I was recently assisting a customer on the implementation of CMG to manage the windows devices over the internet.
Due to COVID-19, majority of the workforce is working from home and these devices connected not connect to the office for several weeks after the implementation of CMG.
Once the CMG and site system roles are installed, clients get the location of the CMG service automatically on the next location request. Clients must be on the intranet to receive the location of the CMG service but in the customer case, users are all working from home and no possibility to bring the devices for CMG aware.
So the alternative option is to reinstall the client on the internet-connected devices with the help of ccmsetup.exe using CMG command-line switches.
How do you install the client on the internet-connected device centrally? Well, the customer has a different tool that helps to run the command line on all internet-connected devices.
As I mentioned in my previous blog post, you can use the command line to install the client on internet-connected devices but the question is how to get the command line switches will be covered in this blog post.
Following is the command line syntax that I have used to install the client on internet-based clients (I did not use token-based here because the customer has PKI/AAD/Hybrid AAD). For token-based, read here.
"C:\windows\ccmsetup\ccmsetup.exe" /nocrlcheck /mp:https://CMG.CLOUDAPP.NET/CCM_Proxy_MutualAuth/6257556037928694 CCMHTTPSSTATE=31 CCMHOSTNAME=CMG.CLOUDAPP.NET/CCM_Proxy_MutualAuth/62057556037928694 SMSSiteCode=PS1 AADTENANTID=5004305e-6764-4e6b-b9a4-c4d5ccfd1524 AADCLIENTAPPID=3C6a28b2-9d0a-484d-8553-7cb0d4897512 AADRESOURCEURI=https://ConfigMgrService
When I was assisting the customer to prepare a command-line syntax just like above, I was searching at various places such as Azure portal, app registration, tenant ID, etc. But I have realized that, there is a SQL Table that stores all this information.
On the SCCM database, run the following 1 liner syntax.
select * from proxy_settings
Connectorinfo contains the mp and ccmhostname values.
AADConfig contains the AADTENANTID ,AADCLIENTAPPID and AADRESOURCEURI and values.
Based on the above data, it is now much easier to prepare the command line syntax to install the client over CMG and manage the client from internet.
If you are using office 365 such as teams,onedrive etc and your users have local admin rights on the device, you can simply share the client installation files or command line switches in onedrive and user can run it directly.
if your users do not have local admin rights on the device to install the client, and you do not have any other remote tool to install the client (local admin permissions still required), then you have no other choice to install it. What ever the method you choose to install client, the account need to have local admin rights on the device.
I hope it helps and thanks for reading!
For more information about client installation parameters and properties in Configuration Manager, please read here