Group PolicySCCM

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

Deploying Configuration Manager 2012 R2 Clients Using Group Policy In this post we will see the steps for Deploying Configuration Manager 2012 R2 Clients Using Group Policy. This is the post that I wanted to add to when I was working on SCCM 2012 SP1, however the same steps will still work if you want to deploy configuration manager clients using group policy using SCCM 2012 or SCCM 2012 SP1. In my previous post we saw the configuration manager 2012 R2 client installation using automatic site wide client push installation method and client push installation method. In this post we will see the steps for Deploying Configuration Manager 2012 R2 Clients Using Group Policy. At any point of time you can jump to configuration manager 2012 R2 step by step guide for my previous posts.

If you are planning to deploy SCCM 2012 R2 clients using group policy then you must make sure that in the client push installation properties, Enable Automatic site wide client push installation is not checked. If this is checked then the client would get installed on all the systems after its discovery. So first uncheck the option Enable Automatic site wide client push installation and proceed. In this post my domain controller is running on Windows Server 2012 R2 Datacenter edition, SCCM 2012 R2 running on Windows Server 2012 R2 Datacenter edition and the client machines are running windows 7 professional SP1 x64 and Windows 8.1.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

We will create a new policy first, click on Server Manager, click on Tools, click Group Policy Management. Right click on domain and create a new policy, we will name it as Deploying SCCM 2012 R2 Client. Right click on the policy that is created and click Edit.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

Expand Computer Configuration, Policies and right click on Administrative Templates and click on Add/Remove Templates.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

You can add the templates by clicking on ADD. The Configuration Manager templates can be found in SourceDVDSMSSETUPTOOLSConfigMgrADMTemplates or you can also add it from <Drive>:Program FilesMicrosoft Configuration ManagertoolsConfigMgrADMTemplates. You need to add 2 templates ConfigMgrAssignment and ConfigMgrInstallation. Click on Close.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

Expand Administrative Templates, Classic Administrative Templates, Configuration Manager 2012, Configuration Manager 2012 Client. We see on the right pane that both the templates have been added but they not configured yet.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

Right click on Configure Configuration Manager 2012 Site Assignment template and click edit. Click Enabled to enable the policy, under Options specify Assigned Site code, Site Assignment Retry Interval to 5 minutes, Site Assignment Retry Duration to 1 hour (You can also choose to leave the options to default except site code). Click OK.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

Right click Configure Configuration Manager 2012 Client Deployment Settings and click on Enabled. Under options specify the installation properties for CCMSetup file. You can specify lots of installation properties for installation of configuration manager client, click the button below for knowing more on CCMSetup command line properties. In our case I have used following installation command CCMSetup.exe SMSSITECODE=IND FSP=SCCM.PRAJWAL.LOCAL MP=SCCM.PRAJWAL.LOCAL

CCMSetup Command Line Properties

Click on OK.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

Under Computer Configuration expand Policies, Software Settings. Right click Software Installation and click New -> Package.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

The ccmsetup.msi can be found in SOURCEDVDSMSSETUPBINI386 (SourceDVD Is the SCCM 2012 .ISO file). Copy the ccmsetup.msi in a folder (Create a new folder on SCCM Server) and share it with permissions Read-only for Everyone. Browse the file ccmsetup.msi to the folder that you created and Select the deployment method as Assigned. Click OK.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

When you click on Software installation you should see the name of the Package, its Version, Deployment Status and Source. You can now close the GPMC.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

You can choose to apply this policy at domain level or at OU level. If you apply it at domain level then every computer in you domain will get the SCCM 2012 R2 client installation on next reboot. I have created a OU called Windows Systems which consists of client computers. To link the policy to this OU, right click on OU Windows Systems, click Link an existing GPO, choose the GPO Deploying SCCM 2012 R2 Client and click OK.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

You need to perform gpupdate on domain controller first and then on client machines. Reboot the client machine and after you login to client machine the configuration manager 2012 R2 client installation begins. You can see the cmmsetup.exe *32 on one the client machines in the below screenshot.

