ConfigMgr Console

Building a ConfigMgr Lab from Scratch: Step 9 – ConfigMgr Settings Setup

Topics: ConfigMgr Console

Building a ConfigMgr Lab from Scratch: Step 9

ConfigMgr Settings Setup

We now have CM installed, and we need to get some basic settings configured to make it work.

Things we need to do now that we have a server

Hierarchy Settings

Hierarchy Settings Properties
I didn’t change much, but I did check to Use a fallback site, Consent to pre-release features, and Enable admin service. Probably won’t need the fallback set in this small lab, but doesn’t hurt. The other two are for future testing/dev in the lab
Hierarchy Settings Properties
On the Client Upgrade tab, I’ve checked the box to upgrade all clients automatically (ACU)

In the Site Settings:

Recast Software Dev Site Properties
I’ve checked the box for using CM-generated certs. (Enhanced HTTP)

Discovery Settings

Discovery Method Administration
I’m picking these 4 methods and pointing them to my “DEV” OU
Add Active Directory Location
For Groups, this will pull in any custom groups I’ve created in the DEV OU
Active Directory Container
Systems in the DEV OU (Servers & Workstations)
Active Directory Container
Users in the DEV OU

Distribution Point Settings (And DP Groups)

In Administration, Site Configuration, Servers, and Site System Roles, get the properties of the DP Role

Distribution Point Properties
I’ve enabled BranchCache LEDBAT because they are great. 🙂 I’ve also enabled Connected Cache (Previously DOINC)
Distribution Point Properties
I’ve enabled “Allow clients to connect anonymously”. If you don’t have a Network Access account you’ll need this.  I personally also don’t have any private/sensitive business data that ever goes to a DP, so I’m not worried about it.

With a DP, you’ll want to add it to a DP Group. Makes life easier in the future if you add DPs, Replace DPs, or just generally during deployments.

Create New Distribution Point Group
I’ve created a DP Group called “Lab DPs”
add Distribution Points
Added my DP Server (currently my only CM Server) to the DP Group

Boundaries and Boundary Groups

By default, you’ll have the Default Site Boundary Group.  Machines in this Group will be assigned your Site Code (DEV).  By default, there are also no servers servicing this group, so I’ve added our server. At this point for OSD, I did not need to make any additional boundaries or groups, however, when I went to install apps, I had trouble until I created a boundary and group.

Default Site Boundary Group
Default Site Boundary Group Properties
I’ve left this default blank
Default Site Boundary Group Properties
I’ve added the CM Server
Default Site Boundary Group Properties
I left these the default. For now, this is fine, and rarely in a lab would you need to change this.
OSD Bondaries
By default there are no Boundaries, which worked fine for OSD for me, but not so well on my Apps.

Create Boundary Groups
Created a Subnet Boundary Group based on my lab’s IP Subnet
Create Boundary Groups
I then created a Boundary Group and selected my new Boundary. On the next screen, I add our CM Server
create Boundary Groups
As you can see the Group I’ve created has 1 Member & 1 Site System.
Administration Boundary groups
I check the box for “Use this boundary group for site assignment” and also confirm my CM Server is there

Client Settings

This is very basic and just enough to get you going and add a little pretty to the experience.

Client Cache Settings
I’m having CM Configure BC & Enabling it. However, for more control and tuning I’d recommend using the 2Pint Software FREE downloads which will do this for you.
Computer Agent Default Settings
I’ve set up a few of these things including the “Branding” of our Company, and also set PowerShell to Bypass
Software Center Default settings
In Software Center, I’ve continued to add additional branding

That’s actually it, for now, I’ll come back later and set up Remote Control among other things.  But just to get this lab going, I don’t care as much about those for now.


Software distribution Component Properties
I’ve set up a Network Account.  This account only has rights to the Source Share. It is also blocked from interactive logon on any machines (set in ADUC) Personally, I’d NOT create this account until you run into a situation where you need it.
I was trying to apply a WIM Directly from the DP (Without downloading during OSD), and that seemed to not work until I did this. However, since that isn’t the normal way for OSD, I’d suggest you see how far you can go without adding this.

Building a ConfigMgr Lab from Scratch Series

Series Introduction – Building a CM Lab from Scratch

  1. Setting up your Domain Controller
  2. Creating a Router for your Lab using Windows Server 
  3. Certificate Authority – On Domain Controller [Optional]
  4. ConfigMgr Server Pre-Reqs (Windows Features)
  5. Configuration Settings (AD & GPOs)
  6. Source Server (File Share)
  7. ConfigMgr SQL Install
  8. ConfigMgr Install
  9. ConfigMgr Basic Settings – You are Here
  10. ConfigMgr Collections & App Deployment
  11. ConfigMgr OSD
  12. ConfigMgr Reporting Services
  13. Cloud Management Gateway (CMG) – Certs PreReq
  14. Cloud Management Gateway (CMG) – Azure Subscription
  15. Azure Services Connection
  16. Setting up CMG in the Console
  17. Cloud Management Gateway (CMG) – Post CMG Config
  18. Cloud Management Gateway – Client CMG Endpoints
Back to Top