Insights

Ami's Lab

ConfigMgr 1710: Admin’s Ramp-up Guide

by

Adaptiva presents Ami's Lab

Adaptiva’s Technical Evangelist, Ami Casto promises to “science the bits” out of everything from the latest ConfigMgr releases and Windows 10 OSD advances to tools and techniques from the community. Follow this blog series to separate the buzz from from the bytes with new tech by finding out how it behaved in Ami’s Lab.

The year 2017 flew by and ConfigMgr admins saw many improvements to the product this year. The final release of the year for everybody’s favorite systems management product is version 1710 which was released to the fast ring in mid-November. There are quite a few notable features such as the real-time monitoring of the Run Scripts feature, new ways to manage devices from the ConfigMgr console, and features promoted out of pre-release ready to be widely adopted by all.

ConfigMgr 1710 Deep Dive Webinar

This blog contains ConfigMgr 1710 tech goodness from my lab, but first I’m including the full video and slides from webinar. Adaptiva (me) and TrueSec (Johan Arwidmark) plus special guests talked about co-management and everything else 1710. We referenced a lot of community blogs, which are linked below as well. Webinar, blog, or both—I’ve got your 1710 covered.

ConfigMgr 1710 Servicing

Upgrading to ConfigMgr 1710 follows the now well-known process of in-console upgrades, where admins are notified every time there is an updated version. For those of who want to start testing early, a PowerShell script is available to enter the Fast Ring, which provides the build before it is declared stable. It’s highly recommended to upgrade in a lab first, wait a few weeks, and then upgrade in production.

Even though the in-console upgrade itself is straightforward, there are a few things to keep in mind before starting the upgrade:

  • ConfigMgr 1710 only supports Windows ADK 10 v1703 and v1709, so environments on older ADK versions need to upgrade the ADK first. And as usual, there is no “upgrade” of the Windows ADK, it’s an uninstall and then a new install. Pro tip: upgrade the ADK first, and then ConfigMgr, because the ConfigMgr setup process will automatically update the default boot images for you. Quite nice.
  • Like the previous version, ConfigMgr 1710 does not support Windows 2008 R2 except for distribution points, so fix that problem first if it applies. This can be accomplished either by doing an in-place upgrade of the operating system or by backup and restore to a new server.
  • SQL Server version must be 2012 SP3 at very least, but please note, the site server performance is better when upgrading to a newer release like SQL Server 2016 SP1.
  • Check for pending reboots: Use the following script to verify that there are no pending reboots:
    https://github.com/DeploymentResearch/DRFiles/blob/master/Scripts/Test-PendingReboot.ps1
  • Disable (or uninstall) antivirus software. This is still one of the most common reasons the upgrade fails.

Co-management – Introduction

The ability to manage a machine from both Microsoft Intune and ConfigMgr, at the same time, is one of the most interesting features yet for modern management. It allows for an uncomplicated way of transitioning certain workloads from on-premise ConfigMgr, to Intune.

There are two ways to get a Windows 10 client in a co-managed state: (1) From ConfigMgr, have the device enroll into Intune. (2) Take a machine provisioned via Intune, and install the ConfigMgr client agent on it. The latter option integrates nicely with the Window AutoPilot solution as well, which allows a quick enrollment of new machines into Intune.

Currently, there are three co-management workloads to choose from, but there will be more added as time goes by.

ConfigMgr 1710 co-management workloads.
Configure Workloads

Co-management – Setup

Co-management requires ConfigMgr 1710 in combination with Windows 10 v1709, the Creators Fall release. It also requires a standalone Microsoft Intune tenant, so an existing hybrid solution can’t be used. In terms of setting up Co-management, ConfigMgr guru Zeng Yinghua (Sandy) has written an excellent articles series on the http://scconfigmgr.com blog:

  1. How to setup Co-management – Part 1 (Roles and Certificates)
  2. How to setup Co-management – Part 2 (Create Certificates)
  3. How to setup Co-management – Part 3 (Cloud Management Gateway)
  4. How to setup Co-management – Part 4 (Management point and Software Update point)
  5. How to setup Co-management – Part 5 (Cloud Distribution point)
  6. How to setup Co-management – Part 6 (Setup Co-management in ConfigMgr)
  7. How to setup Co-Management – Part 7 (Deploy ConfigMgr client to AAD Devices from Intune)

OSD Enhancements

This release delivered many useful OSD improvements. Child task sequences allow an admin to create a parent/child relationship between task sequences by nesting a task sequence within another one. The combined sequences will write to the same smsts.log file and the step that runs the nested child sequence is apparent in the log. When using this feature, OSD experts can transform the way task sequences are used in their environment.
Run Task SequencePeer cache is no longer in pre-release. This feature was added in ConfigMgr 1610 and allows any Windows client that can support a ConfigMgr agent to act as a source of content for other clients within a boundary group. The product team provides support for pre-release features; however, this new “promotion” of the feature should encourage wider adoption.

