Install SCCM client on a workgroup joined device

Today I installed an SCCM client on a workgroup joined device.
I wrote you a howto.

Root Certificate

  • First logon to you Certificate Authority server.
  • Create a temporary folder for your certificate (I used C:\Cert).
  • Shift right click and click on open a command window here.
  • type: certutil -ca.cert RootCertificate.cer

Certificate template

  • Open Certification Authority Console
  • Right click on certificate templates and click Manage.
  • Right click on Workstation Authentication and click Duplicate Template.
  • Select Windows Server 2003 Enterprise and click OK.
  • In Template display name enter SCCM Client Certificate for workgroup.
  • go to Request Handling tab and select Allow pricate key to be exported.
  • go to Subject Name tab and select Supply in the request.
  • click OK

Request and install the Client Certificate for the workgroup computer

  • Open a text editor and enter the following, replace FQDN;
            [NewRequest] 
            Subject = "CN=FQDN" 
            MachineKeySet = True 
            Exportable = TRUE 
            KeyLength = 2048 
            [RequestAttributes] 
            CertificateTemplate = ConfigMgrClientCertificateforExport
  • Save the file in C:\Cert and name it SCCMClientCertificate.inf.
  • Shift right click and click on open a command window here.
  • type:
    certreq -new SCCMClientCertificate.inf SCCMClientCertificate.req
  • type:
    certreq -submit SCCMClientCertificate.req SCCMClientCertificate.cer
  • Select the Certification Authority server and click OK
  • type:
    certreq -accept SCCMClientCertificate.cer

Export the Client Certificate

  • open MMC.exe
  • Add Snap-in for Local Computer Certificates.
  • go to PersonalCertificates
  • Right click on the certificate with the workgroup computer fqdn and click All Tasks and then export.
  • click Next
  • Select Yes, export private key and click Next.
  • click Next.
  • Enter a password and click Next.
  • Save the file in C:\Cert.
  • Click Finish and OK.

Import the Client Certificate on the Workgroup computer

  • open MMC.exe on the client device.
  • Add Snap-in for Local Computer Certificates.
  • open Trusted Root Certification Authorities and right click on Certificates.
  • Click on Import and browse to RootCertificate.cer.
  • Click NextNextFinish.
  • open Personal and right click on Certificates.
  • Click on Import and browse to SCCMClientCertificate.cer.
  • Click NextNextFinish.

Install the SCCM client

  • copy folder
    \\<sccm_managementpoint_fqdn>\SMS_<SiteCode_here>\Client
    to the desktop client.
  • Open the Client folder.
  • Shift right click and click on open a command window here.
  • type:
    ccmsetup.exe /usepkicert /nocrlcheck SMSSITECODE=SiteCode_here CCMHOSTNAME=sccm_managementpoint_fqdn SMSSIGNCERT=RootCertificate.CER SMSMP=sccm_managementpoint_fqdn

Sources:
www.petervanderwoude.nl
www.expert-exchange.com

Leave a Reply

Your email address will not be published. Required fields are marked *


*