What do you like best?
I do like the addition in CB 1802 of "Install Behavior", which saves me having to script an install or use a task sequence in order to preemptively kill processes with as little disruption to the user as possible so that the install will not fail.
I also would be up all night two weekends of the month if not for the option to schedule both availability and deadline for my server updates, however I'm clearly not doing it correctly, as I still end up with servers three days later that never got around to downloading the updates, with no obvious cause, other than that the client just didn't do it, but I digress.
What do you dislike?
I dislike that in order to specify that in installation take place upon logon or logoff I have to create a task sequence for my application or program. Why that logic cannot be or has not been integrated into the most commonly used features for software deployment, I cannot imagine.
HOWEVER, that inconvenience pales in comparison to the massive recurring headache of 3rd party patching. Even SCUP and SolarWinds PM give me only the exoskeleton for the updates most needed because of their vulnerability to exploit: Java and Flash Player. As I was fighting this battle a year ago, we still had a valid Altiris Patch Management subscription, and I went back to it as quickly as I had left it, for that reason alone. While I understand to an extent Adobe's rationale in refusing to publish updates to 3rd party catalogs, Altiris managed to have an employee do all the steps I have to complete every month and make the msi and exe available for all flavors, Java, too, and save me those steps. I don't know what kind of agreement exists there that affords Altiris, and apparently no one else, the option of providing the complete catalog content for those two troublemakers, but it's worth its weight in gold.
I would be remiss if I didn't mention that assuming an hour for a reboot borders on ridiculous and often exceeds my maintenance window, but I have thus far heeded Microsoft's warnings to not fiddle with that. The same goes for deadline randomization; if the pre-release phased deployment feature makes it into production, my understanding is that it will, in a sense, replace deadline randomization, but, my employer being a federal agency, 'pre-release' and 'beta' are bad words. I'm not allowed to take advantage of those features yet.
Recommendations to others considering the product:
SCCM is great for imaging, application deployment, and reporting. If you are wanting a patch management solution, you should know that Microsoft will not provide you with content for Adobe product updates or Java updates. I believe there are a couple others. I would recommend keeping a finger on the pulse of current branch development, as 3rd party patching is just about the biggest sore spot for admins, as acknowledged by Microsoft. Whether there exists a solution other than Symantec Patch Manager that still provides admins with all content necessary to deploy updates, I don't know, but there is pain ahead, if this will be your patching solution.
What problems are you solving with the product? What benefits have you realized?
I have relied heavily on SCCM to distribute patches from both the present and years ago in order to remediate vulnerabilities that are in violation of the risk acceptance policy, the responsibility for which I have been given because I managed to have some success with it last year. No good deed goes unpunished. That is in addition to regular monthly patching, which has been done solely with SCCM since December 2017. Reporting on patch penetration is definitely simpler with a single patch management solution, however the inability to incorporate my 3rd party updates into a SUG keeps me running multiple SCCM reports for now.