Microsoft System Center Configuration Manager 2007 supports many Windows-based platforms as clients. You must install Configuration Manager 2007 client software on the clients that you want to manage.
 Note |
|---|
| Configuration Manager 2007 supports only Windows-based platforms. Support for non-Windows platforms like Macintosh and Unix platforms might be provided by other software vendors as add-on products to Configuration Manager. |
Types of Clients
You can install Configuration Manager 2007 client software on desktop and portable computers, which are typically thought of as "client computers". In addition, you can install Configuration Manager 2007 client software on server computers and manage them as clients of Configuration Manager 2007. Server computers often have specific operational requirements, for example, the times you can restart server computers might be more limited than desktop computers, Configuration Manager 2007 makes no functional distinction between server or client computers. Throughout the documentation, the term client computer can mean either a server in a server room or a computer on a user's desktop.
Client computers typically connect to the organization network directly, either by being attached to the network or by using virtual private network (VPN) or dial-up access. In Configuration Manager 2007, client computers can also be managed by Configuration Manager 2007 sites if they have a connection to the Internet but never connect directly to the organization’s network. For example, a home-based worker could be managed by Configuration Manager 2007 without ever dialing into the corporate network. These clients are called Internet-based clients, and they require additional infrastructure support. For more information, see Deploying Configuration Manager Sites to Support Internet-Based Clients.
Configuration Manager 2007 also supports installing the client components on mobile devices, such as devices running Windows Mobile or Windows CE. Mobile device clients support many but not all of the features supported by standard clients. For example, you can deploy software to a client cell phone, but you cannot use remote control to provide troubleshooting assistance to the cell phone user. For more information, see Mobile Device Management in Configuration Manager.
Microsoft supports running an embedded version of Windows on devices that are not traditional desktop, portable, or server computers. For example, Windows XP Embedded can be installed on automated teller machines or medical devices. Configuration Manager 2007 components can be installed by the manufacturer on these devices along with the embedded operating system. Devices support many but not all of the features supported by standard clients. For more information, see Tasks for Managing Configuration Manager Clients on Windows Embedded Devices.
Throughout the documentation, the term "client" is used to refer to all clients that run the Configuration Manager 2007 client components, while client computer is used to refer to servers, desktop computers, and portable computers.
Discovering Clients
Configuration Manager 2007 can discover resources on the network by using several different discovery methods. The following table describes the available discovery methods.
| Discovery Method | Description |
|---|---|
|
Active Directory System Discovery |
Retrieves details about the computer, such as computer name, Active Directory container name, IP address, and Active Directory site. |
|
Active Directory System Group Discovery |
Cannot discover a computer that has not already been discovered by another method. If a resource has been discovered and is assigned to the site, Active Directory System Group Discovery extends other discovery methods by retrieving details such as organizational unit, global groups, universal groups, and nested groups. |
|
Active Directory User Discovery |
Retrieves information about user accounts created in Active Directory. |
|
Active Directory Security Group Discovery |
Retrieves security groups created in Active Directory. |
|
Heartbeat Discovery |
Refresh Configuration Manager client computer discovery data in the site database. Unlike the other methods, this method works only on computers that already have the Configuration Manager 2007 installed. |
|
Network Discovery |
Searches the network for resources that meet a specific profile. Network discovery can discover resources that are
|
Each discovery method creates data discovery records (DDRs) for resources and sends them to the site database, even if the discovered resource cannot become a Configuration Manager 2007 client. For example, Network Discovery might discover routers and printers, which could be helpful for tracking purposes, but those devices will not actually be managed by Configuration Manager 2007. Mobile devices cannot be discovered until the mobile device client is installed. Computers running ActiveSync (for Windows XP clients) or Mobile Device Center (for Windows Vista clients) to synchronize with mobile devices can be discovered and the mobile device client can be installed on connected mobile devices.
| Note |
|---|
| All resources for which DDRs have been created appear in the Configuration Manager 2007 console under the following part of the tree: Configuration Manager / Site Database / Computer Management / Collections / All Systems. |
While you can discover resources but never install a single client, usually discovery is related to locating potential clients either before or as part of installing the client software that makes a computer manageable by Configuration Manager 2007. Active Directory User Discovery and Active Directory Security Group Discovery let you to distribute software packages to users and groups instead of computers.
