Technology Log

This one is pretty self explanatory. If you use BranchCache by default it puts the caches on C: drive and you might find that your C: is the smallest drive (depending on your server configuration). Anyways here is something that will help you move those caches around and set them to a different size. #Check if cache already moved $CacheStatus = Get-BCStatus If(($CacheStatus.HashCache.CacheFileDirectoryPath -like 'E:\')-or($CacheStatus.DataCache.CacheFileDirectoryPath -like 'E:\')) {     Set-BCDataCacheEntryMaxAge -TimeDays 10     Return "Already Moved" } elseif ((Get-Volume -DriveLetter E).FileSystem -ne "NTFS") {     # Set Cache Sizes     get-bchashcache | set-bccache -Percentage 2 -Force -Confirm:$false     get-bcdatacache | set-bccache -Percentage 1 -Force -Confirm:$false     Set-BCDataCacheEntryMaxAge -TimeDays 10     Return "Destination Not NTFS" } else {     #Create New Directories ...

Greetings folks Here is another bit you might find fun and exciting. You ever have the need to setup/modify apps to allow download from neighbors (that little drop down box, not the check box for default boundary). Then you are in luck. Take a look at the following $OutFileName = "C:\EnterLogNameHere.log" $AllApps = Get-CMApplication $Agent99 = $AllApps | Where-Object {$_.LocalizedDisplayName -like "*IfYouWantToLimitIt*"} foreach($appType1 in $Agent99) { $allTypes1 = Get-CMDeploymentType -ApplicationName $appType1.LocalizedDisplayName forEach($appType in $allTypes1) { If ($appType.Technology -contains "MSI") { #"MSI" $appType.LocalizedDisplayName +";"+ $appType.Technology +";"+ "Updated to Download" | Out-File $OutFileName -Append Set-CMMsiDeploymentType -ApplicationId $appType1.CI_ID -DeploymentTypeName $appType.LocalizedDisplayName -SlowNetworkDeploymentMode Download      } elseif ($appType....

In general I don't recommend anyone do this unless you have to. Especially in environments where a user has more than one machine. Now I know you're thinking 'why not just target users' well that is a good question. In this case I needed to add an exclude collection to the machine collection to prevent installation on certain machines. But if you ever find yourself in such a predicament. Here you go. select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SYSTEM_CONSOLE_USER on SMS_G_System_SYSTEM_CONSOLE_USER.ResourceID = SMS_R_System.ResourceId inner join SMS_R_User on SMS_R_USER.UniqueUserName = SMS_G_System_SYSTEM_CONSOLE_USER.SystemConsoleUser Where SMS_R_User.UserGroupName = "Domain\\ADGroup"

As many of you who might be running a SCCM/Intune hybrid scenario for MDM will have learned. There are a few to many certificates in use between NDES, Intune, Wifi Profiles, VPN profiles, and well anything else that may have a cert buried in it. We had an instance were the NDES wasn't handing out the certs for WiFi and VPN profiles. However it was handing out the base communication certificate so phones could sync correctly. This was one of those head scratchers on our park, but if you know where to look it makes sense. Problem is (at least in my opinion) there is a lack of useful documentation and the logging leaves a little to be desired. Therefore, I'm going to give a bit about our journey and hopefully help some of you folks out if you run into something similar. When we were notified of this issue, we started to look at the usual logs, you know CRP.log NDESPlugin.log those types of things. First thing you will notice is that the CRP.log will show the same message ove...

Greetings fellow admins! Here is another good one that I spent a few hours digging into WMI and SMSProv verbose logging. Plus some random WMI class calls. Hopefully this will help you fill in somethings missing from the SDK/MSDN documentation. $wmidate = new-object -com Wbemscripting.swbemdatetime $date = get-date -format g $wmidate . SetVarDate( $date , $true ) [ void ] ( $thisInstance = ( [ wmiclass ] " \\localhost\root\sms\site_COP:SMS_ActionAccountResult " ) . createinstance() ) [ void ] ( $thisInstance . ActionID = 1 ) [ void ] ( $thisInstance . StartTime = $wmidate . value) [ void ] ( $thisInstance . Put()) $date = get-date -format g $wmidate . SetVarDate( $date , $true ) [ void ] ( $thisInstance = ( [ wmiclass ] " \\localhost\root\sms\site_COP:SMS_ActionAccountResult " ) . createinstance() ) [ void ] ( $thisInstance . ActionID = 2 ) [ void ] ( $thisInstance . ActionData = 'syncType,fullSyn...

