Certification-kb16 070-401 Microsoft System Center Configuration Manager 2007 Configuration - Exam Notes

From JBKB

070-401 Exam

Version: 1.0.0
Difficult level: n/a
Status: A lot missing but still going 1.0.0 due to all sections filled and the most important covered.

1 Introduction
2 Deploying a System Center Configuration Manager 2007 (SCCM) Server (9 percent)
3 Configuring an SCCM Infrastructure (19 percent)
4 Managing Resources (14 percent)
5 Distributing Applications (17 percent)
6 Deploying Operating Systems (13 percent)
7 Securing a Network Infrastructure (13 percent)
8 Managing and Maintaining an SCCM Infrastructure (15 percent)
- 8.1 Manage system health
9 Links

Introduction

This KB takes up some Exam Notes for 070-401 TS: Microsoft System Center Configuration Manager 2007, Configuring. All notes are written by John Bryntze.

Important! This is NOT a braindump or alike.

The 070-401 Exam objectives are the following:

Deploying a System Center Configuration Manager 2007 (SCCM) Server
Configuring an SCCM Infrastructure
Managing Resources
Distributing Applications
Deploying Operating Systems
Securing a Network Infrastructure
Managing and Maintaining an SCCM Infrastructure

Deploying a System Center Configuration Manager 2007 (SCCM) Server (9 percent)

Set up and configure an Active Directory schema

Schema changes/updates are always done on a DC holding the Schema FSMO roll.

2 ways to update Schema.

Run ExtADSch.exe (used in SMS 2003 also)
Use LDIFE to import a ldap syntax file (new in SCCM 2007)

You are not forced (but strongly recommended) to update Schema to install SCCM 2007, but if you doesn't update Schema you miss some functions such as:

Global Roaming - Laptop clients can travel between sites and ask Active Directory (mSSMSRoamingBountryRange) check site IP sub net and reach a local DP.
Network Access Protection - check if clients are compliance with company policy and quarantine until the machine get compliance with example help of SCCM (mSSMSSite).
Client site assignment - Client check with Active Directory which site it belongs to
Client installation properties - Set extra client options such as size of downloadable cache.
Server Locator Point - if you don't do schema updates you must manually create WINS entries for clients to find Server Locator Points and Management Points.

To update Schema you need to use an account that is member of Schema Admins and Enterprise Admins.

Additional tasks
After you extended Schema with Configuration Manager 2007 updates you have the following tasks to do

Create System Management container under System container in AD (it is hidden by default). This is not needed if you have updated Schema for earlier version such as SMS 2003 before. Also set permission on the System Management container so Configuration Manager servers can update AD.
Set you Sites to publish to Active Directory.

Migrate from an SMS 2003 hierarchy to SCCM 2007

You got 2 ways to upgrade from SMS 2003 to SCCM 2007.

In-place upgrade from SMS 2003 to SCCM 2007
Side-by-side replacing SMS 2003 to SCCM 2007

In-Place upgrade from SMS 2003 to SCCM 2007
To do an in-place upgrade from SMS 2003 to SCCM 2007 you need to have/do the following:

Take a backup of SMS 2003 servers before upgrade (things can always go wrong)
SMS 2003 with Service pack 2 or 3 (earlier cannot be upgraded)
Site Servers must be running Windows Server 2003 SP2 or later
Site Servers need .Net Framework 2.0 installed.
Primary sites must be running SQL server 2005 SP 2 or later.
All sites that will be upgraded needs to be in advanced security mode.
MMC 3.0 (for SCCM console)
Uninstall all feature packs for SMS 2003 except Inventory Tool for Microsoft Updates before upgrading. If you have OSD images those will be displayed in SCCM 2007 after migration.
Upgrade Central site first (a SCCM 2007 cannot report to a SMS 2003, but a SMS 2003 can report to a SCCM 2007)
Upgrade primary sites second (a SCCM 2007 cannot report to a SMS 2003, but a SMS 2003 can report to a SCCM 2007)
Upgrade secondary sites third
If you got Client Push installation enabled all SMS 2003 clients will be upgraded.

Side-by-side replacing SMS 2003 to SCCM 2007
There are a few valid reasons why you would like do a a side-by-side migration:

Restructuring - to restructure sites.
Mixed environment - If you for a longer time need to support older clients not supported by SCCM 2007, such as Windows 98 or Windows NT 4.0, then keep SMS 2003 separated for older clients and on the side install SCCM 2007 to take care of newer clients.
Hardware upgrade - If your SMS 2003 servers run on old hardware and you want to upgrade the hardware at the same time as SCCM 2007 implementation then a side-by-side could be interesting.

With a side-by-side you lose your SMS 2003 sites and settings and you must setup new site codes that doesn't mix with your existing SMS 2003.
Also need to clean in Active Directory/WINS old objects that you have migrated over to the new SCCM 2007. There cannot be any overlapping sites in SMS/SCCM so if a site is migrated from SMS 2003 to SCCM 2007 you will need to remove the site boundaries from SMS 2003 and then add it to SCCM 2007.
When the site has been changed you need also to change the clients within that site by one of the following methods

Push the client and specify the new site code (CCMSETUP.EXE /noservice SMSSITECODE=STO, where STO is the site code for Stockholm.)
in SMS console "Right-Click" tools (if installed) right click on collection or individual clients and the console will connect to each client and change site.
Log on manually on each client and change the site code in the Advanced tab on the Control Panel Systems Management)

Migrate SMS 2003 database objects
Migrating SMS 2003 database objects is a tricky operation, one of the following can be used:

Install your first SCCM 2007 central site as a SMS 2003 SP2 or higher site, join it to the existing SMS 2003 hierarchy. Wait for replication of all data objects, detach and upgrade this server to SCCM 2007 central server.
Upgrade only the existing SMS 2003 central site to SCCM 2007 and then install a Primary SCCM 2007 that you later detach for the new SCCM 2007 hierarchy.

SMS 2003 Service Pack 3
Even if Service Pack 2 for SMS 2003 is supported server/site in a SCCM 2007 Hierarchy it is recommended to upgrade to Service Pack 3 for SMS 3 to get support for Windows Vista and better support for roaming sites.

Configure an SCCM hierarchy

You can have different sites but the main site (central site) is required and could be the only site.
Each SCCM site has minimum one site server that can be of 2 different types, Primary site server or Secondary site server.