Deploying Configuration Manager 2012 R2 Clients Using Group Policy

Prajwal Desai

Hi, I am Prajwal Desai. For last few years I have been working on multiple technologies such as SCCM / Configuration Manager, Intune, Azure, Security etc. I created this site so that I can share valuable information with everyone.

Related Articles


  1. Hi sir,

    Can I do client installation to Devices connect via CMG using this method???

    I have so many devices with inactive clients and they r connected via cmg

  2. and i have just two actions,
    machine poliy retrieval and evalution cycle
    user policy retrieval and evalution cycle
    in Software centar

  3. hi man,
    i have problem with Configure Configuration Manager 2012 Client Deployment Settings,
    i dont understand what i need input for ccmsetup.exe , like you
    pls halp me?

  4. Hi Prajwal,

    I have configured SCCM server 2012 r2 on my test lab with the help of your tutorial and its working fine but in DP is not showing my SCCM. could please help me to resolve this issue.

  5. I’m pushing out clients for an existing SCCM 1710 installation. I have a few questions if you don’t mind.

    Does this method work the same for 1710, or do I need to follow a different guide?

    Why in the client settings do you have ccmsetup.exe listed when you’re pushing out the msi? Is it because the msi points to the exe?

    1. Also, next to the “Configure Configuration Manager Site Assignment” setting, there is a down arrow. Any idea what this means or if it keeps the client from successfully being pushed out?

  6. Hi,

    Always appreciate reading your blog posts. Our client installation is configured as such by my predecessor. We’ve since migrated to the latest SCCM CB and so upgrades come at a much higher pace now. So the clients need to be updated more frequently as well.
    I was wondering what needs to be done when a new client version needs to be distributed in such a scenario. I’m assuming that just replacing the msi on the shared folder does not suffice and we also need changes to the group policy. Recreating the ConfigMgr Client Setup Bootstrap installation package seems necessary since the MSI code changes, right? Can I use client.msi from the \\SITESERVER\sms_SITECODE\Client location instead of ccmsetup.msi from the installation media?

    1. You can use auto client upgrade feature. To do this click on Administration > Site Configuration > Sites. Click on the Hierarchy Settings button on the top ribbon. Click Client Upgrade tab and check the box Upgrade all clients in the hierarchy using production client. Select the desired number of days you want your upgrade to be run and click OK. A schedule task will be created on the clients and run within the specified number of days.

    1. I have also verified the DNS server details on each client and reviewed internet connectivity. All the computers joing domain seem to be communiticating fine.

  7. I have followed the exact instructions but when I run gpupdate on my DC (running Server 2012 R2), it shows below error:
    Upon research on this issue on TechNet, I have tried changing the GP time to 30 sec, under Computer Configuration > Policies > Administrative Templates > System > Group Policy > Policy > Specify Startup policy processing wait time but this did not help.

    Any suggestions on this?

  8. Hi Prajwal,

    I was testing this policy on 2 machines. I was fine on one but the second one was not taking it. It was giving an error of not excepting the group policy before logon sort of thing. How can I fix it?


  9. Hi Prajwal,

    I need a a bit of help. I want to deploy sccm clients to a domain with a power shell script running through Group policy. Can you please send detailed document for that including screen shots.


  10. When I use the GPO method outlined here it works great…thank you. Once the client is installed, does the GPO skip devices that have the SCCM 2012 client installed or does it reinstall every time the GPO is applied.

  11. Hello Prajwal Desai

    I have an existing SCCM2007 Client installed across my production and I am Installing SCCM 2012, will this process overwrite the old Client version. My 2012 SCCM is running on a w2k8 server, and distributing to win7 platform. I have tried using the Client Push Installation and have found no joy with it I followed it to the letter. So I have chosen this method as it was what was used originaly.

    I have pondered over if I would need to run an uninstall first using the GPO then try running this process.

