Part 12 - SCCM Client Push install in detail

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
client installed so there are various method you can use to install clients on your SCCM System Center Configuration Manager so one method is manual where you have to run a command and you can install client on your device and there's another method is GPO you can create a group policy and then you can use the group policy to install client and the other method is client push install which is very popular and all you have to do is open your configuration manager console and the devices you have to find the device you have to right-click click on install client Next Next Next and done that simple that easy only if we have done the groundwork so in this video we are going to look at what is that groundwork how to check the firewall rules SCCM settings what settings you need to do in your SCCM console on your configuration manager console and also what software you need to check the logs and where to find these logs so we're gonna discuss about that so first of all we will discuss about firewall rules let's get started this is Jai Singh from technics solutions alright to start with we have to login to our domain controller where we will create firewall rules for our clients so what firewall rules we need so let's have a look at the firewall rules so very first rules we need for file sharing on the client hand side we need file sharing rules so that a client can share files with a CCM and secm can share files back with other clients ok and second rules we need WMI rules so WMI is the method WMI has functions which SCCM will use to get some information out of our clients and there's another few rules we will add and we will discuss about those when we add them let's get started I'm logging on to my domain controller so my domain controller is technics - this yo one could be different in your case so let's just open D see o one and in D Co one go to Tools and we will go to group policy management in group policy management extend the tree and we will extend domains our domain and we will find the computer or you in my case the computer Oh you I created was technics computers so it's it's CR technics computers has one computer I think but we will add more if we have to right click create a GPO and I will name it s ECM client rules click on OK and right click Edit we will go to policies make sure we go under computer configuration so we have policies we have windows settings then we will go to security which is here extend that as well and under security we should have Windows Firewall with advanced settings here with advanced security extend that and Windows Firewall with advanced security alright we will extend that further so we will have inbound rules and outbound rules so in inbound rules we will create few rules so we will add in inbound rules right click new rule and this is predefined we will select file and printer sharing select that and next everything is selected I'm happy with that click Next and allow this allow the connection finish and this part is done and again we will add more click on new rule predefined we will add WM I so that our SCCM can talk to our clients our devices and use WMI Curie's so WMI is near windows management instrumentation ok next the three rules selected next allow the connection and finish ok so this part is done in inbound rule so one more rule we will add is TCP to 701 so the reason why we are adding this rule so that SCCM can come and talk to our client remotely if you want to enable remote control from your SCCM client settings we will have a look at soon so in inbound right click new rule and port-based next and it is tcp specify the port which is to 701 and click Next allow the connection next we will need it for domain profile only next and name it allow secm remote control and that's about it click on finish so in when rules are done so now we are going to add outbound rules ok in outbound right click new rule we will select again predefined and file and print sharing printer sharing click Next everything is selected next allow the connection finish ok so we have added inbound and outbound file and print sharing so that our device can read files and our SCCM can put files back on our device so it's back and forth but WMI is just from our windows from over SCCM server side only so SCCM server can run its own Curie's to our windows machines or n devices so this part is done and also we are going to add one more rule new rule and this is port based next and this is TCP as well 1 0 1 2 3 and this port is needed by our SCCM server for our management point to send client notification once we install software Sara once we install client it will send notifications to the end devices so this is why we need that port and we will add that click Next and allow the connection and this will add for the domain as well ok next I will name it as ECM client and notifications once that done click on finish so that part is finished and also on our SCCM server we need to open that one port for our sequel server 1433 and for 0 to 2 we don't have to use group policy for that because we have only one SCCM server if you have multiple servers maybe yes we use GPO but we can add that manually we will go to over SCCM server now and we will add these rules in our SCCM server so in search bar such Windows Firewall with advanced security and in inbound rules right-click new rule and this is a port based click Next and TCP support is 14 33 and 4-0 double - ok and click Next allow the connection next domain private-public we just need it for domain click Next and sequel server port I will copy that finish you can say sequel server port and then in admin rules it's the same thing click new rule port next TCP and ports are 14 33 