Twas the night before ConfigMas, when all through the house
Not a keyboard was clicking, not even a mouse
It’s that magical time of year again! A time for friendship, feasts, and festivities. I’m talking, of course, about ConfigMas! That special occasion when Adaptiva delivers a holiday ConfigMgr roundup for all to enjoy. This year, we’ve compiled some of the best advice from MVPs and leading industry experts into The Twelve Tips of ConfigMas.
Follow our twitter at @adaptiva, or check back on this blog every day to see each new tip.
Wishing you and your loved ones a Very Merry ConfigMas!!
The ConfigMas Carolers Sing (Adding One Per Day)
Tip #1 Use the SCCM Office 365 Wizard to Create Your Office 2019 Install
Prajwal Desai @PrajwalDesai
Day 1 of the 12 Days #ConfigMas Tips is upon us! Starting with MVP @PrajwalDesai: Use the SCCM Office 365 Wizard to Create Your Office 2019 Install. Get the deets plus a ConfigMas song here (and check back daily for more tips).https://t.co/ICEPq76I1R #configmgr #sccm pic.twitter.com/Ah3e5xtirR
— Adaptiva (@adaptiva) December 6, 2018
With Office 2019 utilizing click-to-run technology, MSI technology is no longer used. Instead, Microsoft lets you create your Office 2019 install via the Office 365 installer wizard in the ConfigMgr console. To get the best from this installer use ConfigMgr 1806 onwards.
Prajwal takes you through an informative step-by-step on how to do this in his blog post.
Tip #2 Upgrade to Current Branch with the Latest Baseline
Niall Brady @ncbrady
12 Days of #ConfigMas Tips Day 2: Upgrade to Current Branch with the Latest Baseline. @ncbrady explains it all to make it easy and fun —yes, we said fun! Get all the info, plus hear more of the Twelve Days of ConfigMas Tips song🎄🎼https://t.co/ICEPq76I1R #sccm #configmgr pic.twitter.com/bAqLgyLwBI
— Adaptiva (@adaptiva) December 7, 2018
If you are still on ConfigMgr 2012, then it’s time you looked at upgrading to ConfigMgr Current Branch. You’ll get the latest and greatest features, continued support for Windows 10, and the chance to take advantage of all the latest cool cloud management roles.
Eight-time Enterprise Mobility MVP Niall Brady explains what baseline releases are and where you can get them from in this blog.
Tip #3 Move Your ContentLib to a Remote Location
Peter van der Woude @pvanderwoude
Move Your ContentLib to a Remote Location — Tip #3 in the 12 Tips of #ConfigMas — comes from @pvanderwoude. Get into the holiday spirit and optimize your #ConfigMgr architecture. https://t.co/ICEPq76I1R #SCCM pic.twitter.com/tqIyEylj1G
— Adaptiva (@adaptiva) December 10, 2018
Start to plan ConfigMgr high availability, or just free up some space on a cramped CM site server, by moving your ContentLib folder to a remote share location. Using this for HA purposes will ensure that the ContentLib is still available should your active site server go offline.
Peter van der Woude takes you through the flow of the process to shift that data to another location. Get the details in this blog.
Tip #4 Sort Your WSUS out
Johan Arwidmark @jarwidmark
Tip No. 4 in the 12 Days of #ConfigMas: “Sort Your WSUS out” comes via @jarwidmark. He brings the best WSUS advice from around the globe into focus to make your #ConfigMgr life easier. https://t.co/ICEPq6P7aj #SCCM pic.twitter.com/9FP9QtpyLT
— Adaptiva (@adaptiva) December 11, 2018
WSUS please go away! One day ConfigMgr will not rely on this much maligned solution but until then we live with it. We embrace it as much as we can. Earlier this year WSUS was a big problem for businesses with severe traffic being generated across estate on port 8530 and huge amounts of data being downloaded by devices. ConfigMgr admins took to the Internet to share stories and collaborate on how they had tackled their issue or put up with it.
Johan’s blog takes the approach of collating some of that information from various sources. So this meta-blog has become the go to blog for WSUS maintenance and troubleshooting. Read the full blog here.
Tip #5 Embrace ADR’s for Patching
Bryan Dam @bdam555
What could be better than sitting around the fireplace with your friends and family optimizing your #ConfigMgr Automatic Deployment Rules? The 12 Tips of #ConfigMas continue with Tip #5: Embrace ADRs for Patching from @bdam555. https://t.co/ICEPq76I1R #SCCM pic.twitter.com/ZJmNjoTSSs
— Adaptiva (@adaptiva) December 12, 2018
Automatic Deployment Rules (ADR’s) can be used in ConfigMgr to automate your patching process and take away some of that monthly admin overhead. Use them wisely and configure them in a way that works for your environment.
ConfigMgr expert Bryan Dam’s notes from the field are the perfect starting point for ADR’s. Bryan doesn’t tell you how to set them up. Instead, he gives you food for thought on the options you should consider when implementing. Get all this wisdom in this blog.
Tip #6 Reduce Your Attack Surface with Defender Application Control
Paul Winstanley @sccmentor
This holiday season, @SCCMentor gives you something to sing about … Tip #6 of the 12 days of #ConfigMas Tips: Reduce Your Attack Surface with Defender Application Control . https://t.co/dOQKJ2PEyE #SCCM #ConfigMgr pic.twitter.com/HHpgJDrWf2
— Adaptiva (@adaptiva) December 14, 2018
Use Windows Defender Application Control to restrict application execution within your environment to trusted apps only. The complexity behind its implementation is reduced significantly with ConfigMgr and Intune’s managed installers which automatically authorize the apps deployed by these management tools.
