Use this method—which can easily be scripted—to change the SCCM client connectivity type from Intranet to Always Internet. I found this to be useful when setting up our remote computers to be directed to our DMZ-PKI (a single public-facing server). Once this is set, it doesn’t matter if the users are on site or off site, they are managed by the DMZ endpoint.
Why do this? Due to the complexities of some networks, when remote users travel to an on site facility, [sometimes] their workgroup joined computers will not automatically detect and switch to the local SCCM distribution point, which causes the machines to fall into a non-managed state—this solution prevents that from happening. The computers are always managed through the DMZ. This cuts down on management complexity, DNS connectivity issues associated with remote computers, and guarantees machines remain managed.
:: Apply Reg Key
Reg add “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Security” /v ClientAlwaysOnInternet /t reg_dword /d 1 /f
:: Restart CM Service
Sc stop CcmExec
Sc start CcmExec
Screenshot
Notes
Set Always Internet using ccmsetup
ccmsetup.exe /native SMSSITECODE=ABC CCMALWAYSINF=1 CCMHOSTNAME=HOSTCOMPUTERNAME SMSMP=SCCMMPSERVER SMSSIGNCERT=SITESIGNINGCERT