MEMCM Client Health DEX Pack

DEX Pack used to create the MEMCM Client Health policy.

Overview

Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.

The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.

The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:

Ensure the correct version of the CM client is installed and running and assigned to the correct site
Ensure the CM client is not stuck in provisioning mode
Ensure that heartbeat discovery, inventory and state messages are being sent regularly
Ensures the CM client cache is set to the correct size
Ensure the CM client log settings are correct
Ensure the BITS service exists, configured to start up automatically and is running
Ensure the Windows Time service exists with correct startup settings
Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running
Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent
Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source.

This policy is intended for deployment to Windows devices only.

Before deploying the MEMCM Client Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network. By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.

A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Endpoint Automation reports, and confirming the checks and enabled fixes are working as expected. When you are comfortable with the results you can then deploy to larger Management Groups.

Policies

The following table shows the policies included in the Integrated Product Pack.

Name	Description
MEMCM Client Health	The MEMCM (Microsoft Endpoint Manager - Configuration Manager) Client Health policy ensures that the MEMCM client and surrounding technologies are healthy.

Rules

The following table shows the rules included in the above policy. Any parameter values shown in the Check and Fix fragments, Triggers and Precondition fragment columns are specifically set in the rules when the pack is uploaded. These may be different from the default values shown in the Fragments table. You can modify these if required.

Name	Type	Description	Check and Fix fragments	Triggers	Precondition fragment
MEMCM Client Assignment	Fix	Ensure the client is assigned to the right site. Assign it if it isn't.	1E-GuaranteedState-Check-MEMCM-AssignedSite 1E-GuaranteedState-Fix-MEMCM-SetAssignedSite	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple 1EClientVersionToCompare=0 1EClientVersionDesiredResult=SameOrHigher DeviceChassisTypeList=% DeviceCpuTypeList=% DeviceDomainList=% DeviceFqdnList=% DeviceManufacturerList=% DeviceModelList=% DeviceRamMBMin=0 DeviceRamMBMax=2147483647 DeviceTimeZoneOffsetList= -720;-660;-600;-570;-540;-480; -420;-360;-300;-240;-180;-150; -120;-60;0;60;120;180;240; 270;300;330;345;360;390; 420;480;525;540;570;600; 630;660;720;765;780;840 DirectoryExists=Exists DirectoryName=% DnsLookupFqdnList=% FileNameExists=Exists FileName=% OsTypeList=Windows OsArchitectureList=% ProcessExists=Doesn't Exist ProcessExecutableList=ccmsetup.exe QuarantineStatus=% RegistryExists=Exists RegistryHive=HKLM RegistryKey=% RegistryValue=% RegistryData=% ServiceExists=Exists ServiceName=Winmgmt ServiceStartAccountName=% ServiceStartType=% ServiceState=Running ServiceTriggerStart=% ServiceType=% SoftwareExists=Exists SoftwareProduct=Configuration Manager Client SoftwarePublisher=Microsoft% SoftwareVersionToCompare=0 SoftwareVersionDesiredResult=SameOrHigher WindowsUpdateSource=% WmiNamespace=ROOT\ccm\StateMsg WmiClass=CCM_StateMsg WmiColumn=% WmiWhereClause={none} WmiVersionToCompare=0 WmiDesiredResult=SameOrHigher
MEMCM Client Cache Size	Fix	Ensure the MEMCM client cache is set to the right size. Set it if it isn't.	1E-GuaranteedState-Check-MEMCM-CacheSizeBetween 1E-GuaranteedState-Fix-MEMCM-SetCacheSize	Periodic (24 hours)
MEMCM Client ClassExists	Check(1)	Ensure the default CCM class exists in WMI.	1E-GuaranteedState-Check-Wmi-ClassExists 1E-GuaranteedState-Fix-MEMCM-InstallClient⁽¹⁾	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client ClientProvisioningMode	Fix	Ensure the client is not stuck in provisioning mode. Turn it off if it is.	1E-GuaranteedState-Check-MEMCM-ClientProvisioningMode 1E-GuaranteedState-Fix-MEMCM-SetClientProvisioningMode	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client DataDiscoveryRecordSent	Check	Ensure that a data discovery record (DDR) is being sent regularly.	1E-GuaranteedState-Check-MEMCM-DataDiscoveryRecordSent	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client FileCollectionSent	Check	Ensure that file collection is being sent regularly.	1E-GuaranteedState-Check-MEMCM-FileCollectionSent	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client HardwareInventorySent	Check	Ensure that hardware inventory is being sent regularly.	1E-GuaranteedState-Check-MEMCM-HardwareInventorySent	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client IDMIFCollectionSent	Check	Ensure that IDMIF collection is being sent regularly.	1E-GuaranteedState-Check-MEMCM-IDMIFCollectionSent	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client Logging	Check	Ensure the MEMCM client log settings are set to the right values.	1E-GuaranteedState-Check-MEMCM-GlobalLoggingConfiguration	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client NamespaceExists	Check(1)	Ensure the MEMCM (CCM) namespace exists in WMI.	1E-GuaranteedState-Check-Wmi-NamespaceExists 1E-GuaranteedState-Fix-MEMCM-InstallClient⁽¹⁾	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client SoftwareInventorySent	Check	Ensure that software inventory is being sent regularly.	1E-GuaranteedState-Check-MEMCM-SoftwareInventorySent	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client StateMessagesSent	Check	Ensure that state messages are being sent regularly.	1E-GuaranteedState-Check-MEMCM-StateMessagesSent	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
MEMCM Client Version	Check(1)	Ensure the right version of the client is installed.	1E-GuaranteedState-Check-Software-Version 1E-GuaranteedState-Fix-MEMCM-InstallClient⁽¹⁾	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Network IPv4 PrimaryAddressInDNS	Check	Check the FQDN matches DNS by looking up the primary IPv4 address in DNS	1E-GuaranteedState-Check-Network-IPv4-PrimaryAddressInDNS	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service BITS DelayedStart	Fix	Ensure that the BITS (Background Intelligent Transfer Service) service is set to Automatic (Delayed Start). Set it if not.	1E-GuaranteedState-Check-Service-StartType 1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service BITS Exists	Check	Ensure that the BITS (Background Intelligent Transfer Service) service exists.	1E-GuaranteedState-Check-Service-Exists	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service BITS Running	Fix	Ensure that the BITS (Background Intelligent Transfer Service) service is running. Start it if it isn't	1E-GuaranteedState-Check-Service-State 1E-GuaranteedState-Fix-Service-Start	Service Status Change	1E-GuaranteedState-Precondition-Multiple
Service ccmexec DelayedStart	Fix	Ensure that the ccmexec (SMS Agent Host) service is set to Automatic (Delayed Start). Set it if not.	1E-GuaranteedState-Check-Service-StartType 1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service ccmexec Exists	Check(1)	Ensure that the ccmexec (SMS Agent Host) service exists.	1E-GuaranteedState-Check-Service-Exists 1E-GuaranteedState-Fix-MEMCM-InstallClient⁽¹⁾	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service ccmexec Running	Fix	Ensure that the ccmexec (SMS Agent Host) service is running. Start it if it isn't	1E-GuaranteedState-Check-Service-State 1E-GuaranteedState-Fix-Service-Start	Service Status Change	1E-GuaranteedState-Precondition-Multiple
Service W32Time Exists	Check	Ensure that the W32Time (Windows Time) service exists.	1E-GuaranteedState-Check-Service-Exists	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service W32Time Manual	Fix	Ensure that the W32Time (Windows Time) service is set to manual. Set it to manual if it's not.	1E-GuaranteedState-Check-Service-StartType 1E-GuaranteedState-Fix-Service-SetStartTypeManual	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service W32Time TriggerStart	Check	Ensure that the W32Time (Windows Time) service is set to trigger start.	1E-GuaranteedState-Check-Service-TriggerStart	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service Winmgmt Automatic	Fix	Ensure that the Winmgmt (Windows Management Instrumentation) service is set to automatic. Set it to automatic if it's not.	1E-GuaranteedState-Check-Service-StartType 1E-GuaranteedState-Fix-Service-SetStartTypeAutomatic	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service Winmgmt Exists	Check	Ensure that the Winmgmt (Windows Management Instrumentation) service exists.	1E-GuaranteedState-Check-Service-Exists	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service Winmgmt Running	Fix	Ensure that the Winmgmt (Windows Management Instrumentation) service is running. Start it if it isn't	1E-GuaranteedState-Check-Service-State 1E-GuaranteedState-Fix-Service-Start	Service Status Change	1E-GuaranteedState-Precondition-Multiple
Service wuauserv Exists	Check(2)	Ensure that the wuauserv (Windows Update) service exists.	1E-GuaranteedState-Check-Service-Exists 1E-GuaranteedState-Fix-WindowsUpdate-ResetWindowsUpdate⁽²⁾	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service wuauserv Manual	Fix	Ensure that the wuauserv (Windows Update) service is set to manual. Set it to manual if it's not.	1E-GuaranteedState-Check-Service-StartType 1E-GuaranteedState-Fix-Service-SetStartTypeManual	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
Service wuauserv TriggerStart	Check	Ensure that the wuauserv (Windows Update) service is set to trigger start.	1E-GuaranteedState-Check-Service-TriggerStart	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
WindowsUpdate ConnectionOK	Check	Ensure the connection to Windows Update is OK	1E-GuaranteedState-Check-WindowsUpdate-ConnectionOK	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
WindowsUpdate Source	Check	Ensure the connection to Windows Update is using the right source (Configuration Manager, WSUS, Microsoft Update)	1E-GuaranteedState-Check-WindowsUpdate-Source	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
WMI cimv2 NamespaceExists	Check	Ensure the default (cimv2) namespace exists in WMI.	1E-GuaranteedState-Check-Wmi-NamespaceExists	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
WMI Repository Consistency	Fix	Ensure the WMI repository is consistent. Salvage the repository or (optionally) reset it if inconsistent.	1E-GuaranteedState-Check-Wmi-Repository 1E-GuaranteedState-Fix-Wmi-Repository	Periodic (24 hours)	1E-GuaranteedState-Precondition-Multiple
WMI Win32_ComputerSystem ClassExists	Check	Ensure the default Win32_ComputerSystem class exists in WMI.	1E-GuaranteedState-Check-Wmi-ClassExists	Periodic (60 min)	1E-GuaranteedState-Precondition-Multiple

