IN THIS CHAPTER
The Administrator console is a key element of any Configuration Manager (ConfigMgr) 2007 environment. The console is the interface administrators use to maintain the site and hierarchy as well as to perform daily tasks to manage and configure sites, the site database, clients, and monitor the status of the hierarchy.
This chapter describes how to deploy the console, console features, and how to use those features.
The ConfigMgr console has a new fresh look, with a different look and feel from the older Systems Management Server (SMS) 2003 console. This new look and feel is because the console is based on the new Microsoft Management Console 3.0 (MMC) framework.
Using the MMC, an administrator can load multiple tools, known as snap-ins. A snap-in is an application built to run within the MMC. Adding snap-ins themselves has much improved with MMC 3.0; instead of having to use a tedious procedure involving two dialog boxes to build a separate console, version 3.0 provides a single dialog box, thus making it much easier to create custom consoles. You can then make these consoles available to individuals when you want to delegate specific management tasks.
The capability to add these custom consoles is of particular interest to ConfigMgr administrators, because the ConfigMgr Administrator console itself is actually a snap-in hosted by the MMC. Using the MMC allows ConfigMgr admins to create consoles easily that allow users to see only a specific part of the ConfigMgr functionality. As an example, you may want to create a custom console for helpdesk users where they only have the ability to use the ConfigMgr Remote Tools feature.
When opening the ConfigMgr 2007 console, you will notice it contains the following three panes:
• Console tree— The console tree is on the left side of the console. It allows you to browse the multiple nodes to manage your site and clients.
• Result pane— The result pane is the middle section of the console. When you select a tree object, this pane displays the results.
• Actions pane— The Actions pane is the pane displayed at the right side of the console. This is the only pane that you can hide. The Actions pane contains options and tasks, which are available as well when you right-click an object in the console tree or the result pane.
Figure 10.1 shows the ConfigMgr console.
The ConfigMgr 2007 console includes search folders, a search bar, allows drag and drop, can replicate folders down the hierarchy, and incorporates home pages. The next sections discuss several of these features.
As described earlier, the MMC 3.0 framework introduces many new features and capabilities in the Configuration Manager console:
• Drag and drop— The ConfigMgr 2007 console allows you to drag and drop objects. As an example, you can drag a program and drop it onto a collection to create an advertisement. This saves much time and keystrokes, and can help you keep things organized.
• Home pages— When you select a main node such as Software Distribution or Desired Configuration Management, a home page will display in the result pane. These home pages give you a quick overview of the status of a certain feature when you select the root node of that feature. As an example, you can view the status of deployed packages or the percentage of compliant systems with Desired Configuration Management.
• Sort columns— This is not exactly a new feature because it was also an option with SMS 2003, although the SMS 2003 version did not work and was very buggy. This feature now functions with ConfigMgr 2007. You can also sort the columns to find information more quickly.
• Search bar— Sites can grow very fast with custom collections, packages, programs, and advertisements. Also, over 300 reports come with the ConfigMgr 2007 product. The search bar at the top of the results pane will help you to find all your objects in multiple columns.
• Search folders— Search folders comprise another new feature. Although search folders do not ship with the console, you can create your own search folder in most nodes. Search folders are not available in the Collection nodes and on several of the main nodes such as Software Distribution and Operating System Deployment. You can define a query criterion for each search folder, which filters the results that will display in the folder. Search folders provide a great way to arrange different objects, and they make things much easier for those individuals who want to organize their admin consoles.
Search folders work great for filtering and organizing the objects and information in the console. As an example, you can create a search folder for all your packages with a specific manufacturer. To create this search folder, perform the following steps:
In addition to organizing and filtering information in the console, you can combine search folders with an action (for example, with software updates).
You can create a search folder containing a criterion that filters required updates released in a previous month for client computers or servers. The use of search folders is part of the Software Updates workflow. This allows you to add the resulting updates from the search folder to an update list, to create reports to display compliancy, and eventually to create a deployment based on the software update list.
Perform the following steps to create a search folder to locate updates released on a specific date:
Another new feature in the ConfigMgr 2007 console is home pages. The goal of the home page is to deliver a complete status overview specific to the selected node. Home pages are available for the following nodes:
• Software Distribution— This home page shows the status of all package advertisements. For each advertisement, you can see how many have started, succeeded, failed, retried, or are waiting.
• Software Updates— Here you can see the status of required, deployed, and already installed updates. It also shows the update compliancy percentage of the site.
• Operating System Deployment— The Operating System Deployment home page also shows the status of advertisements, but only for those task sequences that are advertised.
• Asset Intelligence— This home page shows the inventoried software titles, categories, and software families.
