SCCM Best Practices (Tips and Tricks)

Benoit LecoursSCCM15 Comments

Sccm best practices
There’s no such things as SCCM Best Practice. Every company, every IT department, every computer configuration are unique.

That being said we are doing numerous SCCM Assessment these days, looking at various SCCM setup and configuration. Here’s our compiled list of settings, configuration and tricks we can give you to makes your SCCM configuration better.

Central Administration Site (CAS)

Don’t use a CAS. You’ll see this advice everywhere… and it’s true. Don’t use it. Just don’t.

When the Central Administration Site was introduced back in SCCM 2012 SP1 there was no concept of a preferred site system. If you had to manage thousand of clients in a remote site/region and a secondary site was not an option, the installation of numerous Primary Site was needed (so was the CAS).

But now that new client management options were introduced in later SCCM version, this is not needed anymore.

A Central Administration Site may be needed in specific scenarios. If you need to manage more than 175 000 clients or need more than 250 distribution points and you’re still unsure or don’t know what you’re doing, please ask for external help!

Colocate SQL

In most scenario, co-locate your SQL installation on your SCCM Primary Server. This is always debatable and often an unpopular topic among Database Administrators. DBA likes to have control and centralized databases as much as possible, however, co-location ensures better performance of you SCCM server.

From a licensing point of view it’s not an issue since all of the System Center products include SQL Server technology

SQL Configuration and Maintenance

Read and understand the basics of SQL configuration. Disk configuration and proper memory management can make a huge difference in your SCCM server performance. Don’t be shy to ask help to your DBA, SCCM is based on SQL technology and SQL best practices applies.

Also, make sure to defragment indexes on your SQL SCCM database on a regular basis. Fragmented indexes can make your application slow down significantly.

You can use the built-in Rebuild Index site maintenance task or use the Ola Hallengren’s SQL Server maintenance solution.

Site Systems

Keep it simple! The more site server, the more complexity you’ll have to manage. We saw setups with dozen site servers to manage 1000 computers. Why? Just because they decided to separate each role based on assumptions and bad advices. There’s really no harm doing single SCCM site server setup (SQL included) for small businesses (in term of SCCM Managed perspective). We have a couple of design recommendation in one of our post. You’ll live with this setup for years to come so plan accordingly and don’t be afraid to ask for help from the community.

Stay Current

I hope I’m not teaching you anything by saying that SCCM uses an in-console service method. This in-console method makes it easy to install updates for your SCCM infrastructure.

  • Updates are made available 3 times a year
  • Each version offers 18-month support, so don’t wait too much before upgrading to a new version
  • At the time of this writing, the latest version is 1810
  • The latest baseline version is 1802. Use this version to install a new server

When upgrading to the latest version, don’t forget to upgrade your clients ! We are seeing too many environment where the site is upgraded but not the clients.

Review the documentation of each release to learn the new and deprecated features.

Make sure to follow David James on Twitter who is the first person to announce the new version in his famous “one of those Fridays”

Client installation Compliance

What’s the goal of SCCM if you’re not managing all your devices? Do you want to push your software to only 70% of your computers? Will your security department accept that only 62% of devices have been patched? Do you want to give your management inventory number with a 28% error margin? No, No and … No.

Ensure to check your client compliance number on a weekly basis. Nothing makes me sadder to see discovered devices without the SCCM client. We often see 60-70% client installation rate. We recommend aiming 95% of the machines to have the SCCM clients. With laptops and road warrior, 100% is mostly impossible but with the help of Cloud Management Gateway and proper monitoring, your goal is attainable.

There’s also many solution out there to help you :

Software Update Maintenance

Doing Software update deployment and not doing regular maintenance will bring your server to a non-functioning state.

Collection Maintenance

Collection refreshes are heavy processes on your server resource. It can bring your server running really slow if you configure it incorrectly. The biggest mistake is enabling incremental refresh on all collections. We also often sees incremental AND full collection updates enabled on the same collections.

Give your SCCM Collections some love by :

Deployment Maintenance

Delete and remove any deployments that are no longer in use. If the deployment compliance is 100% and no longer necessary, delete it. If it’s a test deployment, delete it. If it’s a deployment created in 2009… delete it.

We created a script to help you detect and delete old deployments

Windows 10 Servicing

If you haven’t migrated yet, it’s a question of time before all your computers runs Windows 10. Windows 7 end of support is approaching (January 2020) and you must plan an upgrade strategy now. SCCM is giving you 2 options to manage Windows 10 Servicing. Upgrade task sequences and Servicing Plan. Master those topics because you’ll have to update your Windows 10 on a regular basis.

Also, ensure to track your Windows 10 version and establish an upgrade strategy for the long run. Microsoft has recently changed their support policy for 30 months for the September releases (Enterprise edition). The March release still have a support life cycle of 18 months.

SCCM Log Files

SCCM is a logging machine. It logs everything. I lose my mind when someone tells me that it’s not in the logs… it is! You just haven’t look the right one. One of the best skill you can have it knowing the exact meaning of all the logs file. (Joking!). Just learn the most important one… and use CMTrace to open them, not Notepad. (Sorry Wally).

And in case your didn’t know, CMtrace is part of every client since SCCM 1806. No need to copy it during your task sequence or using a deployment/script.