Fragments

The Parameters column in the following table shows the ranges and default values for the parameters. The default values are used when you create custom rules using these fragments, unless you select alternative values.

The following fragments are used by the rules defined above in the MEMCM Client Health policy.

Name	Type	Readable Payload and summary	Parameters
1E-GuaranteedState-Check-MEMCM-AssignedSite	Check	Check the CM client has been assigned to site %SiteCode%	SiteCode Check to see if the MEMCM client is assigned to this site code
1E-GuaranteedState-Check-MEMCM-CacheSizeBetween	Check	Check the CM cache size is between %MinMB% and %MaxMB%	MinMB The cache size should be at least this big (in Megabytes) MaxMBThe cache size should be at most this big (in Megabytes)
1E-GuaranteedState-Check-MEMCM-ClientProvisioningMode	Check	Check the CM ClientProvisioningMode is set to %TrueFalse%	TrueFalse True represents client provisioning ON, False represents client provisioning OFF
1E-GuaranteedState-Check-MEMCM-DataDiscoveryRecordSent	Check	Check the CM client has sent a DDR (Data Discovery Record) within the last %Days% days	Days Look for DDRs sent back in this number of days
1E-GuaranteedState-Check-MEMCM-FileCollectionSent	Check	Check the CM client has performed a file collection within the last %Days% days	Days Look for file collection sent back in this number of days
1E-GuaranteedState-Check-MEMCM-GlobalLoggingConfiguration	Check	Check the CM client logging is configured with %Loglevel%, %MaxSize%, %MaxHistoryFiles% and %DebugLogging% settings	LogLevel The logging level Valid Values: Verbose, Normal, None MaxSize The maximum size (in Bytes) that the MEMCM logs may grow before rolling over MaxHistoryFiles The number of incremented log files to accumulate before deleting DebugLogging True means debug logging should be on, False means it should be off
1E-GuaranteedState-Check-MEMCM-HardwareInventorySent	Check	Check the CM client has sent hardware inventory within the last %Days% days	Days Look for hardware inventory data sent back in this number of days
1E-GuaranteedState-Check-MEMCM-IDMIFCollectionSent	Check	Check the CM client has performed an IDMIF collection within the last %Days% days	Days Look for IDMIFs sent back within this number of days
1E-GuaranteedState-Check-MEMCM-SoftwareInventorySent	Check	Check the CM client has sent software inventory within the last %Days% days	Days Look for software inventory data sent back within this number of days
1E-GuaranteedState-Check-MEMCM-StateMessagesSent	Check	Check the CM client has sent state messages within the last %Days% days	Days Look for state messages sent back within this number of days
1E-GuaranteedState-Check-Network-IPv4-PrimaryAddressInDNS	Check	Check the Device FQDN matches the value from DNS Take the primary IP address for the default route and look it up in DNS. Make sure the fqdn from device summary matches the fqdn returned from DNS
1E-GuaranteedState-Check-Service-Exists	Check	Check that %ServiceName% service exists	ServiceName Shortname of the service
1E-GuaranteedState-Check-Service-StartType	Check	Check that %ServiceName% start type is %StartType%	ServiceName Shortname of the service StartType The startup setting for the service Valid Values: Automatic Automatic (Delayed Start) Boot Disabled Manual System
1E-GuaranteedState-Check-Service-State	Check	Check the %ServiceName% service is in %State% state For completeness, all valid service states are included. Realistically, however, making a precondition out of transition states like About To Continue Pausing Starting Stopping isn't a very good idea as a service will only be in that state for a very short time.	ServiceName Shortname of the service StateThe state the service should be in Valid Values: About to Continue Pausing Paused Running Starting Stopping Stopped
1E-GuaranteedState-Check-Service-TriggerStart	Check	Check the %ServiceName% service is set to start on a trigger The actual trigger is not checked or reported	ServiceName Shortname of the service
1E-GuaranteedState-Check-Software-Version	Check	Check for the existence of %Publisher% %Product% with version %VersionDesiredResult% than %VersionToCompare% Checks if the specified Publisher and Product is installed and that the version is lower, same or higher than the target (VersionToCompare)	Publisher Check for this publisher name Product Check for this product name VersionToCompare The software product version to use as the comparison DEFAULT: 0 VersionDesiredResultThe outcome that's desired when the software product version is compared to VersionToCompare Valid values: SameOrLower Lower Lower_MajorLower Lower_SameMajor Lower_SameMajorMinor Lower_SameMajorMinorRelease Same Higher_SameMajorMinorRelease Higher_SameMajorMinor Higher_SameMajor Higher_MajorHigher Higher SameOrHigher DEFAULT: SameOrHigher
1E-GuaranteedState-Check-WindowsUpdate-ConnectionOK	Check	Check that the client can connect to the configured Windows Update source
1E-GuaranteedState-Check-WindowsUpdate-Source	Check	Check Windows Update agent is configured to use %Source% as source If Source is set to % (Default) this will check each of the sources and pass with the first one that succeeds.	Source The windows update source (% wildcard accepted) Valid Values: SCCM (MEMCM) WSUSL (WSUS - Local) WSUSR (WSUS - Remote) % DEFAULT: %
1E-GuaranteedState-Check-Wmi-ClassExists	Check	Check that WMI %Class% exists in %Namespace%	Namespace The WMI namespace to check existence (ROOT\cimv2 for example) ClassThe WMI class that should exist in specified namespace
1E-GuaranteedState-Check-Wmi-NamespaceExists	Check	Check that WMI %Namespace% exists	Namespace The WMI namespace to check existence (ROOT\cimv2 for example)
1E-GuaranteedState-Check-Wmi-Repository	Check	Check that the WMI repository is consistent Runs winmgmt.exe /verifyrepository and fails if 'is not consistent' appears in the returned result
1E-GuaranteedState-Fix-MEMCM-SetAssignedSite	Fix	Set CM assigned site to %SiteCode% Namespace: ROOT\CCM Class: SMS_CLIENT Method: SetAssignedSite sSiteCode: %SiteCode%	SiteCode Assign the client to this site code
1E-GuaranteedState-Fix-MEMCM-SetCacheSize	Fix	Set CM client cache size to %MaxMB% MB Com Object: UIResource.UIResourceMgr.GetCacheInfo().TotalSize	MaxMB The cache size should be at least this size (in MB) DEFAULT: 5120
1E-GuaranteedState-Fix-MEMCM-SetClientProvisioningMode	Fix	Set MEMCM client provisioning mode to %TrueFalse% Namespace: ROOT\CCM Class: SMS_CLIENT Method: SetClientProvisioningMode bEnable: <true/false>	TrueFalse True sets client provisioning mode to ON False sets client provisioning mode to OFF DEFAULT: False Valid Values: True False
1E-GuaranteedState-Fix-Service-SetStartTypeAutomatic	Fix	Set %ServiceName% service to Automatic start type and confirm change within %Timeout% seconds	ServiceName The name of the service on which we want to operate Timeout The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not DEFAULT: 15
1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart	Fix	Set %ServiceName% service to Automatic (Delayed Start) start type and confirm change within %Timeout% seconds	ServiceName The name of the service on which we want to operate Timeout The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not DEFAULT: 15
1E-GuaranteedState-Fix-Service-SetStartTypeManual	Fix	Set %ServiceName% service to Manual start type and confirm change within %Timeout% seconds	ServiceName The name of the service on which we want to operate Timeout The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not DEFAULT: 15
1E-GuaranteedState-Fix-Service-Start	FIx	Start %ServiceName% service and confirm as started within %Timeout% seconds	ServiceName The name of the service on which we want to operate Timeout The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not DEFAULT: 15
1E-GuaranteedState-Fix-Wmi-Repository	Fix	Fix the consistency of the WMI Repository and ResetRepository command if %ResetRepository%=True SALVAGE: winmgmt /salvagerepository RESET: (optional) winmgmt /resetrepository	ResetRepository True will reset the WMI repository (only if salvage fails) False will only try to salvage
1E-GuaranteedState-Precondition-Multiple	PreCondition	Multiple checks using specified parameters %1EClientVersionToCompare% %1EClientVersionDesiredResult% %DeviceChassisTypeList% %DeviceCpuTypeList% %DeviceDomainList% %DeviceFqdnList% %DeviceManufacturerList% %DeviceModelList% %DeviceRamMBMin% %DeviceRamMBMax% %DeviceTimeZoneOffsetList% %DirectoryExists% %DirectoryName% %DnsLookupFqdnList% %FileNameExists% %FileName% %OsTypeList% %OsArchitectureList% %ProcessExists% %ProcessExecutableList% %QuarantineStatus% %RegistryExists% %RegistryHive% %RegistryKey% %RegistryValue% %RegistryData% %ServiceExists% %ServiceName% %ServiceStartAccountName% %ServiceStartType% %ServiceState% %ServiceTriggerStart% %ServiceType% %SoftwareExists% %SoftwareProduct% %SoftwarePublisher% %SoftwareVersionToCompare% %SoftwareVersionDesiredResult% %WindowsUpdateSource% %WmiNamespace% %WmiClass% %WmiColumn% %WmiWhereClause% %WmiVersionToCompare% %WmiDesiredResult% Most parameters will be ignored if % is entered so they don't take up any resources trying to lookup a precondition on something that isn't relevant. The default values for the parameters will do this. In other words, if you don't want to search for a precondition on something like a directory, leave it's parameters at their defaults and it will skip the search for that.	1E Client... 1EClientVersionToCompare The version to use as the comparison DEFAULT: 0 1EClientVersionDesiredResult The outcome that's desired when the 1E Client Version is compared to the passed in version DEFAULT: Same or Higher Device details... DeviceChassisTypeList A semi-colon separated list of acceptable ChassisType values. (% wildcards are acceptable within each item) DEFAULT: % DeviceCpuTypeList A semi-colon separated list of acceptable CpuType values. (% wildcards are acceptable within each item DEFAULT: % DeviceDomainList A semi-colon separated list of acceptable Domain values. (% wildcards are acceptable within each item) DEFAULT: % DeviceFqdnList A semi-colon separated list of acceptable Fqdn values. (% wildcards are acceptable within each item) DEFAULT: % DeviceManufacturerList A semi-colon separated list of acceptable Manufacturer values. (% wildcards are acceptable within each item) DEFAULT: % DeviceModelList A semi-colon separated list of acceptable Model values. (% wildcards are acceptable within each item) DEFAULT: % DeviceRamMBMin The minimum amount of RAM (in MB) a device should have DEFAULT: 0 DeviceRamMBMax The minimum amount of RAM (in MB) a device should have DEFAULT: 9223372036854775807 DeviceTimeZoneOffsetList A semi-colon separated list of acceptable time zone offsets Directory and File... DirectoryExists Exists if the directory should exist Doesn't Exist if the directory shouldn't exist DEFAULT: % DirectoryName The name of the directory to check for existence DEFAULT: % FileNameExists Exists if the file should exist Doesn't Exist if the file shouldn't exist DEFAULT: Exists FileName The name of the file to check for existence DEFAULT: % DNS... DnsLookupFqdnList A semi-colon separated list of acceptable Fqdns that have been looked up in DNS by the device DEFAULT: % Operating System... OsArchitectureList A semi-colon separated list of acceptable OS Architectures DEFAULT: % OsTypeList A semi-colon separated list of acceptable OS Types DEFAULT: % Process... ProcessExists Exists if the process should exist Doesn't Exist if the process shouldn't exist DEFAULT: Exists ProcessExecutableList A semi-colon separated list of acceptable processes DEFAULT: % Quarantine... QuarantineStatus Quarantined if the device should be quarantined NotQuarantined if the device should not be quarantined DEFAULT: % Registry Key... RegistryExists Exists if the registry key should exist Doesn't Exist if the registry key should not exist DEFAULT: Exists RegistryHive The registry hive in which the registry key should exist. Valid Values: HKCR HKCC HKCU HKLM HKU % DEFAULT: % RegistryKey The registry key to find in the specified hive DEFAULT: % RegistryValue Exists if the registry key value should exist Doesn't Exist if the registry key value should not exist DEFAULT: Exists RegistryData Exists if the registry key value data should exist Doesn't Exist if the registry key value data should not exist DEFAULT: Exists Service... ServiceExistsExists if the registry key value data should exist Doesn't Exist if the registry key value data should not exist DEFAULT: Exists ServiceName The short name of the service DEFAULT: % ServiceStartAccountName The account name under which the service starts DEFAULT: % ServiceStartType The start type of the service. Valid Values: Automatic Automatic (Delayed Start) Boot Disabled Manual System % DEFAULT: % ServiceState The state the service should be in Valid Values: About to Continue Pausing Paused Running Starting Stopping Stopped % DEFAULT: % ServiceTriggerStart Is the service set to TriggerStart Valid Values: True False % DEFAULT: % ServiceType The type of service (use {none} to match null/empty value) Valid Values: {none} File system driver Kernel driver Own process Shared process % DEFAULT: % Software... SoftwareExists Exists if the software should exist Doesn't Exist if the software shouldn't exist DEFAULT: Exists SoftwareProduct Check for this product name DEFAULT: % SoftwarePublisher Check for this publisher name DEFAULT: % SoftwareVersionToCompareThe software product version to use as the comparison DEFAULT: 0 SoftwareVersionDesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare Valid values: SameOrLower Lower Lower_MajorLower Lower_SameMajor Lower_SameMajorMinor Lower_SameMajorMinorRelease Same Higher_SameMajorMinorRelease Higher_SameMajorMinor Higher_SameMajor Higher_MajorHigher Higher SameOrHigher DEFAULT: SameOrHigher Windows Update... WindowsUpdateSource The source to check for Windows Update connectivity Valid Values: SCCM (MEMCM) WSUSL (WSUS - Local) WSUSR (WSUS - Remote) % DEFAULT: % WMI... WmiNamespace The WMI namespace to check existence (ROOT\cimv2 for example) WmiClassThe WMI class that should exist in specified namespace (ignored if %) WmiWhereClause The WHERE clause to use when querying this class (use {none} for no filter) WmiColumn The column name from querying the class which holds a version string WmiVersionToCompare The software product version to use as the comparison DEFAULT: 0 WmiVersionDesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare Valid values: SameOrLower Lower Lower_MajorLower Lower_SameMajor Lower_SameMajorMinor Lower_SameMajorMinorRelease Same Higher_SameMajorMinorRelease Higher_SameMajorMinor Higher_SameMajor Higher_MajorHigher Higher SameOrHigher DEFAULT: SameOrHigher