Primary site server
Primary site servers either host or connect to a Microsoft SQL server and can scale up to 100000 clients.
Supports all SCCM roles. You must have at least one Primary server which is in the top of the Hierarchy called Central Site. Primary site servers can have many children (Primary and secondary) but only one parent (Primary).

Secondary site server
Secondary site servers doesn't host or connect to any Microsoft SQL server and cannot be in the top of a SCCM hierarchy, needs to have one (and only one) parent server. Secondary site server cannot have any children sites but must have one parent Primary site.
Secondary sites are normally used to manage large amount of data from users in a remote site over a WAN link.

SCCM hierarchy
A SCCM hierarchy can be as many different as there are companies implementing them but some common:

Central site (Primary site) with Primary site servers as children and these have Secondary site children.
Central site (Primary site) with Secondary sites as children.
Central site (Primary site) with mix of Primary/Secondary sites as children.

Remember that if you are in a mixed environment (with SMS 2003) you cannot have a SCCM site as a child to a SMS 2003 server but the other way around work to have SMS 2003 site as a child to SCCM Primary site.

Set up and configure security accounts

Account Used To Install Configuration Manager
The account to setup SCCM 2007 with must be a Active Directory domain account (if you use a local account the setup might finish but you will not be able to launch the SCCM console and you will need to reinstall).
The account needs the following rights/privilege

Local Administrator on the site server you install
Local Administrator on the server running SQL Server (could be the same server as the SCCM site server)
Local Administrator on the SMS Provider computer if this is not installed on the site server.
Member of Sysadmins on the SQL server.

During the installation the account you used to install will automatically be member of SMS Admins group.
If it is a new installation the account used at setup is the only account default with rights in SCCM, if it was an upgrade the account from SMS 2003 retains it's permission.

Account to run SCCM console
SCCM console is a MMCv3 snap-in and default it is only the account that installed SCCM 2007 that got permission to run the console. If you want to install it on other SCCM admins workstation to administer SCCM you need to either grant the specific permission to the accounts or add them to the SMS Admins group, then they can administer SCCM via the console.

Accounts used by SCCM
SCCM uses mainly 2 accounts, Local System account and Domain\computername$.

Local System (NT AUTHORITY\System) have full local rights/permission on a machine. For example if you distribute a package to install with administrative rights it is NT AUTHORITY\System that does the installation on the client.
Domain\computername$ (example JBKB\DESKTOP76$) is used when network access is needed (remember NT AUTHORITY\System cannot access network resources, it is only local). For example if you distribute a package to install it is Domain\computername$ who download the files from the Distribution Point.

Configuring an SCCM Infrastructure (19 percent)

Configure client agents

SCCM is build on many different function and it is not one single SCCM agent or service that handle all this, there is one agent per service and those can be disabled or configured (per site).

Hardware Inventory Agent
As the name implies it is the agent that scan the local hardware through WMI and registry but is also gather information such as software displayed in Add/Remove Programs, Services.
Data collected by the Hardware Inventory Agent can be seen by Resource Explorer (right click on a machine in a Collection and chose Start -> Resource Explorer.)
Default the Hardware Inventory Agent is set to do an inventory every 7 days but can be set to any schedule needed.
SMS_Def.mof is located in SCCMInstall\inboxes\clifiles.src\hinv and is a file that can be modified to enable/disable classes that the agent should scan/collect. SMS_Def.mod can be modified in notepad.

Management Information Format (MIF) can be used to extend hardware inventory information, two different MIF files exist

IDMIF file can be used to collect data from devices that cannot have a ConfigMgr client installed such as a shared network printer, photocopier etc.
NOIDMIF file stored in %Windir%\System32\CCM\Inventory\Noidmifs extend properties of already inventored hardware

Software Inventory Agent
Software Inventory Agent collects information (such as File details and Product details) about files and it's location.
By default the agent inventory only *:exe files but any extension or file name with wild cards could be added (with care!). You also get to chose what locations to search and if subfolders should be searched.
Inventory Names: Most companies publish their files under a lot of different names for lots of different reasons, for example JBKBSoft could have name: JBKBSoft Crop., JBKBSoft, JBKBSOFT, JBKB-Soft etc and to gather all those into one inventory name you can chose one display name for all names. SCCM includes some defaults but you can modify and add.

Advertised Program Agent
Advertised Programs Client Agents is one of the most important agents, it is the one who enable software distribution (pushing Office 2007 for example).
You can enable or disable Advertised Programs Client Agent, if enabled you got 2 extra options (a if you run SCCM R2 you have a 3rd option for Virtual Applications but that is out of the scope of this exam):

Allow user targeted advertisement requests - if only targeting computers you can same CPU cycles and bandwidth by uncheck it
New program notification icon opens Add or Remove Programs - if enabled and also notification, this option notifies users when a new program is available to install over network in Add/Remove programs

Computer Client Agent
Computer Client Agents handle some general settings, to configure you got 5 tabs:

General - Here you can set the Network Access Account (the account the agent will use to access network resources such as distribution shares etc), default Policy Polling interval when the ConfigMgr checks its MP for new/updates policies
Customization - Can create a branding for Software Updates.
Reminders - Here you can set the interval for the reminder balloon notification (for Software Updates, mandatory software distribution) to install before deadline kicks in.
BITS - Configure BITS with 3 different options: Not Configured; Apply for BDD only; Apply to BDP and all clients.
Restart - Configure how much notice a user gets before a restart.

Desired Configuration Manangement Client Agent
You got only 1 option to configure, if it is enable or not, if enable you also get to configure how often it should schedule, default every 7 days.

Mobile Device Client Agent
With Mobile device in this case means Windows Mobile Phone and newer phones got the client installed default and on some older you can download a SCCM client.
This client don't support all features that a client on a Windows 7 machine support, but support the following:

Hardware inventory - Owner name, Phone number, IMEI number, Battery status, memory, CPU etc is collected.
Software inventory - Inventory files on the phone/mobile device by wild cards.
Software distribution - distribute software to mobile devices.

By default the mobile client (Mobile Device Client Agent) poll changes only each 6 hours since you are less likely to do changes on a mobil device, but that can of course be change to any value you decide.

Remote Tool Client Agent
To use Remote Tools you must check the box in "Enable Remote Tools on clients" and remember that all clients support newer secure RDP except Windows 2000 clients who use the an updated SMS 2003 remote client, you can configure the access level different between the 2.
You can also configure if it should ask for permission before accessing the client.
You can grant permission based on a Collection.

