I have been approached to manage systems that are not domain joined and stand alone systems. Due to company policy they cannot join the domain.

If I understood correctly then SCCM 2012 can manage workgroup systems but cannot deploy any software nor windows updates to workgroup/stand alone systems?

I was going to propose following alternate solution (high level points) so they can be properly managed and let me know if anyone thinks it wont work or might need additional work. The goal here is to be able to deploy software and windows updates on regular basis to these systems like other managed clients.

• Create new domain under same forest where SCCM resides.
• Join these machines to new domain
• Install SCCM site system and assign MP and DP roles
• Create a network access account in new domain and configure SCCM with this account
• Allow SCCM to publish site information in new domain using network access account
• Install SCCM client on all systems in new domain

Thank you in advance for your suggestions

SCCM can manage and deploy application/software/update to workgroup computer.

The only thing you need to do is manually install the client on those computer and point them to the primary site. After that you will need to approve the computer in SCCM console.

You could configure auto approve all computer but this is NOT a good practice.

Also you need to make sure that the client can reach the MP so make sure he as the right DNS

Also make sure you have proper boundaries configure. Because you can't use AD site form those computers

Don't forget the network access account as well.

The only thing you will not be able to do is deploy to a USER on a workgroup computer.

• Edited by Frederick Dicaire 16 hours 55 minutes ago
• Marked as answer by Jason SandysMVP, Moderator 16 hours 52 minutes ago

When I looked at MS document https://technet.microsoft.com/en-us/library/gg712298.aspx on how to manage workgroup machines then probably I ignored the word "users" in the following point there fore I thought software deployment cannot be possible.

• You cannot deploy software to users of workgroup computers.

Thank you for clarification. I will give it a try..

:)

Just to reinforce, ConfigMgr doesn't care if a system is joined to the domain or not -- there is almost no difference when managing domain and non-joined systems. The small differences are those that Frederick outlined above and even these aren't because of a limitation in ConfigMgr but are based on the nature of the systems not being doma