WHY SCCM ?
A lot of Help desk engineers ( who wish to learn the tool ” SCCM ” ) and new SCCM admins ask me this question : “Why do we use SCCM Server ”
My Answer to them is ”
Example # 1: Suppose the CIO or the IT Manager ask you that he wants you to deploy a software on HR users machine . Now !! here is the Catch . Let us say that your company is spread across the globe( UK , US , ASIA etc etc ) . now being a Systems engineer you will be in a shock .
My Answer to this is using SCCM 🙂 . You may use software deployment feature of SCCM to achieve this !!
Example # 2: Let us say that the IT Manager or CIO wants to see the list of all the computers which have a specific software xyz installed on it .
” How do i do this ”
My Answer to this is using SCCM 🙂 . Using SCCM Reporting 1.e hardware Inventory
Example # 3 : Let us say recently you company recruited 500 people ( 100 in India , 100 in US , 100 in UK , 100 in Norway , 100 in Singapore ) . Now the CIO wants all these machines to have the OS and Company’s mandatory applications installed on them . How do we perform this .
My Answer to this is using SCCM 🙂 . Using Operating system Deployment feature of SCCM .
Similarly there are many other features that SCCM provide .
Here is another Frequently asked question on SCCM :
Proxy management Point and A Management Point : Well Both are Single point of Contacts for the Client . With primary Site the clients being assigned to the primary will report to Management Point at Primary site . With Secondary site , Clients assigned to it will report for proxy management Point ( Which is Management point at Secondary Site )
So in a nutshell A proxy management point is a management point but it is present on Secondary Site . Rest All is same .
With SCCM 2012 one of the wonderful feature that you get is the SCCM Cross Forest Implementation Made A lot Easy !!
For the best case scenario your cross forests should have Kerberos Authentication Between them . Even if there is no kerberos Authentication A two way external trust , One way External trust , non trusted forests
could be brought under one SCCM Site .
The only exception to this could be forests where strong DMZ restrictions/ Security restrictions could be present .
Ok !! Guys Am back with my Mantra for Software Distribution :
I am sure that after you read this post you will never forget the process of Software Distribution : Yes !! TRUST ME ON THIS
What Do you want to do , How do you want to Do , Where do you want to Do , When do you want to Do !!
This is my Mantra for Software Distribution :
What : What part covers what do you want to do . This is defined in Package . So when you create a SCCM package you tell SCCM what do you want to do . See the below Image from Windows Noobs . In this Image we have created a package and it clearly states that you want to deploy Firefox ( Remember !! “What do you want to do “)
Now that we have covered What , Let us move to “How do you want to do ” part . This part is covered in the Program . Everything that you mention with regards how this package should be deployed comes under Program like : The installation should be silent installation , Suppress Notification ( User should not receive any Notifications on his machine) , Program should run if the user is logged in or not logged in or any , Which particular platform ( OS) this Package should run . All these conditions come under Program ( Remember !! How do you want to do ). See the Snapshots below for more clarifications :
We are now done with how Part . Let us now move to Where do you want to do . As pretty cleary stated where do you want your package to be pushed . Ya ya !! You know the answer , yes !! its Collections . So answer to where do you want to do is ” Collections ( Group of machines where the software will be deployed) . Last is “When ” . I am sure you know that When covers when should this software be deployed on users machine . And the answer to this is ” Advertisement ”
So Next time you forgot about the sequence or the steps of Software Deployment just think this way ” What , How , Where and When ”
🙂 Happy Deployments
Normally You would find SCCM Architects / Designers / Administrators in a Dilemma when it comes to Which one to choose : A Primary Site vs Secondary Site vs a Distribution Point :-
OK I will try to make life easy for you here : Choose a Primary When you want to manage Clients Directly . Choose Distribution point at almost most of the occasions except for :
- Scenarios where : You want to manage the Upwards flow of Data , You want to have a local SUP ( Software Update Point ) , You want to have a local Management Point so that Clients Pick up policies and report to this Local MP , and your low bandwidth site has more than 500 Client Machines ( When i Say 500 , its a ball parking figure ) .
