Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

bdam

My feedback

  1. 63 votes
    Vote
    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      You have left! (?) (thinking…)
      8 comments  ·  Ideas » Deployment Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
      bdam commented  · 

      Rudy Bankson: Just confirmed that's still an issue in 1802.

    • 18 votes
      Vote
      Sign in
      Check!
      (thinking…)
      Reset
      or sign in with
      • facebook
      • google
        Password icon
        Signed in as (Sign out)
        You have left! (?) (thinking…)
        3 comments  ·  Ideas » Tools  ·  Flag idea as inappropriate…  ·  Admin →
        bdam shared this idea  · 
      • 25 votes
        Vote
        Sign in
        Check!
        (thinking…)
        Reset
        or sign in with
        • facebook
        • google
          Password icon
          Signed in as (Sign out)
          You have left! (?) (thinking…)
          3 comments  ·  Ideas » Troubleshooting & Support  ·  Flag idea as inappropriate…  ·  Admin →
          bdam commented  · 

          Yes please, doubly so on servers that just don't reboot for weeks at a time by their very design. The agent will have the lights on (service shows running) but clearly no one's home (no log action, none of the scheduled actions kick off).

        • 3 votes
          Vote
          Sign in
          Check!
          (thinking…)
          Reset
          or sign in with
          • facebook
          • google
            Password icon
            Signed in as (Sign out)
            You have left! (?) (thinking…)
            1 comment  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
            bdam commented  · 
          • 10 votes
            Vote
            Sign in
            Check!
            (thinking…)
            Reset
            or sign in with
            • facebook
            • google
              Password icon
              Signed in as (Sign out)
              You have left! (?) (thinking…)
              2 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
              bdam commented  · 

              FWIW, you can achieve the same result using maintenance windows. Create a non-repeating MW that occurs in the past and apply it to the servers you wish to manually patch. Deploy updates to them and watch them never install until someone manually does so.

            • 615 votes
              Vote
              Sign in
              Check!
              (thinking…)
              Reset
              or sign in with
              • facebook
              • google
                Password icon
                Signed in as (Sign out)
                You have left! (?) (thinking…)
                23 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
                bdam commented  · 

                There's a whole bunch of stuff that needs to be done to keep WSUS afloat.

                SQL maintenance for one. There's already discussion about handling that better for the CM DB so it seems logical to extend that to the WSUS DB(s) as well. Let's use the local admin and SA right for doing good. I imagine the WID use case is a complicating factor there.

                Fixing ConfigMgr's use of the WSUS cleanup wizard is another. In every environment I've seen, the wizard as ran by ConfigMan doesn't seem to do anything. Despite ConfigMgr running the wizard for years simply running it manually has always cleaned out thousands of updates and computers. There's practically no logging so that would be an easy baby step ... put the results of the API call into the ConifgMgr logs to show what was done.

                The most important thing though, the thing that's going to have the most impact, is actually declining updates in WSUS. It's the only way to decrease the number of updates in the catalog that WSUS has to generate and cache and that clients scan against. The WSUS cleanup wizard will _never_ decline updates because ConfigMgr never approves updates which is a documented requirement of the wizard. A pretty straight-forward first step would be to decline updates that ConfigMgr expires based on the supersedence rules. I already have a UV item for this here: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/19709440-when-expiring-updates-based-on-supersedence-rules. To really make a difference though you have to go beyond just superseded updates and decline updates you will never deploy. A bunch of ways to approach that. The simplest is to allow users to manually decline from the console. A simple automated solution could be to mimic the supersedence process but for updates that haven't been deployed in X months since their released/modified date. More complex could be a reverse ADR of sorts that lets you decline certain category of updates (ex. Itanium, x86, Security Only). Literally anything that declines updates in WSUS would be a huge step forward.

              • 152 votes
                Vote
                Sign in
                Check!
                (thinking…)
                Reset
                or sign in with
                • facebook
                • google
                  Password icon
                  Signed in as (Sign out)
                  You have left! (?) (thinking…)
                  13 comments  ·  Ideas » Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
                  bdam commented  · 

                  I would think there's other opportunities for this kind of thing beyond collections. Task Sequences come to mind. I mean, as much as I love trolling Neihaus's Twitter feed to figure out how to make Win 10 enterprise ready I'd rather crowd source.

