ConfigMgr Console
Building a ConfigMgr Lab from Scratch: Step 5 – Configuration Settings (AD / GPO)
Topics: ConfigMgr Console
Building a ConfigMgr Lab from Scratch: Step 5
Configuration Settings (AD / GPO)
Along the way when you setup your lab, you’ll need to create accounts, groups, gpos, and other things to make life easier. While you want to keep it fairly clean and lean, if you plan to keep this lab around while, you’ll want a few of this setup.
AD Accounts – MS DOCS
- ConfigMgr Admin (Both Admin in ConfigMgr & on ConfigMgr Servers)
- CM_DJ (Domain Join Account, I followed these instructions to create it.
- CM_NA (Network Access Account, depending on your setup, you might not need this. I’m hoping to leverage Enhanced HTTP)
- CM_CP_Workstations & CM_CP_Servers (Client Push Accounts, added to the groups below to be local admins on respective devices)
- CM_SSRS (add to SQL_Admins, used for the Reporting Services Role)
AD Groups
- ConfigMgr_Servers (This will contain a list of all ConfigMgr Servers you build, for now just the MEMCM server, used for targeting GPO & Security Rights)
- SQL_Admins. (Used during the SQL Install to specify the admin rights to the SQL install)
- ConfigmgrAdmins (This group will be added to the Local Administrators group of all CM Servers)
- Workstation_LocalAdmins (This group will be added to the Local Administrator group on all Workstations)
- Server_LocalAdmins (This group will be added to the local Administrators group on all Servers
- CM_App_DeployUsers (This group is used as my default group I deploy Apps to. Any users who are added to this will then see these apps in their software center)
- I typically add all normal user accounts to this, skipping service accounts.
Group Policies
- Domain Machine Policy (Applies to all Machines in Domain)
- Currently used to enable ICMP (Ping) on all Machines
- Enable Remote Desktop & Open Corresponding Firewall Ports (See Below)
- ConfigMgr Servers
- Used to add ConfigMgrAdmins to Local Administrator Group
- Used to add the file to C & D Drives NO_SMS_ON_DRIVE.SMS
- All Servers
- Used to add Server_LocalAdmins to Local Administrator Group
- All Workstations
- Used to add Workation_LocalAdmins to Local Administrator Group
Enable Remote Desktop & Firewall Ports for RDC
Building a ConfigMgr Lab from Scratch Series
Series Introduction – Building a CM Lab from Scratch
- Setting up your Domain Controller
- Creating a Router for your Lab using Windows Server
- Certificate Authority – On Domain Controller [Optional]
- ConfigMgr Server Pre-Reqs (Windows Features)
- Configuration Settings (AD & GPOs) – You are Here
- Source Server (File Share)
- ConfigMgr SQL Install
- ConfigMgr Install
- ConfigMgr Basic Settings
- ConfigMgr Collections & App Deployment
- ConfigMgr OSD
- ConfigMgr Reporting Services
- Cloud Management Gateway (CMG) – Certs PreReq
- Cloud Management Gateway (CMG) – Azure Subscription
- Azure Services Connection
- Setting up CMG in the Console
- Cloud Management Gateway (CMG) – Post CMG Config
- Cloud Management Gateway – Client CMG Endpoints