Showing posts from 2021

Temp Local Admin through MECM Run Script

You’re a Config Manager administrator but your user account doesn’t have local administrator rights on any of the computers you have to support. What now?! If only you had access to an enterprise management tool that could run a PowerShell script on any computer it manages. Yeah, I went there. Download Script: I wrote a script to add a user to the Administrators group on a computer for a variable time period. When time expires, a scheduled task runs once to remove the user from the Administrators group and 10 seconds later the scheduled task self-destructs in a scene only topped by Tom Cruise in Mission Impossible. When you run the script, an event is logged in the event viewer and a Teams channel is notified using a Teams web hook. DISCLAIMER:   This method of adding a local administrator is far from secure. Unless you have Group Policy or some other tamper resistant 3 rd party tool managing your Administrator group, your “temporar

MECM Client Diagnostic Logs

Have you ever wanted to look at MECM client logs for a remote system? If your organization follows security best practices, it can be a challenge just to navigate to the C$ share on a system and access the CCM logs folder. Check out the little-known Client Diagnostics > Collect Client Logs right click option in the MECM console. It will use the Client Notification fast channel (near real-time) in MECM to collect the contents of %windir%\ccm\logs along with some basic diagnostic data about the system. The MECM client zips up the logs and diagnostic data and sends it to the MP. To view the logs you just have to right click on the device, go to Start, and click on Resource Explorer. The Diagnostic Files section of Resource Explorer will show any recent log/diagnostic collection data. Collecting Client Diagnostics & Logs Open the MECM console and go to Assets and Compliance\Overview\Devices. Right click on a Device (1), go to Client Diagnostics (2), and click on Collect Client Logs

Config Manager Reporting & The Ultimate Computer Inventory Report

Have you ever wanted to make your own reports in Config Manager but just not had the time to dive in? Me too, but finally I forced myself to sit down and dive in. I'm working on a project right now where we are doing an available application deployment by device, but we want to be able to nag our users by email if they haven't done it yet. So how do you turn a device into an email address? I decided to make a custom report that shows me a list of all machines in a collection and then gives me some key info, but most importantly it gives me the top console user and their email address. Our user discovery brings in the "mail" attribute for users so this information is already stored in our Config Manager database. If you don't want to build it on your own, skip to my GitHub and download the RDL. Part 1:  The SQL Foundation The first step to building your own reports is to open up SQL Server M