Insights

The Twelve Tips of ConfigMas

by

Twas the night before ConfigMas, when all through the house

Not a keyboard was clicking, not even a mouse

It’s that magical time of year again! A time for friendship, feasts, and festivities. I’m talking, of course, about ConfigMas! That special occasion when Adaptiva delivers a holiday ConfigMgr roundup for all to enjoy. This year, we’ve compiled some of the best advice from MVPs and leading industry experts into The Twelve Tips of ConfigMas.

Follow our twitter at @adaptiva, or check back on this blog every day to see each new tip.

Wishing you and your loved ones a Very Merry ConfigMas!!

The ConfigMas Carolers Sing (Adding One Per Day)

Tip #1 Use the SCCM Office 365 Wizard to Create Your Office 2019 Install

Prajwal Desai @PrajwalDesai

With Office 2019 utilizing click-to-run technology, MSI technology is no longer used. Instead, Microsoft lets you create your Office 2019 install via the Office 365 installer wizard in the ConfigMgr console. To get the best from this installer use ConfigMgr 1806 onwards.

Prajwal takes you through an informative step-by-step on how to do this in his blog post.

Tip #2 Upgrade to Current Branch with the Latest Baseline

Niall Brady @ncbrady

If you are still on ConfigMgr 2012, then it’s time you looked at upgrading to ConfigMgr Current Branch. You’ll get the latest and greatest features, continued support for Windows 10, and the chance to take advantage of all the latest cool cloud management roles.

Eight-time Enterprise Mobility MVP Niall Brady explains what baseline releases are and where you can get them from in this blog.

Tip #3 Move Your ContentLib to a Remote Location

Peter van der Woude @pvanderwoude

Start to plan ConfigMgr high availability, or just free up some space on a cramped CM site server, by moving your ContentLib folder to a remote share location. Using this for HA purposes will ensure that the ContentLib is still available should your active site server go offline.

Peter van der Woude takes you through the flow of the process to shift that data to another location. Get the details in this blog.

Tip #4 Sort Your WSUS out

Johan Arwidmark @jarwidmark

WSUS please go away! One day ConfigMgr will not rely on this much maligned solution but until then we live with it. We embrace it as much as we can. Earlier this year WSUS was a big problem for businesses with severe traffic being generated across estate on port 8530 and huge amounts of data being downloaded by devices. ConfigMgr admins took to the Internet to share stories and collaborate on how they had tackled their issue or put up with it.

Johan’s blog takes the approach of collating some of that information from various sources. So this meta-blog has become the go to blog for WSUS maintenance and troubleshooting. Read the full blog here.

Tip #5 Embrace ADR’s for Patching

Bryan Dam @bdam555

Automatic Deployment Rules (ADR’s) can be used in ConfigMgr to automate your patching process and take away some of that monthly admin overhead. Use them wisely and configure them in a way that works for your environment.

ConfigMgr expert Bryan Dam’s notes from the field are the perfect starting point for ADR’s. Bryan doesn’t tell you how to set them up. Instead, he gives you food for thought on the options you should consider when implementing. Get all this wisdom in this blog.

Tip #6 Reduce Your Attack Surface with Defender Application Control

Paul Winstanley @sccmentor

Use Windows Defender Application Control to restrict application execution within your environment to trusted apps only. The complexity behind its implementation is reduced significantly with ConfigMgr and Intune’s managed installers which automatically authorize the apps deployed by these management tools.

In this blog post, Paul (talking about myself in the third person here) explains what WDAC is. Then he runs through the methods to implement it via both CongfigMgr and Intune. Read it here at the SCCM Mentor Blog.

Tip #7 Think about High Availability

Robert Marshall @robmvp

High availability of the ConfigMgr site server has been a much requested, long awaited feature. The feature is slowly being drip fed into ConfigMgr. Its power and flexibility are developed and improved upon with each release. As well as being able to keep the site up and running, this feature could be used to move site servers from one server OS to another. With the passive containing the updated OS, you remove the restriction of not being able to change the hostname of the site server.

Ten times Enterprise Mobility MVP Robert Marshall’s extremely detailed blog highlights the technical requirements to spin up a passive site server when the active goes offline. Read all about it in the appropriately named Roberts Blog here.

Tip #8 Build Your CM Lab in Azure

Dan Padgett @danjpadgett

New to ConfigMgr and need some assist on getting your site built or just want to crank up an Azure lab nice and fast? The blog post includes links to the free Azure sign up where you can get $200 of Azure credit for 30 days and a handy calculator, which will give you an idea of any ongoing costs.

ConfigMgr consultant Dan Padgett runs through the step-buy-step process to get the site up and running so you can play and learn. Get all the info here.

Tip #9 Learn the True Facts about SUP in CM

Jason Sandys @JasonSandys

Demystify the myths and misconceptions around the ConfigMgr Software Update Point role.

  • Where are the EULA’s stored?
  • Does the SUP distribute content?
  • Is WSUS needed on the SUP server?
  • Does anyone out there like WSUS?

Super MVP Jason Sandys’ myth buster blog is the place to find the answer to the above questions and more. Enjoy Jason’s wizardry here.

Tip #10 Understand Application Install Workflow

Dawn Wertz @wertzdm3

A picture can paint a thousand words and the workflow diagram presented at the configgirl blog does just that. It breaks down troubleshooting ConfigMgr application installation into series of steps relating to which log to refer to at which time in the process. The analysis goes deeper with references to the log file events with an example installation of 7-Zip. Fail to bookmark this page at your peril.

Dawn Wertz’s expert analysis can be found here.

Tip #11 Patch Third-Party Updates

Nick Hogarth @nick_hogarth

The Adaptiva Managing Windows 10 Security Features with ConfigMgr report overviewed the new third-party features introduced with ConfigMgr 1806. This feature imports software catalogs and publishes update information to a configured WSUS server. ConfigMgr then synchronizes the updates into the site server database and makes the updates available to endpoints via the SUP role.

Enterprise and Mobility MVP Nick Hogarth’s guide shows you how to enable the feature on your SUP and how to get things flowing in your environment. Get all the info here.

Tip #12 Remove Built-In Apps for Windows 10 1809

Nickolaj Anderson @NickolajA

With another major release of Windows 10 comes another reason to update your remove built in apps script. Some new apps have been added to the mix, so you may wish to consider removing some or all of these during your OSD deployment.

The new apps are:

  • ScreenSketch
  • HEIFImageExtension
  • VP9VideoExtensions
  • WebMediaExtensions
  • WebpImageExtension

SCConfigMgr MVP Nickolaj Anderson’s handy script assists you with that very task. Grab a copy of the script and learn how to use it here.

http://www.scconfigmgr.com/2018/11/27/remove-built-in-apps-for-windows-10-version-1809/

Paul Winstanley
Microsoft MVP and SCCM Consultant.

Get free education resources and more at the Adaptiva Academy

Get Free Stuff