Hi,

Is it approved in the SCCM Admin console? Workgroup computer are per default not approved, there is a site setting you can change to auto-approve all computers and not only domain join.

Find site will query AD for a site to belong to so it will not work. Network access account is required, is that configured?

Check out this post as well.

http://eskonr.com/2013/08/sccm-configmgr-2012-manage-workgroup-computers-for-deploymentremote-tools-etc/

Regards,
Jrgen

Hi,

Is it approved in the SCCM Admin console? Workgroup computer are per default not approved, there is a site setting you can change to auto-approve all computers and not only domain join.

Find site will query AD for a site to belong to so it will not work. Network access account is required, is that configured?

Check out this post as well.

http://eskonr.com/2013/08/sccm-configmgr-2012-manage-workgroup-computers-for-deploymentremote-tools-etc/

Regards,
J

Hi

Changing it to approve all computers will solve it for future workgroup computers you install, but for this one, right-click and select approve and it should be approved in the site.

the Network access account must be configured as well, http://www.david-obrien.net/2012/10/create-a-network-access-accountconfiguration-manager-2012/

Regards,
Jrgen

Hi

Changing it to approve all computers will solve it for future workgroup computers you install, but for this one, right-click and select approve and it should be approved in the site.

the Network access account must be configured as well, http://www.david-obrien.net/2012/10/create-a-network-access-accountconfiguration-manager-2012/

Regards,
J

If you set back to trusted then the device already approved is fine.

Here's some detail on approval from MS. Even though it's 2007 it still relates to 2012

https://technet.microsoft.com/en-us/library/bb694193.aspx

'The most secure approval method is to automatically approve clients that are members of trusted domains. In this mode, clients that are not members of a trusted domain, including workgroup clients, must be manually approved. If you want to manually verify every client before it is allowed to receive policies containing sensitive data, set the approval mode to manual. Automatically approving all clients is not recommended unless you have other access controls to prevent untrustworthy computers from accessing your network.'

Is this possible and if so, how do I do it?

I have windows servers that for some reason are not allowed to be joined to my AD domain, but I need it to have SCCM client installed for windows update purpose using SCCM SUP.

thanks

NB:

what i've tried so far without luck:

- initiate ccmsetup.exe from the client with ccmsetup.exe /mp:CM12.mydomain.com SMSSITECODE=XYZ FSP=CM12.mydomain.com = client installed but not assigned to any site. when i open config mgr properties from control panel, the button "find site" is greyed out no matter what i do

- manual import host from Config Mgr 2012 console using MAC address and GUID. host added but logon failed because i'm using domain account on client push global properties

• Edited by Arranda Saputra 23 hours 54 minutes ago

If you set back to trusted then the device already approved is fine.

Here's some detail on approval from MS. Even though it's 2007 it still relates to 2012

https://technet.microsoft.com/en-us/library/bb694193.aspx

'The most secure approval method is to automatically approve clients that are members of trusted domains. In this mode, clients that are not members of a trusted domain, including workgroup clients, must be manually approved. If you want to manually verify every client before it is allowed to receive policies containing sensitive data, set the approval mode to manual. Automatically approving all clients is not recommended unless you have other access controls to prevent untrustworthy computers from accessing your network.'