• Desired Configuration Management— The compliancy of Desired Configuration Management items is shown in this home page.
• Network Access Protection— This home page also shows compliancy and remediation errors, and the total number of computers in remediation.
When you select any of these main nodes, the home page appears in the result pane.
As an example, the Software Distribution home page by default shows the status of the top-10 active advertisements in the last 7 days.
Home pages are divided in three sections.
• On each home page, the first section enables you to configure the filters for the results shown in the middle section.
Every home page has different types of filters you can apply. As an example, with the Desired Configuration Management home page, you can set filters such as time-frames and severities. The Software Updates home page provides you with filters such as Vendor and Update classifications as well as the ability to apply a filter for the month and year the update was released.
• When the filters are applied, the middle section displays the results, with the number and a chart for a quick status overview.
• The bottom of each home page has a Links and Resources section. This section contains shortcuts to other nodes such as Advertisements, enabling you to navigate quickly through the console. It also contains links to web reports and help resources.
To run web reports, you must configure a reporting point. This is discussed in Chapter 18, “Reporting.”
Figure 10.3 displays the home page of Software Updates.
The results in the home pages are automatically refreshed. This is also known as home page summarization. Except for the Asset Intelligence node, each node has a summarization interval. Table 10.1 shows the interval for each node.
If you prefer a tighter or specific interval, you can configure a custom schedule with the Schedule Home Page Summarization link provided in the Actions pane. To apply the new custom schedule, click Run Home Page Summarization, also provided in the Actions pane.
In addition to the new, improved look provided with MMC 3.0, Microsoft wanted to create a more user-friendly console with ConfigMgr 2007. The ConfigMgr team reorganized the console tree, which now consists of five main nodes, rather than the 12 nodes you had with the SMS 2003 console.
Here are the five main nodes:
• Site Management— The Site Management node shows the site hierarchy and the site components, such as boundaries, client agents, addresses, site maintenance tasks, and roles.
• Computer Management— This is the main node for the administrator. It contains all the components to manage the clients in the site.
• System Status— This node shows the overall health of the site, and includes tasks for troubleshooting a site.
• Security Rights— Security rights can be set here on entities of ConfigMgr, such as collections, remote tools, packages, and advertisements.
• Tools— The Tools node contains the ConfigMgr Service Manager, which can be used to start and stop services and components.
When you deploy a site, the Computer Management and System Status nodes are the most commonly used nodes for daily administration and management of your clients.
Table 10.2 describes the nodes and subnodes in more detail.
Although you can use the mouse to navigate through all the nodes in Configuration Manager, it also has a number of keystrokes you can use. The combination of those keystrokes and the mouse enables you to browse through the console very quickly. Table 10.3 displays a list of the available keystrokes.
With Configuration Manager 2007 Release 2 (R2), you have the capability to view either classic or SQL Reporting Services (SRS) reports using the Configuration Manager console.
The ConfigMgr Report Viewer allows you to navigate the reporting site, enter parameters for reports, and render the reports for viewing in a web browser. Accessing this functionality either from the console or from a web browser requires IE 5.01 Service Pack (SP) 2 or later to host the Report Viewer ActiveX control.
Microsoft provides over 300 ready-made reports that you can use or modify for your reporting requirements; these reports are described in Chapter 18. The next sections discuss viewing classic and SQL Reporting Services (SRS) reports available with ConfigMgr 2007 R2.
To view ConfigMgr classic reports from the console, perform the following steps:
The “Look for” list box allows you to filter the list of reports.
By default, the Report Viewer displays a list of up to 1,000 values. The DWORD Registry value HKEY_LOCAL_MACHINESoftwareMicrosoftSMSReportingValues Rowcount on the reporting server specifies the maximum number of values returned in the values list. This DWORD value does not exist by default. To specify that Report Viewer should display all values, set Values Rowcount to 0xffffffff.
To view ConfigMgr SRS reports from the console, perform the following steps:
Now that you have been introduced to the console, let’s spend some time discussing its installation. When you install a new primary site, the ConfigMgr console is also installed on that system by default. However, organizations typically require multiple consoles to manage the site hierarchy; this is particularly true in enterprise organizations. In these scenarios, you will also want to install the console on the desktops of ConfigMgr administrators. The next sections discuss the platforms on which the console is supported, installation prerequisites, the steps to install the ConfigMgr console using the setup wizard, and performing an unintended console installation.
