> For the complete documentation index, see [llms.txt](https://www.osdsune.com/home/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.osdsune.com/home/archive/microsoft-configuration-manager/configmgr-lab/part-4/prerequisites.md). # Prerequisites {% hint style="info" %} #### WHAT IS PREREQUISITES? Prerequisites is something that must exist or happen before something else can exist or happen. So for example. The Active Directory Schema need to be extended before Microsoft Endpoint Configuration Manager can be installed on the server. {% endhint %} ## INSTALLING PREREQUISITES Log into to the CM server, and we will start installation and configuration of the required prerequisites for Microsoft Endpoint Configuration Manager. ### Disk Management I've chosen to spread the load on multiple drives and as I mentioned in the beginning of Part 4, I have already prepared the Virtual Hard Disks. So the first thing we want to do here is make them online, assign drive letters and formatting them in NTFS file system. {% hint style="info" %} I would recommend formatting the SQL drives in NTFS file system and allocation unit size (block size) must be 64K (Default is 4K) {% endhint %} | **Drive** | **Content** | **Size** | | --------- | --------------- | -------- | | C:\\ | Windows | 127GB | | E:\\ | ConfigMgr | 200GB | | F:\\ | SQL Database | 75GB | | G:\\ | SQL Logs | 50GB | | H:\\ | SQL TempDB | 50GB | | I:\\ | Content Sources | 200GB | | J:\\ | Content Library | 200GB | #### **NO\_SMS\_ON\_DRIVE.SMS** Place a file named "**NO\_SMS\_ON\_DRIVE.SMS**" in the root of each drive that shouldn’t be used by CM. **Step 1.** Type "**Disk**" in the search line next to the start button, and click "**Create and format hard disk partitions**" ![Configuration Manager - Prerequisite](/files/-M3yuYyHdJ2edmzT0uhE) **Step 2.** All the disks is in a Offline state. So right-click on "**Disk 1**" and select "**Online**" ![Configuration Manager - Prerequisite](/files/-M3yuqiR3p_rVE0L_XAR) ![Configuration Manager - Prerequisite](/files/-M3ywAQpnRl5Z_eNw09L) **Step 3.** Right-click on "**Disk 1**" and select "**Initialize Disk**" ![Configuration Manager - Prerequisite](/files/-M3ywFFlmnh1sw0MKs5h) **Step 4.** Leave everything default and click "**OK**" ![Configuration Manager - Prerequisite](/files/-M3ywIyG2lG8SPQqQDiL) **Step 5.** Right-click the striped area and select "**New Simple Volume**" ![Configuration Manager - Prerequisite](/files/-M3ywNR9SuPO9mQCTMeD) **Step 6.** Click "**Next**" ![Configuration Manager - Prerequisite](/files/-M3ywcGwDOiOAFaJtKnf) **Step 7.** Leave everything default and click "**Next**" ![Configuration Manager - Prerequisite](/files/-M3ywgVHL4Va-EsZsGVD) **Step 8.** Assign the drive letter and click "**Next**" ![Configuration Manager - Prerequisite](/files/-M3ywmivXh6lFlsefKNS) **Step 9.** Set file system to "**NTFS**", leave allocation unit size as "**Default**", give the volume label a descriptive name and click "**Next**" {% hint style="info" %} I would recommend formatting the SQL drives in NTFS file system and allocation unit size (block size) must be 64K (Default is 4K) {% endhint %} ![Configuration Manager - Prerequisite](/files/-M3ywrUHulMLxignIrGu) **Step 10.** Verify the settings and click "**Finish**" ![Configuration Manager - Prerequisite](/files/-M3ywxsxIXGMAItSic4w) **Step 11.** Repeat step 2 to 10 for all the remaining Virtual Hard Disks and you should end up with something similar to the images below. ![Configuration Manager - Prerequisite](/files/-M3yx1No3XDJ-uJIUIoz) ![Configuration Manager - Prerequisite](/files/-M3yx6xP6CeslHAnl0lK) **Step 12.** Go to the "**SQL Database**" drive, create a folder called "**Database**" and add the "**NO\_SMS\_ON\_DRIVE.SMS**" file to the root of this drive. ![Configuration Manager - Prerequisite](/files/-M3yxG-gRWhaMmyYFeli) **Step 13.** Go to the "**SQL Logs**" drive, create a folder called "**Logs**" and add the "**NO\_SMS\_ON\_DRIVE.SMS**" file to the root of this drive. ![Configuration Manager - Prerequisite](/files/-M3yxNM4zXC-lAKDzfTc) **Step 14.** Go to the "**SQL TempDB**" drive, create a folder called "**Database**" and add the "**NO\_SMS\_ON\_DRIVE.SMS**" file to the root of this drive. ![Configuration Manager - Prerequisite](/files/-M3yxXEq5oaUvQmx3kF0) **Step 15.