How to Stop Accidental Deployments by SCCM Admins Configuration Manager ConfigMgr | Immediately? We have been hearing loads of stories about SCCM causing accidental deployments, reimaging desktop, laptops, and servers. Can SCCM admin undo accidental deployments? In this post, we will see how SCCM admins can undo accidental deployments without causing any impact.
But the fact is SCCM itself can’t cause inadvertent deployments rather SCCM Admins can be a cause for this kind of unfortunate situation. There are loads of incidents where the SCCM admin came to know that he/she made a mistake and he wanted to undo the changes. Yes, he/she can undo the changes, but the bigger question is whether this will help to stop the deployments?
SCCM is a very powerful tool, and these broad powers of SCCM should be used with loads of care. SCCM admins can take actions to stop accidental deployments. The exclusive list of actions that SCCM Admins can take in case of accidental deployments is explained by Shaun Cassells in the following post “How to Stop SCCM Advertisements with Immediate Effect“.
SCCM evolved very well, and we can have Role-Based Access Control (RBAC) to provide proper controls to admins and not to give anyone more power which is not required for their role. The accidental deployments of applications, packages, and deployments to users and devices could cause a big impact on the organizations.
The bigger question is Can SCCM Admins undo accidental deployments? Do they have any out-of-box controls in SCCM to STOP the deployment they initiated mistakenly?
My answer to that question is NO. SCCM is still missing that big RED button to stop all the initiated deployments. Natively, SCCM / ConfigMgr doesn’t have any mechanism to stop the package replication or traffic over the WAN immediately. However, we can have some workarounds to stop the SCCM WAN traffic.
Apart from accidental deployments of applications, packages, and task sequences, the accidental distribution of packages to larger group SCCM DPs can also cause big impacts in your organization.
I have a bad experience with this personally. SCCM admins can easily undo the accidental deployments and distribution of packages without going through the tedious process which is explained in the above post.
Only Adaptiva OneSite gives SCCM admins a real-time dashboard with a detailed display of in-progress ConfigMgr WAN transfers, plus live control to reprioritize, pause/resume, or cancel them. Admins can use the LiveFlow dashboard to move an urgent delivery, such as a security fix, to the top of the queue to instantly begin delivering it worldwide.
In-progress jobs are paused and later resumed automatically. LiveFlow also reveals where content is stored in the peer-to-peer network, worldwide. More details about this feature in the following post “Datasheet: Content Visibility and Control with OneSite“.
WAN Pause/Resume (make this mainly about LiveFlow, but the big red button is considered part of it now) Adaptiva OneSite lets administrators instantly pause/resume all SCCM WAN traffic by pushing a button.
If a rollout needs to be stopped for any reason (e.g., it contains an error or virus) before it gets deployed on hundreds of thousands of systems, this “big red button” immediately halts all network activity worldwide. Never before have administrators had the power to stop all content delivery in its tracks globally!