Wally was kind enough to send us a summarized description the questions and requests from our September User Group meeting. The following is the summarized list:

 Wally submitted the following Design Change Requests based on some of our feedback and questions:

  • Want to run a VB script as the logged on user with elevated rights
  • Want to be able to perform a restore from SQL Standard to SQL Enterprise
  • Want to be able to unapprove approved software (for example if the user moves to a different department so no longer needs the software)
  • Want more real-time actions, such as to initiate hardware inventory
  • Want a designator for the type of maintenance window when you view the maintenance windows on a collection
  • Want us to automatically redistribute targeted content if removed from a DP that is in a DP group with the content targeted to the group
  • Want to be able to control installation order of dependencies for a deployment type
  • What does a hoster do when they have more than 10 untrusted forests for their clients they host Configuration Manager solutions for in Configuration Manager 2012? We can only have 10 MPs total, and 8 SUPs. *** Currently we have no solution for this, other than separate primary sites (no hierarchy however given no trusts), or to establish one way trusts to allow clients to be supported over the trust. But I filed it as a DCR also.
  • Want us to add a collection column display for the primary user(s) of systems, or show primary devices for a user. This would help the help desk to find the system to query properties of when a user calls. I showed him how to find the primary device of a user, but he wanted a column to show it automatically without having to click the Primary Device link. Additionally, maybe even show “Currently logged on user” on a computer, as the user may not be at their primary computer.
  • Want some guidance/best practices, for smaller environments. Something like how to tune for smaller environments, such as maintenance task frequency, inventory schedules, etc.


Wally answers our Questions:

Options for PowerShell support for Client Notifications

We already have that in ConfigMgr 2012 R2 – Invoke-CMClientNotification


For software distribution, when targeting software to collections based on OUs, how to quickly get Configuration Manager updated when a computer gets moved from one OU to another after an application has been deployed? I’m not sure that Active Directory System Discovery, which collects OU information for clients, removes old OUs on a delta (but believe it may find new ones)

This does happen today with Configuration Manager 2012. When you move a computer between OUs, a USN change event is created, and our delta discovery for AD System Discovery will find that.




For this meeting we had Sherry Kissinger come in with a presentation and demo of SRS reporting in Configuration Manager.

We reviewed setup and configuration of SRS, Creating a variety of reports as well as making them visually pleasing. Sherry was able to take audience request and create reports on the fly for us to demonstrate the power of using SRS.

Sherry was kind enough to share her presentation, example reports, and some extra goodies with the group.

We have uploaded a zip file containing all the files.

Download the Zip File here



Our September meeting topic was Patch Management.

We focused on best practices for patch management utilizing System Center Configuration Manager 2012.

The bottom line with Patch Management is that with Configuration Manager 2012 the entire process is MUCH EASIER. There are many new tools and techniques to automate and make patch management more reliable.

We ran through a quick overview and demo of the software updates section of Configuration manager 2012. There is quite of bit of information here and making notes of it here wouldn’t be the most efficient use of space. The following resources should have just about everything you need to get started with patch management using SCCM 2012.

Server and Cloud Blog: Managing Software Updates in Configuration Manager 2012: http://blogs.technet.com/b/server-cloud/archive/2012/02/20/managing-software-updates-in-configuration-manager-2012.aspx

TechNet: Software Updates in Configuration Manager: http://technet.microsoft.com/en-us/library/gg682068.aspx

Book: System Center 2012 Configuration Manager: Mastering the Fundamentals – Agerlund, Kent: Kent Agerlund has a great Configuration Manager book that also has a couple great step by step examples configuring ADR.  http://www.amazon.com/gp/product/B008ZSD8QM  – The Kindle eBook version of this book is only 9.99!

Automatic Deployment Rules (ADR)
One of the best new features in CM 2012 in regards to patch management are the Automatic Deployment Rules (ADR)

This allows you to automate the entire process for selecting,  downloading, applying updates, essentially anything you can do in the console relating to updates you can automate with an ADR.

One examples for an ADR is to have separate rules setup for both your pilot group and deployment patch group. This will allow you to do “One Click” patch deployments.

Probably the best use for ADR is for managing Endpoint Protection Definitions. It was our experience that you should always use an ADR for endpoint protection definitions.  Using an ADR will allow you to keep you endpoint definitions up to date quickly.

Another great trick when configuring an ADR is to use custom severity to easily filter and exclude updates you don’t want.

