Use the following sections in this topic to help you configure client management settings in System Center 2012 Configuration Manager.
- Configure Client Settings for
- Configure Settings for Client Approval
and Conflicting Client Records
a Fallback Site for Automatic Site Assignment
- Configure Client Communication Port
- Configure Custom Websites
Wake on LAN
Configure Client Settings for Configuration Manager
|The information in this section also appears in How to Configure Client Settings in Configuration Manager.|
You manage all client settings in System Center 2012 Configuration Manager from the Client Settings node in the Administration workspace of the Configuration Manager console. Modify the default settings when you want to configure settings for all users and devices in the hierarchy. If you want to apply different settings to just some users or devices, create custom settings and assign these to collections.
Use one of the following procedures to configure client settings:
How to Configure the Default Client Settings
How to Create and Deploy Custom Client Settings
Configure Settings for Client Approval and Conflicting Client Records
Specify settings for client approval and conflicting client records to help Configuration Manager securely identify clients. These settings apply to the hierarchy for all clients.
Configure approval for when clients do not use a PKI certificate for client authentication.
Configure settings for conflicting records for when Configuration Manager detects duplicate hardware IDs and cannot resolve the conflict. Configuration Manager uses the hardware ID to attempt to identify clients that might be duplicates and alert you to the conflicting records. For example, if you reinstall a computer, the hardware ID would be the same but the GUID used by Configuration Manager might be changed. When Configuration Manager can resolve a conflict by using Windows authentication of the computer account or a PKI certificate from a trusted source, the conflict is automatically resolved for you. However, when Configuration Manager cannot resolve the conflict, it uses a hierarchy setting that either automatically merges the records when it detects duplicate hardware IDs (the default setting), or allows you to decide when to merge, block, or create new client records. If you decide to manually manage duplicate records, you must manually resolve the conflicting records by using the Configuration Manager console.
To configure hierarchy settings for client approval and conflicting client records
Configure a Fallback Site for Automatic Site Assignment
You can specify a hierarchy-wide fallback site for automatic site assignment.
The fallback site is assigned to a new client that is configured to automatically discover its site when that client is on a network boundary that is not associated with any boundary group configured for site assignment.
To configure a fallback site for automatic site assignment
Configure Client Communication Port Numbers
The information in this section also appears in How to Configure Client Communication Port Numbers in Configuration Manager
You can change the request port numbers that System Center 2012 Configuration Manager clients use to communicate with site systems that use HTTP and HTTPS for communication. For Configuration Manager SP1 only, you can also specify a client notification port if you do not want to use HTTP or HTTPS. Although HTTP or HTTPS is more likely to be already configured for firewalls, client notification that uses HTTP or HTTPS requires more CPU usage and memory on the management point computer than if you use a custom port number. For all versions of Configuration Manager, you can also specify the site port number to use if you wake up clients by using traditional wake-up packets.
When you specify HTTP and HTTPS request ports, you can specify both a default port number and an alternative port number. Clients automatically try the alternative port after communication fails with the default port. You can specify settings for HTTP and HTTPS data communication.
The default values for client request ports are 80 for HTTP traffic and 443 for HTTPS traffic. Change them only if you do not want to use these default values. A typical scenario for using custom ports is when you use a custom website in IIS rather than the default website. If you change the default port numbers for the default website in IIS and other applications also use the default website, they are likely to fail.
|Do not change the port numbers in Configuration Manager without
understanding the consequences. Examples:
To make sure that clients do not become unmanaged after you change the request port numbers, clients must be configured to use the new request port numbers. When you change the request ports on a primary site, any attached secondary sites automatically inherit the same port configuration. Use the procedure in this topic to configure the request ports on the primary site.
|For Configuration Manager SP1 only: For information about how to configure the request ports for clients on computers that run Linux and UNIX, see Configure Request Ports for the Client for Linux and UNIX.|
When the Configuration Manager site is published to Active Directory Domain Services, new and existing clients that can access this information will automatically be configured with their site port settings and you do not need to take further action. Clients that cannot access this information published to Active Directory Domain Services include workgroup clients, clients from another Active Directory forest, clients that are configured for Internet-only, and clients that are currently on the Internet. If you change the default port numbers after these clients have been installed, reinstall them and install any new clients by using one of the following methods:
- Reinstall the clients by using the Client
Push Installation Wizard. Client push installation automatically
configures clients with the current site port configuration. For
more information about how to use the Client Push Installation
Wizard, see How to
Install Configuration Manager Clients by Using Client Push.
- Reinstall the clients by using CCMSetup.exe
and the client.msi installation properties of CCMHTTPPORT and
CCMHTTPSPORT. For more information about these properties, see
Install Configuration Manager Clients by Using Client Push.
- Reinstall the clients by using a method that
searches Active Directory Domain Services for Configuration Manager
client installation properties. For more information, see About Client
Installation Properties Published to Active Directory Domain
Services in Configuration Manager.
