MEMCM Client Health DEX Pack

DEX Pack used to create the MEMCM Client Health policy.

Overview

Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.

The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.

The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:

  • Ensure the correct version of the CM client is installed and running and assigned to the correct site

  • Ensure the CM client is not stuck in provisioning mode

  • Ensure that heartbeat discovery, inventory and state messages are being sent regularly

  • Ensures the CM client cache is set to the correct size

  • Ensure the CM client log settings are correct

  • Ensure the BITS service exists, configured to start up automatically and is running

  • Ensure the Windows Time service exists with correct startup settings

  • Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running

  • Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent

  • Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source.

This policy is intended for deployment to Windows devices only.

Before deploying the MEMCM Client Health Policy you need to be familiar with its contents and comfortable that you want to apply it to the devices in your network. By default, automated fixes in the Policies provided by 1E are not enabled, this means you will have to specifically enable the ones you want to use before they can take effect.

A new or updated Policy should first be verified by deploying it to a Management Group containing a small number of devices, reviewing the Endpoint Automation reports, and confirming the checks and enabled fixes are working as expected. When you are comfortable with the results you can then deploy to larger Management Groups.

Instructions

This product pack contains no instructions.

Policies

The following table shows the policies included in the Integrated Product Pack.

Name

Description

MEMCM Client Health

The MEMCM (Microsoft Endpoint Manager - Configuration Manager) Client Health policy ensures that the MEMCM client and surrounding technologies are healthy.

Rules

The following table shows the rules included in the above policy. Any parameter values shown in the Check and Fix fragments, Triggers and Precondition fragment columns are specifically set in the rules when the pack is uploaded. These may be different from the default values shown in the Fragments table. You can modify these if required.

Name

Type

Description

Check and Fix fragments

Triggers

Precondition fragment

MEMCM Client Assignment

Fix

Ensure the client is assigned to the right site. Assign it if it isn't.

1E-GuaranteedState-Check-MEMCM-AssignedSite

1E-GuaranteedState-Fix-MEMCM-SetAssignedSite

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

  • 1EClientVersionToCompare=0

  • 1EClientVersionDesiredResult=SameOrHigher

  • DeviceChassisTypeList=%

  • DeviceCpuTypeList=%

  • DeviceDomainList=%

  • DeviceFqdnList=%

  • DeviceManufacturerList=%

  • DeviceModelList=%

  • DeviceRamMBMin=0

  • DeviceRamMBMax=2147483647

  • DeviceTimeZoneOffsetList=

  • -720;-660;-600;-570;-540;-480;

  • -420;-360;-300;-240;-180;-150;

  • -120;-60;0;60;120;180;240;

  • 270;300;330;345;360;390;

  • 420;480;525;540;570;600;

  • 630;660;720;765;780;840

  • DirectoryExists=Exists

  • DirectoryName=%

  • DnsLookupFqdnList=%

  • FileNameExists=Exists

  • FileName=%

  • OsTypeList=Windows

  • OsArchitectureList=%

  • ProcessExists=Doesn't Exist

  • ProcessExecutableList=ccmsetup.exe

  • QuarantineStatus=%

  • RegistryExists=Exists

  • RegistryHive=HKLM

  • RegistryKey=%

  • RegistryValue=%

  • RegistryData=%

  • ServiceExists=Exists

  • ServiceName=Winmgmt

  • ServiceStartAccountName=%

  • ServiceStartType=%

  • ServiceState=Running

  • ServiceTriggerStart=%

  • ServiceType=%

  • SoftwareExists=Exists

  • SoftwareProduct=Configuration Manager Client

  • SoftwarePublisher=Microsoft%

  • SoftwareVersionToCompare=0

  • SoftwareVersionDesiredResult=SameOrHigher

  • WindowsUpdateSource=%

  • WmiNamespace=ROOT\ccm\StateMsg

  • WmiClass=CCM_StateMsg

  • WmiColumn=%

  • WmiWhereClause={none}

  • WmiVersionToCompare=0

  • WmiDesiredResult=SameOrHigher

MEMCM Client Cache Size

Fix

Ensure the MEMCM client cache is set to the right size. Set it if it isn't.

1E-GuaranteedState-Check-MEMCM-CacheSizeBetween

1E-GuaranteedState-Fix-MEMCM-SetCacheSize

Periodic (24 hours)

 

MEMCM Client ClassExists

Check(1)

Ensure the default CCM class exists in WMI.

