Configuring Client Computers

  • Article

Published : September 1, 2004

Information in the following sections applies to an SMS site that does not have SMS 2003 SP1 applied because the relevant Microsoft updates are incorporated in SMS 2003 SP1. Use the procedures in these sections to update clients in your site with required updates and to configure Windows Firewall to support a remote SMS Administrator console.

On This Page

Applying Microsoft Updates for SMS 2003 Clients
Configuring Windows Firewall to Support the SMS Administrator Console

Applying Microsoft Updates for SMS 2003 Clients

Use the following procedures if your SMS 2003 Advanced Clients that are upgraded to Windows XP SP2 are members of an SMS 2003 site that does not have SMS 2003 SP1 applied. These updates are applied to your Advanced Clients and are distributed by SMS software distribution. You must contact Microsoft Product Support to obtain the two required Windows updates. You can find phone numbers, support options, and other information from the Contact Microsoft Support Web page that will help you obtain the required updates.

To obtain the Microsoft updates for SMS 2003

note.gif  Note
Complete this procedure from the primary site server only.

  1. Contact Microsoft Support to obtain the SMS 2003 Updates for Windows XP SP2 Advanced Client Support 832862 and 832860, which are files SMS2003-RTM-KB832862-x86-ENU.exe and SMS2003-RTM-KB832860-x86-ENU.exe, respectively.

  2. Copy SMS2003-RTM-KB832862-x86-ENU.exe and SMS2003-RTM-KB832860-x86-ENU.exe to c:\xpsp2.

To install Microsoft update KB832862

  1. If the SMS Administrator console is running, close it.

  2. Run C:\xpsp2\SMS2003-RTM-KB832862-x86-ENU.exe, which opens the Microsoft Update KB832862 for SMS 2003 Installation Welcome dialog box, and then click Next.

  3. Read the amended end-user license agreement  (EULA) and then click Next to open the Microsoft Update KB832862 for SMS 2003 Installation dialog box and usage notes.

  4. Read the usage notes, and then click Next to open the Microsoft Update KB832862 for SMS 2003 Installation Ready to Install dialog box.

  5. Click Next to open the Microsoft Update KB832862 for SMS 2003 Installation dialog box.

  6. When prompted to create an SMS package and program to assist with the deployment of the update to the Advanced Client, click Yes, I want to create a package and program now, and then click Next.

  7. In the Microsoft Update KB832862 for SMS 2003 Installation Create a package and program dialog box, click Next to accept the default names of the package and program to create.

  8. In the Microsoft Update KB832862 for SMS 2003 Installation Specify Package Source Location dialog box, click Next to accept the default location for the Advanced Client update files..

    The default location is in the SMS\Client\I386\Hotfix\KB832862 folder.

  9. In the Microsoft Update KB832862 for SMS 2003 Installation dialog box, read the procedures describing how to deploy the updates to Advanced Clients and then click Next.

    The procedures displayed include a sample query that can be used to target the appropriate clients with the update.

  10. In the Microsoft Update KB832860 for SMS 2003 Installation Completed dialog box, click Finish.

In the following procedure, you install the second update on the site server that is required to support client computers running Windows XP SP2 that are members of an SMS 2003 site that does not have SMS 2003 SP1 applied.

To install Microsoft update 832860

  1. Run C:\Xpsp2\SMS2003-RTM-KB832860-x86-ENU.exe.

  2. In the Microsoft Update KB832860 for SMS 2003 Installation Welcome dialog box, click Next.

  3. In the Microsoft Update KB832860 for SMS 2003 Installation dialog box, read the amended EULA and then click Next.

  4. In the Microsoft Update KB832860 for SMS 2003 Installation dialog box, read the usage notes, and then click Next.

  5. In the Microsoft Update KB832860 for SMS 2003 Installation Ready to Install dialog box, click Next to install the update on the primary site server.

    When the update is complete, the Site Reset dialog box appears indicating the update requires a reset of the site.

  6. Click Yes.

    note.gif  Note
    A command prompt window appears briefly while SMS services are stopped. When complete, the Microsoft Update KB832860 for SMS 2003 Installation Completed dialog box appears indicating the update is complete.

  7. Click Finish.

    note.gif  Note
    Although the update installation completes at this point, the SMS site reset process is not complete. Complete the following steps to identify when the site reset process successfully completes.

  8. Open C:\SMS\Logs\Sitecomp.log

    Notepad displays the contents of the SMS Site Component Manager log file. Site Component Manager is the service in SMS that verifies SMS components are installed successfully.

  9. Search for the text string Processing site shutdown transaction

    The first occurrence of the site being shut down is listed. This occurred when the update installation signaled SMS to perform the site reset. Below this you should see individual services being stopped and status messages being generated to indicate that the service stops.