  12. Hi dear
    thanks for your instruction.
    i have doing everything in this post but sccm client does not install on destination. please guide me.

  13. No ConfigMgr does not uninstall the existing clients. There is no upgrade path from 2003 to 2012. What you can do is create a package in 2003 to uninstall and then install the 2012 client..

    Why did you delete the system management container ? You should have uninstalled the clients before you decommissioned SCCM server.

    1. The purpose of deleting system management container is that i wanted to come up with a new site code. i though that config mgr wud uninstall sms 2003 advanced client.
      now i have sms advanced client installed on windows 7 computers, i am not bothered about it unless it creates any problem with configmgr2012 agent. i have changed the site code for configmgr2012. when i deploy configmgr with new site code, will it get deployed on windows 7 computers having sms advanced client.

      when deploying gpo i have given these settings / /logon SMSSITECODE=COD /source:”\sccmccmsetup_configmgr”
      is this right approach.

  14. Hello Mr prajwaldesai,

    Thanks alot for your support.
    I am having sms 2003 installed and recently i have decommisoned it.
    Now i am in the middle of installation of SCCM 2012 R2.
    still my windows 7 computers are having SMS Advanced Client installed on them.
    Do config mgr uninstalls SMS Advanced client.
    I have changed the site code in SCCM 2012 R2 for that i have deleted the System Management
    container in ActDir schema and came up with new sitecode. will it create any issue in removing sms advanced client.

  15. Hi, i think there is still a typo in your GPO deployment.

    You write …

    ” In our case I have used following installation command CCMSetup.exe SMSSITECODE=IND FSP=SCCM.PRAJWAL.LOCAL MP=SCCM.PRAJWAL.LOCAL”

    This seems not to work, ater reading some other Walkthroughs and the TechNet it should read.
    You Need to remove the ccmsetup.exe from the command line.

  16. First of all I want to say what a great Blog you have setup here. It is very informative and you do a fantastic job in explaining what can be somewhat hard to follow and cryptic instructions from Microsoft on the subject. Now for my question, I am trying to deploy the client using the GPO method and I can see in the Resultant Set of Policies that it is running against the client I am testing. The problem I see is that my client is running Windows Server 2008 R2 and although I can see the CCMSETUP *32 policy running, it never completes. I think this issue has been touched on a little already in previous comments, but what I really need to find out is if a registry edit would be needed to help define the install against 64 bit machines as opposed to 32 bit ones. Also, exactly what that registry edit would be if needed. I see many references to the WOW6432Node key location online, but I am hoping for a better explanation. Many thanks again for your site.

  17. Hi Prajwal,

    Thanks for taking time in helping.

    Kindly suggest me, as I’m facing error while installing client on the machine’s also the same in AD, I belive its user account issue which logs says.
    I’ve created user in AD as ClientInstall and add the same to SCCM Server local admins group, given the same account in client install settings.
    Do we need to do any other settting for ClientInstall account in the machine where we’re installing it.

    Find the Log entries:

    —> Failed to connect to \\VM-AD\admin$ using machine account (5) $$
    —> ERROR: Failed to connect to the \\VM-AD\admin$ share using account ‘Machine Account’ $$
    —> Trying each entry in the SMS Client Remote Installation account list~ $$
    —> Attempting to connect to administrative share ‘\\\admin$’ using account ‘MYLAB\ClientInstall’~ $$
    —> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account MYLAB\ClientInstall (00000005) $$
    —> Attempting to connect to administrative share ‘\\\admin$’ using machine account.~ $$
    —> Failed to connect to \\\admin$ using machine account (5) $$
    —> ERROR: Failed to connect to the \\\admin$ share using account ‘Machine Account’ $$
    —> ERROR: Unable to access target machine for request: “2097152001”, machine name: “VM-AD”, access denied or invalid network path. $$
    Execute query exec [sp_CP_SetLastErrorCode] 2097152001, 5~ $$
    Stored request “2097152001”, machine name “VM-AD”, in queue “Retry”. $$
    Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152001, 2~ $$
    Execute query exec [sp_CP_SetLatest] 2097152001, N’03/13/2014 02:55:01′, 11~ $$
    <======End request: "2097152001", machine name: "VM-AD". $$

    1. The user account ClientInstall should have enough permissions to install client agent on the client machine, so the ClientInstall user account should be the member of local administrators group of the client machine.

