Create your own Microsoft Endpoint Configuration Manager Lab with Technical Preview 1911
https://www.systanddeploy.com/2019/11/create-your-own-microsoft-endpoint.html
In this article, I will explain you how to create your own Microsoft EndPoint Configuration Manager lab in TP1911 version.
This can also be reused to install a Current Branch version such as 1902.
Note: The version of MECM used in this lab is the TP1911.
Microsoft Endpoint Manager is in the place
At the last Microsoft Ignite in Orlando, Microsoft made a "huge" announcement about SCCM.
A new solution called Microsoft Endpoint Manager is born.
You can find MS Vice President's announcement on this topic.
Below some video sessions, during the last Ignite, on this subject.
MEM what is it exactly?
The purpose of MEM is to group the following products in one solution:
- Configuration Manager (also named SCCM by most of us)
- Microsoft Intune
- Desktop Analytics
- Autopilot
SCCM is dead, long live to MECM?
No SCCM is not dead.
The product itself is not dead, only its name to give way to MECM.
You will now have to speak about Microsoft EndPoint Configuration Manager instead of System Center Configuration Manager.
Below is a cool picture shared on Twitter by Donna Ryan about the evolution from SMS to MECM.
MECM version
In my lab the version used is the Technical Preview 1911.
This is the latest version of TP since the Ignite announcement.
Technical Preview or Current Branch?
Technical Preview versions are for labs, do not install this in production.
Indeed the Technical Preview are versions provided by Microsoft in order to test new features that will soon be implemented in the official versions (Current Branch).
Build your CB lab
To build your lab with a Current Branch instead a Technical Preview version, the process will be the same as in this article.
The only difference will be that you have to install the CB version and not TP.
Software sources
Below are the links of the different executable used for my lab.
-MECM evaluation version TP 1911: click here
- ADK 1809: Click here
- Add-On WinPE ADK: click here
- SQL Server 2017: click here
- SQL Server Management Studio: click here
- SQL server 2017 Reporting Services: click here
- SQL Server 2017 latest cumulative update: click here
You will find here a list of prerequisites for the installation and configuration of MECM.
Automate with PowerShell
You can find a nice post series that explains how to create your lab with PowerShell on Windows-Noob.
Thanks to Niall who did an awesome job and posts.
What's next ?
previously I created a blog series for noob about how to create your own Intune/Autopilot lab for free with different parts:
- Part 1: Intune configuration
- Part 2: Autopilot in action
- Part 3: Manage your devices
- Part 4: Apply your company configuration
Then I will merge this post about MECM to my Intune blog series with below posts:
- Part 1: Build your MECM lab
- Part 2: Merge your Azure AD and your MECM AD with Azure AD Connect
- Part 3: Enable Co-Management between your MECM lab and your Intune lab
LAB Environment
My virtual machines are in Hyper-V.
My lab is composed of two virtual machines installed with Windows Server 2019.
Machine 1
- VM name: TP_MECM_AD
- Computer name: MECM-AD
- IP address: 192.168.9.1
- Mask: Default
- Gateway: 192.168.9.99
- DNS: 192.168.9.1
- RAM: 512 Mo
Machine 2
- VM name: TP_MECM_CM
- Computer name: MECM-CM
- IP address: 192.168.9.2
- Mask: Default
- Gateway: 192.168.9.99
- DNS: 192.168.9.1
- RAM: 4 GB
VM Configuration
VM install
Installing the OS
In this part we will install Windows Server 2019 on our two VMs.
The 2019 server ISO was loaded in the previous step.
Do this on both VMs.
1. Boot the machine on the ISO
2. Click on Next
3. Click Install Now
4. Click on I do not have a product key
5. Choose Windows Server 2019 Standard (Desktop Experience)
6. Select the check box and click Next
7. Click on Custom
8. Click Next
9. Installation starts
10. Type a password and click on Finish
11. Log on
Changing the computer name
Do this on both VMs.
1. Open the explorer
2. Right click on This PC then Properties
3. Click on Change settings
4. Click on Change
5. In Computer name, types names of the two VMs (see above)
6. Click on OK
7. Click on OK
Network settings
Do this on both VMs.
