A Comparison between all Client deployment methods in SCCM 2012

 Hi Folks.. I'm back after a long pause to blogging.. And this time this post is about SCCM Client deployment. I thought i would start with Client deployment methods since that is the first step in SCCM deployment.

 We have almost 6 methods to deploy SCCM client to endpoints but all of them are not the same. With their pros and cons Each deployment method stand ideal for different scenarios. Let's talk about that in this post.

Client Push Method

The easiest method to deploy clients through out your hierarchy but requires some Homework. This client push can be enabled within ConfigMgr console and the status can be inspected in ccm.log in ConfigMgr installation directory and the log files found in C:\Windows\Cccmsetup folder in client.

Requirements:

•  The client must be a member of a domain in which the configmgr site server is installed. Or trust must be present
• firewall ports tcp 80-Http, 443-Https, 445-SMB, Rpc endpoint mapper- 135 and Rpc dynamic ports must be opened between client and site systems (If we use default ports for client communication)
• Client push account must be configured correctly
• DNS name resolution should be working.
• The clients must be discovered before initiating client push

Pro's and Cons

• Reports are available to see the success and failure status
• Trouble shooting is easy
• No additional infrastructure change is required to deploy clients
• Cannot target workgroup and internet based clients
• With multiple physical locations it's a pain to open ports through firewall

Suitable for:

• large number of clients within headquarters or single physical locations for domain computers.
• IT environment which is well organized and structured

GPO Installation

 This is another client deployment method which can be used in a Domain environment. the msi which is deployed through GPO is just a Bootstrap and the client will download the package from DP. The the installation status can be found in the log files found in C:\Windows\Cccmsetup folder in client

Requirements:

• The client must be a member of a domain.
• Ad publishing or GPO for client  assignment is mandatory
• The client installation package must be available on DP and must be reachable to client
• DNS name resolution should be working.

Pro's and Cons

• No additional infrastructure change is required to deploy clients
• If combined with Client push the success rate will be close 100 for domain computers
• Cannot target workgroup and internet based clients
• Client will download client package from DP

Suitable for:

• Best at deployment across domain wide computers with multiple physical locations
• IT environment which is well organized and structured
• Domain computers residing at remote locations 

Logon script based Installation

 In this type of client deployment the client installation switches can be specified in the logon script and GPO for site assignment is not mandatory. The the installation status can be found in the log files found in C:\Windows\Cccmsetup folder in client.

Requirements:

• The client must be a member of a domain.
• firewall ports tcp 80-Http, 443-Https, 445-SMB must be opened between client and site systems (If we use default ports for client communication)
• DNS name resolution should be working.

Pro's and Cons

• If combined with Client push the success rate will be close 100 for domain computers
• Cannot target workgroup and internet based clients

Suitable for:

• Best at deployment across domain wide computers with multiple physical locations
• IT environment which is well organized and structured

SUP Based Installation

This is the most robust client deployment method that can be used to deploy clients. This method can be used to deploy clients to work group computers. No additional changes required if the WSUS system is already in place.The the installation status can be found in the log files found in C:\Windows\Cccmsetup folder in client.

Requirements:

• This method can be used to deploy client to work group computers, domain computers and internet clients.
• firewall ports tcp 80-Http, 443-Https, 445-SMB must be opened between client and site systems (If we use default ports for client communication)
• Well configured WSUS environment is mandatory
• Client targeting must be done through WSUS
• DNS name resolution should be working

Pro's and Cons

• If combined with Client push the success rate will be close 100 through out the Hierarchy
• Workgroup clients can be targetted
• Roubust design
• Internet based clients can be targeted if the WSUS server is published on the internet

Suitable for:

• Best at deployment across an environment which has domain and workgroup clients scatered across multiple physical locations
• Robust IT environment

Manual or Script based Installation

This is the best suitable option available to install internet based clients. But this method is painfull method amongst other deployment methods.

Requirements:

•  DNS name resolution should be working.
• The local copy should have all the files required to install Cm client and must be the same version as the management point that you specify
• firewall ports tcp 80-Http, 443-Https, 445-SMB must be opened between client and site systems (If we use default ports for client communication)
• Work group client must be approved manually with in sccm console

Pro's and Cons

• Workgroup and internet based clients can be targetted
• Roubust design

Suitable for:

• Best method to deploy clients to internet based boxes
• Where all the other deployment type fails because of network issue

 The above comparison is truely based on my observation and perception. One can have different thoughts abou the deployment methods. Apreciate improvement in the above post..

Hope this helps..

S A Delphin

Posted in: ConfigMgr