Preview shipped in Tech Preview
It'd be nice to have something official from the product team on this but I'll try and faithfully represent what I've heard djam say about this.
This feature is not dead, otherwise it wouldn't be in the product anymore.
The product team believes the GUI makes it nearly impossible to configure correctly (something something 'maintenance windows'). I'd like to get some clarification on this because I worked for a long time and reached a Sr Escalation Engineer who couldn't help me configure it correctly. He simply did some very quick tests and called it 'broken' (see bug reports below)
The plan is to fix the GUI and re-write the back-end to ride over the BGB/Fast Channel used for the scripts and CMPivot features. Hopefully that fixes the locking issues and might even lead to some interesting reporting (dashboards dangit!)
Remember, I'm just some rando guy on the internet but the scuttlebut is that they hope to work on this for 1810.
Just closed a month-long case with Premier support. I think it's fair to say that as of CB 1706 this feature just doesn't work the way it is designed to.
Now that we have the 'Run a PowerShell Script' option it seems pretty obvious to use that feature here for the node drain scripts. That should fix the 512 character limit. Additionally, I hope it would make sense to then add a run-as feature to use service accounts for thinks like Exchange and SQL where workloads need to be moved and the local system isn't going to have that kid of access.
For those looking for documentation: https://docs.microsoft.com/en-us/sccm/sum/deploy-use/service-a-server-group
I just tried using this for the first time in 1702 and it would appear the script is limited to 512 characters. I have difficulty believing that's going to be enough. I had to condense and cheat just to get a script to run scheduled tasks.
Which raises another suggestion here; we need to be able to run the scripts as a particular account. The machine account shouldn't have access to move Exchange/SQL resources.
This applies to package deployments (advertisements) as well. Log the other user out and the package deployment shows up.
This is already possibly using Microsoft Desktop Optimization Pack (DaRT).
Phase 1 of these feature is in 1602 production
As Tony Peters calls out, the 'Show Collections - Advanced' is basically a killer feature. No ConfigMgr admin should be without it.
Beyond that, I would love to see some content routines. For example: redistribute content to failed DPs for either a specific piece of content or globally.
I think this would need to be a client settings. I know that more than a few organizations intentionally leave this enabled so that users can directly scan and updated against Windows Updates. One of the more rational reasons is to allow security to be at the bleeding edge and to manage themselves that way yet still managing to make sure updates are applied and reported.
Check out the new uninstall behavior in 1804 tp.
Not quite sure TP ability lines up with this UV item. The UV is asking to uninstall when no longer targeted by a deployment. The TP uninstalled when an approval is denied/revoked. Those strike me as totally separate.
Related, allow remediation if and only if a key/value exists. I'm using a CI to configure Office Channel because we see clients where the GPO doesn't seem to work. In this use case I just want to make sure the value is set to a particular string if it exists. I don't want it creating that value where Office 365 isn't installed nor do I want it to install Office 365 where it's not installed.
Yes please, doubly so on servers that just don't reboot for weeks at a time by their very design. The agent will have the lights on (service shows running) but clearly no one's home (no log action, none of the scheduled actions kick off).
FWIW, this item is essentially a duplicate of this one: https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/18966352-adr-new-search-criteria-deployed-yes-no
FWIW, you can achieve the same result using maintenance windows. Create a non-repeating MW that occurs in the past and apply it to the servers you wish to manually patch. Deploy updates to them and watch them never install until someone manually does so.
156 votesstarted · AdminMark Silvey - ConfigMgr Product Team (Engineering Manager, ConfigMgr, System Center Configuration Manager) responded
First preview of the hub is available in 1807 Technical Preview.
I would think there's other opportunities for this kind of thing beyond collections. Task Sequences come to mind. I mean, as much as I love trolling Neihaus's Twitter feed to figure out how to make Win 10 enterprise ready I'd rather crowd source.
Updating status to noted, see https://docs.microsoft.com/en-us/sccm/core/understand/find-help#send-a-suggestion for an explanation of each status value.
Yes please! Microsoft's 'best' practice which is widely used is to run ADRs monthly and create a new SUG. There's no way to filter out just the updates released since the last time the ADR ran. 'One month' simply subtracts from the date's month value causing it to miss updates. For example. Patch Tuesday was on the 14th in November 2017 so 'one month' would miss updates release between the previous Patch Tuesday (October 10) and October 14h.
Yes please! It just seems incongruent with the app model to just pick the first deployment type.
One other addition. It would appear that while you can set the software update deployment package when you create an ADR with New-CMSoftwareUpdateAutoDeploymentRule you don't get it as a property when you use Get-CMSoftwareUpdateAutoDeploymentRule (the package ID is buried in the ContentTemplate) nor can you change it with Set-CMSoftwareUpdateAutoDeploymentRule.
Hmm, so just tonight I found that Set-CMSoftwareUpdateGroup seemingly got updated with some undocumented switches that look mighty interesting: ClearExpiredSoftwareUpdate, ClearSoftwareUpdate, ClearSupersededSoftwareUpdate. If those do what I hope they do that's great. Since there's no documentation I can't tell but if ClearSupersededSoftwareUpdate removes superseded updates it would be great if that was either configurable to only clear/remove updates older than X months. Bonus points for defaulting to whatever is configured for the software update component.
What's odd to me is that the software updates nodes allow you to select 'Content Size (KB)' but that data isn't populated.