aspathak
asked on
implementing group policy without server reboot
HI,
I have created a group policy this is related to SCCM client install on targeted server. It requires a reboot for .msi installation . Can I do that without a reboot. I tried gpupdate /force the GPO is getting propagated to targeted server checked it with rsop.msc but the client is not getting installed.
I have created a group policy this is related to SCCM client install on targeted server. It requires a reboot for .msi installation . Can I do that without a reboot. I tried gpupdate /force the GPO is getting propagated to targeted server checked it with rsop.msc but the client is not getting installed.
ASKER
we have different domain without trust relationship and when we are trying to push the client from primary node then it's taking primary site server as mp. so trying to push it via gpo for every domain. we have tight schedule so checking if we can have the client installed without reboot.
Hi,
If it's urgent and there are not many servers then do it manually, but that does presume remote connectivity. Probably the quickest (and ugliest) way but only for a few boxes.
The client does not need a reboot. Adding GPOs into the mix is just adding complication.
Anyway, there is a better way :). Are your machines discovered yet? If not, it looks like CM has improved ways to handle untrusted domains. You just setup discovery with an account that has permission.
Please see Peter va der Woude's blog: https://www.petervanderwoude.nl/post/using-client-push-installation-on-untrusted-forest-systems-with-configmgr-2012/
Mike
If it's urgent and there are not many servers then do it manually, but that does presume remote connectivity. Probably the quickest (and ugliest) way but only for a few boxes.
The client does not need a reboot. Adding GPOs into the mix is just adding complication.
Anyway, there is a better way :). Are your machines discovered yet? If not, it looks like CM has improved ways to handle untrusted domains. You just setup discovery with an account that has permission.
Please see Peter va der Woude's blog: https://www.petervanderwoude.nl/post/using-client-push-installation-on-untrusted-forest-systems-with-configmgr-2012/
Mike
ASKER
We have lots of compliance limitations and boundaries were already created. Forest discovery resulted in lots of unnecessary boundaries created and this is no more an option now..Along with non-trusted domains we have non-trusted forests.
GP method for SCCM client, I am doing after lots of digging to the environment.
Only via GPO clients are taking the right MP, there are lots of things involved not just pushing/installing the SCCM client. if we are updating manually it's pointing to primary site server.
Again any suggestion on update and reinstall of client from SCCM GPO without reboot of the server.
Thanks
GP method for SCCM client, I am doing after lots of digging to the environment.
Only via GPO clients are taking the right MP, there are lots of things involved not just pushing/installing the SCCM client. if we are updating manually it's pointing to primary site server.
Again any suggestion on update and reinstall of client from SCCM GPO without reboot of the server.
Thanks
OK, well you seem to be pretty stuck on using GPOs but don't want a reboot. You can't have your cake with that.
The only alternative I can suggest is PowerShell remoting. Copy the files to the server and execute ccmsetup.exe. You mention "taking the right MP". Are you using a command-line with ccmsetup?
The only reason you don't need one (ii.e. can get away with being lazy and just running ccmsetup.exe) is that when you extend AD, it adds those properties to the schema so they are automatically applied. When your machine is not in AD, it loses the luxury of that info, so you need to specify the full command string.
ccmsetup /MP=yourMP /FSP=yourFSP /Site=Yoursite
Please check the syntax - I'm typing from memory. It's not a /m but you get the idea.
Anyway, at least with PowerShell you can point it at a CSV file of servers so it's automated.
Mike
The only alternative I can suggest is PowerShell remoting. Copy the files to the server and execute ccmsetup.exe. You mention "taking the right MP". Are you using a command-line with ccmsetup?
The only reason you don't need one (ii.e. can get away with being lazy and just running ccmsetup.exe) is that when you extend AD, it adds those properties to the schema so they are automatically applied. When your machine is not in AD, it loses the luxury of that info, so you need to specify the full command string.
ccmsetup /MP=yourMP /FSP=yourFSP /Site=Yoursite
Please check the syntax - I'm typing from memory. It's not a /m but you get the idea.
Anyway, at least with PowerShell you can point it at a CSV file of servers so it's automated.
Mike
ASKER
Thanks for the powershell option and this seems to be more feasible.yes schema has been extended for SCCM in AD. Need more hint if I can import SCCM powershell module to a MP server in te environment
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks Mike T.
You're welcome. Enjoy the Powershell.
If you do with GPO you have to reboot the server, if you do with AD discovery and install it thru sccm you do not need tor restart a server.