Configuration Manager Maintenance Tasks

The beginning of the year is a great time to check your Configuration Manager (ConfigMgr / SCCM) environment to ensure that everything is working smoothly. We all know that we should be doing this every week or every month, but there never seems to be enough time. Day-to-day activities always seem to get in the way! In order to help SysAdmins out, Microsoft produced a guide that lists a number of ConfigMgr maintenance tasks. The guide is great, but I find that it doesn’t give enough detail.

Each year, instead, I refer to a list that I put together some time ago. My maintenance tasks list is designed to start at the top of the console and move down node by node. Recently, while performing these maintenance tasks for my lab, I noticed that Endpoint Analytics wasn’t setup, so guess what I did?! You can expect a blog post from me about how to setup Endpoint Analytics coming soon. I also asked my friend, Gary Blok, for his help with all things associated with operating system (OS) deployment. The result is a new section about OS tasks and a sprinkling of helpful tips and blog posts throughout this guide.

Keep in mind that these ConfigMgr maintenance tasks will take a good part of a day, or longer, to complete. This is especially true if you have a large environment. However, this is time well spent! These tests hopefully show that your environment is a good and healthy one. If it is not, then at least you know what you need to work on this year.

Note: some of the blog posts that I link to are for ConfigMgr/SCCM 2012, BUT they still apply for ConfigMgr / SCCM Current Branch.

Configuration Manager Maintenance Tasks Checklist

Assets and Compliance

Collections

• Open the All Systems collection and review the list of all computers WITHOUT the ConfigMgr / SCCM client installed. Chances are that you find at least one computer that should have the ConfigMgr / SCCM client installed that doesn’t.
• Review all collections; update query and schedule settings.
• Review maintenance windows on each collection.
• Remove unnecessary collections.
• Using CEViewer (found on your site server) review all your collections and adjust queries that are performing poorly.

Helpful Blog Posts

• Configuration Manager Collections and Collection Evaluation Viewer
• How to Fix a Poorly Written WQL Query
• Collection Evaluation Viewer and Certificate Chain

Asset Intelligence

• Review and confirm your asset intelligence (AI) inventory classes.
• Confirm that your AI sync point ran recently.

Helpful Blog Posts

• How to Setup, Configure and Use SCCM’s Asset Intelligence
• How to Query Asset Intelligence for Top Console User Details

Software Metering

• Review and update your software metering (SWM) rules.
• Remove any unnecessary rules.

Helpful Blog Posts

• Cleaning-up Software Metering Rules
• Disabled Software Metering Rules Are a Good Thing!

Compliance Setting

• Review and update your Configuration Items (CI) and Configuration Baselines.
• Remove any unnecessary CI or baselines.

Helpful Blog Posts

• Configuration Baseline Remediation – Configuration Item
• Configuration Baseline Remediation – How to Create the Baseline

Endpoint Protection

• Review and update your anti-malware policies.
• Review and update your Windows Defender firewall policies.
• Review and update your Windows Defender ATP policies.

Helpful Blog Posts

• Configuration Manager 2012 and Anti-Virus Software Exclusions for Workstations
• Configuration Manager 2012 and Anti-Virus Software Exclusions for Site Servers
• Configuration Manager, Endpoint Protection and Hyper-V
• Reducing the Effects of Endpoint Protection on Hyper-V Server Performance
• How to Create an Anti-Malware Policy for Endpoint Protection

Recast Software

• Ensure that you have upgraded to the latest version of Recast’s Right-Click Tools.

HELPFUL BLOG POSTS

• What’s New in Right Click Tools 4.8 Community Edition
• Endpoint Insights is Information
• Download the Free Version of Right Click Tools

Software Library

Applications and Deployments

• Review all of your applications/packages and deployments. This might mean that you need to review your collections too.
• Remove any unnecessary applications/packages and their respective deployments.

