If you have been involved with any kind of Windows deployments or Windows Update deployments in the last five or so years, you probably heard of the concept of deployment rings. Microsoft has been pushing this concept ever since they have moved to an ‘as a Service’ model for Windows 10 and other Microsoft products that are frequently updated. Also, if you work with or for a company that seems to be stuck in the 1990s, you are probably also familiar with the phrase ‘pets vs. cattle’. If not, then the simple explanation is managing every computer like it is a pet, instead of doing activities in a controlled, bulk fashion, more like herding cattle. As you can imagine, the ‘pets’ method has a rather high TCO and usually results in much slower deployments which makes it much harder to keep up with the ‘as a Service’ model.

Even using a deployment ring methodology, there is still a good reason to minimize risk but maximize velocity (this is what my Windows as a Service in the Enterprise process is based on). Because of this, I always like to implement a crawl-walk-run approach. Using Configuration Manager, this approach can be accomplished by setting up ring-based collections. This also has side benefits by being able to re-use these collections for deployments and updates instead of constantly creating hundreds (or possibly thousands) of collections (which can have a drastic impact on colleval).

The design goal was to come up with rings that represented 2%, 3%, 5% (crawl), 10%, 20% (walk), 30%, 30% (run). Starting with 400K (the approximate size of the workstations we manage) and then subtracting the high-risk systems, executives, insiders, etc. we have a target subset of 386,500 (adjust the decimal to reflect your own environment). With this number, that target rings look like the following:
Crawl Rings:
Ring 0 – Pilot testing, early adopters, etc., populate as desired
Ring 1 – 2% (~7730)
Ring 2 – 3% (~11,595)
Ring 3 – 5% (~19,325)
Walk Rings:
Ring 4 – 10% (~38,650)
Ring 5 – 20% (~77,300)
Run Rings:
Ring 6 – 30% (~115,950)
Ring 7 – 30% (~115,950)

By using the last two characters of the SMSUniqueIdentifier, we are able to get really close to these target percentages by splitting up the possible permutations into the percentages listed above. For example, the collection query for Enterprise Ring 1 would look like the following:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Substring(SMS_R_System.SMSUniqueIdentifier,39,2) in ('43','CC','C4','5B','30')

Instead of manually creating these collections by copying and pasting collection queries, here is a quick PowerShell script that will create them for you. Adjust the limiting collections and collections schedules to fit your needs. Feel free to increase or decrease the number of rings by adjusting the collection queries.

In the future, I will show other ways that these Enterprise Rings can also be leveraged. If you find this useful, please let me know by leaving a comment below.

#Lord of the Deployment Rings
#22.06.02

#Get the next Sunday for the collection refresh schedule
$Date = Get-Date
while ($Date.DayOfWeek -ne "Sunday") {$Date = $Date.AddDays(1)}
$Schedule = New-CMSchedule -DayOfWeek Sunday -Start $Date.Date -RecurCount 1
$x = 0
$LimitingCollection = 'All Desktop and Server Clients'

#Create Enterprise High Risk Collection
$ExcludeCollection = New-CMCollection -CollectionType Device -LimitingCollectionName $LimitingCollection -Name 'Enterprise High Risk Ring' -Comment 'Place high-risk systems in this collection' -RefreshType None

#Create Enterprise Ring 0 Pilot Collection
$PilotCollection = New-CMCollection -CollectionType Device -LimitingCollectionName $LimitingCollection -Name 'Enterprise Ring 0 Pilot' -Comment 'Place pilot systems in this collection' -RefreshType None


#Define Enterprise Ring Collections
$Rings = @(
    @{ CollectionName = 'Enterprise Ring 1'; Comment = 'Approximately 2%'; Query = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Substring(SMS_R_System.SMSUniqueIdentifier,39,2) in ('43','CC','C4','5B','30')"}
    @{ CollectionName = 'Enterprise Ring 2'; Comment = 'Approximately 3%'; Query = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Substring(SMS_R_System.SMSUniqueIdentifier,39,2) in ('6C','AA','55','C9','72','BD','54')"}
    @{ CollectionName = 'Enterprise Ring 3'; Comment = 'Approximately 4%'; Query = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Substring(SMS_R_System.SMSUniqueIdentifier,39,2) in ('9E','F1','12','8C','34','FC','ED','77','87','D1','48','57','5A')"}
    @{ CollectionName = 'Enterprise Ring 4'; Comment = 'Approximately 10%'; Query = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Substring(SMS_R_System.SMSUniqueIdentifier,39,2) in ('0F','74','0B','2D','59','AE','27','DD','99','A9','4F','FB','BB','1B','66','C3','52','AC','85','84','B9','A8','26','8F','BC')"}
    @{ CollectionName = 'Enterprise Ring 5'; Comment = 'Approximately 20%'; Query = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Substring(SMS_R_System.SMSUniqueIdentifier,39,2) in ('21','63','9A','3A','D2','36','AF','E3','5C','AD','B5','25','3D','88','DF','D5','DE','6E','15','7B','09','FE','B8','3F','CA','0A','95','0D','EE','33','97','A7','3C','D0','5D','E4','9C','1F','4C','1C','18','49','4E','3E','AB','89','D4','8D','C6','0C','53')"}
    @{ CollectionName = 'Enterprise Ring 6'; Comment = 'Approximately 30%'; Query = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Substring(SMS_R_System.SMSUniqueIdentifier,39,2) in ('DA','CB','67','11','40','BF','16','7F','D3','6D','08','50','7C','1A','14','94','E6','60','3B','38','7D','7E','98','F8','E9','37','E5','FF','A3','B3','10','90','81','1E','4B','51','DB','8E','35','F4','47','CD','A5','00','5E','19','4D','69','92','75','06','CF','31','F0','E1','93','03','45','1D','5F','E8','91','F2','CE','B1','73','D7','22','82','76','71','4A','86','EC','B7','80','F3')"}
    @{ CollectionName = 'Enterprise Ring 7'; Comment = 'Approximately 30%'; Query = "select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where Substring(SMS_R_System.SMSUniqueIdentifier,39,2) in ('C5','A4','46','79','D8','BA','C0','A1','58','BE','68','78','29','02','E2','39','05','F5','E7','D9','28','24','6F','9B','8B','20','83','70','B4','61','A0','6A','96','23','2F','A6','04','DC','13','F6','0E','6B','01','E0','65','62','9D','2E','44','F7','C8','B0','FA','8A','C2','F9','2A','C1','D6','B2','41','EA','EF','FD','A2','17','7A','56','B6','2B','64','9F','42','EB','C7','07','2C','32')"}
    )

#Create Enterprise Ring Collections
foreach ($Ring in $Rings) {
    $x++
    $CollectionName = $Ring.CollectionName
    $Comment = $Ring.Comment
    $Query = $Ring.Query
    Write-Host "Creating Collection $CollectionName"
    New-CMCollection -CollectionType Device -LimitingCollectionName $LimitingCollection -Name $CollectionName -Comment $Comment -RefreshSchedule $Schedule -RefreshType Periodic
    Add-CMDeviceCollectionQueryMembershipRule -CollectionName $CollectionName -RuleName $CollectionName -QueryExpression $Query
    Add-CMDeviceCollectionExcludeMembershipRule -CollectionName $CollectionName -ExcludeCollection $ExcludeCollection
    }

Originally posted on https://miketerrill.net/