Spare fragments

The following fragments are included in the MEMCM Client Health Integrated Product Pack but are not used in any predefined rules. You can use these in rules that you create or modify in any policy.

Name

Type

Readable Payload and summary

Parameters

1E-GuaranteedState-Check-MEMCM-CertificateInStore

Check

Check that the CM certificate is in the certificate store by looking in the CM client logs located in %MEMCMLogsDirectory%

This checks the ClientIDManagerStartup.log for "Failed to find the certificate in the store" error messages, which indicates the CM client certificate is likely missing.

MEMCMLogsDirectory

The full path to the MEMCM client logs directory (%Environment% variables accepted)

1E-GuaranteedState-Check-MEMCM-ClientCommunication

Check

Check that the CM client has sent data back within the last %Days% days.

This checks to see if hardware inventory, software inventory, DDRs or IDMIFs have been sent anytime in the past %Days% days.

Days

Look for client messages sent back in this number of days

1E-GuaranteedState-Check-MEMCM-MachinePolicyValid

Check

Check that the CM client has checked for machine policy within the last %Days% days

Days

Look for machine policy validated within this number of days

1E-GuaranteedState-Check-MEMCM-UserPolicyValid

Check

Check that the CM client has checked for user policy within the last %Days% days

Days

Look for user policy validated within this number of days

1E-GuaranteedState-Fix-MEMCM-InstallClient

FIx

Install the CM client using CCMSETUP.EXE from %CcmSetupFileUrl% having size %CcmSetupFileSize% and hash %CcmSetupFileHash% with command line options

%SourceList%
%MpList%
%RetryMinutes%
%ServiceNoService%
%InstallUninstall%
%Logon%
%ForceReboot%
%BITSPriority%
%DownloadTimeout%
%UsePKICert%
%NoCRLCheck%
%ConfigFile%
%SkipPrereqFileList%
%ForceInstall%
%ExcludeFeaturesList%
%CcmSetupMsiProperties%
%ClientMsiProperties%

This is essentially a front-end for the ccmsetup.exe installation parameters found in Microsoft Documentation.

See About client installation parameters and properties in Configuration Manager for more information about the installation parameters.

Expand parameters...

CcmSetupFileUrlEither the full HTTP or HTTPS URL path to the ccmsetup.exe file on a web server or the relative path to be appended to the Content directory under the background channel URL

DEFAULT: ccmsetup.exe

CcmSetupFileSizeThe size of the ccmsetup.exe file in bytes

DEFAULT: 4099328

CcmSetupFileHash

The SHA256 hash of the ccmsetup.exe file

DEFAULT: ab85f58b0cc257d25628384b0ec8fab1f9e15ca2b110a1e425e86e56b47ebde1

SourceList

A semicolon ; delimited list of download locations for setup media

DEFAULT: {none}

MpList

A semicolon ; delimited list of management points or cloud management gateway

DEFAULT: {none}

RetryMinutes

The retry interval in minutes to retry setup if it fails to download installation files. -1 to ignore this parameter

DEFAULT: -1

ServiceNoServiceTells setup to install as a service or no service

DEFAULT: Service

Valid Values:

Service

NoService

InstallUninstall

Tell setup to install or uninstall the client

DEFAULT: Install

Valid Values:

Install

Uninstall

Logon

If any version of the client is already installed, install will stop

DEFAULT: False

Valid Values:

True

False

ForceReboot

Setup should force the client to reboot if necessary to complete installation

Valid Values:

True

False

BITSPriority

Download priority when client installation files are downloaded over HTTP connection

DEFAULT: Normal

Valid Values:

Foreground

High

Normal

Low

DownloadTimeout

Length of time in minutes that setup tries to download the installation files before stopping

DEFAULT: 1440

UsePKICert

Uses a PKI cert that includes client authentication, if available. If can't find a valid cert, it uses HTTP with self-signed cert.

