Endpoint Services, MECM, Install the MECM client on endpoints

Summary

This article is a guide for installing the MECM client on managed endpoints.

Systems

Microsoft Endpoint Configuration Manager (MECM)

Intended Audience

University of Illinois IT Pros leveraging MECM, hosted by Technology Services' Endpoint Services team

Configure firewall exceptions for the MECM client

  1. Configure the firewall exceptions listed in this document: https://learn.microsoft.com/en-us/mem/configmgr/core/clients/deploy/windows-firewall-and-port-settings-for-clients

  2. Configure these additional exceptions:
    1. https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/ports#BKMK_PortsClient-ClientWakeUp
    2. https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/ports#BKMK_PortsConsole-Client
    3. https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/ports#BKMK_PortsSite-Client

Deploy the client to on-campus endpoints

Using Client Push via the admin console is the easiest and least troublesome method in 2 steps:

  1. Place the primary site computer AD object name for your campus into the Administrators group on all endpoints via Group Policy (see the table below for the server list). You can also add a group to the endpoint's Administrators group which contains the relevant AD object as a member. MECM will recursively look into subgroups to find the computer object for your campus listed below.

    AD object name Hostname Campus
    SCCMUICPS1 SCCMUICPS1.ad.uillinois.edu Chicago
    SCCMUIUCPS1 SCCMUIUCPS1.ad.uillinois.edu Urbana-Champaign


  2. Initiate a Client Push to your endpoints via the admin console by following Microsoft's directions.
    1. Start at step five of the guide, and select the collection to deploy clients to (e.g. your unit's All Systems collection)

Deploy the client to off-campus endpoints

Create a collection of your unit's off-campus endpoints with an old client version
  1. When creating the collection, include your unit prefix when naming the collection (e.g. UIUC-YourUnit-***) and select your unit's all systems collection as the limiting collection

  2. Select 'Query Rule' from the 'Add Rule' drop-down, include your unit prefix when naming the query and select 'Edit Query Statement'

  3. Select the Criteria tab and the first 'sun' icon to open the 'Criterion Properties' dialog box

  4. Input the following values
    • Criterion type: SubSelected values
    • Where: Click 'Select', for 'Attribute class' select 'System Resource', for Attribute select 'Resource ID'
    • Operator: 'is in'
    • Subselect: select resourceid from SMS_CollectionMemberClientBaselineStatus where SMS_CollectionMemberClientBaselineStatus.CNIsOnInternet = 1
    • Click OK to save.
    • MECM Internet Client Query Criterion
  5. Select the sun icon again to open the 'Criterion Properties' dialog box, then input the following values
    • Criterion type: Simple value
    • Where: Click 'Select', for Attribute class select 'System Resource', for Attribute select 'Client Version'
    • Operator: 'is less than'
    • Value: Click 'Value' and select the largest value, usually at the bottom of the list.  Click OK twice to save.
    • MECM Internet Client Query Criterion 2
  6. Click OK to save and close the Query Statement Properties dialog box, then click OK to save and close the Query Rule Properties dialog box

  7. Click next to save and close the collection

  8. Once the new collection populates, right-click the collection, select 'Deploy' and 'Program'

  9. Search for https in the filter, select '[version] Install via HTTPS' and click next
    1. Be sure to select the latest version. The version number will increase with each MECM update to our environment.

  10. Select your unit's distribution point group

  11. Select 'available' for self-service deployment via Software Center, or 'required' for a mandatory deployment

  12. Select 'Send wake-up packets' and click next

  13. Click 'New' to specify the assignment schedule

  14. For 'Rerun behavior', select 'Never rerun deployed program' and click next

  15. For self-service deployments via Software Center, select 'Allow users to run the program independently of assignments' and click next

  16. On the 'Distribution Points' page, select 'Download content from distribution point...' for both drop-downs

  17. Select 'Allow clients to use distribution points from the default site...'

  18. Click next to start the deployment

  19. For new versions of the client:

    1. Right-click your collection of off-campus endpoints and select 'Update Membership'

    2. Navigate to \Software Library\Overview\Application Management\Packages and select the older 'HTTPS Client Package [version]' package.

    3. Select the 'Deployments' tab in the bottom window and delete the old '[version] Install via HTTPS' program deployment

    4. Select the newest 'HTTPS Client Package [version]' package and deploy the '[version] Install via HTTPS' as per step 8

More information

Review these Microsoft articles for additional information on client installation methods:


Contact the EPS team



Keywords:
"client push" EPS SCCM TechS-EPS-SCCM MECM "mecm client" ccmsetup 
Doc ID:
73002
Owned by:
EPS Distribution List in University of Illinois Technology Services
Created:
2017-04-28
Updated:
2024-05-22
Sites:
University of Illinois Technology Services