system center configuration manager
59 TopicsConfiguration Manager AdminService duplicates
When I query data through the Configuration Manager AdminService, I am getting duplicates only when using the $top query option. An example would be: https://coolprisiteserver/AdminService/v1.0/Device?$select=MachineId,Name&$top=1000 For any given computer, there would be 10+ duplicates of the same computer and up to 24+ duplicates. If I take the MachineId from that list and just query it, I get 1 return result as expected: https://coolprisiteserver/AdminService/v1.0/Device(12467835) If I look at all of the devices like this, I see 1 instance for each computer: https://coolprisiteserver/AdminService/v1.0/Device Any way I can use the $top query option and not get these duplicates?248Views0likes0CommentsDisable Exclusive Mode for All Audio Devices via PS
Hi all 🙂 Currently I am working on a script that will disable Exclusive Mode for all audio devices in Windows 10. So far I created this script: $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\" Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -ErrorAction SilentlyContinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" "0" } When I ran it as administrator I can see that it can find requested value on all registry keys under: "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\" But scripts ends with permission denied error: PS C:\WINDOWS\system32> $Registry_Key = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\Audio\Capture\*\*\" Get-ItemProperty -path $Registry_Key -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" -ErrorAction SilentlyContinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-438e-9003-51a46e139bfc},3" "0" } Set-ItemProperty : Requested registry access is not allowed. At line:2 char:123 + ... tinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-43 ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (HKEY_LOCAL_MACH...073}\Properties:String) [Set-ItemProperty], SecurityException + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand Set-ItemProperty : Requested registry access is not allowed. At line:2 char:123 + ... tinue | % { Set-ItemProperty -path $_.PSPath -name "{b3f8fa53-0004-43 ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : PermissionDenied: (HKEY_LOCAL_MACH...3b4}\Properties:String) [Set-ItemProperty], SecurityException + FullyQualifiedErrorId : System.Security.SecurityException,Microsoft.PowerShell.Commands.SetItemPropertyCommand PS C:\WINDOWS\system32> So I know that at least the finding part is working properly. I created a script in MECM and deployed for test computer as the script should be ran with System Account permission and it ends with successful state but values are not being changed. Could someone share some advice regarding this case? Thanks Damian8.6KViews0likes3CommentsDevice registration in Co-Management - Error 0x8018002b
Hi All, I am a bit stumped as we have been experiencing issues getting devices into the co-managed state correctly on several of our machines. We did extensive testing on this several months ago and successfully joined 10-15 machines before refocusing our efforts on building out our policies. Machines are showing up in both EPM(Endpoint Manager) and AAD (Azure Active Directory) but have SCCM listed as the MDM authority in AAD. Image 1, Source AAD Image 2, Source EPM Interestingly on the users devices the co-management status is set to 1 we are unable to push apps such as the company portal down to the machine. This value is managed by the Co-Management sliders in SCCM and increases based on how much of the load is managed by Intune. Therefore currently Intune is not managing the device at all, despite it showing up in Intune as Co-Managed. All test cases of this are part of the Pilot collection in SCCM and all sliders are set to Intune Pilot. I have collected logs on all of the devices that have this issue and have noticed this error is present on all of them and users are not getting the MFA prompt to set up intune in the first instance. "Auto MDM Enroll: Device Credential (0x0). Failed (Unknown Win32 Error code 0x8018002b)" This leads me to believe that devices are using the incorrect credential (Device) to sign up for Microsoft EPM despite the following Policy. I have tried the below solutions to no success: Microsoft Solution Troubleshooting Windows device enrolment problems in Microsoft Intune - Intune | Microsoft Docs One of the following conditions should be the cause UPN Contains an unverified or non-routable domain, such as .local - Checked @edu address used MDM user Scope set to None - Checked, set to Some. User is in included group with licenses assigned Community Solution [SOLVED] Intune with AADJ - Cannot auto enrol - Azure Forum - Spiceworks Wait 12 hours… , Waited 48h no change Ensure MDM enrolment Group Policy uses user credential, not device - Checked, See image of Policy above It could be that i am missing something obvious but I would appreciate help finding that component :).6.7KViews0likes2CommentsNeed powershell script to update microsoft edge in wvd environment
> Need help in creating a powershell script to update Microsoft Edge in WVD environment ( VM's ) > OS : Windows 2019 Server Requirement steps: 1 - close all sessions in the WVD VM. 2 - launch Edge and open the About page 3 - close edge after a couple of mins and then update it 4. a lot of time through the edge browser is just pending a restart to finish installing it. So is there a way to also force it to check for an update to be included in the script.9.9KViews0likes3CommentsBug in Get-CMSoftwareUpdateDeploymentStatus cmdlet
When I run the Get-CMSoftwareUpdateDeploymentStatus cmdlet I get the following message; Get-CMSoftwareUpdateDeploymentStatus : Operation could not complete because the currently connected account does not have the required security rights to perform this operation. I have the Full Administrator role I can run Get-CMPackageDeployment -DeploymentId "XX12008C" | Get-CMPackageDeploymentStatus and Get-CMApplicationDeployment -DeploymentId "{9462...43F34}" | Get-CMApplicationDeploymentStatus both work flawlessly but I can't do the same for Software Updates I run the following command; Get-CMSoftwareUpdateDeployment -DeploymentId "{7047...d3fe}" | Get-CMSoftwareUpdateDeploymentStatus634Views0likes0CommentsRun Script from SCCM
I am a novice at PowerShell. I have a request to run a script from SCCM to install a list of printer drivers. Script is as follows... # Ricoh Universal Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Ricoh\Universal Print Driver ver4_27\disk1" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # Ricoh SP3410dn Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Ricoh\SP 3410DN\PCL6\DISK1" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # Ricoh SP3510dn Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Ricoh\SP 3510DN\PCL6\DISK1" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # Ricoh SPC232dn Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Ricoh\SP C232DN\PCL6\DISK1" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # HP T1300 Print Driver Get-ChildItem "\\server\d$\Print_Drivers\HP\T1300 PS Server 2016\win_x64_ps3_drv\win_x64_ps3_drv" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } # Zebra ZDesigner GX420t Print Driver Get-ChildItem "\\server\d$\Print_Drivers\Other\Zebra\ZD5-1-16-7110\ZBRN" -Recurse -Filter "*.inf" | ForEach-Object { PNPUtil.exe /add-driver $_.FullName /install } I can run this script locally on a machine & it runs fine, takes about 90 seconds to complete. When I create an application for it in SCCM & deploy it, its like it doesn't have time to complete the installs before PowerShell shuts down. Then the app shows as failed in Software Center. How do I make it wait to finish running the script before closing out PowerShell?3.9KViews0likes5CommentsPowerShell Automation for Verifying MST