Helpful Blog Posts

• Configuration Manager Deployment Test #1
• Configuration Manager Deployment Test #2
• Using a SQL Server Query to Create a PowerShell Script

Software Updates

• Review and adjust any software update (SU) groups and Automatic Deployment Rules (ADR).
• Review and adjust any SU deployment groups or packages.
• Remove any unused SU groups.
• Remove any unused SU packages.

Later down on the checklist, I ask you to review what SUs are being scanned.

HELPFUL BLOG POSTS

• How to Determine What Software Updates Are Required within Configuration Manager
• Install Software Updates
• Is There an Easy Way to Manage Windows Updates with ConfigMgr?

Operating Systems

• Review and update operating system (OS) objects: driver packages, OS images (this might also be a good time to ensure that your base OS image has all SUs applied to it, boot images, and task sequences (TS).
• Operating System and Upgrade Package Maintenance
• Remove any unnecessary OS upgrade or OS deployment packages.
• Update your OS upgrade or deployment packages.
  • Download the latest version of the OS you’re deploying from Volume Licensing Service Center (VLSC); Microsoft will randomly upload newer media.
  • Service the OS with the built-in tool, or community tools like OSD Builder and WIMWitch.
  • Regression test all your supported hardware models.
• Remove any unnecessary driver packages.
• Run a query to see what models are in your environment to see what models you still need to support.
• Remove any unwanted task sequences.
• Optimize Task Sequences
  • Convert large, embedded PowerShell scripts to PowerShell script FILES and place in a package (this reduces policy bloat).
  • Remove support for old models.

HELPFUL BLOG POSTS

• OSD Builder
• WIMWitch
• Models Support Tips

Windows Servicing

• Review Windows 10 / Windows 11 updates.
• Review and update service plans.
• Review and update Windows Update for Business policies.

HELPFUL BLOG POSTS

• How to Update Devices to Windows 11 with Right Click Tools

Endpoint Analytics Services

• Review, and more importantly, install Endpoint Analytics. As I mentioned earlier, you can expect a blog post from me on how to do that coming soon.

Office 365 Client Management

-Review and adjust any Office 365 SUs.

HELPFUL BLOG POSTS

• Office 365 Deployment Series with MEMCM – Enterprise Deployment Lessons Learned Part 1 – Content
• Office 365 Deployment Series with MEMCM – Enterprise Deployment Lessons Learned Part 2 – Changing Channels

Scripts

• Review and delete scripts that are no longer needed!

Monitoring

Alerts

• Review all Active Alerts.
• Review and adjust all alert subscriptions.

Queries

• Review and remove unused queries.

Reporting

• Review custom reports.
• Review subscriptions.

Site Hierarchy

• Review your Site Status and Component Status.
• Review your Conflicting Records under Site Status.

Deployment

• Take a quick look at the Deployment status; ensure that the results are what you are expecting.

Phased Deployments

• Take a quick look at the Phased Deployment status; ensure that the results are what you are expecting.

Client Operations

• Take a quick look at the Phased Deployment status; ensure that the results are what you are expecting.

Script Status

• Take a quick look at the Script Status; ensure that the results are what you are expecting.

Client Status

• Take a look at the Client Health Status. Fix any issues.

Database Replication

• Take a quick look at the Database Replication status, if applicable; ensure the results are what you are expecting.

Distribution Status

• Closely review your Content Status and make sure that your compliance level is 100% for all packages. If not, find out why it isn’t.

Software Update Point Synchronization

• Review your Software Update Point Synchronization Status.

Site Server Status

• Review your Site Server Status.

Update and Servicing Status

• Review your Update and Servicing Status.

Security

• Review the Security Dashboard and take appropriate action, if necessary.
• Review the Endpoint Protection Status and take appropriate action, if necessary.
• Review the Health Attestation and take appropriate action, if necessary.
• Review the Microsoft Defender ATP Status and take appropriate action, if necessary.
• Review the Mobile Threat Defense Status and take appropriate action, if necessary.

Collection Evaluation

• This node is great for finding collections with long execution time.

