SCCM 2007 - External Clients

niaidsdt
niaidsdt used Ask the Experts™
on
I've been asked to looking into how we can manage external clients with SCCM 2007 and need some help getting started/pointed in the right direction.

Our AD topology is that we are a child domain.  In our Child Domain we have a standalone root CA.  The RootCA has been added to the Trusted root certificate store of the Default Domain Policy and as such, all the SCCM clients (windows 7 OS's) trust our Root CA.

Can someone point me or show me how they've managed external SCCM clients with an standalone root CA?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Nagendra Pratap SinghDesktop Applications Specialist

Commented:
You can even manage Workgroup clients.

Do you have a list of the OS versions of the external ones.

Is it in native mode?

Author

Commented:
All cliens will be xp sp3 and windows 7.  We are in mixed mode at the moment.
Nagendra Pratap SinghDesktop Applications Specialist

Commented:
So you have a trust relationship or common forest?

Anyway the Workstation guide/Forum is

http://www.windows-noob.com/forums/index.php?/topic/2029-managing-workgroup-computers-in-sccm-sms-environment/
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
Yes, we have a transitive trust with our parent domain.  


Thanks for the link but i'm not sure how it relates to managing external SCCM clients with a PKI infrastructure.  Each computer has been bound to our child domain.
Are you talking about Clients which are not connected to you Local Network and which have to be managed over the Internet or Clients which aren't in your Domain?
You can manage both:
For Clients which are not in you Domain you need Server Locator Points
For Clients which shell be managed over the Internet,you need VPN, Direct Access or your SCCM Infrastructure published into the Internet
Commented:
I was able to get in contact with Microsoft.

To support external clients we would need to stand up an enterprise CA (for a number of reasons).  

Issue appropriate certificates to the SCCM infrastructure.  Issue all clients certificates.  Once all clients had certs, change from mixed to native mode.  Put a MP in the DMZ.

Author

Commented:
got in contact with microsoft

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial