How to configure a Member Server Scenario (SL4652)

How to configure a Member Server Scenario in Desktop Authority

Installing to a Member Server scenario simply means that you are installing DA (Desktop Authority) and all its services to a single server setup. You would also be creating shares on that same server for replication. In this type of scenario, there is no need to deploy any services or do any replication to the Domain Controllers.

When setting up a member server scenario the installation procedure would be the same as when installing it to a standard setup, except for when it gets to the point where the install asks to install the Desktop Authority Administrative Service and the Update Service.

At this point in the installation, make sure that only the member server that Desktop Authority is being installed on is shown under Deployment Settings | Server Manager | Service Management.

NOTE:  If Domain Controllers are also showing, then they would need to be removed.

Make sure that the DA Administrative Service and Update Service are set to install and proceed with the configuration.

A share needs to be created on the Desktop Authority server for purpose of replication. In a default installation of Desktop Authority replication takes place to two different locations on the Domain Controller.

The User Based Management (UBM) files get replicated to the Netlogon share on the Domain Controller.

The Computer Based Management (CBM) files get replicated to SYSVOL\Domain_Name\Policies\Desktop Authority\Device Policy Master.

At this point one share can be created and have both the UBM and CBM files replicate to it, or two shares can be created and replicate the UBM and the CBM to different shares. When the shares are created provide R/X (Read/Execute) NTFS permissions for Authenticated Users.

In the Desktop Authority Manager click on the member server listed in Service Management and then click on Properties to configure the server properties.

The server properties screen will come up. At this point click on Edit properties:

In the next screen, in Deployment Settings | Server Manager | Service management | Server Properties, click over the User replication target and the Computer replication target box, then enter the share name of the folder(s) that were created and click Save:

Once that is configured: Do a Force an update of the local Desktop Authority folder on clients, to do this go to the left bottom corner and click the DropDown menu arrow and click  Force an update of the local Desktop Authority folder on clients. And Replicate all files, to do this go to the left bottom corner and click the DropDown menu arrow and click Replicate all files.

Once Desktop Authority is ready to start being deployed to users on the network you would need to create a batch file. Place that batch file in the NetLogon of the Domain Controllers and assign it as a logon script in the user’s profile in Active Directory. This batch file redirects the user to get the Desktop Authority settings from the member server, instead of the Domain Controllers.

The following line would be put into the batch file then saved as “callsl.bat”: 

Call \\DAServerName\ShareName\slogic.bat   

By default, for the CBM setting, the CBM service will automatically look at the SYSVOL directory on the Domain Controllers for the CBMConfig.xml file unless otherwise specified. An alternate location needs to be specified on the client machines so that the CBM service looks to the member server for the CBMConfig.xml. Create the following registry value on the client machine:

Hive: HKLM

Key: SOFTWARE\WOW6432Node\ScriptLogic\Device Agent\Global Settings

Value: Machine_Sysvol_Path

Type: REG_SZ

Data: \\MemberServerName\Sharename

NOTE: THE REGISTRY VALUE NAME IS CASE SENSITIVE 

IMPORTANT:

IF YOU DO NOT WANT ALL YOUR MACHINES TO GET UPGRADED AT THE SAME TIME DO NOT APPLY THE DESKTOP AUTHORITY GPO OBJECT TO YOUR DOMAIN. THIS WILL CAUSE ALL OF YOUR MACHINES TO GET UPGRADED TO THE VERSION RUNNING ON THE MEMBER SERVER.

IF A PREVIOUS VERSION OF THE DESKTOP AUTHORITY GPO OBJECT WAS PUSHED OUT TO YOUR DOMAIN, REMOVE IT BEFORE INSTALLING DESKTOP AUTHORITY MEMBER SERVER. IF IT IS NOT REMOVED, IT WILL CAUSE MACHINES TO DOWNGRADE BACK TO PREVIOUS VERSION.