Jump to content


Adding workgroup or different domain clients to SCCM 2012

Recommended Posts

I have a running SCCM 2012 with Endpoint protection and I can install computers inside my domain without any problems. I tried adding 1 windows 7 from another domain (not trusted) and a Windows 2008 R2 which belongs to a workgroup.


The steps I followed are

1)Add the computers in SCCM devices through their mac address (Import computer information)

2) Add in hosts file the fqdn of the sccm to the clients and from the clients to sccm

3) Make sure that sccm has access \\pc\admin$ and the clients to sccm's folders

4) I run the following

netsh advfirewall firewall set rule group="File andPrinter Sharing" new enable=yes

netsh advfirewall firewall set rule group="windows management instrumentation (wmi)" new enable =yes

5) and finally ccmsetup SMSSITECODE=IWS SMSSLP=SCCM2012 /mp:SCCM2012 ( I also tried it with full FQDN name)


After the installation is finished, I can see that the software center 2012 is installed, but not the Endpoint protection. I only use (for the moment) sccm for the endpoint protection, so I cant verify if everything else works or not. Also in the sccm configuration manager (of the Primary server) I can see that in the devices' information both clients have moved from "no" to "yes"


I am trying to find how to properly install the sccm client to workgroup and different domain clients. I have included a log file from the windows 2008 r2 client. The log is from a second attempt to install sccm. (ofc I did ccmsetup.exe /uninstall first) ccmsetup.log

Share this post

Link to post
Share on other sites

This is driving me crazy...I installed manually scepinstall (endpoint) I updated it through internet and after 2 hours without doing anything, I suddendly realized that endpoint was managed by sccm (I checked the different settings in scheduled tasks and now everything is locked like i have configured the endpoint policy)


Is there a logical explanation, why its working now? The reason I am asking is because I am going to install endpoint to many clients and I need to find a properl installation procedure.

Share this post

Link to post
Share on other sites

When in a Forest with one domain and several child domains. There will be one Central Service manager to support all domains. It means all CI's and WI's will be imported in one database. But the problem for us lies where we want each domain to have its own console and helpdesk team. For example: Helpdesk users from each domain can only see objects, incidents, activities, reports and etc from their own domain and not by other child domains. Also The main domain (root domain) will aggregate and hold all information.

1. Install a Primary site in you second domain. "Optional"

2. Does the machine name of the SCCM server have READ rights on the second domain? Usually, if you do have 2 way trusts, there shouldn't be an access issue. If not, apply rights. and setup the two-way trust. (without this, it will never work)

3.You can still put a secondary site at the Domain B location(s) but keep it a member of Domain A. There is no requirment that says it has to be a member of Domain B to be physically co-located with domain B.

Install SCCM Client on Another Forest Trusted Domain



There are few ways to perform the SCCM client installation in another trusted domain. For example, using start-up or login script, manual installation, and using client push method. Out of so many method, I would like to share something on the client push method.


First of all, you are require to add the Server Locator Point (SLP) role in your SCCM server. Here is the: http://technet.microsoft.com/en-us/library/bb680672.aspx on how to create SLP in SCCM.

Next, add the account that has domain admin rights on the another domain to the Client Push Installation account. Here is the http://technet.microsoft.com/en-us/library/bb680908.aspx on how to configure Client Push Installation account.

After configured the Client Push Installation account, click on the Client tab. Enter the following to the installation properties, SMSSITECODE=XXX SMSSLP=SCCMSERVER.DOMAIN.COM

Now, try right click the workstation name and select Install Client, go through the wizard to perform the installation.

Share this post

Link to post
Share on other sites

The problem is that most of my clients are in a workgroup, so I cant use trusted domains, or AD at all. I need to find a proper installation procedure to use for installing sccm in workgroup computers. Also I cant use a forest domain controller, as the domains belong to totally different companies and I host them in a datacenter

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...