Building a CM Lab - ConfigMgr Settings Setup [9]

Post 9, we have CM installed, now we need get some basic settings configured to make it work

Things we need to do now that we have a server

Hierarchy Settings

Hierarchy Settings Properties
I didn't change much, but I did check Use a fallback site, Consent to pre-release features, and Enable admin service. Probably won't need the fallback set in this small lab, but doesn't hurt. The other two are for future testing / dev in the lab
Hierarchy Settings Properties
On the Client Upgrade tab, I've checked the box to upgrade all clients automatically (ACU)

In the Site Settings:

Recast Software Dev Site Properties
I've checked the box for using CM generated certs. (Enhanced HTTP)

Discovery Settings

Discovery Method Administration
I'm picking these 4 methods and pointing them to my "DEV" OU
Add Active Directory Location
For Groups, this will pull in any custom groups I've created in the DEV OU
Active Directory Container
Systems in the DEV OU (Servers & Workstations)
Active Directory Container
Users in the DEV OU

Distribution Point Settings (And DP Groups)

In Administration, Site Configuration, Servers and Site System Roles, get the properties of the DP Role

Distribution Point Properties
I've enabled BranchCache LEDBAT, because they are great. :-) I've also enabled Connected Cache (Previously DOINC)
Distribution Point Properties
I've enabled "Allow clients to connect anonymously". If you don't have an Network Access account you'll need this.  I personally also don't have any private / sensitive business data that ever goes to a DP, so I'm not worried about it.

With a DP, you'll want to add it to a DP Group. Makes life easier in the future if you add DPs, Replace DPs, or just generally during deployments.

Create New Distribution Point Group
I've created a DP Group called "Lab DPs"
add Distribution Points
Added my DP Server (currently my only CM Server) to the DP Group

Boundaries and Boundary Groups

By default you'll have the Default Site Boundary Group.  Machines in this Group will be assigned your Site Code (DEV).  By Default there is also no servers servicing this group, so I've added our server. At this point for OSD, I did not need to make any additional boundaries or groups, however, when I went to install apps, I had troubles until I created a boundary and group.

Default Site Boundary Group
Default Site Boundary Group Properties
I've left this default to blank
Default Site Boundary Group Properties
I've added the CM Server
Default Site Boundary Group Properties
I left these the default to. For now this is fine, and rarely in a lab would you need to change this.
OSD Bondaries
By Default there are no Boundaries, which worked fine for OSD for me, but not so well on my Apps.

Create Boundary Groups
Created a Subnet Boundary Group based on my lab's IP Subnet
Create Boundary Groups
I then created a Boundary Group and selected my new Boundary. On the next screen I add our CM Server
create Boundary Groups
As you can see the Group I've created has 1 Member & 1 Site System.
Administration Boundary groups
I check the box for "Use this boundary group for site assignment" and also confirm my CM Server is there

Client Settings

This is very basic and just enough to get you going and add a little pretty to the experience.

Client Cache Settings
I'm having CM Configure BC & Enabling it. However for more control and tuning I'd recommend using the 2Pint Software FREE downloads which will do this for you.
Computer Agent Default Settings
I've setup a few of these things including the "Branding" of our Company, also I set PowerShell to Bypass
Software Center Default settings
In Software Center, I've continued to add additional branding

That's actually it for now, I'll come back later and setup Remote Control among other things.  But just to get this lab going, I don't care as much about those for now.

Accounts

Software distribution Component Properties
I've setup an Network Account.  This account only has rights to the Source Share. It is also blocked from interactive logon on any machines (set in ADUC) Personally, I'd NOT create this account until you run into a situation where you need it.  
I was trying to apply a WIM Directly from the DP (Without downloading during OSD), and that seemed to not work until I did this. However since that isn't the normal way for OSD, I'd suggest you see how far you can go without adding this.

Blog Post List

Series Introduction - Building a CM Lab from Scratch

  1. Domain Controller - Setting up your Domain Controller
  2. Gateway Virtual Machine - Creating a Router for your Lab using Windows Server
  3. Certificate Authority - On Domain Controller [Optional]
  4. ConfigMgr Server Pre-Reqs (Windows Features)
  5. Configuration Settings (AD & GPOs)
  6. Source Server (File Share)
  7. ConfigMgr SQL Install
  8. ConfigMgr Install
  9. ConfigMgr Basic Settings
  10. ConfigMgr Collections & App Deployment
  11. ConfigMgr OSD
  12. ConfigMgr Reporting Services