Chapter 22. All engines full steam ahead

You’ve come to the end of this book. You now know everything there is to know about Configuration Manager, and there’s nothing anyone else can teach you.

Did you spot the glaring inaccuracies in the previous statement? Good! ConfigMgr is as big as you care to make it, and there’s always more to learn. As you wrap up this phase of learning, this last chapter offers some direction on where you can go next to accelerate your progress toward becoming a ConfigMgr guru.

22.1. Advanced ConfigMgr projects

Many of the topics covered throughout this book have more-advanced applications that I’d have loved to have covered. But if I’d written everything I wanted to, the book would be twice as long and you’d get lower back strain from lugging it around.

The lab environment you’ve created has built the foundation for you to tackle more-advanced ConfigMgr functionality. Here’s a list of projects to get you started—each of these is involved and requires a fair amount of research and learning, but all are worth your while.

22.1.1. More infrastructure

Your lab is a relatively simple one, with a single server servicing a single IP subnet. In more-complicated environments, you’re likely to have many disparate subnets across geographical regions, and these often need dedicated ConfigMgr services. Try extending your lab environment by doing the following:

1.  Provision another domain-joined Windows Server instance.

2.  Use the ConfigMgr console to install the distribution point role on the remote server.

3.  Distribute some content to the remote DP only, and make sure that your managed client can access it.

22.1.2. Use HTTPS

In your ConfigMgr lab, all the server roles (distribution point, management point, and so forth) communicate by using unencrypted HTTP. That’s fine for labs and many small ConfigMgr environments, but at times you need to use HTTPS, which requires SSL certificates issued by an internal certificate authority. The certificate requirements for ConfigMgr are well documented, and ConfigMgr supports a mix of both HTTP- and HTTPS-based roles. Try enabling HTTPS in your ConfigMgr environment:

1.  DC01 already has the necessary Active Directory Certificate Services roles installed, so you have a certificate authority ready to go.

2.  Read the step-by-step TechNet article on creating the certificates necessary to support ConfigMgr (https://technet.microsoft.com/en-us/library/gg682023.aspx).

3.  Add the correct certificates to the IIS server and distribution point roles on CM01, and use Sites > Site Configuration > Client Computer Communication to configure HTTPS communication.

4.  Deploy a client certificate to a managed client (for example, CLIENT01), restart the ConfigMgr client, and then check the properties to make sure that the client is now using a PKI certificate (HTTPS).

22.1.3. Go to the cloud

If the idea of another distribution point in your environment doesn’t appeal to you, put one in the cloud! ConfigMgr has the ability to talk with your Microsoft Azure subscription to provision DPs that your managed clients can talk to. Sign up for a trial Azure subscription and use the ConfigMgr console to deploy a new cloud DP:

1.  Sign up at https://azure.microsoft.com.

2.  Use Administration > Cloud Services > Cloud Distribution Point to create a cloud DP in your Azure trial.

3.  Create an application with a small payload (for example, 7-Zip) and distribute the content to the cloud DP.

4.  Enable client settings to allow clients to access content from cloud DPs.

5.  Monitor the DataTransferService.log on the client to ensure that the content is being downloaded from Azure.

22.1.4. Take control of your database

The ConfigMgr database can be a sensitive beast, and if it’s allowed to become unhealthy, you’re in all sorts of trouble. Responsibility for the database may fall to a dedicated DBA team, but if not them, it’s up to you to take control. The first stop is the latest MaintenanceSolution.sql script by Ola Hallengren (https://ola.hallengren.com/); get this configured on your ConfigMgr database server and configure the IndexOptimize, DatabaseIntegrityCheck, and DatabaseBackup jobs. Then sign up for Brent Ozar’s First Responder Kit (www.brentozar.com/first-aid/) and check out the contents—particularly sp_Blitz. These guys have done the hard work for you, and their expertise will kick-start your SQL learning.

22.1.5. Advanced client configuration

ConfigMgr enables fine-grained configuration of your managed clients, including deploying certificate profiles so that they have the right trusted certificates and Wi-Fi profiles so that they’ll always be able to connect to the corporate network; and VPN profiles so that your users can always connect back to base. This is much better than having to push out Group Policy–or script-based configuration. If you’re feeling brave, try setting up Network Device Enrollment Service (NDES) and a VPN in your lab and deploy the profiles with ConfigMgr (lots of reading about this on TechNet right here: https://technet.microsoft.com/en-au/library/dn261205.aspx).

22.2. Learn from the community

ConfigMgr admins are fortunate, in that the product has attracted many clever people who give of their time to publish what they learn. There are too many out there to list them all, but here are the core resources that I strongly recommend you keep a close eye on:

• www.jamesbannanit.com—Yes, yes, shameless plug for me. Any updates to content contained within the book, companion videos, blog posts about changes to scripts as well as links to Git will be here.
• http://deploymentresearch.com—Johan Arwidmark blogs here, and you’ve already used some of his content when setting up your lab environment. Lots of deep information on Windows deployment and MDT.
• www.windows-noob.com—Niall Brady blogs here, and he’s written some of the best how-to guides on ConfigMgr I’ve ever read. Additionally, if there’s something he doesn’t know about deploying Windows, chances are it hasn’t been invented yet.
• http://blog.configmgrftw.com—Jason Sandys blogs here and has a wealth of resources for supercharging your ConfigMgr environment.
• http://deploymentbunny.com—Mikael Nystrom blogs here, and it’s an awesome resource for advanced deployment scenarios as well as some terrific PowerShell.
• http://blog.coretech.dk—Based in Denmark, Coretech employs more MVPs than you can shake a stick at, and most of them offer great blog content about ConfigMgr and PowerShell. Also, please don’t shake sticks at MVPs—we don’t like it.

Don’t be reluctant to reach out to individuals within the ConfigMgr community. All of them are active on social media and are happy to give you some ideas or introduce you to someone who can. We’re nice—really!

Well done for reaching the end of this book and for not turning up at my house to hit me over the head with it. Best of luck in your adventures in ConfigMgr.