Configuration Manager Maintenance Tasks

The beginning of the year is a great time to check your Configuration Manager (ConfigMgr/SCCM/MEMCM) environment to ensure that everything is working smoothly. We all know that we should be doing this every week or every month, but there never seems to be enough time. Day-to-day activities always seem to get in the way! In order to help us ConfigMgr admins out, Microsoft produced a guide that lists a number of ConfigMgr maintenance tasks. The guide is great, but I find that it doesn’t give enough detail.

Each year, instead, I refer to a list that I put together some time ago. My maintenance tasks list is designed to start at the top of the console and move down node by node. Recently, while performing these maintenance tasks for my lab, I noticed that Desktop Analytics wasn’t setup, so guess what I did?! You can expect a blog post from me about how to setup Desktop Analytics coming soon.

Keep in mind that these ConfigMgr maintenance tasks will take a good part of a day, or longer, to complete. This is especially true if you have a large environment. However, this is time well spent! These tests hopefully show that your environment is a good and healthy one. If it is not, then at least you know what you need to work on this year.

Note: some of the blog posts that I link to are for ConfigMgr/SCCM 2012 BUT they still apply for ConfigMgr/SCCM/MEMCM Current Branch.

Maintenance Tasks - Long List

Configuration Manager Maintenance Tasks Checklist

Assets and Compliance

Collections

-Open the All Systems collection and review the list of all computers WITHOUT the ConfigMgr/SCCM/MEMCM client installed. Chances are that you find at least one computer that should have the ConfigMgr/SCCM/MEMCM client installed that doesn’t.
-Review all collections; update query and schedule settings.
-Review maintenance windows on each collection.
-Remove unnecessary collections.
-Using CEViewer (found on your site server) review all of your collections and adjust queries that are performing poorly.

Helpful Blog Posts

Configuration Manager Collections and Collection Evaluation Viewer

How to Fix a Poorly Written WQL Query

Collection Evaluation Viewer and Certificate Chain

Asset Intelligence

-Review and confirm your asset intelligence (AI) inventory classes.
-Confirm that your AI sync point ran recently.

Helpful Blog Posts

How to Setup, Configure and Use SCCM’s Asset Intelligence

How to Query Asset Intelligence for Top Console User Details

Software Metering

-Review and update your software metering (SWM) rules.
-Remove any unnecessary rules.

Helpful Blog Posts

Cleaning-up Software Metering Rules

Disabled Software Metering Rules Are a Good Thing!

Compliance Setting

-Review and update your Configuration Items (CI) and Configuration Baselines.
-Remove any unnecessary CI or baselines.

Helpful Blog Posts

Configuration Baseline Remediation – Configuration Item

Configuration Baseline Remediation – How to Create the Baseline

Endpoint Protection

-Review and update your anti-malware policies.
-Review and update your Windows Defender firewall policies.
-Review and update your Windows Defender ATP policies.

Helpful Blog Posts

Configuration Manager 2012 and Anti-Virus Software Exclusions for Workstations

Configuration Manager 2012 and Anti-Virus Software Exclusions for Site Servers

Configuration Manager, Endpoint Protection and Hyper-V

Reducing the Effects of Endpoint Protection on Hyper-V Server Performance

How to Create an Anti-Malware Policy for Endpoint Protection

Software Library

Applications and Deployments

-Review all of your applications/packages and deployments. This might mean that you need to review your collections too.
-Remove any unnecessary applications/packages and their respective deployments.

Helpful Blog Posts

Configuration Manager Deployment Test #1

Configuration Manager Deployment Test #2

Using a SQL Server Query to Create a PowerShell Script

License Information for Store Apps

-Review and adjust your licenses.

Software Updates

-Review and adjust any software update (SU) groups and Automatic Deployment Rules (ADR).
-Review and adjust any SU deployment groups or packages.
-Remove any unused SU groups.
-Remove any unused SU packages.

Later down on the checklist, I ask you to review what SUs are being scanned.

Operating Systems

-Review and update any operating system (OS) objects: driver packages, OS images (this might also be a good time to ensure that your base OS image has all SUs applied to it), boot images, and task sequences (TS).
-Remove any unnecessary WIMs.
-Remove any unnecessary driver packages.
-Remove any unwanted TS.

Windows 10 Servicing

-Review Windows 10 updates.
-Review and update service plans.
-Review and update Windows Update for Business policies.

Desktop Analytics Services

-Review, and more importantly, install Desktop Analytics. As I mentioned earlier, you can expect a blog post from me on how to do that coming soon.

Office 365 Client Management

-Review and adjust any Office 365 SUs.

Scripts

-Review and delete scripts that are no longer needed!

Maintenance Tasks - Checklist

Monitoring

Alerts

-Review all Active Alerts.
-Review and adjust all alert subscriptions.

Queries

-Review and remove unused queries.

Reporting

-Review custom reports.
-Review subscriptions.

Site Hierarchy

-Review your Site Status and Component Status.
-Review your Conflicting Records under Site Status.

