BritV8

CMPIVOT 101

Posted on February 18, 2021 by BritV8Admin Leave a comment

CMPivot is a tool in MEMCM (SCCM) that is under-rated or misunderstood by people. Its power is amazing, due to the fact it can live query machines in a collection, that are online, but also where devices are offline, use last known information from the MEMCM database

It uses the Kusto Query Language, so if you are familiar with basic SQL queries you can use this cheatsheet here https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/sqlcheatsheet

If you are familiar with PowerShell then you recognise the Pipe operator | taking the output from one “cmdlet” and piping it to the next “cmdlet”

The following example shows how you can use two queries and join them and then only select the columns you want. So were are getting the Firmware information from each device where secureboot is false

then joining that information to the computersystem information

Then we are projecting the resultant object to only deliver 5 columns -device,Manufacturer,Model,Secureboot,UEFI.

Project is similar to SELECT in SQL or Select-Object in PowerSshell

Firmware | where SecureBoot == false | join (computersystem )| project device,Manufacturer,Model,Secureboot,UEFI

Here are some links on how to use the admin service to code these queries using powershell.

You can call CMPivot from the ConfigMgr Admin Service.

https://www.asquaredozen.com/2019/02/12/the-system-center-configuration-manager-adminservice-guide/

Here’s a post that goes into how you can query CMPivot over CMG. https://www.asquaredozen.com/2019/06/18/configmgr-1906-technical-preview-testing-cmpivot-over-cmg-using-adminservice/

Adam has a bunch of (somewhat working) scripts that you can see examples of usage for AdminService

https://github.com/AdamGrossTX/PowershellScripts/tree/master/ConfigMgr/AdminService

Enabling Flash Player after 12th January 2021

Posted on January 12, 2021 by BritV8Admin 6 Comments

To enable flash you need to configure the flash player via a config file.

Powershell – Parameter switching on command line

Posted on November 12, 2020 by BritV8Admin Leave a comment

So you want to have the parameters for your command line change depending on the parameters you select

MEMCM 1910 – Windows 7 ESU update causes Client to fail WARNING: Failed to evaluate Installed rule hr = 80041010

Posted on October 20, 2020 by BritV8Admin 1 Comment

Rolling out the Windows 7 ESU went pretty well for the majority of the 3,000 Win7 Clients we had (ever decreasing with a Windows 10 rollout).

Suddenly in MEMCM 1910 (SCCM) I had an increase in non compliant Windows 7 devices and KB4575903 was not installing.

DHCP – Powershell – Migrate DHCP Scope Leases

Posted on September 23, 2019 by Dean Leave a comment

This simple script shows you how to migrate a scopes leases from one DHCP server to another,disable the old scope and enable the new one Continue reading…

SCCM – Office 2016 updates install , but Windows 10 OS ones do not

Posted on July 15, 2019 by BritV8Admin Leave a comment

You know how it is, Windows 7 is going EOL, you have had a bit of Windows 10 in play, starting at 1511 and upgraded last year to 1703 and you looking at rolling out 1809 and getting off Windows 7 before January 2020. You have thousands of Windows 7 devices and 50 – 100 Windows 10 mobile devices that you have been piloting with Windows 10, they are well less that the margin of error for devices with faulty Windows Update or SCCM Clients

So now your starting to roll out more devices and your finding that Windows Updates on Windows 10 is not working. Why?

SCCM – How do I Setup SCCM Properly for Windows Updates

Posted on July 15, 2019 by BritV8Admin Leave a comment

Ok so how does the new dangled Dual Scan functions work. For what matter – how does Microsoft Updates work in Windows 10 1607 and higher??

Powershell – Solarwinds – Get Devices Connected to Switch Ports

Posted on May 7, 2019 by BritV8Admin Leave a comment

To get powershell access to Solarwinds Orion you need to install the SDK

https://github.com/solarwinds/OrionSDK

The powershell module installed is

SWISPowershell

The best way to visually see what you are getting back is to first use SWQL Studio that in installed on your device when you install the SDK

Here is some example powershell code to get back the device and what switch port it is on

#Solarwinds Server
$SolarwindsServer = "SolarwindsServer"
#Username password is a local username password for Solarwinds
$SolarwindsUser = Read-Host -Prompt "Username"
$Password = Read-Host -Prompt "Password"
$swis = Connect-Swis -UserName $SolarwindsUser -Password $Password -Hostname $SolarwindsServer

#Get Connected devices, what port and switch they were connected to and when last seen
Get-SwisData $swis 'SELECT LastSeen, MACAddress, RawMAC, AdministrativeStatus, OperationalStatus, PortType, NodeAccessPoint, ClientSSID, NodeStatus, NodeStatusIcon, PortIcon, IPAddress, PortDescription, PortName, HostName, VendorIcon, ShutdownIcon, MACVendor, EndpointID, IsWireless, IsRWCommunityDefined, NodeID, PortID, MacUrl, PortUrl, APUrl, HostNameUrl,
                    MEMBERS.ContainerID, MEMBERS.MemberPrimaryID, MEMBERS.MemberEntityType, MEMBERS.Name
                    FROM Orion.UDT.MACCurrentInformation UDT
                    JOIN Orion.ContainerMembers MEMBERS   ON UDT.NodeID = MEMBERS.MemberPrimaryID
                    '

#Get Container(group)members returns nodes and the container they are in
Get-SwisData $swis 'SELECT ContainerID, MemberPrimaryID, MemberEntityType, Name, Status, MemberUri, MemberAncestorDisplayNames, MemberAncestorDetailsUrls, EntityDisplayName, EntityDisplayNamePlural, FullName, DetailsUrl,ContainerMembers.Container.Displayname AS ContainerName
                         FROM Orion.ContainerMembers

Powershell – List SCCM Duplicates

Posted on April 24, 2019 by BritV8Admin Leave a comment

This is a simple script to list all the SCCM objects that have duplicate names

SCCM – Fixing SUP Memory Issues

Posted on November 28, 2018 by BritV8Admin Leave a comment

Basically , as my dad would say, WSUS has got its knickers in a knot, as by default the application pool is limited to RAM.

It needs a heeeeeeeeaaaaaaaaaaaaap of RAM and time for it to run to unravel it’s self.

Plus it needs a bunch of reconfiguration of the app pool as listed below

After that you will then be able to see what amount of ram it needs on a day to day basis

Increase temporarily the RAM on the server.

When I say increase give it 2 or 3 times the RAM.

Un-limit the memory used by the AppPool (Private memory limit = 0)

The rest of this is stolen from here

https://blogs.msdn.microsoft.com/the_secure_infrastructure_guy/2015/09/02/windows-server-2012-r2-wsus-issue-clients-cause-the-wsus-app-pool-to-become-unresponsive-with-http-503/

1. On your WSUS Server, launch the IIS Manager

2. Open Application Pools

3. Right click ‘WsusPool’ and select ‘Advanced Settings…’

4. To support the maximum SCCM Software Update Point clients, change ‘Queue Length’ from the default 1,000 to 25,000

5. Change ‘”Service Unavailable” Response Type’ from the default HttpLevel to TcpLevel

6. Change ‘Failure Interval (minutes) from the default 5 to 30

7. Change ‘Maximum Failures’ from the default 5 to 60

8. Click ‘OK’ to save the App Pool changes

9. Recycle the application pool.

10. If the memory is not reduced : Restart the WSUS Administration Website

11. If the memory is not reduced : Restart the World Wide Web Publishing Service

Monitor, but eventually after a few days you should not see the “new normal” for the RAM required for the application pool to run

Then after a week reduce the memory to the new normal