. Chapter 18, “Monitoring Software Usage with Software Metering,”
discusses how you can monitor and report on software usage on client systems.

Part III: Site Database Management

Part III covers a wide variety of topics related to the Configuration Manager database.
Because the database itself must be maintained on a server running SQL Server 2005 Ser-
vice Pack 2 or higher, this part approaches database management from two perspectives:
management and reporting from within the Configuration Manager console, and main-
tenance and events related directly to SQL Server. In Chapter 19, “Extracting Information
Using Queries and Reports,” you’ll learn how to query for and report on information kept
in the database from within the Configuration Manager console. In Chapter 20, “Config-
uration Manager 2007 Security,” you’ll look at the new security mode provided with Con-
figuration Manager, and explore how to make your Configuration Manager site secure. In
Chapter 21, “Backing Up and Recovering the Site,” you’ll examine disaster recovery tech-
niques. Chapter 22, “Maintaining the Configuration Manager Database through
Microsoft SQL Server,” covers SQL Server topics, including event triggers, SQL Server
resources, and components used by Configuration Manager, maintenance and optimiza-
tion techniques, and SQL Server backup and restore methods. This chapter isn’t
intended to be a primer for SQL Server; instead, it is designed to provide the SMS admin-
istrator with a basic understanding of SQL Server–related maintenance tasks.

Part IV: Appendixes

This book contains three appendixes. Appendix A, “Recommended Internet Sites,” lists
some of the Web sites that the author considers particularly useful for gathering additional
xxxii Introduction

information about or obtaining support for Configuration Manager and SQL Server 2005
Service Pack 2 or higher. Appendix B, “Backup Control File.” contains the text for the
backup control file used by the SMS Site Backup service when performing a site server
backup scheduled through the SMS Administrator Console, as discussed in Chapter 21.
Appendix C, “Understanding Windows Management Instrumentation,” provides an
overview of Windows Management Instrumentation.

How to Use This Book

Within the chapters, we’ve tried to make the material accessible and readable. You’ll find
descriptive passages, theoretical explanations, and step-by-step examples. We’ve also
included a generous number of graphics that make it easy to follow the written instruc-
tions. The following reader’s aids are common to all books in the Administrator’s Com-
panion series.

Real World Title Starts Here

Everyone can benefit from the experiences of others. “Real World” sidebars contain
elaboration on a theme or background based on the experiences of others who
used this product during the beta testing period.

Note Notes include tips, alternative ways to perform a task, or some informa-
tion that needs to be highlighted.

More Info Often there are excellent sources for additional information on key
topics. We use these boxes to point you to a recommended resource.

Important Boxes marked Important shouldn’t be skipped. (That’s why they’re

called Important.) Here you’ll find security notes, cautions, and warnings to keep
you and your network out of trouble.

Best Practices Best Practices provide advice for best practices that this book’s
authors have gained from our own technical experience.

Security Alert Nothing is more important than security when it comes to a

computer network. Security elements should be carefully noted and acted on.
 Introduction xxxiii

System Requirements
This book is designed to be used with the following software:
■ System Center Configuration Manager 2007
■ Microsoft SQL Server 2005 Service Pack 2 (or higher)
The following are the minimum system requirements to run the companion CD provided
with this book:
■ Microsoft Windows XP, with the latest service pack installed and the latest updates
installed from Microsoft Update Service
■ CD-ROM drive
■ Internet connection
■ Display monitor capable of 1024 x 768 resolution
■ Microsoft Mouse or compatible pointing device
■ Adobe Reader for viewing the eBook (Adobe Reader is available as a download at
http://www.adobe.com)

About the Companion CD

The companion CD contains the fully searchable electronic version of this book and
additional sample chapters from other titles that you might find useful. We’ve also
included links to product TechCenter Web sites, tools, and Webcasts, and other useful
information we found useful while we were writing this book.
This CD includes nine System Center Configuration Manager Feature Quizzes. These
quizzes were developed by the System Center Configuration Manager 2007 User Assis-
tance team to help you assess your understanding of the dependencies and requirements
for key features of Configuration Manager. These quizzes are intended to raise your level
of awareness of the some of the nuances of these features before you configure and use
them. They can also be used to help train other Configuration Manager administrators
within your organization.
Each quiz consists of 10 questions that can be answered Yes or No. Regardless of your
answer, the quiz will display the correct information and include one or more links
to the corresponding related content located in the Configuration Manager 2007
Document ation Librar y located on t he Configuration Manager TechCenter
(http://technet.microsoft.com/configmgr/default.aspx). These quizzes are published in
d ow n lo a d abl e fo r ma t o n t h e M ic ro s o ft Web s i t e a n d c a n b e fo u n d h e re:
http://www.microsoft.com/downloads/details.aspx?FamilyID=b9fb478a-ec98-47f2-
b31e-57443a8ae88f&DisplayLang=en. Periodically new quizzes will be added, and we
xxxiv Introduction

encourage you to check the download site as well as the Configuration Manager Tech-
Center for updates.
This CD also includes an audio excerpt from each chapter in .MP3 format. These excerpts
were originally published on myITforum.com TV and are included here with permission
from myITforum.com. myITforum.com, Inc. is the premier online destination for IT pro-
fessionals responsible for managing their corporations’ Microsoft Windows systems,
especially for IT pros working with Microsoft Systems Management Server (SMS), System
Center, Microsoft Operations Manager (MOM), Scripting, Windows Mobile, Group Pol-
icy (GPO), and Patching and Security. The centerpiece of myITforum.com, Inc. is a col-
lection of member forums, e-mail lists, and technical articles where IT professionals
actively exchange technical tips, share their expertise, and download utilities that help
them better manage their Windows environments. myITforum.com, Inc. is owned and
managed by Rod Trent, author of the best-selling books Microsoft SMS Installer, Admin911:
SMS, and IIS 5.0: A Beginner’s Guide. He has also written thousands of articles on topics
related to the management of Microsoft Windows installations. Rod is a leading authority
on Microsoft SMS and a regular speaker at the Microsoft Management Summit. Rod is
also a member of a select group of Microsoft “Most Valuable Professionals” (MVPs), an
honor accorded by Microsoft to “standouts in technical communities who share a pas-
sion for technology and the spirit of community."
Please visit http://www.myitforum.com/aboutus/portfolio.asp for a complete discussion of
the value and benefits myITforum.com can bring to you and your organization.

Support
Ever y effort has been made to the accuracy of this book and companion CD
content. Microsoft Press provides corrections to this book through the Web at
http://www.microsoft.com/mspress/support/search.aspx
If you have comments, questions, or ideas regarding the book or companion CD content,
please send them to Microsoft Press using either of the following methods:
E-mail: [email protected]
Postal mail:
Microsoft Press
Attn: Microsoft System Center Configuration Manager 2007 Administrator’s Companion Editor
One Microsoft Way
Redmond, WA 98052-6399
Please note that product support is not offered through the preceding mail addresses.
For support information, please visit the Microsoft Help and Support Web site at
http://support.microsoft.com.
Part I
Planning, Deploying, and
Configuring

Chapter 1:
Introducing Microsoft System Center Configuration Manager 2007. . . . . . 3
Chapter 2:
Planning for and Deploying Configuration Manager Sites . . . . . . . . . . . . . 23
Chapter 3:
Configuring Site Server Properties and Site Systems . . . . . . . . . . . . . . . . . . 93
Chapter 4:
Implementing Multiple-Site Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . .143
Chapter 5:
Upgrading to Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187
Chapter 6:
Analysis and Troubleshooting Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211
Chapter 1
Introducing Microsoft System
Center Configuration Manager
2007
Many computers
We will look after them now
Take the pain away
~ Rob Stack, Technical Writer, Configuration Manager

What Is System Center Configuration Manager 2007?. . . . . . . . . . . . . . . . . . 4

What’s Changed Since System Management Server 2003? . . . . . . . . . . . . . . 6
Features and Functions of Configuration Manager . . . . . . . . . . . . . . . . . . . . 8
Key Elements of Configuration Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Welcome to Microsoft System Center Configuration Manager 2007, the newly engi-
neered version of Microsoft System Management Server (SMS) 2003. The shorter name,
Configuration Manager, is referred to throughout this book. This book gives you the
insight and tools necessary to successfully plan for, deploy, and administer Configuration
Manager. The fundamental components and features of Configuration Manager, such as
distributing packages, collecting hardware and software inventory, distributing software
updates, and remotely administering a computer, are explored, as well as new features
such as deploying operating systems, managing desired configurations of users’ comput-
ers, restricting noncompliant computers from accessing your network, and managing
mobile devices. Planning and deployment procedures for site systems and clients are dis-
cussed, and the implementation of a Configuration Manager site hierarchy is examined.
Relevant SMS 2003 migration and update readiness issues are also looked at, as well as
disaster recovery and database maintenance recommendations.