Microsoft supports the Configuration Manager console on the following Microsoft platforms:
Prior to installing the console, ensure the intended system has met the following prerequisites:
• Microsoft Management Console 3.0
• .NET Framework 2.0 or higher
• At least 100MB (megabytes) free disk space
To make sure you meet all the prerequisites before you start the installation wizard, you can choose to run the prerequisite checker from the splash screen initiated from the Configuration Manager 2007 installation media.
After meeting the prerequisites discussed in the previous section, start installing the console by running the Configuration Manager Setup Wizard. If you are using the ConfigMgr installation CD, the wizard will automatically start. If installing from the file system, you can start the setup manually by opening the splash.hta file, found in the root of the installation media. Perform the following steps to install the console:
When you participate in the program, information regarding the health and performance of ConfigMgr components and your server is sent to Microsoft in a summary file. Microsoft uses this information for analysis and future releases of ConfigMgr.
Select whether or not to participate in the program, and click Next to continue. You can always decide to opt out later.
You can also troubleshoot by checking the ConfigMgrPrereq.log, located in the root of the system drive. When all the prerequisites are met (or there are only warnings), the Begin Install button becomes available. Click Begin Install to start installing the console.
When the installation is successful, you can select the option Launch the Configuration Manager console after closing. Click Finish to complete and close the wizard.
Instead of using the Configuration Manager Setup Wizard, you can install the console in unattended mode. An unattended installation can be used to deploy the console silently to multiple systems at once, potentially using ConfigMgr software distribution, or with a group policy object (GPO).
Before installing the console to multiple systems, verify that every targeted system is on a supported platform and that all the required prerequisites, described earlier in the “Prerequisites” section, are met. You can choose to check these requirements using the ConfigMgr hardware and inventory functions.
When you install the console using the setup wizard, as in the previous section, the wizard asks you to specify a number of settings. For an unattended installation, you can use an initialization file to specify these settings in advance.
The initialization file is a text file and can be created using Windows Notepad. The following information is required in the initialization file:
Specify the required options, and save the initialization file with an extension of .ini. As an example, you might name the file AdminConsole.ini.
To start the unattended setup and combine the initialization file with the setup installation files, run the following command from the command prompt or in a batch file:
The installation will run in silent mode, meaning no installation screens will display during setup. To check for errors, review ConfigMgrSetup.log, which is located at the root of your system drive.
Using MMC technology gives you the ability to create your own custom console. You can use custom consoles to hide those features you do not use or features you want to restrict to certain individuals, because not everyone may require access to the full console. Custom consoles are also useful when you have multiple administrators with specific roles. Those administrators can create their own consoles with their most commonly used features.
To create a custom console, perform the following steps:
You can now close the Add/Remove Snap-in dialog box and click OK to open the custom snap-in. The custom console, displayed in Figure 10.26, will now load. To save the console, select File -> Save.
When you create a custom console, be aware you can only add a single Configuration Manager snap-in to the console. However, this does not limit you in managing multiple sites in a hierarchy. You can manage child sites by connecting to them directly, or from their parent site. When managing a child from its parent, you are not connecting directly to the child, but to the database of the parent.
If you face any site communication issues, you can also directly connect to a child site by adding a separate site database connection. Figure 10.27 shows the central site with a separate connection to a primary child site.
To add a site database connection with a custom console tree to a previously created custom console, perform the following steps:
Figure 10.27 displays a single console containing a custom configuration for two sites.
As mentioned earlier in the “Console Deployment” section, the console is installed during the site server setup process. After installation, by default only the administrator who ran the setup has access to the console.
Special permissions are required when other users want to install and use the console from their workstations. These permissions can be divided into two categories:
• Distributed Component Object Model (DCOM)
• Windows Management Instrumentation (WMI)
The next sections discuss these areas.
Administrators running the console from their workstation require Remote Activation DCOM permissions. These permissions are required on the site server and the SMS provider.
The SMS provider is the interface between the Configuration Manager console and the site database. The console uses WMI to connect to the SMS provider, and WMI itself uses DCOM. Due to these dependencies, DCOM permissions are required when running the console on a system other than the SMS provider.
Access to the SMS provider is delivered through the SMS Admins group, which is a local security group on every site server. All users running the console must be members of this group. By default, members of this group do not have administrator rights in Configuration Manager. Specific class and instance rights are still required. In the following procedure, DCOM permissions are linked to the SMS Admins group:
• If the SMS provider is installed on a computer other than the site server, you must perform this procedure on both the site server and the SMS provider computer.
• When the SMS provider is installed on the site server, you need to perform this procedure only on the site server computer.
Perform the following steps to configure Remote Activation permissions for the SMS Admins group:
The SMS provider is the main communication interface between the site servers and the Configuration Manager console. The console itself uses a combination of DCOM and WMI.
