安装Microsoft Endpoint Configuration Manager(SCCM)2207

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了安装Microsoft Endpoint Configuration Manager(SCCM)2207相关的知识,希望对你有一定的参考价值。

ADDC--172.16.8.10/172.16.8.11--winsvr2022-core--dc01/dc02.nipit.cn

SQL Server 2019 CU18--172.16.8.31--winsvr2022-core--sql01.nipit.cn

ADK for Winodws 11 22H2--172.16.8.20--winsvr2022-GUI--sccm.nipit.cn

MECM/SCCM--2207--172.16.8.20--winsvr2022-GUI--sccm.nipit.cn

1.安装Sql server 2019 enterprise:

删除powershell历史命令记录:

Remove-Item (Get-PSReadlineOption).HistorySavePath

配置服务器IP:

Get-NetIPAddress

New-NetIPAddress -InterfaceIndex 4 -IPAddress 172.16.8.31  -PrefixLength 24 -DefaultGateway 172.16.8.1

Set-DNSClientServerAddress -InterfaceIndex 4 -ServerAddress "172.16.8.10,172.16.8.11"

改名加入域:

Add-Computer -NewName "sql01" -DomainName nipit.cn -Credential n\\cnadmin -Restart -Force

在DC上新建sql域管理员账号(不是必需,为方便管理):

New-ADUser -Name sqladmin -SamAccountName sqladmin -DisplayName sqladmin -Enabled $True  -PasswordNeverExpires $True -UserPrincipalName sqladmin@nipit.cn -AccountPassword (ConvertTo-SecureString "********" -AsPlainText -Force) -PassThru

$SUG = @()

$SUG = (Get-ADUser -Identity "Administrator" -Properties * ).MemberOf

ForEach ($Group in $SUG ) Add-ADGroupMember -Identity $Group -Members "sqladmin"

(Get-ADUser -Identity sqladmin -Properties *).MemberOf

回到sql server服务器上,插入sql server 2019安装光盘文件,盘符为E:

1)一般情况下安装:

E:\\setup.exe /action=install /features=SQLEngine,Conn /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /skiprules=servercoreblockunsupportedfeaturescheck   /iacceptsqlserverlicenseterms /UIMode=enableUIOnServerCore

2)静默安装:

E:\\setup.exe /QS /action=install /features=SQLEngine /PID=2C9JR-K3RNG-QD4M4-JQ2HR-8468J /INSTANCEDIR="D:\\Program Files\\Microsoft SQL Server" /SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS" /INSTALLSHAREDDIR="D:\\Program Files\\Microsoft SQL Server" /INSTALLSHAREDWOWDIR="D:\\Program Files (x86)\\Microsoft SQL Server" /INSTANCENAME=MSSQLSERVER /SQLSVCACCOUNT="n\\sqladmin" /SQLSVCPASSWORD="*********" /SQLSYSADMINACCOUNTS="BUILTIN\\Administrators" "n\\cnadmin" "n\\sqladmin" /SQLSVCPASSWORD="*********"  /AGTSVCACCOUNT="n\\sqladmin" /AGTSVCPASSWORD="*********" /AGTSVCSTARTUPTYPE="Automatic" /BROWSERSVCSTARTUPTYPE="Automatic" /NPENABLED="1" /skiprules=servercoreblockunsupportedfeaturescheck   /iacceptsqlserverlicenseterms /IACCEPTROPENLICENSETERMS

3)安装最新SQL server 补丁:

​https://www.microsoft.com/en-us/download/details.aspx?id=100809​

.\\SQLServer2019-KB5017593-x64.exe  /qs /IAcceptSQLServerLicenseTerms /Action=Patch /INSTANCENAME="MSSQLSERVER"

查看sql server 版本确认补丁是否安装成功:

通过Powershell 查询安装的SQL Server 版本号

Install-Module -Name SqlServer

Import-Module sqlserver

Invoke-SqlCmd -query "select @@version" -ServerInstance "localhost" |fl

安装Microsoft

4)配置Windows 防火墙:

New-NetFirewallRule -DisplayName "SQLServer default instance" -Direction Inbound -LocalPort 1433,4022,135,1434,443,80,2382,2383 -Protocol TCP -Action Allow

New-NetFirewallRule -DisplayName "SQLServer Browser service" -Direction Inbound -LocalPort 1434,500,4500 -Protocol UDP -Action Allow

5)下载Microsoft SQL Server 2019 Reporting Services:

​https://www.microsoft.com/en-us/download/details.aspx?id=100122 ​

.\\SQLServerReportingServices.exe /quiet /pid=2C9JR-K3RNG-QD4M4-JQ2HR-8468J /installFolder="D:\\Program Files\\SSRS" /norestart /iacceptlicenseterms

安装ReportingServiceTools:​​https://github.com/Microsoft/ReportingServicesTools​

Install-Module -Name ReportingServicesTools

Get-Command -Module ReportingServicesTools

安装Microsoft

6)在SCCM服务器上下载并安装SQL Server Management Studio:

​https://learn.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15 ​

​https://aka.ms/ssmsfullsetup ​


.\\SSMS-Setup-CHS.exe  /install /quiet /norestart

https://aka.ms/ssmsfullsetup?clcid=0x409 英文版

​https://download.microsoft.com/download/8/a/8/8a8073d2-2e00-472b-9a18-88361d105915/SSMS-Setup-ENU.exe​

