Daniel, did you encountered any issues around imaging? or adding a HTTPS MP internally addressed your OSD issues if you encountered any?
Thanks, Cesar On Tue, Aug 5, 2014 at 2:12 PM, Belcher, Daniel (US - Hermitage) < [email protected]> wrote: > Hah, I need to write up some scrubbed blogs on all I've been working on, > but can't share out right as the company I work for loves it's > confidentiality. Same reason I've been non-existent on these mail groups > the past 2 years. > > Daniel Belcher > ------------------------------ > From: Todd Hemsell <[email protected]> > Sent: 8/5/2014 3:55 PM > > To: [email protected] > Subject: Re: [mssms] Sanity check on management points and MDM > > would really like to see your doc if you do not mind. > I have a few good ones I could trade you :) > > > On Tue, Aug 5, 2014 at 3:46 PM, Belcher, Daniel (US - Hermitage) < > [email protected]> wrote: > >> Yes, otherwise it will just be self-signed. I just wrapped on having >> to design something similar to this, give me some time to TechNet dive. >> Most of this came from testing, logs, and discussions with MS employees >> though rather than what I could research online. >> >> >> >> This blog from Adam Meltzer summarizes the selection process of MPs. >> >> >> http://blogs.msdn.com/b/ameltzer/archive/2013/06/17/quick-summary-on-how-management-point-selection-works-in-flexible-formerly-native-mode-in-configuration-manager-2012.aspx >> >> >> >> The gist though is either make the HTTPS site less appealing to the >> client or let the clients fail to HTTP. >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Todd Hemsell >> *Sent:* Tuesday, August 5, 2014 3:36 PM >> *To:* [email protected] >> *Subject:* Re: [mssms] Sanity check on management points and MDM >> >> >> >> Any documentation around this and what does "pki enabled" mean? Have a >> cert? "but if it’s not PKI enabled it won’t use it and move to the next >> MP (your unsecured). " >> >> >> >> >> >> On Tue, Aug 5, 2014 at 3:30 PM, Belcher, Daniel (US - Hermitage) < >> [email protected]> wrote: >> >> It’s not exactly clean, but setting up 2 side by side MPs with one >> secured and the other unsecured shouldn’t cause any major impact outside of >> your clients native MP assessments. >> >> >> >> The largest headaches I’ve seen from this have come from the initial >> client install more than anything, and that’s just a matter of pointing >> them to the correct MP from the install string. >> >> >> >> I might be missing something here in terms of your end goal though that >> complicates this more. However it is right, the client will prefer the >> HTTPS, but if it’s not PKI enabled it won’t use it and move to the next MP >> (your unsecured). >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Todd Hemsell >> *Sent:* Tuesday, August 5, 2014 3:16 PM >> *To:* [email protected] >> *Subject:* Re: [mssms] Sanity check on management points and MDM >> >> >> >> too much complexity. I like to keep it simple and easy to maintain. >> >> >> >> I do not like to implement things where I am the only one that >> understands them or can support them. >> >> >> >> On Tue, Aug 5, 2014 at 3:11 PM, Marcum, John <[email protected]> wrote: >> >> Another option… You could unpublish the HTTPS one if there's a way to >> hard code it to the CE clients so they know where to go. >> >> >> >> >> http://blogs.technet.com/b/michaelgriswold/archive/2014/04/22/how-to-get-clients-to-avoid-one-of-your-management-points.aspx >> >> >> >> >> >> >> >> >> >> *From:* [email protected] [mailto: >> [email protected]] *On Behalf Of *Todd Hemsell >> *Sent:* Tuesday, August 05, 2014 3:04 PM >> *To:* [email protected] >> *Subject:* Re: [mssms] Sanity check on management points and MDM >> >> >> >> well, so much for that. >> >> >> >> whoever added The requirement to use https before you can manage devices >> needs to be horsewhipped. >> >> If I want to manage 50 Windows CE scan guns I need to deploy a cert to >> every system in the enterprise and force them to use https instead of http. >> Makes sense. >> >> >> >> On Tue, Aug 5, 2014 at 2:20 PM, Niall Brady <[email protected]> wrote: >> >> And thep prefer https over http >> >> Sent from my phone, please excuse any typo's as a result. >> >> >> >> >> On 05 Aug 2014, at 20:50, "Marcum, John" <[email protected]> wrote: >> >> No. MP's don't use boundaries. >> >> >> >> *From:* [email protected] [ >> mailto:[email protected] <[email protected]>] *On >> Behalf Of *Todd Hemsell >> *Sent:* Tuesday, August 05, 2014 1:48 PM >> *To:* [email protected] >> *Subject:* [mssms] Sanity check on management points and MDM >> >> >> >> Right now I have 1 management point using http >> >> >> >> Can I add an https management point for mobile devices on a separate >> server and set the subnet the mobile devices are on to use the new >> management point without affecting the existing systems and existing >> management point? >> >> >> >> /Todd >> >> >> ------------------------------ >> >> >> Confidentiality Notice: This e-mail is from a law firm and may be >> protected by the attorney-client or work product privileges. If you have >> received this message in error, please notify the sender by replying to >> this e-mail and then delete it from your computer. >> >> >> ------------------------------ >> >> >> Confidentiality Notice: This e-mail is from a law firm and may be >> protected by the attorney-client or work product privileges. If you have >> received this message in error, please notify the sender by replying to >> this e-mail and then delete it from your computer. >> >> >> >> >> >> >> ------------------------------ >> >> >> Confidentiality Notice: This e-mail is from a law firm and may be >> protected by the attorney-client or work product privileges. If you have >> received this message in error, please notify the sender by replying to >> this e-mail and then delete it from your computer. >> >> >> ------------------------------ >> >> >> Confidentiality Notice: This e-mail is from a law firm and may be >> protected by the attorney-client or work product privileges. If you have >> received this message in error, please notify the sender by replying to >> this e-mail and then delete it from your computer. >> >> >> >> >> >> >> >> >> >> >> >> This message (including any attachments) contains confidential >> information intended for a specific individual and purpose, and is >> protected by law. If you are not the intended recipient, you should delete >> this message and any disclosure, copying, or distribution of this message, >> or the taking of any action based on it, by you is strictly prohibited. >> >> v.E.1 >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> > > >
