locked
Client Push RRS feed

  • Question

  • Hi guys,

    With the site-wide client push installation - is there a way to exclude certain OUs from having the client install. For instance we have some virtual machine OUs that i dont want the client on.

    At the moment i use active directory discovery with OUs filtered, but client push will check whole network? and install on everything, any way to refine it.

    Thanks -Travis

    Wednesday, October 14, 2015 10:00 AM

Answers

  • What you've done is the best course of action and what I would have recommended. It would be nice if we could specify OUs to exclude instead of having to specify everything to include, but we can't so what you did is the best way. If ConfigMgr doesn't discover it then it can't even try to do anything to it.

    Also make sure that if you have group discovery enabled, that you don't include any groups that may in turn include these systems that you want to include.

    And of course, spot check every now and then to make sure they haven't slipped through for some other reason.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by Travis_83 Wednesday, October 14, 2015 8:10 PM
    Wednesday, October 14, 2015 2:32 PM

All replies

  • It will only automatically push the client to discovered objects.

    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

    Wednesday, October 14, 2015 10:09 AM
  • So anything in the All Systems collection, that is essentially what has been discovered depending on what discovery method set?
    Wednesday, October 14, 2015 11:12 AM
  • Yes, with the caveat that it must also be assigned to the site and have a valid OS on it. Just having a resource in All Systems does not mean its assigned -- that comes from being within boundary group marked for site assignment (or if you have a fallback site enabled).

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, October 14, 2015 12:28 PM
  • Hi,

    Yes, All system collection members will receive the client install notification from site server by enabling the Site wide client push.


    Regards, kanna

    Wednesday, October 14, 2015 12:30 PM
  • Yes, All system collection members will receive the client install notification from site server by enabling the Site wide client push.



    No, technically not correct. See Jason's reply above. 

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, October 14, 2015 12:38 PM
  • Thanks Jason,

    In my all systems container the devices have my site code, not all installed though. As of now I only have AD discovery in place - if i enable site wide push it will only associate with devices discovered with assigned site code?

    I used to have the network discovery in place which I've since disabled, this was just adding everything, which I don't want.

    Wednesday, October 14, 2015 2:00 PM
  • Correct to your first question. If you could maybe expand on motivation for the question, we could probably offer some suggestions.

    Network Discovery is pretty useless as most have discovered.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, October 14, 2015 2:07 PM
  • Hi Jason,

    Not sure how familiar you are with VMWare but,

    We have virtual machine pools which are floating pools. In VMware these floating VMs link to a parent (central image). We update our link parents (main image) manually via windows update and then push out changes to the entire pool of VMs. We dont want SCCM touching these linked parents or their associated floating pools, only interested in physical devices.. The floating VMs and link parents have their own OU in AD and just dont want those devices to be discovered... right now i think im okay as i've manually added every OU in our AD with exception of the ones which include virtual machines...

    Just worried i enable site wide and it somehow hits those OUs.. which i dont think it will.. I just like some assurance from more experienced folk.

    Wednesday, October 14, 2015 2:16 PM
  • What you've done is the best course of action and what I would have recommended. It would be nice if we could specify OUs to exclude instead of having to specify everything to include, but we can't so what you did is the best way. If ConfigMgr doesn't discover it then it can't even try to do anything to it.

    Also make sure that if you have group discovery enabled, that you don't include any groups that may in turn include these systems that you want to include.

    And of course, spot check every now and then to make sure they haven't slipped through for some other reason.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    • Marked as answer by Travis_83 Wednesday, October 14, 2015 8:10 PM
    Wednesday, October 14, 2015 2:32 PM