To reconfigure the port numbers for existing clients, you can also use the script PORTSWITCH.VBS that is provided with the installation media in the SMSSETUP\Tools\PortConfiguration folder.
|For existing and new clients that are currently on the Internet, you must configure the non-default port numbers by using the CCMSetup.exe client.msi properties of CCMHTTPPORT and CCMHTTPSPORT.|
After changing the request ports on the site, new clients that are installed by using the site-wide client push installation method will be automatically configured with the current port numbers for the site.
To configure the client communication port numbers for a site
Configure Custom Websites
Before you configure Configuration Manager to use a custom website, review the planning information in Planning for Custom Websites with Configuration Manager.
Most Configuration Manager site system roles automatically configure to use a custom website, however the following site system roles require you to manually configure the custom website.
- Application Catalog web service point
- Application Catalog website point
- Enrollment point
- Enrollment proxy point
For these sites system roles, you must specify the custom website during the site system role installation. If any of these site system roles are already installed when you enable custom websites for the site, uninstall these site system roles, and then reinstall them. When you reinstall these site system roles, specify the custom website name of SMSWEB, and configure the port numbers.
Use the following procedures to enable custom websites at a Configuration Manager site and then verify that they were successfully created. For information about configuring ports for client communication, see Configure Client Communication Port Numbers.at a Configuration Manager site and then verify that they were successfully created. For information about configuring ports for client communication, see Configure Client Communication Port Numbers.
How to Configure a Configuration Manager Site to Use a Custom Website
When you enable the site option to use a custom website, all client communications for that primary site and its secondary sites are directed to use a custom website named SMSWEB on each site system server instead of the IIS default website.
Use the following procedures to enable custom websites at a Configuration Manager site and then verify that they were successfully created. For information about configuring ports for client communication, see Configure Client Communication Port Numbers.
|Before you use this procedure, make sure that you have manually created the custom website named SMSWEB in IIS. When you enable the Configuration Manager option to use custom websites, Configuration Manager does not create the website in IIS. If the custom website is not already created, this procedure will fail. For more information, see How to Create the Custom Website in Internet Information Services (IIS).|
To configure a Configuration Manager site to use a custom website
To verify the custom website
Configure Wake on LAN
Specify Wake on LAN settings when you want to bring computers out of a sleep state to install required software, such as software updates, applications, task sequences, and programs.
If you have Configuration Manager SP1, you can supplement Wake on LAN by using the wake-up proxy client settings. However, to use wake-up proxy, you must first enable Wake on LAN for the site and specify Use wake-up packets only and the Unicast option for the Wake on LAN transmission method. This wake-up solution also supports ad-hoc connections, such as a remote desktop connection.
Use the first procedure to configure a primary site for Wake on LAN. Then, to use wake-up proxy for Configuration Manager SP1, use the second procedure to configure the wake-up proxy client settings. This second procedure configures the default client settings for the wake-up proxy settings to apply to all computers in the hierarchy. If you want these settings to apply to only selected computers, create a custom device setting and assign it to a collection that contains the computers that you want to configure for wake-up proxy. For more information about how to create custom client settings, see How to Configure Client Settings in Configuration Manager
|To avoid unexpected disruption to your network services, first evaluate wake-up proxy on an isolated and representative network infrastructure. Then use custom client settings to expand your test to a selected group of computers on several subnets. For more information about how wake-up proxy works, see the Planning How to Wake Up Clients section in the Planning for Communications in Configuration Manager topic.|
To configure Wake on LAN for a site
To configure wake-up proxy client settings (Configuration Manager SP1 only)
Configure Maintenance Windows
|The information in this section also appears in How to Manage Collections in Configuration Manager.|
Maintenance windows in Configuration Manager provide a means by which administrative users can define a time period when members of a device collection can be updated by various Configuration Manager operations. You can use maintenance windows to help ensure that client configuration changes occur during periods which will not affect the productivity of the organization.
The following Configuration Manager operations support maintenance windows.
- Software deployments
- Software update deployments
- Compliance settings deployment
- Operating system deployments
- Task sequence deployments
Maintenance windows are configured for a collection with a start date, a start and finish time, and a recurrence pattern. Each maintenance window must have a duration of less than 24 hours. Computer restarts caused by a deployment are by default, not allowed outside of a maintenance window, but you can override this in the settings for each deployment. Maintenance windows affect only when the deployment program runs; applications configured to download and run locally can download content outside of the maintenance window.
When a client computer is a member of a device collection that has a maintenance window configured, a deployment program will only run if the maximum allowed run time does not exceed the duration configured for the maintenance window. If the program fails to run, an alert will be generated and the deployment will be rerun during the next scheduled maintenance window that has time available.
Using Multiple Maintenance Windows
How to Configure Maintenance Windows in Configuration Manager
Use the following procedure to configure maintenance windows.