Ideas
What features would you like to see?
All of the feedback that you share in these forums will be monitored and reviewed by the Microsoft engineering teams responsible for building Microsoft Endpoint Configuration Manager, though we can’t promise to reply to all posts.
If you require assisted support, please see https://aka.ms/cmcbsupport for more details.
-
Add the ability to cleanup all drivers not contained in a driver package.
Currently there is no easy way to cleanup orphaned drivers. This feature would allow an administrator to easily clean up drivers that are no longer part of any driver packages.
7 votes -
Be able to run several actions at once from Configuration Manager Client
I would like there to be a option to run several actions at once from the SCCM Client. A checkbox for each actions and then a 'Run' button that executes the actions one by one. Either in the order you checked the boxes or by alphabetical.
7 votes -
Increase maximum certificate key length for client certs
The current (1710) maximum key length for client authentication certificates is 2048 bits. Many security-conscious organizations standing up a new PKI in 2017-2018 would prefer a longer key length for all certificates. This requires that the organization lower their standards to utilize computer certificates for computer authentication.
Reference: https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements
7 votes -
DCOM errors in System event log when primary site contacts MP in untrusted forest
Stop the DCOM 10028 errors on a Primary site server that FLOOD the System logs when the primary attempts to contact an MP in an untrusted domain\forest.
I believe this a result of the order in which CM tries to authenticate to the MP - computer account then network service account - neither of which will work in an untrusted domain scenario. The connection eventual happens as expected using the Installation account. The DCOM errors are bogus errors that can consume a log file for no reason. Seems like some deeper error logging\checking is needed?
7 votes -
Integrade Configure Manager Properties (Client) Behing Windows 10 new Settings
Windows 10's legacy Control Panel will probably disappear in a future. How about to extend CM client to show CM properties behind new Win10 GUI?
7 votes -
UWF and WCD integration would be an amazing addition for the educational space
Unified Write Filter and Windows Configuration Designer profiles are both great tools, especially for customers in the education space. We often need to deploy many devices in a "Shared PC" configuration for classrooms, computer labs, etc. It would be amazing if these tools were integrated into SCCM to make deploying and managing them simpler.
7 votes -
Before a task sequence starts with a deadline, Policy should first be updated again.
Before a task sequence is executed, the client policy should first be updated again.
This is especially the case if the task sequence has a deadline.
Background information: A Task Sequence with a Deadline Is distributed to a notebook. The notebook gets this policy and knows when the deadline is. The notebook is not turned on after the deadline. In the meantime, the task sequence has been withdrawn (deleted) by an admin. The notebook does not notice this and starts to execute the task sequence at startup.
This should be unbound by first updating the policy so that this task…
6 votes -
Check if system is excluded from auto client upgrade prior to starting the installation
Currently when the Auto Client Upgrade is enabled on SCCM the clients will got through a couple of steps to do perform the installation. If a client is a member of the Excluded Devices Collection is checked during the CCMSETUP. For systems with the Unified Write Filter enabled this causes unwanted behavior due to the fact that SCCM disabled the UWF filter and forces a reboot, putting the system in a maintenance mode for about 20 minutes, locking users out.
I would like to see that the SCCM Client checks if the system is a member of the excluded device…
6 votes -
Show last cycle completion time in control panel applet
When an action is triggered in the Control Panel applet on clients, a vague message is displayed saying it will take several minutes to finish. Would like the applet to show last completion time (or 'Running') for each action, similar to how the Configurations (compliance) tab does.
6 votes -
Show missing dependencies in Tasksequence instead of Reboot
Show missing dependencies!
Typically distribution errors (which occur automatically ******) lead to a well-known error in tasksequences:
HRESULT=80040102
Failed to resolve selected task sequence dependencies.
Exiting with return code 0x80040102
TS environment is not initializedOSD only shows "Preparing network connnections..." Then the WinPE tasksequence automatically reboots and boots the currently installed OS.