** Add the "**NO\_SMS\_ON\_DRIVE.SMS**" file to the root of all remaining drives except the "**Content Library**" drive. ### Firewall Configuration Make sure that Windows Firewall is turned on. We need to add some inbound rules and I've gathered a list of the CM rules that I add with an GPO, I would also recommend you to open for Echo Request (ping) and Remote Desktop. | **Name** | **Action** | **Protocol** | **Port** | | --------------------------------------------------- | ---------- | ------------ | ----------- | | **ConfigMgr - Analysis Services** | Allow | TCP | 2382, 2383 | | **ConfigMgr - Boot Information Negotiation Layer** | Allow | UDP | 4011 | | **ConfigMgr - Client notification** | Allow | TCP | 10123 | | **ConfigMgr - Dynamic Host Configuration Protocol** | Allow | UDP | 67, 68 | | **ConfigMgr - Hypertext Transfer Protocol** | Allow | TCP | 80, 8530 | | **ConfigMgr - Multicast Protocol** | Allow | UDP | 63000-64000 | | **ConfigMgr - RPC Endpoint Mapper (TCP)** | Allow | TCP | 135 | | **ConfigMgr - RPC Endpoint Mapper (UDP)** | Allow | UDP | 135 | | **ConfigMgr - Secure Hypertext Transfer Protocol** | Allow | TCP | 443, 8531 | | **ConfigMgr - Server Message Block (SMB)** | Allow | TCP | 445 | | **ConfigMgr - SQL** | Allow | TCP | 1433, 1434 | | **ConfigMgr - SQL Broker** | Allow | TCP | 4022 | | **ConfigMgr - Trivial File Transfer Protocol** | Allow | UDP | 69 | | **ConfigMgr - Wake-on-Lan (WOL)** | Allow | UDP | 9 | | **ConfigMgr - Wake-up proxy** | Allow | UDP | 25536 | | **ConfigMgr - Windows Update Delta Content** | Allow | TCP | 8005 | ![Configuration Manager - Prerequisite](/files/-M49SavIRxO_iGKi-LoN) ### Server Roles & Features We need to add a few Server Roles and Features to the CM server. Before adding the "**.NET Framework 3.5**" feature, we need to mount the "**Windows Server 2019**" media because we need a file from it. Open Windows PowerShell in Administrator elevated mode and follow the steps below. **Step 1.** To add the "**.NET Framework 3.5**" feature, run the below command. The source is the "**Windows Server 2019**" media, and the drive letter may therefore be different from the example below. ``` Install-WindowsFeature NET-Framework-Features -source D:\sources\sxs ``` ![Configuration Manager - Prerequisite](/files/-M49VzT5SERtilcQd8gv) **Step 2.** To add the remaining Server Roles and Features, run the below command. ``` Install-WindowsFeature Web-Static-Content,Web-Default-Doc,Web-Dir-Browsing,Web-Http-Errors,Web-Http-Redirect,Web-Net-Ext,Web-ISAPI-Ext,Web-Http-Logging,Web-Log-Libraries,Web-Request-Monitor,Web-Http-Tracing,Web-Windows-Auth,Web-Filtering,Web-Stat-Compression,Web-Mgmt-Tools,Web-Mgmt-Compat,Web-Metabase,Web-WMI,BITS,RDC ``` ![Configuration Manager - Prerequisite](/files/-M49WFLxar93u7BRnmnY) **Step 3.** Ensure that the exit code says "**Success**" before moving on. ![Configuration Manager - Prerequisite](/files/-M49WKNYV2TVnSu_xd4C) ### Windows 10 ADK & WinPE {% hint style="info" %} Windows 10 ADK and WinPE can be download from [here](https://docs.microsoft.com/en-us/windows-hardware/get-started/adk-install) (*They are two separate downloads...*) {% endhint %} **Step 1.** Start the Windows 10 ADK installation. Leave everything default and click "**Next**" ![Configuration Manager - Prerequisite](/files/-M49acdNN7ihaRUsflCt) **Step 2.** Select "**No**" and click "**Next**" ![Configuration Manager - Prerequisite](/files/-M49ajf2IKv48I6cwcct) **Step 3.** Click "**Accept**" to the License Agreement. ![Configuration Manager - Prerequisite](/files/-M49aqdIjYyOWUKkkaHW) **Step 4.** Select "**Deployment Tools**" and "**User State Migration Tool (USMT)**" and click "**Install**" ![Configuration Manager - Prerequisite](/files/-M49avGyxLlpHOXwq3rM) ![Configuration Manager - Prerequisite](/files/-M49b5f46Vcc3PN8DdEi) **Step 5.** Click "**Close**" ![Configuration Manager - Prerequisite](/files/-M49bA3HMvFM_9GLVIrE) **Step 6.** Start the WinPE installation. Leave everything default and click "**Install**" ![Configuration Manager - Prerequisite](/files/-M49bEZzqWaKx2UZgLcF) ![Configuration Manager - Prerequisite](/files/-M49bJhLexTCIN248-KA) **Step 7.** Click "**Close**" ![Configuration Manager - Prerequisite](/files/-M49bPN0eIfU859rHll-) ### ConfigMgr Accounts & Groups Before we continue it's important that we create a few accounts and groups in our Active Directory. I'll be referring to the following accounts and groups throughout the blog post. | **Name** | **Type** | **Description** | | --------------------- | :------: | ---------------------------------------------------------------------- | | **Svc.ClientPush** | User | Service Account for Client Push Installation | | **Svc.NetworkAccess** | User | Service Account for Accessing Network Resources | | **Svc.Sql** | User | Service Account for SQL/Reporting | | **Svc.TaskSequence** | User | Service Account for Task Sequence/Domain Join | | **CM Administrators** | Group | Members in this group grants full permissions in Configuration Manager | | **CM Servers** | Group | This group contains all site system servers | {% hint style="info" %} Add "**CM Administrators**" and "**CM Servers**" to the local administrator group on the site server. If you got multiple site servers I'll recommend you adding them with an GPO. {% endhint %} ### AD Schema Extension Since this is a new environment with no previous Configuration Manager installations, we need to extend the Active Directory Schema, but first we'll have to mount the "**Configuration Manager**" media to the DC server. **Step 1.** Add the "**Configuration Manager**" media to the DC server. ![Configuration Manager - Prerequisite](/files/-M4IoQWIOe_InliqtphC) **Step 2.** Log into to the DC server with an account that is a member of the security group Schema Admins. Navigate to "**.\SMSSETUP\BIN\X64\\**" on the mounted "**Configuration Manager**" media and execute "**extadsch.exe**" ![Configuration Manager - Prerequisite](/files/-M4IsC1DheK5dF0TOFf7) **Step 3.** Verify that Active Directory Schema were successfully extended by checking the "**ExtADSch.log**" file which is located in the root of the system drive. ![Configuration Manager - Prerequisite](/files/-M4ItxLeFEGxhN4vAR6Q) **Step 4.** Type "**ADSI**" in the search line next to the start button, and click "**ADSI Edit**" ![Configuration Manager - Prerequisite](/files/-M4IvAJHJhFMrHNkBgWd) **Step 5.** Right-click on "**ADSI Edit**" and select "**Connect to...**" ![Configuration Manager - Prerequisite](/files/-M4IvHUxWAXeOrK0OJ65) **Step 6.** Leave everything default and click "**OK**" ![Configuration Manager - Prerequisite](/files/-M4IvLoPwcehLQya61mM) **Step 7.** Right-click on "**CN=System**" and create a new "**Object...**" ![Configuration Manager - Prerequisite](/files/-M4IvQi2UI1DQyeb-uhv) **Step 8.** Select the "**Container**" class and click "**Next**" ![Configuration Manager - Prerequisite](/files/-M4mRN8qSmesaFZ1loBD) **Step 9.** Type "**System Management**" as the value and click "**Next**" ![Configuration Manager - Prerequisite](/files/-M4IvascfXU18oKOaL8p) **Step 10.** Click "**Finish**" ![Configuration Manager - Prerequisite](/files/-M4IvfHHwQN0_ArrJ-bS) **Step 11.** Right-click on "**CN=System Management**" and select "**Properties**" ![Configuration Manager - Prerequisite](/files/-M4IvjhPy6l0bJfH-xsg) **Step 12.** Go to the "**Security**" tab and click on "**Advanced**". Add the primary site server "**CM**" and the security group "**CM Servers**" that we created in our Active Directory earlier. Give them both "**Full Control**" and select "**This object and all descendant objects**" in the "**Applies to:**" list. Click "**Apply**" and close the "**ADSI Edit**" ![Configuration Manager - Prerequisite](/files/-M4Oda5lLfs5gYpH90Po) ![Configuration Manager - Prerequisite](/files/-M4OeeUgs3PVxg22S28m) ## Windows Update Before continuing with the SQL installation and configuration, it´s important to check for Windows Updates once again. The reason for this is that Windows Server 2019 probably need to re-apply the cumulative update in order for the new server roles and features to function correct. {% hint style="info" %} The Windows Update process is covered in the main section. Click "**Previous**" below or click "**Part 4 - Setting up Microsoft Endpoint Configuration Manager**" in the menu to the left. {% endhint %} Now that we have successfully installed and configured the required prerequisites for Microsoft Endpoint Configuration Manager, let's move on to the SQL installation and configuration. Click "**Next**" below or click "**SQL**" in the menu to the left. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://www.osdsune.com/home/archive/microsoft-configuration-manager/configmgr-lab/part-4/prerequisites.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.