1. Open the Control Panel
2. Click on Network and Internet
3. Click on Network and Sharing Center
4. Click on Change adapter settings
5. Right click on the first connection then click on Properties
6. Double-click on IPV4
7. Type IP infos (see above)
8. Click on OK
Add Active Directory, DHCP, DNS
Do this on MECM-AD
1. Open the Server Manager
2. Click on Add roles and features
3. Click on Next
4. Let by default and click on Next
5. Let by default and click on Next
6. Check Active Directory Domain Services
7. Click on Add Features
8. Click on DHCP Server
9. Click on Add Features
10. Click on DNS Server
11. Click on Add Features
12. Click on Next
13. Click on Next
14. Click on Next
15. Click on Next
16. Click on Install
17. Click on Close
Roles - Post config
1. Click on the warning
2. Click on Promote this server to a domain controller
3. Click on Add a new forest then Next
4. Type your password and then Next
5. Click on Next
6. Click on Next
7. Click on Next
8. Click on Next
9. Click on Install
10. Click on Close to close the session
11. Click on the warning
12. Click on Complete DHCP configuration
13. Click on Next
14. Click on Commit
15. Click on Close
Active Directory Configuration
Do this on MECM-AD
User admin creation
1. Open Active Directory Users and Computers
2. Right click on Users
3. Click on New then User
4. Type your informations
5. Type your password and click on Next
6. Click on Finish
7. Add the user to the Administrators group
GPO Creation
1. Open Group Policy Management
2. Navigate to Group Policy Objects
3. Right click then New
4. Type the name: Allow Inbound File and Printer Sharing Exception and click OK
5. Right click on the new GPO then Edit
6. Navigate to Domain Profile
7. Double-click on Windows Defender Firewall: Allow inbound file and printer sharing exception
8. Click on Enabled
9. Click on Delegation then Advanced
10. Click on Authenticated Users then uncheck Apply Group policy
11. Click on Add
12. Click on Object Types
13. Select Computers
14. Type the name of the computer that will be the MECM server and OK
15. Click on the machine and check Apply group policy
16. Click on OK
17. Right click on your domain then Link an Existing GPO
18. Select the GPO and OK
Container creation
More information here.
1. Open ADSI Edit
2. Right click on ADSI edit then Connect to
3. Click on OK
4. Navigate to CN = System
5. Right click then New then Object
6. Select Container and then Next
7. Type System Management and then Next
8. Click on Finish
Delegate control to CM server on the container
1. Open Active Directory Users and Computers
2. Click on View then Advanced Features
3. Navigate to System Management and then Delegate Control
4. Click on Next
5. Click on Add
6. Select Computers
7. Choose the CM server
8. Click on Next
9. Choose Create a custom task to delegate and then Next
10. Select as below then Next
11. Click on Finish
Sources copy
Do this on MECM-CM
Copy the sources below on the SCCM server into C: \ for example.
MECM Server Configuration
This step is to be performed on the MECM-CM machine.
Adding IIS and Features
1. Open the Server Manager
2. Click on Add roles and features
3. Check Web Server (IIS)
4. Click on Add Features
5. Click on Next
6. Check the Features below
7. Click on Next
8. Click on Install
ADK and Add-On PE Installation
Do this on MECM-CM
ADK 1903 installation
1. Run adksetup.exe
2. Select the first choice and then Next
3. Check No then Next
4. Click on Accept
5. Check as below and Install
6. Installation starts (it can take time)
7. Click on Close
Add-On PE Installation
1. Run adkwinpesetup.exe
2. Select the first choice and then Next
3. Click on Accept
4. Check as below and then Install
5. Click on Close
Add WDS role
Do this on MECM-CM
1. Open the Server Manager
2. Click on Add roles and features
3. Check Windows Deployment Services
4. Click on Add Features
5. Click on Next
6. Click on Next
7. Check as below then Next
9. Click on Install
10. Click on Close
SQL Server installation and components
Do this on MECM-CM
SQL Server preparation
1. Open PowerShell in admin
2. Enter the following command:
netsh advfirewall firewall add rule name = SQLPort dir = in protocol = tcp action = allow localport = 1433 remoteip = localsubnet profile = DOMAIN
3. Open the properties of the VM and load the ISO of SQL Server 2017
SQL Server 2017 installation
1. Double-click on the drive containing the ISO
2. Go to Installation
3. Click on New SQL Server stand-alone installation or add features to an existing installation
4. Select Specify a free edition and then Next
5. Check on Accept and Next
6. Click on Next
7. Check Database Engine Services and then Next
8. Check Default instance and then Next
9. Configure and then click on Collation
10. Check that it is as below:
11. Click on Add Current User then Next
12. Click on Install
13. Click on Close
SQL Server Management Studio Installation
1. Run SSMS-Setup-ENU.exe
2. Click on Install
3. Installation starts
4. Click on Close
SQL Cumulative Update Installation
1. Run SQLServer2017-KB4515579-x64.exe
2. Check Accept and click Next
3. Configure as below then Next
4. Click on Next
5. Click on Update
6. Click on Close
SQL Server 2017 Reporting Services Installation
1. Execute SQLServerReportingServices.exe
2. Click on Install Reporting Services
3. Check Choose a free edition then Next
4. Check Accept then Next
5. Click on Next
6. Click on Install
7. Installation starts
8. Click on Close
WSUS Addition
Do this on MECM-CM
1. Open the Server Manager
2. Click on Add roles and features
3. Check Windows Server Update Services
4. Click on Add Features
5. Click on Next
6. Click on Next
7. Check as below then Next
8. Click on Next
9. Type the name of the CM server and test the connection
10. Click on Install
11. Click on Close
12. Click on the warning
13. Click on Launch Post-Installation tasks
Extend AD schema
Do this on MECM-AD
More information here.
