MSEndpointMgr

21 Days of MEM Tips

Last March, our own Sandy Yinghua challenged David James to a friendly competition of sharing the best tips and tricks for ConfigMgr. What resulted was a month’s worth of tweets from ConfigMgr team members and the community, highlighting useful tips and handy tricks.

Due to the popularity of event, the quality and quantity of tips, and the sheer amount of fun that was generated, we are doing again in 2020!

This year’s event is “21 Days of MEM Tips”, with the hashtag #21DaysOfMEMTips.

Starting on March 5th, feel free to post your best or favorite tips for anything related to Microsoft Endpoint Manager. These can include ConfigMgr, Intune, Autopilot, Community Tools, PowerShell, SQL, or whatever you think would be beneficial. When posting, please include the hashtag #21DaysOfMEMTips so your tip can be properly archived and attribution given.

Day 1

David James

attach #configmgr 2002.2 tp to Intune, so you can see ALL of your #memcm clients (including win7 and servers) in Intune!, and take (some) actions on them now… And do much more with them later (soon)!

Chris Buck

Enable Dynamic updates as it contains updated setup files needed for Your upgrades. Also make sure you set ignore dismissible compat warnings to boost your successes rate on IPU scenarios.

RyanH

Change your CMTrace highlight color to green, then use it to highlight something your’re troubleshooting for quicker log scanning.

Matt Toto

Quick filter your Site Systems based on Role by right-clicking Server and Site System Roles then selecting the role.

Martin Himken

Hey #21DaysOfMEMTips get into baselines. Since they can be used for conditional access in conjunction with co-management for O365. That gives you way more options!

Mr Wyss

Tip: run cmtrace without navigating to c:\windows\ccm, simply do WIN+R “ccm/cmtrace” ENTER. yes forward slash

Chris Shilt

Pin the Logs folder in Quick access to get, well, quick access to your logs folder. Makes it easier to traverse to other folders, like Inboxes, as well.

Steven M. Salter

If you accidentally decline an update in WSUS, for cleanup or error and then it ended up expired in ConfigMgr but need it back, set the approval to not approved, then perform a FULL SYNC. PoSH Sync-CMSoftwareUpdate -FullSync $True

Damien Solodow

If you aren’t using the DGA WSUS/SUP maint script, you probably should.

Cody Mathis

You can find things easier on Twitter by using twitter.com/search-advanced

Day 2

Adam Gross

Did you know that you can create folders under All Software Updates in the #MEMCM console? I randomly tried it the other day and it blew my mind. I was able to move all of extra Feature Updates into a folder to make it easier to find things.

Martin Bengtsson

Not a local admin, but device is managed with ConfigMgr? No problem – add yourself as local admin in a jiffy using #ConfigMgr scripts

Sune Thomsen

Forgot the local administrator password? No worries, just change it with the build in “Run Script” in #MEMCM

RyanH

Need to help someone find something in the console quickly? The address bar is can copied and pasted! Not sure how long I have over looked this..

Chris Buck

Use indexed views when building your collections. Nobody is happy with long evaluation times, in any size environment.

Garth Jones

Explaining how to use the previous tip

Merlin from Belgium

Do you use “powercfg /s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c” in OSD Task Sequences? #MEMCM 1910 introduced the High Performance mode in the TS properties tab. Instead of changing props for each TS, add a variable to OSD collections: TSHighPerfMode = True

Nathan J Bridges

If your MEMCM collection update takes an hour or more to update once you add a device to a collection, MAKE sure your SQL “TEMP” DB is NOT out of disk space. Once space was available collection update took 1 minute!

Jörgen Nilsson

Enabling strong authentication in ConfigMgr Admin Console

Fabian Szalatnay

Found a DT id in logs and wonder which app it is? Here’s my One-Liner:
Get-CMApplication ‘*’ | % {if (([xml]$_.SDMPackageXML).AppMgmtDigest.DeploymentType.LogicalName -eq ‘DeploymentType_28fd8bcd-31e8-4121-831a-79933a574982’ ) {$_.LocalizedDisplayName}}

Sune Thomsen

Is the trust relationship broken between the client and dc? No worries, fix it with “Run Script” or a CI from the #MEMCM console

Donna Ryan

“Letting it bake…”

Day 3 and Day 4 (weekend)

Donna Ryan

Do you want to install a Distribution Point on a Domain Controller?