Well came across another interesting one today. We had an OSD package that wasn't working in run from dp. Ended up being an issue very similar to the issue that occurs if you have a pull dp under a secondary site. Based on some talks with support on the other issue, here is a handy query to identify the issue. You can also give this query and the results to CSS to help them resolve your issue faster. -- Broken Packages select cdpm.SiteCode, ContentID,ServerName,AccessType,URL,URLSubPath,URLProtocol,vpkg.Name from ContentDPMap as cdpm join v_Package as vpkg on vpkg.PackageID = cdpm.ContentID where cdpm.AccessType = 2 --UNCProtocol and cdpm.URLSubPath = '\' --Packages with issues only have a '\' and vpkg.PkgFlags = (vpkg.PkgFlags | 0x80) --Limit to only show packages with the 'Copy To Package Share' flag set Now for the !!!!!!DON'T TRY THIS AT HOME (Production)!!!!!! section. I recommend that you contact CSS but to help point them in the right ...

Howdy Folks This post is a holiday slice of pie. Today we focus on triggering update(s) that are deployed to a machine. Now for the pie filling. Triggering an update scan on a client: ([wmiclass]'ROOT\ccm:SMS_Client').TriggerSchedule('{00000000-0000-0000-0000-000000000113}') Trigger install of all updates: ([wmiclass]'ROOT\ccm\ClientSDK:CCM_SoftwareUpdatesManager').InstallUpdates() Here is a nice addition if you only want to install specific update(s) you just have to modify the select statement: ([wmiclass]'ROOT\ccm\ClientSDK:CCM_SoftwareUpdatesManager').InstallUpdates([System.Management.ManagementObject[]] (get-wmiobject -query 'SELECT * FROM CCM_SoftwareUpdate' -namespace 'ROOT\ccm\ClientSDK')) If you would like to see if there are updates applying, if true they are running: $CCMUpdate = get-wmiobject -query "SELECT * FROM CCM_SoftwareUpdate" -namespace "ROOT\ccm\ClientSDK" if(@($CCMUpdate | where { ...

Greetings Follow Professionals We had an interesting one when updated from SQL 2012 to SQL 2014 and SSRS reports. We found that it didn't break all reports just some. Anyways a teammate of mine found the following blog post that ended up addressing and fixing our issue.  I just wanted to share it so that others are aware. https://ronnydejong.com/2013/05/23/reporting-service-point-rsp-broken-after-upgrading-sql-server-2012-sp1-sysctr/ The just of it is updating the path in the rssrvpolicy.config file to point to the new SSRS directory and to copy the srsresources.dll file to the new directory.

Welcome to Part 3 of this 3 Part Series. In this portion we will discuss actually using the data that you created in 2 of this series. Now there are a few ways you can do this, you can create a SSRS report, or a Excel spreadsheet with datalinks, or create a Power BI report. My teammate opted for the Power BI Report which I have included the report file that you can download. There are a couple of variables in it that will need to be updated so that it connects to the database and data that we created in this series. Here is a download of the Power  BI Report file  in order to open the file you will need Power BI Desktop which is free from Microsoft. Just go to the Edit Queries and add your information. If you use Power BI you can get a nice colorful report looking something like the following: If you don't want to mess with Power BI or you have your own preferred way of creating reports. Here are the queries used in the Power BI file that loads t...