Just finished putting together a script to Apply an MST to an MSI then read out the property table. This is for an automation process to verify a submited MSI and MST meet our packaging standards. Need a little sanity check as working with COM objects is not a strong point for me. Really want to make sure I am closing the files correctly after applying the transform then querying the database. I wasn't able to delete the temp files running in Powershell ISE until I did the ReleaseComObject. I didn't have to do that when working with the straight MSI and just pull the properties from it so I hope this is not corrupting any files. # Apply MST to an MSI # Based on Code from: https://hinchley.net/articles/update-cab-file-and-msi-transform-via-command-line/ $SourceMSI = "C:\Temp\MSI\MSI-x64.msi" $SourceMST = "C:\Temp\MSI\MSI.mst" $TempMSI = "$SourceMSI.tmp" $TempMST = "$SourceMST.tmp" Copy-Item $SourceMSI $TempMSI -Force Copy-Item $SourceMST $TempMST -Force $WindowsInstaller = New-Object -ComObject WindowsInstaller.Installer #Open the database in Direct read/write without Transaction (2) $MSIDatabase1 = $WindowsInstaller.GetType().InvokeMember('OpenDatabase' , 'InvokeMethod' , $Null, $WindowsInstaller, @($TempMSI, 2)) #$MSIDatabase1.applytransform($TempMST, 0) $MSIDatabase1.GetType().InvokeMember('ApplyTransform' , 'InvokeMethod' , $Null , $MSIDatabase1 , @($TempMST, 0)) $Query = ("SELECT Property,Value FROM Property") #Opens a data view to the MSI based on the query created. $View = $MSIDatabase1.GetType().InvokeMember('OpenView', 'InvokeMethod', $null, $MSIDatabase1, ($Query)) $null = $View.GetType().InvokeMember('Execute', 'InvokeMethod', $null, $View, $null) $hash = @{} # Add File information (Note this adds the full File information Porperties so can call with <Var>.File |Select * $hash.Add('File',$TempMSI) WHILE ($Record = $View.GetType().InvokeMember('Fetch', 'InvokeMethod', $null, $View, $null)) { $name = $Record.GetType().InvokeMember('StringData', 'GetProperty', $null, $Record, 1) $value = $hashMSIValue = $Record.GetType().InvokeMember('StringData', 'GetProperty', $null, $Record, 2) $hash.Add($name,$value) } # Push Hash table into a PSCustom object $msiProperties = [pscustomobject]$hash # I'm not sure If I have everything required to close out here properly from applying the transform. $null = $MSIDatabase1.GetType().InvokeMember('Commit' , 'InvokeMethod' , $Null , $MSIDatabase1 , $Null) $null = $view.GetType().InvokeMember('Close', 'InvokeMethod', $null, $view, $null) # Really important part to be able to release the opened files and delete $null = [Runtime.Interopservices.Marshal]::ReleaseComObject($view) $null = [Runtime.Interopservices.Marshal]::ReleaseComObject($MSIDatabase1) $null = [Runtime.Interopservices.Marshal]::ReleaseComObject($WindowsInstaller) [GC]::Collect()2.1KViews0likes0CommentsWSUS and Software updates deployment
Hello, Do you guys have any idea why our SCCM could not sync with WSUS and Deploy Software Updates? Here's the log I found from our SCCM and one of our PC. Your response will be greatly appreciated. WCM LOG System.Security.SecurityException: Request for principal permission failed.~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber)~~The Zone of the assembly that failed was:~~MyComputer SMS_WSUS_CONFIGURATION_MANAGER 24/05/2019 12:10:08 AM 7792 (0x1E70) Remote configuration failed on WSUS Server. SMS_WSUS_CONFIGURATION_MANAGER 24/05/2019 12:10:08 AM 7792 (0x1E70) WSYNCMGR LOG Sync failed: WSUS server not configured. Please refer to WCM.log for configuration error details.. Source: CWSyncMgr::DoSync SMS_WSUS_SYNC_MANAGER 24/05/2019 11:50:05 AM 7832 (0x1E98) STATMSG: ID=6703 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_SYNC_MANAGER" SYS=SCCMSVR.Domain.com SITE=ATC PID=3668 TID=7832 GMTDATE=Fri May 24 03:50:05.331 2019 ISTR0="CWSyncMgr::DoSync" ISTR1="WSUS server not configured. Please refer to WCM.log for configuration error details." ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_WSUS_SYNC_MANAGER 24/05/2019 11:50:05 AM 7832 (0x1E98) UPDATESHANDLER LOG CUpdatesAgent::FinalConstruct entered UpdatesHandler 24/05/2019 2:23:36 PM 10564 (0x2944) Initiating updates scan for checking applicability. UpdatesHandler 24/05/2019 2:23:36 PM 9088 (0x2380) Successfully initiated scan. UpdatesHandler 24/05/2019 2:23:37 PM 9088 (0x2380) Updates scan completion received, result = 0x0. UpdatesHandler 24/05/2019 2:24:01 PM 10564 (0x2944) Method (Discover) called from SDM. UpdatesHandler 24/05/2019 2:24:01 PM 10796 (0x2A2C) Starting job with id = {DCB79C1C-A1C5-4593-A175-044A5F35C3C0} UpdatesHandler 24/05/2019 2:24:01 PM 10796 (0x2A2C) Initiating Scan. Forced = (2) UpdatesHandler 24/05/2019 2:24:02 PM 10796 (0x2A2C) Successfully initiated scan for job ({DCB79C1C-A1C5-4593-A175-044A5F35C3C0}). UpdatesHandler 24/05/2019 2:24:02 PM 10796 (0x2A2C) Scan completion received for job ({DCB79C1C-A1C5-4593-A175-044A5F35C3C0}). UpdatesHandler 24/05/2019 2:24:11 PM 10564 (0x2944) Evaluating status of the updates for the job ({DCB79C1C-A1C5-4593-A175-044A5F35C3C0}). UpdatesHandler 24/05/2019 2:24:11 PM 10564 (0x2944) Successfully sent job ({DCB79C1C-A1C5-4593-A175-044A5F35C3C0}) success completion to the SdmAgent UpdatesHandler 24/05/2019 2:24:11 PM 9088 (0x2380) CompleteJob received from SDM. UpdatesHandler 24/05/2019 2:24:11 PM 10564 (0x2944) Complete - Job ({DCB79C1C-A1C5-4593-A175-044A5F35C3C0}) Cleanup. UpdatesHandler 24/05/2019 2:24:11 PM 10564 (0x2944) CompleteJob - Job ({DCB79C1C-A1C5-4593-A175-044A5F35C3C0}) removed from job manager list. UpdatesHandler 24/05/2019 2:24:11 PM 10564 (0x2944) SCANAGENT LOG *****ScanByUpdates request received with ForceReScan=2, ScanOptions=0x00000002, WSUSLocationTimeout = 604800 ScanAgent 24/05/2019 2:24:02 PM 10796 (0x2A2C) - - -Evaluating Update Status... ScanAgent 24/05/2019 2:24:02 PM 10796 (0x2A2C) Found CategoryID of :e6cf1350-c01b-414d-a61f-263d14d133b4 for Update:c2ea7fb3-7352-4b8b-9e54-4e06802ac7cc ScanAgent 24/05/2019 2:24:02 PM 10796 (0x2A2C) CScanAgent::ScanByUpdates - Found UpdateClassification e6cf1350-c01b-414d-a61f-263d14d133b4 for Update:c2ea7fb3-7352-4b8b-9e54-4e06802ac7cc ScanAgent 24/05/2019 2:24:02 PM 10796 (0x2A2C) Found CategoryID of :e6cf1350-c01b-414d-a61f-263d14d133b4 for Update:a970acb7-1129-4e94-9d1a-2e6045b0afc4 ScanAgent 24/05/2019 2:24:02 PM 10796 (0x2A2C) CScanAgent::ScanByUpdates - Found UpdateClassification e6cf1350-c01b-414d-a61f-263d14d133b4 for Update:a970acb7-1129-4e94-9d1a-2e6045b0afc4 ScanAgent 24/05/2019 2:24:02 PM 10796 (0x2A2C) Sources are current and valid. TTLs are also valid. ScanAgent 24/05/2019 2:24:02 PM 10796 (0x2A2C) Sources are Valid, so converting to Offline Scan. ScanAgent 24/05/2019 2:24:02 PM 10796 (0x2A2C) ScanJob({8389E6DE-91A8-4D67-9045-083EC041548B}): CScanJob::Scan- Requesting Offline Scan with last known location. ScanAgent 24/05/2019 2:24:02 PM 10796 (0x2A2C) Sources are current and valid. TTLs are also valid. ScanAgent 24/05/2019 2:24:02 PM 10564 (0x2944) ScanJob({8389E6DE-91A8-4D67-9045-083EC041548B}): CScanJob::Execute- Requesting scan with CategoryIDs=E6CF1350-C01B-414D-A61F-263D14D133B4,E6CF1350-C01B-414D-A61F-263D14D133B4 ScanAgent 24/05/2019 2:24:02 PM 10564 (0x2944) ScanJob({8389E6DE-91A8-4D67-9045-083EC041548B}): Scan Succeeded, setting flag that performed scan was catscan ScanAgent 24/05/2019 2:24:11 PM 9088 (0x2380) ScanJob({8389E6DE-91A8-4D67-9045-083EC041548B}): CScanJob::OnScanComplete - Scan completed successfully, ScanType=2 ScanAgent 24/05/2019 2:24:11 PM 9088 (0x2380) ScanJob({8389E6DE-91A8-4D67-9045-083EC041548B}): CScanJobManager::OnScanComplete -ScanJob is completed. ScanAgent 24/05/2019 2:24:11 PM 9088 (0x2380) ScanJob({8389E6DE-91A8-4D67-9045-083EC041548B}): CScanJobManager::OnScanComplete - Reporting Scan request complete to clients... ScanAgent 24/05/2019 2:24:11 PM 9088 (0x2380) - - -Evaluating Update Status... ScanAgent 24/05/2019 2:24:11 PM 10564 (0x2944) - - Calling back to client on Scan request complete... ScanAgent 24/05/2019 2:24:11 PM 10564 (0x2944) WUAHandler LOG OnSearchComplete - Failed to end search job. Error = 0x80244010. WUAHandler 24/05/2019 8:11:00 AM 1364 (0x0554) Scan failed with error = 0x80244010. WUAHandler 24/05/2019 8:11:00 AM 1364 (0x0554) Its a WSUS Update Source type ({123D2DFE-5D16-49B4-A734-B7298CF3DC91}), adding it. WUAHandler 24/05/2019 8:41:00 AM 984 (0x03D8) OS Version is 10.0.17134 WUAHandler 24/05/2019 8:41:00 AM 6588 (0x19BC)Solved8KViews0likes4CommentsCalculate Percent on Compliance SCCM Powershell by Device collection