Chris Buck

Default software update maximum run time is 60 minutes. When ConfigMgr calculates whether an update can install, it adds five minutes to the maximum run time to account for a restart. Remember this needs to fit within your MW

Madhu Sunke

Shortcuts on client PC to open directly CCM,CCMCache folders and configuration manager control panel applet rather navigating.
1. Windows +R – type CCM 2. Windows + R – type CCMCache. 3. Windows + R – type control smscfgrc

Chris Buck

Using USMT to move data to the SMP? take a look inside your MDT Toolkit for ZTIUserState.wsf. You see the estimated need on your local disk is 1.1x the size of data you are trying to capture needs to be available.

Day 5

Donna Ryan

Use F7 in CMD and “h” in PowerShell to display a list of previously typed commands.

RyanH

Tip 3: I try to organize my source data with the same folder layout as in my console. This only works if you can use folders unlike #BigBank Whatever you do, pick a strategy and STICK with it!

Chris Buck

To avoid SMP connection refusal errors increase the default of 100 to something more suitable. The setting is for total established connections (successful or in progress) within deletion policy time, not concurrent connections.

Nouroz Gaming

Use F7 in CMD and “h” in PowerShell to display a list of previously typed commands. (Repost)

Damien Solodow

Take ci_uniqueid from Get-CMSoftwareUpdate and pass it as UpdateID to Get-WsusUpdate | DenyWSUSUpdate.

Day 6

Chris Buck

If you’re on a specific version of ConfigMgr and your client is at that level in the prod environment …make sure your OSD task sequence installs that same level client, and not a client that is 1 year older so you can get the full benefits immediately

Ram Lan

When you distribute a package to DP and admin ask what % is complete – you can find it from monitoring section. Click Asset Details – Package – More Details – You will see % download complete.

RyanH

Audit your synced updates that are ‘required’ but not deployed. Then fix it. This won’t work for new patches that your environment hasn’t scanned against. I also add ‘is on or before last month’ to prevent this months patches from showing.

Fabian Szalatnay

Wanna know which Apps install in user context? Get-CMApplication | Sort LocalizedDisplayName | % {if (([xml]$_.SDMPackageXML).AppMgmtDigest.DeploymentType.Installer.ExecutionContext -eq ‘user’) {$_.LocalizedDisplayName}}

Day 7

Chris Buck

Disable Software Inventory and leverage Compliance Items to inventory files when needed. SW inventory is low priority which can take several hours to run and will both Hardware inventory and Heartbeat cycles until SW inventory is complete

David James (Retweet of Matt Benninge)

Use strcat() to combine two string columns .OperatingSystem| summarize count() by strcat(Caption, ‘ ‘, BuildNumber) | render piechart

Panu Saukko

WSUS info with #MEMCM 1906+ CMPivot: WindowsUpdate | project Device, AUOptions, UseWUServer | join (Registry(‘HKLM:\\Software\\Policies\\Microsoft\\Windows\WindowsUpdate’) | where Property ==’WUServer’ | project Device, WSUSServer=Value) | order by Device asc

Fabian Szalatnay

Cmdline my apps use: $f=”$env:temp\cl.csv”;ri $f -EA 0;Get-CMApplication|Sort LocalizedDisplayName|% {echo “$($_.LocalizedDisplayName),$(([xml]$_.SDMPackageXML).AppMgmtDigest.DeploymentType.Installer.CustomData.InstallCommandLine)”>>$f};Import-Csv $f -H Name,CL

Day 8

Chris Buck

If your site server is rejecting registration requests as those will not be functional clients. You can resolve by running 1st code below to identify them, and then 2nd code to clear revoked status and they will then begin to re-register

Day 9

Ioan Popovici

Using the #MEMCM Run Scripts feature is awesome. What sucks is to create scripts for a one time task. To solve this I’ve made a script that accepts a script block parameter. By the way this is dangerous so don’t do this on a regular basis…

