How to Stop Accidental Deployments by SCCM Admins Configuration Manager ConfigMgr | Immediately? We have heard loads of stories about SCCM causing accidental deployments and reimaging desktops, laptops, and servers. Can SCCM admin undo accidental deployments? In this post, we will see how SCCM admins can undo accidental deployments without causing any impact.
But the fact is SCCM itself can’t cause inadvertent deployments; rather, SCCM Admins can be a cause for this kind of unfortunate situation. There are loads of incidents where the SCCM admin came to know that they made a mistake and wanted to undo the changes. Yes, they can undo the changes, but the bigger question is whether this will help stop the deployments?
SCCM is a very powerful tool, and these broad powers of SCCM should be used with loads of care. SCCM admins can take action to stop accidental deployments. The exclusive list of actions that SCCM Admins can take in case of accidental deployments is explained by Shaun Cassells in the following post, “How to Stop SCCM Advertisements with Immediate Effect.”
SCCM evolved very well, and we can have Role-Based Access Control (RBAC) to provide proper controls to admins and not give anyone more power that is not required for their role. The accidental deployments of applications, packages, and deployments to users and devices could cause a big impact on the organizations.
The bigger question is Can SCCM Admins undo accidental deployments? Do they have any out-of-box controls in SCCM to STOP the deployment they initiated mistakenly?
My answer to that question is NO. SCCM is still missing that big RED button to stop all the initiated deployments. Natively, SCCM / ConfigMgr doesn’t have any mechanism to immediately stop the package replication or traffic over the WAN. However, we can have some workarounds to stop the SCCM WAN traffic.
Apart from accidental deployments of applications, packages, and task sequences, the accidental distribution of packages to larger group SCCM DPs can also cause big impacts in your organization.
I have had a bad experience with this personally. SCCM admins can easily undo the accidental deployments and distribution of packages without going through the tedious process explained in the above post.
Only Adaptiva OneSite gives SCCM admins a real-time dashboard with a detailed display of in-progress ConfigMgr WAN transfers, plus live control to reprioritize, pause/resume, or cancel them. Admins can use the LiveFlow dashboard to move an urgent delivery, such as a security fix, to the top of the queue to deliver it worldwide instantly.
In-progress jobs are paused and later resumed automatically. LiveFlow also reveals where content is stored in the peer-to-peer network worldwide. More details about this feature are in the following post, “Datasheet: Content Visibility and Control with OneSite.”
WAN Pause/Resume (make this mainly about LiveFlow, but the big red button is considered part of it now) Adaptiva OneSite lets administrators instantly pause/resume all SCCM WAN traffic by pushing a button.
If a rollout needs to be stopped for any reason (e.g., it contains an error or virus) before deploying it on hundreds of thousands of systems, this “big red button” immediately halts all network activity worldwide. Never before have administrators had the power to stop all content delivery in its tracks globally!
Anoop is Microsoft MVP! He is a Solution Architect on enterprise client management with more than 17 years of experience (calculation done in 2018) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, Intune. He writes about technologies like ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, ACD, etc.…