Search This Blog

08 December, 2024

The Story of SCCM Collections: Bringing Order to the IT Workbench

The Story of SCCM Collections: Bringing Order to the IT Workbench

In a bustling mid-sized IT department, the workstation management team found themselves at the heart of every operation. These engineers were the unsung heroes, responsible for ensuring that every laptop, desktop, and server under their care ran smoothly. From deploying software updates to enforcing compliance policies, they were always at the ready. With hundreds of devices and users to manage, the team had long ago realized that managing such a sprawling ecosystem required precision, efficiency, and a toolset that could keep up. That toolset was Microsoft System Center Configuration Manager (SCCM), and at the core of SCCM’s functionality lay its powerful collections.

For this team, collections were more than just a way to organize devices and users—they were the backbone of effective IT management. With collections, the team could group devices and users based on specific criteria, enabling targeted deployments and precise oversight. Let’s delve into how the workstation engineers used SCCM collections to transform their operations, bringing order to their environment and mastering the art of IT management.

Collections: The Building Blocks of Targeted Management

One typical Monday morning, the team faced a challenge: the marketing department needed an urgent update to their design software. The request wasn’t unusual, but it underscored a larger truth about IT operations: not all deployments are created equal. The engineering team couldn’t just blanket the entire network with the update—it would wreak havoc on machines that didn’t need it. They needed to target only the devices used by the marketing department, and that’s where device collections came into play.

Device Collections: Where Machines Find Their Place

The team opened SCCM and navigated to Device Collections, their starting point for organizing endpoints. A device collection is SCCM’s way of grouping machines, and its flexibility allows IT teams to target them based on various attributes, such as location, operating system, or naming conventions.

The engineers began by creating a new collection called Marketing-Laptops. Naming conventions were critical—collections needed to be identifiable at a glance. The team had long established a practice of descriptive, department-based names to avoid confusion.

Instead of manually adding devices to the collection—a process they knew would quickly spiral out of control—they set up query-based membership rules. This allowed the collection to automatically include devices meeting specific criteria. For Marketing-Laptops, they used a straightforward WQL (Windows Query Language) query:

SELECT * FROM SMS_R_System WHERE DeviceName LIKE 'MKT-%' AND OperatingSystemNameAndVersion LIKE '%Windows 11%'

This query ensured that only devices with names starting with “MKT-” and running Windows 11 would be included. With the query in place, the collection populated itself in minutes. Now, any new laptop added to the marketing department would automatically become part of this collection, requiring no manual intervention.

With the devices grouped and ready, the team deployed the update. The targeted approach ensured that only the intended devices received the new software, reducing the risk of unintended disruptions.

User Collections: Making IT Personal

The next day, a new request arrived: deploy a compliance application to the legal department staff. This task wasn’t about machines—it was about the users themselves. The engineers turned to user collections, SCCM’s tool for organizing people.

First, they needed to define the membership of the collection. Instead of manually specifying users, they decided to integrate with Active Directory, the source of truth for user accounts and groups. Using a WQL query, they linked the collection to the Active Directory group Contoso\Legal:

SELECT * FROM SMS_R_User WHERE UserGroupName = 'Contoso\\Legal'

This approach ensured that the collection stayed dynamic. If someone joined or left the legal department, the collection would update automatically, reflecting the changes in Active Directory.

The team also made sure to test the deployment path before rolling it out. By creating a smaller test collection, they simulated the deployment process to ensure it worked as expected. Lessons from the past—like the time they accidentally sent beta software to executives—had made them meticulous about testing.

Keeping Collections Manageable

As the IT environment grew, so did the number of collections. Without proper management, collections could quickly become unmanageable, leading to confusion and inefficiency. The engineers adopted several best practices to keep their collections organized:

  • Folders for Organization: They grouped collections into folders based on departments, projects, and system types. This made it easy to find and manage specific collections without sifting through a long list.
  • Staggered Refresh Schedules: Dynamic collections refreshed at different intervals to avoid overloading the SCCM server. High-priority collections, like those for critical updates, refreshed frequently, while less dynamic collections, such as Retired-Devices, refreshed less often.
  • Clear Documentation: Every collection was documented in a shared spreadsheet, detailing its name, purpose, membership criteria, and deployment history. This not only helped current team members but also made onboarding new engineers much smoother.

Day-to-Day Operations: Where Collections Shine

With their collection strategies in place, the team found that SCCM became a powerful ally in their day-to-day operations. Patch Tuesday, once a chaotic scramble, was now a predictable and manageable process. By targeting collections based on operating system and patch level, they ensured that updates rolled out efficiently and with minimal disruption.

When new employees joined the company, onboarding was a breeze. Device and user collections worked together to ensure that each new hire received the necessary applications and settings within hours of logging in for the first time. Compliance audits, too, became less daunting. Collections provided clear, organized data on which machines and users were covered by specific policies.

The Collections Legacy

For the workstation engineering team, SCCM collections were more than just a feature—they were the foundation of a well-managed IT environment. By grouping devices and users based on specific, dynamic criteria, the team achieved precision in deployments and efficiency in operations.

SCCM collections weren’t flashy or attention-grabbing, but they were essential. They allowed the team to focus on solving problems and meeting business needs instead of drowning in manual tasks. In the world of IT, where chaos often looms just around the corner, collections provided structure, order, and a little peace of mind.