1E-GuaranteedState-Check-Wmi-ClassExists

1E-GuaranteedState-Fix-MEMCM-InstallClient (1)

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client ClientProvisioningMode

Fix

Ensure the client is not stuck in provisioning mode. Turn it off if it is.

1E-GuaranteedState-Check-MEMCM-ClientProvisioningMode

1E-GuaranteedState-Fix-MEMCM-SetClientProvisioningMode

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client DataDiscoveryRecordSent

Check

Ensure that a data discovery record (DDR) is being sent regularly.

1E-GuaranteedState-Check-MEMCM-DataDiscoveryRecordSent

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client FileCollectionSent

Check

Ensure that file collection is being sent regularly.

1E-GuaranteedState-Check-MEMCM-FileCollectionSent

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client HardwareInventorySent

Check

Ensure that hardware inventory is being sent regularly.

1E-GuaranteedState-Check-MEMCM-HardwareInventorySent

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client IDMIFCollectionSent

Check

Ensure that IDMIF collection is being sent regularly.

1E-GuaranteedState-Check-MEMCM-IDMIFCollectionSent

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client Logging

Check

Ensure the MEMCM client log settings are set to the right values.

1E-GuaranteedState-Check-MEMCM-GlobalLoggingConfiguration

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client NamespaceExists

Check(1)

Ensure the MEMCM (CCM) namespace exists in WMI.

1E-GuaranteedState-Check-Wmi-NamespaceExists

1E-GuaranteedState-Fix-MEMCM-InstallClient (1)

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client SoftwareInventorySent

Check

Ensure that software inventory is being sent regularly.

1E-GuaranteedState-Check-MEMCM-SoftwareInventorySent

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client StateMessagesSent

Check

Ensure that state messages are being sent regularly.

1E-GuaranteedState-Check-MEMCM-StateMessagesSent

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

MEMCM Client Version

Check(1)

Ensure the right version of the client is installed.

1E-GuaranteedState-Check-Software-Version

1E-GuaranteedState-Fix-MEMCM-InstallClient (1)

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Network IPv4 PrimaryAddressInDNS

Check

Check the FQDN matches DNS by looking up the primary IPv4 address in DNS

1E-GuaranteedState-Check-Network-IPv4-PrimaryAddressInDNS

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service BITS DelayedStart

Fix

Ensure that the BITS (Background Intelligent Transfer Service) service is set to Automatic (Delayed Start). Set it if not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service BITS Exists

Check

Ensure that the BITS (Background Intelligent Transfer Service) service exists.

1E-GuaranteedState-Check-Service-Exists

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service BITS Running

Fix

Ensure that the BITS (Background Intelligent Transfer Service) service is running. Start it if it isn't

1E-GuaranteedState-Check-Service-State

1E-GuaranteedState-Fix-Service-Start

Service Status Change

1E-GuaranteedState-Precondition-Multiple

Service ccmexec DelayedStart

Fix

Ensure that the ccmexec (SMS Agent Host) service is set to Automatic (Delayed Start). Set it if not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service ccmexec Exists

Check(1)

Ensure that the ccmexec (SMS Agent Host) service exists.

1E-GuaranteedState-Check-Service-Exists

1E-GuaranteedState-Fix-MEMCM-InstallClient (1)

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service ccmexec Running

Fix

Ensure that the ccmexec (SMS Agent Host) service is running. Start it if it isn't

1E-GuaranteedState-Check-Service-State

1E-GuaranteedState-Fix-Service-Start

Service Status Change

1E-GuaranteedState-Precondition-Multiple

Service W32Time Exists

Check

Ensure that the W32Time (Windows Time) service exists.

1E-GuaranteedState-Check-Service-Exists

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service W32Time Manual

Fix

Ensure that the W32Time (Windows Time) service is set to manual. Set it to manual if it's not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeManual

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service W32Time TriggerStart

Check

Ensure that the W32Time (Windows Time) service is set to trigger start.

1E-GuaranteedState-Check-Service-TriggerStart

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service Winmgmt Automatic

Fix

Ensure that the Winmgmt (Windows Management Instrumentation) service is set to automatic. Set it to automatic if it's not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeAutomatic

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service Winmgmt Exists

Check

Ensure that the Winmgmt (Windows Management Instrumentation) service exists.

