设为首页 收藏本站
查看: 862|回复: 0

[经验分享] SCCM Configmgr 2012 Manage Workgroup Computers for Deployment,Remote tools etc

[复制链接]

尚未签到

发表于 2018-6-21 11:18:49 | 显示全部楼层 |阅读模式
SCCM Configmgr 2012 Manage Workgroup Computers for Deployment,Remote tools etc
  In my earlier post,we saw how to manage work group computers using SCCM Configmgr 2007.http://www.windows-noob.com/forums/index.php?/topic/2029-managing-workgroup-computers-in-sccm-sms-environment/
  In this blog post,we are going to see how to manage workgroup/ DMZ computers using SCCM Configmgr 2012. This procedure involves working with lmhost and host files  on work group machines.
  For some reason,i find that ,Technet library is not so clear on how to manage workgroup computershttp://technet.microsoft.com/en-us/library/bb680962.aspx. TEchnet document just illustrates the overall procedure but not in detail.
  Before we jump into the details of updating lmhost,other files,lets have a look at workgroup limitations,site assignment,approval etc.
  There are some limitation while managing the workgroup computers listed below:
  Limitations:


  •   Workgroup clients cannot locate management points from AD and instead we must use DNS, WINS or another Management Point.
  •   Global Roaming is not supported because clients cannot query AD for site information.
  •   AD discovery cannot discover computers in workgroups.
  •   You cannot deploy software to users of Workgroup computers.
  •   You cannot use client push installation method to install client on workgroup computers.
  •   Workgroup clients cannot use Kerberos for authentication so might require manual approval.
  •   Workgroup client cannot be configured as a Distribution Point. SCCM 2012 requires that distribution point computer be members of a Domain.
  Site Assignment:


  •   After you install the Client, it must join a configmgr primary site before it can be managed. The site that a client joined is referred to as its assigned site.
  •   Clients cannot be assigned to CAS or secondary Site.
  •   A client is considered to be unmanaged when it is installed but not assigned to a site or is assigned to a site but cannot communicate with a management Point.
  Manual Vs. Auto assignment:


  •   Auto assignment will not work for workgroup clients
  •   To manually assign the workgroup clients SMSSITECODE installation property must be used
  •   Ccmsetup.exe SMSSITECODE=PRI SMSMP=cm12pri.eskonr.com
  •   Use SMSMP property to specify management point or use DNSSUFFIX for the clients to automatically locate MP from DNS.
  •   Ccmsetup.exe SMSSITECODE=PRI DNSSUFFIX=eskonr.com
  Client approval:


  •   You can either choose to approve all automatically (not recommended) or manually approve each workgroup client from site setting properties.
  Softwares/Application deployment to Workgroup clients:


  •   Setup Network Access Account
  •   If boundaries and boundary groups are configured properly clients can automatically locate Distribution Points.
  •   If boundaries and Boundary Groups are not configured, you should setup the deployment option
  •   Package properties: Deployment option: download content from DO and run locally which means all these clients will fall under SLOW.
  Note : The above information is captured from Taj mohammed (Microsoft) session.
  Before installing SCCM client on workgroup machines,we need to do some configurations on the workgroup/DMZ computer.
  If  have managed to get work group computer working with SCCM using SCCM 2007 ,you may find the steps more or like same in this blog post.
  Do the below steps on Workgroup machine.
  Disable the Firewall,If you don't want to disable,allow the required ports http://technet.microsoft.com/en-us/library/hh427328.aspx (ccmhttp and WSUS ports mainly to inbound rules)
  work with Network Team to get the required port opened for communication between the Client and SCCM Server (Management Point,it could be the primary MP or secondary MP,SUP) and DP and FSP (if you running on different server).
  Go to the control Panel-->Network Connections-->Local Area Network
  Go to Internet TCP IP Protocol .Click on Properties---> click on Advanced --->Go to DNS Tab .
  add the DNS suffix as shown below.
DSC0000.jpg

  Next to DNS,WINS Tab,select ‘Enable NetBIOS Over TCP\IP
DSC0001.jpg

  Next Go to C:\Windows\System32\drivers\etc
  open lmhost file with admin rights using notepad
  copy the below lines to the host file
  192.168.1.10 SGCMCEN                        #PRE
  192.168.1.10 "MP_PRI         \0x1A"      #PRE
  Where SGCMCEN is SCCM Primary site name and PRI is Site code
  Make sure you have 20 characters (Including blank Spaces) between the quotes .
  Note:am not adding SLP entries to lmhost file since SLP is integrated into Management Point in CM12.
DSC0002.jpg