Donna Ryan

Use Status Message Queries to follow TS Status and diagnose issues. It’s way easier than trying to read SMSTS.LOG. Monitoring -> Status Message Queries -> All Status Messages Filter on Task Sequence Engine or the Computer’s name

Chris Buck (RT of James Orlando)

Also use installed Software Product Name your queries will evaluate faster since that column is indexed

Gark Blok

Use an Embedded PowerShell Script to Document the TS. Just remember to Disable the Step.😉 I like to add a lot of notes to the Description and make step names meaningful, but sometimes you have more info than can fit in those fields.

Julie Andreacola (RT of James Orlando)

The more you know..

Nickolaj Andersen

Driver Management script will now allow you to test any supported computer model against the driver packages to see if a match can be found, when running the script in DebugMode

Day 10 and Day 11 (weekend)

Chris Buck

Avoid using “Like” or “%” logic on collections unless absolutely necessary. If you know what you want just use “equal to” in your logic Keep your database happy.

Fabian Szalatnay

Activate the plain text filter with Index Service for *.log files and add your log folder to the index. Now you can search for content within log files within folder structures (e.g. app or package name).

Day 12

Fabian Szalatnay

If not used often I forget the string “smscfgrc”. Therefore create new shortcut file in windir, call it “sccm” and enter “control smscfgrc” as the command. Now use Windows+R -type sccm. Voilà. Deploy the .lnk file to all clients if needed.

Day 13

Cody Mathis

Show OneDrive version landscape with #CMPivot It is per logon. Old logon=old version! #21DaysOfMEMTips File(‘C:\Users\*\AppData\Local\Microsoft\OneDrive\OneDrive.exe’) | project Version = substring(Version, 0, 6) | summarize count() by Version | render barchart

Bryan Dam

Just spit-balling: Bunch of users suddenly working from home? VPN being crushed by patch rollout? On the VPN boundary group enable ‘Prefer cloud based sources over on-premises sources’. As of #ConfigMgr 1902 that includes update content. c/o @CodyMathis123

Day 14

Fabian Szalatnay

If you’re not doing it already, do it! Use direct rules instead of query rules for AD group membership collections. Great write-ups

Day 15

zvensch

Wondering that your #CMTrace shows empty logfiles? Make sure “Ingnore Existing Lines” Checkbox is unchecked.

Day 16

Dave Dyer

Simplifying User Application Deployments in ConfigMgr – A Square Dozen

Day 17

Damien Solodow

You can schedule reports to run & deliver via email. Useful for say “machines in collection not compliant with SUG” to email to your desktop team/helpdesk.

Day 21

Fabian Szalatnay

Did you know you could double click a row in deployment status and will end up with a temporary “collection” containing those clients?

RyanH

no_sms_on_drive.sms

RyanH

If you want to mess with a #MEMCM admin, change their CMTrace File > Preferences to highlight with ‘Red’ then change Tools > Highlight to ‘2020’ so that their whole log looks like its one big ‘Error’….

Donna Ryan

Donna Ryan is a Principal Consulting Engineer with CDW Corporation's Integrated Technology Services Mobility practice. She began her formal IT career in 2011 as an Associate Engineer with CDW. Her primary skills are around System Center Configuration Manager, specifically operating system deployment, software update delivery, and application packaging. Having consulted hundreds of clients in a variety of industries, she has also delivered projects in multiple other Microsoft technologies such as Hyper-V and Remote Desktop Services. In 2016, she was awarded CDW’s Coworker of the Month for her leadership and dedication to a large and highly visible Windows 10 deployment project for a school district in the Pacific North West.  In 2018, Donna was invited to participate in Microsoft's Mini Enterprise Mobility MVP Summit, as well as the Microsoft CLIP event for the Windows 10 1809 rollout. Her passion for technology and the tech community is a driving force that keeps her exploring the latest and greatest.

1 comment

Sponsors

Categories

MSEndpointMgr.com use cookies to ensure that we give you the best experience on our website.