1E-GuaranteedState-Check-Service-Exists

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service Winmgmt Running

Fix

Ensure that the Winmgmt (Windows Management Instrumentation) service is running. Start it if it isn't

1E-GuaranteedState-Check-Service-State

1E-GuaranteedState-Fix-Service-Start

Service Status Change

1E-GuaranteedState-Precondition-Multiple

Service wuauserv Exists

Check(2)

Ensure that the wuauserv (Windows Update) service exists.

1E-GuaranteedState-Check-Service-Exists

1E-GuaranteedState-Fix-WindowsUpdate-ResetWindowsUpdate (2)

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service wuauserv Manual

Fix

Ensure that the wuauserv (Windows Update) service is set to manual. Set it to manual if it's not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeManual

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

Service wuauserv TriggerStart

Check

Ensure that the wuauserv (Windows Update) service is set to trigger start.

1E-GuaranteedState-Check-Service-TriggerStart

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

WindowsUpdate ConnectionOK

Check

Ensure the connection to Windows Update is OK

1E-GuaranteedState-Check-WindowsUpdate-ConnectionOK

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

WindowsUpdate Source

Check

Ensure the connection to Windows Update is using the right source (Configuration Manager, WSUS, Microsoft Update)

1E-GuaranteedState-Check-WindowsUpdate-Source

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

WMI cimv2 NamespaceExists

Check

Ensure the default (cimv2) namespace exists in WMI.

1E-GuaranteedState-Check-Wmi-NamespaceExists

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

WMI Repository Consistency

Fix

Ensure the WMI repository is consistent. Salvage the repository or (optionally) reset it if inconsistent.

1E-GuaranteedState-Check-Wmi-Repository

1E-GuaranteedState-Fix-Wmi-Repository

Periodic (24 hours)

1E-GuaranteedState-Precondition-Multiple

WMI Win32_ComputerSystem ClassExists

Check

Ensure the default Win32_ComputerSystem class exists in WMI.

1E-GuaranteedState-Check-Wmi-ClassExists

Periodic (60 min)

1E-GuaranteedState-Precondition-Multiple

Fragments

The Parameters column in the following table shows the ranges and default values for the parameters. The default values are used when you create custom rules using these fragments, unless you select alternative values.

Fragments used in MEMCM Client Health Policy rules

The following fragments are used by the rules defined above in the MEMCM Client Health policy.

Name

Type

Readable Payload and summary

Parameters

1E-GuaranteedState-Check-MEMCM-AssignedSite

Check

Check the CM client has been assigned to site %SiteCode%

SiteCode

Check to see if the MEMCM client is assigned to this site code

1E-GuaranteedState-Check-MEMCM-CacheSizeBetween

Check

Check the CM cache size is between %MinMB% and %MaxMB%

MinMB

The cache size should be at least this big (in Megabytes)

MaxMBThe cache size should be at most this big (in Megabytes)

1E-GuaranteedState-Check-MEMCM-ClientProvisioningMode

Check

Check the CM ClientProvisioningMode is set to %TrueFalse%

TrueFalse

True represents client provisioning ON, False represents client provisioning OFF

1E-GuaranteedState-Check-MEMCM-DataDiscoveryRecordSent

Check

Check the CM client has sent a DDR (Data Discovery Record) within the last %Days% days

Days

Look for DDRs sent back in this number of days

1E-GuaranteedState-Check-MEMCM-FileCollectionSent

Check

Check the CM client has performed a file collection within the last %Days% days

Days

Look for file collection sent back in this number of days

1E-GuaranteedState-Check-MEMCM-GlobalLoggingConfiguration

Check

Check the CM client logging is configured with %Loglevel%, %MaxSize%, %MaxHistoryFiles% and %DebugLogging% settings

LogLevel

The logging level

Valid Values: Verbose, Normal, None

MaxSize

The maximum size (in Bytes) that the MEMCM logs may grow before rolling over

MaxHistoryFiles

The number of incremented log files to accumulate before deleting

DebugLogging

True means debug logging should be on, False means it should be off

1E-GuaranteedState-Check-MEMCM-HardwareInventorySent

Check

Check the CM client has sent hardware inventory within the last %Days% days

Days

Look for hardware inventory data sent back in this number of days

1E-GuaranteedState-Check-MEMCM-IDMIFCollectionSent

Check

Check the CM client has performed an IDMIF collection within the last %Days% days

