2

As far as I know there are only three ways to install the SCCM client on devices:

1) Client push settings within SCCM
2) Group Policy
3) Standalone installation

After enabling GPO to allow auto-enroll of client certificate (duplicate of workstation authentication), the client is being installed on devices throughout my domain at the rate of ~10 per day. The interesting thing is, I'm not aware of doing anything that should allow this. I have verified that none of the above three scenarios are possible ("Enable automatic site-wide client push installation" un-selected, no software being pushed via gpo). How are these machines receiving the client?

Jaxaeon
  • 155
  • 3
  • 11
  • Check the event logs in a machine it was pushed to - the events immediately before the install may give you some clues. – Grant Dec 09 '14 at 03:13
  • Grant: This led me in the right direction. Troubleshooting 101! Thanks. – Jaxaeon Dec 12 '14 at 19:07

1 Answers1

0

I'm responsibly certain that I've figured this out.

4) Very early in the implementation (early October) site-wide client push was enabled. This was before most of the configuration was complete, including SSL. It wasn't enabled for more than a few hours before I backtracked. Apparently in that short span of time, the .\ccmsetup directory & files were transferred to an unknown amount of computers. The client periodically tried to install but could not establish a trusted connection to the SCCM server. Once all of the certs were in place, a secure connection was established and the installation successfully kicked off.

...working as intended.

Jaxaeon
  • 155
  • 3
  • 11