None of these are my own inventions. I’ve collected them over the years and they’ve helped me more times than I can count. I’m also surprised how many times I encounter customers that either aren’t aware of these tips, but end up using them afterwards. Paying it forward I suppose.
Use The Force (Group Policy)
- Let it handle your server configurations. This includes firewall settings, local administrators, service login rights, and so on.
- Use GPPrefs to deploy standard goodies, like bginfo.exe (along with bgi files), and other Sysinternal’s utilities. Deploy cmtrace, KeePass and other portable apps (e.g. don’t require an installation before use).
- Ultimately, you join the machine to your domain, reboot it, and when it comes up after the next domain login, it’s like coming back to the table from the restroom to find your meal waiting for you (props to Pulp Fiction for that one).
- Whether you have one (1) network adapter or ten (10), place them into a team. This adds an abstraction layer in case you need to change the physical (or virtual) adapter and don’t want to disrupt applications and services that rely on it at the upper layers.
- It’s sooooooooooo easy to add custom tags to the BGINFO display set. One of my favorites is to add the SCCM client version, and SQL version to the display set. You can query almost any WMI, registry or file source to pull something interesting for automatic display on the desktop.
Pin Logs Folder to the Taskbar
- If you use a preferred log manager then you can ignore this tip. But if you don’t, and you typically use cmtrace.exe (like many of us mortals), and you’re using Windows Server 2012 R2 or 2016, you can Pin folders to the right-click list from the taskbar, on the Start Menu, and to the Quick Access list.
and Speaking of Windows Server 2016
- If you run your site systems on Windows Server 2016, you gain quite a lot of small, but helpful advantages. Among the neat little goodies, are…
- Right-click Start Menu for fast access to many common admin tools.
ConfigMgr Console / Column Headings
I’ve mentioned this before, but to save time, just do this and I’ll stfu:
- Navigate into Assets and Compliance / Devices
- Right-click on one of the column headings in the details pane (right-hand)
- When the popup menu appears, stare at it for a full minute.
- Then scroll down.
- Okay, now scroll back up.
- Now, check a few items like Client Version, Active Directory Site, Device Online Status, and maybe Serial Number
- Turn around and pick your jaw back up off the floor. The cleaning guy is coming around with the vacuum cleaner.
ConfigMgr Toolkit and RBAViewer
- Yes, it still exists. Yes, it still shows version “2012 R2”. Yes, it works fine with 1610. At least, it has been working fine for myself and most everyone else I know. Among the plethora of goodies it lays on your machine, is the RBAViewer utility. Once beaten, blooddied and battered, laying in an alley, puking profusely after SCCM 1511 used a blowtorch and vice grips on it, it has since recovered in a rehab and got a hair cut.
- If you ever work with role based access (hence “RBA”) using the ConfigMgr console features, you owe it to yourself to try this old but helpful utility.
AD Account Attributes -> Queries, Collections
- I’m still surprised to find customers that take the time to really use Active Directory LDAP attributes like a (smart) Lego kit. Some of them populate non-typical attributes on user and computer accounts, and then use that to assist other automation processes, either with PowerShell, Orchestrator, Azure Automation, or a trained squirrel with a radio antenna on its head. And yet others take the time to register their own OID and craft their own custom extensions. Kudos for pushing the envelop!
- For those of you that use interesting AD, Exchange, Lync/Skype and custom attributes, like employeeID, employeeType, or msExchExtensionAttribute12, you can leverage those within SCCM for queries and collections too!
- To do this, you need to modify your Discovery method settings, which has some caveats (short-term additional inventory traffic after the change is made). For example, to capture the “title” attribute, open the Active Directory User Discovery properties, click on the Active Directory Attributes tab, select “title” from the Available Attributes list, and click “Add >>”, then click OK.
- Now you can create a query-rule collection of users that have a job title of “executive douchebag” and deploy a package of questionable web shortcuts to their desktop. Although I’m kidding here, hopefully you see the (serious) potential.
- This is old, but not as old as me, moo-haa haa haaaaa (cough, cough, wheeze… gasp…*). If there’s a shortcut that you always launch using “Run as administrator”, you can configure the shortcut to always launch that way without having to right-click on it, select Properties / Shortcut and click “Advanced”. Check the box for “Run as administrator” and click OK.
Site System Maintenance Windows
- A lot of customers complain that they can’t control when SCCM checks for, and downloads, the next version on a site system. They don’t want their site systems to automatically download and update things, but yet, they still want the option to do so with a leash around its neck. You can. It does, with some conditions.
- If you’re on 1610, you can enable this by going into Administration / Site Configuration / Sites, then right-click on the Site, choose Properties. Select the “Service Windows” tab.