Days

Look for IDMIFs sent back within this number of days

1E-GuaranteedState-Check-MEMCM-SoftwareInventorySent

Check

Check the CM client has sent software inventory within the last %Days% days

Days

Look for software inventory data sent back within this number of days

1E-GuaranteedState-Check-MEMCM-StateMessagesSent

Check

Check the CM client has sent state messages within the last %Days% days

Days

Look for state messages sent back within this number of days

1E-GuaranteedState-Check-Network-IPv4-PrimaryAddressInDNS

Check

Check the Device FQDN matches the value from DNS

Take the primary IP address for the default route and look it up in DNS. Make sure the fqdn from device summary matches the fqdn returned from DNS

 

1E-GuaranteedState-Check-Service-Exists

Check

Check that %ServiceName% service exists

ServiceName

Shortname of the service

1E-GuaranteedState-Check-Service-StartType

Check

Check that %ServiceName% start type is %StartType%

ServiceName

Shortname of the service

StartType

The startup setting for the service

Valid Values:

  • Automatic

  • Automatic (Delayed Start)

  • Boot

  • Disabled

  • Manual

  • System

1E-GuaranteedState-Check-Service-State

Check

Check the %ServiceName% service is in %State% state

For completeness, all valid service states are included. Realistically, however, making a precondition out of transition states like

  • About To Continue

  • Pausing

  • Starting

  • Stopping

isn't a very good idea as a service will only be in that state for a very short time.

ServiceName

Shortname of the service

StateThe state the service should be in

Valid Values:

  • About to Continue

  • Pausing

  • Paused

  • Running

  • Starting

  • Stopping

  • Stopped

1E-GuaranteedState-Check-Service-TriggerStart

Check

Check the %ServiceName% service is set to start on a trigger

The actual trigger is not checked or reported

ServiceName

Shortname of the service

1E-GuaranteedState-Check-Software-Version

Check

Check for the existence of %Publisher% %Product% with version %VersionDesiredResult% than %VersionToCompare%

Checks if the specified Publisher and Product is installed and that the version is lower, same or higher than the target (VersionToCompare)

Publisher

Check for this publisher name

Product

Check for this product name

VersionToCompare

The software product version to use as the comparison

DEFAULT: 0

VersionDesiredResultThe outcome that's desired when the software product version is compared to VersionToCompare

Valid values:

  • SameOrLower

  • Lower

  • Lower_MajorLower

  • Lower_SameMajor

  • Lower_SameMajorMinor

  • Lower_SameMajorMinorRelease

  • Same

  • Higher_SameMajorMinorRelease

  • Higher_SameMajorMinor

  • Higher_SameMajor

  • Higher_MajorHigher

  • Higher

  • SameOrHigher

DEFAULT: SameOrHigher

1E-GuaranteedState-Check-WindowsUpdate-ConnectionOK

Check

Check that the client can connect to the configured Windows Update source

 

1E-GuaranteedState-Check-WindowsUpdate-Source

Check

Check Windows Update agent is configured to use %Source% as source

If Source is set to % (Default) this will check each of the sources and pass with the first one that succeeds.

Source

The windows update source (% wildcard accepted)

Valid Values:

  • SCCM (MEMCM)

  • WSUSL (WSUS - Local)

  • WSUSR (WSUS - Remote)

  • %

DEFAULT: %

1E-GuaranteedState-Check-Wmi-ClassExists

Check

Check that WMI %Class% exists in %Namespace%

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example)

ClassThe WMI class that should exist in specified namespace

1E-GuaranteedState-Check-Wmi-NamespaceExists

Check

Check that WMI %Namespace% exists

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example)

1E-GuaranteedState-Check-Wmi-Repository

Check

Check that the WMI repository is consistent

Runs winmgmt.exe /verifyrepository and fails if 'is not consistent' appears in the returned result

 

1E-GuaranteedState-Fix-MEMCM-SetAssignedSite

Fix

Set CM assigned site to %SiteCode%

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: SetAssignedSite

sSiteCode: %SiteCode%

SiteCode

Assign the client to this site code

1E-GuaranteedState-Fix-MEMCM-SetCacheSize

Fix

Set CM client cache size to %MaxMB% MB

Com Object: UIResource.UIResourceMgr.GetCacheInfo().TotalSize

MaxMB

The cache size should be at least this size (in MB)

