locked
Questions regarding installing Config Mgr 2012 clients by push and another trusted forest... RRS feed

  • Question

  • We have two separate forests that are two-way trusted. I need to install clients in the other forest. I don't want to use Group Policy, logon scripts or WSUS methods. I'm reading that SLP functionality of Config Mgr 2007 is now integrated or is now a feature of the MP role for 2012. The schema has been extended successfully. Just curious, but can I use push client installation in Config Mgr 2012? Is there syntax or client.msi properties I need to add in the installation properties tab of client push settings like the manual installation?

    If I cannot use push installation,  I'll was thinking of writing a PowerShell script to remotely,manually start the ccmsetup to each of those machines. Probably use DNSSUFFIX and SMSSIteCode? Thoughts?

    Tuesday, May 22, 2012 2:44 PM

Answers

  • A couple of things:

    • You'll need to define a Client Push Installation account that is valid in the other domain
    • You'll need to have a Network Access account configured to be used for the /MP:<server to download files from> parameter since the client machine account in the other forest will have no security context coming across the external two-way trust

    It may not hurt to specify the MP (SMSMP=<MP-FQDN>) and FSP (FSP=<FSP-FQDN>) if you're using an FSP.

    See http://technet.microsoft.com/en-us/library/gg699356.aspx for a complete list of ccmsetup.exe and client.msi parameters for CM12.

    BH

    Tuesday, May 22, 2012 3:24 PM

All replies

  • A couple of things:

    • You'll need to define a Client Push Installation account that is valid in the other domain
    • You'll need to have a Network Access account configured to be used for the /MP:<server to download files from> parameter since the client machine account in the other forest will have no security context coming across the external two-way trust

    It may not hurt to specify the MP (SMSMP=<MP-FQDN>) and FSP (FSP=<FSP-FQDN>) if you're using an FSP.

    See http://technet.microsoft.com/en-us/library/gg699356.aspx for a complete list of ccmsetup.exe and client.msi parameters for CM12.

    BH

    Tuesday, May 22, 2012 3:24 PM
  • Thanks for the fast reponse Bruce! I appreciate the suggestions. I will test this out.
    Tuesday, May 22, 2012 7:18 PM
  • New update: I tested this out, it worked just fine.

    I used a service account with access ability in Forest 2.

    • I added the service account to client push accounts. Did the verify.
    • Then added this syntax: SMSSITECODE=LOL DNSSSUFFIX=mybox.mydomain.net FSP=mybox.mydomain.net SMSMP=mybox.mydomain.net           in the installation properties tab
    • I then right-clicked and pushed the client successfully (watched it download install pieces in the ccmsetup folder on the client, refreshed and check log).......success in the console.

    Thanks Bruce!!! :-)

    Thursday, May 24, 2012 10:54 PM