Systems Management Server (SMS) is part of the Microsoft BackOffice family of products. This sophisticated systems management tool centralizes control of all network resources. The "face" or control center of Systems Management Server is the SMS Administrator console, which is a snap-in to the Microsoft Management Console (MMC). This lesson introduces the core functions of SMS—resource discovery, client computer inventory, software distribution, software metering, remote client support, and network analysis—and explains how to use the SMS Administrator console.
The MMC provides a consistent interface for running snap-ins. Snap-ins provide administrative functions for Windows NT/2000 Server and Microsoft BackOffice products. For example, the Internet Information Server (IIS) 4.0 snap-in runs in the MMC and is the management interface for web servers running IIS. Similarly, the SMS snap-in, better known as the SMS Administrator console, runs in the MMC and is the management interface for the majority of SMS functions.
To open the SMS Administrator console showing all menus (as shown in Figure 1-1), choose Always Open Files in Author Mode from the Control menu - User Options.
The MMC console is the parent window for all snap-ins. This allows multiple snap-ins all to run within the context of a single parent console. The MMC console contains a consistent pull-down menu and toolbar that do not change, regardless of what snap-in may be running. Figure 1-1 shows the MMC console exclusively running the SMS snap-in. The SMS Administrator console tree shown in the left pane of the SMS snap-in contains all the common functions found in SMS. The parent folders in the root of the tree contain subfolders. In the MMC, all folders in the tree are called nodes. Notice in Figure 1-1 that the Site Database node is expanded to show nodes below it.
Figure 1-1. The SMS snap-in for the MMC.
The MMC allows customized consoles to be created. These consoles can be distributed to anyone involved in management through the MMC. A custom console is saved with an *.MSC extension and can be made read-only for security. The default SMS Administrator console is named SMS.MSC, while the SMS Resource Explorer console is called EXPLORER.MSC.
The right pane in the figure is called the details pane. Nodes and objects within the nodes can be managed from the details pane. Management can be initiated either by accessing the properties of a node or object with the mouse button (usually the right mouse button), or by using the SMS Administrator console toolbar, which is also called the rebar (reference bar). The exercises in this kit are designed to make you proficient using the MMC snap-in for SMS.
SMS 2.0 provides many features beyond those listed here. Core functions in SMS provide the basic tools necessary to perform systems management. These functions are acted upon in various ways through the SMS Administrator console. For example, collected inventory data can be used to create hardware summary reports for planning the growth of your network.
The core functions in SMS are:
Before SMS features can be used, a process of resource discovery must be undertaken. Resource discovery finds computers, other network hardware, Windows NT global groups, and Windows NT domain users in the network. The SMS Administrator console provides the launching point for resource discovery and other SMS functions.
Throughout this book, the term client computer refers to any computer in which SMS client software has been installed. The word resource applies to global groups, domain user accounts, and network connected devices such as routers, hubs, and computers.
The SMS Administrator console is the tool you will use for most SMS 2.0 functions. Management begins by accessing nodes in the SMS console tree. All objects in the SMS Administrator console are contained under the Site Database node, which is represented by the number 1 in Figure 1-2. Each SMS server is configured through the Site Settings node, which is represented by the number 2 in Figure 1-2.
Figure 1-2. The SMS Administrator console.
The other nodes below the Site Database parent node are used to implement core functions other than SMS site server configuration.
The Collections node is used to group resources on the network. Core functions such as software distribution can be used to deliver programs to all resources in a group. SMS automatically adds discovered resources to collections below the Collections node. Additional collections can be created below this node.
The Packages node is used solely for creating and configuring groups of files that are distributed to computers on the network. These packages are then sent to computers on the network using the Advertisements node.
Advertisements target packages and programs to client computers on the network running the software distribution agents. Programs are installation instructions used by the advertisement to set up the package on the client computer. The advertisement is directed to computers on the network using collections that were configured in the Collections node.
The Product Compliance node contains a list of Microsoft software and its Year 2000 (Y2K) compliance level as defined by Microsoft. Other product compliance data can be entered manually or imported into the database. Using this database and software inventory information, the Y2K compliance level of software in your network is determined. Armed with this data, you can restrict access to software that is not Y2K-compliant using the SMS software metering feature. Alternatively, use the SMS software distribution feature to remove or update any non-compliant software.