Network Access Protection Client Agent
Not much to configure, if enabled you can configure how often a NAP-client will evaluate it's SoH (Statement of Health). Not checked default but you got an option to force a refresh of SoH each time (can reduce performance).
When client has passed the NAP check you have options to configure how often it should re-evalutate.

Software Metering Client Agent
Software metering can be interesting when you want to reclaim unused software license such as Adobe Photoshop/Acrobat etc, Software Metering measure how often a certain program has been launched.
This can be pretty much data so default this data is saved 90 days but can be configured to any value (in days).
You also got an option (checked by default) to automatic add programs (executables) that has been used by a percentage of a site. Example if you enable it and set it to 25%, if a program named JBKBViewer.exe is used by 27% of a site that exe file will automatically get a rule created.
Also got the opposite, if a program/exe is too often used it will not be auto-created, for example netlogon.exe, explorer.exe etc.
You can always create a rule and specify file name (wild cards allowed), version, language, site (you can check that it applies to child sites also).

Software Update Client Agent
To enable Software Update Client Agent you need minimum one Software Update Point.
Configuration: there are 3 tabs General, Update Installation and Deployment Re-evaluation.

General - Enable/Disable agent and set scan schedule (default each 7 days)
Update Installation - Can configure so that if there are multiple deadlines for multiple targets that all mandatory updates will be installed on the first deadline (so they install at the same time). You can also configure so all notifications are hidden for end user.
Re-evaluation - if a patch is uninstalled this will make sure it it reinstalled again (within the scan persiod so in worst case if default value 7 days are set it can take a week before the patch is back again.)

Configure site boundaries

What defines a site in SCCM? pretty much the same as a Active Directory site, IP ranges.

An Active Directory site (use the same as the Active Directory, if one exists)
An IP range (ex: 10.46.0.23-10.46.0.56, could be a server IP range that need specific Client Agent settings and therefor a separate site)
An IP subnet (ex: 192.168.0.0/24)
An IPv6 prefix

You select site boundaries per site but be careful so only in IP-address is in one site.
Preferable use Active Directory sites if possible for less administration.

To create a new site boundary go to the site and: Site Settings -> Boundaries -> right click Boundaries and select New Site Boundaries.
A wizard starts and you enter in Description, select Site Code and Type.

Configure core site system roles

Not all mentioned is maybe "core" roles but mentioned for informative purpose.

Site/component server
When setting up a new site you need to specify the following:
Intranet FQDN - used by all internal clients, example JBKB-SCCM-01.JBKB.LOCAL
Internet FQDN - used by all external clients (requires Native Mode), example JBKB-SCCM-01.JBKB.bryntze.net
Account - Need to specify which account to setup the site, default is the server account name (would be for example JBKB-SCCM-01$) or specify a domain user. Protected Site System - If you check this box this site will be a protected Site which means no clients outside this site can connect to it (could be good to reduce WAN traffic but also can result in clients not getting access to SCCM services if their local server cannot be contacted for example).

Management Point
Any site (can only reside on a Primary site) that will have clients to manage will need a Management Point (will be shorted MP in rest of this KB).
The following is required for a MP:

IIS
WebDAV

To configure a MP do the following: in SCCM console: Site Management -> Site Database -> Site Management -> <Site Code><site name> -> Site Systems, right click on Site Systems and select New Roles.
Now a wizards starts and select Management Point and fill in:
Check Box: Allow devices to use this management point
Drop down list: Allow intranet-only client connections/Allow Internet-only connections/both
Radio button - Specify the database that this management point uses: Use the site database/Use a database replica
Radio button - Specify the account used by the management point to connect to the database: Use the management point's computer account/Use another account.

Server Locator Point
Server Locator Point (will be shorted SLP for rest if this KB) is only needed/mandatory if clients are in WORKGROUP, in another Forest or if Schema Updates hasn't been applied.
If Schema updates has been applied and clients belonging to the Active Directory domain client will request site assignments and management points from Active Directory.

Distibution Point
SCCM deploy/push software with help of Distribution Points (will be shorted DP for rest of this KB).
This Role can be assigned to a Primary Site and Secondary Sites and is good to distribute across the WAN so in locations with a lot of clients got a local DP and doesn't need to traverse the WAN to get software packages.
To create/configure a DP do the following: in SCCM console: Site Database -> Site Management -> <site code><Site name> Site Settings -> Site Systems right click and select New Roles and a wizard starts
When you later in the wizard reaches "System Role Selection" check Distribution Point.
Now you got 2 options to chose between:

Enable as a standard distribution point - If in mixed mode you can only select Allow Intranet-only client connects, in native mode you can also select Allow Internet-only client connection or both Intranet and Internet. You also got a check-box to Allow client to connect anonymously (Required for mobile device clients). DP will install on the drive with most disk space on it and name the distribution share as SMSPKG<driver letter>$, so for example if the DP server got a large disk at E: the share will be named SMSPKGE$. If you don't want the largest drive to be assigned this share you will need to put a file named: NO_SMS_ON_DRIVE.sms on the root of that drive.
.
Enable as a branch distribution point - Can be installed on a Windows client such as XP/Vista/7 and support maximum 10 clients at the same time. If enabled you can specify which partition to use for storage of all packages and how much space to reserve for OS.

Group membership: You can also add the DP to a group to logical group DPs (Default is cleared).

Reporting Point
Reporting Point (in rest of this KB will be shortened to RP) hosts web reports that query the primary servers SQL database. This role requires:

IIS (with ASP enabled)
Microsoft internet Explorer 5.01 SP2 or higher (shouldn't be a problem if installed on Windows XP/2003 and newer for using Report Viewer)
To use graphic reports - Office Web Components 2000 SP2/XP/2003 is needed and exists on ly in 32 bit.

State Migration Point
State Migration Points (in rest of this KB will be shortened to SMP), stores data during user profile migration (user state data) when re-image an machine with OSD (if you know how USMT or MigWiz works you can see the SMP as the storage of USMT data).
When configuring SMP you need to decide:

Folder - Local folder to host the User State Data (example: E:\UserData)
Max Clients - Maximum clients that can be saved into the folder (Example: 50)
Minimum Free Space - If disk space drops below Minimum Free Space no User State data will continue to be written.

