locked
Assign clients to new Hierarchy RRS feed

  • Question

  • Problem:  For reason I won’t get into we had to spin up a new CM12 hierarchy to replace our current CM12 hierarchy and we have no access to the old one.  We still have a substantial number of clients who are assigned to old CM12 site which as I understand it I cannot simply re-assign because of the trusted root key.  To add a bit of complexity, the majority of these users are Direct Access users so I have to be thoughtful in how I handle this via GP.

    So my main question is this… via GP is there a way to remove the old trusted root key, so that it is in a state where it will discover the proper site without uninstalling the CM client?  Or do I simply need to accept that fact that I need to uninstall and reinstall.  I also do not want to set any stack values via registry if at all possible. Thanks in advance!

    Tuesday, May 12, 2015 9:23 PM

Answers

  • Is this what you are referring to: https://t3chn1ck.wordpress.com/2012/10/05/configmgr-client-gpo-assignment-removal/?

    Jeff

    • Proposed as answer by Joyce L Monday, May 25, 2015 8:30 AM
    • Marked as answer by Joyce L Wednesday, May 27, 2015 9:26 AM
    Wednesday, May 13, 2015 12:39 AM
  • I am not 100% sure, but I think that you don't have to deal with the trusted root key in CM12 any more. It will be read from AD. That can be easily tested though. If not: use RESETKEYINFORMATION=TRUE when installing the client.

    Torsten Meringer | http://www.mssccmfaq.de

    • Proposed as answer by Joyce L Monday, May 25, 2015 8:30 AM
    • Marked as answer by Joyce L Wednesday, May 27, 2015 9:26 AM
    Wednesday, May 13, 2015 5:47 AM

All replies

  • Is this what you are referring to: https://t3chn1ck.wordpress.com/2012/10/05/configmgr-client-gpo-assignment-removal/?

    Jeff

    • Proposed as answer by Joyce L Monday, May 25, 2015 8:30 AM
    • Marked as answer by Joyce L Wednesday, May 27, 2015 9:26 AM
    Wednesday, May 13, 2015 12:39 AM
  • I am not 100% sure, but I think that you don't have to deal with the trusted root key in CM12 any more. It will be read from AD. That can be easily tested though. If not: use RESETKEYINFORMATION=TRUE when installing the client.

    Torsten Meringer | http://www.mssccmfaq.de

    • Proposed as answer by Joyce L Monday, May 25, 2015 8:30 AM
    • Marked as answer by Joyce L Wednesday, May 27, 2015 9:26 AM
    Wednesday, May 13, 2015 5:47 AM