DEFAULT: False

Valid Values:

True

False

NoCRLCheck

Client won't check the cert revocation list when it uses HTTPS with PKI cert

DEFAULT: False

Valid Values:

True

False

ConfigFile

The name of a text file that lists client installation properties

DEFAULT: {none}

SkipPrereqFileList

A semicolon ; delimited list of prerequisite files that will be skipped during install

DEFAULT: {none}

ForceInstall

Uninstall any existing client and install a new client

DEFAULT: False

Valid Values:

True

False

ExcludeFeaturesList

Do not install the semicolon ; delimited list of features (ClientUI is supported) when installing the client

DEFAULT: {none}

Valid Values:

ClientUI

CcmSetupMsiProperties

Properties that modify the installation behavior of ccmsetup.msi

DEFAULT: {none}

ClientMsiProperties

Properties that modify the installation behavior of client.msi

DEFAULT: {none}

1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerGlobalEvaluationAction

Fix

Invoke CM Application manager global evaluation action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000123}

1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerPolicyAction

Fix

Invoke CM Application manager policy action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000121}

1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerUserPolicyAction

Fix

Invoke CM Application manager user policy action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000122}

1E-GuaranteedState-Fix-MEMCM-InvokeBranchDistributionPointMaintenanceTask

Fix

Invoke CM branch distribution point maintenance task

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000109}

1E-GuaranteedState-Fix-MEMCM-InvokeClearingProxySettingsCache

Fix

Invoke CM clearing proxy settings cache action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000037}

1E-GuaranteedState-Fix-MEMCM-InvokeClientMachineAuthentication

Fix

Invoke CM client machine authentication action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000012}

1E-GuaranteedState-Fix-MEMCM-InvokeDataDiscoveryRecord

Fix

Invoke CM data discovery record action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000001}

1E-GuaranteedState-Fix-MEMCM-InvokeDiscoveryDataCollectionCycle

Fix

Invoke CM discovery data collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000103}

1E-GuaranteedState-Fix-MEMCM-InvokeEndpointAMPolicyReevaluate

Fix

Invoke CM Endpoint Protection Antimalware policy reevaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000222}

1E-GuaranteedState-Fix-MEMCM-InvokeEndpointDeploymentReevaluate

Fix

Invoke CM Endpoint Protection deployment reevaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000221}

1E-GuaranteedState-Fix-MEMCM-InvokeExternalEventDetection

Fix

Invoke CM external event detection

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000223}

1E-GuaranteedState-Fix-MEMCM-InvokeFileCollection

Fix

Invoke CM file collection

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000010}

1E-GuaranteedState-Fix-MEMCM-InvokeFileCollectionCycle

Fix

Invoke CM file collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000104

1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventory

Fix

Invoke CM hardware inventory

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000001}

1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventoryCollectionCycle

Fix

Invoke MEMCM hardware inventory collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000101}

1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollection

Fix

Invoke CM IDMIF collection

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000011}

1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollectionCycle

Fix

Invoke CM IDMIF collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000105}

1E-GuaranteedState-Fix-MEMCM-InvokeLSRefreshLocationsTask

FIx

Invoke CM client Location Services refresh locations task

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000024}

1E-GuaranteedState-Fix-MEMCM-InvokeLSTimeoutRefreshTask

Fix

Invoke CM client Location Services timeout refresh action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000025}

1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAgentCleanup

Fix

Invoke CM machine policy agent cleanup action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000040}

1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAssignmentsRequest

Fix

Invoke CM machine policy assignments request

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000021}

1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyEvaluation

Fix

Invoke CM machine policy evaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000022}

1E-GuaranteedState-Fix-MEMCM-InvokePeerDpPendingPackageCheckSchedule

Fix

Invoke CM peer DP pending package check schedule

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000062}

1E-GuaranteedState-Fix-MEMCM-InvokePeerDpStatusReporting

Fix

Invoke CM peer DP status reporting

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000061}

1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentEvaluateAssignmentUser

Fix

Invoke CM User policy evaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000027}

1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentRequestAssignmentUser

Fix

Invoke CM User policy request

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000026}

1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateMachinePolicyAssignment

Fix

Invoke CM machine policy / assignment validation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000042}

1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateUserPolicyAssignment

Fix

Invoke CM user policy / assignment validation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000043}

1E-GuaranteedState-Fix-MEMCM-InvokePowerManagementStartSummarizer

Fix

Invoke CM power management start summarizer

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000131}

1E-GuaranteedState-Fix-MEMCM-InvokeRefreshDefaultMPTask

Fix

Invoke CM refresh default MP task

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000023}

1E-GuaranteedState-Fix-MEMCM-InvokeRetryingRefreshingCertificatesInAdOnMp

Fix

Invoke CM retrying/refreshing certificates in AD on MP

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000051}

1E-GuaranteedState-Fix-MEMCM-InvokeScanByUpdateSource

Fix

Invoke CM scan by update source

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000113}

1E-GuaranteedState-Fix-MEMCM-InvokeSchedule

Fix

Invoke CM client %Schedule% action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: <ScheduleID>

List of ScheduleIDs:

Name	ScheduleId
Hardware Inventory	{00000000-0000-0000-0000-000000000001}
Software Inventory	{00000000-0000-0000-0000-000000000002}
Data Discovery Record	{00000000-0000-0000-0000-000000000003}
File Collection	{00000000-0000-0000-0000-000000000010}
IDMIF Collection	{00000000-0000-0000-0000-000000000011}
Client Machine Authentication	{00000000-0000-0000-0000-000000000012}
Machine Policy Assignments Request	{00000000-0000-0000-0000-000000000021}
Machine Policy Evaluation	{00000000-0000-0000-0000-000000000022}
Refresh Default MP Task	{00000000-0000-0000-0000-000000000023}
LS (Location Service) Refresh Locations Task	{00000000-0000-0000-0000-000000000024}
LS (Location Service) Timeout Refresh Task	{00000000-0000-0000-0000-000000000025}
Policy Agent Request Assignment (User)	{00000000-0000-0000-0000-000000000026}
Policy Agent Evaluate Assignment (User)	{00000000-0000-0000-0000-000000000027}
Software Metering Generating Usage Report	{00000000-0000-0000-0000-000000000031}
Source Update Message	{00000000-0000-0000-0000-000000000032}
Clearing proxy settings cache	{00000000-0000-0000-0000-000000000037}
Machine Policy Agent Cleanup	{00000000-0000-0000-0000-000000000040}
User Policy Agent Cleanup	{00000000-0000-0000-0000-000000000041}
Policy Agent Validate Machine Policy / Assignment	{00000000-0000-0000-0000-000000000042}
Policy Agent Validate User Policy / Assignment	{00000000-0000-0000-0000-000000000043}
Retrying/Refreshing certificates in AD on MP	{00000000-0000-0000-0000-000000000051}
Peer DP Status reporting	{00000000-0000-0000-0000-000000000061}
Peer DP Pending package check schedule	{00000000-0000-0000-0000-000000000062}
SUM Updates install schedule	{00000000-0000-0000-0000-000000000063}
Hardware Inventory Collection Cycle	{00000000-0000-0000-0000-000000000101}
Software Inventory Collection Cycle	{00000000-0000-0000-0000-000000000102}
Discovery Data Collection Cycle	{00000000-0000-0000-0000-000000000103}
File Collection Cycle	{00000000-0000-0000-0000-000000000104}
IDMIF Collection Cycle	{00000000-0000-0000-0000-000000000105}
Software Metering Usage Report Cycle	{00000000-0000-0000-0000-000000000106}
Windows Installer Source List Update Cycle	{00000000-0000-0000-0000-000000000107}
Software Updates Assignments Evaluation Cycle	{00000000-0000-0000-0000-000000000108}
Branch Distribution Point Maintenance Task	{00000000-0000-0000-0000-000000000109}
Send Unsent State Message	{00000000-0000-0000-0000-000000000111}
State System policy cache cleanout	{00000000-0000-0000-0000-000000000112}
Scan by Update Source	{00000000-0000-0000-0000-000000000113}
Update Store Policy	{00000000-0000-0000-0000-000000000114}
State system policy bulk send high	{00000000-0000-0000-0000-000000000115}
State system policy bulk send low	{00000000-0000-0000-0000-000000000116}
Application manager policy action	{00000000-0000-0000-0000-000000000121}
Application manager user policy action	{00000000-0000-0000-0000-000000000122}
Application manager global evaluation action	{00000000-0000-0000-0000-000000000123}
Power management start summarizer	{00000000-0000-0000-0000-000000000131}
Endpoint deployment reevaluate	{00000000-0000-0000-0000-000000000221}
Endpoint AM policy reevaluate	{00000000-0000-0000-0000-000000000222}
External event detection	{00000000-0000-0000-0000-000000000223}

Schedule

The MEMCM client schedule (client action) to trigger

Valid Values: Select a name from the table in the Summary column. These are presented as a dropdown in the UI. The string values are converted to the ScheduleID required by the WMI method.

1E-GuaranteedState-Fix-MEMCM-InvokeSendUnsentStateMessage

Fix

Invoke CM send unsent state message action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000111}

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventory

Fix

InvokeCM software inventory action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000002}

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventoryCollectionCycle

Fix

Invoke CM software inventory collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000102}

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringGeneratingUsageReport

Fix

Invoke CM software metering generate usage report action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000031}

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringUsageReportCycle

Fix

Invoke CM software metering usage report cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000106}

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareUpdatesAssignmentsEvaluationCycle

Fix

Invoke CM software updates assignments evaluation cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000108}

1E-GuaranteedState-Fix-MEMCM-InvokeSourceUpdateMessage

Fix

Invoke CM source update message

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000032}

1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendHigh

Fix

Invoke CM state system policy bulk send high

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000115}

1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendLow

Fix

Invoke CM state system policy bulk send low

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000116}

1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyCacheCleanout

Fix

Invoke CM state system policy cache cleanout

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000112}

1E-GuaranteedState-Fix-MEMCM-InvokeSumUpdatesInstallSchedule

Fix

Invoke CM Software Updates install schedule

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000063}

1E-GuaranteedState-Fix-MEMCM-InvokeUpdateStorePolicy

Fix

Invoke CM update store policy

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000114}

1E-GuaranteedState-Fix-MEMCM-InvokeUserPolicyAgentCleanup

Fix

Invoke CM user policy agent cleanup

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000041}

1E-GuaranteedState-Fix-MEMCM-InvokeWindowsInstallerSourceListUpdateCycle

Fix

Invoke CM Windows Installer source list update cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000107}

1E-GuaranteedState-Fix-MEMCM-RefreshServerComplianceState

Fix

Refresh CM server compliance state

Com Object: Microsoft.CCM.UpdatesStore.RefreshServerComplianceState()

1E-GuaranteedState-Fix-MEMCM-ResetPolicy

Fix

Reset CM policy

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: ResetPolicy

uFlags: <see list below>

Name	Flag
RequestFullPolicy	0
PurgeAndRequestFullPolicy	1

ResetOption

Valid values

RequestFullPolicywill request a full instead of delta.
PurgeAndRequestFull will completely remove the existing policy and request full (possibly re-running deployments).

These are presented as a dropdown in the UIO and converted to the numeric value required by the WMI method.

1E-GuaranteedState-Fix-WindowsUpdate-ResetWindowsUpdate

Fix

Completely reset Windows Update from scratch (Experimental)

Process mostly inspired Reset-WindowsUpdate.ps1 and tweaked a little to be more forceful

Process also inspired by this article.

This is a very destructive and involved process. It should only be used as a last resort to fix a broken Windows Update system.

The machine will be somewhat unusable until it is rebooted and should be rebooted right away.

Many different and unrelated apps may throw odd and misleading errors until the reboot happens.

General process:

Stop Windows Update Services
1. Stop BITS
2. Stop wuauserv
3. Stop appidsvc
4. Stop cryptsvc
Remove QMGR Data File
Rename the software distribution and CatRoot folders
Remove the old Windows Update log
Reset the Windows Update services to default settings (bits and wuauserv anyway)
Re-Register a pile of DLLS related to windows update and surrounding technologies
Remove the WSUS client settings from the registry
Reset WinSock
Delete any-and-all BITS jobs
Install the Windows Update Agent (KB2937636)
Force discovery
Reboot

1E-GuaranteedState-Precondition-1EClient-Version

PreCondition

Checks for the existence of the 1E client with version lower, same or higher (%DesiredResults%) than %VersionToCompare%.

VersionToCompare

A version number to compare against the installed 1E Client version number.

Examples:

5.0

5.0.0

5.0.0.745

DEFAULT: 0

DesiredResultsThe outcome that's desired when actual version is compared to passed in version.