In addition to the DCOM permissions, WMI permissions are also required. By default, the SMS Admins group has the required WMI permissions. Use the following procedure if you are using a security group other than the SMS Admins group, or if you face issues connecting due to misconfigured WMI permissions.
Identifying Connection Problems
If you face connection problems, you can identify them by the following entry in the SMSAdminUI.log:
To log the entry, you must enable verbose logging. The steps to enable verbose logging are described in Appendix A, “Configuration Manager Log Files.” Verbose logging is described in more detail in the “Troubleshooting Console Issues” section in this chapter. After verbose logging is enabled, the log file is located in the <ConfigMgrInstallPath>AdminUIAdminUILog folder.
To verify or configure WMI permissions, perform the following steps:
The Configuration Manager Service Manager, introduced in Chapter 8, “Installing Configuration Manager 2007,” allows you to easily control the Configuration Manager services. A service runs in the background for nearly all components and features. The Service Manager provides you with a tool to check the status of each service or component.
Whereas most Configuration Manager services run by default, others only run when a job is assigned to them (for example, the SMS_SITE_BACKUP service).
The Configuration Manager Service Manager can only be started through the Configuration Manager console. To start the Service Manager, navigate to the Tools node in the ConfigMgr console, expand it, and right-click ConfigMgr Service Manager. Choose Start ConfigMgr Service Manager. A new window will open, as displayed in Figure 10.30.
Within the Service Manager, you can perform several actions. Although the ConfigMgr services do not display in the regular Windows Services console (services.msc), they are threaded in a similar manner as standard Windows services. You can start, stop, pause, resume, or query a service. The query action is always the first step before performing the other actions, because the query action determines the status of the component. The following options are available:
• Query—The Query action is used to determine the status of the selected component. The possible actions you can perform will be based on the state of the component. As an example, the only available action for a component in a stopped state is to start it.
• Start—Use the Start action to start a stopped component.
• Stop—This action stops a running component. Stopping a component also shuts down its runtime environment and clears the log files and other related files.
• Pause—Use this action to pause a running component. Pausing a component preserves its runtime environment. You can pause most components to observe the behavior and the created data in the log files. Several components cannot be paused, including SMS_REPORTING_POINT and SMS_SERVER_LOCATOR_POINT.
• Resume—When a component is paused, the Resume action will resume the component so it is running again.
To run actions on Configuration Manager components, perform the following steps:
This section of the chapter describes how to troubleshoot issues with the ConfigMgr console. The MMC 3.0 console itself is very stable, and issues are generally due to configuring the required permissions or issues with WMI.
The first step in troubleshooting issues related to the console is to look at the log file. ConfigMgr by default provides many log files regarding the health of the site and its components.
This differs for the console log file. Because the log file generates a considerable amount of information requiring system resources, logging is not enabled by default.
To enable verbose logging, perform the following steps:
<source name="SmsAdminUISnapIn" switchValue="Error" >
Change this line to read
<source name="SmsAdminUISnapIn" switchValue="Verbose" >
Note that in Windows Server 2008, unless you are a member of the Domain Admins group, you have only read and execute permissions on this file. To modify the file, at least write permission is required.
By default, only administrators and SMS admins have permissions to read the SMSAdminUI.log log file.
The logging starts immediately when you start the console. When the console starts, any navigation through the console is logged as well. Therefore, it is recommended you disable verbose logging when it is no longer required for troubleshooting.
To disable verbose logging, undo the line change described in step 4.
Table 10.4 describes the most common issues related to the Configuration Manager console.
By default, the Configuration Manager console stops responding when creating queries that return more than 2,000 results. This is the same as when creating collections with a query-based membership rule that returns more than the maximum of 2,000 results.
If you require such large queries, perform the following procedure to adjust the maximum threshold through the Registry. Follow these steps:
When the console is installed, the setup program creates a file named adminconsole.msc in the <ConfigMgrInstallPath>AdminUIin folder. This is the console MMC snap-in; launching the console will start this file. As described in the “Customizing the Console” section of this chapter, you can also create and save custom consoles.
The console has several parameters (command-line options) that you can use to modify how the console starts. Table 10.5 describes the available options and their functions.
To start the console with a parameter, use the following syntax:
<ConfigMgrInstallPath>AdminUIBinadminconsole.msc /parameter
This chapter introduced the Configuration Manager 2007 console, an MMC 3.0 application. It described the console nodes, discussed launching reports, and stepped through the process of deploying the console. It also discussed security considerations. The chapter ended with a discussion of troubleshooting various console issues.
The next chapter discusses a number of the technologies used in ConfigMgr 2007.