Jump to content


JimmyJ

Check overall health of the current SCCM and AD setup

Recommended Posts

I've been recently tasked to check the overall health of the SCCM 1606 environment and AD environment.  I've found some useful scripts from TechNet and am wondering what other people have used in the past to help them assess the current setup and infrastructure? 

I know I can check component status and logs, but those don't always paint the complete picture, nor do they give you a pretty email or chart to show your clients where they may have issues.  The two scripts I've found are these ones:

https://gallery.technet.microsoft.com/ConfigMgr-Client-Health-ccd00bd7

https://gallery.technet.microsoft.com/ConfigMgr-Daily-Health-014b0d3e/view/Discussions#content

Can anyone else recommend some tips for checking overall health status and doing a general audit?

The other steps I've gone through are:

Items
1) Get Site name and CAS name. Get access. 
2) Get SQL Server name and WSUS and get access to DB and servers where hosted.   
3) Discovery of all SCCM servers and roles from CAS. (script)
4) Hardware Inventory (for each server) and OS version (2 scripts)
5) Active Directory and GPO check   (Manual) (Make sure SCHEMA is extended. Nothing is hardcoded and service accounts exist. Verify domain service account for SQL. Check Group Membership)
6) Verify Distribution points health (script)
7) Boundaries, Discovery Methods, DPs and DP Groups. Active Directory Forests. 
? Client Settings
9) Software Updates/WSUS health
10)Security Posture (SSL, IBCM, PKI)
11)System Health Reports (monitoring -> system components)
12)Access Control best practices (least control principle, not complicates)
13)Remote Access (ask first option, usage, security)
14)Packages and Applications: Naming standards, versioning information
15)Software Update Center website and application availability (SCCM Client)
16)Software Updates and retention, software updates required, maintenance plans, saved searches
17)Drivers packages, boot images, task seqs and health/standards
18)Collections: Collections with 0 members. Clients with old clients. Clients that aren't reporting back. Collections that are direct and not queries. How often they are updated
19)Monitoring: Queries naming standards, alerts, system status, content status, deployments (recent), SSRS health. 
20)Helper tools
21)Logs: dive deeper
22)Endpoint protection, MBAM, intune other. 
23)Database server health: backups, scheduled tasks, user access
24)Event logs on all servers
 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.