3
4 Part I Planning, Deploying, and Configuring

As many of you know, Configuration Manager has gone through many generations and
enhancements since its initial 1.0 release as Systems Management Server. Here’s a brief
history. Noting the shortcomings of the SMS 1.x family unabashedly reported to
Microsoft by all of you SMS administrators, Microsoft released SMS 2.0. This was a com-
plete renovation of the product that addressed many of the issues that SMS administra-
tors raised. That version dropped some functionality (most notably the clunky Program
Group Control), enhanced existing functionality (package distribution, inventory, and
remote control), and added functionality (logon points, client access points, distribution
points, and software metering). SMS 2003 further enhanced and refined the product,
adding Active Directory support and integrating software update management. Configu-
ration Manager represents the next generation of this product, integrating operating sys-
tem deployment functionality, Windows Server Update Services, and desired computer
configuration management among other features, and through sound planning and
deployment, can very well help you to lower the total cost of ownership of computers in
your organization.
To those of you who purchased the previous editions of this book, be assured that this
isn’t a repetition of the previous edition. To be sure, some features remain largely the
same and so the content is refreshed only as needed. However, Microsoft has “touched”
nearly every component in SMS 2003 as it generated Configuration Manager, so there is
new material throughout. As always, there are new Configuration Manager administra-
tors among you, so this chapter begins by introducing Configuration Manager and
describing what this product is all about.

What Is System Center Configuration

Manager 2007?
The computing industry has undergone many changes since the days of UNIVAC main-
frames. In the early 1980s, the desktop computer as a viable business tool was relatively
new. In fact, typical corporate discussions at the time centered around issues such as
whether to purchase a desktop computer with a 10-MB hard drive at an additional cost of
$1,700 because “users will just never need that much space.”
Since that time, the desktop computer as a productivity tool has become a necessity in
most organizations as well as in schools and at home. The need to provide processing
power at the user’s fingertips is a foregone conclusion. As a result, desktop computing
has grown into a major industry and, consequently, a potentially huge administration
headache. Desktop computer users can be territorial about their systems and the appli-
cations used. It’s not unheard of to have an Information Technology (IT) group that sup-
ports a user running three different word-processing programs in several versions
 Chapter 1 Introducing Microsoft System Center Configuration Manager 2007 5

because that user is unwilling to risk converting the documents to a single word-processing
version. On the other end of the spectrum, more businesses are taking advantage of tools
like Configuration Manager, Microsoft Update, and Active Directory Group Policies to pro-
vide their users with a desktop that can not only be centrally maintained but also can’t be
modified at all by the user. Many businesses are now extending these tools and using
other tools such as Systems Center Operations Manager (formerly Microsoft Operations
Manager, or MOM) to support their server platforms as well. Both of these scenarios
exemplify the fact that supporting multiple computers installed with a variety of program
and server applications can be a challenge for even the best-equipped and best-funded IT
support groups.
In addition to application support, IT groups often provide hardware support for their
organization’s users. This too can be a daunting prospect when the install base of com-
puters is in the thousands or tens of thousands, deployed within different departmental,
geographic, or international locations. It’s not always practical—or even possible—to phys-
ically access every computer in an organization.
Many IT managers have acknowledged the need to provide standards for desktop com-
puting and have begun to look for and to implement some kind of centralized desktop
management system. IT support groups need to be able to respond actively and proac-
tively to implement and update software on client systems and to respond to their users’
requests for assistance as quickly, effectively, and consistently as possible. IT support
groups should be able to perform as much user desktop management as possible while
sitting at their own desktop computers. The key to effective remote desktop management
is to provide a reliable set of remote management tools that enable an IT support group
to be as effective as if they had actually laid hands on the user’s desktop.
Configuration Manager is a powerful management product that offers a newly enriched
set of desktop management features, with the capability of leveraging Active Directory.
Configuration Manager, together with the other client management solutions that
Microsoft offers, provides IT managers with perhaps their most effective set of centralized
management tools to date. With Configuration Manager, you’ll be able to remotely diag-
nose and troubleshoot desktop systems, install applications, and manage software.
In this major new release, the Configuration Manager product team has invested in four
key development areas—security, simplicity, manageability, and operating system
deployment—resulting in an end-to-end computer management solution.
6 Part I Planning, Deploying, and Configuring

What’s Changed Since System Management

Server 2003?
Configuration Manager offers new features, integration of external functionality,
enhancements to existing features and functions, and improved security.

New Features
To support its commitment to enhancing computer manageability and security, the Con-
figuration Management product team made a significant investment in developing and
testing features that SMS customers had been asking for, and that they felt strongly would
lead to a reduced total cost of ownership for many companies. These are alluded to earlier
in this chapter. Configuration Manager has added the following new features:
■ Desired configuration management The ability to define granular computer con-
figurations within your organization and compare and report compliance or non-
compliance among your managed computers
■ Network Access Protection (NAP) for Configuration Manager The ability to lever-
age Windows Server NAP to identify and remediate managed clients using Configu-
ration Management features such as software updates
■ Wake On LAN (WOL) support The ability to send a wake-up request to a Config-
uration Manager client that is in a sleep state to allow the running of a mandatory
software update, software distribution advertisement, or task sequence
■ Internet-based computer management The ability to manage Configuration
Manager 2007 clients when they are not connected to your company network but
have a standard Internet connection

Integrated Features
Throughout the lifetime of SMS 2003, several feature packs and external wizards were
developed and released. Recognizing the benefit to incorporating the most valuable of
these into the product directly, the Configuration Manager product team invested in not
only incorporating these into the core product, but also enhancing their functionality.
The following external features have been integrated into Configuration Manager:
■ Operating system deployment The ability to create and manage images that can be
deployed to computers managed by Configuration Manager 2007, and to unmanaged
computers using bootable media such as CD set or DVD. The image, in a WIM format
file, contains the desired version of a Microsoft Windows operating system and can
also include any line-of-business applications that need to be installed on the
 Chapter 1 Introducing Microsoft System Center Configuration Manager 2007 7

computer. Also provides the ability to create and distribute task sequences—a series of
one or more task steps that can be advertised to a Configuration Manager client—to
customize image deployment and software distribution tasks.
■ Mobile device management The ability to manage Windows Mobile and Win-
dows CE mobile devices similar to the way that Configuration Manager 2007 man-
ages desktop computers, including hardware and software inventory, software
distribution and updates, file collection, and Windows Mobile Settings.
■ Transfer Site Settings Wizard A wizard that facilitates the transfer of Configura-
tion Manager site settings such as client agent properties, discovery configuration,
package properties, and collection properties between Configuration Manager sites.
■ Manage Site Accounts tool A command-line interface that helps you update, cre-
ate, verify, delete, and list user-defined Windows accounts for your Configuration
Manager 2007 sites. It is called MSAC.exe and is located in <ConfigurationManager
InstallDirectory>\AdminUI\bin.

