Loading...

Create your own Microsoft Endpoint Configuration Manager Lab with Technical Preview 1911

Reply A+ A-

In this article, I will explain you how to create your own Microsoft EndPoint Configuration Manager lab in TP1911 version.
This can also be reused to install a Current Branch version such as 1902.

Note: The version of MECM used in this lab is the TP1911.

Microsoft Endpoint Manager is in the place
At the last Microsoft Ignite in Orlando, Microsoft made a "huge" announcement about SCCM.
A new solution called Microsoft Endpoint Manager is born.
You can find MS Vice President's announcement on this topic.
Below some video sessions, during the last Ignite, on this subject.

MEM what is it exactly?
The purpose of MEM is to group the following products in one solution:
- Configuration Manager (also named SCCM by most of us)
- Microsoft Intune
- Desktop Analytics
- Autopilot

SCCM is dead, long live to MECM?
No SCCM is not dead.
The product itself is not dead, only its name to give way to MECM.
You will now have to speak about Microsoft EndPoint Configuration Manager instead of System Center Configuration Manager.
Below is a cool picture shared on Twitter by Donna Ryan about the evolution from SMS to MECM.


MECM version 
In my lab the version used is the Technical Preview 1911.
This is the latest version of TP since the Ignite announcement.

Technical Preview or Current Branch?
Technical Preview versions are for labs, do not install this in production.
Indeed the Technical Preview are versions provided by Microsoft in order to test new features that will soon be implemented in the official versions (Current Branch).

Build your CB lab
To build your lab with a Current Branch instead a Technical Preview version, the process will be the same as in this article.
The only difference will be that you have to install the CB version and not TP.

Software sources
Below are the links of the different executable used for my lab.
-MECM evaluation version TP 1911: click here 
- ADK 1809: Click here 
- Add-On WinPE ADK: click here 
- SQL Server 2017: click here
- SQL Server Management Studio: click here 
- SQL server 2017 Reporting Services: click here 
- SQL Server 2017 latest cumulative update: click here 

You will find here a list of prerequisites for the installation and configuration of MECM.

Automate with PowerShell
You can find a nice post series that explains how to create your lab with PowerShell on Windows-Noob
Thanks to Niall who did an awesome job and posts.

What's next ?
previously I created a blog series for noob about how to create your own Intune/Autopilot lab for free with different parts:
- Part 1: Intune configuration
- Part 2: Autopilot in action
- Part 3: Manage your devices
- Part 4: Apply your company configuration

Then I will merge this post about MECM to my Intune blog series with below posts:
- Part 1: Build your MECM lab
- Part 2: Merge your Azure AD and your MECM AD with Azure AD Connect
- Part 3: Enable Co-Management between your MECM lab and your Intune lab

LAB Environment
My virtual machines are in Hyper-V.
My lab is composed of two virtual machines installed with Windows Server 2019.

Machine 1
- VM name: TP_MECM_AD
- Computer name: MECM-AD
- IP address: 192.168.9.1
- Mask: Default
- Gateway: 192.168.9.99
- DNS: 192.168.9.1
- RAM: 512 Mo

Machine 2
- VM name: TP_MECM_CM
- Computer name: MECM-CM
- IP address: 192.168.9.2
- Mask: Default
- Gateway: 192.168.9.99
- DNS: 192.168.9.1
- RAM: 4 GB

VM Configuration








VM install
Installing the OS
In this part we will install Windows Server 2019 on our two VMs.
The 2019 server ISO was loaded in the previous step.
Do this on both VMs.
1. Boot the machine on the ISO
2. Click on Next

3. Click Install Now

4. Click on I do not have a product key

5. Choose Windows Server 2019 Standard (Desktop Experience)

6. Select the check box and click Next

7. Click on Custom

8. Click Next

9. Installation starts

10. Type a password and click on Finish

11. Log on


Changing the computer name
Do this on both VMs.
1. Open the explorer
2. Right click on This PC then Properties

3. Click on Change settings

4. Click on Change

5. In Computer name, types names of the two VMs (see above)
6. Click on OK
7. Click on OK

Network settings
Do this on both VMs.
1. Open the Control Panel
2. Click on Network and Internet

3. Click on Network and Sharing Center

4. Click on Change adapter settings

5. Right click on the first connection then click on Properties

6. Double-click on IPV4

7. Type IP infos (see above)
8. Click on OK

Add Active Directory, DHCP, DNS
Do this on MECM-AD
1. Open the Server Manager
2. Click on Add roles and features