I have a function that pulls compliance status of a software update deployment (assignment ID). I want to configure this to calculate percent of the status types (Success, Error, In Progress, Unknown) and I would also like to pull compliance status based on device collection name instead of the deployment ID as it is shown below. What I want to accomplish is automatically take a list of device collection names and run a software update deployment which organizes each collection by compliance percent (for each status), and then receive it by email every morning. I have several locations based on device collection, and I want to be able to differentiate which locations and devices are the problematic ones. This method makes tracking and reporting much easier and SCCM console will not have to be launched each individual time to get reporting. function Get-SCCMSoftwareUpdateStatus { [CmdletBinding()] param( [Parameter()] [switch] $DeploymentIDFromGUI, [Parameter(Mandatory = $false)] [Alias('ID', 'AssignmentID')] [string] $DeploymentID, [Parameter(Mandatory = $false)] [ValidateSet('Success', 'InProgress', 'Error', 'Unknown')] [Alias('Filter')] [string] $Status ) BEGIN { $Site_Code = 'ABC' $Site_Server = 'SYSTEMCENTERSERVERNAME' $HasErrors = $False if ($Status -eq 'Success') { $StatusType = 1 } if ($Status -eq 'InProgress') { $StatusType = 2 } if ($Status -eq 'Unknown') { $StatusType = 4 } if ($Status -eq 'Error') { $StatusType = 5 } } PROCESS { try { if ($DeploymentID -and $DeploymentIDFromGUI) { Write-Error "Select the DeploymentIDFromGUI or DeploymentID Parameter. Not Both" $HasErrors = $True throw } if ($DeploymentIDFromGUI) { $ShellLocation = Get-Location Import-Module (Join-Path $(Split-Path $env:SMS_ADMIN_UI_PATH) ConfigurationManager.psd1) #Checking to see if module has been imported. If not abort. if (Get-Module ConfigurationManager) { Set-Location "$($Site_Code):\" $DeploymentID = Get-CMSoftwareUpdateDeployment | select AssignmentID, AssignmentName | Out-GridView -OutputMode Single -Title "Select a Deployment and Click OK" | Select -ExpandProperty AssignmentID Set-Location $ShellLocation } else { Write-Error "The SCCM Module wasn't imported successfully. Aborting." $HasErrors = $True throw } } if ($DeploymentID) { $DeploymentNameWithID = Get-WMIObject -ComputerName $Site_Server -Namespace root\sms\site_$Site_Code -class SMS_SUMDeploymentAssetDetails -Filter "AssignmentID = $DeploymentID" | select AssignmentID, AssignmentName $DeploymentName = $DeploymentNameWithID.AssignmentName | select -Unique } else { Write-Error "A Deployment ID was not specified. Aborting." $HasErrors = $True throw } if ($Status) { $Output = Get-WMIObject -ComputerName $Site_Server -Namespace root\sms\site_$Site_Code -class SMS_SUMDeploymentAssetDetails -Filter "AssignmentID = $DeploymentID and StatusType = $StatusType" | ` select DeviceName, CollectionName, @{Name = 'StatusTime'; Expression = {$_.ConvertToDateTime($_.StatusTime) }}, @{Name = 'Status' ; Expression = {if ($_.StatusType -eq 1) {'Success'} elseif ($_.StatusType -eq 2) {'InProgress'} elseif ($_.StatusType -eq 5) {'Error'} elseif ($_.StatusType -eq 4) {'Unknown'} }} } else { $Output = Get-WMIObject -ComputerName $Site_Server -Namespace root\sms\site_$Site_Code -class SMS_SUMDeploymentAssetDetails -Filter "AssignmentID = $DeploymentID" | ` select DeviceName, CollectionName, @{Name = 'StatusTime'; Expression = {$_.ConvertToDateTime($_.StatusTime) }}, @{Name = 'Status' ; Expression = {if ($_.StatusType -eq 1) {'Success'} elseif ($_.StatusType -eq 2) {'InProgress'} elseif ($_.StatusType -eq 5) {'Error'} elseif ($_.StatusType -eq 4) {'Unknown'} }} } if (-not $Output) { Write-Error "A Deployment with ID: $($DeploymentID) is not valid. Aborting" $HasErrors = $True throw } } catch { } finally { if (($HasErrors -eq $false) -and ($Output)) { Write-Output "" Write-Output "Deployment Name: $DeploymentName" Write-Output "Deployment ID: $DeploymentID" Write-Output "" Write-Output $Output | Sort-Object Status } } } END {} }4KViews0likes10Comments