Enhanced Features
The following features, for a long time the mainstay of the core product, have undergone
varying degrees of “plastic surgery.” Wizards have been tightened up or eliminated in
favor of simplified property pages, the “duh!” factor has been eliminated, or the feature
simply has been brought into alignment with other server technologies. These features
have all been enhanced:
■ Configuration Manager console As mentioned earlier in this chapter, the console
has been reconfigured to group management tasks more intuitively, and facilitate
finding tasks and features. It also displays information in three viewing areas: the
console tree, for navigation; the results pane, for showing objects, charts, statistics,
and other data related to the node you’ve selected in the console tree; and the
actions pane, from which you can select actions related to the node you selected.
■ Collections The most notable change to collections is the addition of mainte-
nance windows. A maintenance window lets you define a period of time within
which changes can be made on the computers that are members of that collection.
■ Software updates Greatly enhanced from SMS 2003, software updates integrates
closely with Windows Server Update Services (WSUS) 3.0, synchronizing with the
WSUS database to retrieve the latest software updates from Microsoft Update, as
well as custom published software updates. The Software Updates Client Agent is
enabled by default, and updates are delivered to Configuration Manager clients by
means of a deployment package rather than a software updates advertisement.
8 Part I Planning, Deploying, and Configuring

■ Remote tools Remote tools has been rehabbed to more effectively integrate with
Remote Desktop and Remote Assistance. It includes a new remote tools agent,
which uses the Microsoft RDP protocol supported on client computers running
Windows XP and Windows 2003 Server and later. Windows 2000 clients use a
modified version of the SMS 2003 Remote Tools agent. The Remote Reboot, Chat,
File Transfer, Remote Execute, Ping, and Windows 98 Diagnostics utilities are no
longer available in remote tools.
■ Backup and recovery Configuration Manager leverages the Volume Shadow
Copy Service (VSS) available with Windows XP and Windows Server 2003 and
later operating systems, providing the means to capture a stable backup image of
your Configuration Manager site server, and store that image on the desired
backup media.

Security and Site Modes

Configuration Manager has undergone significant enhancements in security as part of
Microsoft’s commitment to providing secure management environments. Configuration
Manager security is discussed in detail in Chapter 20, “SCCM 2007 Security.” As mentioned
earlier, Configuration Manager gives you the ability to leverage the local system account
and computer accounts to run services, connect between systems, and perform client-
based functions, as well as the ability to leverage an existing Public Key Infrastructure (PKI)
implementation to more fully secure site-to-site and site-to-client communications.
In addition, Configuration Manager now supports only one security mode, which func-
tions the same as the SMS 2003 advanced security mode. Unlike SMS 2003, all site serv-
ers and site systems must belong to an Active Directory domain, and primary sites only
support Windows Authentication for the Microsoft SQL Server site database. Configura-
tion Manager offers two site modes: mixed and native. Mixed is intended for backward
compatibility with Configuration Manager hierarchies that still support SMS 2003 sites
or do not have PKI implemented. However, native mode is considered the more secure
site mode and requires an existing PKI infrastructure.
And, of course, Configuration Manager has enhanced security in existing functions, and
through new features, most notably with Network Access Protection.

Features and Functions of Configuration Manager

Configuration Manager offers centralized computer management in five primary areas:
■ Inventory and resource management
■ Diagnosis and troubleshooting
 Chapter 1 Introducing Microsoft System Center Configuration Manager 2007 9

■ Computer configuration management

■ Site management
■ Security

Inventory and Resource Management

Like its predecessor, Configuration Manager can collect and display resources deployed
within your network. These resources include, of course, the workstations and servers
that have been installed. You have the ability to discover and view your Windows domain
users and groups, as well as any IP-addressable component connected to your local area
network (LAN) or wide area network (WAN). Configuration Manager offers several con-
figurable discovery methods, including four kinds of Active Directory discovery: Active
Directory System Discovery, Active Directory User Discovery, Active Directory System
Group Discovery, and Active Directory Security Group Discovery. Although not all dis-
covered resources might be manageable, the administrator can display and view some
basic properties. For example, a computer’s discovery data includes its IP address, net-
work card address (the Media Access Control [MAC] address), its computer name, and
the domain of which it’s a member. The process of discovering resources is discussed at
length in Chapter 7, “Discovering Resources.”

Note The process of discovering a resource such as a computer doesn’t auto-

matically mean that Configuration Manager is installed on that computer. Nor
does it mean that inventory is collected. Rather, it means that the “fact” of the
resource being there is recorded along with some basic properties of that
resource.

In addition to discovery data, Configuration Manager can collect hardware and software
data from a Configuration Manager client. Two of the five client agents that can be
installed on a Configuration Manager client computer are the Hardware Inventory Client
Agent and the Software Inventory Client Agent. The Configuration Manager administra-
tor enables and configures both and then installs them on a Configuration Manager cli-
ent. Collected inventory is stored, viewed, and maintained in the Configuration Manager
site database. This database is created and maintained on an SQL server. The Configura-
tion Manager Administrator Console acts as a front end to this database and provides the
Configuration Manager administrator with the tools to manage that data. For example,
you view a Configuration Manager client’s inventory through the Configuration Manager
Administrator Console by selecting that client in an appropriate collection and executing
a tool called the Resource Explorer. Configuration Manager also provides a number of
pre-defined reports that can be viewed through the Configuration Manager console as
well as through a Web report console.
10 Part I Planning, Deploying, and Configuring

When troubleshooting needs to be performed, it’s not always possible, or even appropri-
ate, that users have full knowledge of their hardware or software configuration. Having a
Configuration Manager client’s inventory readily available and up to date, however, pro-
vides an administrator with the computer configuration data needed to assist a user with
a problem.
The Hardware Inventory Client Agent executes according to an administrator-defined fre-
quency and collects system configuration such as hard drive space, processor type, RAM
size, CD type, monitor type, and so on. In addition, you can configure the Hardware
Inventory Client Agent to collect more granular information from Configuration Manager
clients using the two template files included—SMS_DEF.MOF and Configuration.MOF—
such as the installation date of the system’s basic input/output system (BIOS), asset and
serial number information, program group names, and printers installed. It does so by
using the WMI service. WMI is Microsoft’s implementation of Web-Based Enterprise
Management (WBEM). (You can review the basics of WMI in Appendix C, “Understand-
ing WBEM and WMI.”) Briefly, WMI allows for more detailed system configuration data
to be reported and stored on the workstation for use by management applications such
as Configuration Manager. Once the Hardware Inventory Client Agent on a Configura-
tion Manager client has collected the full inventory, only changes to the inventory on the
client are reported in subsequent inventories. The hardware inventory process and con-
figuration are discussed thoroughly in Chapter 10, “Collecting Inventory.”
The Software Inventory Client Agent also executes according to an administrator-defined
interval and essentially audits the Configuration Manager client for applications installed
on its local hard drives. The Configuration Manager administrator can configure the Soft-
ware Inventory Client Agent to audit other file types and report on specific files, as well
as to collect copies of specific files. As with the Hardware Inventory Client Agent, the first
time the Software Inventory Client Agent runs, a complete software audit or file collec-
tion takes place and the full inventory is gathered and reported. At each successive inven-
tory interval, only changes to the audited files are reported. The software inventory
collection and configuration process is discussed more completely in Chapter 10.
In 2006, Microsoft invested in a software product that can consolidate the software inven-
tory collected by Configuration Manager and present this information in a more useable
manner. This product, called Asset Intelligence, is included with Configuration Manager.
When installed, it provides you with a set of reports that compares the software inventory
against a master list of applications. Through a series of customizable reports, you can
view the software installed on your managed clients by their “friendly” names, by class,
and by suite. You learn more about this terrific feature in Chapter 10.
 Chapter 1 Introducing Microsoft System Center Configuration Manager 2007 11

Diagnosis and Troubleshooting

Provided with Configuration Manager are several tools that can help the Configuration
Manager administrator diagnose problems in the Configuration Manager site, problems
with communications within and among sites, and problems with Configuration Man-
ager client computers and troubleshoot those problems with little direct physical inter-
vention. One of these tools is System Monitor.

System Monitor
When Configuration Manager is installed on a site server, it also adds several new objects
that contain counters to the Windows 2000 Server and Windows Server 2003 Perfor-
mance Monitor utility. These objects and their corresponding counters, along with the
traditional Windows 2000 Server and Server 2003 objects and counters (Processor, Pro-
cess, Memory, Logical Disk, Physical Disk, and so on) can assist the Configuration Man-
ager administrator in performance-testing site systems and determining optimization
alternatives. See Chapter 6, “Analysis and Troubleshooting Tools,” for more information
about working with Performance Monitor.