Welcome to Part 2 of this 3 Part Series. In this portion we will discuss building the data that you need for part 3 of this series. This is where things will get a bit confusing but I will try to make it make sense. A couple of points to remember upfront: All variables used in the WHERE statements are LIKE clauses. Examples shown are setup to handle an application deployment that is using more than one collection. Where you see [ ] fill in with your environment information These steps are designed to be used in a SQL Job and ran on a schedule, however I recommend running manually while you make sure everything is working as it should first. Step #1 - Update the vAppDeploymentResultsPerClient table USE [INSERT DB NAME HERE] DECLARE @AppName varchar(max) DECLARE @CollectionName1 varchar(max) DECLARE @CollectionName2 varchar(max) SET @AppName = '[ApplicationName]' SET @CollectionName1 = '[CollectionName]' SET @CollectionName2 = '[CollectionName]...

Welcome to Part 1 of this 3 Part Series. In this portion we will discuss the groundwork that will be used in part 2 and 3 of this series. It is recommended to do all this in a database that is not the CM database. Ideally you would have a database just for this (and on a different server, like say a dedicated reporting point). If you use a different server than the one containing your CM database. You will need to setup a Link Server for the queries to get data from the CM database. Now for the why are we doing this? Well this stemmed from one of my teammates getting tired of running the same queries over and over again for a project. Part 2 of this series will focus on the portion that can be turned into jobs that can run on a schedule. Part 3 will focus on giving a nice and pretty report that can be used for your own desires or to show others who like pretty colors. Setting up your tables: Below is the SQL required to setup the tables and view that will be used in part 2 an...

Hello fellow admins! As you can guess from the title, this post is dealing with a SCCM/Intune hybrid environment scenario. If you are in a hybrid environment you have probably noticed that using Apple DEP is a bit different than just using the Portal app on the phone. With that said, if you happen to be lucky enough to be able to delegate the mobile device management to another group. Then you will have probably also noticed that you can't limit security permissions below full admin if you want them to be able to assign devices to DEP. Well have no fear, here is a nifty bit of powershell that you can setup to run on a schedule (hint: think CI). This handy script will lookup mobile devices and then assign them. Basically it does what this dialog does. Now to the nitty gritty. First off I recommend you familiarize yourself with the MSDN technical documentation for the method  UpdateProfileIDForDevices , however what this documentation doesn't tell you is where the heck do...

Hello folks Have you ever thought "There's got to be an easier way than doing 100 at a time" when you are choosing software to upload to MSFT for AI identification? Well then you are in luck for here is a little something to make it easier on you. *Common note, please make sure you control how many you do. Otherwise you will probably overload things. Get the AI Software objects that are unknow. $wsql = "Select * from SMS_AISoftwareList Where State = 4" $output = Get-WmiObject -Query $wsql -Namespace "root\sms\site_code" -ComputerName "YourServer" Then just add your logic for looping the update. foreach ($app in $output) {    ([wmiclass]'\\YourServer\root\sms\site_code:SMS_AISoftwareList').SetCategorizationRequest($app.SoftwareKey)   } Now you can just sit back and watch the provider log roll. However it is a better idea to only do the apps that you know need to be uploaded. So you can add items to your query to remove...

Found a really neat blog from another blog that I found really neat and useful. I recommend you give it a read. From how he is doing it, you could easily combine it with a script that reads from another server/update group and use it to "copy" the update setup/deployment from one to another. Great idea for handling your test/dev machines. Give it a read at: http://www.dexterposh.com/2014/06/powershell-sccm-2012-automate-patching.html

Greetings everyone! If you are following in my footsteps of exposing the App Catalog web services. Here are a few tibbits that could help you keep your services exposed. Create a CI and use the following in the detection method. $registryPath = "HKLM:\Software\Microsoft\SMS\PORTALWEB" $registryName = "PortalPath" $key = Get-ItemProperty -Path $registryPath -Name $registryName $FilePath = $key.PortalPath+"\default.aspx" $ConfigFile = $key.PortalPath+"\web.config" $WebConfig1 = [System.IO.File]::ReadAllText($ConfigFile) $WSDLVisble = $WebConfig1.Contains("<!--<remove name=""Documentation"" />-->") -or $WebConfig1.Contains("<!--<remove name=""Documentation""/>-->") -or (!($WebConfig1.Contains("<remove name=""Documentation"" />"))) Remediation (if you choose to be so brave). $registryPath = "HKLM:\Software\Micr...

