Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

bdam

My feedback

  1. 608 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    29 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    It'd be nice to have something official from the product team on this but I'll try and faithfully represent what I've heard djam say about this.

    This feature is not dead, otherwise it wouldn't be in the product anymore.

    The product team believes the GUI makes it nearly impossible to configure correctly (something something 'maintenance windows'). I'd like to get some clarification on this because I worked for a long time and reached a Sr Escalation Engineer who couldn't help me configure it correctly. He simply did some very quick tests and called it 'broken' (see bug reports below)

    The plan is to fix the GUI and re-write the back-end to ride over the BGB/Fast Channel used for the scripts and CMPivot features. Hopefully that fixes the locking issues and might even lead to some interesting reporting (dashboards dangit!)

    Remember, I'm just some rando guy on the internet but the scuttlebut is that they hope to work on this for 1810.

    bdam commented  · 

    Now that we have the 'Run a PowerShell Script' option it seems pretty obvious to use that feature here for the node drain scripts. That should fix the 512 character limit. Additionally, I hope it would make sense to then add a run-as feature to use service accounts for thinks like Exchange and SQL where workloads need to be moved and the local system isn't going to have that kid of access.

    bdam commented  · 

    For those looking for documentation: https://docs.microsoft.com/en-us/sccm/sum/deploy-use/service-a-server-group

    I just tried using this for the first time in 1702 and it would appear the script is limited to 512 characters. I have difficulty believing that's going to be enough. I had to condense and cheat just to get a script to run scheduled tasks.

    Which raises another suggestion here; we need to be able to run the scripts as a particular account. The machine account shouldn't have access to move Exchange/SQL resources.

  2. 248 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
    bdam shared this idea  · 
  3. 19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas » Software Center  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    This applies to package deployments (advertisements) as well. Log the other user out and the package deployment shows up.

  4. 11 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas » Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    This is already possibly using Microsoft Desktop Optimization Pack (DaRT).

  5. 1,655 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    29 comments  ·  Ideas » Tools  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    As Tony Peters calls out, the 'Show Collections - Advanced' is basically a killer feature. No ConfigMgr admin should be without it.

    Beyond that, I would love to see some content routines. For example: redistribute content to failed DPs for either a specific piece of content or globally.

  6. 1 vote
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas » Client Settings  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    I think this would need to be a client settings. I know that more than a few organizations intentionally leave this enabled so that users can directly scan and updated against Windows Updates. One of the more rational reasons is to allow security to be at the bleeding edge and to manage themselves that way yet still managing to make sure updates are applied and reported.

  7. 856 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    32 comments  ·  Ideas » Application Management  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    Not quite sure TP ability lines up with this UV item. The UV is asking to uninstall when no longer targeted by a deployment. The TP uninstalled when an approval is denied/revoked. Those strike me as totally separate.

  8. 51 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Ideas » Deployment Monitoring  ·  Flag idea as inappropriate…  ·  Admin →
  9. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Ideas » Troubleshooting & Support  ·  Flag idea as inappropriate…  ·  Admin →
    bdam shared this idea  · 
  10. 119 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    7 comments  ·  Ideas » Compliance Settings  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    Related, allow remediation if and only if a key/value exists. I'm using a CI to configure Office Channel because we see clients where the GPO doesn't seem to work. In this use case I just want to make sure the value is set to a particular string if it exists. I don't want it creating that value where Office 365 isn't installed nor do I want it to install Office 365 where it's not installed.

  11. 22 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Ideas » Tools  ·  Flag idea as inappropriate…  ·  Admin →
    bdam shared this idea  · 
  12. 27 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Ideas » Troubleshooting & Support  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    Yes please, doubly so on servers that just don't reboot for weeks at a time by their very design. The agent will have the lights on (service shows running) but clearly no one's home (no log action, none of the scheduled actions kick off).

  13. 3 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 
  14. 10 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    FWIW, you can achieve the same result using maintenance windows. Create a non-repeating MW that occurs in the past and apply it to the servers you wish to manually patch. Deploy updates to them and watch them never install until someone manually does so.

  15. 156 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    14 comments  ·  Ideas » Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    I would think there's other opportunities for this kind of thing beyond collections. Task Sequences come to mind. I mean, as much as I love trolling Neihaus's Twitter feed to figure out how to make Win 10 enterprise ready I'd rather crowd source.

  16. 221 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    12 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
    bdam supported this idea  · 
    bdam commented  · 

    Yes please! Microsoft's 'best' practice which is widely used is to run ADRs monthly and create a new SUG. There's no way to filter out just the updates released since the last time the ADR ran. 'One month' simply subtracts from the date's month value causing it to miss updates. For example. Patch Tuesday was on the 14th in November 2017 so 'one month' would miss updates release between the previous Patch Tuesday (October 10) and October 14h.

  17. 15 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  3 comments  ·  Ideas » Application Management  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    Yes please! It just seems incongruent with the app model to just pick the first deployment type.

    bdam supported this idea  · 
  18. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Ideas » PowerShell  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    One other addition. It would appear that while you can set the software update deployment package when you create an ADR with New-CMSoftwareUpdateAutoDeploymentRule you don't get it as a property when you use Get-CMSoftwareUpdateAutoDeploymentRule (the package ID is buried in the ContentTemplate) nor can you change it with Set-CMSoftwareUpdateAutoDeploymentRule.

    bdam commented  · 

    Hmm, so just tonight I found that Set-CMSoftwareUpdateGroup seemingly got updated with some undocumented switches that look mighty interesting: ClearExpiredSoftwareUpdate, ClearSoftwareUpdate, ClearSupersededSoftwareUpdate. If those do what I hope they do that's great. Since there's no documentation I can't tell but if ClearSupersededSoftwareUpdate removes superseded updates it would be great if that was either configurable to only clear/remove updates older than X months. Bonus points for defaulting to whatever is configured for the software update component.

    bdam shared this idea  · 
  19. 13 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Ideas » Software Updates  ·  Flag idea as inappropriate…  ·  Admin →
    bdam commented  · 

    What's odd to me is that the software updates nodes allow you to select 'Content Size (KB)' but that data isn't populated.

  20. 8 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: facebook google
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas » Reporting  ·  Flag idea as inappropriate…  ·  Admin →
    bdam shared this idea  · 

Feedback and Knowledge Base