Deletion Policy: Here you can set when the User State data should be deleted after a successfully restore:

Immediately
Delete After (Set a value, default is 10 days)

Preferable keep the User State data for 10 days to ensure that end user got all his/her files, this do will keep more space on the disk for longer time but can avoid a bad experience for an end user.
A last option exist to set the SMP in restore-only mode, it means the SMP will not accept new User State data but will restore User State Data it already got.

PXE Service Point
PXE Service Point (will be shortened to PSP for the rest of this KB) is used only to allow PXE boot for OSD (Operating System Deployment).
PSP is just an extra layer on top of WDS (like SUP is an extra layer on top of WSUS) so PSP requires of course WDS to be installed first (but do not configure it, let PSP do it else you will end up with conflicts).
To add the PSP role do the following: in SCCM console: Site Database -> Site Management -> <Site code><Site Name> -> Site Settings -> Site Systems: right click and chose New Roles and then select PXE Service Point (here you be asked to enable PXE Service Point and reminded you need to allow UDP port 67, 68, 69 and 4011 through firewalls etc).
Then you got 4 options you can configure (5 options if you run SCCM R2 but that is out of the scope of this exam and KB).

Allow this PXE service point to respond to incoming PXE requests - check box, simply enable or disable.
Require a password for computer to boot to PXE - If this option is enable a computer needs to enter the password specified here before allowed to PXE boot on this server.
Interfaces - On PSP servers with multiple NIC you can specify which NIC it should listen for PXE requests.
Specify the PXE server response delay - Set the time for the PSP server to wait to reply on PXE boot requests.

Like DP this role creates a share on the server but can be differentiated by it's share name \SMSPXEIMAGES$

Software Update Point
When deploying software updates SCCM put a layer on top of WSUS (if SCCM SP1 is in use WSUS SP1 is needed etc) and any changes done by WSUS admin console will be over written by Software Update Point (shortened SUP for rest of this KB).
Normally you install/Configure SUP on central site to download updated from Microsoft Update and then install SUP on all Primary sites.
For the SUP specify Proxy settings (if needed) both for access externally to Windows Update and for internal clients to reach internal SUP.

Fallback Status Point
Fallback Status Point (will be shortened FSP for rest of this KB) should be in place before you start to deploy clients because this role help to identify client installation failures (even in native mode since this role communicate un encrypted). This role also provides a ay for clients to report when they got problems to contact their MP.
If in native mode you must specify an Internet FQDN name for the role.

System Health Validator point
System Health Validator (will be shortened SHV for rest of this KB) got no settings to configure and is only needed if you use NAP (Network Access Protection).
For this role to work you must install Network Policy Server on the server hosting SHV.

Out of Band Service Point
Out of Band Service Point (will be shortened OoB Service Point for rest of this KB) is only useful if you got computer with Intel Active Management Technology (will be shortened AMT for rest of the KB). With OoB you can reach systems without Windows or even turned on to wake up with Wake On LAN, remotely configure systems.
OoB Service Point settings are the following:
Error retries: how often to retires and in which delay (in minutes).
Transmission maximum: Maximum number of power on attempts to make before stop (default 100) and wait (in seconds)
Transmission threads: Configure the maximum number of connection threads (default 3)
Transmissions offset: Specify in minutes how much in advance the machine should be powered on before any activity is planned (for example if you want to push Microsoft Office 2007 to machines shut down at 04:00AM and you set this value to 10 it will wake up the machines at 03:50AM and hopefully be started and ready to install Microsoft Office 2007.

Asset Intelligence Point
Asset Intelligence Point (will be shortened AI Point for rest of the KB). By default AI is not enabled and if needed you will need to enable hardware inventory agent and software metering agent.
To configure AI go following in SCCM console: Site Database -> Computer Management -> Asset Intelligence, right click and chose Edit Asset Intelligence Reporting Class-settings.
Here you can either select:
Enable all Asset Intelligence reporting classes - to enable... yeah ALL.
Enable only the selected Asset Intelligence reporting classes - such as Installed Software, USB devices, Software shortcuts, Auto-start software, Console usage etc.

Configure discovery methods

SCCM support many different discovery methods and for different usage, some are to locate possible SCCM client, others to gather information from Active Directory or directly from the client itself.

Heartbeat Discovery
This discovery method is the only one that must be enabled (all the below isn't required).
This discovery is executed by the client and sends data (IP address and alike) to the Management Point, this method therefor doesn't discovery new clients but make sure existing clients are up2date.

Active Directory System Discovery
This discovery method is useful with Active Directory as it is agentless and can discover OS name/version; IP address/site and this discovery method can be used to target installations for clients.
You configure location:

Local domain
Local name-space
Custom LDAP or GC query - need to specify or browse a LDAP string (to an OU if needed)

Also set if discovery is recursive/include groups and polling interval.

Active Directory Security Group Discovery
This method do LDAP queries to a Domain Controller to get data about Security Groups.
Important to know that this discovery method doesn't find new objects, just add extra meta data about objects already found already by Active Directory System Discovery and Heartbeat Discovery
You configure location:

Local domain
Local name-space
Custom LDAP or GC query - need to specify or browse a LDAP string (to an OU if needed)

Also set if discovery is recursive/include groups and polling interval.

Active Directory System Group Discovery
This method do LDAP queries to a Domain Controller to get data about OU, Global Grops, Universal Groups, Nested Groups and None-security groups (Distribution groups).
Important to know that this discovery method doesn't find new objects, just add extra meta data about objects already found already by Active Directory System Discovery and Heartbeat Discovery
You configure location:

Local domain
Local name-space
Custom LDAP or GC query - need to specify or browse a LDAP string (to an OU if needed)

Also set if discovery is recursive/include groups and polling interval.

Active Directory User Discovery
This method do LDAP queries to a Domain Controller to get User Object data, default the most common attributes are added but you can configure to add any value you can find by example ADSIEdit. Set polling interval how frequently you want to discover new user data.

Network Discovery
This is most useful if you have machines outside Active Directory such in a workgroup or you want to discover printers/routers/network devices (If you have all machines within Active Directory this discovery method doesn't add anything extra that you cannot already get directly from Active Directory).
If you decide to enable Network Discovery you must chose on of the 3 following:

Topology - Discovers routers/IP subnets and SNMP (case sensitive on SNMP community)
Topology and client - same as above plus reading info from DHCP server (specified by IP address and must be a Microsoft DHCP server)
Topology, client and client operating system - same as above plus gathering Client Operating system data through direct SNMP/DHCP/Windows Browser/Windows networking calls to clients.

