Prevent Configuration Manager Client Agent Installation

6 7,307

In some cases you might not want the SCCM client agents to be installed on few computers. If you have enabled  site-wide automatic client push installation then the client agents are installed on all the computers. And that’s how the auto client push installation works. In this post we will see how to prevent Configuration Manager client agent installation. However note that this procedure does not prevent the client from installing when you are using other client installation methods, such as the Client Push Wizard or by manually running CCMSetup.exe.

Using the Windows registry, we can prevent Configuration Manager client agent installation on specific computers when using the site-wide automatic client push installation method. We exclude the list of servers in the registry that don’t need the client agent. Before we edit the windows registry, we need to backup the registry and then make changes.  Keep in mind that computers that are excluded from the client installation can still be found by using Configuration Manager discovery methods.

Prevent Configuration Manager Client Agent Installation

Open the Windows Registry Editor on the Configuration Manager 2012 R2 site server that hosts the site that you want to exclude a computer from joining. Locate the SMS_DISCOVERY_DATA_MANAGER sub-key by browsing to the following path HKEY_LOCAL_MACHINE/Software/Microsoft/SMS/Components/SMS_DISCOVERY_DATA_MANAGER.

Double click the key ExcludeServers to open the Edit Multi-String window and specify the NetBIOS name of each computer you want to exclude. Press the enter key after typing each computer name to ensure that each computer name appears on a separate line. Once you have done, click OK and close the registry editor.

Prevent Configuration Manager Client Agent Installation

So what exactly happens when you add the computers to ExcludeServers list ? – When you add a computer to the ExcludeServers list, it is flagged with a status of installed, which prevents the client from reinstalling by using the automatic site-wide client push installation method. If you later remove the computer from the exclude list, this flag remains. To change this status to uninstalled, you must run the clear install flag task.

You can see in the below screenshot that the computer that I added in ExcludeServer list has no client agent installed. Definitely this method works but the difficult part is you need to add the computers to the exclude list manually.

Prevent Configuration Manager Client Agent Installation

Suppose you want the client agent to be installed on one of the computers which are in ExcludeServers list, just by removing them from ExcludeServers list will not help. You must run the clear install flag task. To do that launch the console, click on Administration > Site Configuration > Sites > click on the Primary site and on top ribbon click on Site Maintenance. Look for the task named Clear Install Flag. Click on the task and click Enable. You could also set the schedule to control how often the task runs. Click OK.

Prevent Configuration Manager Client Agent Installation

  • Since 1806 or 1802 there is the option to exclude a Sub-OU from System-Discovery which would be exactly what we need, since we dont want these Computer-Object listed at all in SCCM. But for some reason this does not work and he still rediscovers the excluded objects after deleting them.

  • It didnt work for me also. Referring to sources, I found one more way which rather unconventional

    Just create a ccmsetup and ccm file (without any extension) in the locations( in my case c:windows) where those folders are usually located. That will prevent a folder (with the same name as the already existing file) from being created. But this will be manual and have to do on each machine which needs to excluded.

    In case future you need to install client, then you need to delete these files

  • What if i want to exclude Linux servers? It seems as if my primary server has been trying to establish SIP connection with some of out Linux boxes. How can I exclude these?

    Can I add IPs to the list?

  • >