05-20-2014 07:43 AM
I'm trying to find a way to get PXE boot clients access to the hardwired network using CPPM. I want our desktop support people to be able to PXE boot and re-image a device using any port in our buildings. I know what PXE boot traffic looks like and where it is headed but I can't get past DHCP. The device has to be ID'd by CPPM to allow access but the device can't get an IP address until it gets access on the network. If I write a rule classify DHCP traffic to allow access then every DHCP client will get access.
Any ideas? How do you guys get your desktop support people to their PXE image servers?
Solved! Go to Solution.
05-20-2014 08:07 AM
So are you manually adding them to the endpoint database? How are you mapping them to the PXE client TIPS role?
05-20-2014 08:24 AM
We are trying to map them to a role based on traffic pattern.
We're a very large entity and importing MACs is not something we want to do if at all possible. We also hope to avoid guest licensing (again, we're very large) for financial reasons.
05-20-2014 12:54 PM - edited 05-20-2014 12:58 PM
Using the Brandeis/Tim C MSSQL tip I found, could we create a query in CPPM to search our SCCM2012 system for the MAC address to ID it as one of ours? Brandeis searched their legacy database for the mac which has an associated UID (from their database I believe). Could we just search the SCCM MSSQL for the MAC and assign it as 'username' then check 'Exists' to make policy decisions?
This doesn't solve all of our problems but it would solve the normal/95% of the time issues.
05-20-2014 02:57 PM
Yes, you could do that. You would create a MAC Authentication policy that Allows Unknown MACs, and use MSSQL as an authorization source to drop them into the PXE role.
05-21-2014 04:47 AM
@sdr53, both actually but the everyday "we need to reimage this computer" situation is the biggest issue. Mobile devices are normally done for the first time at 2 locations while desktops are normally done for the first time at the installation site. I think the MSSQL into our SCCM may solve the daily issue. Now I need to find a solutuion for new installations of desktops (I might have a somewhat non-technical solution for this)
Thanks to all who posted!!
05-21-2014 02:48 PM