You create or import the server app when you configure Azure services for Cloud Management. In Azure Active Directory , find the server app under App registrations.
Open the app, select Settings , and then select Properties. Specifies the Azure AD tenant identifier. Configuration Manager links to this tenant when you configure Azure services for Cloud Management.
To get the value for this property, use the following steps:. On a device that runs Windows 10 or later and is joined to the same Azure AD tenant, open a command prompt. In the Device State section, find the TenantId value. For example, TenantId : bf6f-4d5d-b3dc33fdd49a. An Azure administrator can also obtain this value in the Azure portal.
For more information, see get tenant ID. Specifies one or more Windows user accounts or groups to be given access to client settings and policies. This property is useful when you don't have local administrative credentials on the client computer.
Specify a list of accounts that are separated by semicolons ;. When you use this property, the computer restarts without warning. This behavior occurs even if a user is signed in to Windows. To specify that the client is always internet-based and never connects to the intranet, set this property value to 1. The client's connection type displays Always Internet. Use this property to specify the certificate issuers list. This list includes certificate information for the trusted root certification authorities CA that the Configuration Manager site trusts.
This value is a case-sensitive match for subject attributes that are in the root CA certificate. Separate attributes by a comma , or a semicolon ;. Specify more than one root CA certificate by using a separator bar.
Use the value of the CertificateIssuers attribute in the mobileclient. For more information about the certificate issuers list and how clients use it during the certificate selection process, see Planning for PKI client certificate selection.
If the client has more than one certificate for HTTPS communication, this property specifies the criteria for it to select a valid client authentication certificate. If you use the Subject Name, the Subject keyword is case-sensitive, and the SubjectStr keyword is case-insensitive.
For the complete list of attributes that you can use for certificate selection, see Supported attribute values for PKI certificate selection criteria. If the client installer can't locate a valid certificate in the default Personal certificate store for the computer, use this property to specify an alternate certificate store name.
This property enables debug logging when the client installs. This property causes the client to log low-level information for troubleshooting.
Avoid using this property in production sites. Excessive logging can occur, which might make it difficult to find relevant information in the log files. For more information, see About log files. The frequency in minutes at which the client health evaluation tool ccmeval. Specify an integer value from 1 to By default, ccmeval runs once a day minutes. For more information on client health evaluation, see Monitor clients.
The hour during the day when the client health evaluation tool ccmeval. Specify an integer value from 0 midnight to 23 PM. By default, ccmeval runs at midnight. If you set this property to 1 , the client selects the PKI certificate with the longest validity period. If the client is managed over the internet, this property specifies the FQDN of the internet-based management point. Directly assign internet-based clients to an internet-based site. This property can specify the address of a cloud management gateway CMG.
For example: ccmsetup. Specifies the port for the client to use when it communicates over HTTP to site system servers. By default, this value is Use this property to set the folder to install the Configuration Manager client files.
Regardless of where you install the client files, it always installs the ccmcore. On a bit OS, it installs a copy of ccmcore. When a Configuration Manager log file reaches the maximum size, the client renames it as a backup and creates a new log file. This property specifies how many previous versions of the log file to keep.
The default value is 1. If you set the value to 0 , the client doesn't keep any log file history. This property specifies the maximum log file size in bytes. When a log grows to the specified size, the client renames it as a history file, and creates a new one. The default size is , bytes, and the minimum size is 10, bytes. Set this property to TRUE to block administrators from changing the assigned site in the Configuration Manager control panel. If set to TRUE, this property disables the ability of administrative users from changing the client cache folder settings in the Configuration Manager control panel.
When the client locates a management point, it tells the client about other management points in the hierarchy. This behavior means that the management point that the client finds from DNS can be any one in the hierarchy. You don't have to specify this property if the client is in the same domain as a published management point.
In that case, the client's domain is automatically used to search DNS for management points. For more information about DNS publishing as a service location method for Configuration Manager clients, see Service location and how clients determine their assigned management point. Specify the fallback status point that receives and processes state messages sent by Configuration Manager clients.
For more information, see Determine if you need a fallback status point. If you install the Configuration Manager client without installing App-V, you can't deploy virtual applications. When you enable this property, the client reports status, but doesn't remediate problems that it finds. For more information, see How to configure client status. Use this property to start a task sequence on a client after it successfully registers with the site. If the task sequence installs software updates or applications, clients need a valid client authentication certificate.
Token authentication alone doesn't work. For more information, see Release notes - OS deployment. For example, you provision a new Windows device with Windows Autopilot, auto-enroll it to Microsoft Intune, and then install the Configuration Manager client for co-management.
If you specify this new option, the newly provisioned client then runs a task sequence. This process gives you additional flexibility to install applications and software updates, or configure settings. Create a non-OS deployment task sequence to install apps, install software updates, and configure settings. Deploy this task sequence to the new built-in collection, All Provisioning Devices.
The deployment's purpose can be either available or required. Since you specify the deployment ID as the property value, the purpose doesn't matter. Install the Configuration Manager client on a device using ccmsetup. You do not have to specify any CCMSetup properties for client push installation, or the fallback status point, or the trusted root key in the Installation Properties tab. These settings are automatically supplied to clients when they are installed by using client push installation.
In addition to Client. These settings are read by client installations where CCMSetup is run with no installation properties. The software update point-based installation method does not support the addition of installation properties to the CCMSetup command line. The Group Policy installation method does not support the addition of installation properties to the CCMSetup command line.