You can specify which subnets/domain/SNMP/DHCP to search in.

Configure client installations

Basically to install the SCCM client you need to run CCMSetup.exe that launches CCMSetup.msi. You could launch CCMSetup.msi directly if you deploy software with GPO but that limits your customization, preferable is to run CCMSetup.exe that support many switches but this KB will mention some of the most common/useful:
/uninstall - to uninstall
/mp: - target a Management Point that CCMSetup will use to download installation files from
/native - install the client for Internet-only communication.
SMSSITECODE - Assign a client to a Site (example SMSSITECODE=STO to assign the client to the Stockholm site)
SMSCACHESIZE - Set the clients cache size (default is about 5GB in size)
SMSSLP - Set client to use a Service Locator Point (only needed for domain machines if the Schema Update hasn't been run or if the machine is in a WORKGROUP or in another forest. Example: CCMSetup.exe SMSSLP=JBKB-SCCM-03

There are serveral different client installation methods:
Manual installation - Run CCMSetup.exe manually, either by copy all files to client and run there or access through network with /mp: or /source switch (example: \\JBKB-SCCM-01\SCCMClient\CCMSetup.exe /mp:JBKB-SCCM-01.jbkb.local)
Client Push Installation - If you check the box "Enable Client Push Installation to assigned resources" it will search for all clients found in discovery (read section above) and try to install SCCM client with permission specified in the Accounts tab. You also got the option to which kind of clients you should push the client and there are 3 check boxes:

Servers (enabled default)
Clients (enabled default)
Domain Controllers

On the third and last tab; Client; you can add parameters to the client installation, the same as mentioned above such as SMSCACHESIZE=2024 (to change default 5GB to 2GB).
Client Push Installation Wizard - Is the same process as Client Push Installation but is better to start with the wizard and to test prior to enable Client Push Installation that will reach all clients. To use the wizard right click on a Collection or Computer and select "Install Client" that will start the Client Push Wizard.
Client install/preparation in an image (preferable WIM) - Do a normal manual client installation but remove SMSSITECODE from the installation so that when a machine has been re-image it will go out and search for it's site code (common mistake is to set SMSSITECODE=AUTO, then it will still find it's SITECODE and set it and then you take an image with that specific SITECODE).
GPO installation - You can install client by installing it with GPO and use CCMSetup.msi, you cannot set Cache size and assign a site but if you have updated schema in the AD the client will find it's site though Active Directory.

Updates/upgrades/patches can be applied with normal software distribution or the client install/wizard. Client Upgrades are often needed when a new service pack has been released.

Troubleshooting failure to with client push installation
If a machines fails to install the client via client push you can look into these places

In the ConfigMgr console: System Center Configuration Manager -> Site Database -> System Status -> Site Status -> Component Status -> SMS_Client_Config_Manager look for errors

ccm.log file (install folder + \logs)

Configure SCCM infrastructure for Internet-Based client management

Internet-Bases Client Management (will be shorted IBCM for rest of this KB) is used to manage clients outside your own network, it requires a lot of infrastructure and changes.
Remember that IBCM in SCCM 2007 (without service packs) only support the following features:

Software Distribution
Software Updates
Software Metering
Hardware and software inventory
status and state reporting

Exam Tip: Remember that in order to support IBCM you must have at least one site operating in Native mode

The most significant infrastructure needed for IBCM is PKI/Certificate server, since VPN isn't needed all traffic/authentication is done via certificates. There are 3 different certificates used:

Client certificates - used to client to authenticate itself in native mode.
Web server certificate - used by site systems to authenticate to clients
Document-signing certificate - used by systems to ensure integrity of data between systems.

All systems must trust the root certificate and if you install your own PKI environment machines not member of the domain will need to add the root certificate to trusted store.

For security reasons you should not put site servers servicing Internet based systems on your LAN/inside but instead in a DMZ and configure your firewall to accept HTTPS into the DMZ.

Managing Resources (14 percent)

Build an SCCM collection by using queries

Dynamic Collections have a dynamic membership based on some criteria/queries.
When you create a Collection and the New Collection Wizard starts and you reach section Membership Rules you click on the database icon (query) Create a query with a suiting name and either import a Query by pressing Import Query Statement... button and then Edit Query Statement... button or go directly to E3dit Query Statement and write a new query. Within a query you set a Criteria with the following criteria types:

Simple Value - Compares a value in "Where" with an "Operator" and "Value" for example: Check for a simple value in System Resource - Computer Name, with an operator Starts With value JBKB
Attribute reference - Select criteria on a attribute value
SubSelected values - Compares result given by another query.
List of values - Compares a list of values.

Where - here you can press the Select... button and browse where to search the value, for example under System Resource.
Operators - drop down list where you chose Operators like "is like"/"start with" etc.
Values - Sets the value that the criteria need to match.

All machines that match the query (criteria) becomes member of this (Dynamic) collection and the members are updated in an interval set on the collection, default every 24 hours.

Meter software usage

Metering software usage is a function to see how often a specific software is used, this can be for numerous reasons such as verify if those expensive Adobe Acrobat licenses really are needed (well at least started).
Default the agent report back every 7 days the usage of applications either static specified or automatic applications that more than 10% of everyone use (default is 10% can be changed). If the usage is 100% i be ignored (default 100% can also be changed)
This data is by default saved 90 days, be careful to increase this since the database will increase as well.

Manage assets

Manage inventory flow

Manage client agents

Distributing Applications (17 percent)

This might be "only" 17% of the exam objectives but is likely over 50% what administrators mostly use SCCM for: distribute applications (or settings or whatever you want).
If you already today is working and distributing applications with help of SCCM this part can be skipped.

Manage Packages

Packages are created under: System Center Configuration Manager -> Site Management -> Computer Management -> Software Distribution -> Packages
A package can be created by following means:

Definition file - in older SMS you could use the PDF (Package Definition Format) - for most people SMS and PDF would be more Text Message and Adobe format, you who read this is probably not a normal person ;) - In SCCM even if the older formats are still supported MSI is the preferred.
Create without definition file - set all values yourself, when you for example doesn't use msi files and create your own cmd/bat file that run an exe file, reg, vbs script etc to do what you want.
No source file at all - use existing files on computer such as "ipconfig", "msconfig" or using an existing uninstall file.

The same data will be populated in the package regardless what way you chose above, if you chose to create a package from a definition file (such as read all the data from a MSI file) or manually enter in version and manufacture.

