安装Microsoft Endpoint Configuration Manager(SCCM)2207
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了安装Microsoft Endpoint Configuration Manager(SCCM)2207相关的知识,希望对你有一定的参考价值。
ADDC--172.16.8.10/172.16.8.11--winsvr2022-core--dc01/dc02.nipit.cn
SQL Server 2019 CU18--172.16.8.31--winsvr2022-core--sql01.nipit.cn
ADK for Winodws 11 22H2--172.16.8.20--winsvr2022-GUI--sccm.nipit.cn
MECM/SCCM--2207--172.16.8.20--winsvr2022-GUI--sccm.nipit.cn
1.安装Sql server 2019 enterprise:
删除powershell历史命令记录:
Remove-Item (Get-PSReadlineOption).HistorySavePath
配置服务器IP:
Get-NetIPAddress
New-NetIPAddress -InterfaceIndex 4 -IPAddress 172.16.8.31 -PrefixLength 24 -DefaultGateway 172.16.8.1
Set-DNSClientServerAddress -InterfaceIndex 4 -ServerAddress "172.16.8.10,172.16.8.11"
改名加入域:
Add-Computer -NewName "sql01" -DomainName nipit.cn -Credential n\\cnadmin -Restart -Force
在DC上新建sql域管理员账号(不是必需,为方便管理):
New-ADUser -Name sqladmin -SamAccountName sqladmin -DisplayName sqladmin -Enabled $True -PasswordNeverExpires $True -UserPrincipalName sqladmin@nipit.cn -AccountPassword (ConvertTo-SecureString "********" -AsPlainText -Force) -PassThru
$SUG = @()
$SUG = (Get-ADUser -Identity "Administrator" -Properties * ).MemberOf
ForEach ($Group in $SUG ) Add-ADGroupMember -Identity $Group -Members "sqladmin"
(Get-ADUser -Identity sqladmin -Properties *).MemberOf
回到sql server服务器上,插入sql server 2019安装光盘文件,盘符为E:
1)一般情况下安装:
E:\\setup.exe /action=install /features=SQLEngine,Conn /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /skiprules=servercoreblockunsupportedfeaturescheck /iacceptsqlserverlicenseterms /UIMode=enableUIOnServerCore
2)静默安装:
E:\\setup.exe /QS /action=install /features=SQLEngine /PID=2C9JR-K3RNG-QD4M4-JQ2HR-8468J /INSTANCEDIR="D:\\Program Files\\Microsoft SQL Server" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /INSTALLSHAREDDIR="D:\\Program Files\\Microsoft SQL Server" /INSTALLSHAREDWOWDIR="D:\\Program Files (x86)\\Microsoft SQL Server" /INSTANCENAME=MSSQLSERVER /SQLSVCACCOUNT="n\\sqladmin" /SQLSVCPASSWORD="*********" /SQLSYSADMINACCOUNTS="BUILTIN\\Administrators" "n\\cnadmin" "n\\sqladmin" /SQLSVCPASSWORD="*********" /AGTSVCACCOUNT="n\\sqladmin" /AGTSVCPASSWORD="*********" /AGTSVCSTARTUPTYPE="Automatic" /BROWSERSVCSTARTUPTYPE="Automatic" /NPENABLED="1" /skiprules=servercoreblockunsupportedfeaturescheck /iacceptsqlserverlicenseterms /IACCEPTROPENLICENSETERMS
3)安装最新SQL server 补丁:
https://www.microsoft.com/en-us/download/details.aspx?id=100809
.\\SQLServer2019-KB5017593-x64.exe /qs /IAcceptSQLServerLicenseTerms /Action=Patch /INSTANCENAME="MSSQLSERVER"
查看sql server 版本确认补丁是否安装成功:
通过Powershell 查询安装的SQL Server 版本号
Install-Module -Name SqlServer
Import-Module sqlserver
Invoke-SqlCmd -query "select @@version" -ServerInstance "localhost" |fl
4)配置Windows 防火墙:
New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Inbound -LocalPort 1433,4022,135,1434,443,80,2382,2383 -Protocol TCP -Action Allow
New-NetFirewallRule -DisplayName "SQLServer Browser service" -Direction Inbound -LocalPort 1434,500,4500 -Protocol UDP -Action Allow