Maintenance Tasks

Review your maintenance task on a regular basis. Is the setting you set 3 years ago still valid? Some SCCM upgrade can bring new maintenance tasks.

The most important part is the backup of your database. SCCM built-in task or an SQL backup is a debatable option. Some like the built-in one, other the SQL one, I like to recommend having either one of them and know the restore path of the one you decide. Make sure to monitor your backup tasks, a failing backup is like having no backup!

Modern Management

The buzz word of the moment. You need to go to Intune absolutely now! SCCM will be dead in a couple of years. Wrong!

However, Microsoft has announced that on September 1, 2019, they will retire the hybrid MDM service offering. If you have SCCM in Hybrid mode, plan your migration to Intune Standalone.

SCCM is not dead and it’s in better shape than ever. Just look at all the new features that get developed in each release. However, it would be wrong not to look at these new devices management possibility that Intune and Autopilot brings. Just keep an eye on these new technologies, enable co-management and start playing with it.

Attend Conferences

This is not really a best practice but it will help you learn a lot. Some of them are big events (Microsoft Ignite) but there are smaller events like the Minnesota Management Summit (MMS – not the Las Vegas one back in the days) that will allow to target your expertise a lot more and meet accessible experts and MVPs.

There are also new events organized by other groups like Modern Management Summit London 2018 organized by SCConfigMgr/TrueSec that are worth the price (FREE!) if you are in the region.

And there are many local groups that meet up on a regular basis which you can join if you are near them.

Use Social Media

Once again not a best practice but the SCCM community out there is awesome. Follow them on Twitter, read the Reddit SCCM Community, join Facebook, Linkedin and Slack groups.

On Twitter, follow the EMS MVP List which contains 64 MVPs.

This list could have go on for a while but i’ll stop there for now. Leave your tips and trick using the comment section.

15 Comments on “SCCM Best Practices (Tips and Tricks)”

  1. Pingback: Complete SCCM Installation Guide and Configuration

  2. This post is very amazing! Thank you Benoit and team!

    May I please ask more about “Do not use both Full and Incremental on the same collection”. Is there a document or post that further explains this?

    Thank you!

  3. While I appreciate the advice to “don’t use a CAS”, I’m designing a rollout where a I believe a CAS will be necessary. The client’s site is a open-cut mine in a remote moutain location in a 3rd world country. Connections range from 50Mbps fibre between the head office in town and up to the mine pit with an 8Mbps rendundant microwave link. There are various low bandwidth fibre and microwave links between the sites surrounding the mine itself. Distance between sites can be 500m to over 100km with an office in the nation’s capital (over 700km away) and a link back to a datacentre in Brisbane, Australia. The configuration I was going for is a PSS in the capital office, head office server room, Brisbane office, mine office and 3 other locations with a CAS at the HO. The reason I decided to include a CAS was to manage SCCM network traffic due to the low bandwidth of some of the links and also the more-than-you-would-think-necessary numbers of PSS I’m considering. This is also the same reason I had considered the number of PSS (up to 7), so there was less traffic traversing the wider network during the day. All major data transfers (updates, syncing, content management, etc…) will be done overnight to avoid congesting the links during the day. The reason I’ve gone for all Primary with no secondary site servers is for PXE and content management reasons, again to keep daily network as low as possible. I might be able to get away with using a cloud DP for a few of the smaller sites which will remove the need for 3 of the primary site servers.

    Now that I have hopefully sufficiently justified my use of a CAS, how do I go about actually setting one up? Also, do you agree with my reasoning and/or any suggestions you could make?

  4. dear sir
    I have some clients who need good sites so we have found your site which is good but our budget is not high so please give us your site with price ————
    we need dofollow link
    we will pay you through paypal
    need time for paying 3 to 4 days because only need verification from client

    you can trust on us because we will not cheat you as we receive payment from client we will forward you..


  5. Hi there –
    The link you have for “Configure IIS to stop recycling the App Pool” is dead. Are you able to link something relevant. Thanks

  6. I purchased the step by step installation guide but going to install current branch 1810 on server 2016. Is there any reccommendations you guys can give us on the differences between your guide and 1810? I know that is a very generic question. We are basically starting from scratch and I have been reading but don’t want to make any big mistakes.

  7. Recently, Mojang released the newest version of Minecraft for i – OS and Android platforms on November 18, 2011 through thee Mine – Con 2011 trade show.
    People love Minecraft due to tnree simplee things, ownership, repolayability
    and simple use. Thee Minecraft creatures
    are some of the mostt cucial popular features oof the
    action which makes itt mofe interactive, interesting and
    brimming with challenges.

  8. Very good list. Thank you. One more thing that may save people pain is don’t use IP subnets when configuring boundaries. It’s know to cause client connection issues.

  9. What about a recommendation for using IP helpers for PXE.

    The amount of customers I’ve gone to who are using DHCP scope options and wonder why they cannot Swap from BIOS to UEFI boot.

  10. Great list! However, I would reword the first paragraph in the SQL Co-Location section as it is a bit unclear:

    “DBAs like to have control and centralized databases as much as possible; *however, co-location* ensures better performance of your SCCM server.”

Leave a Reply