Executive Summary: Midsized environments now have their own Microsoft System Center management solution: Microsoft System Center Essentials 2007. Follow these steps to install Essentials 2007 using the Essentials 2007 installation wizard, then use the Essentials 2007 management console to configure the product for your environment, including enabling auto-discovery of network systems and setting up software updating using Microsoft Update or locally stored updates.

When Microsoft released System Center Operations Manager 2007, the successor to Microsoft Operations Manager (MOM) 2005, it also took the time to update MOM 2005 Workgroup Edition. The rebranded version is Microsoft System Center Essentials 2007, a System Center version scaled for midsized environments (i.e., networks with up to 30 servers and 500 desktops) that lets administrators manage networks and software updates. Essentials 2007 SP1, released in May, includes improvements such as better update management; support for Windows Server 2008, workgroup systems, and SNMP monitoring; and better performance and usability. I’ll help you start using Essentials 2007 by guiding you through its installation and initial configuration. In an upcoming article, I’ll show you how to set up and use key management features of Essentials 2007.

Before You Start
Before you install Essentials 2007, make sure your environment can support the product’s hardware requirements and that you’ve installed the software prerequisites. You can find information about Essentials 2007 hardware and software requirements in the Essentials 2007 readme file and on the Microsoft System Center Essentials System Requirements web page (www.microsoft.com/systemcenter/essentials/en/us/system-requirements.aspx). Note that you must configure Microsoft IIS to allow ASP. NET 2.0; additionally, to enable email event notifications, you’ll need an SMTP relay-andmail system, such as Microsoft Exchange 2007 or Exchange Server 2003. I also recommend that before installing Essentials 2007, you apply all the latest updates to the server you’ll install it on.

Essentials 2007 uses Microsoft SQL Server 2005 to store configuration and operations data and includes a copy of Microsoft SQL Server 2005 Express Edition. For most deployments, SQL Server 2005 Express will be sufficient to store your environment’s systems management information and provide reports. However, if you have a large network, you can use a SQL Server 2005 database server with SQL Server 2005 Reporting Services (SSRS) to store systems management data and provide reports. If you have a large network but no SQL Server 2005 database server, or if none of your SQL Server database servers has spare capacity, you can buy the Essentials 2007 with SQL Server Technology version, which includes a copy of SQL Server 2005 intended solely for Essentials 2007. (For more information about the Essentials 2007 with SQL Server Technology version and other Essentials 2007 versions, see the Microsoft System Center Essentials Pricing and Licensing web page at www.microsoft.com/systemcenter/essentials/en/us/pricing-licensing.aspx.)

An Essentials 2007 installation is typically simple and straightforward, but there are some known issues you should be aware of. To learn more about known issues and get other important installation information, I recommend that you consult the Release Notes and Installation Guide that come with Essentials 2007. If you’ve installed the software prerequisites but haven’t rebooted your server (even if a reboot isn’t required), I strongly recommend that you reboot it before proceeding.

Install Essentials 2007
Start the Essentials 2007 installation wizard by inserting the installation DVD into your DVD drive. Once the wizard has launched, you’ll see three installation options: Full Setup, User Interface, and Agent. Select Full Setup. If you don’t have Microsoft Core XML Services (MSXML) 6.0 SP1 installed, the wizard will prompt you to install MSXML 6.0 SP1. Click OK to launch the MSXML 6.0 SP1 installation wizard. For more information about installing MSXML 6.0 SP1, visit the Microsoft Core XML Services (MSXML) 6.0 Service Pack 1 web page (www.microsoft.com/downloads/details.aspx?FamilyID=d21c292c-368b-4ce1-9dab-3e9827b70604&displaylang=en). After MSXML 6.0 SP1 is installed, relaunch Full Setup. The installation wizard will confirm whether your machine has the hardware and software prerequisites, then ask whether you want to store update files locally or obtain them from the Microsoft Update website (www.update.microsoft.com/microsoftupdate/v6/vistadefault.aspx?ln=en-us).

The decision whether to store update files locally or use the Microsoft Update service to obtain updates is important. The latter option requires all your managed servers and workstations to go to Microsoft Update to obtain software updates. You might choose this option if you don’t have server capacity for inhouse update management, if you have two or more sites with Essentials 2007–managed systems and slow links connecting them, or if you’re using Essentials 2007 to manage the laptops of highly mobile users (although this scenario comes with a number of other problems which might make Essentials 2007 unsuitable, such as disconnected laptops that will erroneously report as being offline when they’re merely not connected to the enterprise network). By far, the preferred option is to let your Essentials 2007 server download updates from Microsoft Update, store the updates locally, and distribute them to your servers and workstations. Storing updates locally will also save bandwidth in your Internet connection.