1. Open \\MECM-CM\c$
2. Navigate to the folder containing the sources of MECM TP1911
3. Go to SMSSETUP\BIN\X64
4. Run as admin: extadsch
5. Check the log in c: \
Microsoft Endpoint Configuration Manager TP Installation
Do this on MECM-CM
MECM Pre-requisite extraction
1. Open PowerShell
2. Navigate to the folder containing the sources of MECM TP1911
3. Create a folder C:\PreReq
4. Type .\SetupDL.exe C:\PreReq
5. Extraction of prerequisites begins
MECM installation
1. Open the source folder MECM TP1911
2. Run splash.hta
3. Click on Install
4. click on Next
5. Check Install a Configuration Manager primary site
6. Check Use typical installation options for a stand-alone primary site
7. Click on Next
8. Check Accept then Next
9. Check Use previously downloaded files and navigate to the C:\PreReq folder
10. Select your information and then Next
12. Click on Next
13. Click on Next
14. Click on Next
15. Verify that nothing is failed then click on Begin Install
16. Installation starts (it takes time)
17. Click on Close
Open MECM console
1. Open the start menu
2. Click on the MECM console
3. MECM opens then
4. Note the new name :-)
MECM Post Configuration
Do this on MECM-CM
Enabling discovery methods
1. Click on Administration
2. Click on Discovery Methods
3. We will enable the discovery methods below
Active Directory Forest Discovery
1. Click on the discovery method, here Active Directory Forest Discovery
2. Click on Properties
3. Check Enable Active Directory Forest Discovery
4. Check Automatically Create IP address then OK
5. Click on Yes
Active Directory Group Discovery
1. Right click on Active Directory Group Discovery
2. Click on Properties
3. Check on Enable Active Directory Group Discovery
4. Click on Add and then Location
5. Enter a name and click Browse and navigate to your domain
6. Click on OK
7. Click on Yes
Active Directory System Discovery
1. Right click on Active Directory System Discovery
2. Click on Properties
3. Check Enable Active Directory System Discovery
4. Click on the little yellow star
5. Click on Browse and navigate to your domain and OK
6. Click on OK
7. Click on OK
8. Click on Yes
Active Directory User Discovery
1. Right click on Active Directory User Discovery
2. Click on Properties
3. Check Enable Active Directory User Discovery
4. Click on the little yellow star
5. Click on Browse and navigate to your Users and OK
6. Click on OK
7. Click on OK
8. Click on Yes
Enable Client Installation
1. Go to Administration
2. Go to Site Configuration > Sites
3. Click on your site
4. Click on Client Installation Settings and then Client Push Installation
5. check Enable automatic client push installation
6. Go to Accounts
7. Click on the little yellow star and then New account
8. Choose your account, enter the password and OK
9. Click on OK
10. Click on OK
11. Go to Administration, Site Configuration, Sites
12. Click on Configure Site Components then Software Distribution
13. Go to the Network Access Account Tab
14. Select Specify the account that accesses network locations
15. Click on the yellow star
16. Add an account
17. Click Hierarchy Settings
18. Go to the Client Upgrade tab
19. Check Upgrade all clients in the hierarchy using production client
20. Click on Yes
Enregistrer un commentaire