Hi guys,

We have a few clients which are managed by us through AD and such however their devices operate on a separate networks.

I have no problem pushing agents out to devices on our network. So, do I have to push agents out using diff. method - via GPO/install them manually for devices not operating on our network.

And how about when I need to push windows updates through to these devices which operate on a network not discoverable to my own - would I need to configure boundaries for this?

Kind Regards, Travis

Boundaries are basically not needed at all (with limitations of course), but you should set up a boundary/group for that location and assign a DP to it. That DP has to be reached of course (firewall etc)

Hi Torsten, can you point me to some reading material for the DP bit?

• Proposed as answer by Garth JonesMVP, Moderator 19 hours 29 minutes ago
• Unproposed as answer by Garth JonesMVP, Moderator 19 hours 29 minutes ago

Can someone advise on how one might go about facilitating different networks for windows updates.

You would need a device on the external network say which you would have setup some kind of site to site vpn, then to deploy a DP to that device on the external network?

Planning for Content Management in Configuration Manager: https://technet.microsoft.com/en-us/library/gg712321.aspx

Define "external network". How is that connected to your LAN?

Hi Torsten,

As I'm sure you can tell I'm not the most network savvy individual.

Basically we support a number of clients who remotely access our network using VMWare View/Horizon (like Citrix) however their local PCs are not domained/workgroup and are on a network separate to our own e.g. building management provide the internet and ports etc.

Currently we use GFI to manage updates across our network and this takes care of any non domained workgroup pcs but just not sure how sccm could do this, to be able to manage from central point from our main network.

So, it sounds like these clients never touch your actual network. You first need to verify this and possibly get your network team involved to define exactly how you can interact with those systems.

Internet Based Client Management (IBCM) is a possibility is these systems connect over the Internet or if they do actually connect and are accessible, then you don't need to do anything special. It all hinges on their connectivity which you need to go find out and learn about (it's a fundamental topic in IT administration kind of like being able to add).

Hi Jason,

I'm strictly speaking for PCs which don't interact with our network. We connect to our client PCs using GFI Remote Max Management, basically this requires us to install a GFI remote agent on the PC before shipping it out, this then connects back to our central GFI management dashboard - all it requires is an active internet connection.

So what I'm trying to understand is, can I facilitate external networks from our current SCCM server, to centralise everything and if not, suggestions?

The main bulk of our network is covered by SCCM but i'm trying to get ideas how best to take care of these non-domain pcs on sites external to our network, many of these clients use vmware to connect into our network.

They still have some sort of connectivity though otherwise they wouldn't be able to connect at all. It sounds like they connect back over the Internet from your above statement. Thus as mentioned, the IBCM feature set will fully support managing these clients -- ConfigMgr never cares about domain membership for managing systems.

Hi Torsten, can you point me to some reading material for the DP bit?

• Proposed as answer by Garth JonesMVP, Moderator Friday, September 11, 2015 12:17 PM
• Unproposed as answer by Garth JonesMVP, Moderator Friday, September 11, 2015 12:17 PM