The Queries node is used to run previously created queries and to build new queries using the Query Builder tool. A query runs an SQL query statement, in Windows Query Language (WQL), against the SMS database and returns values that meet the criteria of the query. For example, a query can return a listing of all computers running Windows NT with Service Pack 3 installed. Queries are a critical part of creating dynamic groupings of resources through the Collections node.
The System Status node contains queries specifically designed to provide constant monitoring of the SMS site. To facilitate troubleshooting, status information is categorized by site status, advertisement status, and package status. Site status is further broken down into SMS component and SMS server (site server) status. An administrator can also create new site status queries and view all queries of site status, regardless of category, through the Status Message Queries node, which is a node below the System Status node.
Many object classes and object instances viewed through the MMC contain a Security tab for setting user access rights to the class or instance. A class is the overall function provided. For example, the collections object can be secured so certain users are unable to create new collections. An instance is one example of the class, such as the All Pentium Computers collection. This instance can be configured so that only certain users have rights to view the data within it. Rights can be configured for each class and instance from the object itself, and the Security Rights node provides a central location from which to complete this task.
The Tools node contains miscellaneous tools for creating reports using the Reports node, for monitoring network activity with the Network Monitor node, for checking the operating status of SMS services through the SMS Service Manager node, and for configuring software metering with the Software Metering node.
The SMS Administrator console can be customized to provide a subset of the functions just described. The customized console is saved as a file with an MSC extension and distributed to anyone who will configure SMS or support users via the SMS Administrator console.
The following sections of Lesson 1 describe the SMS features in more detail. Each section shows the path to the feature's configuration using the SMS Administrator console.
Resources in the network are discovered by SMS in order to be managed through the SMS Administrator console. Computers that log on to the network represent only one of many resources in a network that can be discovered. Routers, hubs, file servers, IP hosts, Windows NT/2000 domain user accounts and Windows NT/2000 global groups are common network resources. SMS employs the following methods to discover resources in a network:
Any Windows NT/2000 or NetWare server providing services to SMS is called a site system.
Each of these discovery methods is configured through the Site Settings node in the SMS Administrator console. Figure 1-3 shows where in the SMS Administrator console discovery methods are configured.
Figure 1-3. Discovery methods displayed in the SMS Administrator console.
SMS is designed to find network-connected devices through the process of resource discovery. The function of resource discovery is to provide a picture of the network. With discovery data, you can categorize resources through collections, perform simple queries, build basic reports, and verify the operation of your site systems. However, it should be noted that systems management tasks such as hardware or software inventory, software distribution, and software metering is not possible until client agents are installed on discovered computer resources.
SMS 2.0 includes client agents for the following operating systems:
Computers can install client agents prior to being discovered. Therefore, discovery is not necessary for the installation of client agents. When a client agent is installed, previously undiscovered resources are discovered.
Before you install client agents on a computer resource, you must first assign site boundaries in the SMS Administrator console. Site boundaries define the networks that are managed within an SMS site. A site boundary can be a TCP/IP subnet or an IPX network. Once site boundaries are defined, resources within the boundary are managed by the site.
Boundaries are defined through the properties of a site. In a case like that shown in Figure 1-2, for example, you access the properties of the S01-Central Site node. Then, from the Boundaries tab that appears, you define site boundaries for the site. You will complete this sort of procedure in an exercise in Chapter 2.
After a computer resource is discovered or a manual logon discovery is initiated, SMS collects and maintains an inventory of the computer's hardware and software. Hardware inventory collection requires that the SMS Hardware Inventory Client Agent be installed on the computer. Software inventory requires that the Software Inventory Client Agent be installed on the computer. Once any client agent installation is complete (not just a hardware or software inventory agent), the computer resource is considered a client computer by SMS.
For 32-bit Windows clients, hardware inventory history is maintained on the client computer. An initial complete inventory is sent to the site server, and then only changes to the inventory are sent across the network. Occasionally, the entire client inventory may be synchronized. 16-bit Windows clients always send their complete inventory to the site server. The site server then determines any changes to the inventory and stores only changed information in the site database.
Software inventory scans the local hard disks of client computers looking for EXE files by default. You can configure the client agent to look for other files as well. The Software Inventory Client Agent reads header information of all scanned files and attempts to categorize them by manufacturer, type, and version number. So renaming executable files will not lead to misidentification. Files can also be collected and stored on the site server.