In this blog post, Paul (talking about myself in the third person here) explains what WDAC is. Then he runs through the methods to implement it via both CongfigMgr and Intune. Read it here at the SCCM Mentor Blog.
Tip #7 Think about High Availability
Robert Marshall @robmvp
Ten times Enterprise Mobility MVP Robert (aka “Don’t cal me Rob” aka @robmvp) Marshall brings us Tip #7 of the 12 Days of #ConfigMas: Think about High Availability. https://t.co/ga2F8X4cMg #configmgr #sccm pic.twitter.com/rKJIHZN3KI
— Adaptiva (@adaptiva) December 14, 2018
High availability of the ConfigMgr site server has been a much requested, long awaited feature. The feature is slowly being drip fed into ConfigMgr. Its power and flexibility are developed and improved upon with each release. As well as being able to keep the site up and running, this feature could be used to move site servers from one server OS to another. With the passive containing the updated OS, you remove the restriction of not being able to change the hostname of the site server.
Ten times Enterprise Mobility MVP Robert Marshall’s extremely detailed blog highlights the technical requirements to spin up a passive site server when the active goes offline. Read all about it in the appropriately named Roberts Blog here.
Tip #8 Build Your CM Lab in Azure
Dan Padgett @danjpadgett
On the 8th day of #ConfigMas tips, my community gave to me…..: Build You CM Lab in Azure. #ConfigMgr consultant @danjpadgett runs through the step-buy-step process to get the site up and running so you can play and learn. https://t.co/ICEPq76I1R #ConfigMgr #SCCM pic.twitter.com/Kren8NKlpE
— Adaptiva (@adaptiva) December 17, 2018
New to ConfigMgr and need some assist on getting your site built or just want to crank up an Azure lab nice and fast? The blog post includes links to the free Azure sign up where you can get $200 of Azure credit for 30 days and a handy calculator, which will give you an idea of any ongoing costs.
ConfigMgr consultant Dan Padgett runs through the step-buy-step process to get the site up and running so you can play and learn. Get all the info here.
Tip #9 Learn the True Facts about SUP in CM
Jason Sandys @JasonSandys
Day 9 of #ConfigMas tips: Learn the True Facts about SUP in CM. #ConfigMgr Super MVP @JasonSandys helps us demystify the myths and misconceptions around the ConfigMgr Software Update Point role. https://t.co/ICEPq76I1R #SCCM pic.twitter.com/ukxiwaDQHQ
— Adaptiva (@adaptiva) December 18, 2018
Demystify the myths and misconceptions around the ConfigMgr Software Update Point role.
- Where are the EULA’s stored?
- Does the SUP distribute content?
- Is WSUS needed on the SUP server?
- Does anyone out there like WSUS?
Super MVP Jason Sandys’ myth buster blog is the place to find the answer to the above questions and more. Enjoy Jason’s wizardry here.
Tip #10 Understand Application Install Workflow
Dawn Wertz @wertzdm3
Adaptiva’s 12 Days of #ConfigMas Tip #10: Understand Application Install Workflow. #ConfigMgr Expert @wertzdm3 presents us with a deep analysis and breakdown of steps to troubleshoot the ConfigMgr application installation. https://t.co/ICEPq76I1R #SCCM pic.twitter.com/UAsbHK4o6n
— Adaptiva (@adaptiva) December 19, 2018
A picture can paint a thousand words and the workflow diagram presented at the configgirl blog does just that. It breaks down troubleshooting ConfigMgr application installation into series of steps relating to which log to refer to at which time in the process. The analysis goes deeper with references to the log file events with an example installation of 7-Zip. Fail to bookmark this page at your peril.
Dawn Wertz’s expert analysis can be found here.
Tip #11 Patch Third-Party Updates
Nick Hogarth @nick_hogarth
On the 11th day of #ConfigMas tips, my community gave to me…..: Patch Third-Party Updates. #ConfigMgr MVP @nick_hogarth shows you how to enable the feature on your SUP & how to get things flowing in your environment. https://t.co/ICEPq76I1R #SCCM pic.twitter.com/UO0ttFpGkT
— Adaptiva (@adaptiva) December 20, 2018
The Adaptiva Managing Windows 10 Security Features with ConfigMgr report overviewed the new third-party features introduced with ConfigMgr 1806. This feature imports software catalogs and publishes update information to a configured WSUS server. ConfigMgr then synchronizes the updates into the site server database and makes the updates available to endpoints via the SUP role.
Enterprise and Mobility MVP Nick Hogarth’s guide shows you how to enable the feature on your SUP and how to get things flowing in your environment. Get all the info here.
Tip #12 Remove Built-In Apps for Windows 10 1809
Nickolaj Anderson @NickolajA
Adaptiva's 12 Days of #ConfigMas Tip #12: "Remove Built-In Apps for Windows 10 1809" – #ConfigMgr MVP @NickolajA provides a handy script to help you remove any unwanted apps. https://t.co/ICEPq76I1R #SCCM pic.twitter.com/d7obIwXXKA
— Adaptiva (@adaptiva) December 21, 2018
With another major release of Windows 10 comes another reason to update your remove built in apps script. Some new apps have been added to the mix, so you may wish to consider removing some or all of these during your OSD deployment.
The new apps are:
SCConfigMgr MVP Nickolaj Anderson’s handy script assists you with that very task. Grab a copy of the script and learn how to use it here.