Endpoint Insights

Configuration Manager Maintenance Tasks

The beginning of the year is a great time to check your Configuration Manager (ConfigMgr/SCCM/MEMCM) environment to ensure that everything is working smoothly. We all know that we should be doing this every week or every month, but there never seems to be enough time. Day-to-day activities always seem to get in the way! In order to help SysAdmins out, Microsoft produced a guide that lists a number of ConfigMgr maintenance tasks. The guide is great, but I find that it doesn’t give enough detail.

Each year, instead, I refer to a list that I put together some time ago. My maintenance tasks list is designed to start at the top of the console and move down node by node. Recently, while performing these maintenance tasks for my lab, I noticed that Endpoint Analytics wasn’t setup, so guess what I did?! You can expect a blog post from me about how to setup Endpoint Analytics coming soon. I also asked my friend, Gary Blok, for his help with all things associated with operating system (OS) deployment. The result is a new section about OS tasks and a sprinkling of helpful tips and blog posts throughout this guide.

Keep in mind that these ConfigMgr maintenance tasks will take a good part of a day, or longer, to complete. This is especially true if you have a large environment. However, this is time well spent! These tests hopefully show that your environment is a good and healthy one. If it is not, then at least you know what you need to work on this year.

Note: some of the blog posts that I link to are for ConfigMgr/SCCM 2012, BUT they still apply for ConfigMgr/SCCM/MEMCM Current Branch.

ConfigMgr Console - Endpoint Insights

Configuration Manager Maintenance Tasks Checklist

Assets and Compliance

Collections

-Open the All Systems collection and review the list of all computers WITHOUT the ConfigMgr/SCCM/MEMCM client installed. Chances are that you find at least one computer that should have the ConfigMgr/SCCM/MEMCM client installed that doesn’t.
-Review all collections; update query and schedule settings.
-Review maintenance windows on each collection.
-Remove unnecessary collections.
-Using CEViewer (found on your site server) review all your collections and adjust queries that are performing poorly.

Helpful Blog Posts

Configuration Manager Collections and Collection Evaluation Viewer

How to Fix a Poorly Written WQL Query

Collection Evaluation Viewer and Certificate Chain

Asset Intelligence

-Review and confirm your asset intelligence (AI) inventory classes.
-Confirm that your AI sync point ran recently.

Helpful Blog Posts

How to Setup, Configure and Use SCCM’s Asset Intelligence

How to Query Asset Intelligence for Top Console User Details

Software Metering

-Review and update your software metering (SWM) rules.
-Remove any unnecessary rules.

Helpful Blog Posts

Cleaning-up Software Metering Rules

Disabled Software Metering Rules Are a Good Thing!

Compliance Setting

-Review and update your Configuration Items (CI) and Configuration Baselines.
-Remove any unnecessary CI or baselines.

Helpful Blog Posts

Configuration Baseline Remediation – Configuration Item

Configuration Baseline Remediation – How to Create the Baseline

Endpoint Protection

-Review and update your anti-malware policies.
-Review and update your Windows Defender firewall policies.
-Review and update your Windows Defender ATP policies.

Helpful Blog Posts

Configuration Manager 2012 and Anti-Virus Software Exclusions for Workstations

Configuration Manager 2012 and Anti-Virus Software Exclusions for Site Servers

Configuration Manager, Endpoint Protection and Hyper-V

Reducing the Effects of Endpoint Protection on Hyper-V Server Performance

How to Create an Anti-Malware Policy for Endpoint Protection

Recast Software

-Ensure that you have upgraded to the latest version of Recast’s Right-Click Tools.

HELPFUL BLOG POSTS

What’s New in Right Click Tools 4.8 Community Edition

Endpoint Insights is Information

Download the Free Version of Right Click Tools

Software Library

ConfigMgr Console - Software Library

Applications and Deployments

-Review all of your applications/packages and deployments. This might mean that you need to review your collections too.
-Remove any unnecessary applications/packages and their respective deployments.