So it has been a while since I've posted. Here is something a bit nifty for you. Have you ever needed to programmatically start (or restart) an individual thread in SCCM and you don't want to mess with the Service Control GUI in the console? Well here is a nifty little script for you. You can also find the thread status in that same registry location. ----------------------------------- param( [string] $thread = "SMS_DMP_DOWNLOADER", [string] $action = "Start" ) $registryPath = "HKLM:\Software\Microsoft\SMS\Components\SMS_Executive\Threads\$thread" $registryName = "Requested Operation" #$key = Get-ItemProperty -Path $registryPath -Name $registryName Set-ItemProperty -Path $registryPath -Name $registryName -Value $action --------------------------------

Here is another take on the creating of prestaged content and extracting content from one of my teammates. He did state that it does require Powershell 3 and higher to run. Also to note the extract content script will delete the prestage files once they have been extracted, however you can change the comments around and it will just move them to a done folder instead of deleting them. The extract content one uses the extract folder parameter instead of the actual file name to get around the character limit on a the parameter length. Prestage All Content if ([Environment]::Is64BitProcess) {Read-Host "This must be run from 32-bit Powershell";exit} $SiteCode = "PRI" $Server = "PrimaryServer" $DP = "DistributionPointServer" $FolderToSaveTo = "C:\PrestageContent" Import-Module "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1" #$Overwrite = $true $Overwrite = $false $N...

This may or may not be something that you would commonly see in your environment. We only see it occasionally but it used to be a pretty common problem. One of my teammates found a technet forum post that addressed this specifically. Pretty interesting read if you are fighting this issue on a particular client. https://social.technet.microsoft.com/Forums/en-US/1569e1e2-91bc-435d-8998-beb817d5b453/waiting-for-user-logon?forum=configmanagergeneral Here is the meat and potatoes of the forum discussion. $CITask = get-wmiobject -query "select * from CCM_CITask where TaskState != ' PendingSoftReboot' AND TaskState != 'PendingHardReboot' AND TaskState != 'InProgress'" -namespace root\ccm\CITasks if ($CITask -ne $NULL) { $CITask | remove-wmiobject -Whatif $CITask | remove-wmiobject } ELSE { "CCM_CITasks is empty. Nothing to do" }

I found this script a while back when we were doing some reporting server migrations. Not sure how useful you might find this script as it is a bit dated and I'm sure there are newer calls that can be done to accomplish the same feat. #note this is tested on PowerShell v2 and SSRS 2008 R2 [void][System.Reflection.Assembly]::LoadWithPartialName("System.Xml.XmlDocument"); [void][System.Reflection.Assembly]::LoadWithPartialName("System.IO"); $ReportServerUri = "http://ServerName/ReportServer/ReportService2005.asmx"; $Proxy = New-WebServiceProxy -Uri $ReportServerUri -Namespace SSRS.ReportingService2005 -UseDefaultCredential ; #check out all members of $Proxy #$Proxy | Get-Member #http://msdn.microsoft.com/en-us/library/aa225878(v=SQL.80).aspx #second parameter means recursive $items = $Proxy.ListChildren("/", $true) | `          select Type, Path, ID, Name | `          Where-Object {$_.type -eq "Report"}; #create a ...

A simple little script to refresh content on a DP. The script uses a list of PackageIDs (yes even applications have a package id). The script also uses part of the DP server name to identify it. Import-Module -Name "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\ConfigurationManager.psd1" cd DEV: $a = Get-Content "i:\temp\temp.txt" foreach ($i in $a)     {       $distpoints = Get-WmiObject -Namespace "\\bvlsccmcas\root\SMS\Site_CAS" -Query "Select * From SMS_DistributionPoint WHERE PackageID='$i' AND ServerNALPath like '%PER%'"     foreach ($dp in $distpoints)          {                  $dp.RefreshNow = $true                  $dp.Put()          }     }