  save as “lmhost” in C:\Windows\System32\drivers\etc
DSC0003.jpg

  Note:If you have Name resolution issues,you are required to add the Management point info and Distribution Point info to hosts file.entries look like below:
  10.64.152.53    sgcmcen     sgcmcen.cm12lab.com
  10.64.144.146   sgcmdp1  sgcmdp1.cm12lab.com
  Next to purge and preload Remote cache table. To do this, open cmd with admin rights again and run the below commands
  nbtstat –R
DSC0004.jpg

  nbtstat -c
DSC0005.jpg

  You see the changes are loaded into cache.
  Next is to have local administrator Account for remote control using SCCM 2012 .If you do not have this account,remote control will not work.
  Now we are done with the required changes for the client installation.
  Copy the sccm client installation files to local drive on work Group machine.
  Run the command prompt with local admin rights .
  use the below command to install sccm client on your workgroup computer.
  ccmsetup.exe /source:C:\client SMSSITECODE=PRI SMSMP=sgcmcen.cm12lab.com DNSSUFFIX=cm12lab.com
  monitor ccmsetup.log from C:\Windows\ccmsetup\Logs
  notice from ccmsetup.log installation is completed.
DSC0006.jpg

  lets look at configuration manager applet from control panel
DSC0007.jpg

  go to Site tab and try to discover the site to see if it work or not
DSC0008.jpg

  look at Actions Tab if all the agents are loaded or not
DSC0009.jpg

  from the above screen,there are just only 2 actions loaded and this is because ,client is not approved in SCCM yet. (By default ,the site is set to approve clients in trusted domain)
  go back to Configuration manager console,assets and compliance,devices ,search for the computer, and approve it.
DSC00010.jpg

  Right click on the computer and approve.
  Go back to the client,see if you see more than 2 actions or not.
DSC00011.jpg

  If you have issues appearing the client in console,you will have to checkclientIDmanagerStartup.log, clientlocation.log and locationservices.log
  Till now we saw ,how to manage the Workgroup SCCM client is able to communicate MP,getting policies etc.
  Now we see if Application Deployment,Remote Tools and Other functions work not.
  Try to create simple application or if you already have any ,Deploy it to workgroup computer.
  Note: Make sure you configured Network Access Account to access resources from domain for the workgroup computer.
  I deployed 7zip application and it appears in software center.
DSC00012.jpg

  run the installation
DSC00013.jpg

  You see it is successfully ran.
DSC00014.jpg

  same way,you can also deploy software updates,packages and what else you can,Do it.
  What next ,Remote Control ?
  For this to happen,you need to add the workgroup IP address,hostname in your sccm server host file(C:\windows\system32\drivers\etc\hosts)
  After you do this,try to do remote control of the Workgroup computer from sccm console,you get prompt for authentication since domain cred wont work.
  workgroup hostname\administrator and password.
  Note:if your local administrator account is disabled for other reasons,use the account which as local admin rights on the workgroup computer.
DSC00015.jpg

  Note: By Default ,windows 7 and later Operating Systems,GPO setting set toClassic-Local Users Authenticate themselves.
  Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options-->Network access: Sharing and security model for local accounts
  On the workgroup computer,you see something like this ,you can change the settings to not ask user permission in client agent settings.
DSC00016.jpg

  Update: If you are trying to manage Windows XP Workgroup computers,GPO setting is not set to classic by Default and it is required to change it manually or via scripting else you keep on prompting for password that never works.
DSC00017.jpg

  Thanks to Niall for finding the GPO setting on WinXP computers.
  Hope it helps!
  转载自:http://eskonr.com/2013/08/sccm-configmgr-2012-manage-workgroup-computers-for-deploymentremote-tools-etc/

运维网声明 1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com

所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其承担任何法律责任,如涉及侵犯版权等问题,请您及时通知我们,我们将立即处理,联系人Email:kefu@iyunv.com,QQ:1061981298 本贴地址:https://www.yunweiku.com/thread-528712-1-1.html 上篇帖子: Windows用户安全小技巧 下篇帖子: 为什么没有Windows 9
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

扫码加入运维网微信交流群X

扫码加入运维网微信交流群

扫描二维码加入运维网微信交流群,最新一手资源尽在官方微信交流群!快快加入我们吧...

扫描微信二维码查看详情

客服E-mail:kefu@iyunv.com 客服QQ:1061981298


QQ群⑦:运维网交流群⑦ QQ群⑧:运维网交流群⑧ k8s群:运维网kubernetes交流群


提醒:禁止发布任何违反国家法律、法规的言论与图片等内容;本站内容均来自个人观点与网络等信息,非本站认同之观点.


本站大部分资源是网友从网上搜集分享而来,其版权均归原作者及其网站所有,我们尊重他人的合法权益,如有内容侵犯您的合法权益,请及时与我们联系进行核实删除!



合作伙伴: 青云cloud

快速回复 返回顶部 返回列表