DEFAULT: SameOrHigher

Valid values:

SameOrLower
Lower
Lower_MajorLower
Lower_SameMajor
Lower_SameMajorMinor
Lower_SameMajorMinorRelease
Same
Higher_SameMajorMinorRelease
Higher_SameMajorMinor
Higher_SameMajor
Higher_MajorHigher
Higher
SameOrHigher

1E-GuaranteedState-Precondition-MEMCM-AssignedSite

PreCondition

Check the CM client is assigned to %SiteCode%

SiteCode

Check to see if the MEMCM client is assigned to this site code

1E-GuaranteedState-Precondition-MEMCM-CacheSizeBetween

PreCondition

Check the CM cache size is between %MinMB% and %MaxMB%

MinMB

The cache size should be at least this big (in Megabytes)

MaxMBThe cache size should be at most this big (in Megabytes)

1E-GuaranteedState-Precondition-MEMCM-CertificateInStore

PreCondition

Check the CM certificate is in the certificate store by checking CM log files in %MEMCMLogsDirectory%

This checks the ClientIDManagerStartup.log for "Failed to find the certificate in the store" error messages, which indicates the CM client certificate is likely missing.

MEMCMLogsDirectory

The full path to the MEMCM client logs directory (%Environment% variables accepted)

1E-GuaranteedState-Precondition-MEMCM-ClientCommunication

PreCondition

Check the CM client has sent data back within the last %Days% days

This checks to see if hardware inventory, software inventory, DDRs or IDMIFs have been sent anytime in the past %Days% days.

Days

Look for client messages sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-ClientProvisioningMode

PreCondition

Check if the CM ClientProvisioningMode is set to %TrueFalse%

TrueFalse

True represents client provisioning ON, False represents client provisioning OFF

1E-GuaranteedState-Precondition-MEMCM-DataDiscoveryRecordSent

PreCondition

Check the CM client has sent a DDR (Data Discovery Record) within the last %Days% days

Days

Look for DDRs sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-FileCollectionSent

PreCondition

Check the CM client has performed a file collection within the last %Days% days

Days

Look for file collection sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-GlobalLogginConfiguration

PreCondition

Check the CM client logging is configured with %Loglevel%, %MaxSize%, %MaxHistoryFiles% and %DebugLogging% settingsconfiguration %LogLevel% %MaxSize% %MaxHistoryFiles% %DebugLogging%

LogLevel

The logging level

Valid Values: Verbose, Normal, None

MaxSize

The maximum size (in Bytes) that the MEMCM logs may grow before rolling over

MaxHistoryFiles

The number of incremented log files to accumulate before deleting

DebugLogging

True means debug logging should be on, False means it should be off

1E-GuaranteedState-Precondition-MEMCM-HardwareInventorySent

PreCondition

Check the CM client has sent hardware inventory within the last %Days% days

Days

Look for hardware inventory data sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-IDMIFCollectionSent

PreCondition

Check the CM client has performed an IDMIF collection within the last %Days% days

Days

Look for IDMIFs sent back within this number of days

1E-GuaranteedState-Precondition-MEMCM-MachinePolicyValid

PreCondition

Check the CM client has checked for machine policy within the last %Days% days

Days

Look for machine policy validated within this number of days

1E-GuaranteedState-Precondition-MEMCM-SoftwareInventorySent

PreCondition

Check the CM client has sent software inventory within the last %Days% days.

Days

Look for software inventory data sent back within this number of days

1E-GuaranteedState-Precondition-MEMCM-StatusMessagesSent

PreCondition

Check the CM client has sent status messages within the last %Days% days.

Days

Look for status messages sent back within this number of days

1E-GuaranteedState-Precondition-MEMCM-UserPolicyValid

PreCondition

Check the CM client has checked for user policy within the last %Days% days

Days

Look for user policy validated within this number of days

1E-GuaranteedState-Precondition-Process-Exists

PreCondition

Check the %Executable% process exists (is running)

Executable

The name of the executable that should be running

1E-GuaranteedState-Precondition-Service-Exists

PreCondition

Check the %ServiceName% service exists

ServiceName

Shortname of the service

1E-GuaranteedState-Precondition-Software-Exists

PreCondition

Check for the existence of %Publisher% %Product% with version %VersionDesiredResult% than %VersionToCompare%

Checks if the specified Publisher and Product is installed and that the version is lower, same or higher than the target (VersionToCompare

Publisher

Check for this publisher name

Product

Check for this product name

VersionToCompare

The software product version to use as the comparison

DEFAULT: 0

VersionDesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

SameOrLower
Lower
Lower_MajorLower
Lower_SameMajor
Lower_SameMajorMinor
Lower_SameMajorMinorRelease
Same
Higher_SameMajorMinorRelease
Higher_SameMajorMinor
Higher_SameMajor
Higher_MajorHigher
Higher
SameOrHigher

DEFAULT: SameOrHigher

1E-GuaranteedState-Precondition-WindowsUpdate-ConnectionOK

PreCondition

Check that the Windows Update connection is OK

1E-GuaranteedState-Precondition-WindowsUpdate-Source

PreCondition

Check that the connection to the %Source% Windows Update source is OK

Source

The windows update source (% wildcard accepted)

Valid Values:

SCCM (MEMCM)
WSUSL (WSUS - Local)
WSUSR (WSUS - Remote)
%

DEFAULT: %

1E-GuaranteedState-Precondition-WindowsUpdate-SourceId

PreCondition

Check that a Windows Update connection is OK for %SourceId%

SourceId

The identity of the source of updates. E.g. for a ' SCCM ' source this will be the site ID, or for WSUS it will be the URL to WSUS.

1E-GuaranteedState-Precondition-Wmi-ClassColumnVersion

PreCondition

Check if the value of the WMI attribute defined by %Namespace%, %Class%, %ColumnName% (and optional %WhereClause%) is a version number (e.g. 7.2.5.612) that is lower, higher or the same (defined by %DesiredResult%) as %VersionToCompare%

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example)

ClassThe WMI class that should exist in specified namespace (ignored if %)

WhereClause

The WHERE clause to use when querying this class (use {none} for no filter)

ColumnName

The column name from querying the class which holds a version string

VersionToCompare

The software product version to use as the comparison

DEFAULT: 0

DesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

SameOrLower
Lower
Lower_MajorLower
Lower_SameMajor
Lower_SameMajorMinor
Lower_SameMajorMinorRelease
Same
Higher_SameMajorMinorRelease
Higher_SameMajorMinor
Higher_SameMajor
Higher_MajorHigher
Higher
SameOrHigher

DEFAULT: SameOrHigher

1E-GuaranteedState-Precondition-Wmi-ClassExists

PreCondition

Check for the existence of WMI %Class% in %NameSpace%

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example)

ClassThe WMI class that should exist in specified namespace (ignored if %)

1E-GuaranteedState-Precondition-Wmi-ClassQuery

PreCondition

Check for any data returned from specified WMI %Class% and %Namespace% using (optional) %WhereClause% and %ColumnList%

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example, ignored if %)

ClassThe WMI class that should exist in specified namespace (ignored if %)

WhereClause

The WHERE clause to use when querying this class (use {none} for no filter)

ColumnList

A list of columns to select from the WMI class (use {all} for all columns)

1E-GuaranteedState-Precondition-Wmi-NamespaceExists

PreCondition

Check for the existence of WMI %Namespace%

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example)

1E-GuaranteedState-Precondition-Wmi-RepositoryConsistent

PreCondition

Check that the WMI repository is consistent

Runs winmgmt.exe /verifyrepository and fails if 'is not consistent' appears in the returned result

Trigger templates

The following table shows the trigger templates included in the Nomad Client Health Integrated Product Pack.

