Remove From My Forums

Unauthorised Client deployment..

Question
0

Sign in to vote
Hello all,

This is one of the O.Sh. moments...not for me but..

So, I am running the - eventual - global ConfigMgr 2012 project at my company and all is progressing smoothly. Until now. Unfortunately, a bright spark in another (sub-)domain decided they couldn't wait and built their own 2012 server. Apparently, it was in 'test' but really it was connected to the live AD infrastructure. Not knowing what they were doing they enabled client push, Forest Discovery (plus create Boundaries and BGs), System Discovery - you can see where this is going...and boom. Client deployment to their Domain. Cue mayhem from the businesses. They then proceeded to delete any clients from CM and other traces such as Boundaries and disable ALL discovery methods. What a moment.

So far, my plan is to obviously keep Client Push off and then..

Re-instate Heartbeat on the naughty CM server first to see what chats back.
Next on the list is to add Boundaries in the form of IP ranges for each location - I want to do this methodically
Add them to a BG leaving Assigned site empty and add the Site System in and thus get more coming back.
Then create Collections based on ranges and then hopefully use something like Now Micro's right click tools to do an uninstall.

I want to help this Unfortunate person out (and to keep their job) so I would be grateful for any suggestions or other thoughts.

Thanks,

(Oh, and it's not me... :)

....Luckily MY CM is in the Root domain...)
Monday, March 9, 2015 3:52 PM

Answers

0

Sign in to vote
Then I guess you could send out an uninstall from the test server and remove the client or pop it into a GPO.

Worth a read:

https://social.technet.microsoft.com/Forums/en-US/f001083b-cb54-4001-bc13-5efea7e3ba01/create-collection-with-sccm-2012-client-installed?forum=configmanagergeneral

https://technet.microsoft.com/en-gb/library/bb694276.aspx?f=255&MSPPError=-2147217396

https://social.technet.microsoft.com/Forums/en-US/11bbd860-c4fa-4a7b-ac9a-6e80c05919ed/best-practices-to-uninstall-sccm-2012-server-and-client-agents?forum=configmanagerdeployment
- Edited by Richard.Knight Monday, March 9, 2015 10:10 PM
- Marked as answer by Joyce L Wednesday, March 18, 2015 3:14 AM
Monday, March 9, 2015 10:04 PM
0

Sign in to vote
I concur with Richk, I would deploy an uninstall program from the "offending" server to the offending clients, then cleanup the AD objects (assuming they extended the schema for SCCM of course).

You could add a startup script or something after the fact to pick up any stragglers, or just use a startup script to kick the uninstalls as a standalone solution.
- Marked as answer by Joyce L Wednesday, March 18, 2015 3:14 AM
Monday, March 9, 2015 10:11 PM

All replies

0

Sign in to vote

So what's your main goal right now?
Torsten Meringer | http://www.mssccmfaq.de

Monday, March 9, 2015 4:44 PM
0

Sign in to vote

To remove the clients.

Monday, March 9, 2015 5:40 PM
0

Sign in to vote
I don't think you need to remove the clients, you could just push out the client again from the correct site.

How did you role out the client in the 'proper' site.

Once everything is moved over then uninstall the incorrect site and clear up relevant info from the system management container / dns
- Edited by Richard.Knight Monday, March 9, 2015 6:30 PM
Monday, March 9, 2015 5:44 PM
0

Sign in to vote

Sorry, I should have been clearer. The 'rest of the world' is not yet ready for the 'proper' configmgr deployment (no apps, no business acceptance yet etc) so I just need to undo the push to the sites and locations that are not yet being managed in configmgr. I guess I wanted confirmation that to do that I am running the right process to catch all the workstations or servers with the client installed...and then uninstall them.

Monday, March 9, 2015 9:42 PM
0

Sign in to vote
Then I guess you could send out an uninstall from the test server and remove the client or pop it into a GPO.

Worth a read:

https://social.technet.microsoft.com/Forums/en-US/f001083b-cb54-4001-bc13-5efea7e3ba01/create-collection-with-sccm-2012-client-installed?forum=configmanagergeneral

https://technet.microsoft.com/en-gb/library/bb694276.aspx?f=255&MSPPError=-2147217396

https://social.technet.microsoft.com/Forums/en-US/11bbd860-c4fa-4a7b-ac9a-6e80c05919ed/best-practices-to-uninstall-sccm-2012-server-and-client-agents?forum=configmanagerdeployment
- Edited by Richard.Knight Monday, March 9, 2015 10:10 PM
- Marked as answer by Joyce L Wednesday, March 18, 2015 3:14 AM
Monday, March 9, 2015 10:04 PM
0

Sign in to vote
I concur with Richk, I would deploy an uninstall program from the "offending" server to the offending clients, then cleanup the AD objects (assuming they extended the schema for SCCM of course).

You could add a startup script or something after the fact to pick up any stragglers, or just use a startup script to kick the uninstalls as a standalone solution.
- Marked as answer by Joyce L Wednesday, March 18, 2015 3:14 AM
Monday, March 9, 2015 10:11 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

Unauthorised Client deployment..

Question

Answers

All replies