SCCM Engineer

Assets and Compliance

  • Create customized device collection using a query rule for multiple devices and deploy an application or software updates to the collection.
  • Create customized user collection and assign a licensed software to it so that whenever a user is assigned to that collection, the user receives the application and the license simultaneously.

  • Create device collection based on operating system type for a more targeted deployment of applications and software updates.
  • Use Product Cycle under Asset Intelligence to determine operating systems which have reached end of support or are nearing end of support so that strategies that can taken to update devices associated with them to most current version.

Software Library

  • Created packages to deploy a host file to be used for launching Azure ASA VPN as well as one to connect it back to on-premise Cisco AnyConnect Mobility Client for testing purposes.
  • I worked with the Network Security engineer to troubleshoot issues with devices that connected to the Azure ASA VPN having issues connecting to the SCCM distribution points to access the application deployments and software updates. We had to open ports in the firewall using access control list rules to allow communication between the devices connected to Azure ASA VPN, and the SCCM distribution points.
  • Deployed Adobe Shockwave uninstaller to remove the application from the company devices since it had passed its end of life support which was in April 9, 2019.
  • Created a package to uninstall older versions of Microsoft SQL server from the workstations including SQL version 2008 and 2012.
  • Devised a strategy to update the devices which were on Microsoft SQL Server 2014 service pack 1 and 2; with end of support in 10/10/2017 and 1/14/2020, respectively, and updated them to Microsoft SQL Server 2014 service pack 3 which has an end of support on 7/9/2024.
  • Created licensed Microsoft applications including Microsoft Visio, Microsoft Project, and Microsoft Power BI and associated with User collections and so users were automatically assigned Microsoft licenses when they logged in with their Active Directory/Microsoft credentials using the Key Management Service (KMS) host server setup to connect with Microsoft services.

Monitoring

Administration

  • Deployed Windows update packages to remove Adobe flash for Windows 10 versions 1507, 1511, 1607, 1703, 1709, 1803, 1809, 1903, and 1909 since the end of life support was December 31, 2020.
  • Deployed Adobe Flash uninstaller to remove residual Adobe Flash PPAPI and other Adobe Flash browser plug-ins from the computers after the windows update to remove them had been deployed.
  • Checked updates for Java JRE and consistently created packages to update the devices with the most current releases. Also created packages to uninstall older versions of the application that remained on the devices even after installing the current versions.
  • Put together a strategy to upgrade the Microsoft SQL server versions on the devices to make sure that they met vulnerability standards. Created a package to deploy SQL 2016 service pack 1 to the devices and then created another package to  upgrade it to service pack 2 since service pack 1 had passed its end of support; January 9, 2018. Extended end of life support for Microsoft SQL Server 2016 service pack 2 is July 14, 2026.
  • In order to meet management requirements, I created a new distribution point role on the SCCM primary site server in Azure to distribute content to devices connected to the Azure ASA VPN. One Terabyte of disk space needed to be added to the server to separate the content of the distribution point server from that of SCCM primary site server.

Active Directory

  • Created GPO to use the screen saver to lock the screen when users are inactive for 15 minutes. When users returned to the log in screen, they only need to put in their password in order to unlock the screen; the username or name is already populated.
  • Created a User Account Control (UAC) GPO to allow Servicedesk and other administrators to be able to carry out administrative actives on user devices such as installing and uninstalling software applications.
  • Created a User Rights Assignment GPO to add administrators to the three permissions required for installing SQL Server 2016; right to back up files and directories, the right to manage auditing and the security log as well as the right to debug programs.
  • Created GPO to enable OneDrive and automatically log users into OneDrive when they log into the VPN.
Scroll to Top