The alerts in CM 2012 are much more useful than some of the “alerts” that were present in CM 07, you can configure alerts on deployments, compliance thresholds, ADR actions, and much more. Take a look at the following links for more info on Alerts:

Technet: Configuring Alerts:  http://technet.microsoft.com/en-us/library/hh427334.aspx

Technet: Operations and Maintenance for Software Updates in Configuration Manager:  http://technet.microsoft.com/en-us/library/gg712304.aspx

Collection Naming
We did have a question about best practices when naming your collections. Because of the new search capabilities in CM 12, when naming collections it is beneficial to use a prefix or suffix. EX: “SU” for Software Updates. This allows you to quickly and easily find your collections using the search function.

Note for using “Folders” in SCCM 2012
Folders in SCCM 2012 are security agnostic so the folders themselves (not the objects within) do not have security rules applied to them. If you have lots of users in the console you may not want to use folders.

New SCCM 2012 OSD feature relating to updates:
One of the new features in CM 2012 relating to patch management and OSD is the ability to inject new patches into your images easily from the console. This should allow you to easily update your reference image with the latest windows updates.

MMS 2013
We talked also abit about what was going on for MMS 2013, since the meeting it was officialily annouced that MMS is coming back to Vegas in April. Be Sure to check out the myITforum website for the MMS2013 guide: http://myitforum.com/myitforumwp/microsoft-management-summit/


This month we had two demos from MSMUG members and had a long open discussion on numerous Microsoft System Center related topics.

Mike Gouldthorp – Avecto Demo

Mike did an overview and demo of Avecto Privilege management.

Notable mentions from the presentation:

  • Mike decided to pick the Avecto product because the interface and management capabilities were better than any of the other similar products.
  • Good way to research Software usage, as the console will log software activity.  This is a useful supplement to Software Metering.
  • It was reported that after 8 months of using the Avecto product, Sub Zero only needed to allow a single user Full Admin rights to his workstation.
  • Chris Nackers commented that the only clients I he has seen that that have successfully taken away local admin rights have used the Avecto or Beyondtrust products.

Lee Berg – OSD Demo
Lee discussed some of the front end development required to complete some tricky OSD challenges. Examples included automation of Bios Configuration Settings, Asset Tag Information, Using  a web service to interact with Active Directory during a task sequence, and methods to help enable user self service ScanState and LoadState.

System Center Configuration Manager 2012 Service Pack 1
Chris spent some talk talking about some of the new features coming in Config Manager 2012 SP1. Some of the most notable points we discussed were:

  • MAC OSX support (Any intel64 bit)
  • Windows 8 Support
  • SQL 2012 support
  • OSD Improvements
  • Provisioning time improved
  • TS PXE only mode
  • Ability to add CAS at to an existing site
  • Powershell Provider
  • Windows 8 Metro App Support

The Great CAS debate
We ended up having a conversation about the nessecity of CAS servers.

I made a snarky comment on twitter and actually got a great response from Rod Trent.

Rod linked a MyITForum post from Brian Mason about CAS server considerations. This is defiantly worth checking out, as it sums up most of points of discussion we had regarding CAS servers.  http://myitforum.com/myitforumwp/2012/04/22/cas-considerations-for-cm12/

Coming Up
For our next meeting we will be talking about the best ways to manage Software Updates / Patches. We will have a post and newsletter going out soon with all the details!

Our July meeting was a great success with about 35 attendees. We had Michael Niehaus on-site who presented on MDT 2012, ConfigMgr 2012, and Windows 8. 

The bulk of this meeting was going over the new features of MDT 2012 and MDT 2012 Update 1 in detail. We also spent about 2 hours talking about Windows 8 and some of the new tools and considerations relating to Windows 8 Deployments.

The following is the review and supplementary material to the topics mentioned:
Read the rest of this entry »

MSMUG MAY 2012 Meeting Notes

This was our “MMS Review” meeting. We had an open-discussion about our experiences at MMS 2012. Outside of MMS, the discussion generally revolved around what’s new and what our plans our with the new System Center 2012 products.

A detailed summary, links, and downloads below are:

Read the rest of this entry »

Next Meeting

June 15th, 2016 Meeting – Jason Sandys to Present

Sign up for Madison Systems Management User Group Newsletter

The company or association you work for
* = required field

LinkedIn Group


Hashtag: #MSMUG


Download files/presentations here: GitHub