Remote Tools
Remote Tools has been perhaps the most appreciated feature of any Configuration Manager
version. This utility enables the Configuration Manager administrator to gain keyboard and
mouse control of a Configuration Manager client from the administrator’s workstation.
Through a video transfer screen, the administrator can “see” the user’s desktop and diag-
nose and troubleshoot problems without having physical access to the remote client. As
with the Hardware Inventory Client Agent and Software Inventory Client Agent, the
amount of remote access that can be initiated is configured by the Configuration Manager
administrator and rendered on the client by a Remote Tools Client Agent.
Remote Tools also includes remote diagnostic utilities specific to Windows NT 4.0 and
later computers and other Windows operating systems that provide real-time access to
system attributes such as interrupt usage, memory usage, services running, and device
settings. You can also configure Remote Tools to manage the remote connection features
of Windows XP Professional and later operating systems. This feature is discussed more
thoroughly in Chapter 17, “Managing Clients Remotely.”

Logs and Status Messages

All Configuration Manager services and processes create and update a wide variety of log
files and generate detailed event status messages. These files and messages provide the
Configuration Manager administrator with an extensive source of diagnostic data that’s
critical to the successful maintenance of the Configuration Manager site and also provide
an ideal means to learn about the inner workings of Configuration Manager. Server-based
12 Part I Planning, Deploying, and Configuring

log files aren’t enabled by default to conserve server resources, but the Configuration
Manager administrator can enable and configure them. Client-based log files are enabled
by default and can be disabled through the client registry. You can view log files with any
text editor.

Reports
Configuration Manager offers you the ability to create and manage meaningful reports
directly through the Configuration Manager console. Features such as Asset Intelligence
add to the robust set of reports available to the administrator. You learn more about
reports and how to use them, including a feature called dashboards, in Chapter 19,
“Extracting Information Using Queries and Reports.”

Computer Configuration Management

One important way of reducing the total cost of owning and maintaining client comput-
ers is to minimize the amount of time an administrator needs to physically spend at a
computer. When part of the administrator’s job involves installing and upgrading soft-
ware at a computer, applying software and security updates, installing or upgrading an
operating system, or determining whether a computer is in compliance with company
standards, the amount of time spent at each computer can be significant. Configuration
Manager greatly enhances your ability to manage desktops remotely and reduce the total
cost of computer ownership.
Through its package distribution feature, you can run programs on client computers to
install and upgrade software, update files, execute tasks such as disk optimization rou-
tines, and modify configuration settings such as registry entries or INI files. Package dis-
tribution is discussed in detail in Part II, “Managing Clients.”
The software updates feature integrates Windows Server Updates Services into the Con-
figuration Manager infrastructure, allowing you a more seamless and efficient way to
apply software and security updates in a timely fashion throughout your organization.
Software updates are covered in detail in Chapter 13, “Deploying Software Updates.”
Desired configuration management allows you to assess the compliance of computers
with regard to a number of configurations, such as whether the correct Microsoft Win-
dows operating system versions are installed and configured appropriately, whether all
required applications are installed and configured correctly, whether optional applica-
tions are configured appropriately, and whether prohibited applications are installed.
Additionally, you can check for compliance with software updates and security settings.
A more detailed discussion of desired configuration management is provided in Chapter
14, “Implementing Desired Configuration Management.”
 Chapter 1 Introducing Microsoft System Center Configuration Manager 2007 13

Operating system deployment integrates the SMS 2003 Operating System Deployment
Feature Pack into the product and provides you with a tool for creating operating system
images for Windows operating systems such as Windows Vista that can be deployed to
computers managed by Configuration Manager, and to unmanaged computers using boot-
able media such as CD set or DVD. This feature also provides a robust task-sequencing
functionality that gives you more granular control over operating system deployment as
well as other Configuration Manager tasks. You can read more about operating system
deployment in Chapter 12, “Deploying Operating Systems.”

Security
Configuration Manager gives you the ability to leverage the local system account and
computer accounts to run services, connect between systems, and perform client-based
functions. In addition, it offers the ability to leverage an existing PKI implementation
to more fully secure site-to-client communications. A more detailed discussion of
Configuration Manager security is provided in Chapter 20.
Configuration Manager also integrates Windows Network Access Protection services by
using Configuration Manager to help bring computers determined to be outside defined
security compliance parameters back into compliance. A more detailed discussion of the
Network Access Protection feature is provided in Chapter 15, “Implementing Network
Access Protection.”

Key Elements of Configuration Manager

This section introduces and describes some of the key elements of Configuration Man-
ager. These elements are referred to throughout the book and this introduction helps to
set the context for later discussions.
At the highest level, you’ll see the terms process and component frequently. The term
process refers to a program that performs a specific Configuration Manager task. The term
component refers to a computer running Configuration Manager software, in particular,
server computers.

Configuration Manager Client

A Configuration Manager client is any computer that Configuration Manager manages. A
Configuration Manager client can be a user’s desktop or portable computer, workstation,
mobile device, or a network server, including a Configuration Manager site server or site
system. A Configuration Manager client can also be a computer running x86, x64, or
IA64 processor platforms. Unlike SMS 2003, Configuration Manager offers only one cli-
ent type. This client type is similar to the Advanced Client used by SMS 2003 and lever-
14 Part I Planning, Deploying, and Configuring

ages Active Directory. Configuration Manager clients communicate with the site through
the use of policies passed through management points and other Configuration Manager
site systems. The following operating system platforms are supported by Configuration
Manager clients:
■ Windows 2000 Professional, Service Pack 4
■ Windows XP Professional, Service Pack 2
■ Windows Professional for 64-bit Systems
■ Windows Vista, all editions
■ Windows 2000 Server, Advanced Server, and Datacenter editions, Service Pack 4
■ Windows Server 2003, all editions, Service Pack 1
■ Windows Server 2003 R2 Standard and Enterprise editions
■ Windows Server 2008

Configuration Manager Site

A Configuration Manager site defines the computers, users, groups, and other resources
that Configuration Manager manages. Configuration Manager sites are defined by site
boundaries. Site boundaries are defined by IP subnets, Active Directory sites IPv6 Prefix,
or IP ranges. This means that you have a lot of flexibility as far as defining which
resources you want to manage and allows Configuration Manager to scale more effi-
ciently to your enterprise network. A Configuration Manager site consists of a Configura-
tion Manager site server, Configuration Manager site systems, and Configuration
Manager clients and resources. For those SMS 2003 administrators out there, the Config-
uration Manager boundaries act like SMS 2003 roaming boundaries. There is no longer
a separate site boundary setting.

Configuration Manager Site Server

The Configuration Manager site server is the Windows server on which Configuration Man-
ager is installed and that manages the Configuration Manager site and all its component
attributes and services. The Configuration Manager site server is the primary point of
access between you and the Configuration Manager database. The site server can be either
a primary or secondary site server (the distinctions are discussed later) and must be
installed on a server running Windows Server 2003 (SP1 or later). If the Configuration
Manager site server is a primary site, it also needs access to an SQL server running
Microsoft SQL Server 2005, Service Pack 2. You can install a Configuration Manager site
server on either a domain controller or a member server in a domain, but not on a stand-
alone server.
 Chapter 1 Introducing Microsoft System Center Configuration Manager 2007 15

Specific installation requirements for site servers are discussed in Chapter 2, “Planning
for and Deploying Configuration Manager Sites.”

Configuration Manager Site System

A Configuration Manager site system is a Windows server that performs one or more Con-
figuration Manager roles for a Configuration Manager site. There are nine Configuration
Manager site system roles:
■ Management point
■ Server locator point
■ Distribution point
■ Reporting point
■ State migration point
■ System Health Validator point
■ PXE Server point
■ Fallback status point
■ Software update point
The first four look familiar to an SMS 2003 administrator as these “points” were around
for SMS 2003. For the most part, they function the same as well. You’ll also notice three
new site system roles. Chapter 3, “Configuring Site Server Properties and Deploying Site
Systems,” covers all these roles in detail and also discusses additional server require-
ments necessary to support some new features and functionality of Configuration Man-
ager. As with SMS 2003, you identify which servers should be Configuration Manager site
systems within the Configuration Manager site, and assign various Configuration Man-
ager roles or combinations of roles to those servers.

Note Configuration Manager no longer supports the Client Access Point role.
This site system role existed to support the Legacy Client—computers running
operating system platforms previously supported by SMS 2.0. Configuration
Manager no longer supports Legacy Client computers.

Configuration Manager Console

A Configuration Manager administrator is the individual trusted with the implementa-
tion, maintenance, and support of a Configuration Manager site or specific objects in
the Configuration Manager database. A Configuration Manager console, as shown in
Figure 1-1, is the primary tool that a Configuration Manager administrator uses to
Another Random Scribd Document
with Unrelated Content
“It’s feminine curiosity, I suppose,” she said, smiling.