5)下载Microsoft SQL Server 2019 Reporting Services:
https://www.microsoft.com/en-us/download/details.aspx?id=100122
.\\SQLServerReportingServices.exe /quiet /pid=2C9JR-K3RNG-QD4M4-JQ2HR-8468J /installFolder="D:\\Program Files\\SSRS" /norestart /iacceptlicenseterms
安装ReportingServiceTools:https://github.com/Microsoft/ReportingServicesTools
Install-Module -Name ReportingServicesTools
Get-Command -Module ReportingServicesTools
6)在SCCM服务器上下载并安装SQL Server Management Studio:
https://aka.ms/ssmsfullsetup
.\\SSMS-Setup-CHS.exe /install /quiet /norestart
https://aka.ms/ssmsfullsetup?clcid=0x409 英文版
.\\SSMS-Setup-ENU.exe /install /quiet /norestart
多等几分钟等待安装完成:
打开:
输入sql01:
2.接下来就是安装最新的ADK for Windows 11 22h2:
https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install
ADK:
ADK WinPE addon:
安装过程简略:
3.安装MECM/SCCM所需的Windows 组件:
Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat,RSAT-ADDS -Restart
4.在AD中创建并分配System Management容器权限
这里我通过powershell来实现:
# Load the AD module
Import-Module ActiveDirectory
# Figure out our domain
$root = (Get-ADRootDSE).defaultNamingContext
#Create ”System Management“ Container
New-ADObject -Type Container -name "System Management" -Path "CN=System,$root" -Passthru
分配权限:
# Get the current ACL for the Container
$acl = get-acl "ad:CN=System Management,CN=System,$root"
# Get the computers SID
$computer = get-adcomputer $env:ComputerName
$sid = [System.Security.Principal.SecurityIdentifier] $computer.SID
$ADRight = [System.DirectoryServices.ActiveDirectoryRights] "GenericAll"
$Type = [System.Security.AccessControl.AccessControlType] "Allow"
$InheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"
# Create a new access control entry to allow access to the Container
$ace = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($sid, $ADRight, $Type, $InheritanceType)
#Add the ACE to the ACL, then set the ACL to save the changes
$acl.AddAccessRule($ace)
Set-acl -aclobject $acl "ad:CN=System Management,CN=System,$root"
打开dsa.msc查看一下设置权限是否成功:
以上结果说明设置成功。
5.扩展AD架构:
以具有Schema Admins安全组成员的用户运行MECM/SCCM安装介质中的
SMSSETUP\\BIN\\X64\\extadsch.exe
运行成功:找到C:\\ExtADSch.log打开如下,说明AD扩展成功:
到这里准备工作已经完成,接下来就是安装MECM/SCCM 2207:
选择安装为一个CM Primary Site,点下一步:
输入Product Key,点下一步:
勾选同意,点下一步:
耐心等待下载50个文件:
下载完成后,勾选Chinese(Simplified)简体中文:服务器端,
客户端:勾选Chinese(Simplified)简体中文
这个错误一般发生的sql server 服务器与sccm服务器不是同一台电脑上。解决这个问题,就是将SCCM电脑账号加入到sql01的本地管理员组中,在sql01那服务器运行:
Add-LocalGroupMember -Group Administrators -Member "n\\sccm$" -Verbose
或将sccm计算机账号加入多台服务器本地管理员组:
Invoke-Command -ComputerName ex01, sql01,sccm -ScriptBlock Add-LocalGroupMember -Group Administrators -Member n\\sccm$
查看确认一下:
Invoke-Command -ComputerName ex01, sql01,sccm -ScriptBlock Get-LocalGroupMember -Group Administrators
也可以通过GUI方式添加:
返回安装程序,点”Run Check“后,Failed 报警消失,其他Warming报告暂时忽略,不影响安装,点击”Begin Install“ 开始安装:
等待45分钟左右,安装完成。
以上是关于安装Microsoft Endpoint Configuration Manager(SCCM)2207的主要内容,如果未能解决你的问题,请参考以下文章
Zabbix agent on Microsoft Windows
带有 Microsoft.Owin.Security.OpenIdConnect 和 AzureAD v 2.0 端点的自定义参数