If you choose to store updates locally, you
must choose a folder on an NTFS volume that
has at least 6GB of free disk space. The default
location is C:\SCE. You must also decide
whether to install and use SQL Server 2005
Express or reuse an existing local or remote
SQL Server instance. Next, the wizard requests
credentials for the user account that will have
administrator-level access on the Essentials
2007 server and all servers and workstations
that Essentials 2007 will manage. Essentials
2007 will use these credentials to run, perform
Active Directory (AD) lookups, and manage
computers. The easiest way to provide these
credentials is to create an Essentials 2007
domain user account and make it a member of the Domain Admins group.
The wizard will start the installation process,
which could take a long time to finish.
Finally, the wizard will prompt you to visit
Microsoft Update to download the latest
updates and Essentials 2007 components,
such as the Microsoft Office 2003 Web Components.
When the wizard finishes, you’ll see two
options (check boxes): one to launch the
Essentials 2007 console to complete the
configuration process and the other to back
up the encryption key. These options are
selected by default. I recommend that you
leave them selected and simply click Finish to
launch the Encryption Key Backup or Restore
Wizard. The encryption key protects sensitive
information, such as the credentials that
Essentials 2007 uses. The wizard asks whether
to back up or restore the encryption key, then
prompts for the backup- or restore-folder
location, and finally asks for a passphrase to
encrypt or decrypt the encryption key. Store
the key and the passphrase on a flash drive in
a secure place, such as a fireproof safe. At this
point, the console should be launched, and
you’re ready to configure Essentials 2007.
Configure Essentials 2007
If the System Center Essentials 2007 console
doesn’t launch on its own (i.e., if you cleared
the launch check box mentioned in the previous section), open the console by clicking
Start, then select All Programs, Systems
Center Essentials 2007, and click System
Center Essentials 2007 Console. You’ll use
the console to configure product features, the
computers and devices you want managed,
and Microsoft Update settings, as Figure 1 shows. Click the Required: Configure
product features link to launch the Feature
Configuration Wizard.
The wizard will prompt you to configure
the proxy server, Windows Firewall, and error
forwarding, among other options. Unless
you have a specific reason to change the
default settings, I recommend you leave them
as is, except for Scheduled Discovery. By
default, Essentials 2007 Scheduled Discovery
is disabled. When enabled, it will daily discover
unmanaged computers (i.e., those that
haven’t had the Essentials 2007 management
agent deployed to them) that you’ve added
to your domain and silently deploy the management
agent to them. The agent manages
the system it’s installed on; checks its health
using standard parameters such as disk space,
CPU utilization, and memory use; executes
commands sent from the Essentials 2007
server; and corrects any problems it finds on
the managed system. You can always change
the individual configuration settings later to
reflect changes in your environment. Click OK
to return to the Essentials 2007 console.
Next, click the Required: Configure computers and devices to manage link to launch
the Computer and Device Management
Wizard. The wizard lets you choose either
automatic or advanced discovery. Advanced
discovery lets you set discovery parameters
and discovery methods, such as completely
scanning AD, scanning only selected organizational
units (OUs), or scanning particular
system names. For example, you can
configure Essentials 2007 to look in AD for
computers running Windows Server 2003
R2 and managed by a particular person
named in the computer object. For most
installations, however, automatic discovery
is the best option because your Essentials
2007 server will auto-discover and manage
all your assets anyway. You can also configure
Essentials 2007 to search for machines
with the user-account credentials specified
during the Essentials 2007 installation, or
you can specify a new set of credentials for a
user with administrator-level permissions on
each machine you’ll scan (e.g., a user who’s a
member of the Domain Admins group).
The amount of time Essentials 2007
spends on discovery will depend on your
network’s size and complexity and whether
you configured automatic or advanced discovery.
You might find that some systems
are difficult for Essentials 2007 to discover
regardless of whether you use automatic or
advanced discovery. For example, systems
with firewalls typically won’t respond to Essentials 2007 probes unless you configure
the firewalls to allow Essentials 2007 access. If
Essentials 2007 doesn’t detect systems, you’ll
have to manually add those systems, as I’ll
describe in an upcoming article.
When the discovery process is finished,
the Computer and Device Management Wizard
will output a list of discovered systems,
as Figure 2 shows. Select the systems you
want Essentials 2007 to manage. If you kept
Scheduled Discovery disabled when you
ran the Feature Configuration Wizard, you’ll
need to perform periodic discovery scans to
find new, unmanaged devices. At the end of
the wizard, click OK to return to the Essentials
2007 console.
To complete the Essentials 2007 configuration,
click Required: Configure Microsoft
Update settings to launch the Update Management
Configuration Wizard. Windows
Server Update Services (WSUS) 3.0 SP1,
which is installed during the Essentials 2007
installation, is integrated with Essentials 2007
and the Update Management Configuration
Wizard. You can control WSUS settings from
Essentials 2007. The wizard lets you configure
proxy server settings to manually synchronize
WSUS with Microsoft Update and select the
products, languages, classifications, and synchronization
options for your environment.
(You can always change Microsoft Update
settings later.) Click OK to exit the wizard and
return to the Essentials 2007 console.
Ready to Go
Now that you’ve performed the basic Essentials
2007 installation and configuration,
you’re ready to set up additional components
and learn to use Essentials 2007 features. In
an upcoming article, I’ll continue our Essentials
2007 tutorial by showing you how to
install agents on systems that have firewalls
(such as Microsoft ISA Server), how to use the
Essentials 2007 management console, how
to deploy and manage updates, and how to
deploy software.
Register