DEFAULT: 5120

1E-GuaranteedState-Fix-MEMCM-SetClientProvisioningMode

Fix

Set MEMCM client provisioning mode to %TrueFalse%

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: SetClientProvisioningMode

bEnable: <true/false>

TrueFalse

True sets client provisioning mode to ON

False sets client provisioning mode to OFF

DEFAULT: False

Valid Values:

True

False

1E-GuaranteedState-Fix-Service-SetStartTypeAutomatic

Fix

Set %ServiceName% service to Automatic start type and confirm change within %Timeout% seconds

ServiceName

The name of the service on which we want to operate

Timeout

The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not

DEFAULT: 15

1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart

Fix

Set %ServiceName% service to Automatic (Delayed Start) start type and confirm change within %Timeout% seconds

ServiceName

The name of the service on which we want to operate

Timeout

The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not

DEFAULT: 15

1E-GuaranteedState-Fix-Service-SetStartTypeManual

Fix

Set %ServiceName% service to Manual start type and confirm change within %Timeout% seconds

ServiceName

The name of the service on which we want to operate

Timeout

The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not

DEFAULT: 15

1E-GuaranteedState-Fix-Service-Start

FIx

Start %ServiceName% service and confirm as started within %Timeout% seconds

ServiceName

The name of the service on which we want to operate

Timeout

The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not

DEFAULT: 15

1E-GuaranteedState-Fix-Wmi-Repository

Fix

Fix the consistency of the WMI Repository and ResetRepository command if %ResetRepository%=True

SALVAGE:

winmgmt /salvagerepository

RESET: (optional)

winmgmt /resetrepository

ResetRepository True will reset the WMI repository (only if salvage fails)

False will only try to salvage

1E-GuaranteedState-Precondition-Multiple

PreCondition

Multiple checks using specified parameters

%1EClientVersionToCompare%
%1EClientVersionDesiredResult%
%DeviceChassisTypeList%
%DeviceCpuTypeList%
%DeviceDomainList%
%DeviceFqdnList%
%DeviceManufacturerList%
%DeviceModelList%
%DeviceRamMBMin%
%DeviceRamMBMax%
%DeviceTimeZoneOffsetList%
%DirectoryExists%
%DirectoryName%
%DnsLookupFqdnList%
%FileNameExists%
%FileName%
%OsTypeList%
%OsArchitectureList%
%ProcessExists%
%ProcessExecutableList%
%QuarantineStatus%
%RegistryExists%
%RegistryHive%
%RegistryKey%
%RegistryValue%
%RegistryData%
%ServiceExists%
%ServiceName%
%ServiceStartAccountName%
%ServiceStartType%
%ServiceState%
%ServiceTriggerStart%
%ServiceType%
%SoftwareExists%
%SoftwareProduct%
%SoftwarePublisher%
%SoftwareVersionToCompare%
%SoftwareVersionDesiredResult%
%WindowsUpdateSource%
%WmiNamespace%
%WmiClass%
%WmiColumn%
%WmiWhereClause%
%WmiVersionToCompare%
%WmiDesiredResult%

Most parameters will be ignored if % is entered so they don't take up any resources trying to lookup a precondition on something that isn't relevant. The default values for the parameters will do this.

In other words, if you don't want to search for a precondition on something like a directory, leave it's parameters at their defaults and it will skip the search for that.

1E Client...

1EClientVersionToCompare

The version to use as the comparison

DEFAULT: 0

1EClientVersionDesiredResult

The outcome that's desired when the 1E Client Version is compared to the passed in version

DEFAULT: Same or Higher

Device details...

DeviceChassisTypeList

A semi-colon separated list of acceptable ChassisType values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceCpuTypeList

A semi-colon separated list of acceptable CpuType values. (% wildcards are acceptable within each item

DEFAULT: %

DeviceDomainList

A semi-colon separated list of acceptable Domain values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceFqdnList

A semi-colon separated list of acceptable Fqdn values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceManufacturerList

A semi-colon separated list of acceptable Manufacturer values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceModelList

A semi-colon separated list of acceptable Model values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceRamMBMin

The minimum amount of RAM (in MB) a device should have

DEFAULT: 0

DeviceRamMBMax

The minimum amount of RAM (in MB) a device should have

DEFAULT: 9223372036854775807

DeviceTimeZoneOffsetList

A semi-colon separated list of acceptable time zone offsets

Directory and File...