                • 181 votes
                  Vote
                  Sign in
                  Check!
                  (thinking…)
                  Reset
                  or sign in with
                  • facebook
                  • google
                    Password icon
                    Signed in as (Sign out)
                    You have left! (?) (thinking…)
                    11 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
                    bdam supported this idea  · 
                    bdam commented  · 

                    Yes please! Microsoft's 'best' practice which is widely used is to run ADRs monthly and create a new SUG. There's no way to filter out just the updates released since the last time the ADR ran. 'One month' simply subtracts from the date's month value causing it to miss updates. For example. Patch Tuesday was on the 14th in November 2017 so 'one month' would miss updates release between the previous Patch Tuesday (October 10) and October 14h.

                  • 15 votes
                    Vote
                    Sign in
                    Check!
                    (thinking…)
                    Reset
                    or sign in with
                    • facebook
                    • google
                      Password icon
                      Signed in as (Sign out)
                      You have left! (?) (thinking…)
                      Noted  ·  3 comments  ·  Ideas » Application Management  ·  Flag idea as inappropriate…  ·  Admin →
                      bdam commented  · 

                      Yes please! It just seems incongruent with the app model to just pick the first deployment type.

                      bdam supported this idea  · 
                    • 2 votes
                      Vote
                      Sign in
                      Check!
                      (thinking…)
                      Reset
                      or sign in with
                      • facebook
                      • google
                        Password icon
                        Signed in as (Sign out)
                        You have left! (?) (thinking…)
                        2 comments  ·  Ideas » PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
                        bdam commented  · 

                        One other addition. It would appear that while you can set the software update deployment package when you create an ADR with New-CMSoftwareUpdateAutoDeploymentRule you don't get it as a property when you use Get-CMSoftwareUpdateAutoDeploymentRule (the package ID is buried in the ContentTemplate) nor can you change it with Set-CMSoftwareUpdateAutoDeploymentRule.

                        bdam commented  · 

                        Hmm, so just tonight I found that Set-CMSoftwareUpdateGroup seemingly got updated with some undocumented switches that look mighty interesting: ClearExpiredSoftwareUpdate, ClearSoftwareUpdate, ClearSupersededSoftwareUpdate. If those do what I hope they do that's great. Since there's no documentation I can't tell but if ClearSupersededSoftwareUpdate removes superseded updates it would be great if that was either configurable to only clear/remove updates older than X months. Bonus points for defaulting to whatever is configured for the software update component.

                        bdam shared this idea  · 
                      • 12 votes
                        Vote
                        Sign in
                        Check!
                        (thinking…)
                        Reset
                        or sign in with
                        • facebook
                        • google
                          Password icon
                          Signed in as (Sign out)
                          You have left! (?) (thinking…)
                          3 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
                          bdam commented  · 

                          What's odd to me is that the software updates nodes allow you to select 'Content Size (KB)' but that data isn't populated.

                        • 8 votes
                          Vote
                          Sign in
                          Check!
                          (thinking…)
                          Reset
                          or sign in with
                          • facebook
                          • google
                            Password icon
                            Signed in as (Sign out)
                            You have left! (?) (thinking…)
                            1 comment  ·  Ideas » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
                            bdam shared this idea  · 
                          • 19 votes
                            Vote
                            Sign in
                            Check!
                            (thinking…)
                            Reset
                            or sign in with
                            • facebook
                            • google
                              Password icon
                              Signed in as (Sign out)
                              You have left! (?) (thinking…)
                              1 comment  ·  Ideas » Content  ·  Flag idea as inappropriate…  ·  Admin →
                              bdam commented  · 

                              This can also be caused by A/V that has the files locked. In such cases it would be ideal that SCCM retries the hash attempt a few times with a small delay.

                            2 Next →

                            Feedback and Knowledge Base