4 0 double 2 and if we have changed these ports you have to put these ports here whatever the porch we have changed I kept everything default in sequel server so I do not have to change these ports so click Next and allow the connection and then you can name it and then finish it ok so I will just create it for domain 1 small change I would like to do because you have added these two rules at the moment in in one is inbound second is outbound so if we click on inbound you see sequel server port the rule that we added or the name you have given right click and go to properties and click advanced and allow it for everything actually so just in case if something is not on domain and you still live like your sequel server to communicate with so allow everything click apply and ok same thing we do for the outbound rules right click and click on properties and then go to advanced and just take these two boxes so at the moment all three are ticked domain private and public and click apply ok so all the firewall ports are done so the next part is we have to make some changes for the client settings so the client settings changes we are going to do on our SCCM server where we are at the moment okay so also we have to test the GPU because the windows firewall ports that we have opened open login to your computer windows computer so my case is PC - oh one let's just test the windows firewall rule have they come into effect or not on our PC - oh one babe we have applied the rule you can do gpupdate space forward slash force or you can restart the device and if we get the latest group policy so I'm just restarting the device so let's just make sure that it gets the right rules okay so I logged into PC - oh one and login as administrator and open the Windows Defender Firewall with advanced security and if you click on inbound rules you can see allow SCCM remote control group policy has it has been applied so it looks good and we go back to over SCCM server I logged in as administrator it doesn't affect the client installation if you log in as administrator or you log in as a standard user so let's go back to our secm server so which is tekneqs - SEO one so click on administration and extend it and then we go to sites on the sides you will see client installation settings this is set this setting is very important click on client institution solution so click under accounts here we have to specify an account according to Microsoft recommendation this account has does not have to be domain admin it has to be local admin on the machine it does not have to be domain admin account it can be just a normal standard account so but it has to be a local administrator on the actually machine so it can access see dollar on the machine we will test it soon so client push install so here we are using just a CCM account as you know this is just lab environment and I will click on new account and username click browse and SCCM check names it checked the name click OK and type in password twice and they click verify so here we will browse to PC - a1 backward slash C dollar so that's a remote path test connection connection was successfully verified if your PC name is something else you can type in your PC name make sure you type in two backwards lashes then PC name backward slash C dollar okay if it can access this path on that computer then it will be able to put the files there put the required files there OK and then click OK and then apply and ok alright this part is done now we are ready to install client and other part is I'll show you if you go back to your PC or one in PC or one Open File Explorer and open this PC under local disk C if you double click that go to Windows if you look here there's no CCM setup folder here ok as soon as we will we will push the installation here we will see see see CCM setup folder as you know we have we are logged in its administrator if we go windows are backward slash backward slash techniques - SC a1 we should be able to view these shared files on hours from over server ok and if you click on SMS underscore Tek Tek or SMS underscore your site name double click on that go to tools and then we need CCM trace ok copy that on the desktop its here we go back and there are logs file good logs and then open CCM log ok CCM log is here so right click open with cesium trace what we'll do is we'll open cesium trace first yes so we will make a default log view so now if you go back go back open this it will open this log file for us so apart from this we will look at this CCM log file apart from this open task manager on your PC or one or on your PC where you would like to install client and in here I'll click on more details and under details you will see a file running with that would be CCM setup file as soon as we push we will see that file running here okay so let's go back to our server okay and go to assets and compliance click on devices we can see PC - or one device here okay client no nothing installed right click click on install client click Next always install client uninstall client if there is any we click no and we just you pick this option install the clients from a specified site click that we have this site click Next and this is the summary click Next test the progress close so let's go back to over PC PC 1 and here we should see CCM setup running ok so details we go to local this say windows cesium set a folder here and details CCM setup XC is running and let's go back to the log file in CCM trace it will say the push installed request some submitted successfully and machine name is PC o1 so WMI you can ignore this error for now and it's verifying so you can see started service CCM setup here okay so completed request and deleted it let's go back so CCM setup it will change to CCM exact shortly so I checked the log