SCCM Lab
Props!
Shout out to Zach Stein (@synzack21) for collaborating to create the Ludus SCCM Ansible collection!
This guide will create a Configuration Manager environment and install Configuration Manager agents on multiple endpoints. For more information, see the blog post by Zach Stein (@synzack21).
- Add the
synzack.ludus_sccmcollection to your Ludus server
ludus ansible collection add synzack.ludus_sccm
- Modify your ludus config to add the appropriate SCCM roles to servers.
caution
- Due to unknown issues with SCCM, .local domain suffixes will not work properly. We recommend using something else such as .domain or .lab for your domain suffix
- If you wish to add client push to the DC, you will need to enable Remote Scheduled Tasks Management firewall rules or use the disable_firewall role
- At this time, all 4 site server roles are needed to deploy SCCM, there is no standalone option yet
- All SCCM VM hostnames MUST be 15 characters or less
ludus range config get > config.yml
config.yml
ludus:
- vm_name: "{{ range_id }}-DC01"
hostname: "DC01"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 10
ram_gb: 4
ram_min_gb: 1
cpus: 2
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: primary-dc
roles:
- synzack.ludus_sccm.install_adcs
- synzack.ludus_sccm.disable_firewall
- vm_name: "{{ range_id }}-Workstation"
hostname: "Workstation"
template: win11-22h2-x64-enterprise-template
vlan: 10
ip_last_octet: 11
ram_gb: 4
ram_min_gb: 1
cpus: 2
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.disable_firewall
- vm_name: "{{ range_id }}-sccm-distro"
hostname: "sccm-distro"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 12
ram_gb: 4
ram_min_gb: 1
cpus: 4
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.ludus_sccm_distro
role_vars:
ludus_sccm_site_server_hostname: 'sccm-sitesrv'
- vm_name: "{{ range_id }}-sccm-sql"
hostname: "sccm-sql"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 13
ram_gb: 4
ram_min_gb: 1
cpus: 4
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.ludus_sccm_sql
role_vars:
ludus_sccm_site_server_hostname: 'sccm-sitesrv'
ludus_sccm_sql_server_hostname: 'sccm-sql'
ludus_sccm_sql_svc_account_username: 'sqlsccmsvc'
ludus_sccm_sql_svc_account_password: 'Password123'
- vm_name: "{{ range_id }}-sccm-mgmt"
hostname: "sccm-mgmt"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 14
ram_gb: 4
ram_min_gb: 1
cpus: 4
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.ludus_sccm_mgmt
role_vars:
ludus_sccm_site_server_hostname: "sccm-sitesrv"
- vm_name: "{{ range_id }}-sccm-sitesrv"
hostname: "sccm-sitesrv"
template: win2022-server-x64-template
vlan: 10
ip_last_octet: 15
ram_gb: 4
ram_min_gb: 1
cpus: 4
windows:
sysprep: true
domain:
fqdn: ludus.domain
role: member
roles:
- synzack.ludus_sccm.ludus_sccm_siteserver
- synzack.ludus_sccm.enable_webdav
role_vars:
ludus_sccm_sitecode: 123
ludus_sccm_sitename: Primary Site
ludus_sccm_site_server_hostname: 'sccm-sitesrv'
ludus_sccm_distro_server_hostname: 'sccm-distro'
ludus_sccm_mgmt_server_hostname: 'sccm-mgmt'
ludus_sccm_sql_server_hostname: 'sccm-sql'
# --------------------------NAA Account-------------------------------------------------
ludus_sccm_configure_naa: true
ludus_sccm_naa_username: 'sccm_naa'
ludus_sccm_naa_password: 'Password123'
# --------------------------Client Push Account-----------------------------------------
ludus_sccm_configure_client_push: true
ludus_sccm_client_push_username: 'sccm_push'
ludus_sccm_client_push_password: 'Password123'
ludus_sccm_enable_automatic_client_push_installation: true
ludus_sccm_enable_system_type_configuration_manager: true
ludus_sccm_enable_system_type_server: true
ludus_sccm_enable_system_type_workstation: true
ludus_sccm_install_client_to_domain_controller: false # "true" Requires Remote Scheduled Tasks Management Firewall Enabled on the DCs (or no firewall)
ludus_sccm_allow_NTLM_fallback: true
# ---------------------------Discovery Methods------------------------------------------
ludus_sccm_enable_active_directory_forest_discovery: true
ludus_sccm_enable_active_directory_boundary_creation: true
ludus_sccm_enable_subnet_boundary_creation: true
ludus_sccm_enable_active_directory_group_discovery: true
ludus_sccm_enable_active_directory_system_discovery: true
ludus_sccm_enable_active_directory_user_discovery: true
# ----------------------------------PXE-------------------------------------------------
ludus_sccm_enable_pxe: true
ludus_enable_pxe_password: false
ludus_pxe_password: 'Password123'
ludus_domain_join_account: domainadmin
ludus_domain_join_password: 'password'
ludus range config set -f config.yml
- Deploy the range
ludus range deploy
# Wait for the range to successfully deploy
# You can watch the logs with `ludus range logs -f`
# Or check the status with `ludus range status`
tip
If you'd like to watch the progress of the SCCM install, open a console or RDP into the sccm-sitesrv VM and run:
Get-Content C:\ConfigMgrSetup.log -Wait
This will "tail" the log file as SCCM installs.
- Use Misconfiguration Manager to explore all the ways to pwn SCCM!
Our favorite SCCM tools are SharpSCCM by @_Mayyhem and SCCMHunter by @garrfoster.
The main way to access SCCM is on the Site Server (sccm-sitesrv) with the Configuration Manager Console.
tip
Using the configuration above, the domainadmin user is the user that has permissions in SCCM. To access the Configuration Manager Console. Log into the sccm-sitesrv VM as domainadmin (not the default domainuser).