3. Click on Next

4. Let by default and click on Next

5. Let by default and click on Next

6. Check Active Directory Domain Services

7. Click on Add Features
8. Click on DHCP Server

9. Click on Add Features
10. Click on DNS Server

11. Click on Add Features
12. Click on Next

13. Click on Next

14. Click on Next

15. Click on Next

16. Click on Install

17. Click on Close


Roles - Post config
1. Click on the warning

2. Click on Promote this server to a domain controller

3. Click on Add a new forest then Next

4. Type your password and then Next

5. Click on Next

6. Click on Next

7. Click on Next

8. Click on Next

9. Click on Install

10. Click on Close to close the session

11. Click on the warning

12. Click on Complete DHCP configuration

13. Click on Next

14. Click on Commit

15. Click on Close


Active Directory Configuration
Do this on MECM-AD

User admin creation
1. Open Active Directory Users and Computers
2. Right click on Users
3. Click on New then User

4. Type your informations

5. Type your password and click on Next

6. Click on Finish

7. Add the user to the Administrators group

GPO Creation
1. Open Group Policy Management
2. Navigate to Group Policy Objects

3. Right click then New

4. Type the name: Allow Inbound File and Printer Sharing Exception and click OK

5. Right click on the new GPO then Edit

6. Navigate to Domain Profile

7. Double-click on Windows Defender Firewall: Allow inbound file and printer sharing exception
8. Click on Enabled

9. Click on Delegation then Advanced

10. Click on Authenticated Users then uncheck Apply Group policy

11. Click on Add

12. Click on Object Types

13. Select Computers

14. Type the name of the computer that will be the MECM server and OK
15. Click on the machine and check Apply group policy

16. Click on OK
17. Right click on your domain then Link an Existing GPO

18. Select the GPO and OK


Container creation
More information here
1. Open ADSI Edit
2. Right click on ADSI edit then Connect to

3. Click on OK

4. Navigate to CN = System

5. Right click then New then Object

6. Select Container and then Next

7. Type System Management and then Next

8. Click on Finish


Delegate control to CM server on the container
1. Open Active Directory Users and Computers
2. Click on View then Advanced Features

3. Navigate to System Management and then Delegate Control

4. Click on Next

5. Click on Add

6. Select Computers

7. Choose the CM server

8. Click on Next

9. Choose Create a custom task to delegate and then Next

10. Select as below then Next

11. Click on Finish


Sources copy
Do this on MECM-CM
Copy the sources below on the SCCM server into C: \ for example.

MECM Server Configuration
This step is to be performed on the MECM-CM machine.

Adding IIS and Features
1. Open the Server Manager
2. Click on Add roles and features
3. Check Web Server (IIS)

4. Click on Add Features
5. Click on Next

6. Check the Features below

7. Click on Next
8. Click on Install


ADK and Add-On PE Installation
Do this on MECM-CM

ADK 1903 installation
1. Run adksetup.exe
2. Select the first choice and then Next

3. Check No then Next

4. Click on Accept

5. Check as below and Install

6. Installation starts (it can take time)

7. Click on Close

Add-On PE Installation
1. Run adkwinpesetup.exe
2. Select the first choice and then Next

3. Click on Accept

4. Check as below and then Install

5. Click on Close

Add WDS role
Do this on MECM-CM
1. Open the Server Manager
2. Click on Add roles and features
3. Check Windows Deployment Services

4. Click on Add Features
5. Click on Next

6. Click on Next

7. Check as below then Next

9. Click on Install

10. Click on Close

SQL Server installation and components
Do this on MECM-CM

SQL Server preparation
1. Open PowerShell in admin
2. Enter the following command:
netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN
3. Open the properties of the VM and load the ISO of SQL Server 2017

SQL Server 2017 installation
1. Double-click on the drive containing the ISO

2. Go to Installation

3. Click on New SQL Server stand-alone installation or add features to an existing installation

4. Select Specify a free edition and then Next

5. Check on Accept and Next

6. Click on Next

7. Check Database Engine Services and then Next

8. Check Default instance and then Next

9. Configure and then click on Collation

10. Check that it is as below:

11. Click on Add Current User then Next

12. Click on Install

13. Click on Close


SQL Server Management Studio Installation
1. Run SSMS-Setup-ENU.exe
2. Click on Install

