Tips of System Center Configuration Manager

The 12 Tips

Use the SCCM Office 365 Wizard to Create Your Office 2019 Install

With Office 2019 utilizing click-to-run technology, MSI technology is no longer used. Instead, Microsoft lets you create your Office 2019 install via the Office 365 installer wizard in the Configuration Manager console. To get the best from this installer use Configuration Manager 1806 onwards. Prajwal takes you through an informative step-by-step on how to do this in his blog post.

https://prajwaldesai.com/sccm-office-2019-deployment/

Upgrade to Current Branch with the Latest Baseline

If you are still on Configuration Manager 2012, then it's time you looked at upgrading to Configuration Manager Current Branch. You'll get the latest and greatest features, continued support for Windows 10, and the chance to take advantage of all the latest cool cloud management roles.

Eight-time Enterprise Mobility MVP Niall Brady explains what baseline releases are and where you can get them from.

https://www.niallbrady.com/2018/03/25/what-are-baseline-versions-in-system-centerconfiguration-manager-current-branch/

Move Your ContentLib to a Remote Location

Start to plan Configuration Manager high availability, or just free up some space on a cramped CM site server, by moving your ContentLib folder to a remote share location. Using this for HA purposes will ensure that the ContentLib is still available should your active site server go offline.

Peter van der Woude takes you through the flow of the process to shift that data to another location.

https://www.petervanderwoude.nl/post/move-the-content-library-to-a-remote-location

Sort Your WSUS Out

WSUS please go away! One day Configuration Manager will not rely on this much maligned solution but until then we live with it. We embrace it as much as we can. Earlier this year WSUS was a big problem for businesses with severe traffic being generated across estate on port 8530 and huge amounts of data being downloaded by devices. Configuration Manager admins took to the Internet to share stories and collaborate on how they had tackled their issue or put up with it.

Johan's blog takes the approach of collating some of that information from various sources. So this meta-blog has become the go to blog for WSUS maintenance and troubleshooting.

https://deploymentresearch.com/Research/Post/665/Fixing-WSUS-When-the-Best-Defense-is-a-Good-Offense

Embrace ADR's for Patching

Automatic Deployment Rules (ADR) can be used in Configuration Manager to automate your patching process and take away some of that monthly admin overhead. Use them wisely and configure them in a way that works for your environment.

Configuration Manager expert Bryan Dam's notes from the field are the perfect starting point for ADR's. Bryan doesn't tell you how to set them up. Instead, he gives you food for thought on the options you should consider when implementing.

https://damgoodadmin.com/2018/02/08/we-need-to-talk-about-your-adrs-configmans-flair/

Reduce Your Attack Surface with Defender Application Control

Restrict application execution within your environment to trusted apps only with Windows Defender Application Control. The complexity behind its implementation is reduced significantly with Configuration Manager and Intune's managed installers which automatically authorize the apps deployed by these management tools.

In this blog post, Paul explains what WDAC is. Then he runs through the methods to implement it via both Configuration Manager and Intune.

https://insights.adaptiva.com/2018/windows-defender-application-control-configmgr-intune

Think about High Availability

High availability of the Configuration Manager site server has been a much requested, long awaited feature. The feature is slowly being drip fed into Configuration Manager. Its power and flexibility are developed and improved upon with each release. As well as being able to keep the site up and running, this feature could be used to move site servers from one server OS to another. With the passive containing the updated OS, you remove the restriction of not being able to change the hostname of the site server.

Ten times Enterprise Mobility MVP Robert Marshall's extremely detailed blog highlights the technical requirements to spin up a passive site server when the active goes offline.

http://configmgr2012.com/high-availability-failing-over-to-a-new-passive

Build Your CM Lab in Azure

New to Configuration Manager and need some assist on getting your site built or just want to crank up an Azure lab nice and fast? The blog post includes links to the free Azure sign up where you can get $200 of Azure credit for 30 days and a handy calculator, which will give you an idea of any ongoing costs. Configuration Manager consultant Dan Padgett runs through the step-buy-step process to get the site up and

running so you can play and learn.

https://execmgr.net/2018/04/13/building-a-configmgr-lab-in-azure/

Learn the True Facts about SUP in CM

Demystify the myths and misconceptions around the Configuration Manager Software Update Point role.

  • Where are the EULA's stored?
  • Does the SUP distribute content?
  • Is WSUS needed on the SUP server?
  • Does anyone out there like WSUS?

Super MVP Jason Sandys' myth buster blog is the place to find the answer to the above questions and more.

http://configmgr2012.com/high-availability-failing-over-to-a-new-passive

Understand Application Install Workflow

A picture can paint a thousand words and the workflow diagram presented at the configgirl blog does just that. It breaks down troubleshooting Configuration Manager application installation into series of steps relating to which log to refer to at which time in the process. The analysis goes deeper with references to the log file events with an example installation of 7-Zip. Fail to bookmark this page at your peril.

Dawn Wertz's expert analysis can be found here.

https://configgirl.com/2018/11/10/sccm-application-installation-workflow

Patch Third-Party Updates

The Adaptiva Managing Windows 10 Security Features with Configuration Manager report overviewed the new third-party features introduced with Configuration Manager 1806. This feature imports software catalogs and publishes update information to a configured WSUS server. Configuration Manager then synchronizes the updates into the site server database and makes the updates available to endpoints via the SUP role.

Enterprise and Mobility MVP Nick Hogarth's guide shows you how to enable the feature on your SUP and how to get things flowing in your environment.

https://nhogarth.net/2018/08/27/sccm-1806-third-party-updates

Remove Built-In Apps for Windows 10 1809

With another major release of Windows 10 comes another reason to update your remove built in apps script. Some new apps have been added to the mix, so you may wish to consider removing some or all of these during your OSD deployment.

The new apps are:

  • Microsoft.ScreenSketch
  • Microsoft.HEIFImageExtension
  • Microsoft.VP9VideoExtensions
  • Microsoft.WebMediaExtensions
  • Microsoft.WebpImageExtension

System Center Configuration Manager MVP Nickolaj Anderson's handy script assists you with that very task. Grab a copy of the script and learn how to use it here.

http://configmgr2012.com/high-availability-failing-over-to-a-new-passive

About Adaptiva

Adaptiva is a leading, global provider of modern endpoint management and security solutions. The company's peer-to-peer technology products, including OneSite™ and Client Health™, empower enterprise IT teams to manage and secure endpoints with unparalleled speed and at massive scale.

Adaptiva is self-funded, highly profitable, and growing at a rapid rate. Leading global Fortune 1000 organizations, including T-Mobile, Nokia, HSBC, Walgreens, the U.S. Department of Defense, and the U.S. Department of Homeland Security, use Adaptiva products to eliminate the need for a vast IT infrastructure and automate countless endpoint management tasks.