These steps detail how to add a DP role to a workgroup, a non-domain, non-trusted computer.
NOTE: Microsoft said this could not be done.
From Microsoft…
From MVP…
Microsoft Training Session…
I was even in a SCCM training session with Microsoft and they said, no, a distribution point would not operate in a workgroup. If that was true, then explain this workgroup computer (server) set up with the DP role, receiving packages, and having the ability to service local workstations at the site. And, just note, I moved this out of the lab and have implemented it in production; it works fine.
1 – The machine named workgroup…in the workgroup of workgroup.
2 – Showing the content was successfully distributed to workgroup.
3 – The device’s IP address with time stamp.
moving on…
The Steps
On Workgroup Computer
Create and Add local sccm service account to local admin group (my example): SCCMAdmin
Update Local Resolution Files
At c:\windows\system32\drivers\etc
hosts
10.1.0.99 YourSCCMServer.DOMAIN.com
10.1.0.99 YourSCCMServer
lmhosts (required to set up the SLP)
10.1.0.99 YourSCCMServer #PRE
10.1.0.99 “SMS_SLP \0x1A” #PRE
10.1.0.99 “MP_001 \0x1A” #PRE
Install CM Client
Copy CM setup files to c:\Windows\ccmsetup
C:\Windows\ccmsetup\ccmsetup.exe /SOURCE:C:\Windows\CCMSetup SMSSITECODE=001 /MP:YourSCCMServer.DOMAIN.COM
For testing, make sure firewall is off. You will eventually want to open ports 135 and 445.
On the SCCM Server
At c:\windows\system32\drivers\etc
update hosts file
workgroup_computer_IP computer_name
On the Workgroup Computer
Wait until the CM client has installed successfully.
Verify this reg key exists and populated with your SCCM server:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM
string SMSSLP value YourSCCMServer.DOMAIN.com
For features, verify or install IIS, BITS, BranchCache, WDS, RDC
—just use defaults to continue and install
Reboot if required.
On the SCCM Server
Create and Add local sccm service account to local admin group (my example): SCCMAdmin
Open SCCM Console, navigate to Administration > Site Configuration > Servers and Site System Roles
Create Site System Server
Enter IP Address for FQDN
Select site code from the drop down
Use %computername%\SCCMAdmin for account (literally type in %computername%—with %)
Add Distribution Point
Select Install and configure IIS if required by configuration manager
Select Enable and configure BranchCache for this DP
Enter Description: Server name
Select Allow clients to connect anonymously
Do not enable pull content (not supported with untrusted/workgroups)
Add respective local boundary group per site
While logged in as SCCMAdmin on SCCM server, navigate to \\IP_Address\ADMIN$, if prompted, enter and save credentials.
SCCM will set up the DP. It will take time; several hours, depending upon the connection. MS uses pauses, waits, and drizzle time, meaning…it isn’t fast. Note, BITS can be modified on the Client Settings in SCCM, but you really need to know what you’re doing.
Monitor distmgr.log and PkgXferMgr.log…wait for the successes to roll in.
After success messages stop appearing (this usually means the content has been synced), verify the SCCM content library is populated on the Workgroup computer.
Then, test a package deploy and/or portal package pull. View deployments under monitoring.
Bask in the glory of doing the impossible…