“Well, then, I assure you it was only an absurd notion that

somehow took possession of me.”

“An absurd notion,” she echoed absently. “Why, of course it

is! How could I have known your brother when I have been
so little in England?”

“You might have met him in society.”

“No; believe me, to my knowledge I have never seen him.

If I had, what difference could it make?”

“If you entertained any affection for him—”

“What nonsense you are talking to-day, Hugh,” she

interrupted, with a little derisive laugh. “I really believe you
are jealous.”

“Perhaps I am,” he admitted; “but, you see, I love so well

that any such shortcoming you really must excuse.”

He laughed inwardly at the glibness of his invention.

But her manner had suddenly changed.

“You will love me always, will you not, Hugh?” she

whispered earnestly.

“Yes, dearest; of course I shall,” he replied tenderly. “I have

spoken unkindly—forgive me.”

Bravely smothering a storm of rising sobs, she held him

with both her small hands until she had sufficiently
controlled herself to speak.
“I thought a few moments ago that—that you no longer
cared for me,” she said, with an effort, watching the effect
of her words with wide-open, earnest eyes.

“No, Valérie, you were mistaken,” he replied in a low,

intense tone. “I love you, and nothing shall ever part us.”

They had risen, and were standing together before the

fireplace.

For a moment she stared vacantly before her. Then she

threw herself into his arms, and, clinging to him
convulsively, hid her face upon his shoulder.

“I love you, Hugh; I love you more than I have loved any
man,” she murmured.

He strained her to his heart—a heart remorseful, even

miserable and unhappy. Not even her declaration of love
brought him a ray of consolation, for the gnawing
consciousness of some deep mystery connected with her
past, and the danger of their love for one another, had
crushed all happiness from his soul.

And although he was feigning love and endeavouring to

console her, yet there was no help for it—they were
inseparable, their beings were knit together, their hearts
were one.

She possessed the fatal power of fascination. He was under

her spell.

With an effort to shake off the gloom that was possessing

him, he spoke to her words of comfort.

She tried to reply, but a great sob choked her utterance.

Presently she released herself gently but firmly, saying—

“You must go, Hugh; you have been here too long, and I
am not well to-day. I want to be alone.”

“Yes, you are right,” replied he woefully. “I ought not to

have caused you this pain. I am to blame.”

Yet something of hope returned to him as he spoke, for she

clasped her arms around his neck, and, clinging to him
closely, fixed upon him a look of moving appeal.

Slowly she drew down his head towards her face, and then
gave him a warm, passionate kiss.

“Good-bye, Hugh,” she said in a broken pleading voice.

“Remember you have one who loves you more dearly than
life.”

“I’ve been a fool. Forgive me for speaking as I did,” he

entreated.

“Yes,” she replied, with a sigh; “if we love one another, why
should there be any mistrust between us?”

Why? Had he not cause for apprehension? he asked himself.

But her arms were about his neck, her head pillowed upon
his shoulder. The sweet perfume of violets intoxicated him.
In a moment he became convinced that she was terribly in
earnest, and was confident of her intense affection.

“I have no mistrust whatever, darling,” he said reassuringly,

stroking her hair with infinite tenderness.

“I—I am satisfied,” she murmured. “But tell me, Hugh, once

more, that I shall be your wife.”
“Yes, indeed you shall, dearest; I care for no one else but
you,” said he, with a grave look.

Her labouring heart throbbed against his as their lips met in

a long last caress. His anguished soul invoked the blessing
on her that his quivering lips refused to utter, and he tore
himself away.

He took one look back, and saw her totter a few steps after
him with arms outstretched, then stop.

Gazing upon her with a loving glance, he waved his hand,

and passed out.

When he had gone she stood motionless and silent for a few
moments, looking wildly around, but mute under the leaden
weight of her thoughts. Then she walked with slow, uneven
steps to the ottoman by the fire, and sank upon it.

The fierce strain had been removed from her nerves, and
her happiness found vent in hysterical sobs.

“I hate myself. It’s horrible, and yet I am powerless,” she

cried passionately.

Then she lapsed into a silence broken only by long, deep

sighs.
 Chapter Eleven.
The Fourth Passenger.

“I think the trick is almost accomplished.”

“So do I.”

“Is everything ready?”

“Yes; but remember, we must keep very cool. A false step

means ruin.”

The man addressed laid his finger significantly upon his lips
and replied—

“Of course. I quite understand.”

This whispered conversation took place in the upper room

at Bateman’s Buildings, on the same evening that Hugh had
visited Valérie, and the two men who stood aside talking in
almost inaudible tones were Victor Bérard and the Rev.
Hubert Holt. In every particular they were dissimilar. The
former was well-dressed and wore several flash-looking
rings, while the latter was in clerical attire of the most
unassuming and orthodox cut. Both appeared earnest and
anxious, glancing uneasily toward Pierre Rouillier and a
companion, who were sitting at the table facing each other.

“Come,” exclaimed Pierre, addressing the other in French,

“fill your glass. Good stuff like this never hurts one.”

His compatriot, who was evidently more than half

intoxicated, raised his head, and stammered—
“You’re—you’re right, mon ami. Such cognac warms the
blood this weather. Let’s have another glass before we go.”

He, like the others, was dressed in well-cut clothes, but it

was curious that when the dim lamplight fell upon his face it
disclosed features strangely resembling those of the man
with whom he was drinking.

Adolphe Chavoix was about twenty-eight years of age, tall

and dark, with closely-cropped jet black hair, and a sallow,
rather sullen-looking face. The brandy had given an
unnatural fire to his eyes, his cheeks were flushed, and as
he grasped his glass his lean bony hand had the appearance
of the talons of a bird of prey.

Bérard and his clerical companion continued their

conversation in an undertone.

The Rev. Hubert Holt, upon whom the international gang of

adventurers had long ago bestowed the sobriquet of “The
Sky Pilot,” certainly did not, amid such surroundings,
present the appearance of a spiritual guide. True, he was
the shining light of the church of St. Barnabas, Camberwell,
where he held the office of curate, but as a clerical luminary
he was by no means of the chalk-and-water type. On the
contrary, he could wink wickedly at a pretty girl, drink a
glass of “fizz,” or handle a billiard cue in a style only
acquired by long practice. Nevertheless, he was considered
thoroughly devout by his aged and antiquated vicar, and not
having joined the ranks of Benedicts, was consequently the
principal attraction at mothers’ meetings and other similar
gatherings of the more enlightened parishioners of the
mean and squalid parish of St. Barnabas. They, however,
were in blissful ignorance of the character of his associates,
otherwise it is more than probable that the pulpit and altar
of the transpontine church would have been at once
occupied by mother fledgling pastor.

“Suppose the whole business came to light? How should I

fare?” asked the sable-coated ecclesiastic thoughtfully, after
they had been in conversation some minutes.

“Bah! Vous-vous moquez des gens! Besides, you are always

safe, surrounded as you are by a cloak of honesty. I tell
you, the game can never be detected.”

“Don’t be too confident; it’s a bad habit. Hugh Trethowen

may suspect. Il est dégourdi, and if he should discover
anything, depend upon it we should have the utmost
difficulty in clearing ourselves. Somehow, I don’t like the
fellow; he knows too much.”

“What nonsense you talk,” replied the Frenchman

impatiently. “He can never know the truth. He loves Valérie,
and you ought to know her well enough to recognise her
consummate tact and ingenuity.”

“Exactly. But why are you so positive that strict secrecy will
be observed?”

“Because—because the only person who knew the secret

has been silenced.”

“Who?” demanded Holt in a hoarse whisper.

“Egerton.”

The curate thrust his hands into his pockets, and gazed
upon the floor a few moments.

“Well, I tell you candidly I don’t half like it,” he remarked

apprehensively.
“Content yourself; neither of us are such imbeciles as to run
any risks. Have you not already assisted us and shared our
profits?”

Holt bit his lip. It was an allusion to unpleasant

reminiscences.

“That is so,” he admitted, twirling the small gold cross

suspended from his watch-chain. “And what is the extent of
my remuneration this time?”

“One hundred pounds.”

“The job is worth double.”

“You’ll not have a sou more, so think yourself lucky to get

what I offer.”

