SCCM Client Install where Client is not on VPN but we have a CMG and IBCN
Look at what are the options of installing SCCM Client on machines where they are not connected to our VPN.
We have a CMG set and IBCN and plan on having a SCCM Client package available for users to install. Howevcr with the ccmsetup.exe should we be looking at any particular switches for clients that are not on our VPN. Do we need to consider as part of our package deploying a certificate so client can effectively communicate with the CMG?
Should we look at using the property for SMSSignCert?
Microsoft Article states export self-signed certificate on the site server. The site server stores this certificate in the SMS certificate store. It has the Subject name Site Server and the friendly name Site Server Signing Certificate.
Export the certificate without the private key, store the file securely, and access it only from a secured channel.
Then use /UsePKICert SMSSIGNCERT=C:foldersmssign.cer
The aim is to repair SCCM clients where users do not have VPN so a uninstall and reinstall of the SCCM Client to point to the CMG to fall back under management.