I need to setup the system in the following mananger but I have concerns and need to know the optins on how to prepare the setup: We have setup boundaries by IP address so that client devices report to one server and server devices report to another as per our dssign and secuirity model Some secondary sites will be able to automtically deploy the agant and some will requie a manual push over time. This is becuae some systems need cannot have the agent until the systems are validated by our QA department (this could take weeks to a few minths). Once all systems are validated and documented as per our protoocl the site settngs can be set to qutomatic. Also all servers are currently in a separete OU broken out by site and the clients are in different site OU's but all in the computer OU for each respective site. We did discovery on via AD OU and the hiogher level above each of thiose OU's. A special ID has been aded to a global admin group on al devices for SCCm to push the agent So whata are the options to prevent the insallation of the client to these systems as per desing. - Set boundaries up so IP's are only managed specifically thus adding IPs as we can - Chnage discovery to target ony the OU's needed and re-engineer the OU's to have the specific clietn types and set boundairs to thos OU's - Remove the SCCM id that allows the serer to install the client jeff parker

You can do the following Make sure you do not discover the computers. Create a client push account that do NOT have local admin permissions on the excluded computers Flollow the instructions in this article - http://support.microsoft.com/kb/207729 Configure the firewall in the exluded boxes to not allow a client push. Kent Agerlund | My blogs: http://blog.coretech.dk/author/kea/ and http://scug.dk/ | Twitter @Agerlund | Linkedin: /kentagerlund