“If I refuse?”

“You dare not,” interrupted Victor in a changed tone. “Think

of what your future would be if Valérie uttered one word.”

“Yes—yes,” Holt replied, with a fierce frown. “I know I’ve

linked myself with you. I’m your cat’s-paw, however
detestable your shady transactions are.”

“You always receive money for your services.”

“Yes,” he muttered between his teeth. “Gold with a curse

upon it.”

Bérard shrugged his shoulders unconcernedly and said—

“I suppose we shall each owe an ornamental wax taper to

St. Jean le Baptiste for to-night’s manoeuvre.” Turning away
he went to a drawer, from which he took a card-case and
some letters, placing them in his pocket.
“Now, Sky Pilot,” he continued resolutely, as he walked up
to where Holt stood, “are you ready?” The curate held his
breath.

“Very well,” he replied, after a brief pause, “I suppose I

must do the bidding of my masters.”

“It would be best—that is, if you respect your position as a

holy man,” the Frenchman replied, with a mocking laugh.

“Come, gentlemen,” he exclaimed aloud, turning to the pair

seated at the table. “It’s time we started, or we shall not
keep our appointment.”

“There is no immediate hurry, is there?” asked Chavoix in a

husky voice.

“Yes,” Bérard replied, “we must be at West Brompton at

eight.”

“In that case I’m ready,” said he, rising, at the same time
casting a longing look at the unfinished bottle of cognac
before him. With unsteady gait he stumbled across the
room, and, with the assistance of Pierre, arrayed himself in
his overcoat and hat—not, however, without some difficulty
and much good-humoured banter.

The other men sought their outdoor garments, and

descended the stairs together, Bérard remaining behind a
moment to blow out the lamp and lock the door.

A few minutes later they were strolling across Soho Square,

which, at that hour, was dismal and deserted. A four-
wheeled cab stood on the opposite side of the square, and
they hailed it. When they had entered the conveyance, Holt
gave the coachman orders to drive to the underground
station at Charing Cross with all possible speed.
While passing along the more unfrequented thoroughfares
the interior of the vehicle was dark, and of this Pierre and
Victor took advantage. As for Chavoix, he had arrived at the
drowsy state of intoxication, and quickly sank into a corner,
where the rocking of the rickety old vehicle soon lulled him
into a heavy slumber.

Pierre, who was seated at his side, turned and grasped his
hand. First satisfying himself of the man’s unconsciousness,
he slowly, and with deliberate caution, unbuttoned his
overcoat. As he accomplished this without rousing him,
Bérard withdrew from his pocket a card-case, a folded
paper, and several other articles.

Not a word was uttered. With much dexterity Pierre also

unbuttoned the black frock-coat Chavoix wore, and, diving
his hand into the breast-pocket, abstracted an old morocco
letter-case, with some loose cards and about half a dozen
letters. Hastily glancing at these, he transferred them to his
own pocket, while, at the same time, Bérard bent over and
carefully substituted them for those he had just produced.

After feeling in both pockets of the sleeping man’s vest, as

if to reassure himself that nothing remained, Pierre
commenced to rebutton the overcoat. While so engaged
Chavoix stirred uneasily and uttered a grunt, but a moment
afterwards he subsided again into the dull, heavy slumber
of intoxication, thus allowing the expert pickpocket to
accomplish his task.

As the cab rumbled down Villiers Street, Bérard grasped

him roughly by the shoulder, exclaiming in French—

“Wake up, old fellow. Come; pull yourself together.”

Starting, rubbing his eyes, and with a muttered and husky,

“Pardon, messieurs,” he commenced a profuse apology for
sleeping in their company. This, however, was suddenly
interrupted by the vehicle coming to a standstill before the
station.

The four men alighted, and Holt, after a brief consultation

with Bérard, took first-class tickets for West Brompton.

Pierre’s arm afforded Chavoix a friendly aid as they

descended to the platform; for, although the latter was not
sufficiently inebriated to attract attention, yet his
equilibrium was slightly disarranged.

When the train drew up they entered an empty first-class

compartment, and continued their journey westward, a
decidedly jovial quartette.

On leaving the next station, Westminster, Pierre remarked

that he had developed a great thirst, and, curiously enough,
Holt immediately produced a nickel travelling flask filled
with brandy, which he held up triumphantly. Amid the
laughter which followed an assertion of Chavoix’s, to the
effect that priests always appreciated good liquor, Pierre
took the flask, and, unscrewing the top, placed the mouth
to his lips.

Then he handed it to Adolphe.

“I’m so thirsty that I feel as if I could drink all that’s in the

flask,” remarked the latter.

“You couldn’t do it in your present state,” argued Bérard

incredulously.

“It’s very strong,” commented Pierre. “I doubt whether you

could drain it at one draught. In fact, I’m open to bet you
half a sovereign that you won’t.”
“Bah! it’s just as easy as winking,” replied the intoxicated
man, regarding the flask with a complacent smile. “With
m’sieur’s permission I’ll drink his health.”

“By all means,” replied Holt, with a laugh. “I’m really afraid,
however, that we shall be compelled to see you home
afterwards.”

“Never fear; I’m safe enough in your hands,” he answered,

with a grin. “If there’s one thing I’m more fond of than
another, it’s good cognac. See!”

He lifted the flask to his lips, and drained it at one pull.

Scarcely had he done so when he uttered a loud cry of pain,

clutching convulsively at his throat.

“Diable! it’s—it’s stronger than I bargained for!” he gasped,

with an effort to laugh. “I feel as if everything—why, it’s all
going round. Mon dieu! You have—”

He struggled to his feet, but reeled back upon the cushions,

and in a few moments was unconscious.

By this time the train had left St. James’s Park, and was
travelling at a fair speed midway between that station and
Victoria.

When it arrived at the latter place three men only were in

the compartment, and they alighted. They did not speak,
but hurried along the platform as if unknown to one
another. Victor and the curate of St. Barnabas gained the
street. The former jumped into a hansom, gave the driver
an address, and drove rapidly away, while the latter man
walked swiftly across the station yard towards the terminus
of the Brighton and South Coast Railway.
Pierre Rouillier, however, acted in a manner that was even
more strange. Without emerging into the street, he passed
quickly along the subway leading to the Chatham and Dover
station. Gaining the platform, he glanced up at the great
clock. It was twenty-six minutes past eight. Without
hesitation he went to the cloakroom, and, producing a
ticket, was handed a large valise, a rug, and a thick long
ulster of dark tweed. Divesting himself of the light coat he
wore, he donned the garment, then, beckoning a porter to
carry his bag, went to the booking-office and purchased a
ticket for Brussels.

“Just in time for the Continental train, am I not?” he asked

of the man.

“Yes, sir; she leaves at eight-thirty, sharp. This way,

please.”

They hurried together to where the train stood, and the

man, after depositing the valise under the seat of an empty
first-class compartment, received his tip and withdrew.

Pierre then entered, but before he had time to arrange his

belongings and comfortably ensconce himself the guard
slammed the door, and the train glided away on its journey
to the sea.

Another had been added to the long list of London

mysteries.
 Chapter Twelve.
“A Crooked Bit of Business.”

Mr Bernard Graham was sitting in his gloomy office in

Devereux Court one afternoon a few days later.

His elbows rested upon his littered writing-table, his pince-

nez poised upon his thin nose, and he was absorbed in the
technicalities of a document when his lad entered with a
card.

“I’ll see him in one moment,” he exclaimed, glancing at the

card, and the youth withdrew.

Leaning back in his chair his face assumed a heavy,

thoughtful expression.

“It’s a crooked bit of business at best,” he said, aloud to

himself, “but the money is bequeathed in legal form, duly
signed and witnessed; therefore, as far as I can see,
nobody can prove to the contrary. I was rather
apprehensive of the results, but, there—I suppose it was
merely an absurd fancy.”

He touched the gong beside him, and almost immediately

Victor Bérard, his face wreathed in smiles and wearing a
gardenia in his coat, was ushered in.

“So the preliminaries have been carried out satisfactorily,”

exclaimed the solicitor, as he motioned his client to a seat
opposite him.

“Yes—so far,” he answered in excellent English.

“Ah! I read the account in the papers, and saw at once you
had had a hand in the matter.”

