Which client installation methods should you identify?

Your network contains a Windows Server Update Services (WSUS) server.
All client computers are configured as WSUS clients.
All of the client computers have Windows Firewall enabled.
Windows Firewall is configured to block File and Printer Sharing.
Users are not configured as local Administrators on their client computers.
You deploy System Center 2012 Configuration Manager.
You need to identify which methods you can use to deploy the Configuration Manager client to all of
the client computers.
Which client installation methods should you identify? (Choose all that Apply.)

A.
a logon script installation

B.
a manual client installation

C.
a software update-based client installation

D.
a Client Push Installation

E.
an Active Directory Group Policy-based installation

Explanation:
Software update point uses the Local System account and all client computers are configured as
WSUS clients. So the firewall should not affect functionality.
Client Push Installation requires File and Printer Sharing.
Group Policy Installation requires File and Printer Sharing.
Further information 1:
http://technet.microsoft.com/en-us/library/cc787076%28v=ws.10%29.aspx
File and Printer Sharing Does Not Work
File and printer sharing can fail when you turn on Windows Firewall because file and printer sharing
requires your computer to respond to unsolicited incoming traffic on one or more of the following
ports:
TCP ports 139 and 445 and
UDP ports 137 and 138
Windows Firewall blocks incoming traffic through these ports.
http://technet.microsoft.com/en-us/library/gg682180.aspx
Windows Firewall and Port Settings for Client Computers in Configuration Manager
Ports that are used for all installation methods
TCP 80 – Hypertext Transfer Protocol (HTTP) from the client computer to a fallback status point,
when a fallback status point is assigned to the client.
Ports that are used with client push installation
TCP 445 – Server Message Block (SMB) between the site server and client computer.
TCP 135 + UDP 135 – endpoint mapper between the site server and the client computer.
TCP DYNAMIC – dynamic ports between the site server and the client computer.
TCP 80 – Hypertext Transfer Protocol (HTTP) from the client computer to a management point when
the connection is over HTTP.
TCP 443 – Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management
point when the connection is over HTTPS.
Ports that are used with software update point-based installation

TCP 80 or 8530 – Hypertext Transfer Protocol (HTTP) from the client computer to the software
update point.
TCP 443 or 8531 – Secure Hypertext Transfer Protocol (HTTPS) from the client computer to the
software update point.
TCP 445 – Server Message Block (SMB) between the source server and the client computer when you
specify the CCMSetup command-line property /source:<Path>.
Ports that are used with Group Policy-based installation
TCP 80 – Hypertext Transfer Protocol (HTTP) from the client computer to a management point when
the connection is over HTTP.
TCP 443 – Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management
point when the connection is over HTTPS.
TCP 445 – Server Message Block (SMB) between the source server and the client computer when you
specify the CCMSetup command-line property /source:<Path>.
Ports that are used with manual installation and logon script-based installation
TCP 445 – Server Message Block (SMB) between the client computer and a network share from
which you run CCMSetup.exe.
Note: When you install System Center 2012 Configuration Manager, the client installation source
files are copied and automatically shared from the <InstallationPath>\Client folder on management
points. However, you can copy these files and create a new share on any computer on the network.
Alternatively, you can eliminate this network traffic by running CCMSetup.exe locally, for example,
by using removable media.
TCP 80 – Hypertext Transfer Protocol (HTTP) from the client computer to a management point when
the connection is over HTTP.
TCP 443 – Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management
point when the connection is over HTTPS.
TCP 445 – Server Message Block (SMB) between the source server and the client computer when you
specify the CCMSetup command-line property /source:<Path>.
Ports that are used with software distribution-based installation
TCP 445 – Server Message Block (SMB) between the site server and client computer.
TCP 80 – Hypertext Transfer Protocol (HTTP) from the client computer to a management point when
the connection is over HTTP.
TCP 443 – Secure Hypertext Transfer Protocol (HTTPS) from the client computer to a management
point when the connection is over HTTPS.
Further information 2:
http://technet.microsoft.com/en-us/library/gg682180.aspx
Windows Firewall and Port Settings for Client Computers in Configuration Manager
Programs and Ports that Configuration Manager Requires
Client Push Installation
To use client push to install the System Center 2012 Configuration Manager client, add the following
as exceptions to the Windows Firewall:
Outbound and inbound: File and Printer Sharing
Inbound: Windows Management Instrumentation (WMI)
Client Installation by Using Group Policy
To use Group Policy to install the Configuration Manager client, add File and Printer Sharing as an
exception to the Windows Firewall.
Further information 3:
http://technet.microsoft.com/en-us/library/gg682191.aspx
Determine the Client Installation Method to Use for Windows Computers in Configuration Manager
The following table outlines the advantages and disadvantages of each client installation method to
help you determine which will work best in your organization:

Client push installation
Can be used to install the client on a single computer, a collection of computers, or to the results
from a query.
Can be used to automatically install the client on all discovered computers.
Automatically uses client installation properties defined on the Client tab in the Client Push
Installation Properties dialog box.
Can cause high network traffic when pushing to large collections.
Can only be used on computers that have been discovered by System Center 2012 Configuration
Manager.
Cannot be used to install clients in a workgroup.
A client push installation account must be specified that has administrative rights to the intended
client computer.
Windows Firewall must be configured on client computers with exceptions so that client push
installation can be completed.
You cannot cancel client push installation. When you use this client installation method for a site,
Configuration Manager tries to install the client on all discovered resources and retries any failures
for up to 7 days.
Software update point-based installation
Can use your existing software updates infrastructure to manage the client software.
Can automatically install the client software on new computers if Windows Server Update Services
(WSUS) and Group Policy settings in Active Directory Domain Services are configured correctly. Does
not require computers to be discovered before the client can be installed.
Computers can read client installation properties that have been published to Active Directory
Domain Services.
Will reinstall the client software if it is removed.
Does not require you to configure and maintain an installation account for the intended client
computer.
Requires a functioning software updates infrastructure as a prerequisite.
Must use the same server for client installation and software updates, and this server must reside in
a primary site.
To install new clients, you must configure an Group Policy Object (GDO) in Active Directory Domain
Services with the client’s active software update point and port.
If the Active Directory schema is not extended for System Center 2012 Configuration Manager, you
must use Group Policy settings to provision computers with client installation properties.
Group Policy installation Does not require computers to be discovered before the client can be
installed. Can be used for new client installations or for upgrades.
Computers can read client installation properties that have been published to Active Directory
Domain Services.
Does not require you to configure and maintain an installation account for the intended client
computer.
Can cause high network traffic if a large number of clients are being installed.
If the Active Directory schema is not extended for System Center 2012 Configuration Manager, you
must use Group Policy settings to add client installation properties to computers in your site.
Logon script installation Does not require computers to be discovered before the client can be
installed. Supports using command-line properties for CCMSetup.
Can cause high network traffic if a large number of clients are being installed over a short time
period. Can take a long time to install on all client computers if users do not frequently log on to the
network. Manual installation
Does not require computers to be discovered before the client can be installed.
Can be useful for testing purposes.

Supports using command-line properties for CCMSetup.
No automation, therefore time consuming.