MCM Preparing your environment
- Katelyn Russell
- Daniel Vega
During preparation, it may be helpful to review the following pages and refer back to them during the on-boarding process as needed:
Preparing your clients and management environments
After the prerequisites have been completed and EPM has created your ITSO subscription, you can prepare your clients and environment for onboarding.
Group Policy
Policy | Reason |
---|---|
AUSTIN-Certificates - Client Autoenroll | This instructs a client to enroll for a client authentication certificate to facilitate client authentication to Configuration Manager. |
ITSY-Advanced Firewall - MEMCM | This creates an any-any firewall rule for the AUS-SCCM server on the client where this policy is applied.
|
- Remove or modify any conflicting or superfluous GPOs.
- Allow time for clients to get policy and apply it.
NOTE: Off Campus clients will need to connect to the VPN to successfully apply group policy.
TSC Workstations
Install the Configuration Manager console onto a designated ITSO management server or onto ITSO workstations.
Description | Path |
---|---|
Console installer | \\aus-sccm.austin.utexas.edu\sccmclient\console\consolesetup.exe |
Configuration Manager subscription
In the Configuration Manager console the ITSO reviews subscription to ensure all computers in OU hierarchy have been discovered as unmanaged devices. Primary technical staff prepare subscription for client onboarding. All subscription clients are included in default collections to enable a daily maintenance window from midnight to 6 am and Software Updates applicable to the installed Operating System and Office version. Exceptions to this must be excluded from these collections.
- Identify systems that will be Non-Standard Clients and pre-stage them into appropriate collections.
- The preferred option will be to define collections based on Active Directory OUs where possible, but other query-based definitions and direct membership rules can also be used.
- Ensure these collections are included in the Non-Standard Clients Default Policy Exclusion collection.
- Review the default Client Settings and create additional Client Settings policy objects as desired.
- The site wide Default Client Settings will work in most cases; however, a handful of settings may need to be tweaked for your environment. That is best determined during the on boarding interview with the EPM team, but for reference please see Client Settings for a brief overview of client settings.
- Client Settings categories that should be specifically reviewed are:
- Client Cache settings that determine disk space required for application deployments.
- Computer Agent settings such as User Notification for application and update deployments.
- Computer Restart settings for application and update deployments that require a restart.
- Review the default Maintenance Window collection and create alternative Maintenance Windows for Non-Standard clients as desired. Supplemental Maintenance Windows for Standard Clients can also be created. There are a range of collections already created with a range of maintenance windows to choose from as well.
- Membership in collections with maintenance windows sets the daily installation window for software updates and other deployments. Reminder: Maintenance Windows are cumulative.
- Membership in collections with maintenance windows sets the daily installation window for software updates and other deployments. Reminder: Maintenance Windows are cumulative.
- Ensure any alternate means for applying patches (if used) will not interfere with Configuration Manager patch deployments to Standard Clients.
Related Information
-
Page:
-
Page:
-
Page:
-
Page:
-
Page:Managing Defender Policies (Endpoint Management)
-
Page:
EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization.
Welcome to the University Wiki Service! Please use your IID (yourEID@eid.utexas.edu) when prompted for your email address during login or click here to enter your EID. If you are experiencing any issues loading content on pages, please try these steps to clear your browser cache.