Native Mode

How to install a ConfigMgr Client on a WORKGROUP computer, when the ConfigMgr Site is in Native Mode.

by

To install a ConfigMgr Client on a WORKGROUP computer is always a nice battle, when the ConfigMgr Site is in Native Mode. I think I am not the only one who didn’t work that much with certificates before ConfigMgr. So to make the basics of this process for everyone a bit easier I wrote down these seven steps for implementing the correct certificates and installing the ConfigMgr Client on a WORKGROUP client. These same steps can also be used for separate forests. Step 1. Export the Root Certificate for use on the WORKGROUP computer Logon to the Certification Authority server and create a folder to contain your certificate files (eg C:\Certificates). Open a command prompt and go to the just created folder. Use the following …

Read more

Prepare ConfigMgr Client for Capture doesn’t remove the AllowedRootCAHashCode value

by

In the most situations it doesn’t matter that the AllowedRootCAHashCode value doesn’t get removed during a Capture of the client, but there is one situation where it does matter. This one situation is when there has to be one image for multiple domains and every domain has its own issuing CA’s. This situation is a problem because the client stores a copy of the Root Certificate in the AllowedRootCAHashCode key. Because it contains the wrong value for the Root Certificate the client isn’t able to get a new Site Signing Certificate (which is also stored in the registry), so the client isn’t able to check the policies. As workaround for this I created a Task Sequence step (in the install Task Sequence) to delete the …

Read more

Certificates needed for Native Mode

by

The biggest problem, for me, with Native Mode were all the certificates that were needed. That’s why I created an table for myself with the basic certificates that are needed for Native Mode and where to add them. The “Where to add” column is based on Windows Server 2008. ConfigMgr Component Use Where to add Primary Site Server Document Signing ConfigMgr > Site Management > Site Database > Properties Primary Site > Tab Site Mode Management Point, Proxy Management Point, Distribution Point, Software Update Point en (State Migration Point) Server Authentication (Web Server Template) IIS > -Right-click- Sites > Edit Bindings > HTTPS -Edit- Client computers Client Authentication (Computer Template) GPO > Policies > Computer Configuration > Windows Settings > Security Settings > Public Key …

Read more