Insight and analysis on the information technology space from industry thought leaders.

The 12 Tips of ConfigMas

'Twas the night before ConfigMas, when all through the house, not a keyboard was clicking, not even a mouse ...

Adaptiva Guest Blogger

December 30, 2018

6 Min Read
Happy New Year

It’s that magical time of year again! A time for friendship, feasts and festivities. I’m talking, of course, about ConfigMas! That special occasion when Adaptiva delivers a holiday ConfigMgr roundup for all to enjoy. As we prepare to greet the new year, we’ve compiled some of the best advice from MVPs and leading industry experts into the 12 Tips of ConfigMas.

If you prefer to hear the 12 tips in a song, please enjoy this rousing rendition from the ConfigMas Carolers.

1. Use the SCCM Office 365 Wizard to Create Your Office 2019 Install

Prajwal Desai @PrajwalDesai

With Office 2019 utilizing click-to-run technology, MSI technology is no longer used. Instead, Microsoft lets you create your Office 2019 install via the Office 365 installer wizard in the ConfigMgr console. To get the best from this installer use ConfigMgr 1806 onward.

Prajwal takes you through an informative step-by-step on how to do this in his blog post

2. Upgrade to Current Branch with the Latest Baseline

Niall Brady @ncbrady

If you are still on ConfigMgr 2012, then it’s time you looked at upgrading to ConfigMgr Current Branch. You’ll get the latest and greatest features, continued support for Windows 10, and the chance to take advantage of all the latest cool cloud management roles.

Eight-time Enterprise Mobility MVP Niall Brady explains what baseline releases are and where you can get them.

3. Move Your ContentLib to a Remote Location

Peter van der Woude @pvanderwoude

Start to plan ConfigMgr high availability, or just free up some space on a cramped CM site server, by moving your ContentLib folder to a remote share location. Using this for HA purposes will ensure that the ContentLib is still available should your active site server go offline.

Peter van der Woude takes you through the flow of the process to shift that data to another location. 

4. Sort Your WSUS out 

Johan Arwidmark @jarwidmark

WSUS, please go away! One day ConfigMgr will not rely on this much-maligned solution, but until then we live with it. We embrace it as much as we can. Earlier this year, WSUS was a big problem for businesses with severe traffic being generated across estate on port 8530 and huge amounts of data being downloaded by devices. ConfigMgr admins took to the Internet to share stories and collaborate on how they had tackled their issue or put up with it.

Johan’s blog takes the approach of collating some of that information from various sources. So this meta-blog has become the go-to blog for WSUS maintenance and troubleshooting.

5. Embrace ADR’s for Patching

Bryan Dam @bdam555

Automatic Deployment Rules (ADR) can be used in ConfigMgr to automate your patching process and take away some of that monthly admin overhead. Use them wisely and configure them in a way that works for your environment.

ConfigMgr expert Bryan Dam’s notes from the field are the perfect starting point for ADRs. Bryan doesn’t tell you how to set them up. Instead, he gives you food for thought on the options you should consider when implementing.

6. Reduce Your Attack Surface with Defender Application Control

Paul Winstanley @sccmentor

Restrict application execution within your environment to only trusted apps with Windows Defender Application Control. The complexity behind its implementation is reduced significantly with ConfigMgr and Intune’s managed installers, which automatically authorize the apps deployed by these management tools.

In this blog post, Paul explains what WDAC is. Then he runs through the methods to implement it via both CongfigMgr and Intune.

7. Think about High Availability

Robert Marshall @robmvp

High availability of the ConfigMgr site server has been a much-requested, long-awaited feature. The feature is slowly being drip fed into ConfigMgr. Its power and flexibility are developed and improved upon with each release. In addition to doing the job of keeping the site up and running, this feature could be used to move site servers from one server OS to another. With the passive system containing the updated OS, you remove the restriction of not being able to change the hostname of the site server.

Ten-time Enterprise Mobility MVP Robert Marshall’s extremely detailed blog highlights the technical requirements to spin up a passive site server when the active goes offline.

8. Build Your CM Lab in Azure

Dan Padgett @danjpadgett

New to ConfigMgr and need some assistance in getting your site built or just want to crank up an Azure lab nice and fast? The blog post includes links to the free Azure sign-up, where you can get $200 of Azure credit for 30 days and a handy calculator that will give you an idea of any ongoing costs. 

ConfigMgr consultant Dan Padgett runs through the step-buy-step process to get the site up and running so you can play and learn.

9. Learn the True Facts about SUP in CM

Jason Sandys @JasonSandys

Demystify the myths and misconceptions around the ConfigMgr Software Update Point role.

  • Where are the EULA’s stored?

  • Does the SUP distribute content?

  • Is WSUS needed on the SUP server?

  • Does anyone out there like WSUS?

Super MVP Jason Sandys’ myth buster blog is the place to find the answer to the above questions and more.

10. Understand Application Install Workflow

Dawn Wertz @wertzdm3

As they say, a picture is worth 1,000 words, and the workflow diagram presented at the configgirl blog does just that. It breaks down troubleshooting ConfigMgr application installation into series of steps relating to which log to refer to at which time in the process. The analysis goes deeper with references to the log file events with an example installation of 7-Zip. Fail to bookmark this page at your peril.

Dawn Wertz’s expert analysis can be found here

11. Patch Third-Party Updates 

Nick Hogarth @nick_hogarth

The Adaptiva Managing Windows 10 Security Features with ConfigMgr report overviewed the new third-party features introduced with ConfigMgr 1806. This feature imports software catalogs and publishes update information to a configured WSUS server. ConfigMgr then synchronizes the updates into the site server database and makes the updates available to endpoints via the SUP role.

Enterprise and Mobility MVP Nick Hogarth’s guide shows you how to enable the feature on your SUP and how to get things flowing in your environment.

12. Remove Built-In Apps for Windows 10 1809

Nickolaj Anderson @NickolajA

With another major release of Windows 10 comes another reason to update your remove built in apps script. Some new apps have been added to the mix, so you may wish to consider removing some or all of these during your OSD deployment.

The new apps are:

  • Microsoft.ScreenSketch

  • Microsoft.HEIFImageExtension

  • Microsoft.VP9VideoExtensions

  • Microsoft.WebMediaExtensions

  • Microsoft.WebpImageExtension

SCConfigMgr MVP Nickolaj Anderson’s handy script assists you with that very task. Grab a copy of the script and learn how to use it here.



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like