Get-ITGuy

 ‘Twas the night before #MMSMOA, when all thro’ the house, all sorts of nerdy creatures were stirring, especially a mouse. Hundreds of lucky attendees and speakers were giddy with excitement. What will we learn? Who will we meet? For some it’s their first time, for others it’s a family reunion. But one thing is certain. This is the biggest tech event of the year for all things endpoint management. A huge thank you to all the sponsors for making this event happen, especially Patch My PC for their continuous support of our profession and for their commitment to making the best damn patching product you could ever ask for! Let’s cut to the chase. DON’T F***ING TEST IN PRODUCTION THIS WEEK!!! You’ll make a lifetime of connections at an event like this, and you’ll also see a lifetime of shiny cool tricks all in 4 jam packed days of beer drinking and learning. USE A LAB! This week does not need to be a resume generating week. And if you’re not at MMS, you should still setup a lab just so

It’s time for another back to the basics on Application building in MECM. You’re getting ready to create an Application in MECM. Said Application requires that a specific Windows Feature is enabled. I know I could use PowerShell App Deployment Toolkit or even a small custom PowerShell script to handle enabling the feature and running the install, but in this case I don’t want the Application to install if a particular Windows Feature is not enabled. To do this, I’m going to create a Custom Global Condition to detect if the Windows Feature in question is enabled. Open your MECM console and go to \Software Library\Overview\Application Management\Global Conditions. Click on Create Global Condition on the ribbon. Give your Global Condition a name that makes sense for your environment. Put in a quick description of what it checks for. Device type is Windows and Condition type is Setting . Setting type is Script and Data type is String . Click the Add Script button . For the Script

You’re a Config Manager administrator but your user account doesn’t have local administrator rights on any of the computers you have to support. What now?! If only you had access to an enterprise management tool that could run a PowerShell script on any computer it manages. Yeah, I went there. Download Script:  https://github.com/rudybankson/Temp-Local-Admin I wrote a script to add a user to the Administrators group on a computer for a variable time period. When time expires, a scheduled task runs once to remove the user from the Administrators group and 10 seconds later the scheduled task self-destructs in a scene only topped by Tom Cruise in Mission Impossible. When you run the script, an event is logged in the event viewer and a Teams channel is notified using a Teams web hook. DISCLAIMER:   This method of adding a local administrator is far from secure. Unless you have Group Policy or some other tamper resistant 3 rd party tool managing your Administrator group, your “temporar

Have you ever wanted to look at MECM client logs for a remote system? If your organization follows security best practices, it can be a challenge just to navigate to the C$ share on a system and access the CCM logs folder. Check out the little-known Client Diagnostics > Collect Client Logs right click option in the MECM console. It will use the Client Notification fast channel (near real-time) in MECM to collect the contents of %windir%\ccm\logs along with some basic diagnostic data about the system. The MECM client zips up the logs and diagnostic data and sends it to the MP. To view the logs you just have to right click on the device, go to Start, and click on Resource Explorer. The Diagnostic Files section of Resource Explorer will show any recent log/diagnostic collection data. Collecting Client Diagnostics & Logs Open the MECM console and go to Assets and Compliance\Overview\Devices. Right click on a Device (1), go to Client Diagnostics (2), and click on Collect Client Logs

Have you ever wanted to make your own reports in Config Manager but just not had the time to dive in? Me too, but finally I forced myself to sit down and dive in. I'm working on a project right now where we are doing an available application deployment by device, but we want to be able to nag our users by email if they haven't done it yet. So how do you turn a device into an email address? I decided to make a custom report that shows me a list of all machines in a collection and then gives me some key info, but most importantly it gives me the top console user and their email address. Our user discovery brings in the "mail" attribute for users so this information is already stored in our Config Manager database. If you don't want to build it on your own, skip to my GitHub and download the RDL. https://github.com/rudybankson/MECM-The-Ultimate-Computer-Inventory-Report Part 1:  The SQL Foundation The first step to building your own reports is to open up SQL Server M

Have you ever needed to get a really fast real-time look at if a service is running on a set of servers or workstations? Open CMPivot against a collection, type in your query, and send it. Seconds later you get real-time answers to your query for any online device. Queries for CMPivot run on 42 devices at once, until all devices you're querying have responded.  The last time my organization did server updates, I (and a trusty super awesome coworker) had to verify if a couple of SQL services were running on a small collection of servers. As we were manually checking these one by one, I came up with the idea that it would be incredibly helpful to use CMPivot.  The below query in CMPivot will return all devices where a SERVICE with the name containing SQL is NOT RUNNING and the service's start type is AUTO. In other words, if a service with SQL in the same is supposed to be automatically running and it's not, this query tells us. Service | where Name contains 'sql'