“Your shrewdness scarcely astonishes me, mon copain,”

replied Victor, with a laugh, “especially when you knew that
our exchequer was almost at vanishing point, and that we
had decided on repeating the little ruse that has proved so
remunerative formerly. We have worked à coup perdu, and,
of course, all in the interest of the grand scheme.”

“On this occasion there was no hitch, I suppose?”

“None. There is not even a shadow of suspicion,” he replied,

dropping into a whisper. “The body, when discovered upon
the rails half an hour after we had left the train, was
scarcely recognisable. The post-mortem revealed that the
dead man had been drinking heavily, and the intelligent jury
have this morning returned a verdict of accidental death.
Here’s the Globe—just out. Read for yourself.”

He spoke between the whiffs of a cigarette, which he held

daintily between his fingers.

“Most satisfactory. His death is believed to have been due to

a fall from the carriage. But the identification? You have not
told me,” asked Graham anxiously.

“He was identified by the papers upon him; therefore now

the verdict has been given, you will wait, say, a week, so as
not to appear in too great a hurry, then proceed to act as
before.”

The other nodded, and removed his eyeglasses. His face

preserved its keen craftiness.

“Nothing will transpire later? I mean nothing to our

detriment.”
“Nothing can. It is absolutely impossible for the truth to be
known unless you or I divulge it ourselves, and I think that
is not probable,” he replied, with a mysterious smile.

“Scarcely. It would be an ugly matter for both of us.”

The Frenchman affected not to hear the reply. He twirled his

carefully-waxed moustaches, and took a long, steady glance
at his well-dressed figure in the dingy mirror over the
mantelshelf.

“Well, Graham,” he said, “you know how to carry the

business through. Holt and myself are at your disposal any
time you require us, but don’t delay a day longer than
necessary, for I tell you candidly we must have the money.”

“I assure you, my dear Bérard, I shall get the matter

completed as soon as possible, for despatch will be the best
course for all parties concerned, eh? Besides, as a matter of
fact—”

The sentence was interrupted by the entry of the clerk with

a second card.

Mr Graham pushed the vestige of grey hair from his

forehead. He looked puzzled and perplexed when he read
the name of the person who desired an interview; but,
quickly regaining his habitual coolness, he intimated to the
lad that the request should be granted in a few minutes.

“Have you—er—anything more to say to me?” he asked,

turning to Bérard. “I can do nothing in the matter for at
least a week,” he continued, “but if Mr Holt and yourself will
attend here at noon the day after to-morrow we can
transact the necessary formalities, and take the first step
towards realising.”
“That will suit admirably,” Bérard replied, with satisfaction.
“I will not detain you longer, for I know you are busy;” and,
shaking hands with his legal adviser, he made his exit by
the door communicating direct with the passage.

“My most fervent hope is that our usual good luck will not
desert us,” the old solicitor reflected, when the Frenchman
had departed.

Having again touched the gong, the door opening into the
clerk’s office admitted another client—Hugh Trethowen.

“Well, Graham, how are you?” he exclaimed, gayly tossing

his hat and stick upon the table, and flinging himself into
the chair just vacated by Victor.

“Thanks, I’m very well, Mr Hugh. Full of business, you know

—full of business. Now, what is it you wish to consult me
upon?”

“A rather delicate matter.”

The old man’s face grew grave, and much of the hectic flush
vanished from his cheek. Readjusting the inevitable pince-
nez, he leaned back and looked sharply at his visitor.

“A delicate matter,” the solicitor repeated slowly. “Any

financial difficulty—eh?”

“No, not at all,” he laughed. “It’s with regard to a lady.”

“Ah,” ejaculated the solicitor, heaving an unmistakable sigh

of relief.

“What I want to know, Graham, is whether you, as my late

brother’s adviser, were aware that he was acquainted with a
French lady named Dedieu?”
So suddenly was the question put that it caused him to
start slightly. Although it was a poser, Bernard Graham was
not nonplussed.

“Dedieu?—Dedieu?” he repeated thoughtfully, at the same

time nervously twirling a quill between his fingers. “The
name is uncommon, and not at all familiar to me. I—I’m
sure I don’t remember ever hearing it before.”

“You don’t believe, then, that my brother ever knew such a

person?” asked Hugh.

“Well, really, how is it possible that I should know?” asked

Graham, with suavity. “It was scarcely likely he would make
me acquainted with matters of that description.”

Hugh plied him with several well-directed questions, but the

old man’s memory was peculiarly vacant at that moment.
He shook his head, reiterating his statement that his mind
was perfectly blank upon the subject, declaring emphatically
that he never heard of such a young person as
Mademoiselle Valérie, whoever she was.

Such an element of truth did this statement possess, and so

blandly was it delivered, that Hugh felt perfectly satisfied.
For some time past he had been very much perturbed by
the curious discovery of the photograph and letters, but his
misgivings were now set at rest by this reassurance.

“Well, if you really don’t know her, I need not take up any
more of your time,” he remarked, rising.

“I assure you, Mr Hugh, as the trusted adviser of your

family, it would give me the utmost pleasure to assist you if
I could, but her existence is quite unknown to me,”
protested the old man. “Was she a friend of yours, may I
ask?” he added, with a mischievous twinkle in his dim eye.
“Well, yes, Graham. I have the pleasure of the lady’s
acquaintance.”

“Ah, I thought so. Young men are not so eager about a

woman’s antecedents unless they love her.”

“Form your own conclusions, Graham. I’ve an appointment,

so good-day.”

Laughing gayly, he departed, the old man bowing him out

obsequiously.

After he had gone, the occupant of the dingy chamber stood

for a long time before the fire cleaning his pince-nez upon
his silk handkerchief, thinking over the errands of his two
clients—so strangely dissimilar, yet so closely allied.
 Chapter Thirteen.
Studio Secrets.

“If you please, sir, a lady wants to see you very

particularly.”

“A lady, Jacob,” exclaimed Hugh Trethowen, who was in the

lazy enjoyment of a cigar and a novel in his sitting-room, at
the close of a dull, wet January day. “Who is she?”

“I don’t know, sir. She wouldn’t give her card.”

“Young?”

“Yes, sir.”

“Pretty?”

“Well, I suppose I’m not much of a judge at my time of life,

Master Hugh,” protested the old servant.

“Get along with you,” laughed his master. “You can yet
distinguish a pretty girl from a fossilised hag, I’ll be bound.
Show her in, and let’s have a look at her.” Rising, he
glanced at himself in the mirror, settled his tie, and
smoothed his hair; for the appearance of a lady was an
unusual phenomenon at his rooms.

When the door opened he walked towards it to welcome his

visitor, but halted halfway in amazement.

“Why, Dolly, is it you?” he exclaimed, gripping her gloved

hand.
“Yes, Mr Trethowen; I—I don’t think I ought to have come
here—to your chambers,” she replied, glancing round the
room rather timidly; “but I wanted to tell you something.”

“Surely there’s no harm in interviewing the lion in his den,

is there?” he asked, laughing. “Come, let me help you off
with your cloak.”

At first she hesitated, declaring that she could only remain a

few minutes, but eventually he persuaded her to allow him
to remove the fur-lined garment—an Operation in which he
displayed a rather excessive amount of care.

Then he drew up a cosy armchair to the fire, and as she

seated herself in it she commenced a desultory
conversation, evidently loth to touch upon the matter of
importance that had brought her thither.

Men at Hugh Trethowen’s age are impressionable. They

love, hate, and forget all in one day. For a brief period one
fair daughter of Eve is thought enchanting and divine, but in
the majority of cases another, fairer still, whose charms are
increasingly bewitching, steps in and usurps her place, and
she, though tender and fair—she may go anywhere to hide
her emotion from an unsympathetic world, and heal her
broken heart.

If the truth were told, as she fixed her sweet, affectionate

eyes upon him, he was reflecting whether he really loved
her in preference to Valérie.

“Why do you desire so particularly to see me?” he asked,

blowing a cloud of smoke from his lips, and regarding her
with a happy and somewhat amused expression.

Blushing, and dropping her eyes to the floor, she began to

pick at her skirt.
“I hope you’ll not be angry with me, and also that you’ll
keep my visit a secret,” she said at last, with a little demure
droop in the corners of her mouth, and just a suspicion of
diablerie in her eye. “I want to tell you of some one with
whom you are acquainted.”