3. Installation starts

4. Click on Close


SQL Cumulative Update Installation
1. Run SQLServer2017-KB4515579-x64.exe
2. Check Accept and click Next

3. Configure as below then Next

4. Click on Next

5. Click on Update

6. Click on Close


SQL Server 2017 Reporting Services Installation
1. Execute SQLServerReportingServices.exe
2. Click on Install Reporting Services

3. Check Choose a free edition then Next

4. Check Accept then Next

5. Click on Next

6. Click on Install

7. Installation starts

8. Click on Close


WSUS Addition
Do this on MECM-CM
1. Open the Server Manager
2. Click on Add roles and features
3. Check Windows Server Update Services

4. Click on Add Features
5. Click on Next

6. Click on Next

7. Check as below then Next

8. Click on Next

9. Type the name of the CM server and test the connection

10. Click on Install

11. Click on Close
12. Click on the warning
13. Click on Launch Post-Installation tasks


Extend AD schema
Do this on MECM-AD
More information here
1. Open \\MECM-CM\c$
2. Navigate to the folder containing the sources of MECM TP1911
3. Go to SMSSETUP\BIN\X64
4. Run as admin: extadsch

5. Check the log in c: \


Microsoft Endpoint Configuration Manager TP Installation
Do this on MECM-CM

MECM Pre-requisite extraction
1. Open PowerShell
2. Navigate to the folder containing the sources of MECM TP1911
3. Create a folder C:\PreReq
4. Type .\SetupDL.exe C:\PreReq
5. Extraction of prerequisites begins

MECM installation
1. Open the source folder MECM TP1911
2. Run splash.hta

3. Click on Install

4. click on Next

5. Check Install a Configuration Manager primary site

6. Check Use typical installation options for a stand-alone primary site
7. Click on Next
8. Check Accept then Next

9. Check Use previously downloaded files and navigate to the C:\PreReq folder

10. Select your information and then Next

12. Click on Next

13. Click on Next

14. Click on Next

15. Verify that nothing is failed then click on Begin Install

16. Installation starts (it takes time)

17. Click on Close


Open MECM console
1. Open the start menu
2. Click on the MECM console

3. MECM opens then

4. Note the new name :-)

MECM Post Configuration
Do this on MECM-CM

Enabling discovery methods
1. Click on Administration

2. Click on Discovery Methods

3. We will enable the discovery methods below


Active Directory Forest Discovery
1. Click on the discovery method, here Active Directory Forest Discovery
2. Click on Properties

3. Check Enable Active Directory Forest Discovery

4. Check Automatically Create IP address then OK
5. Click on Yes


Active Directory Group Discovery
1. Right click on Active Directory Group Discovery
2. Click on Properties
3. Check on Enable Active Directory Group Discovery

4. Click on Add and then Location

5. Enter a name and click Browse and navigate to your domain

6. Click on OK
7. Click on Yes

Active Directory System Discovery
1. Right click on Active Directory System Discovery
2. Click on Properties
3. Check Enable Active Directory System Discovery

4. Click on the little yellow star

5. Click on Browse and navigate to your domain and OK


6. Click on OK

7. Click on OK

8. Click on Yes

Active Directory User Discovery
1. Right click on Active Directory User Discovery
2. Click on Properties
3. Check Enable Active Directory User Discovery

4. Click on the little yellow star
5. Click on Browse and navigate to your Users and OK


6. Click on OK

7. Click on OK

8. Click on Yes

Enable Client Installation
1. Go to Administration
2. Go to Site Configuration > Sites

3. Click on your site

4. Click on Client Installation Settings and then Client Push Installation

5. check Enable automatic client push installation

6. Go to Accounts

7. Click on the little yellow star and then New account

8. Choose your account, enter the password and OK

9. Click on OK

10. Click on OK
11. Go to Administration, Site Configuration, Sites

12. Click on Configure Site Components then Software Distribution

13. Go to the Network Access Account Tab

14. Select Specify the account that accesses network locations

15. Click on the yellow star
16. Add an account

17. Click Hierarchy Settings

18. Go to the Client Upgrade tab

19. Check Upgrade all clients in the hierarchy using production client
20. Click on Yes

Technical Preview 1911; SCCM Lab 8261992422720962405

Enregistrer un commentaire

Accueil item

Award

Sponsors

Learn KQL in one month

You want to support me ?

Mes articles en français

Books in French


Stats