In this article I will cover everything you need to know about collections from creating them to updating them and how to maintain them.
I will then show you how they are used in configuration manager, and show you the best practices I have learned over the years.
What Is A Collection In Configuration Manager
A collection is a group you can create that contains either configuration manager devices or users. These groups are very similar to active directory groups.
Below is a screenshot of some device collections I have created in my SCCM environment
You can use these collections in configuration manager to do the following.
- Deploy Applications
- Deploy Software Updates
- Run Scripts
- Deploy Compliance Settings
- Run Reports
- Push Configuration Manager Settings
Before we start creating collections there are a few things you will need to know.
Naming Conventions
In my experience it is very important to implement a good naming convention from day 1. Almost every environment I have managed has had 100’s of collections and if you don’t have a good naming convention it can be very hard to find device collections.
In my environments I will name collections something similar to the following.
- Device : Windows 11 (Device Related Collections)
- Application : Adobe Reader (Used for application deployments)
- Software Update : Test Machines (Used for software updates)
- Compliance : Prod Machines (Used to apply compliance rules)
Limiting Collection
A limiting collection is where you can limit the devices that appear in the collection. If you set the limiting collection to “All Systems” then all systems can appear in the collection.
If you set the limiting collection to “Windows 11 Machines” then only Windows 11 machines will appear in the collection.
If you select “New Machines Created In Last 14 Days” it will only include the machines that were created in the last 14 days.
Rule Types
There are five different types of rules you can use to add devices in to the collection, they are
Direct Membership
You can manually type in the name of the device you wish to add to the collection and then add them one at a time.
Query Rule
A query rule will add devices to a collection based on what is in the query. For example you can add any devices that match or start with WIN11%
The query will run on a schedule (As per below) and will add any new members that it finds.
Include Collection
You can include all members in another collection. If members in the include collection change so will the base collection.
Exclude Collection
This will exclude or remove members that are in the source collection. Not this will override any include collections you have added.
Below I will show you how to create custom device collections to include devices such as
- Devices Based On Wildcard
- Based on AD Security Group
- Based On Operating System
- Based On Software Installed
To jump to that section click here
Update Schedule
This setting will tell configuration manager when to update the device collection. Any new devices found will be added, also devices will be removed if they no longer match the inclusion criteria.
By default a device collection is set to update once every 7 days, From experience I recommend not to change this setting. Updating a device collection actually takes up a lot of system resources (Runs SQL queries and can cause disk i/o spikes)
If you set the update schedule to frequently this will cause issues with updating collections which I have seen many times. If you have 100’s of collections it is very important to configure the updating time once every 7 days or less frequent.
If you have a collection that does need updating frequently then tick the “use incremental updates for this collection” as this will only query new resources added to configuration manager and not all resources.
How To Create A Device Collection In SCCM
To create a device collection in SCCM follow these steps
- Open the configuration manager console
- Go to \Assets and Compliance\Overview\Device Collections
- Click “Create Device Collection” in the toolbar
- The create device collection wizard will now appear
- Give the collection a good descriptive name (Check out the advise I give about giving a name Click Here)
- Click browse and select “All Systems” (To learn more about how to use limiting collections click here)
- Click next
- On the define membership rules click on add rule
- Select the rule you wish to use (For more information about rules click here)
- Click Next
- Click Next
- Click Next
- Click Close
- Your device collection will now be created and shown in the console as per below.
Example Device Collections
Over the years I have created many different types of collections, I keep the setup config of them all and I will show you some examples below.
To create device collections you can copy the below config and paste and edit to your needs.
1. Based on Computer Name
With this device collection you can add devices in to the collection based on computer names. For a step by step guide how to create this collection take a look at Collection based on computer name.
2. Based On Computer Name With Wildcard
If you want to add all computers that start or end with a specific letter or number you can use a query rule to achieve this. To do this take a look at Computer Name With Wildcard
3. Based on AD Security Group
If you want to populate a device collection with devices that are in an AD group you can. This is my preferred method as the collection is automatically populated when the AD group changes. To setup a collection to use an AD security group take a look at AD Security Group.
4. Based On AD OU
You can also populate a collection with devices or users in a specific OU, For this take a look at Based On AD OU.
5. Based On Operating System
I typically use collections based on operating systems for limiting collections for my main collections. For example for software updates I will create a “Windows Server 2016” group and only push to Windows 2016 machines. To create a operating system device collection take a look at Device Collection Based on OS.
