University Systems manages over 3000 desktops, laptops and tablets on campus that run the Windows operating system. This number includes faculty and staff supported by the Computer Helpdesk and Desktop Support Services in addition to several computer labs. So how do we ensure that these devices are continuously inventoried and that critical software is being patched in a timely manner? In the old days this involved a lot of elbow grease. A person would have to physically visit each device to make sure that things like Java and Adobe Reader were kept up to date and any other required software was installed. Devices were tracked in spreadsheets and it was difficult to know what software was deployed across the multitude of devices being supported. This consumed resources, left less time for other important tasks and made it very difficult to get a comprehensive view of the support landscape.
To help alleviate this problem, University Systems initiated a project in early 2014 to create a new service using Microsoft’s System Center Configuration Manager, or SCCM for short. SCCM allows administrators to manage the deployment and configuration of devices and applications across the enterprise. It provides patch management, software distribution, operating system deployment and hardware and software inventory for Windows workstations. The SCCM service was piloted successfully in a handful of supported departments and later expanded to cover all supported departments in 2015. An SCCM working group was established and meets weekly to evaluate and plan the use of SCCM.
Supported devices are automatically provisioned with the SCCM client through group policy and connect to the SCCM server at certain intervals. This allows the SCCM server to build an up-to-date list of all known devices, collect hardware and software inventory, provide policy updates and to deploy software packages to clients. Lists of devices, known as Device Collections, can be created based on rules defined by the administrator. So we can define a Device Collection for things like department and operating system. Device Collections help to group devices based on some useful criteria and allow administrators to target specific devices for software deployment, patches and configuration changes.
SCCM gives administrators a plethora of useful information about devices, including information about hardware components and installed software. It gives administrators the ability to query where specific software is installed so they can respond faster to security vulnerabilities. While SCCM provides a lot of information about devices, it cannot be used to monitor a person’s activity. Let’s be clear, SCCM is NOT an activity monitoring solution! This is an important distinction in today’s privacy conscious environment.
As mentioned earlier, another useful feature of SCCM is that it allows administrators to create software packages to deploy over the network. The software can be targeted to specific Device Collections and installed according to a schedule or made available for installation by the user themselves using the Software Centre app without the need to enter admin credentials. Administrators can easily see which devices have installed the software successfully and which have not. Currently, Desktop Support Services uses SCCM to install the latest Java and Adobe Reader versions on supported client machines as well as to deploy Adobe products such as Acrobat DC and Creative Cloud apps. SCCM can also be used to deploy operating system images to computers. The Computer Helpdesk uses SCCM to deploy custom images to its lab computers on a regular basis.
So far we have only scratched the surface of what SCCM can do. SCCM is capable of managing other devices with various operating systems including smartphones and is part of Microsoft’s “peoplecentric” IT strategy that together with other solutions such as InTune help organizations adapt to the consumerization of IT and the trend towards bring-your-own-device (BYOD). It empowers users while protecting their data, maintaining organizational compliance and reducing overall risk. SCCM allows us to provide better, more transparent and proactive support to Windows-based workstations across campus. However, SCCM does not replace the value that our clients get from the face-to-face interaction with University Systems staff. Instead, there is a synergy between this technology and the friendly, personal support that we provide that results in a winning combination for our clients.
Written by: Jan Misovic, August 2016
Great initiative!