  18. I’ll check the rsop like you suggested, but I don’t understand why a GPO applies once on an OS, but if the machine name stays the same and the OS is reapplied the GPO fails to load. We are using MDT to re-image.

    Thanks for the response!!

  19. In the string of comments above Steven asked why the GPO would not work a second time after the machine was re-imaged with a new OS. I tested the GPO on my lab system and the first time it worked fine, but when I re-imaged with a clean image and tested a second time CCCMSetup.msi will not kick off from the GPO. Is there some kind of flag to reset? Thanks

  20. HI,
    I can not add the domanin machine to to SccM 2012 devices.. i need to deploy Endpoint Protection to my domain client machine.



  21. i have tested it on an XP machine and it appears under the XP logo before you get to press CTRL ALT DEL where you normally see applying computer settings…

    It not a big deal since its not the popup i was told it was. I can live with it please ignore 🙂 thank you for the reply

  22. This GPO is working for installs but can it be made silent? My users are seeing a install popup for about 1min prior to logging on with XP machines each time they sign in. I have this in the config line CCMSetup.exe SMSSITECODE=ORG /logon

  23. Yes Prajwal, rightly so; the ConfigMgrInstallation.adm appears but the ConfigMgrAssignment.adm does not appear in the configuration manager 2012 folder under administrative template.

  24. Hi Prajwal, am using active directory 2003; and sccm2012. i attempted adding the template but only one appeared (Client Deployment settings) under the templates. the other although added does not appear in the configuration manager 2012 folder under administrative template. Any reason why this is so?

    1. Not really sure why the second template is not seen under administrative templates.. I haven’t tried this with AD 2003.. Is it that only the first template that you add is seen under administrative template ?

  25. Will the /NoService tag work with this method? We are having an issue where without the noservice option the install fails.

    1. Ideally it should work, but i have not tried this option yet. You need to check if the account with which the client installation happens must be configured with enough permissions so as to install the sccm client. I would recommend you to use an account which is a member of domain admins group for testing purpose.

  26. Its working now 🙂 i didn’t assign the GPO correctly. it was getting user setting but not computer setting. i added the test PC name to the “security filtering” on the GPO and it worked. Thank you for taking the time to help me and creating this helpful guide 🙂

  27. I have this in the GPO settings CCMSetup.exe SMSSITECODE=ORG .Do i need to add the /source at the end pointing to the ccmsetup.exe ?

    I can see the GPO is applied in gpresult /v but i can’t see anything in rsop.msc. notting in the administrative templates relating to SCCM

    1. Nope, the command that you are using is the correct one. When you select the deployment method as “Assigned”, the software gets installed at the next logon. The source folder where ccmsetup.msi file is located, is it accessible from the XP machine ?

  28. “command CCMSetup.exe SMSSITECODE=IND FSP=SCCM.PRAJWAL.LOCAL MP=CCM.PRAJWAL.LOCAL” is this a typo on the MP? i have followed your guide and my test XP SP3 machine does not get the client installed. any ideas why? i have KB943729 installed on the test client

    1. Yes, that was a typo and I have corrected it. On the test machine has the group policy been applied ? Check the rsop on client machine once.. You need to restart the windows XP machine once..

  29. I discovered when reinstalling the OS on a existing machine which previously had a client installed, the client push doesn’t install.
    Any idea why?

    1. If you enable the site wide push then all the machines that are discovered will have SCCM client installed. Pushing client using group policy is one of the method to install SCCM clients on systems. I just showed the steps on how can you deploy SCCM clients using GPO.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button