Scenario Health

• This node is showing you the overall health for a few of the more hidden items within MEMCM. For example, SQL Server service broker health.
• Review each of the remaining nodes:
  • Compliance Policies
  • Upgrade Readiness
  • Co-Management
  • Surface Devices
  • Cloud Management
  • Package Conversion Status
  • Scenario Health

Administration

Updates and Servicing (ConfigMgr/SCCM/MEMCM Current Branch only)

• Ensure that the latest updates are applied.

Hierarchy and Configuration

• Review and adjust Discovery Methods.
• Review and adjust Boundaries.
• Review and adjust Boundary Groups.
• Review and adjust Exchange Server Connections.
• Review and adjust Database Replication.
• Review and adjust File Replication.
• Review and adjust Active Directory Forest settings.

Cloud Services

• Review the Cloud Services node items.

Site Configuration

• Review all of the ConfigMgr/SCCM/MEMCM maintenance tasks in the Microsoft guide.
• Review all of the Site Roles.
• Review what SUs, products and classifications are being scanned.
• Review Diagnostics and Usage Data settings.
• Review Client Approval and Conflicting Records settings.
• Review Client Upgrade settings.
• Review WSUS Maintenance settings!!! This is a fairly new setting, so double-check this one.

Client Settings

• Review and adjust, if necessary, the client settings.

Helpful Blog Posts

• Configuration Manager Inventory Cycle Test Procedures
• Configuration Manager Inventory Cycle Recommendations

Security

• Review and adjust, if necessary, Administrative Users.
• Review and adjust, if necessary, Security Roles.
• Review the accounts within the Accounts node.
• Remove any unnecessary Accounts.

Helpful Blog Posts

• Setting Up Security for SCCM Power BI Reports
• How to Create a SCCM Report Reader AD Security Group and Import the Security Role

Distribution Point and Distribution Point Groups

• Review Distribution Points.
• Review and adjust, if necessary, Distribution Point Groups.

Configuration Manager Servers

• On each ConfigMgr/SCCM/MEMCM server within your environment:
  • Logon to each server.
  • Check the Event Viewer for any issues.
  • Check the free space on all drives.
  • Review the ConfigMgr/SCCM/MEMCM log files.

SQL Servers

• On each SQL Server within your ConfigMgr/SCCM/MEMCM environment:
• Logon to each server.
• Check the Event Viewer for any issues.
• Check the free space on all drives.
• Review the ConfigMgr/SCCM/MEMCM and SQL Server log files.
• Review and adjust the SQL Server backup, if necessary.
• Ensure that SQL Server re-indexing is done either by ConfigMgr/SCCM/MEMCM maintenance tasks or a SQL Server job. See the installation guide to Ola Hallengren’s SQL Server Maintenance Solution (link below) for more details.
• Ensure that the SQL Server database has defined size limits.
• Check that you are backing-up SSRS reports.
• Ensure that your SSRS database is configured for simple logging.

Helpful Blog Posts

• Installation Guide to Ola Hallengren’s SQL Server Maintenance Solution
• How to Define the Size of a SQL Server Database
• How Do You Backup All of Your Custom ConfigMgr Reports?
• Never Leave Your SQL Server Database in Full Recovery Model without a Backup

WSUS Servers

• On each WSUS server within your ConfigMgr/SCCM/MEMCM environment:
  • Logon to each server.
  • Check the Event Viewer for any issues.
  • Check the free space on all drives.
  • Review the ConfigMgr/SCCM/MEMCM and WSUS log files.
  • Review and adjust the SQL Server backup, if necessary.

HELPFUL BLOG POSTS

• Latest Software Maintenance Script: Making WSUS Suck Slightly Less
• What’s SUP???

Once I finish checking WSUS, I am at the end of my maintenance tasks review. I know that there are many more helpful posts out there, so tell me which ones you use to check your Configuration Manager environment. I will review them and then add them to this list!

If you have any questions about these ConfigMgr / SCCM maintenance tasks, please feel free to contact me @GarthMJ.