In a Package you specify the following data:

Name - Example: StartUp Script
Version - Example: 1.0
Manufacturer - Example: JBKB
Language - Example: ENU
Comment - Example: "JBKB Script to add during statup"
If the package contains source files (and how those files are updated and distributed) - Example: Source Directory: \\JBKB-SCCM-01\packagesource$\JBKB-StartupScript1.0

Under the package you got a node called Distribution Points, to make this package (and the programs within it) visible you need to create a Distribution Point.
Mark the Distribution Point node and right click and chose "New Distribution Point" and a wizard starts and you can check all DP that should get this package.

A package just set the name and where the source files are, to use them you need to make them visible on Distribution Points, create Programs etc, more about below.

Manage Programs

If you created a Package from a definition file you get Programs by default that you can keep as they are or edit, if you manually created a package you also manually need to create the program.
You can see the Package as the holder of files and the Programs as the script/action who uses the files in the package.
To add a Program to a Package: Select the Package, browse the sub folder named Program and right click and select New -> New Program (you also got the option Program for Device if you do a package for example a Windows Mobile)
Then the New Program wizard starts where you need to enter in the following information:

General - such as name, command line (could be direct a msiexec command or calling a script in for example the source files in the package), Run hidden?, what to do after running (restart etc).
Requirements - here you specify how much disk space the client must have free in order to accept the package, there is no idea to let a client accept an Office 2010 installation if only 300MB is free on the disk etc. To set the maximum time the program can run (not included download time of installation files) this is to end a program who doesn't finish (can easily happen in a silent installation that wait for input). If the program only can run on a specific platform such as 32/64 bit or Windows 2000/XP/7/2003/2008 etc or other custom requirement that you can set yourself such as only if for example only if a machine got a specific machine type as DVD burner.
Environment - Run Mode, important setting, if the program should run:
- Only when a user is logged on - You have to chose if it should run with administrative (LOCAL SYSTEM account) or as the logged in user (good if you want to do changes in users profile/registry)
- Whether or not a user is logged on - Can only run as administrative (LOCAL SYSTEM account)
- Only when no user is logged on - Can only run as administrative (LOCAL SYSTEM account)
Windows Installer - if you are installing a msi file you can import it here so it can find the file for re-installation/repair.
MOM Maintenance mode - here you can set if this program during installation should disable alerts and alert if program fails.
Advanced - if another program should run before this one, suppress program notifications ect.

You can create as many programs as you want within a package, those wont be active until an Advertisement call for the program, for advertisements read next section below.

Manage Advertisments

Advertisments are the glue that put together Collections with a Program (remember programs reside within packages).
Before using advertisments make sure that the Advertised Program Client Agent is enabled (Enable software distribution to clients).

There are 3 ways to create an adveristment

At the Advertisments node, Site Database -> Computer Management -> Software Distribution -> Advertisments, right click and chose New Advertisment.
At the Package node, Site Database -> Computer Management -> Software Distribution -> Packages) right click on the package that contains the program you want to distribute and select Distribute Software.
At the Collection node, Site Database -> Computer Management -> Collections, navigate to the collection containing the targets for the deployment and right click on that collection and select Distribute Software.

All the above looks little different but do the same, for most control create Advertisments from the Advertisments node.

Advertisment properties
General - Specify Name of advertisment, and which package and which program in this package the advertisment should run and which collection (target) this advertisment got. You can only specify one collection but this collection can have sub collection and if you want the advertisment to target sub collections you need to check "Include members of subcollections"
Schedule - Here you specify WHEN the targets in the collection should run the program specified in the advertisment. See next section below for more details.
Here you can also enable WOL, ignore maintenance windows while the program run and allow system restart outside the maintenance windows. Also rerun behavior is set here if you want it to always rerun if failed etc Distribution Points - Here you got 2 different setting, one for clients who are on the LAN (fast connections) with the DP SCCM server and another setting for those on the WAN (in terms of distance to the DP SCCM server).
On Fast Connection/LAN you can chose

Run program from distribution point - this is normally a smart idea if it is a small script/plugin/program
Download content from distribution point and run locally - the client agent will download all files to the local cache and then run the program, that could be a good idea for large software such as Microsoft Office.

On slow connection/WAN you can chose

Do not run program - this could be a good choice if the program you want to run will demand so much bandwidth that it is not worth or possible to run it over the WAN
Download content from distribution point and run locally - This is often a good option if you got a lot of VPN connected clients who disconnect often, then they can download the content before and then if they get disconnected it can still install it locally from teh cache.
Run program from distribution point - Works good if the WAN connection is stable and reliable.

Interaction - Here you got 2 options

Allow users to run the program independently of assignments - default not checked but if checked end user can run the program from the list Eun Advertised Programs.
Use custom countdown notification length (minute:) - creates a countdown set in minutes.

Schedule distribution

You can decide when an advertisment start (date/time) and expire (date/time).
If you create a Mandatory Assignment you make the program mandatory for all clients in the collection and the clients in the collection will run the program as soon as they get the advertisment.

Track success and failure rates for distribution

When a program have been advertised and clients connected and ran the program you will want to know the success rate of the advertisment/distribution; did the clients connect? of those who connected how many installed/ran it successfully, easiest is to run a report on the AdvertismentID or just simply put yourself on the Software Distribution node and you get an overview of the status of the last 10 advertisments, click on the one you want a status on and it takes you directly to the report and you see how many contacted SCCM server, how many succeed and other status if failed.

Recommended is to go System Center Configuration Manager -> Site Database -> System Status -> Advertisment Status and there chose your advertisment and you get to know how many recieved it and of those failed/started the program and of those started who got erros/success.

Manage distribution points

As explained in the Manage Packages section each package got a Distribution Points node where you set which DP servers should get a copy of this package. You can later update the list of DP servers and remove or add them to get or remove the source files for the specific package.
If you do an update to the source files for an package those wont automatically get updated to all DP, you have to manully in the console right click on the Distribution Point and select Update Distribution Points.
You can also follow the status when/if all DP get the update and which source version they got but navigate under the Package name: Package Status -> Package Status

Deploying Operating Systems (13 percent)

Capture a reference computer image

If not using SCCM before you probably still done this manual, take a clean machine, install all applications, run sysprep and then take the image with Ghost/ImageX or alike. With SCCM you can automate this with a default task sequence Build and Capture.
Before creating the Task Sequence you need the following:

OS Install Package - The OS (XP/Vista/7) with as many updates already in it.
Import Drivers - import all drivers for each machine model you got in the organization.
Create Software distribution packages - such as sysprep (only needed for XP/2003), ConfigMgr client.