If you choose to store updates locally, you must choose a folder on an NTFS volume that has at least 6GB of free disk space. The default location is C:\SCE. You must also decide whether to install and use SQL Server 2005 Express or reuse an existing local or remote SQL Server instance. Next, the wizard requests credentials for the user account that will have administrator-level access on the Essentials 2007 server and all servers and workstations that Essentials 2007 will manage. Essentials 2007 will use these credentials to run, perform Active Directory (AD) lookups, and manage computers. The easiest way to provide these credentials is to create an Essentials 2007 domain user account and make it a member of the Domain Admins group.

The wizard will start the installation process, which could take a long time to finish. Finally, the wizard will prompt you to visit Microsoft Update to download the latest updates and Essentials 2007 components, such as the Microsoft Office 2003 Web Components. When the wizard finishes, you’ll see two options (check boxes): one to launch the Essentials 2007 console to complete the configuration process and the other to back up the encryption key. These options are selected by default. I recommend that you leave them selected and simply click Finish to launch the Encryption Key Backup or Restore Wizard. The encryption key protects sensitive information, such as the credentials that Essentials 2007 uses. The wizard asks whether to back up or restore the encryption key, then prompts for the backup- or restore-folder location, and finally asks for a passphrase to encrypt or decrypt the encryption key. Store the key and the passphrase on a flash drive in a secure place, such as a fireproof safe. At this point, the console should be launched, and you’re ready to configure Essentials 2007.

Configure Essentials 2007
If the System Center Essentials 2007 console doesn’t launch on its own (i.e., if you cleared the launch check box mentioned in the previous section), open the console by clicking Start, then select All Programs, Systems Center Essentials 2007, and click System Center Essentials 2007 Console. You’ll use the console to configure product features, the computers and devices you want managed, and Microsoft Update settings, as Figure 1 shows. Click the Required: Configure product features link to launch the Feature Configuration Wizard.

The wizard will prompt you to configure the proxy server, Windows Firewall, and error forwarding, among other options. Unless you have a specific reason to change the default settings, I recommend you leave them as is, except for Scheduled Discovery. By default, Essentials 2007 Scheduled Discovery is disabled. When enabled, it will daily discover unmanaged computers (i.e., those that haven’t had the Essentials 2007 management agent deployed to them) that you’ve added to your domain and silently deploy the management agent to them. The agent manages the system it’s installed on; checks its health using standard parameters such as disk space, CPU utilization, and memory use; executes commands sent from the Essentials 2007 server; and corrects any problems it finds on the managed system. You can always change the individual configuration settings later to reflect changes in your environment. Click OK to return to the Essentials 2007 console.

Next, click the Required: Configure computers and devices to manage link to launch the Computer and Device Management Wizard. The wizard lets you choose either automatic or advanced discovery. Advanced discovery lets you set discovery parameters and discovery methods, such as completely scanning AD, scanning only selected organizational units (OUs), or scanning particular system names. For example, you can configure Essentials 2007 to look in AD for computers running Windows Server 2003 R2 and managed by a particular person named in the computer object. For most installations, however, automatic discovery is the best option because your Essentials 2007 server will auto-discover and manage all your assets anyway. You can also configure Essentials 2007 to search for machines with the user-account credentials specified during the Essentials 2007 installation, or you can specify a new set of credentials for a user with administrator-level permissions on each machine you’ll scan (e.g., a user who’s a member of the Domain Admins group).

The amount of time Essentials 2007 spends on discovery will depend on your network’s size and complexity and whether you configured automatic or advanced discovery. You might find that some systems are difficult for Essentials 2007 to discover regardless of whether you use automatic or advanced discovery. For example, systems with firewalls typically won’t respond to Essentials 2007 probes unless you configure the firewalls to allow Essentials 2007 access. If Essentials 2007 doesn’t detect systems, you’ll have to manually add those systems, as I’ll describe in an upcoming article.

When the discovery process is finished, the Computer and Device Management Wizard will output a list of discovered systems, as Figure 2 shows. Select the systems you want Essentials 2007 to manage. If you kept Scheduled Discovery disabled when you ran the Feature Configuration Wizard, you’ll need to perform periodic discovery scans to find new, unmanaged devices. At the end of the wizard, click OK to return to the Essentials 2007 console.

To complete the Essentials 2007 configuration, click Required: Configure Microsoft Update settings to launch the Update Management Configuration Wizard. Windows Server Update Services (WSUS) 3.0 SP1, which is installed during the Essentials 2007 installation, is integrated with Essentials 2007 and the Update Management Configuration Wizard. You can control WSUS settings from Essentials 2007. The wizard lets you configure proxy server settings to manually synchronize WSUS with Microsoft Update and select the products, languages, classifications, and synchronization options for your environment. (You can always change Microsoft Update settings later.) Click OK to exit the wizard and return to the Essentials 2007 console.

Ready to Go
Now that you’ve performed the basic Essentials 2007 installation and configuration, you’re ready to set up additional components and learn to use Essentials 2007 features. In an upcoming article, I’ll continue our Essentials 2007 tutorial by showing you how to install agents on systems that have firewalls (such as Microsoft ISA Server), how to use the Essentials 2007 management console, how to deploy and manage updates, and how to deploy software.