Following the excellent PowerShell script that Benoit wrote to create operational collection, I decided to rethink it a bit to help classify collections and ease Role-based administration control implementation when a different group of users accesses SCCM. On top of that, the way folders for collections are designed, it helps implement a naming convention to keep things clear all across the SCCM console. This script works with any SCCM version.
The overall idea is to keep collections on a per needs basis. Having a collection that receives client settings, 1-2 applications, OSD and Windows Updates can lead to unplanned/accidental deployment or misconfiguration. With one collection per need, everything is well targeted.
I also prefer to have collection for inventory to feed my deployment collections, instead of always recreating the queries.
I’ve been using the same methodology for years at multiple clients site. When I go back after a few years, I know exactly what is going on, as they were using the naming and structure for all that time.
The script creates 17 folders and 36 collections. The collections are set to refresh on a 7 days schedule. If a collection already exists, the script will return an error but will continue.
Some of the collections come from Benoit script. (Thanks, Benoit !)
SCCM Powershell Script Collections Folders Download
The script can be downloaded from my Microsoft Gallery submission.
Since Technet Gallery is soon to be retired, this script is now available on GitHub.
Be sure to rate the submission if you are using it.
Full list of folders
Collections under each sub-folder will keep the naming convention.
Full list of collections
- All Servers
- All Workstations
- All Workstations – Admin
- MC – CS – Workstation Prod
- MC – CS – Workstation Test
- MC – CS – Server Prod
- MC – CS – Server Test
- MC – EP – Workstation Prod
- MC – EP – Workstation Test
- MC – EP – Server Prod
- MC – EP – Server Test
- SRV – INV – Physical
- SRV – INV – Virtual
- SRV – INV – Windows 2008 and 2008 R2
- SRV – INV – Windows 2003 and 2003 R2
- SRV – INV – Windows 2016
- WKS – INV – Windows 7
- WKS – INV – Windows 8
- WKS – INV – Windows 8.1
- WKS – INV – Windows XP
- WKS – INV – SCCM Console
- WKS – INV – Clients Version | 1710
- WKS – INV – Laptops | Dell
- WKS – INV – Laptops | Lenovo
- WKS – INV – Laptops | HP
- WKS – INV – Microsoft Surface 4
- WKS – INV – Windows 10
- WKS – OSD – Windows 10 – PROD
- WKS – OSD – Windows 10 – TEST
- WKS – SU – Exclusion
- WKS – SU – Pilote
- WKS – SU – TEST
- WKS – SU – PROD
- WKS – SD – Office 365 – PROD
- WKS – SD – Office 365 – TEST
Inventory collections have defined queries.
Production collections contain all workstation or all servers based with the Include feature of collection membership.
OS Deployment, Software Distribution and Test collections are meant to have manual membership defined.
The collection WKS – SU – Exclusion is excluded from all Software Update collections to prevent patch specific system.
Role-based administration control
The All Servers, All Workstations and All Workstations – Admin collections are specifically made for RBAC. That’s why they are the Master Collections as they will probably be the limiting collection for 99% of the collections.
The concept is the following:
- Give the server team only access to All servers
- Give the technician team access to All Workstations
- This would give access to technicians to see collections that would be considered production ready for OS and software deployment, on top of inventory collections
- Collection with the limiting collection All Workstations – Admin would then be hidden for standard technician
- Give SCCM Admin or higher ranks tech access to All Workstations – Admin
- This would make available collections like the one’s Software Update or test collection
SCCM Powershell Script Collections Folders Benefits
- Role-based administration control “ready” as explained earlier
- The loading time of each sub-folder will be faster because there will be fewer collections to load.
- Collection’s naming convention will be useful in other areas of the console:
Collection name under Package or Applications deployments tab
Collection name under all Deployments
Collection name under Software Update Groups
Hope this will help you keep SCCM clean 🙂