When the above has been done we can start to create our Build and Capture task sequence containing:

Task Sequence Name - Your choice!
Boot image - Boot image, a WinPE (WIM) image
Operating System Installation Package - The package created in the list above
Product Key - Not required in Vista/2008/7
Administrator Account Status - You can set it to disable (not recommended for workgroup)
Join a workgroup or a domain - For domain you need to supply username/password that got rights to add the machine to the domain.
Configuration Manager client package - The package created in the list above
Software updates installation - 3 choices, All, Mandatory only or none.
Software deployment packages - select packages you want to be installed (those needs to be created, such as Office 2010 etc)
Sysprep package - only need for Windows XP/2003
Image Properties - Version number and description.
Image Destination - UNC path where to store image, you need to provide username/password for an account with permission to the UNC path.

Manage task sequences

Powerful function and probably heavily tested on the exam.
You could with SDK create your own tasks but already you got built-in that can be useful for OS Deployment (and for other things as well). You can run the New Task Sequence Wizard to do one of these 2 default task sequence

Build and Capture - Basically creates your master machine, then sysprep and saves it to a WIM images centrally.
Deploy an image - Deploys a WIM image.

When the wizard has finished you can right click on the task sequence to edit it.
As it's name imply it is a sequence of tasks, you can specify what should happen if a specific task fails if it should cancel or continue etc.
Each task belongs to a category and there are 6 built-in:

General - Run command, Install Software, Install Software Updates, Join Domain or Workgroup, Connect to Network folder, Restart Computer and Set Task Sequence Variable
Disks - Format and Partition Disk (be careful since default it is set to do a full format and not quick, takes a lot of extra time), Convert Disk to Dynamic, Enable BitLocker (if enabled make sure you before have done 2 partitions in task Format and Partition Disk) and Disable BitLocker.
User State - Read section "Customize user state migration" below
Images - Apply Operating System Image, Apply Data Image, Setup Windows and ConfigMgr, Install Deployment Tolls, Prepare ConfigMgr Client for Capture, Prepare Windows for Capture and Capture Operating System Image.
Drivers - Auto Apply Driver (does a Plug'n'play check and then apply best driver) and Apply Driver Package (Install a driver package regardless of what hardware is on machine).
Settings - Capture Network Settings (capture network settings and domain membership), Capture Windows Settings (capture time zone, computer name etc), Apply Network Settings (sets network settings and join to domain) and Apply Windows Settings.

Task Sequences are advertised to collections (like software distribution) and just right click on a task sequence and chose Advertise and the New Advertisment Wizard starts and glue it to the collection you want.

Configure site systems roles related to deploying operating systems

Site roles needed, PXE Service Point, State Migration Point, Distribution Point and Management Point:

PXE Service Point
For PXE service point to work you must first have installed WDS (Windows Deployment Service). PXE Service Point takes over WDS (and you should not modify WDS outside SCCM) and is used to distribute OSD boot images to clients via PXE (client can press F12 and chose to boot from network).
You create/configure it here:
Site Database -> Site Management -> <Site Code><Site Name> -> Site Settings -> Site Systems
When you add a PXE Service Point you will be informed what ports you will need to have open for this server if you got Firewalls between this service and the clients, the ports are all UDP: 67, 68, 69 and 4011.
You got the following options to configure:
Allow this PXE service point to respond to incoming PXE requests - if you don't have this enabled PXE wont work, this could be good if you want to pre-stage an environment but not have it active, configure all and keep this disable until you want to use it.
Require a password for computer to boot to PXE - If enabled it requires the client to enter a password before to be accepted (to limit the chance of an machine being re-imaged by mistake)
Interfaces - if the server got multiple NICs you can chose which on to be listening for PXE requests.
Specify the PXE response delay - How long the PXE server wait to reply to a request, only useful if you have multiple PXE servers on same net.
Once this service is installed/enabled the server will get a share named SMSPXEIMAGES$ share.

State Migration Point
This one is optional but if you for example want to save end users profile data before re-image their machines this role is required. Basically this role provide a shared folder where task sequence Capture User State (Scanstate.exe) can save the machines profile data centrally (for later restore after re-image).
You create/configure it here:
Site Database -> Site Management -> <Site Code><Site Name> -> Site Settings -> Site Systems
Create or configure existing. Here you can specify:
Folders - the path (local) where to save scanned user state data, maximum clients to serve, and the minimum amount of free space on the drive hosting the folder/share to be considered healthy.
Deletion policy - Specify how long to save user state data (this can grow a lot but then again you don't want to delete data that never got time to be restored).
Restore-only mode - You can set the State Migration Point to not accept new data but still restoring existing data it got.

Distribution Points
Distribution Points (and Management Points) are needed for OS Deployment but of course used for a lot of other things.
Most likely no SCCM R2 features will be brought up on the exam but can be good to know that in SCCM R2 you can Multicast images if the Distribution Point is installed on a Windows Server 2008.

Deploy operating systems packages

This is step isn't all different from section above "Capture a reference computer image". You might before using SCCM already boot on floppy/USB/CD/DVD and then apply a Ghost/WIM image to a machine that read in sysprep.inf or alike all settings and add it to the domain, now with SCCM you can automate it with Task Sequence.
Before creating the Task Sequence you need the following:

Created OS image (WIM), either a small or fat image that has been syspreped.
Create Software distribution packages - USMT and ConfigMgr client packages.
Imported all drivers needed for the model.

When the above has been done we can start to create our Image Deployment task sequence containing:

Task Sequence Name - Your choice!
Boot image - Boot image, a WinPE (WIM) image
Operating System Image - the one mentioned above.
Product Key - Not required in Vista/2008/7
Administrator Account Status - You can set it to disable (not recommended for workgroup)
Join a workgroup or a domain - For domain you need to supply username/password that got rights to add the machine to the domain.
Software distribution client package - install ConfigMgr client here.
User State migration options - To capture user state data
Software updates installation - 3 choices, All, Mandatory only or none.
Software deployment packages - select packages you want to be installed (those needs to be created, such as Office 2010 etc) over those already in the image.

Customize user state migration

User State Migration isn't anything new created by SCCM, it uses the old good USMT (User State Migration Tool) and you will need to build the package that will be used.

