Dear all,

we are currently managing our Windows 7 clients with SCCM 2012. Our various servers are not yet managed via SCCM, the client is not installed on these systems and they are outside the boundaries.

Now we would like to manage our servers as well, but we only want to use inventory, for license management. The infrastructure guys do NOT want any packages, applications, updates or configuration changes deployed to the machines, so we need to limit the SCCM client to just a few functions (like collecting hardware and software data).

My idea is to somehow separate the servers from the other machines, i.e. by putting them in a specific boundary, and then deploy specific client settings to them, but I don't know if this will work.

So, to help me get started on this issue, can anybody give me some advice on where to begin? Does anybody already do something like this? The scenario does not seem to be too far fetched, and maybe you could give me some hints on how you accomplished it and what I should take into consideration.

Any help is appreciated, many thanks in advance

Lars Bremer

Hi,

This is pretty common scenario. The best way to achieve this is to split your servers using a collection and deploy a different client settings. You could target your collection using the OS or an OU in AD. There are many option there.

You could also limit the access to the Server collection using Role Based Access to avoid any human "errors" on these collections. Users without rights to these collection just won't see them.

https://technet.microsoft.com/en-us/library/gg682067.aspx?f=255&MSPPError=-2147217396

http://blogs.technet.com/b/configmgrteam/archive/2011/09/23/introducing-role-based-administration-in-system-center-2012-configuration-manager.aspx

If you want to manage by OU make sure you have AD system discovery configured to inventory the OU the servers are in. As Benoit mentioned, once you have information in your SCCM infrastructure for these servers to use for creating collections, you can define a custom client policy and deploy that policy to the collection with all your servers. Depending on how the rest of your collections are set up in your infrastructure, you may have to modify those collections to exclude the server systems so your regular deployments etc. don't get pushed to servers. You may just want to create a collection of all systems that do not have a server OS, and limit your workstation collections to that, instead of All Systems. There are a few things to be aware of but it should be pretty straightforward to implement. As Benoit said, it is a common scenario. Just be aware that servers could fall into some of your workstation collections depending on how things are configured.

My idea is to somehow separate the servers from the other machines, i.e. by putting them in a specific boundary, and then deploy specific client settings to them, but I don't know if this will work.

Deploying custom client settings is the way to go, but boundaries are not involved here. You have to put all servers in a (dynamic) collection and deploy those settings to it

Thank you very much for the input! Finally it has been decided NOT to use SCCM on the servers, the cost for server MLs would have been too high. We will now take a look at the Assessment and Planning Toolkit. Nevertheless: thanks everybody!