GT-SCCM Onboard/Environment Overview Page 1
Server Information: Name: GT-SCCM.ad.gatech.edu IP: 130.207.162.14 Site Code for SCCM: GTS SCCM Version: 1802 Firewall Information: If you are planning on using a local console, there is a preconfigured Audience Group titled GT-SCCM- Console and your IP will need to be added. There is a Port Groups called OIT-SCCM-tcp and OIT-SCCM-udp that need to be opened to 130.207.162.14 GPO: There is a GPO called _Campus-SCCM Client Install GTS that will convert any clients to the new Site Code and server. Access: From Mycloud, there is a Published App called GT-SCCM. (Eventually, the Console on the CSR Console will be replaced but it will remain connected to Guide.ad.gatech.edu until it is no longer needed) If local console is desired, the newest console install can be found at \\gt-sccm\console. Alternatively, you can upgrade your existing console to match the new 1802 version. Client Installation or Upgrade: To install the client on machines there are a few different options: Manual: Navigate to \\gt-sccm\clinet Installation\Client-BIN, copy the SCCM 1802 folder local to the machine and run either the SCCM-Install Clean or SCCM-Install Existing Client BAT files depending on the machine s status. Client Push: If you do not have a client installed on the machine, you can push the client from the new Site to your collection(s). Upgrading existing clients: Use the GPO above on an OU to have the client Site Code and Server info switched to the new Site. Page 2
Client Health Script: There is a utility called Client Health Script that will analyze the current status of the client installed and will attempt to correct any issues. It will set Site Code, Overview SCCM is the tool that will be used going forward for Asset Management, Inventory, Compliance, Software and OS Patching, Reporting and many other uses. SCCM works using two main pieces, the Server hosting SCCM and the client installed on the machines being managed. The communication works using a push process where the action is initiated from the SCCM Server, the Client sends an evaluation update to the server and receives any updates that have been pushed. SCCM is not an ondemand service as it relies on the client communicating back for any action to be completed. Assets and Compliance This area is where all User and Device information is stored, where Devices, Device and User Collections and Endpoint Protection are managed. This is also where, Asset Intelligence/Software Metering and Compliance Settings are configured. Software Library Software Library contains all Application Management (Applications and Packages), Software Updates, Operating Systems and Windows 10 Servicing. Monitoring Monitoring is where Alerts are configured, Reporting is managed and used, Deployments are monitored and several other Status are displayed for Clients, Distribution, Security, etc. Administration This is where the Site is configured. All Hierarchy, Cloud, Site and Security is configured through this portal. Getting Started Whether converting from Landesk or starting anew, follow the below steps to start the process of endpoint administration with SCCM. Note: Most Campus Units already have their Administration Group and Device Collections pre-created. If this is not true for your unit, please contact the Endpoint team for assistance. Administration If one doesn t exist already, the first step to building and managing a collection will be the creation of the administrative group account that will contain all members of the managing group. Please contact the SCCM Endpoint Team to have this group account created and all necessary members imported into Page 3
the group. Once the administrative group is set, the next step is to have a Security Scope created for the group and Security Roles applied to the group. All of these steps will be handled by the Endpoint Team. Device Collection The next step is to have the Device Collection created for the unit. There is already a default structure for the subfolders but the Group Name can be selected at creation. There will also be a default Device Collection of Group All Systems that will be pre-created which will pull in ALL systems that will be managed under the Group. From here, other Device Collections may be created as desired for management. To create a Device Collection, follow the below steps: 1) Navigate to Assets and Compliance, expand Device Collections and find the folder for your unit. Page 4
2) If desired, right click the unit folder and select Folder > Create Folder. Otherwise, right click the desired unit folder and select Create Device Collection 3) Give the Device Collection a name (Preferably, with the unit prefix (OIT, EBB, CoE-CHBE)) and brief description in the Comment area. 4) The Limiting Collection is the Parent Collection this new Device Collection will pull its membership from. If this is your initial Device Collection, set the limiting collection to Root > All Page 5
Systems, otherwise, navigate to your unit folder and set the limiting collection to the All Systems Collection for your unit and click Next. 5) For Membership Roles, there are a few options to define what machines are desired for the collection. Click Add Rule dropdown and select one of the following: a. Direct Rule This option will allow for selecting machines based upon certain Attributes pulled from Active Directory. For a specific machine, Name is used to filter upon the Limiting Collection selected in step 1. b. Query Rule This rule allows for a broader sweep through the Limiting Collection. To create a query, first input a name, then select Edit Query Statement. In the next window select the Criteria Tab and click the Criterion Properties orange sun icon. Page 6
For the Criterion Properties, click the Select button and set your attributes. There are a multitude of attributes but as an example, if OU is desired, select System Resource for Attribute Class, System OU Name for Attribute and click Value to find the desired OU. c. Device Category This is for Intune management of MDM devices and we have not rolled this out yet. d. Include/Exclude Collections Exactly what the name says. Include or Exclude based upon existing collections. 6) Back in the Membership Rules main window, be sure to select the schedule for a full update on the collection. This will rerun the Query Rules defined and collect any new members or remove anything that doesn t exist any longer. Page 7
Client Settings Client Settings are all the settings available for the client that is installed on every managed endpoint. There is a Default Client Setting that gets applied globally but if any of the Default Settings are not desired, it can be over written with a higher priority Client Setting. For example, the Default Client Settings setting has a priority of 10,000 and there is an OIT AI Client Setting #001 with a priority of 10. If there are ANY conflicting settings, OIT AI Client Setting #001 will take priority. Along the same lines, if there are any settings that are configured in one client setting but not the other, they will be combined and applied together. Note: The Default Client Setting was configured using recommendations from the Endpoint Working group and guidance from the Endpoint Steering Committee. These are basic default settings but if any of the defaults are not preferred, create a new Client Setting for your unit to override. The highest priority Client Setting applied to your collection takes priority over any settings that are lower. To create a Client Setting for your Unit: 1) Navigate to Administration > Client Settings and click Create Custom Client Device Setting. 2) Using the defined Naming Convention (Unit Abbreviation-Description) give a detailed Name and Description for the Setting. Page 8
3) Use the below link to find what each of the different Settings affect: https://docs.microsoft.com/en-us/sccm/core/clients/deploy/about-client-settings 4) Please leave the priority level 1-10 vacant. Page 9