SMS 1.2 client computers send hardware and software inventory data to an SMS 2.0 site server via an SMS 1.2 site server. This provides indirect client computer management to computers running MS-DOS, OS/2, and Macintosh operating systems.
Figure 1-4 shows how to access hardware and software inventory for a client computer from the SMS Administrator console. Inventory data stored in the SMS database can be viewed from the SMS Resource Explorer or with any software written to interface with the Common Information Model Object Manager (CIMOM) repository. For example, Crystal Info is bundled with SMS 2.0 and can be used to create reports of inventory data that is extracted through CIMOM and the SMS Provider. The architecture of SMS is explored in Lesson 3.
The SMS Resource Explorer can be added as a snap-in node in the SMS Administrator console for easy access to hardware and software inventory.
Figure 1-4. Accessing the SMS Explorer from the SMS Administrator console.
Hardware and software inventory data is accessed by selecting computer nodes in the console tree of the SMS Resource Explorer (Figure 1-4). Hardware inventory data is viewed by selecting the Hardware node. Historical data, such as the amount of free disk space at the time of a hardware inventory, is viewed through the Hardware History node. Software inventory data, including when the last software scan was run, inventory of both manufacturer categorized and un-categorized software, and collected files are viewed through the Software node.
Hardware and software inventory management is challenging for most medium to large networks. Equally challenging is the task of installing and updating software on client computers. By combining the functions of a number of tools in SMS 2.0, it is possible to distribute software efficiently. The components used to support software distribution in SMS 2.0 are: Collections, Advertisements, Packages, Programs, the Software Distribution Client Agent, and, optionally, the SMS Installer.
Collections provide groups of resources for software installations, updates, and reconfigurations. A package provides a file or files to be distributed. A program, which is contained in a package, provides a command line or command lines that will run a package installation. An advertisement combines a collection, package, and program (Figure 1-5) in order to distribute software to client computers running the Software Distribution Client Agent. Advertisements are commonly used for scheduled virus scans and unattended software installations.
Figure 1-5. The Advertisement Properties dialog box showing how an advertisement ties together a package, program, and collection.
Software Distribution Client Agent contains the Advertised Programs Monitor and the Advertised Programs Wizard that run on the client computer to make advertised programs available for installation. The Advertised Programs Monitor watches for any software ready for installation and the Advertised Programs Wizard provides the user with a step-by-step interface to start an application installation.
On a Windows NT/2000 client computer, installation routines that do not interact with the user interface (called quiet installation routines), can be installed without a logon to the network. For all other operating systems supporting SMS-advertised programs, a user must first log on to the network before the Advertised Programs Monitor can determine which packages have been designated for the client computer.
To create custom installation routines for software before it is distributed, SMS includes a powerful tool called the SMS Installer. While most Microsoft products include automated, hands-free, or quiet installation routines, many other products do not. The SMS Installer allows you to automate the installation of any software that can be installed on a client computer.
To prepare an installation routine, the SMS Installer interrogates a reference computer before the software is installed. Then, as the software installation runs, the SMS Installer records all changes made by the software routine, from directory creation to registry modifications. When the installation is complete, the SMS Installer builds an automated installation routine that can be customized further through a sophisticated scripting language. Scripts can also be created from scratch.
Once a script is created, the SMS Installer compiles it and all the changes made to the reference computer into an executable installation routine. This installation program and accompanying package instructions can then be used to install software to client computers using SMS collections and advertisements.
Just as challenging as software distribution is the task of assuring that programs are used in compliance with software purchase agreements. SMS software metering is a powerful tool that ensures program use complies with these agreements. In fact, this feature can help companies save money by avoiding the purchase of too many software licenses.
SMS software metering provides the following functions to client computers running Windows 32-bit operating systems (Windows 95/98, Windows NT 3.51-Windows 2000). These features are not supported on Windows 16-bit client computers.
The Software Metering Client Agent and computers (site servers), which act as metering servers, are configured through the Site Settings node in the SMS Administrator console (Figure 1-1). A separate utility called the License Manager (Figure 1-6) is used to configure software for metering; create reports, including graphs of usage; get help on software metering; and perform real-time monitoring of application usage. This application can be accessed from the Tools node in the SMS Administrator console.