“Who?”

“Mademoiselle Dedieu.”

He smiled, contemplating the end of his cigar.

“Ah, I have heard all about your infatuation,” she continued

seriously; “but, I suppose I must not reproach you,
inasmuch as I have no right to do so,” and she sighed.

“You have always been one of my dearest friends, Dolly,” he

remarked warmly; “and I hope you will continue so, even
though I have promised to marry Valérie Dedieu.”

“You—you have promised to be her husband?” she gasped

in dismay.

“Yes. Why, surely you, too, are not going to defame her?”
he exclaimed in astonishment. “Come, tell me what you
know concerning her.”

“Personally, I know nothing,” she answered in an earnest

tone, “but as your friend—as one who has your interests at
heart, I would urge you to heed the warning you have
already received. Has not Mr Egerton told you that she is
not a fit woman to be your wife?”

“He certainly did say something once, in a vague sort of

way.”

“Why then do you not take his advice?”

“You do not know us, Dolly,” he replied, looking straight into
her eyes. “In matters of love we men usually follow our own
course, whether it leads us to happiness or to woe.”

“That is exactly why I came here to-day,” she said

anxiously. “I wanted to tell you what Mr Egerton says of
her.”

“What does he say?”

“Promise not to repeat anything I tell you.”

“Upon my honour, I will not,” he declared.

“A few days ago we were speaking of her, and he told me of

your admiration and love. He said that if you knew the truth
you would hate her like poison—that she had brought a
curse upon others, and she would bring unhappiness and
ruin upon you.”

Hugh gazed thoughtfully into the fire.

“And you have come to tell me that, little one?” he

remarked reflectively.

“Yes, I want to save you,” was the earnest, naïve reply.

“To save me,” he echoed, with a smile. “Why, any one would
think I was in danger of going by the express route across
Styx.”

“I mean,” she faltered, a trifle embarrassed,—“I mean that

Mr Egerton knows more of her past than you. I feel sure he
does, for she came to see him the other day, and they
talked very excitedly. I was not in the room, of course, but
—”
“Valérie at the studio! Why did she go?” he inquired,
astonished.

“I don’t know, but I heard her say she would pay him
another visit to-day and hear his answer, so I presume he
has to decide upon some matter upon which she is pressing
him.”

“To-day! She may be there now!” he cried, jumping to his

feet with sudden impulse.

“Yes, most probably. She came the other day about four
o’clock.”

“Then I will go and demand an explanation,” said he briefly,

and, opening the door, he shouted to Jacob to call a cab.

Rather unceremoniously he hurried on his fair companion’s

cloak, and, getting into his own overcoat, they both
descended to the street.

In a few minutes they were driving in the direction of

Fitzroy Square, leaving old Jacob standing on the kerb in
astonishment at his master’s sudden flight in company with
the strange lady.

The pretty model’s words had caused Hugh to become

thoughtful and morose. His face wore a dark, resolute
expression, and he scarcely uttered a word during the
journey.

Dolly Vivian regarded him as her friend. She had

accomplished her object and felt satisfied.

In Tottenham Court Road he stopped the cab, and she

alighted, so that they should not both arrive at Fitzroy
Square together.
A few minutes afterwards he got out and rang the bell.

Walking unceremoniously past Mrs O’Shea, the aged

housekeeper, he entered the studio unannounced.

Jack and Valérie were seated upon a low divan before the
fire. He was holding her slim hand in his, and was uttering
some low, passionate words. As the door opened their tête-
à-tête was abruptly terminated, for the artist jumped to his
feet, while she turned to face the intruder.

“I—I really must apologise for coming in without knocking,”

Hugh exclaimed roughly. “I didn’t know you were engaged,
old fellow,” he added sarcastically.

“You! Hugh!” she cried, with a blush suffusing her cheeks.

“What, Valérie!” said Trethowen, laughing dryly. “I really

didn’t recognise you in the shadow. I’m sorry if I interrupted
what must have been a pleasant conversation.”

“Not at all, old boy,” Egerton answered airily. “Mademoiselle

Valérie merely called to have a chat.”

Hugh’s brow darkened.

“I think, as my affianced wife, Valérie owes me a full

explanation of this mysterious visit,” he said angrily.

“There’s little to explain,” she replied. “I merely called to

consult Mr Egerton, who is an old friend, with regard to a
portrait I desire painted.”

He endeavoured to preserve a calm disinterested

demeanour, but the attempt was a sorry one. Prompted by
feelings of jealousy, he gave vent to his wrath.
“Your position when I entered was peculiarly affectionate,”
he said hotly.

He glanced at her, and caught the agitated expression of

her face as she stood erect before him. Her eyes had a
perplexed look, with just a suspicion of tears in their brown
depths.

“No affection exists between us, I assure you,” she declared

boldly. “If you doubt me, ask Mr Egerton. He and I are
merely friends.”

Turning to the artist, Hugh asked—

“What have you to say, Jack?”

“I decline to be cross-examined,” was the abrupt reply.

“Speak, and satisfy him!” urged Valérie imploringly. “Tell

him if there is any love between us.” She frowned, and,
unseen by Trethowen, darted a sharp, imperative glance at
him.

He fully comprehended her meaning. Raising his head, he

confronted his friend, saying—

“You need have no fear. Valérie and I have known one

another for years, but only as acquaintances.”

He uttered the words mechanically, in strained, harsh tones.

“I don’t believe it,” cried the other, his face crimson with
anger. “You are both playing me false, and I have detected
you.”

“You are mistaken,” Valérie said defiantly.

“No; I assert it as the truth. The whole affair is so
unsatisfactory that I will not believe it. Friends do not meet
clandestinely in this manner. You are lovers!”

“It’s a lie,” cried Valérie emphatically.

“I repeat what I’ve said.”

“Then, if you accuse me of duplicity, Mr Trethowen, I will bid

you adieu,” she exclaimed severely, at the same time
offering her hand.

He took it, and was mollified instantly.

Bending over it, he murmured—

“Farewell, mademoiselle, until—until you can prove that I

was mistaken. We shall not meet till then.” For a moment
she gazed steadily at the artist, but he did not stir. He stood
with his arms folded, his face impassive.

Slowly she turned, and with a stiff bow swept haughtily out
of the studio.

“Now,” commenced Hugh, when the door had closed, “what

explanation have you to give of this strange conduct, pray?”

“None.”

“That does not satisfy me.”

“My dear old fellow,” exclaimed Jack, stretching out his

hand, “you—you understand; I cannot—I’m unable to give
any.”

“Why?”

“Because it is impossible.”
“Do you love her?” asked Hugh fiercely.

“Love her!” the other echoed, with a short laugh. “I swear

to you, upon my oath, I hate her! Have I not already long
ago expressed my opinion?”

“Is that still unchanged?”

“Quite—intensified rather than moderated.”

“Well, perhaps I have been a trifle too hasty, Jack. It seems

that you know much of her past. Tell me, what was the
object of your interview?”

He was silent. Presently he said—

“Hugh, you are an old friend, and I wish I were at liberty to

tell you, but I regret I am not. Request no explanation, and
rest assured that Valérie and myself are not lovers, and,
further, that we never were.”

“Are you aware that Valérie and my late brother were

acquainted?” Trethowen asked suddenly.

“How did you discover that?” exclaimed the artist in

astonishment.

“Then you appear to know that she was a friend of his,”

remarked Hugh dryly.

“No; I—it’s the first I’ve heard of it. Who told you?”

“I want to know whether it’s a fact or not,” persisted his

friend.

“I don’t know,” he replied sullenly.

“You mean, you positively refuse to tell me?”

Welcome to our website – the perfect destination for book lovers and
knowledge seekers. We believe that every book holds a new world,
offering opportunities for learning, discovery, and personal growth.
That’s why we are dedicated to bringing you a diverse collection of
books, ranging from classic literature and specialized publications to
self-development guides and children's books.

More than just a book-buying platform, we strive to be a bridge

connecting you with timeless cultural and intellectual values. With an
elegant, user-friendly interface and a smart search system, you can
quickly find the books that best suit your interests. Additionally,
our special promotions and home delivery services help you save time
and fully enjoy the joy of reading.

Join us on a journey of knowledge exploration, passion nurturing, and

personal growth every day!

ebookbell.com