DirectoryExists

Exists if the directory should exist

Doesn't Exist if the directory shouldn't exist

DEFAULT: %

DirectoryName

The name of the directory to check for existence

DEFAULT: %

FileNameExists

Exists if the file should exist

Doesn't Exist if the file shouldn't exist

DEFAULT: Exists

FileName

The name of the file to check for existence

DEFAULT: %

DNS...

DnsLookupFqdnList

A semi-colon separated list of acceptable Fqdns that have been looked up in DNS by the device

DEFAULT: %

Operating System...

OsArchitectureList

A semi-colon separated list of acceptable OS Architectures

DEFAULT: %

OsTypeList

A semi-colon separated list of acceptable OS Types

DEFAULT: %

Process...

ProcessExists

Exists if the process should exist

Doesn't Exist if the process shouldn't exist

DEFAULT: Exists

ProcessExecutableList

A semi-colon separated list of acceptable processes

DEFAULT: %

Quarantine...

QuarantineStatus

Quarantined if the device should be quarantined

NotQuarantined if the device should not be quarantined

DEFAULT: %

Registry Key...

RegistryExists

Exists if the registry key should exist

Doesn't Exist if the registry key should not exist

DEFAULT: Exists

RegistryHive

The registry hive in which the registry key should exist.

Valid Values:

  • HKCR

  • HKCC

  • HKCU

  • HKLM

  • HKU

  • %

DEFAULT: %

RegistryKey

The registry key to find in the specified hive

DEFAULT: %

RegistryValue

Exists if the registry key value should exist

Doesn't Exist if the registry key value should not exist

DEFAULT: Exists

RegistryData

Exists if the registry key value data should exist

Doesn't Exist if the registry key value data should not exist

DEFAULT: Exists

Service...

ServiceExists Exists if the registry key value data should exist

Doesn't Exist if the registry key value data should not exist

DEFAULT: Exists

ServiceName

The short name of the service

DEFAULT: %

ServiceStartAccountName

The account name under which the service starts

DEFAULT: %

ServiceStartType

The start type of the service.

Valid Values:

  • Automatic

  • Automatic (Delayed Start)

  • Boot

  • Disabled

  • Manual

  • System

  • %

DEFAULT: %

ServiceState

The state the service should be in

Valid Values:

  • About to Continue

  • Pausing

  • Paused

  • Running

  • Starting

  • Stopping

  • Stopped

  • %

DEFAULT: %

ServiceTriggerStart

Is the service set to TriggerStart

Valid Values:

  • True

  • False

  • %

DEFAULT: %

ServiceType

The type of service (use {none} to match null/empty value)

Valid Values:

  • {none}

  • File system driver

  • Kernel driver

  • Own process

  • Shared process

  • %

DEFAULT: %

Software...

SoftwareExists

Exists if the software should exist

Doesn't Exist if the software shouldn't exist

DEFAULT: Exists

SoftwareProduct

Check for this product name

DEFAULT: %

SoftwarePublisher

Check for this publisher name

DEFAULT: %

SoftwareVersionToCompareThe software product version to use as the comparison

DEFAULT: 0

SoftwareVersionDesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

  • SameOrLower

  • Lower

  • Lower_MajorLower

  • Lower_SameMajor

  • Lower_SameMajorMinor

  • Lower_SameMajorMinorRelease

  • Same

  • Higher_SameMajorMinorRelease

  • Higher_SameMajorMinor

  • Higher_SameMajor

  • Higher_MajorHigher

  • Higher

  • SameOrHigher

DEFAULT: SameOrHigher

Windows Update...

WindowsUpdateSource

The source to check for Windows Update connectivity

Valid Values:

  • SCCM (MEMCM)

  • WSUSL (WSUS - Local)

  • WSUSR (WSUS - Remote)

  • %

DEFAULT: %

WMI...

