As a Analyst in IT Operations working his way up starting at the bottom you see a trend in the IT department where Server System Managers are treated higher and more important as the Desktop Managers. Well I am writing this to debunk this myth.
Your IT Operations SMS Admins are very important. Like in my past position I oversaw 7000 workstations in 8 different division, at home employees, resources in India, and mobile workers who only log onto the domain a couple times a month. Unfortunately we didn’t have the PKI infrastructure for Native support and we are running SCCM 2007 R3 SP2. Needless to say the server managers have all there end points / resources typically in a data center and/or network closet and which are on 24×7. So right there off the bat there systems stays contestant in location, and like in IT Operations there is a lot more turn over from a normal stand point. Server hardware rarely gets migrated to a new OS before its end of life cycle has been reached.
Role based servers in which access is highly restricted do not get used to browse the web. When servers are compromised it is mostly due brute attacks specifically targeted. IT Operations deals with each system that it supports. General employees are the biggest risk with dealing with IT Operations Systems Management.
The environment is ever changing and business needs never stay the same. If it is new software or the business thinking a specific group needs local administrative access to perform a job function. Did I mention developers are part of IT Operations. Supporting them is like teaching a infant how to talk. It is very difficult and are always thinking there job is the most important. Dealing with sensitive groups who expect yes on everything becomes difficult in trying to maintain a healthy IT Operations environment.
When IT Operations environment is fragmented and not centrally managed you cannot roam between boundaries, and dealing with the Active Directory group in a huge environment becomes ever more difficult. Now when you do have a centralized system, you have to make sure firewall ports are open for roaming end points to communicate with the local Management Point. Do you see where I am going with this. Challenges are not rare in IT Operations, and getting all the Business Groups with so called VIPs in them on the same page just makes it more difficult.
One day organizations will realize how important and difficult it is to manage desktops, laptops, mobile devices in changing environment.
Remember change is the only constant in this algorithm.
With works comes more projects. Mostly ones I think up my self. I created the SCCM Admin Helper App. As we had a delima at my organization. How can we allow our Analyst access to utilize SCCM but not worry about training costs and compromising the integrity of the environment .
Well, I went to the drawing board. In my brainstorms to come up with a solution that would not take up to much time. Well what I released was a VB.Net application that utilizes the SCCM databases and HTA scripts with VBScript to run WMI operations to update collections.
The problem with the application it takes some coding skills to configuring the application to your specific environment. I have released the project file.
I will not be making any updates to this application, as it was nice to have but I am currently in the works on making this application a PowerShell .Net Forms Application. It will be easily configurable for different SCCM environments. Relying on WMI data to run the app’s tasks.
Application / Security Requirements
- This application relies on Windows Integrated Login.
- Remote DCOM Access to your Primary Sites
- Read access on the primary sites’ DB’s advertisement view.
- .Net Framework 4 Client Profile
- SCCM Security Rights:
- Collection: Read and modify membership rights.
- Site: Read
You will need to configure the following in the project:
- Radio buttons for each primary site.
- The forms that read SQL you will need to configure the connection string in the form VB code.
- In the HTA scripts you need to configure the SCCM site name, site code, and in the re-image ones the collection ID you have configured for OSD.
- In the collection removal form you need to configure the values for the site’s NetBIOS name and site code.
Here are some screen shoots of the working application we use in our organization.
This is used by 40 plus help desk analysts in my organization. It has been a life savor for my partner and me. The best part was, I added a setup package built that and then sequenced it. Then distributed it through App-V. Sometimes if change is needed you have to force it on people. That saved us about a 100 emails a week.
If you need any help let me know and I will try to respond as fast as I can.
|SCCM Admin Helper v22.214.171.124
Hope you enjoy!
I have had the privilege of getting my hands on the SAPIEN PowerShell Studio 2012. Using SCCM-Commands on the backend is so easy. As a SCCM Administrator I have mostly focused right now on making my life easier on the job. Cutting all the unnecessary process I need to do manually. So if you are an SCCM Administrator and you love you some PowerShell than check this link out.
This is a great module.
Active Directory Stale Computer Report
I have created a nice PowerShell script to find your stale computer objects in Active Directory. With being a SCCM Administrator it is crucial you have a healthy AD environment.
Quest Active Directory CMDLET
.AD_StaleComputer_Cleanup.ps1 -DC “Domain Controller” -Old “PC Not logged in for X amount days” -Path “Path of the folder you want the report saved too”
.AD_StaleComputer_Cleanup.ps1 -DC “DCServer01” -Old 90 -Path “C:PathofFolder”