Info: It is the Authors thought that only USMT 3.01 will be tested on the exam (doesn't support offline scan mode) but today you would only use USMT 3.01 if you need to run a loadstate on Windows XP, if you do it on Windows 7 you would need to use USMT 4.0 or later (which can do a scanstate on XP but not loadstate on XP and support offline scanning mode).

USMT is basically 2 files

Scanstate.exe - Scan computer for profile data specified in XML files (in verson 2 of USM inf files) and other switches such as only scan for domain accounts
Loadstate.exe - Restore back previously data captured by Scanstate.

SCCM do add an extra layer to USMT and you can in Task Sequences call for 4 tasks

Request State Store - Request for a State Migration Point (used to store the data centrally captured by Scanstate). If a computer association doesn't already exists it creates one as both target and source, if you want to do a side-by-side migration you need to manually create the computer association before. The computer associations specifies the path where the scanstate will store the file(s).
Capture User State - This task run Scanstate (with appropriate switches and XML files) and needs that you prepared a Software Distribution package of USMT (for this exam probably USMT 3.01) that will be installed on the client during this step.
Restore User State - This task run loadstate (with appropriate switches and XML files) and needs that you prepared a Software Distribution package of USMT (for this exam probably USMT 3.01) that will be installed on the client during this step.
Release State Store - This task has no options but report back if a Capture User State Task (read Scanstate) or Restore User State Task was successful. If a Capture User State Task reports successfully the State Migration Point holding the data will mark it as read-only.

Deliver applications

When deploying an image you can deploy a very light image and then add applications after. That means you don't have to update an image, just the applications. The opposite would be to use a fat image with already all the programs installed but then if one program get's upgraded you need to update the image or just apply the update as a separate package.

Securing a Network Infrastructure (13 percent)

Configure Network Access Protection (NAP)

Network Access Protection (will be shortned to NAP for rest of this KB) isn't a SCCM specific technology but included from Windows Server 2008 within Network Policy Server. SCCM can play a part in NAP, for example if a client isn't compliant with the NAP policy and placed in a restricted network the client can become compliant with updates from SCCM servers.
NAP works only for clients Windows XP SP3 and later and for server Windows Server 2008 and later since they inclue the NPS client.

Configuration in SCCM is to add the NAP role and specify the FQDN of the NAP server.

For the exam know that Active Directory Schema needs to be done in order for NAP to work.

Migrate from Inventory Tool for Microsoft Update (ITMU) to Windows Software Update Services (WSUS)

During setup of SCCM 2007 it will notice if earlier SMS 2003 sites exists and if Inventory Tool for Microsoft Update (will be written ITMU for rest of this KB) exists it will notice and launch the ITMU Setup Wizard (you can launch this wizard manually \SMSSETUP\SUMCANTOOLS\<processor architecture>\SMSITMU.MSI
After upgrading ITMU it will still only serve SMS 2003 clients which can be useful during a migration but when all servers are SCCM 2007 and clients ConfigMgr clients only WSUS is used.
So in short there is no direct upgrade from ITMU to WSUS but during a migration you can run both ITMU and WSUS side by side until all clients/servers are migrated and you will use only WSUS.

Deploy software updates

There are 2 ways to create a deployment

Create a predefined list of updates and righ-click on it and chose Deploy Software Updates (preferd since this be avaible for reporting)
Manually select the updates you want from the Update Repository and righ-click on it and chose Deploy Software Updates

Deploy Software Updates Wizard
You can use deployment templates with default values and then change with for example (some you recognize from a normal Advertisment)

Start time of deployment
Mandatory or not
Deadline time - updates can be installed before this date, but when this date arrives the udpates will be installed (unless it is not a maintenance windows and not set to ignore that). SCCM Agent will balloon notify end user that there are updates to be installed before it hits the deadline.
Wake On LAN or not.
To ignorate maintenance windows or not

Install ConfigMgr client through SUP
Maybe not the correct section but couldn't find a better place (possible client installations)
You can set SUP to install new ConfigMGr clients and update existing, it is more or less required you have updated Schema so the client can assign right site from Active Directory since no install properties can be added
Do the folliwng for SUP to install ConfigMgr in your AD domain:

Create a new GPO in Computer Configuration -> Administrative Templates -> Windows Components -> Windows Update -> Specify intranet Microsoft update service location set to enable
in same GPO: Set the intranet update service for detecting updates set to SUP server FQDN and port name (remember it can be 80 but recommended 8530) Example: http://JBKB-SCCM-04.JBKB.LOCAL:8530
Assign/link the GPO to OU where the machines you want to get ConfigMgr client installed on and other Software Updates from SUP/WSUS.
Go in ConfigMgr Console navigate: System Center Configuration Manager -> Site Database -> Site Management -> <site code> –> <site name> -> Site Settings -> Client Installation Methods.
Right-click Software Update Point Client Installation, and click Properties
Select Enable Software Update Point Client Installation checkbox
Press OK

Managing and Maintaining an SCCM Infrastructure (15 percent)

Manage system health

Even if there is a task to take backup of a seconday site you cannot restore it with Site Repair Wizard, for secondoray sites (doesn't hold any unique data anyway) it is recommneded to reinstall and then primary site will replicate the data needed.
For primary sites that get database corrupt or other problems can run the Site Repair Wizard and together with latest backup restore the server.
Site Repair Wizard - Is installed by default with SCCM server. It shut down associated sites, restore database/registry/files from backup, sync/reset transaction serial number, promptes administrator for certain changes since backup, restart site.

Links

http://www.microsoft.com/learning/en/us/exam.aspx?ID=70-401
http://www.microsoft.com/downloads/details.aspx?FamilyID=B9FB478A-EC98-47F2-B31E-57443A8AE88F&displaylang=en - System Center Configuration Manager 2007 Product Feature Quizzes
http://technet.microsoft.com/en-us/library/bb680393.aspx - About Site Repair Wizard
http://technet.microsoft.com/en-us/library/bb633194.aspx - How to Install Configuration Manager Clients Using Software Update Point Based Installation

Currently 3.18/5
1
2
3
4
5

440 Rating: 3.2/5 (50 votes cast)

Retrieved from "http://john.bryntze.net/jbkb/index.php?title=Certification-kb16_070-401_Microsoft_System_Center_Configuration_Manager_2007_Configuration_-_Exam_Notes"