Installing the Client Components
Configuration Manager 2007 provides several options for installing the client software. The following table lists the client computer installation methods.
| Client Computer Installation Method | Description |
|---|---|
|
Software update point installation |
Uses the Automatic Update configuration of a client to direct the client computer to a Windows Server Update Services (WSUS) computer configured as a Configuration Manager 2007 software update point. The client computer installs the Configuration Manager 2007 client software as if it was a software update. |
|
Client push installation |
Uses an account that has administrative credentials to access client computers and install the Configuration Manager 2007 client software. This method requires File and Print sharing and the related ports to be enabled on the client computer. |
|
Manual client installation |
A user who has administrative credentials can install the client software by running CCMSetup on the client computer. A variety of switches modify the installation options. |
|
Group Policy installation |
Uses Group Policy software installation to install CCMSetup.msi. |
|
Imaging |
The client software can be added to an operating system image. This includes images created and deployed with Configuration Manager 2007 operating system deployment. |
|
Software distribution |
Existing clients can be upgraded or redeployed using Configuration Manager 2007 software distribution. |
Mobile devices require different installation methods. You can configure a client computer that synchronizes with a mobile device to install the mobile device client the next time that you dock the device. You can also install the client software on mobile devices from a memory card.
Client Assignment
Clients must be assigned to a site before they can be managed by that site. Clients can be assigned to a site during installation or after installation. Assigning a client requires either specifying a site code to use, or configuring the client to automatically assign to a site based on boundaries. If the client is not assigned to any site during the client installation phase, the client installation phase completes the installation of the client, but the client cannot be managed by Configuration Manager 2007.
Clients cannot be assigned to secondary sites. They are always assigned to the parent primary site, but can reside in the boundaries of the secondary site, taking advantage of any proxy management points and distribution points at the secondary site. This is because clients communicate with management points, and management points must communicate with a site database. Secondary sites do not have their own site database; they use the site database at their parent primary site.
Authenticating Clients
Before Configuration Manager 2007 trusts a client, it requires authentication. In mixed mode, clients must be approved, either by manually approving each client or by automatically approving all clients or all clients in a trusted Windows domain. In native mode, clients must be issued client authentication certificates before installing the Configuration Manager 2007 client software.
Blocking Clients
If a client computer is no longer trusted, the Configuration Manager administrator can block the client in the Configuration Manager 2007 console. Blocking applies to both native mode and mixed mode sites. Blocked clients are ignored by the Configuration Manager 2007 infrastructure. This is especially useful for portable computers that are lost or stolen, to help prevent an attacker from using a trusted client to attack the site or the network.
Client Agents
Client agents are Configuration Manager 2007 components that run in addition to the base client components. If you install only the Configuration Manager client without enabling any client agents, Configuration Manager 2007 cannot manage the client. Every client agent that you enable lets you use a different feature of Configuration Manager 2007. You can configure the client agents to suit your environment. The following table describes the client agents in Configuration Manager 2007.
| Client Agent | Description |
|---|---|
|
Computer Client Agent Properties |
Configures how often client computers retrieve the policy that gives them their basic configuration settings. For example, after you configure the other client agent settings, Configuration Manager puts those settings into policy and sends them to the management point, and client computers poll for them on the schedule that you configure. This agent also controls settings that are common to several Configuration Manager features, for example, how often users are prompted with reminders about client operations and what customized organization names users see with the reminders. |
|
Device Client Agent Properties |
Configures all of the properties specific to mobile device clients. Mobile device clients have settings for software distribution, software inventory, hardware inventory, and file collection. This agent also controls the polling interval used by mobile device clients. |
|
Hardware Inventory Client Agent |
Enables and configures the agent that collects a wide variety of information about the client computer. Information about the computer hardware is most commonly collected, but you can inventory any information stored in the Windows Management Instrumentation (WMI) repository of the computer, such as registry keys. You can configure how often the client computer takes inventory. |
|
Software Inventory Client Agent |
Enables and configures which files Configuration Manager inventories and collects. Copies of collected files are stored in the Configuration Manager database. |
|
Advertised Programs Client Agent |
Enables and configures the software distribution feature. |
|
Desired Configuration Management Client Agent |
Enables the client agent that evaluates whether computers are in compliance with configuration baselines that are assigned to them. You can also configure the default compliance evaluation schedule for assigned configuration baselines. |
|
Remote Tools Client Agent |
Enables Configuration Manager remote control and configures Configuration Manager integration with Remote Assistance. |
|
Network Access Protection Client Agent |
Enables Configuration Manager Network Access Protection (NAP) and configures how client computers are evaluated for compliance by the Windows Network Policy Server. If client computers are not in compliance with the configured policies, for example, if they do not have specified software updates, NAP can prevent the client computers from access network resources until they complete remediation measures. Configuring this client agent without sufficient planning and deployment can prevent client computers from accessing the network. |
|
Software Metering Client Agent |
Enables the agent that monitors which software is run and how often and configures how often software metering data is collected. |
|
Software Updates Client Agent |
Enables the agent that scans for and installs software updates on client computers. This agent lets you configure how often clients are re-evaluated for software updates that were previously installed. Before you can use the software update feature, you must install Windows Server Update Services (WSUS) and configure a software update point. |
There is no client agent for operating system deployment.