locked
Disabling Site-Wide SCCM Client push on VDI clients RRS feed

  • Question

  • Problem:  We have site-wide SCCM client push enabled and want to exclude the SCCM agent push to our VDI endpoints (only)

    From what I can determine you really can't exclude OU's from discovery so we are left with the following methods below to impede the client installation

    Methods: (some that won’t for us with VDI)

    Don’t use Client Push globally (Is this against best practice?)

    Remove Client Push account or site server account from the local administrators Group on those systems

    Add Computers to ExcludeServers list (can’t use wildcards..right?)

    Revoke AD perms from the SCCM server for the OU’s in question.

    Create a file called CCM & CCMSETUP under %windir%\  (This will prevent a folder with the same name as the already existing file from being created).

    QUESTION:  Which is the best method...is there a better method?

    If there are no other viable options my first two choices would be to trick SCCM into falsely thinking that the SCCM agent is already installed or disable site-wide client push entirely and deploy the agent via other means.


    David W King



    Monday, May 16, 2016 4:08 PM

Answers

  • There is no right or wrong here ... you can either add only OUs that do not contain VDI Clients or use a startup script  to install the client as two alternatives - or any method you already mentioned. This can only be answered when knowing *all* details about the environment.

    Torsten Meringer | http://www.mssccmfaq.de

    • Marked as answer by David W King Friday, May 20, 2016 12:21 PM
    Tuesday, May 17, 2016 5:56 AM

All replies

  • There is no right or wrong here ... you can either add only OUs that do not contain VDI Clients or use a startup script  to install the client as two alternatives - or any method you already mentioned. This can only be answered when knowing *all* details about the environment.

    Torsten Meringer | http://www.mssccmfaq.de

    • Marked as answer by David W King Friday, May 20, 2016 12:21 PM
    Tuesday, May 17, 2016 5:56 AM
  • Thanks, but I guess I'm wondering what is most customary....I wonder...we can't be the only organization with a growing VDI environment that wants to solve this problem.  I would think most organizations would want to blanket the SCCM agent via push....along with other means to ensure full deployment but where I'm aghast is that Microsoft doesn't make it more easy to exclude OUs from discovery.....I'm mean c'mon...really?  I think we're going to leave push on and exclude and in addition to that exclude by creating CCM & CCMSETUP files (belt and suspenders) in our VDI images.  Thx.


    David W King


    Tuesday, May 17, 2016 2:14 PM
  • Microsoft doesn't make it more easy to exclude OUs from discovery


    That depends on your OU structure. Just don't include it - the might be easy or a nightmare, depending on how your OU structure Looks like.

    Torsten Meringer | http://www.mssccmfaq.de

    Tuesday, May 17, 2016 2:30 PM