locked
SCCM Boundaries IP ranges with servers in them RRS feed

  • Question

  • We have a lot of VPN users that are suddenly offsite using corporate devices, and we want to revise our SCCM boundaries.

    I would like to do a giant IP range, rather than individual subnet IP ranges.

    A colleague of mine is concerned that these ranges include servers.

    My understanding is that boundaries and boundary groups don't automatically push or install anything, and can only help SCCM clients (which servers are not) find a site system or which distribution point to use.

    We want to simplify our boundaries and boundary ranges.

    Am I missing something?   Should servers always exist outside of IP ranges defined in SCCM, when SCCM is not managing them?

    Thanks, phil

    Monday, August 10, 2020 5:48 PM

Answers

  • My understanding is that boundaries and boundary groups don't automatically push or install anything,
    Correct Boundary groups don't push or automatically install.

    If the question is:

    What happens when a machine that is not managed is inside a boundary?

    The answer is nothing.  The server or workstation has no knowledge of that boundary, as longs ConfigMgr client is not installed.  The only way it would install the client and be managed would depend on how to push the client.  All machines, right click , login script, Group Policy, manual, etc..

    Even if a machine is outside a boundary, you can still push the client to it.  


    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com

    Monday, August 10, 2020 6:34 PM

All replies

  • My understanding is that boundaries and boundary groups don't automatically push or install anything,
    Correct Boundary groups don't push or automatically install.

    If the question is:

    What happens when a machine that is not managed is inside a boundary?

    The answer is nothing.  The server or workstation has no knowledge of that boundary, as longs ConfigMgr client is not installed.  The only way it would install the client and be managed would depend on how to push the client.  All machines, right click , login script, Group Policy, manual, etc..

    Even if a machine is outside a boundary, you can still push the client to it.  


    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com

    Monday, August 10, 2020 6:34 PM
  • Hi,

    Totally agree with Matthew, these ranges include servers have no impact, we don't need to exclude the servers from the IP ranges.

    By the way, it's not recommend to use IP subnets as ranges, refer to Jason's blog:
    https://home.memftw.com/ip-subnet-boundaries-are-evil/

    This "System Center" Forum will be migrating to a new home on Microsoft Q&A, please refer to this sticky post for more details.

    Regards,
    Allen

    "MECM" forum will be migrating to a new home on Microsoft Q&A!
    We invite you to post new questions in the "MECM" forum's new home on Microsoft Q&A!
    For more information, please refer to the sticky post.

    Tuesday, August 11, 2020 6:41 AM
  • Thank you Matthew, that is my understanding as well.
    Friday, August 14, 2020 5:00 PM
  • Thanks Allen.  I agree with him as well.   And I appreciate the head's up on IP subnets.  I've read that article and was aware, but it is always worth mentioning since it would be so much easier to use supernets for big vlans.

    Friday, August 14, 2020 5:02 PM