Blog Post

Intune Customer Success
2 MIN READ

Generate & gather Windows 10 MDM client logs and diagnostics

MattShadbolt's avatar
MattShadbolt
Icon for Microsoft rankMicrosoft
Dec 27, 2019

By Matt Shadbolt (@ConfigMgrDogs) | Senior Program Manager, Intune, Microsoft Endpoint Manager

 

When troubleshooting Windows 10 MDM in Microsoft Endpoint Manager, there's a handful of client logs and diagnostic information that are super helpful for the vast majority of situations.


Often, we'll go back-and-forth between support and our customers asking for pieces one-by-one. To make it a little easier for all involved, I've written a very simple PowerShell script that will gather a bunch of helpful info in one go.


It will generate a new MDMDiag report, dump PolicyManager from registry, export some event logs, and pull a bunch of DeviceManagement details including things like OS SKU and version information. It wraps all of this up into a ZIP file making it easy to dig a little deeper, or just send to us.

 

 

 

 

 

#
# run me as a local admin, please 
#

$regKeys = 'HKLM\Software\Microsoft\PolicyManager'
$tempFolder = 'c:\temp\MEMLogs'
$regOutput = 'c:\temp\MEMLogs\PolicyManager.reg'
$timestamp = get-date -f yyyy-MM-dd-HHmmss

# temp folder
If(!$(Get-Item $tempFolder)) {mkdir $tempFolder }

# reg file
$regKeys | % {$i++ 
& reg export $_ "$tempFolder\$i.reg"}
Get-Content "$tempFolder\*.reg" | ? {$_ -ne 'Windows Registry Editor Version 5.00'} | Add-Content $regOutput
Remove-Item "$tempFolder\*.reg" -Exclude "PolicyManager.reg"

# DM info
Get-ChildItem -Path HKLM:SOFTWARE\Microsoft\Enrollments -Recurse | where{$_.Property -like "*UPN*"} | Out-File "$tempFolder\MDMRegistration.txt"
Get-ChildItem -Path HKLM:SOFTWARE\Microsoft\Enrollments -Recurse | where{$_.Property -like "*EntDMID*"} | Out-File -Append "$tempFolder\MDMRegistration.txt"

# event logs 
Copy-Item -Path "$env:SystemRoot\System32\Winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Admin.evtx" -Destination $tempFolder
Copy-Item -Path "$env:SystemRoot\System32\Winevt\Logs\Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%4Operational.evtx" -Destination $tempFolder

# computer info
Get-ComputerInfo | Out-File "$tempFolder\$env:COMPUTERNAME.txt"

# MDMDiag 
Start-Process MdmDiagnosticsTool.exe -Wait -ArgumentList "-out $tempFolder\MDMDiag.html" -NoNewWindow

# compress & cleanup
Get-Item -Path $tempFolder\*.* -Exclude "*.zip" | Compress-Archive -DestinationPath "$tempFolder\MEMLogs_$timestamp.zip"

Remove-Item -Path $tempFolder\*.* -Exclude "*.zip" 

 

 

 

 

 

 

It's certainly not anything ground breaking, but I hope you find it a little helpful while trying to troubleshoot Windows client issues. If there's anything else you often gather for troubleshooting, let me know and I'll add it to the script. 

 

 

Updated Dec 19, 2023
Version 8.0
  • It's easier to just run "MDMDiagnosticsTool.exe -area DeviceManagement -cab c:\mdmlogs.cab" or "MDMDiagnosticsTool.exe -area DeviceManagement -zip c:\mdmlogs.zip" as the resulting file includes everything you specified and then some.  You can also use "MDMDiagnosticsTool.exe -area Autopilot -cab c:\autopilot.cab" or "MDMDiagnosticsTool.exe -area Autopilot-zip c:\autopilot.zip" to get both MDM and Autopilot logs at the same time.

  • ZebulonSmith's avatar
    ZebulonSmith
    Iron Contributor

    I think this demonstrates very well that there's some improvements that could be made to the troubleshooting tools available to a client managed by Intune.

     

    Any first line technician can remember "gpresult /R" to get a basic list of what policies are applied and "gpupdate" to check for new.

     

    With Intune, there's equivalent tools, but they require a bit more effort and knowledge to use. That's fine for higher tier technicians, but not so great for the entry level Helpdesk types.

  • thommck's avatar
    thommck
    Brass Contributor

    I had a go with 

    mdmdiagnosticstool -out c:\temp\MDM

     

    I was hoping to find the gpresult equivalent but it doesn't seem to show that

    • Is there a recommended guide/doc to interpret each section of the tools output?
    • How can a show the actual policy setting and if it applied to the device e.g.
      • I have an Intune ADMX policy to that should add URLs to Trusted sites list and I want to see those site URLs in the MDM report
      • I have configured BitLocker settings with Intune config policies and want to see what should be applied on my device in the report