Organizations that deploy Surface devices will see that the Surface Driver Update feature is also out of pre-release. This feature is a great way to continue to automate Surface firmware updates without allowing end users to automatically update with Windows Update in a controlled environment. This preserves user devices by allowing admins to first test the update before deploying, as well as preventing each Surface device from reaching out over the Internet to Microsoft Update which could impact offices that are sensitive to internet load.

In-console Management Improvements

Starting with this release, a new column is available for devices to show pending reboot status. Admins can initiate a reboot within the ConfigMgr console by using a client notification. The restart notification can be initiated per device. Also, while an admin cannot right click a device collection and navigate to client notification to initiate a restart, once within a device collection, the restart notification becomes available.

Configure Workloads

When the client receives the notification, end users will be notified.

End user will be notified
The run scripts feature has improved since its first production release four months ago. Now admins can see real-time results from the wizard used to launch the script, and the same improved results are available in script status within the monitoring node.

Sample using a PowerShell script to call the slmgr.vbs VBScript to activate the lab machines.
Real-time results from the wizard

Client Settings

The data reported to Windows Analytics is tailored to report specific relevant information (as opposed to all of it) when using Enhanced (Limited) telemetry in the Windows Analytics client setting. While telemetry is a word that many organizations fear, the fact that data can be stripped to a bare minimum should put many at ease. Admins can still obtain actionable information about the environment knowing they are only sending a subset of the full telemetry data for Windows 10 1709 and newer clients.
Script Run Status

Software Center Changes

Until now, organizations needed an Intune subscription to add Enterprise branding. That is no longer a requirement. With ConfigMgr 1710, it is now possible to add a custom logo to Software Center as well as specify what tabs are available for end users to interact with on their managed devices. There is a new node for Software Center in Client Settings and an admin can choose to manage it via the default settings or create a new one and target to all or specific collections. This means there is a potential for Software Center to be branded for each device collection which could make things complicated very quickly. Decide on an overall branding, and deploy that to all devices that should see the custom branding.
Software Center Changes
Traditionally, Software Center would display a company name and have six tabs available for end users to interact with on their systems.
Software Center takes on a new lookHowever, once the client setting is customized and deployed, Software Center takes on a new look.
Custom branding extends to all parts of Software CenterThe custom branding extends to all parts of Software Center, including restart notification windows.
The custom branding extends to the restart notification windows

Extra Links Mentioned in Webinar

Microsoft Documentation: Official ConfigMgr 1710 doc

Harjit’s Blog: Fix For Error: Failed To Process Configuration Manager Update 0x87d20b15

Deployment Artist Script Repository

Deployment Research Blog: Task Sequence via PowerShell

Sanyd’s Blog: Set Application icon size in Software Center for ConfigMgr using PowerShell

Peter Egerton’s Blog: In telemetry we trust?

Gary Blok’s Blog: ConfigMgr Task Sequence Collection

Horses without Humans Organization

SCConfigMgr Blog Series on Modern Management

Traditional Management vs Modern Management – Part 1 – Encryption

Traditional Management vs Modern Management – Part 2 – Office 365

Traditional Management vs Modern Management – Part 3 – AAD/Auto MDM Enrollment

Traditional Management vs Modern Management – Part 4 – Windows AutoPilot

Kim Oppalfens Blog Series on Co-management with SCCM and Intune

An interesting use-case for Intune and SCCM Co-Management – Part 1

An interesting use-case for Intune and SCCM Co-Management – Part 2

An interesting use-case for Intune and SCCM Co-Management – Part 3

An interesting use-case for Intune and SCCM Co-Management – Part 4

 

Conclusion

If you’re looking for more info on managing Configuration Manager in your environment, check out the Adaptiva Academy. Our library is full of resources, tips, tricks to help IT admins. From security topics to OS deployment, we have the right resources for success.

Visit the Adaptiva Academy

Ami Casto
Technical Evangelist

Get free education resources and more at the Adaptiva Academy

Get Free Stuff