Why can't you just show or list missing packages?!?! Or add a skip option? Even SMSTS.LOG isn't helpful...
6 votes -
Use Winrm to install SCCM Client
Add the possibility to use Wirm so securely push the SCCM Client instead of use a connection to the admin$ share.
6 votes -
Maintenance Window Reboot Process
Consider 2 scenarios:
A group of servers host an application that requires services to be stopped and disabled before a reboot is initiated, then once all servers are online and responding, the services should be set to automatic and started again.
A group of servers related to a common application require an ordered reboot sequence. i.e. Update and reboot in this order: Server 1, Server 2, Server 3, Server 4. Simultaneous reboots are not supported, not recommended or cause issues with the application.
What I propose is an addition to the “Maintenance Windows” tab of a device collection that would…
6 votes -
Reboot required after client upgrade
sometimes the client needs to be rebooted after an automatic client update. if you're not connected to the machine (ie server), once you connect a notification appears but if you open the software center (old and new) you will not see anything pending reboot (installation status is empty or does not have the information that anything is asking for reboot). it would be great to see under installation status that the client was upgraded and it the machine needs a reboot to complete the installation
5 votes -
One stop solution to remediate clients and their health in GUI
One stop solution to remediate clients and their health in GUI
If a new client depployment is failed, we have dig all the way into the root cause of every machine failed..If any client is having issues, we are always forced to check the logs etc... We are not sure where exactly the client stuck and for what reason. We need such a tool where we would be able to find what the issue probably is (or where it is stuck )by a simple glance on the machine.
5 votes -
Include seperate client push settings for workstations and servers
We would like the ability to have seperate client push settings for Workstations vs Servers, specifically the ability to have seperate installation properties.
5 votesNoted ·Admindjam (Product Director, or Executive, Microsoft Endpoint Configuration Manager) responded
what are the main settings you want different between clients and servers?
-
Delegate Promote Pre-production Client
In addition to the Modify and Read permissions on Update Packages class, add a third permission "Promote Pre-production Client" which can be delegated to a non-infra administrator.
4 votes -
Ability to Control/Limit Wake-Up Proxy Candidates
The nomination for Wake-Up proxies is fully automated.
From testing, up to three devices per subnet will remain switched on (or in some cases start back up if a user shuts them down). This is not appropriate in cases where a small office may contain only 4 or 5 machines.
Additionally, if a server is located at a particular site (DP for example), this should be the sole wake up candidate, due to the fact that the likelihood of that device shutting down is minimal.
I propose changes to achieve the following:
1) The ability to designate specific Wake-Up proxies …4 votes -
Purge content from ccmcache when it is no longer referenced in ConfigMgr.
It would be great if you could set a schedule on the client (like weekly, monthly, etc) where the client could look at the content in its cache, and see if it still exists in ConfigMgr - if not, purge it. For example, run a content location request for each instance in the client cache, and if no locations are returned, remove it from client cache.
4 votes -
Check for an existing CCMexec service before ccmsetup.exe executes.
Problem: On the client machine, CCMEXEC service is already running, the client is in a healthy state. Then a GPO or Client Push happens, ccmsetup.exe starts and breaks the client communication. The client ends up getting an error stating "another instance of ccmsetup.exe is already running".
Question: Could you have ccmsetup.exe check for the ccmexec service and quit if the ccmexec service is running?
4 votes -
Check all SAN (Subject Alternative Name) entries for FQDN hostname or NETBIOS name when trying to validate a PKI certificate for Client Auth
Currently, SCCM has a limitation by which it only checks the first entry in a client authentication PKI cert for the FQDN hostname or NETBIOS name. If the first entry does not include either of these, then even though the cert may still be valid, SCCM wont use it.
For example, for systems we have that sit behind Network Load Balancers, the first entry in their PKI client authentication certs is normally the NLB VIP. While additional entries are present to include the system's FQDN hostname and NETBIOS names, SCCM won't check and therefore won't use the valid PKI cert.
…
4 votes
- Don't see your idea?