I hope I have made life Easy for you here . So next time you design a SCCM 2012 Environment for a Client Do consider the above mentioned points .
This is the most commonly asked question about SCCM . Well the answer to this is :
Policyagent.log : This log contains information about the new policies received by the client.
Policyevaluator.log: This log contains information about the evaluation of new policies that are being received .
Datatransferservices.log : This log contains the software download information onto the client machine .
execmgr.log ( Most Important) : This log contains all other relevant information .
I found this very helpful document on SCCM OSD and though of sharing it with you guys . Please go through it and you will get answer to most of your questions on SCCM OSD>
The document is provided from some other post
A lot Of times it is being asked to the SCCM Admins and Architects ” Is it Mandatory to Extend the Ad schema for SCCM Implementation ” . Well !! The answer to this is ” NO ” . SCCM will work the same way with or without Extending the Schema . IT is just that Extending the Schema makes life Easy for SCCM Admins . If you do not extend the Schema you need to follow some Workarounds to get your stuff done . One such example is If you extend the schema then your Clients use AD domain services to find the Management Point . Suppose I do not extend the Schema then I will need to configure SLP.
One Feature that cannot be implemented if AD Schema is not extended is NAP . For Everything else we Have Work Arounds !!
For Further Information Use : http://technet.microsoft.com/en-us/library/gg712272.aspx
I have seen a lot of Posts on Internet which were written on SCCM 2012 and owners have not modified their Posts which is causing a lot of problems for the new admins / architects ?
With SCCM 2012 ( Prior SP1) Release it was not possible to add a CAS after the installation of Stand Alone Primary Server , however with SCCM 2012 SP1 this is very much possible.
So you may start with a stand Alone Primary and later on as need be you may add CAS and other Primaries in the hierarchy .
A lot of SCCM Admins and Architects struggle to find answer to this question : ” How Many Machines per Distribution Point “
The answer to this question is tricky and depends on a number of things . However a ball parking figure could be ” 25 – 30 Machines per DP for a 1.5 MB link ” . I have safely assumed that you are considering Patching , Hardware Inventory , Software Inventory , OSD , and other features .
Note : This post is AS IS . Your actual environment might need few extra Considerations .
However you still need to check the Network usage , Peak Usage , What features you are including in your SCCM Environment.
There has been a lot of posts on what is new in SCCM 2012 . In this Post I will try to Divide the Diffrence in the two versions from the Design and Implementation point of view and from Administration point of View :
From Design and Implementation Point of View :
1. Simplification in Terms of Hierarchy : Let me explain this . In SCCM 2007 if we wanted to manage a group of 300 users over a avaregae link we would have used a Secondary Point but in SCCM 2012 We would use a Distribution point rather than going for Secondary site . This is because Microsoft has added features like Throttling and Scheduling in the Distribution Points in SCCM 2012.
2. Role Based Access Control : In SCCM 2012 Many a times the reason for using additional Primary site was to saggrigate set of duties like x set of admins should have access of deploying packages only , certain set of users should manage Desktops only and not servers. To achieve this in SCCM 2007 was tough and in some cases impossible . But now with SCCM 2012 RBAc you can manage all this very easily .
3. Less USe of CAS : You will find that you will hardly need a CAS unless your user base is very high
4. Active Directory Forest Discovery : This is a new feature that is available with SCCM 2012 Only . This can be used to manage Multiple forests Environment.
FROM Admin Point of View :
1. User Centric : SCCM 2012 is user centric . I will make this easy to understand . Let us say that you have users in your company who use a Laptop, Desktop , Ipad , A Windows based phone at the same time . Let us say that you want a software to be available on all these devices for these users so in SCCM 2012 you will distribute this software to this user rather than distributing it to his 4 systems in SCCM 2007.
2. Application Catalog at User End : Now users in SCCM 2012 will have access to a small website from which they can use which software they want on their machine ( provided Admin has given them the access to have this software).
3. There is no reprting point in SCCM 2012 as it was there in SCCM 2007 . We have only SSRS in SCCM 2012.