file and it's it's about like five six minutes I've been waiting I thought it will install then I check the log file and it gave me an error failed to get DP locations so let's fix that error so we'll go back to our SCCM server and in our SCCM server will click on administration and then click on distribution points so that's the distribution point a right click on your distribution point by the way that distribution point options comes under security okay right click on your distribution point you will see your distribution there by default and click on properties and in properties under content we have Client Manager package which is good and content validation we don't need that boundary groups we have to add a boundary group here okay so the boundary group we created earlier we will add it to a check next boundary group all right so click OK its boundary group sits here and hit apply and ok so this is done we'll go back to our assets and compliance select devices pchew one right click install client we will push the client again there's no harm push it again it's going to try anyway to install but we will install it again and install from specific sites we have that and click next and next and done close that let's go back to our PC or one and it will try against to install it let's have a look what it does now ok it created the job again here CCM setup it's running and let's have a look what it does okay so now you can see here in task manager CCM it was setup change to restart and we have CCM exec here which is a good news that every client push install actually works so we can see this game exec is changed from CCM setup and if you click on Windows logo you should see some times soon you will see Software Center option available here so it's just finishing up now let's have a look what it says now about our PC or one let's just click on users click on devices and increase your 1 you can see client installed yes and it gives you the site name as well and the primary user it's not reporting back yet and we will see client activity which is here next to side code it will say active inactive available and primary users as well once it gets one SCCM we'll retrieve enough information it will populate that option as well so we'll go back to our PC or one and see if we have Software Center coming up here so Software Center option is available if you click on that it will load the software Center option and here ok and in our secm server and I would like to mention that in our secm server if you click on administration and that there will be client settings this is the default client settings if you right click go to properties we have different options here which we can change which we can manage ok here the remote tools we can actually enable that at the moment it is disabled I figure configure setting enable remote tools for domain and click ok and so that's about it and apart from that we can actually so under hardware inventory you can see organization name displayed in Software Center so let's just do it technics solutions and hit okay or reply so right click go to properties and now in our surface Center before it was coming blank if we go back to PC o one we will see Software Center C it says I see organization soon it will show techniques solutions if you open command prompt and type in control space SMS CFG RC and hit enter it will load configuration manager properties ok and you can open control panel and in control panel change the icons to large icons you will see configuration manager here ok you can click that it will open the same window alright so in here if you click on configurations any configuration you will see here actions you can run these different actions in general you can see management point currently intranet within the network and version number of the client you can see here if under actions whatever the policy is available here you can run from here if you click on if you select any policy for example let's just run user policy run now if there is any user policy it will run that policy machine policy it will run that policy as well and click OK to close it so let's close this as well let's close surface area as well let's open the surface enter again to see if it we can see technics solutions change okay so as you can see now technics solution is coming up here and also let's test our remote tools as well so we'll go back to CCM server and let's cancel this before we cancel this actually go to properties and let's have a look at remote tools so we have option here allow remote control of an unattended compute which is yes which is good let's click OK go to assets and compliance go to devices so that's the computer we're gonna want to connect right click and then you can start remote control okay let's just do that so connecting to the host asking the remote user to allow remote control so we go back to PC or one approve and let's just minimize this we go back to our server SCCM server as you can see here this is how you can connect remotely with the help of eccm remote control tool so this is great our remote control tool is working as well let's just close it that's all for this video give this video a thumbs up if you feel like this was informative for you and also subscribe to my channel to show your support so I can create quality content for you in future as well see you in the next video
Info
Channel: TekNex Solutions
Views: 40,696
Rating: undefined out of 5
Keywords: Software center configuration manager, config manager, sccm, windows 10, client push install, windows server, windows sql server, microsoft, sccm current branch full guide, #sccm
Id: 0FcDiG7Zh3M
Channel Id: undefined
Length: 23min 33sec (1413 seconds)
Published: Tue Nov 20 2018
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.