ConfigMgr (SCCM to most people) is a beast of a product. It is probably the most complicated product that Microsoft has ever written. The manual itself is 2995 pages long, or 886158 words. That’s longer than War and Peace (587K) or Les Miserable (655K).

It is a massive product with very demanding skillset. Among other things anyone using ConfigMgr on a regular basis needs to know about SQL, Active Directory, WMI, WQL, OSD and the business.

I sometimes refer to it as an Octopus because it has eight components within it, that are available. Strangely, very few companies bother with all eight. They stick to two or three: patching, apps and deploying the OS. Those three define the lifeblood of any business - the client endpoint. You need all three things and manage them well to be successful.

So, you have a complex tool, responsible for delivering a critical part of the business and what do you do with it? You hire an expensive contractor/consultant to install it. It all works fine and then they leave and three months later things are going wrong. Collections respond like treacle. You have had several near misses with people deploying Firefox to all servers and patches are installing without you knowing. Your boss wants to know what is going on.

You’ve had your head in the manual and countless blogs for 3 months and are beginning to understand. You look at the notes, the consultant did for the install:

Extend Schema
Add self to Domain Admins group
Install SQL on remote server as self
Install SCCM - Click next, next, finish.
Create basic collections, leave default limit as All Systems
Tick “incremental refresh” to make it faster

You put the notes down and put your face in your hands and shake your head in despair.

It’s a sadly familiar story. ConfigMgr is hugely powerful and wielding the power is a huge responsibility. You need to respect it. You can’t let people loose on it without either training or validating their skills.

It’s a bit like letting a random person sit at the controls of an Apache helicopter and asking them to fly you to Glasgow. They might get you off the ground, but the chances are they will blow up a few buildings, destroy nearby power lines and shoot at some cats on the way.

Well, at least it feels like that sometimes.

There are quite a few things that people do wrong in ConfigMgr. I conducted a recent survey of IT professionals and compiled a top 10.

Updates (WSUS & SUP)
Distribution Points
Default settings

New-CMClientSetting -Name Client-Workstation -Description 'Windows 7x64 Workstation endpoint' -Type Device

$mwt = 'Client-Workstation'

Set-CMClientSetting -Name $mwt -ClientPolicy -PolicyPollingMins 30 -AddPortalToTrustedSiteList $true # -ComputerAgent -PowerShellExecutionPolicy Bypass -BrandingTitle 'Grey Wizard'# -ComputerRestart -RebootLogoffNotificationCountdownMins 180 -RebootLogoffNotificationFinalWindowMins 30 -HardwareInventory #-UseNewSoftwareCenter $true -Schedule -Enable


By deployboy

A Welshman, living in England married to a Brazilian, I am a Microsoft evangelist on all things related to both OS deployment and configuration management. I hope to entertain and educate in equal measure to give something back to the IT community.