SCOM / SCCM – Script install on DMZ or Workgroup Machine

This is a very rough and ready script to install Microsoft SCCM 2012 R2 and SCOM 2012 R2 on a non-domain joined Windows Server 2012 R2 (e.g. DMZ).  The script is provided “As is” so please test it thoroughly on your environment.  You will need to modify the script to suit your environment, you will notice there are no variables configured etc.

On this environment SCOM and SCCM were both configured to use certificates (HTTPS), this script will generate the CSR and uses the same Certificate for SCOM and SCCM.  They both require a Client and Server Authentication Certificate where the Subject Name matches the FQDN of the server.  You need to configure your server name and DNS suffix before running this script.

Firewall Ports required:

SCCM – TCP/443 and TCP/8531
SCOM – TCP/5723

The script requires a few files to work, here is an example folder structure:

scom-sccm_script

  • RootCerts – Contains all of your internal root and intermediate CA’s
  • SCCM – Contains SCCM Client Installation
  • SCOM – Contains SCOM Agent Installation
  • SupportTools – Folder from SCOM Install Media (MOMCertImport.exe required)

The script works as follows (Again you will need to modify to suit your needs):

  • Gets FQDN of computer
  • Gets the current directory (So we know where to get the installation media and certs from)
  • Imports root certificates into the local machines root store (root) and intermediate certificates into the local machines intermediate store (CA)
  • Creates Host file entries for SCOM and SCCM servers (assumes no DNS)
  • Generates a certificate request file in C:\_Temp.  (Change template to suit your environment)
  • Opens Notepad for user to copy the CSR and generate Certificate via internal CA’s
  • Waits for user to place the new certificate in C:\_Temp\
  • Installs SCCM Client (With your site settings – this example uses HTTPS)
  • Installs SCOM Agent (With your management server settings)
  • Installs SCOM CU, assigns SCOM certificate and restarts SCOM service.

Here is the script, again it’s very much a draft and suited my customer.  Please amend and test thoroughly before running it on your production systems.

 

Author: Chris Hayward

Share This Post On

1 Comment

  1. Is it possible to install SCOM (not the agent) in a workgroup environment? Why is it mandatory to join a domain to install scom?

    Post a Reply

Trackbacks/Pingbacks

  1. Weekly IT Newsletter – December 28-January 1st, 2016 | Just a Lync Guy - […] · SCOM / SCCM – Script install on DMZ or Workgroup Machine […]
  2. NeWay Technologies – Weekly Newsletter #180 – December 31, 2015 | NeWay - […] · SCOM / SCCM – Script install on DMZ or Workgroup Machine […]
  3. NeWay Technologies – Weekly Newsletter #180 – January 1st, 2016 | NeWay - […] · SCOM / SCCM – Script install on DMZ or Workgroup Machine […]
  4. Weekly IT Newsletter – December 28-January 1st, 2016 – Guy UC World - […] · SCOM / SCCM – Script install on DMZ or Workgroup Machine […]

Submit a Comment

Your email address will not be published. Required fields are marked *