This scenario demonstrates how data moves within a Microsoft System Center Configuration Manager 2007 site for software distribution.

The accounting department has just purchased a new line-of-business application and wants it installed on all accounting computers as soon as possible. Kim uses the software distribution feature of Configuration Manager 2007 to send the new software only to computers in the accounting department based on their membership in an Active Directory security group.

  1. Kim enables Active Directory Security Group Discovery. Every day, Configuration Manager 2007 queries Active Directory for all computers that are members of the Accounting security group.

  2. Kim creates a query in the Configuration Manager 2007 console to find all members of the Accounting security group.

  3. Kim creates a collection based on the query to find all members of the Accounting security group. If the Active Directory administrator adds a new computer to the Accounting security group, the next time Active Directory Security Group Discovery runs it will add the new computer to the Configuration Manager 2007 database. The next time the Accounting collection is evaluated, the query will find the new computer in the database and it will be added to the collection.

  4. Kim enables the Advertised Programs Client Agent, so that all clients in his site will be able to receive software distribution packages.

  5. Kim creates several distribution points in each site. If he configured only one per site, it might not be able to service all of the clients in that site.

  6. Kim creates a package for the accounting application. He configures the package to read the source files from the CD and create a local copy of the package, because disks in his office sometimes disappear without his permission.

  7. The application has a tool to create a customized Windows Installer file that will install the software with no user intervention and using all of the accounting department's preferred defaults. Kim creates one program to run the customized Windows Installer and he creates a second program to uninstall the accounting application, just in case. Both programs are configured to run whether or not a user is logged on, and both will run with administrative rights even if the logged on user is not currently an administrator, even if the client computer is running Windows Vista with User Access Control enabled.

  8. The default package access accounts allow all users to read the package. Because only accounting members should have access, Kim removes the Users package access account and adds an account for the accounting group.

  9. Kim copies the package to all distribution points in his site. He also copies the package to all distribution points in all child sites because there are some members of accounting in every site.

  10. As soon as Kim completes the distribution point wizard, the site server immediately begins copying the files to the distribution points in his site. Kim purposefully waited until the end of the day to run the distribution point wizard so the network would be less busy. The sender controls the bandwidth utilization to the child sites, so it doesn't matter when Kim runs the distribution point wizard. The sender from the parent site copies the package to the child site in small chunks and verifies each chunk before sending the next one. After the entire package is successfully received at the child site, the child site server copies the package to all distribution points in that site.

  11. After Kim has verified in the package status that the package has been distributed to all of his distribution points, he creates an advertisement. He configures the advertisement to use the accounting package and the program to run the customized Windows Installer file. He sets the advertisement to send the package and program to the accounting collection. He configures the advertisement to run next Wednesday at 4 pm in the client's time zone. He could have configured it to run at 4 pm UTC but some of the sites in other countries do not have local administrators and Kim doesn't want to get troubleshooting calls in the middle of the night if 4 pm in his site is midnight in a different site. Even though the application is rather large, Kim configures the advertisement to run even if the client computer is connected to a slow network boundary; this means that accounting users who work from home and connect using a VPN will still have to install the program. Kim makes a note to send out an e-mail to the home-based workers to let them know the large package is coming.

  12. As soon as Kim completes the advertisement wizard, Configuration Manager 2007 creates a policy and sends it to the management points for all the sites. For the management points at the child sites, the sender at the parent site copies the policy to the site server at the child site and the child site server sends it to the site management point.

  13. The clients in all the sites have been configured to poll for new policy every two hours because it provides a nice balance between getting software out quickly enough but not saturating the network with policy requests.

  14. The next time a client in the Accounting collection polls the management point, it is told that it has software advertised to it. It asks for the location of the content and is given a list of distribution points in the site. The client sorts the list and finds three distribution points on the same subnet, so it picks one at random. The client connects to the selected distribution point and downloads the content into a local cache and then runs the program from the cache to install the accounting software.

  15. After the software is installed, the client sends a status message indicating success.

  16. Kim creates a report to show which clients have successfully installed the accounting software.

See Also