Improve SCCM management with these five utilities

Scott Lowe highlights five add-ins that he recommends IT pros use when managing Microsoft's System Center Configuration Manager to make it shine.

System Center Configuration Manager (SCCM) is a great tool from Microsoft that helps IT organizations gain better control over the variety of assets under their purview. SCCM offers a very good experience out of the box, but when it's combined with add-ins and complementary utilities, it really shines. Here's a look at five of the add-ins that I have either used or am using right now for SCCM management.

1: System Center Configuration Manager 2007 Toolkit V2

Even Microsoft knows that SCCM has some room for improvement; as such, Microsoft has made available the second version of its conglomeration of 11 useful utilities. Dubbed System Center Configuration Manager 2007 Toolkit V2, the download package contains the following utilities:

  • Client Spy. Helps SCCM administrators troubleshoot problems related to software distribution, inventory, and other SCCM-based tasks.
  • Delete Group Class Tool. Removes inventory group definitions.
  • Desired Configuration Management Migration Tool. Migrates Systems Management Server 2003 DCM items to SCCM 2007.
  • Desired Configuration Management Model Verification Tool. Validates DCM configuration items and baselines.
  • Desired Configuration Management Substitution Variable Tool. Authors desired configuration management configuration items that use chained setting and object discovery.
  • Management Point Troubleshooter Tool. Ensures that SCCM management points are in good operational order.
  • Policy Spy. Provides SCCM administrators with a way to troubleshoot policies being applied to clients.
  • Preload Package Tool. Used to manually install compressed copies of package source files on Configuration Manager 2007 sites.
  • Security Configuration Wizard Template for Configuration Manager 2007. Helps administrators reduce the attack surface of Windows Server 2008 R2-based servers.
  • Send Schedule Tool. Triggers a client-side evaluation of a DCM baseline.
  • Trace32. A log file viewer that no SCCM administrator should try to live without.
In particular, I make regular use of Trace32/SMS Trace, which is installed as the default log file viewer on my SCCM system. In Figure A, you'll see why Trace32 is so useful. Notice that there is a huge amount of information in each SCCM log file. Trace32 brings order to the chaos and provides additional detail in the window at the bottom of the screen. In Figure B, notice that the Management Point Troubleshooter Tool does a pretty complete job when it comes to making sure that management points are ready for action. Figure A

SMS Trace is the one tool SCCM admins can't be without. (Click the image to enlarge.)
Figure B

The Management Point Troubleshooter Tool helps you to avoid problems. (Click the image to enlarge.)

2: SCCM Autodoc

SCCM infrastructures have a ton of information about existing technology environments, and SCCM itself (once it has been deployed for a while) has a lot of its own information, including client agent details, package information, advertisement configuration, collection information, and more. The SCCM Autodoc tool provides you with a way to fully and completely document the pertinent details of your SCCM infrastructure.

I have used SCCM Autodoc in other environments but have not deployed it yet at Westminster College, so the screenshots below are taken from the sample documentation. The screenshot in Figure C is intended to give you an overview of the sheer breadth of information that is captured with SCCM Autodoc. The screenshot in Figure D gives you a look at some of the details that are captured. Figure C

SCCM Autodoc captures a ton of information. (Click the image to enlarge.)
Figure D

Here is a look at the kind of detail you can expect from SCCM Autodoc. (Click the image to enlarge.)

3: PackageStatusDetailSummarizer

For those of you who are running larger SCCM organizations and need to be made aware when packages are staged and what versions of a package are available on various distribution points, a desktop gadget called PackageStatusDetailSummarizer is just what the CIO ordered. This desktop gadget works on Windows Vista and Windows 7 desktops that support Windows Sidebar and, once you provide the gadget with the package ID that you'd like to watch (Figure E), you get a look at the distribution status of the current package (Figure F). Since my SCCM environment is pretty small, I've also included a screenshot from the tool's documentation (Figure G). Figure E

Point the desktop gadget to your SCCM server.
Figure F

This single point look shows the status of the requested package.
Figure G

Here's a look at a more complete version of the tool.

4: SCCM Copy and Paste context menu add-on

There may be times when you need to create a bunch of similar collections. Using the default method, this can be a tedious process as you manually create queries for each new collection, even if you just need to change one aspect of the query. Wouldn't it be nice if you could just copy and paste the collection details? With SCCM Copy and Paste, now you can. With this tool, you can copy and paste collections, packages, advertisements, and programs without having to recreate each and every one from scratch (Figure H). Figure H

SCCM Copy and Paste add in

5: ForeFront Endpoint Protection 2010

At Westminster College, we've standardized our antimalware efforts around Microsoft Forefront Endpoint Protection 2010 (FEP) and we couldn't be happier. In the latest version of FEP, Microsoft adopted the excellent and lightweight Microsoft Security Essentials and added enterprise management features that are critical in today's regulated workplace. When FEP is combined with SCCM, magic happens. With the combination, you can take a hands-off maintenance approach with the FEP client, get constant at-a-glance statistics, centralized logging, and centralized management, and you get to leverage your existing management infrastructure to make it all happen.

When you add FEP into SCCM, you can quickly and easily answer a number of important questions, such as:

  • What percentages of computers are currently protected?
  • Are the latest definitions installed?
  • What malware was detected in the organization?
  • What computers currently have malware activity? You can get a report on this, too, as you can see in Figure I.
These are critical questions (answered in Figure J) and help IT take more proactive steps in preventing potential outbreaks while maintaining single-pane management. Figure I

The computer details report. (Click the image to enlarge.)
Figure J

The SCCM-based FEP dashboard. (Click the image to enlarge.)

What is your favorite SCCM add-in?

These are just some of the add-ins that are available for SCCM. If you have a favorite SCCM add-in that I haven't listed, please share it with the TechRepublic community.