If a client computer is no longer trusted, the Configuration Manager administrator can block the client in the Configuration Manager 2007 console. Blocking applies to both native mode and mixed mode sites.
Blocked clients are ignored by the Configuration Manager 2007 hierarchy. This is especially useful for laptop computers or mobile devices that are lost or stolen, to help prevent attackers from using a trusted client to attack the site or the network.
When the client belongs to a native mode site, you can also use certificate revocation to help prevent communication from a computer or device that is no longer trusted.
For more information about blocking, see Determine If You Need to Block Configuration Manager Clients.
|Clients accessing the site using the ISV Proxy certificate cannot be blocked. For more information about the ISV Proxy certificate, see the System Center Configuration Manager 2007 Software Development Kit (SDK).|
Use the following procedure to block Configuration Manager 2007 clients.
To block Configuration Manager clients
Open the Configuration Manager console in the primary site in which the client is assigned, and navigate to System Center Configuration Manager / Site Database / Computer Management / Collections.
Important You must perform this procedure from the client's assigned site. This action cannot be performed from sites higher in the hierarchy.
Locate the Configuration Manager Client to be blocked, right-click the client, and then click Block.
In the Confirm Block dialog box, click Yes to block the client.
Note To unblock a blocked client, right-click the client, and then click Unblock.
TasksHow to Approve Configuration Manager Clients
ConceptsDetermine If You Need to Block Configuration Manager Clients
Determine Whether You Need to Enable Certificate Revocation Checking (CRL) On Clients (Native Mode)
Configuration Manager Site Modes
About Client Approval in Configuration Manager
Overview of Configuration Manager Client Deployment