Deployment

-Take a quick look at the Deployment status; ensure that the results are what you are expecting.

Phased Deployments

-Take a quick look at the Phased Deployment status; ensure that the results are what you are expecting.

Client Operations

-Take a quick look at the Phased Deployment status; ensure that the results are what you are expecting.

Script Status

-Take a quick look at the Script Status; ensure that the results are what you are expecting.

Database Replication

-Take a quick look at the Database Replication status, if applicable; ensure the results are what you are expecting.

Distribution

-Closely review your Content Status and make sure that your compliance level is 100% for all packages. If not, find out why it isn’t.

Software Update Point Synchronization

-Review your Software Update Point Synchronization Status.

Site Server Status

-Review your Site Server Status.

Update and Servicing Status

-Review your Update and Servicing Status.

Security

-Review the Security Dashboard and take appropriate action, if necessary.

-Review the Endpoint Protection Status and take appropriate action, if necessary.

-Review the Health Attestation and take appropriate action, if necessary.

-Review the Microsoft Defender ATP Status and take appropriate action, if necessary.

-Review the Mobile Threat Defense Status and take appropriate action, if necessary.

-Review each of the remaining nodes:

· Compliance Policies

· Upgrade Readiness

· Co-Management

· Surface Devices

· Cloud Management

· Package Conversion Status

Maintenance Tasks - Check Mark

Administration

Updates and Servicing (ConfigMgr/SCCM/MEMCM Current Branch only)

-Ensure that the latest updates are applied.

Hierarchy and Configuration

-Review and adjust Discovery Methods.
-Review and adjust Boundaries.
-Review and adjust Boundary Groups.
-Review and adjust Exchange Server Connections.
-Review and adjust Database Replication.
-Review and adjust File Replication.
-Review and adjust Active Directory Forest settings.

Cloud Services

-Review the Cloud Services node items.

Site Configuration

-Review all of the ConfigMgr/SCCM/MEMCM maintenance tasks in the Microsoft guide.
-Review all of the Site Roles.
-Review what SUs, products and classifications are being scanned.
-Review Diagnostics and Usage Data settings.
-Review Client Approval and Conflicting Records settings.
-Review Client Upgrade settings.
-Review WSUS Maintenance settings!!! This is a fairly new setting, so double-check this one.

Client Settings

-Review and adjust, if necessary, the client settings.

Helpful Blog Posts

Configuration Manager Inventory Cycle Test Procedures

Configuration Manager Inventory Cycle Recommendations

Security

-Review and adjust, if necessary, Administrative Users.
-Review and adjust, if necessary, Security Roles.
-Review the accounts within the Accounts node.
-Remove any unnecessary Accounts.

Helpful Blog Posts

Setting Up Security for SCCM Power BI Reports

How to Create a SCCM Report Reader AD Security Group and Import the Security Role

Distribution Point and Distribution Point Groups

-Review Distribution Points.
-Review and adjust, if necessary, Distribution Point Groups.

Configuration Manager Servers

On each ConfigMgr/SCCM/MEMCM server within your environment:
-Logon to each server.
-Check the Event Viewer for any issues.
-Check the free space on all drives.
-Review the ConfigMgr/SCCM/MEMCM log files.

SQL Servers

On each SQL Server within your ConfigMgr/SCCM/MEMCM environment:
-Logon to each server.
-Check the Event Viewer for any issues.
-Check the free space on all drives.
-Review the ConfigMgr/SCCM/MEMCM and SQL Server log files.
-Review and adjust the SQL Server backup, if necessary.
-Ensure that SQL Server re-indexing is done either by ConfigMgr/SCCM/MEMCM maintenance tasks or a SQL Server job. See the installation guide to Ola Hallengren’s SQL Server Maintenance Solution (link below) for more details.
-Ensure that the SQL Server database has defined size limits.
-Check that you are backing-up SSRS reports.
-Ensure that your SSRS database is configured for
simple logging.

Helpful Blog Posts

Installation Guide to Ola Hallengren’s SQL Server Maintenance Solution

How to Define the Size of a SQL Server Database

How Do You Backup All of Your Custom ConfigMgr Reports?

Never Leave Your SQL Server Database in Full Recovery Model without a Backup

WSUS Servers

On each WSUS server within your ConfigMgr/SCCM/MEMCM environment:
-Logon to each server.
-Check the Event Viewer for any issues.
-Check the free space on all drives.
-Review the ConfigMgr/SCCM/MEMCM and WSUS log files.
-Review and adjust the SQL Server backup, if necessary.

Maintenance Tasks - Site Maintenance

Once I finish checking WSUS, I am at the end of my maintenance tasks review. I know that there are many more helpful posts out there, so tell me which ones you use to check your Configuration Manager environment. I will review them and then add them to this list!

If you have any questions about these ConfigMgr/SCCM/MEMCM maintenance tasks, please feel free to contact me @GarthMJ.

Leave a Comment