Use a Compliance Baseline to Automatically Check and Copy File

Posted on

When I do testing in my lab, I normally include the CMTrace log viewer in my captured images so when I deploy an image it is already available. In my last capture, my CMTrace package failed to run so it was not in the image. Rather than immediately recapture, I decided to set a quick Configuration Baseline to check for CMTrace and copy it if it was not present. Below are the steps that I performed. This could be used with any file.

  1. Created a PowerShell script to check for CMTrace in the Windows directory. If present it would output compliant, and non-compliant if is was not present.
  2. Created a PowerShell script to copy CMTrace from my AdminTools share to the Windows directory on the local computer.
  3. Created Configuration Item that used the Step 1 script as the discovery script and the Step 2 script as the remediation script.
  4. Created Configuration Baseline that included the Configuration Item from Step 3.
  5. Deployed Configuration Baseline to all lab machines.

Discovery Script

If(!(Test-Path $env:windir\CMTrace.exe)){ echo "Non-Compliant" } Else { echo "Compliant" }

Remedidation Script

Copy-Item -Path "\\CM01\AdminTools$\cmtrace.exe" -Destination $env:windir -Force

Client Cache Settings and Peer Cache in Update 1604

Posted on Updated on

Microsoft has updated the release information for 1604 and included a new feature. It sounds promising. I look forward to testing it out as well.

  • Client Cache Settings and Peer Cache – Technical Preview 1604 introduces two new device client settings that affect the use of a client’s cache. Both can be used individually but are configured on the same property sheet for client settings and combine to help you manage deployment of content to your clients in remote locations.

More Information on Client Cache Settings and client Peer Cache

Update 1604 for Configuration Manager TP Released

Posted on Updated on

On April 22nd, Microsoft released Update 1604 for Configuration Manager Technical Preview.  Below are details of what is included in the update. For a number of years, there has been a desire for an out of the box Software Updates dashboard. I am looking forward to trying it out.

  • Windows Store for Business integration – You can now manage and deploy applications purchased through the Windows Store for Business portal for both online and offline licensed apps. You can also view a video walkthrough of this feature.  There is a known issue that prevents on boarded applications from the Windows Store for Business from appearing in the Configuration Manager console.  Please run this PowerShell script after updating to Technical Preview 1604 to resolve it.
  • Passport for Work policies – You can now deploy Passport for Work policies to domain-joined Windows 10 PCs managed by the ConfigMgr client as well as mobile devices managed by Microsoft Intune.
  • On-premises Health Attestation Service integration – You can now configure devices that cannot connect to the cloud-based Health Attestation Service to connect with the on-premises Health Attestation Service instead.
  • VPN for Windows 10 – You can now deploy VPN profiles with 3rd-party providers to Windows 10 devices managed with ConfigMgr client. These providers include Pulse Secure, F5 Edge, Dell SonicWall, and Checkpoint.
  • Software Updates Compliance dashboard – You can now use this dashboard to view the current compliance status of devices in your organization and quickly analyze the data to see which devices are at risk.

This release also includes a new feature for customers using System Center Configuration Manager integrated with Microsoft Intune to manage mobile devices:

  • New setting for Android devices – You now have an option to configure Smart Lock setting for Android 5.X devices in order to prevent users from bypassing the lock screen.

In addition, we updated the baseline version of Configuration Manager Technical Preview available on TechNet Evaluation Center. Now it is based on the Technical Preview build 1603. Baseline bits are used for new installations.



Helpful Links for SCCM 1511

Posted on

Last year was a busy year. It has been quite a while since I posted last. With the holidays over, I have been spending time testing and learning more about the new System Center products. During this time, I have collected links to information that I have found helpful in this process. I thought I would share them in this post. I hope you find them as useful as I have.

Microsoft’s Announcement that 1511 is now generally available

System Center Dudes’s Step-by-Step SCCM 1511 Upgrade Guide

Nickolaj Andersen’s Step-by-Step SCCM 1511 Upgrade Guide

System Center Dudes’s Guide to the New Features in SCCM 1511

Deployment Research Hydration Kit for SCCM 1511

SCCM 1511 Evaluation Download



Microsoft System Center Configuration Manager Technical Preview Feature – Windows PE Peer Cache

Posted on

With the next version of Configuration Manager, Microsoft introduces Windows PE Peer Cache. This will allows clients to pull WinPE content from a computer that is local. This will reduces WAN traffic on the network and could reduce the need for a local distribution point at some locations.

Search for Windows PE Peer Cache

Tables and Views in the MDT Database

Posted on

I find it useful to keep a list of all the tables and views in the MDT database. This comes in handy when building a query or stored procedure. Below are the tables and views in the MDT database. This comes from the Microsoft Deployment Toolkit Documentation Library.




Remove Direct Membership Rules with PowerShell

Posted on

Recently, I had a need to remove multiple direct membership rules from several collections. Rather than use the console, I used the Configuration Manager PowerShell module. Below is what I ended up doing. It asks for the collection name, checks whether the name supplied is a device collection, checks whether the collection has members and removes them. From this base, I was able to incorporate these commands into other scripts with advanced functionality.

Import-Module (Join-Path $(Split-Path $env:SMS_ADMIN_UI_PATH) ConfigurationManager.psd1)

$CollectionName = Read-Host "Enter name of collection."
$Collection = Get-CMDeviceCollection -Name $CollectionName

If($Collection.CollectionType -eq 2 -and $Collection.MemberCount -gt 0){
    $Removals = Get-CMDeviceCollectionDirectMembershipRule -CollectionName $CollectionName
    ForEach($Removal in $Removals){
        $RemovalID = $Removal.ResourceID
        Remove-CMDeviceCollectionDirectMembershipRule -CollectionName $CollectionName -ResourceID $RemovalID -Force
        Write-Host "Removed $Removal" -ForegroundColor Green

SQL Server Query to Check Last Client Health Check on Specific Machine

Posted on Updated on

There are times when I need to check the last time a machine ran the SCCM client health check. There are several different ways to check this, from the using the console to reports. Since I have SQL Server Management Studio up the majority of the time, I find the easiest way for me is to run the below query. It will output the last time it was reported online, last hardware inventory, last time the client health check was run, and the status of the check.

SELECT S1.Netbios_Name0 AS [Machine Name], S2.LastOnline AS [Last Online], S2.LastHW AS [Last Hardware Inventory], S2.LastHealthEvaluation AS [Last Evaluation Time], S3.HealthCheckDescription AS [Last Evaluation Result] 
FROM v_R_System AS S1 INNER JOIN v_CH_ClientSummary AS S2 ON S1.ResourceID = S2.ResourceID INNER JOIN v_CH_EvalResults AS S3 ON S1.ResourceID = S3.ResourceID 
WHERE (S1.Netbios_Name0 = '<<insertmachinename>>')


Available views for SCCM 2012 custom reporting

Posted on Updated on

Microsoft has made it easy to locate a view to use when creating a custom report. On TechNet, they have grouped the reports into to categories such as Inventory Views , Discovery Views, and Software Update views. Below are links to two key categories that I use regularly along with a link to all views.

Discovery Views – Use to find machines and users discovered by SCCM.

Inventory Views – Use to find installed software, hardware information, and files on machines.

All Views