Friday, January 24, 2014

SCCM 2012: How to Manual SCEP Client Installation

How to do it…

  1. Log into your SCCM CAS server and launch your SCCM 2012 management console.
  2. Navigate to \Software Library\Overview\Application Management\Packages and right click on the object called Configuration Manager Client Package and select Properties.
  3. The Configuration Manager Client Package Properties window should pop up, select that tab titled Data Source and locate the Source Folder field.

4. Make note of the path listed in the Source Folder field then enter this same path into Windows Explorer. Once you’ve done this, you can click Cancel to close the Configuration Manager Client Package Properties window.
5. The contents of the folder should be identical to the screen shot below.

6. The only two files in this directory that we need right now are ep_defaultpolicy.xml and scepinstall.exe.  Copy these to files to a thumb drive or a CD-R.
7. Now login to the PC we’re targeting for a manual SCEP installation and insert the media format you chose in step 6.
8. Open a command prompt with admin privileges and enter the following syntax
SCEPInstall.exe /policy C:\scep\ep_defaultpolicy.xml
In your case, the path for ep_defaultpolicy will be the installation media you’ve selected. Press Enter and the SCEP installer should pop up.

9. Proceed through the wizard, making your selections as you go. Once the wizard has completed, make sure that the SCEP client is able to download its initial set of definitions.

How it works…

The hardest part of this recipe is locating your SCEP client installation media, because the only copy you’ll have is the one that’s been bundled with the SCCM client installation package.
By copying both the SCEP install exe and the policy xml file and then running them manually on a target client, you’ll end up with a SCEP client that starts off with a similar configuration to your normal SCCM-deployed SCEP clients.
Keep in mind that any future changes to this PC’s SCEP policy will need to be done manually. Also, in order to get definition updates, this PC’s SCEP client will either need to be able to reach Microsoft Updates on the internet or a WSUS server in your environment that is enabled to push SCEP definitions.
It goes without saying that any Antivirus related events on this PC will not be reported to the SCCM server. So it will be up to the user of this PC to keep an eye on what’s going on with the system – much like you would manage an AV client on your home computer.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)