This account must have local administrator rights on the target computer to install the client. Specify at least one client push installation account. Select the Create icon, enter the User name and Password (no more than 38 characters), confirm the password, and then select OK. On the Accounts tab, specify one or more accounts for Configuration Manager to use when it connects to the target computer. Select whether you want to install the client on domain controllers. Select the system types to which Configuration Manager should push the client software. Kerberos in Windows relies on Active Directory for mutual authentication. To use this feature, clients must be in a trusted Active Directory forest. For more information on the security considerations of these authentication protocols, read about the Windows security policy setting to restrict NTLM. This enhancement helps to secure the communication between the server and the client.ĭepending on your security policies, your environment might already prefer or require Kerberos over the older NTLM authentication. Starting in version 1806, the site can require Kerberos mutual authentication by not allowing fallback to NTLM before establishing the connection. When it uses client push to install the Configuration Manager client, the site server creates a remote connection to the client. The recommended configuration for improved security is to disable this setting, which requires Kerberos without NTLM fallback. If the site can't authenticate the client by using Kerberos, it retries the connection by using NTLM. The option to Allow connection fallback to NTLM is enabled by default, which is consistent with previous behavior. Starting in version 1806, when you update the site, a Kerberos check for client push is enabled. On the General tab of the Client Push Installation Properties window, select Enable automatic site-wide client push installation. On the Home tab of the ribbon, in the Settings group, select Client Installation Settings, and then select Client Push Installation. Select the site for which you want to configure automatic site-wide client push installation. In the Configuration Manager console, go to the Administration workspace, expand Site Configuration, and select the Sites node. Configure the site to automatically use client push for discovered computers For more information, see Installation method dependencies. The CCMSetup.log file on the client records the installation process.Ĭlient push only succeeds if all prerequisites are met. For example, the CCM.log file on the site server records any problems that occur when the site server connects to the computer. The log files don't require a fallback status point. To track client installation progress, view the client deployment and assignment reports.Ĭlient log files provide more detailed information for troubleshooting. When you install a fallback status point, it's automatically assigned to clients when they're installed by the client push installation method. To help track the client installation process, install a fallback status point before you install the clients. The server continues to retry for up to seven days. If the site server can't contact the client computer or start the setup process, it automatically retries the installation every hour. The installation will succeed only if one of the items returned by the query is the ResourceID attribute of the System Resource class. Use the Client Push Installation Wizard to install the Configuration Manager client, which you can use to query the result. Start client push installation by running the Client Push Installation Wizard for a specific collection or resource within a collection. This method is scoped to the site's configured boundaries when those boundaries are configured as a boundary group. When you configure client push installation for a site, client installation automatically runs on computers that the site discovers. There are three main ways to use client push: Security and privacy for Configuration Manager clients.Prerequisites for deploying clients to Windows computers.For more information on planning and preparing for client deployment, see these articles: This article provides details on how to deploy the Configuration Manager client to Windows computers. Applies to: Configuration Manager (current branch)
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |