MCM Preparing your environment

Table of Contents

During preparation, it may be helpful to review the following pages and refer back to them during the on-boarding process as needed:

Preparing your clients and management environments

After the prerequisites have been completed and EPM has created your ITSO subscription, you can prepare your clients and environment for onboarding.

Group Policy

PolicyReason
AUSTIN-Certificates - Client Autoenroll

This instructs a client to enroll for a client authentication certificate to facilitate client authentication to Configuration Manager.

ITSY-Advanced Firewall - MEMCM

This creates an any-any firewall rule for the AUS-SCCM server on the client where this policy is applied.

  • This GPO isn't required but can help in Client Push deployments of the CM client to ITSO endpoints on campus.
  • Remove or modify any conflicting or superfluous GPOs.
  • Allow time for clients to get policy and apply it.
    NOTE: Off Campus clients will need to connect to the VPN to successfully apply group policy.

TSC Workstations

Install the Configuration Manager console onto a designated ITSO management server or onto ITSO workstations.

DescriptionPath
Console installer\\aus-sccm.austin.utexas.edu\sccmclient\console\consolesetup.exe

Configuration Manager subscription

In the Configuration Manager console the ITSO reviews subscription to ensure all computers in OU hierarchy have been discovered as unmanaged devices. Primary technical staff prepare subscription for client onboarding.  All subscription clients are included in default collections to enable a daily maintenance window from midnight to 6 am and Software Updates applicable to the installed Operating System and Office version.  Exceptions to this must be excluded from these collections.

  1. Identify systems that will be Non-Standard Clients and pre-stage them into appropriate collections.
    • The preferred option will be to define collections based on Active Directory OUs where possible, but other query-based definitions and direct membership rules can also be used.
    • Ensure these collections are included in the Non-Standard Clients Default Policy Exclusion collection.

  2. Review the default Client Settings and create additional Client Settings policy objects as desired.
    • The site wide Default Client Settings will work in most cases; however, a handful of settings may need to be tweaked for your environment. That is best determined during the on boarding interview with the EPM team, but for reference please see Client Settings for a brief overview of client settings.
    • Client Settings categories that should be specifically reviewed are:
      1. Client Cache settings that determine disk space required for application deployments.
      2. Computer Agent settings such as User Notification for application and update deployments.
      3. Computer Restart settings for application and update deployments that require a restart.

  3. Review the default Maintenance Window collection and create alternative Maintenance Windows for Non-Standard clients as desired. Supplemental Maintenance Windows for Standard Clients can also be created.  There are a range of collections already created with a range of maintenance windows to choose from as well.
    • Membership in collections with maintenance windows sets the daily installation window for software updates and other deployments.  Reminder: Maintenance Windows are cumulative.

  4. Ensure any alternate means for applying patches (if used) will not interfere with Configuration Manager patch deployments to Standard Clients.



Related Information


Search UT EPM Documentation
Get Help

EPM is available to IT Support Organizations (ITSOs) with any endpoint management questions. If you have a question about a specific endpoint client, please reach out to your local endpoint client support organization.

SERVICE STATUS

Planned Maintenance

  • ConfigMgr: Every Tuesday, from 6 a.m. – 10 a.m.
  • Jamf: Every Tuesday, from 8 a.m. – 12 p.m.

Related pages