If no command line properties have been provisioned on the client computer, CCMSetup searches Active Directory Domain Services for installation properties. These client computers cannot read or access the published installation properties from Active Directory Domain Services. Skip to main content. This browser is no longer supported. Download Microsoft Edge More info. Contents Exit focus mode. Please rate your experience Yes No. Any additional feedback? For more information, see Upgrade clients.
For more information about how to migrate from older versions of the Configuration Manager client, see Planning a client migration strategy. Use the following procedure to create a Configuration Manager package and program that you can deploy to Configuration Manager client computers to upgrade the client software. In the Configuration Manager console, go to the Software Library workspace, expand Application Management , and select the Packages node.
On the Package Definition page of the wizard, select Microsoft from the Publisher list, and select Configuration Manager Client Upgrade from the Package definition list. On the Source Files page, select Always obtain files from a source folder. Then enter the network path of the server and share that contains the client installation files. The computer on which the Configuration Manager deployment runs must have access to the specified network folder.
Otherwise, the client installation fails. To change any of the client installation properties, modify the CCMSetup. Distribute the package to all distribution points that you want to host the client upgrade package. Then deploy the package to device collections that contain clients that you want to upgrade. This procedure is for a traditional client that's connected to an intranet. It uses traditional client authentication methods. To make sure the device remains in a managed state after it installs the client, it must be on the intranet and within a Configuration Manager site boundary.
After you install the Configuration Manager client, devices don't unenroll from Intune. For more information, see Co-management overview. You can use other client installation methods to install the Configuration Manager client on an Intune-managed device. For example, if an Intune-managed device is on the intranet, and joined to the Active Directory domain, you can use group policy to install the Configuration Manager client.
In the Intune Software Publisher, enter command-line parameters. For example, use this command with a traditional client on an intranet:. For an example of a command to use with a Windows client using Azure AD authentication, see How to prepare internet-based devices for co-management.
Assign the app to a group of the enrolled Windows computers. Preinstall the Configuration Manager client on a reference computer that you use to create an OS image. Manually install the Configuration Manager client software on the reference computer. For more information, see How to install Configuration Manager clients manually.
Remove any certificates that are stored in the local computer store on the reference computer. For example, if you use PKI certificates, before you image the computer, remove the certificates in the Personal store for Computer and User.
If the clients are installed in a different Configuration Manager hierarchy than the hierarchy of the reference computer, remove the trusted root key from the reference computer. If clients can't query Active Directory Domain Services to locate a management point, they use the trusted root key to determine trusted management points.
If you deploy all imaged clients in the same hierarchy as that of the master computer, leave the trusted root key in place. If you deploy the clients in different hierarchies, remove the trusted root key.
Also provision these clients with the new trusted root key. For more information, see Planning for the trusted root key. Configuration Manager supports client installation for computers in workgroups. Install the client on workgroup computers by using the method specified in How to install Configuration Manager clients manually.
Manually install the client on each workgroup computer. During installation, the interactive user must have local administrator rights. To access resources in the Configuration Manager site server domain, configure the network access account for the site. Specify this account in the software distribution site component.
For more information, see Site components. Workgroup clients can't locate management points from Active Directory Domain Services. Instead, they use DNS or another management point. Global roaming isn't supported. Workgroup clients can't query Active Directory Domain Services for site information. You can't configure a workgroup client as a distribution point.
Configuration Manager requires that distribution point computers be members of a domain. Check the prerequisites, and then follow the directions in the section How to install Configuration Manager clients manually. This example requires the client to be on a network location that's configured in a boundary group. If this requirement isn't met, automatic site assignment won't work. This property helps to track client deployment and to identify any client communication issues.
This section doesn't apply to clients that use a cloud management gateway. To install internet-based clients by using a cloud management gateway, see Install and assign Configuration Manager clients using Azure AD for authentication.
When the Configuration Manager site supports internet-based client management for clients that are sometimes on an intranet and sometimes on the internet, you have two options when you install clients on the intranet:.
Include the Client. When you use this method, directly assign the client to the site. You can't use automatic site assignment. See the How to install Configuration Manager clients manually section, which provides an example of this configuration method. Install the client for intranet client management, and then assign an internet-based client management point to the client.
Change the management point by using the client properties on the Configuration Manager page in Control Panel, or by using a script. When you use this method, you can use automatic client assignment. For more information, see the How to configure clients for internet-based client management after client installation section. Provide a mechanism for these clients to temporarily connect to the intranet with a VPN. Then install the client by using any appropriate client installation method.
Use an installation method that's independent of Configuration Manager. For example, package the client installation source files onto removable media and send the media to users.
On the media, include a script to manually copy over the client folder. From this folder, install the client by using CCMSetup. Configuration Manager doesn't support installing a client directly from the internet-based management point or from the internet-based software update point.
Clients that are managed over the internet must communicate with internet-based site systems. Ensure that these clients also have public key infrastructure PKI certificates before you install the client. Install these certificates independently from Configuration Manager.
For more information, see PKI certificate requirements. Follow the directions in the section How to install Configuration Manager clients manually. Always include the following options:. When a Configuration Manager client connects to the specified internet-based management point, it sends the client a list of available internet-based management points in the site. The client randomly selects one from the list. If you're using an internet-based fallback status point, specify the Client.
If you're installing the client for internet-only client management, specify the Client. Determine whether you have to specify additional CCMSetup command-line parameters. For example, if the client has more than one valid PKI certificate, you might have to specify a certificate selection criterion. For a list of available properties, see About client installation parameters and properties.
0コメント