  10. Search for the text string Site shutdown complete

    The first occurrence of the site shut down completing is listed. This occurred when the update installation signaled SMS to perform the site reset. Below this you will see individual services being reinstalled.

    note.gif  Note
    It might take several minutes for all services to reinstall.

  11. Verify that the following entry is present in the log file:

    Waiting for changes to the C:\SMS\Inboxes\Sitectrl.box

or C:\SMS\Inboxes\Sitecomp.box directories

This indicates that Site Component Manager has completed its tasks for the site reset.

  1. Close the Sitecomp.log file and then open C:\SMS\Logs\Hman.log.

    Notepad displays the contents of the SMS Hierarchy Manager log file. Hierarchy Manager verifies that SMS site information is published in Active Directory, when you extended the Active Directory schema.

  2. Scroll to the bottom of the log file, and verify that the last line states:

    3. 



Wait for site control changes for maximum 3600 seconds


Above this line, notice entries related to publishing SMS site data to Active Directory. This indicates that Hierarchy Manager has completed its tasks for the site reset.



    

  1. Close the Hman.log file and then open C:\SMS\Logs\Inboxmgr.log.
    

    Notepad displays the contents of the SMS Inbox Manager log file. Inbox Manger ensures the SMS inboxes are created on the site server and on the CAP.
    

    2. 

  2. Scroll to the bottom of the log file, and verify that the last line states:
    

    Waiting for changes inbox definition, inbox rules and 

    3. 



inbox replication files, max wait = 3600 seconds


Above this line, notice information indicating that files were copied to the CAP, as well as inboxes updated. This indicates that Inbox Manager has completed its tasks for the site reset.



    

  1. Close the Inboxmgr.log file.
    2. 



In the following procedure, you distribute the required update to client computers running Windows XP SP2 that are members of an SMS 2003 site that does not have a service pack applied.


To distribute the update to Advanced Client computers


    

  1. Click Start, and then click SMS Administrator Console.
    

    2. 

  2. In the console tree, expand Site Database, expand Packages, and then expand KB832862 – Advanced Client Hotfix – sitecode , which is the package that was automatically created by the update installation.
    

    3. 

  3. In the console tree, click Programs.
    

    In the details pane, click KB832862 – Advanced Client Patch Install and then on the Action menu, click Properties to open the KB832862 – Advanced Client Patch Install Program Properties dialog box.
    

    note.gif  Note
    
The command line includes msiexec /p sms2003ac-kb832862-x86.msp. This is the patch for the Advanced Client that reinstalls and then starts the SMS Agent Host service.
    

    4. 

  4. Click the Advanced tab to open the KB832862 – Advanced Client Patch Install Program Properties dialog box.
    

    5. 

  5. Click Suppress program notifications, and then click OK.
    

    6. 

  6. In the console tree, click Distribution Points.
    

    7. 

  7. On the Action menu, point to New, and then click Distribution Points.
    

    8. 

  8. In the New Distribution Points Wizard dialog box, click Next.
    

    9. 

  9. In the New Distribution Points Wizard Copy Package dialog box, under Distribution points, select your distribution point, and then click Finish.
    

    10. 

  10. In the console tree, click Distribution Points and verify that the local distribution point is now assigned to the package.
    

    11. 

  11. In the console tree, click Advertisements and note that there are no advertisements for this package.
    

    12. 

  12. On the Action menu, point to New, and then click Advertisement.
    

    13. 

  13. In the Advertisement Properties dialog box, in the Name field, type Update for KB832862
    

    14. 

  14. In the Package box, click KB832862 – Advanced Client Hotfix – sitecode.
    

    15. 

  15. In the Program box, click KB832862 – Advanced Client Patch Install, and then click Browse.
    

    16. 

  16. Select the target collection.
    

    17. 

  17. Under Collections, click Clients Ready for Windows XP SP2, and then click OK.
    

    18. 

  18. Click the Schedule tab, and then click New.
    

    19. 

  19. Click OK to create an assignment for the current time, and then click OK to close the dialog box.
    

    20. 



In the following procedure, you ensure the client checks for new advertisements. When the advertisement runs, it initiates update installation.


To update the client computer running Windows XP SP2


note.gif  Note

Complete this procedure from the Advanced Client computer running Windows XP only.


    

  1. In Control Panel, double-click Systems Management.
    

    2. 

  2. Click the Actions tab.
    

    3. 

  3. Click Machine Policy Retrieval & Evaluation Cycle, and then click Initiate Action.
    

    4. 

  4. Click OK, and then click OK to close Systems Management Properties.
    

    note.gif  Note
    
It takes a couple of minutes for the Advanced Client policy to be downloaded and evaluated. When the process is complete, the update to the Advanced Client is applied automatically. This is a silent installation. If you want to monitor the progress, you can use Task Manager to monitor an increase in CPU utilization for the Msiexec.exe process. Update installation takes several minutes, while Ccmexec.exe is reinstalled. After you see Ccmexec.exe disappear from Task Manger and then return and after Msiexec.exe processing stops, installation is complete. When installation is complete, it is recommended that you configure Windows Firewall to support SMS 2003.
    

    5. 



Configuring Windows Firewall to Support the SMS Administrator Console


In the first procedure of this section, you configure Windows Firewall on the SMS client computer so that the SMS Administrator console can establish Remote Assistance sessions or use remote tools with the client. This procedure is only required if you plan to establish Remote Assistance sessions or remote tools launched from the SMS Administrator console. This procedure serves as an example using non-domain settings. Consider using Group Policy to create consistent configurations for Windows Firewall on all Windows XP SP2 clients. For additional information about Windows Firewall configured by group policy for SMS clients see the Scenarios and Procedures for Microsoft Systems Management Server 2003:  Security * *document.


In the second procedure you configure Component Object Model (COM) security settings on a client computer to enable use of a remote SMS Administrator console.


note.gif  Notes

By default, Windows Firewall allows both Remote Assistance and Remote Desktop sessions. However, this does not allow Remote Assistance sessions to be established when launched from the SMS 2003 Administrator console.

SMS Remote Control also has ports that must be opened when accessed through Windows Firewall, however Remote Control is not recommended for SMS 2003 clients running Windows XP. Instead, you should use Remote Assistance for SMS 2003 clients.


tip.gif  Tip

Although the following procedure describes how to manually configure Windows Firewall, you can also use a script to obtain the same results.


To configure Windows Firewall for the SMS Administrator console


note.gif  Note

Complete this procedure from the client computer running Windows XP SP2 only.


    

  1. Log on with administrative credentials.
    

    2. 

  2. In Control Panel, double-click Windows Firewall.
    

    3. 

  3. Click the Exceptions tab.
    

    4. 

  4. Click Add Program to open the Add a Program dialog box, displaying a default list of programs to allow.
    

    5. 

  5. Click Browse.
    

    6. 

  6. This step applies to SMS 2003, only. In the Browse dialog box, click C:\Windows\PCHealth\Helpctr\Binaries\Helpsvc.exe, and then click Open.
    

    7. 

  7. This step applies to SMS 2003, only. Click OK.
    

    8. 

  8. Click Add Port.
    

    9. 

  9. In the Name box, type RPC and then in the Port box, type 135
    

    10. 

  10. Verify that TCP is selected, and then click OK.
    

    note.gif  Note
    
To allow the use of SMS diagnostic tools, such as Windows Event Viewer, Windows Diagnostics, and Windows Performance Monitor remotely from the SMS Administrator console, you must enable File and Print Sharing through Windows Firewall.
    

    11. 

  11. Under Programs and Services, click File and Printer Sharing.
    

    note.gif  Note
    
If you want to use the SMS Administrator console on the Windows XP SP2 client, you must allow both RPC traffic (port 135) and C:\Windows\System32\Wbem\unsecapp.exe.
    

    12. 

  12. If necessary, add C:\Windows\System32\Wbem\unsecapp.exe to the exceptions list.
    

    13. 

  13. If you choose to use SMS remote tools at your site, click Add Ports and then define port exceptions for the following ports that are necessary for each remote tool .
    

      

    • TCP port 2701 for general contact, reboot, and ping
      

      • 

    • TCP port 2702 for Remote Control
      

      • 

    • TCP port 2703 for Chat
      

      • 

    • TCP port 2704 for File Transfer
      

      • 

    

    14. 

  14. Click OK to close Windows Firewall.
    

    15. 



In the following procedure, you configure COM security on a computer with a client that runs Windows XP SP2 to allow the use of an SMS Administrator console. This procedure is required only when you run a remote SMS Administrator console on the computer running Windows XP SP2.


To configure COM security rights for the SMS Administrator console


    

  1. In Control Panel, double-click Administrative Tools.
    

    2. 

  2. Under Name, double-click Component Services.
    

    3. 

  3. Click Component Services, and then expand Computers.
    

    4. 

  4. Right-click My Computer, and then click Properties.
    

    5. 

  5. Click the COM Security tab.
    

    6. 

  6. Under Access Permissions, click Edit Limits to open the Access Permission dialog box.
    

    note.gif  Note
    
By default, anonymous logon does not have remote access permission.
    

    7. 

  7. Under Permissions for ANONYMOUS LOGON, click Allow for Remote Access, and then click OK to close the Access Permission dialog box.
    

    8. 

  8. Click OK.
    

    9. 

  9. Close Component Services and then close Administrative Tools.
    

    10. 

  10. You must restart the computer for the changes to take effect.
    

    11. 



You have now successfully used SMS to upgrade your client computer running Windows XP to Windows XP SP2, applied required updates to the SMS site and the Advanced Client, and configured Windows Firewall to support SMS functions.