Helpful Blog Posts

Configuration Manager Deployment Test #1

Configuration Manager Deployment Test #2

Using a SQL Server Query to Create a PowerShell Script

Software Updates

-Review and adjust any software update (SU) groups and Automatic Deployment Rules (ADR).
-Review and adjust any SU deployment groups or packages.
-Remove any unused SU groups.
-Remove any unused SU packages.

Later down on the checklist, I ask you to review what SUs are being scanned.

HELPFUL BLOG POSTS

How to Determine What Software Updates Are Required within Configuration Manager

Install Software Updates

Is There an Easy Way to Manage Windows Updates with ConfigMgr?

Operating Systems

-Review and update operating system (OS) objects: driver packages, OS images (this might also be a good time to ensure that your base OS image has all SUs applied to it, boot images, and task sequences (TS).

-Operating System and Upgrade Package Maintenance

  • Remove any unnecessary OS upgrade or OS deployment packages.
  • Update your OS upgrade or deployment packages.
    • Download the latest version of the OS you’re deploying from Volume Licensing Service Center (VLSC); Microsoft will randomly upload newer media.
    • Service the OS with the built-in tool, or community tools like OSD Builder and WIMWitch.
    • Regression test all your supported hardware models.

-Remove any unnecessary driver packages.

-Run a query to see what models are in your environment to see what models you still need to support.

-Remove any unwanted task sequences.

-Optimize Task Sequences

  • Convert large, embedded PowerShell scripts to PowerShell script FILES and place in a package (this reduces policy bloat).
  • Remove support for old models.
HELPFUL BLOG POSTS

OSD Builder

WIMWitch

Models Support Tips

Windows Servicing

-Review Windows 10 / Windows 11 updates.
-Review and update service plans.
-Review and update Windows Update for Business policies.

HELPFUL BLOG POSTS

How to Update Devices to Windows 11 with Right Click Tools

Endpoint Analytics Services

-Review, and more importantly, install Endpoint Analytics. As I mentioned earlier, you can expect a blog post from me on how to do that coming soon.

Office 365 Client Management

-Review and adjust any Office 365 SUs.

HELPFUL BLOG POSTS

Office 365 Deployment Series with MEMCM – Enterprise Deployment Lessons Learned Part 1 – Content

Office 365 Deployment Series with MEMCM – Enterprise Deployment Lessons Learned Part 2 – Changing Channels

Scripts

-Review and delete scripts that are no longer needed!

Maintenance Tasks - Checklist

Monitoring

ConfigMgr Console - Monitoring

Alerts

-Review all Active Alerts.
-Review and adjust all alert subscriptions.

Queries

-Review and remove unused queries.

Reporting

-Review custom reports.
-Review subscriptions.

Site Hierarchy

-Review your Site Status and Component Status.
-Review your Conflicting Records under Site Status.

Deployment

-Take a quick look at the Deployment status; ensure that the results are what you are expecting.

Phased Deployments

-Take a quick look at the Phased Deployment status; ensure that the results are what you are expecting.

Client Operations

-Take a quick look at the Phased Deployment status; ensure that the results are what you are expecting.

Script Status

-Take a quick look at the Script Status; ensure that the results are what you are expecting.

Client Status

-Take a look at the Client Health Status. Fix any issues.

Database Replication

-Take a quick look at the Database Replication status, if applicable; ensure the results are what you are expecting.

Distribution Status

-Closely review your Content Status and make sure that your compliance level is 100% for all packages. If not, find out why it isn’t.

Software Update Point Synchronization

-Review your Software Update Point Synchronization Status.

Site Server Status

-Review your Site Server Status.

Update and Servicing Status

-Review your Update and Servicing Status.

Security

-Review the Security Dashboard and take appropriate action, if necessary.

-Review the Endpoint Protection Status and take appropriate action, if necessary.

-Review the Health Attestation and take appropriate action, if necessary.

-Review the Microsoft Defender ATP Status and take appropriate action, if necessary.

-Review the Mobile Threat Defense Status and take appropriate action, if necessary.

Collection Evaluation

-This node is great for finding collections with long execution time.

Scenario Health

-This node is showing you the overall health for a few of the more hidden items within MEMCM. For example, SQL Server service broker health.