.\\SSMS-Setup-ENU.exe  /install /quiet /norestart

多等几分钟等待安装完成:

安装Microsoft

打开:

安装Microsoft

安装Microsoft

输入sql01:

安装Microsoft


安装Microsoft

2.接下来就是安装最新的ADK for Windows 11 22h2:​

​https://learn.microsoft.com/en-us/windows-hardware/get-started/adk-install​

ADK:

​https://myvs.download.prss.microsoft.com/dbazure/en-us_windows_11_assessment_and_deployment_kit_adk_version_22h2_x64_x86_Arm64_dvd_48117fa1.iso?t=83dce664-642a-40c6-b302-02c8eb20b055&e=1664546145&h=73151f60c485abbab2025d62b26bb148290bd183343deec722b6d7779fe439f0&su=1​

ADK WinPE addon:

​https://myvs.download.prss.microsoft.com/dbazure/en-us_windows_11_assessment_and_deployment_kit_adk_add_ons_version_22h2_x64_x86_Arm64_dvd_293e1c73.iso?t=9850880d-3a18-4f05-adf4-3fc08a88c41e&e=1664546163&h=95699084c4e6437422226b29f6f02a093d9a7fd53abf7f7df241415493d51ec1&su=1​

安装过程简略:

3.安装MECM/SCCM所需的Windows 组件:

Add-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ,Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-App-Dev,Web-Net-Ext,Web-Net-Ext45,Web-ISAPI-Filter,Web-Health,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-HTTP-Tracing,Web-Security,Web-Filtering,Web-Performance,Web-Stat-Compression,Web-Mgmt-Console,Web-Scripting-Tools,Web-Mgmt-Compat,RSAT-ADDS -Restart

安装Microsoft

4.在AD中创建并分配System Management容器权限

这里我通过powershell来实现:

# Load the AD module

Import-Module ActiveDirectory

# Figure out our domain

$root = (Get-ADRootDSE).defaultNamingContext

#Create ”System Management“ Container

New-ADObject -Type Container -name "System Management" -Path "CN=System,$root" -Passthru

安装Microsoft

分配权限:

# Get the current ACL for the Container

$acl = get-acl "ad:CN=System Management,CN=System,$root"

# Get the computers SID

$computer = get-adcomputer $env:ComputerName

$sid = [System.Security.Principal.SecurityIdentifier] $computer.SID

安装Microsoft

$ADRight = [System.DirectoryServices.ActiveDirectoryRights] "GenericAll"

$Type = [System.Security.AccessControl.AccessControlType] "Allow"

$InheritanceType = [System.DirectoryServices.ActiveDirectorySecurityInheritance] "All"

# Create a new access control entry to allow access to the Container


$ace = New-Object System.DirectoryServices.ActiveDirectoryAccessRule($sid, $ADRight, $Type, $InheritanceType)

安装Microsoft

#Add the ACE to the ACL, then set the ACL to save the changes

$acl.AddAccessRule($ace)

Set-acl -aclobject $acl "ad:CN=System Management,CN=System,$root"

安装Microsoft

打开dsa.msc查看一下设置权限是否成功:

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

以上结果说明设置成功。

5.扩展AD架构:

以具有Schema Admins安全组成员的用户运行MECM/SCCM安装介质中的

SMSSETUP\\BIN\\X64\\extadsch.exe

安装Microsoft

安装Microsoft

运行成功:找到C:\\ExtADSch.log打开如下,说明AD扩展成功:

安装Microsoft

安装Microsoft

到这里准备工作已经完成,接下来就是安装MECM/SCCM 2207:

安装Microsoft

安装Microsoft

选择安装为一个CM Primary Site,点下一步:

安装Microsoft

输入Product Key,点下一步:

安装Microsoft

勾选同意,点下一步:

安装Microsoft

安装Microsoft

耐心等待下载50个文件:

安装Microsoft

下载完成后,勾选Chinese(Simplified)简体中文:服务器端,

安装Microsoft

客户端:勾选Chinese(Simplified)简体中文

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

安装Microsoft

这个错误一般发生的sql server 服务器与sccm服务器不是同一台电脑上。解决这个问题,就是将SCCM电脑账号加入到sql01的本地管理员组中,在sql01那服务器运行:

Add-LocalGroupMember -Group Administrators -Member "n\\sccm$" -Verbose

或将sccm计算机账号加入多台服务器本地管理员组:

Invoke-Command -ComputerName ex01, sql01,sccm -ScriptBlock   Add-LocalGroupMember -Group Administrators -Member n\\sccm$

查看确认一下:

Invoke-Command -ComputerName ex01, sql01,sccm -ScriptBlock Get-LocalGroupMember -Group Administrators

安装Microsoft

也可以通过GUI方式添加:

安装Microsoft

安装Microsoft

返回安装程序,点”Run Check“后,Failed 报警消失,其他Warming报告暂时忽略,不影响安装,点击”Begin Install“ 开始安装:

安装Microsoft

安装Microsoft

等待45分钟左右,安装完成。

安装Microsoft




以上是关于安装Microsoft Endpoint Configuration Manager(SCCM)2207的主要内容,如果未能解决你的问题,请参考以下文章

如何破解symantec endpoint

Zabbix agent on Microsoft Windows

Hbase的Endpoint实现

OpenStack部署之Placement项目(7-4)

OpenStack部署之Placement项目(7-4)

带有 Microsoft.Owin.Security.OpenIdConnect 和 AzureAD v 2.0 端点的自定义参数