The Parameters column in the following table shows the ranges and default values for the parameters. The default values are used when you create custom rules using these templates, unless you select alternative values.

Name	Readable Payload and summary	Parameters
TriggerTemplate-FileChange	On change of file "<fileName>" When a file changes (Windows only)	File Name File path of file to be monitored, default is null.
TriggerTemplate-IntervalHours	Every <intervalHours> hours Periodic (hours)	Interval Hours 0 to 999 hours (approximately 42 days), default interval is 12 hours.
TriggerTemplate-IntervalMinutes	Every <intervalMinutes> minutes Periodic (minutes)	Interval Minutes 0 to 99,999 minutes (approximately 69 days), default interval is 30 minutes.
TriggerTemplate-IntervalSeconds	Every <intervalSeconds> seconds Periodic (seconds)	Interval Seconds 0 to 999,999 seconds (approximately 11 days), default interval is 3600 seconds (1 hour).
TriggerTemplate-ProcessCrash	On crash of process "<executable>" When a process crashes (Windows only) Monitors the Windows Application Event Log for event 1000. Executable is case insensitive but is required to be the whole filename without the folder path, such as unreliableapp.exe A partial string such as unreliableapp will not trigger on a crash of unreliableapp.exe.	Executable Filename of executable to be monitored, default is empty.
TriggerTemplate-ProcessLaunch	On launch of process "<executable>" When a process starts (Windows only) Monitors the Windows Security Event Log for event 4688.	Executable File path of executable to be monitored, default is empty.
TriggerTemplate-ServiceStatusChange	On change of running state of the "<serviceName>" service When the state of the named Windows service changes You can determine the short name of a service using the PowerShell cmdlet Copy `get-service -DisplayName "Network Location Awareness"` This will return NlaSvc in the above example. It is this short name you specify in the <ServiceName> parameter.	Service Name Short name of service - for example NomadBranch.
TriggerTemplate-WindowsEventLog	On Windows"<channel>"; event log entry matching "<query>" (debounce for <debounce> seconds) When an event log entry is created (Windows only) A channel is an event sink, example standard channel names are Application or Security. To determine the available event channels execute the following PowerShell command: Copy `Get-WinEvent -ListLog ` Or to view the event channels on a remote computer: Copy `Get-WinEvent -ListLog -ComputerName <hostname>` Similarly to view event log entries for a given channel either use Event Viewer or from PowerShell for example: Copy `Get-EventLog application \| where {($_.EntryType -Match "Error") -or ($_.EntryType -Match "Warning")}` Or: Copy `[dateTime]$oneWeekAgo = (get-date).addDays(-7)Get-EventLog -LogName Application -After $oneWeekAgo -computerName . \| ? {$_.EventID -eq 1000}` A query is used to filter the event log messages for a given channel. Examples can be found at Consuming Events (Windows Event Log). For example to query all OneNote application crashes error log messages: [System[(Level=2) and (EventID=1000)]] and [EventData[Data='onenote.exe']] Debounce is a settling period to ensure that in the case of multiple events, only a single event is registered within the space of a given time period.	Channel Text string, default null. Query Text string, default null. Debounce Time Seconds 0 to 99 seconds, default 0.
TriggerTemplate-WindowsRegistryChange	On change of registry values in "<hive>\<subkey>" (include subkeys=<includeSubkeys>) When the value of a Windows registry key changes.	Hive, which must be one of: HKLM (default) HKCR Subkey: free text string, default empty. Include Sub Keys : 1/0 default 0.

Name

Readable Payload and summary

Parameters

TriggerTemplate-FileChange

On change of file "<fileName>"

When a file changes (Windows only)

File Name

File path of file to be monitored, default is null.

TriggerTemplate-IntervalHours

Every <intervalHours> hours

Periodic (hours)

Interval Hours

0 to 999 hours (approximately 42 days), default interval is 12 hours.

TriggerTemplate-IntervalMinutes

Every <intervalMinutes> minutes

Periodic (minutes)

Interval Minutes

0 to 99,999 minutes (approximately 69 days), default interval is 30 minutes.

TriggerTemplate-IntervalSeconds

Every <intervalSeconds> seconds

Periodic (seconds)

Interval Seconds

0 to 999,999 seconds (approximately 11 days), default interval is 3600 seconds (1 hour).

TriggerTemplate-ProcessCrash

On crash of process "<executable>"

When a process crashes (Windows only)

Monitors the Windows Application Event Log for event 1000.

Executable is case insensitive but is required to be the whole filename without the folder path, such as unreliableapp.exe A partial string such as unreliableapp will not trigger on a crash of unreliableapp.exe.

Executable

Filename of executable to be monitored, default is empty.

TriggerTemplate-ProcessLaunch

On launch of process "<executable>"

When a process starts (Windows only)

Monitors the Windows Security Event Log for event 4688.

Executable

File path of executable to be monitored, default is empty.

TriggerTemplate-ServiceStatusChange

On change of running state of the "<serviceName>" service

When the state of the named Windows service changes

You can determine the short name of a service using the PowerShell cmdlet

Copy

get-service -DisplayName "Network Location Awareness"

This will return NlaSvc in the above example. It is this short name you specify in the <ServiceName> parameter.

Service Name

Short name of service - for example NomadBranch.

TriggerTemplate-WindowsEventLog

On Windows"<channel>"; event log entry matching "<query>" (debounce for <debounce> seconds)

When an event log entry is created (Windows only)

A channel is an event sink, example standard channel names are Application or Security.

To determine the available event channels execute the following PowerShell command:

Copy

Get-WinEvent -ListLog *

Or to view the event channels on a remote computer:

Copy

Get-WinEvent -ListLog * -ComputerName <hostname>

Similarly to view event log entries for a given channel either use Event Viewer or from PowerShell for example:

Copy

 Get-EventLog application | where {($_.EntryType -Match "Error") -or ($_.EntryType -Match "Warning")}

Or:

Copy

[dateTime]$oneWeekAgo = (get-date).addDays(-7)Get-EventLog -LogName Application -After $oneWeekAgo -computerName . | ? {$_.EventID -eq 1000}

A query is used to filter the event log messages for a given channel. Examples can be found at Consuming Events (Windows Event Log).

For example to query all OneNote application crashes error log messages:

*[System[(Level=2) and (EventID=1000)]] and *[EventData[Data='onenote.exe']]

Debounce is a settling period to ensure that in the case of multiple events, only a single event is registered within the space of a given time period.

Channel

Text string, default null.

Query

Text string, default null.

Debounce Time Seconds

0 to 99 seconds, default 0.

TriggerTemplate-WindowsRegistryChange

On change of registry values in "<hive>\<subkey>" (include subkeys=<includeSubkeys>)

When the value of a Windows registry key changes.

Hive, which must be one of:

HKLM (default)
HKCR

Subkey: free text string, default empty.

Include Sub Keys : 1/0 default 0.