Figure 1-6. The SMS License Manager showing the licensing summary view.
The software metering function uses a separate database to store metering information. This database is distinct from the site database, which stores resource and client computer information, site settings, and other data maintained by SMS.
Providing immediate computer support to users often involves a tedious process: The user explains his or her computer problem and the computer expert attempts to interpret the problem. Once the problem has been interpreted properly, the user is given instructions to solve the problem. Instructions are easily misinterpreted or misunderstood, making this an inefficient process.
SMS addresses this inefficiency. It contains Remote Tools, a suite of programs that allows the computer expert to provide computer support with little to no user intervention. Remote Tools works with the Remote Control Client Agent to provide remote control, Windows diagnostics, and a network ping test.
A connection is established between the SMS Administrator console and the Remote Control Client Agent. A viewer is the user initiating a connection from the SMS Administrator console. A host is the client computer running the Remote Control Client Agent.
Remote Control enables you to view the client's video output, take control of the mouse and keyboard, transfer files, run programs, or reboot the client computer—all from a remote location. This feature is supported on all Windows 16-bit and Windows 32-bit client computers.
Windows diagnostic utilities allow you to monitor the activity of the client computer's currently running operating system. This information is continuously updated while the viewer is connected to the host. Windows diagnostics is available for Windows 16-bit and Windows 95/98 client computers. This feature is not supported for Windows NT client computers. Figure 1-7 shows a Windows diagnostics session on a Windows 98 computer.
Figure 1-7. Windows diagnostics show how memory is used on a Windows 98 computer.
Windows NT/2000 client computers provide diagnostic information through the Windows NT Diagnostics option in the SMS Administrator console. This is the only Remote Tools feature that is not dependent on the Remote Control Client Agent or the Remote Tools interface in the SMS Administrator console.
The ping utility, which is also available through the Remote Tools facility, allows viewers to test their connections with the host. This utility works on all client computers running the Remote Control Client Agent. Unlike the TCP/IP ping utility, this function works on all core protocols, TCP/IP, IPX/SPX, and NetBEUI.
The Remote Tools facility is accessed in the SMS Administrator console by selecting a computer in a collection and then choosing the Remote Tools option from the Action menu. See Figure 1-2 to locate the Collections node in the SMS Administrator console.
The Windows NT/2000 operating system includes a native status reporting system provided by the Event Logging (EventLog) service. EventLog records system, security, and application events viewable by the Event Viewer application. To extend the reach of the EventLog service, SMS translates Windows NT/2000 events into SNMP traps. SNMP traps can be forwarded to a Network Management System (NMS) for centralized event monitoring.
Event-to-trap translation is supported by the Windows NT Event to Trap Translator Client Agent, the SMS Administrator console Event to Trap interface, and the SNMP service. The Windows NT Event To Trap Translator Client Agent converts Windows NT events logged by the EventLog service into traps. The SMS Administrator console Event to Trap interface is used to configure events that will be converted into traps and the SNMP service is used to forward traps to an NMS.
SMS Network Monitor is an enhanced version of the Network Monitor tool provided with Windows NT. SMS Network Monitor allows the administrator to capture, view, and filter frames (packets) on local and remote networks. Remote network monitoring is supported through the Network Monitor Agent. Data captured through Network Monitor can be evaluated using Network Monitor Experts.
To allow proactive network analysis, the Network Monitor Control Tool permits you to monitor the network constantly for significant network events. The Network Monitor Control tool is an advanced monitoring program that detects important network events like router failure or an SYN attack.
Both the SMS Network Monitor and the Network Monitor Control Tool are accessed from the Tools node in the SMS Administrator console. See Figure 1-2 to locate the Tools node in the SMS Administrator console.
The Network Trace utility provides a map of SMS site systems. Using this information, you can determine the status of all computers involved in providing services to your SMS site. Network Trace is not dependent on the activity of Network Monitor or other network analysis tools. Instead, Network Trace uses information about discovered resources to map the site. A network trace is created by accessing the Site System node and initiated using a trace from a configured site system. See Figure 1-2 for the location of the Site System node. Figure 1-8 shows a trace of an SMS site that contains two site systems with a router connecting the two sites.
Figure 1-8. A network trace showing the site view of an SMS site.