You’ve come to the end of this book. You now know everything there is to know about Configuration Manager, and there’s nothing anyone else can teach you.
Did you spot the glaring inaccuracies in the previous statement? Good! ConfigMgr is as big as you care to make it, and there’s always more to learn. As you wrap up this phase of learning, this last chapter offers some direction on where you can go next to accelerate your progress toward becoming a ConfigMgr guru.
Many of the topics covered throughout this book have more-advanced applications that I’d have loved to have covered. But if I’d written everything I wanted to, the book would be twice as long and you’d get lower back strain from lugging it around.
The lab environment you’ve created has built the foundation for you to tackle more-advanced ConfigMgr functionality. Here’s a list of projects to get you started—each of these is involved and requires a fair amount of research and learning, but all are worth your while.
Your lab is a relatively simple one, with a single server servicing a single IP subnet. In more-complicated environments, you’re likely to have many disparate subnets across geographical regions, and these often need dedicated ConfigMgr services. Try extending your lab environment by doing the following:
2. Use the ConfigMgr console to install the distribution point role on the remote server.
3. Distribute some content to the remote DP only, and make sure that your managed client can access it.
In your ConfigMgr lab, all the server roles (distribution point, management point, and so forth) communicate by using unencrypted HTTP. That’s fine for labs and many small ConfigMgr environments, but at times you need to use HTTPS, which requires SSL certificates issued by an internal certificate authority. The certificate requirements for ConfigMgr are well documented, and ConfigMgr supports a mix of both HTTP- and HTTPS-based roles. Try enabling HTTPS in your ConfigMgr environment:
1. DC01 already has the necessary Active Directory Certificate Services roles installed, so you have a certificate authority ready to go.
2. Read the step-by-step TechNet article on creating the certificates necessary to support ConfigMgr (https://technet.microsoft.com/en-us/library/gg682023.aspx).
3. Add the correct certificates to the IIS server and distribution point roles on CM01, and use Sites > Site Configuration > Client Computer Communication to configure HTTPS communication.
4. Deploy a client certificate to a managed client (for example, CLIENT01), restart the ConfigMgr client, and then check the properties to make sure that the client is now using a PKI certificate (HTTPS).
If the idea of another distribution point in your environment doesn’t appeal to you, put one in the cloud! ConfigMgr has the ability to talk with your Microsoft Azure subscription to provision DPs that your managed clients can talk to. Sign up for a trial Azure subscription and use the ConfigMgr console to deploy a new cloud DP:
1. Sign up at https://azure.microsoft.com.
2. Use Administration > Cloud Services > Cloud Distribution Point to create a cloud DP in your Azure trial.
3. Create an application with a small payload (for example, 7-Zip) and distribute the content to the cloud DP.
4. Enable client settings to allow clients to access content from cloud DPs.
5. Monitor the DataTransferService.log on the client to ensure that the content is being downloaded from Azure.
The ConfigMgr database can be a sensitive beast, and if it’s allowed to become unhealthy, you’re in all sorts of trouble. Responsibility for the database may fall to a dedicated DBA team, but if not them, it’s up to you to take control. The first stop is the latest MaintenanceSolution.sql script by Ola Hallengren (https://ola.hallengren.com/); get this configured on your ConfigMgr database server and configure the IndexOptimize, DatabaseIntegrityCheck, and DatabaseBackup jobs. Then sign up for Brent Ozar’s First Responder Kit (www.brentozar.com/first-aid/) and check out the contents—particularly sp_Blitz. These guys have done the hard work for you, and their expertise will kick-start your SQL learning.
ConfigMgr enables fine-grained configuration of your managed clients, including deploying certificate profiles so that they have the right trusted certificates and Wi-Fi profiles so that they’ll always be able to connect to the corporate network; and VPN profiles so that your users can always connect back to base. This is much better than having to push out Group Policy–or script-based configuration. If you’re feeling brave, try setting up Network Device Enrollment Service (NDES) and a VPN in your lab and deploy the profiles with ConfigMgr (lots of reading about this on TechNet right here: https://technet.microsoft.com/en-au/library/dn261205.aspx).
ConfigMgr admins are fortunate, in that the product has attracted many clever people who give of their time to publish what they learn. There are too many out there to list them all, but here are the core resources that I strongly recommend you keep a close eye on:
Don’t be reluctant to reach out to individuals within the ConfigMgr community. All of them are active on social media and are happy to give you some ideas or introduce you to someone who can. We’re nice—really!
Well done for reaching the end of this book and for not turning up at my house to hit me over the head with it. Best of luck in your adventures in ConfigMgr.
18.118.227.69