-Review each of the remaining nodes:

· Compliance Policies

· Upgrade Readiness

· Co-Management

· Surface Devices

· Cloud Management

· Package Conversion Status

· Scenario Health

Maintenance Tasks - Check Mark

Administration

ConfigMgr Console - Site Configuration

Updates and Servicing (ConfigMgr/SCCM/MEMCM Current Branch only)

-Ensure that the latest updates are applied.

Hierarchy and Configuration

-Review and adjust Discovery Methods.
-Review and adjust Boundaries.
-Review and adjust Boundary Groups.
-Review and adjust Exchange Server Connections.
-Review and adjust Database Replication.
-Review and adjust File Replication.
-Review and adjust Active Directory Forest settings.

Cloud Services

-Review the Cloud Services node items.

Site Configuration

-Review all of the ConfigMgr/SCCM/MEMCM maintenance tasks in the Microsoft guide.
-Review all of the Site Roles.
-Review what SUs, products and classifications are being scanned.
-Review Diagnostics and Usage Data settings.
-Review Client Approval and Conflicting Records settings.
-Review Client Upgrade settings.
-Review WSUS Maintenance settings!!! This is a fairly new setting, so double-check this one.

Client Settings

-Review and adjust, if necessary, the client settings.

Helpful Blog Posts

Configuration Manager Inventory Cycle Test Procedures

Configuration Manager Inventory Cycle Recommendations

Security

-Review and adjust, if necessary, Administrative Users.
-Review and adjust, if necessary, Security Roles.
-Review the accounts within the Accounts node.
-Remove any unnecessary Accounts.

Helpful Blog Posts

Setting Up Security for SCCM Power BI Reports

How to Create a SCCM Report Reader AD Security Group and Import the Security Role

Distribution Point and Distribution Point Groups

-Review Distribution Points.
-Review and adjust, if necessary, Distribution Point Groups.

Community

This node is where you will find the Community Hub (scripts, reports, tools, etc.). This is one of the ways you can download and install Right Click Tools Community Edition!

Configuration Manager Servers

On each ConfigMgr/SCCM/MEMCM server within your environment:
-Logon to each server.
-Check the Event Viewer for any issues.
-Check the free space on all drives.
-Review the ConfigMgr/SCCM/MEMCM log files.

SQL Servers

On each SQL Server within your ConfigMgr/SCCM/MEMCM environment:
-Logon to each server.
-Check the Event Viewer for any issues.
-Check the free space on all drives.
-Review the ConfigMgr/SCCM/MEMCM and SQL Server log files.
-Review and adjust the SQL Server backup, if necessary.
-Ensure that SQL Server re-indexing is done either by ConfigMgr/SCCM/MEMCM maintenance tasks or a SQL Server job. See the installation guide to Ola Hallengren’s SQL Server Maintenance Solution (link below) for more details.
-Ensure that the SQL Server database has defined size limits.
-Check that you are backing-up SSRS reports.
-Ensure that your SSRS database is configured for simple logging.

Helpful Blog Posts

Installation Guide to Ola Hallengren’s SQL Server Maintenance Solution

How to Define the Size of a SQL Server Database

How Do You Backup All of Your Custom ConfigMgr Reports?

Never Leave Your SQL Server Database in Full Recovery Model without a Backup

WSUS Servers

On each WSUS server within your ConfigMgr/SCCM/MEMCM environment:
-Logon to each server.
-Check the Event Viewer for any issues.
-Check the free space on all drives.
-Review the ConfigMgr/SCCM/MEMCM and WSUS log files.
-Review and adjust the SQL Server backup, if necessary.

HELPFUL BLOG POSTS

Latest Software Maintenance Script: Making WSUS Suck Slightly Less

What’s SUP???

Maintenance Tasks - Site Maintenance

Once I finish checking WSUS, I am at the end of my maintenance tasks review. I know that there are many more helpful posts out there, so tell me which ones you use to check your Configuration Manager environment. I will review them and then add them to this list!

If you have any questions about these ConfigMgr/SCCM/MEMCM maintenance tasks, please feel free to contact me @GarthMJ, Gary or Bryan.

Support

  • This field is for validation purposes and should be left unchanged.