WmiNamespace The WMI namespace to check existence (ROOT\cimv2 for example)

WmiClassThe WMI class that should exist in specified namespace (ignored if %)

WmiWhereClause

The WHERE clause to use when querying this class (use {none} for no filter)

WmiColumn

The column name from querying the class which holds a version string

WmiVersionToCompare

The software product version to use as the comparison

DEFAULT: 0

WmiVersionDesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

  • SameOrLower

  • Lower

  • Lower_MajorLower

  • Lower_SameMajor

  • Lower_SameMajorMinor

  • Lower_SameMajorMinorRelease

  • Same

  • Higher_SameMajorMinorRelease

  • Higher_SameMajorMinor

  • Higher_SameMajor

  • Higher_MajorHigher

  • Higher

  • SameOrHigher

DEFAULT: SameOrHigher

Spare fragments

The following fragments are included in the MEMCM Client Health Integrated Product Pack but are not used in any predefined rules. You can use these in rules that you create or modify in any policy.

Name

Type

Readable Payload and summary

Parameters

1E-GuaranteedState-Check-MEMCM-CertificateInStore

Check

Check that the CM certificate is in the certificate store by looking in the CM client logs located in %MEMCMLogsDirectory%

This checks the ClientIDManagerStartup.log for "Failed to find the certificate in the store" error messages, which indicates the CM client certificate is likely missing.

MEMCMLogsDirectory

The full path to the MEMCM client logs directory (%Environment% variables accepted)

1E-GuaranteedState-Check-MEMCM-ClientCommunication

Check

Check that the CM client has sent data back within the last %Days% days.

This checks to see if hardware inventory, software inventory, DDRs or IDMIFs have been sent anytime in the past %Days% days.

Days

Look for client messages sent back in this number of days

1E-GuaranteedState-Check-MEMCM-MachinePolicyValid

Check

Check that the CM client has checked for machine policy within the last %Days% days

Days

Look for machine policy validated within this number of days

1E-GuaranteedState-Check-MEMCM-UserPolicyValid

Check

Check that the CM client has checked for user policy within the last %Days% days

Days

Look for user policy validated within this number of days

1E-GuaranteedState-Fix-MEMCM-InstallClient

FIx

Install the CM client using CCMSETUP.EXE from %CcmSetupFileUrl% having size %CcmSetupFileSize% and hash %CcmSetupFileHash% with command line options

%SourceList%
%MpList%
%RetryMinutes%
%ServiceNoService%
%InstallUninstall%
%Logon%
%ForceReboot%
%BITSPriority%
%DownloadTimeout%
%UsePKICert%
%NoCRLCheck%
%ConfigFile%
%SkipPrereqFileList%
%ForceInstall%
%ExcludeFeaturesList%
%CcmSetupMsiProperties%
%ClientMsiProperties%

This is essentially a front-end for the ccmsetup.exe installation parameters found in Microsoft Documentation.

See https://docs.microsoft.com/en-us/configmgr/core/clients/deploy/about-client-installation-properties for more information about the installation parameters.

Expand parameters...

CcmSetupFileUrlEither the full HTTP or HTTPS URL path to the ccmsetup.exe file on a web server or the relative path to be appended to the Content directory under the background channel URL

DEFAULT: ccmsetup.exe

CcmSetupFileSizeThe size of the ccmsetup.exe file in bytes

DEFAULT: 4099328

CcmSetupFileHash

The SHA256 hash of the ccmsetup.exe file

DEFAULT: ab85f58b0cc257d25628384b0ec8fab1f9e15ca2b110a1e425e86e56b47ebde1

SourceList

A semicolon ; delimited list of download locations for setup media

DEFAULT: {none}

MpList

A semicolon ; delimited list of management points or cloud management gateway

DEFAULT: {none}

RetryMinutes

The retry interval in minutes to retry setup if it fails to download installation files. -1 to ignore this parameter

DEFAULT: -1

ServiceNoServiceTells setup to install as a service or no service

DEFAULT: Service

Valid Values:

Service

NoService

InstallUninstall

Tell setup to install or uninstall the client

DEFAULT: Install

Valid Values:

Install

Uninstall

Logon

If any version of the client is already installed, install will stop

DEFAULT: False

Valid Values:

True

False

ForceReboot

Setup should force the client to reboot if necessary to complete installation

Valid Values:

True

False

BITSPriority

Download priority when client installation files are downloaded over HTTP connection

DEFAULT: Normal

Valid Values:

Foreground

High

Normal

Low

DownloadTimeout

Length of time in minutes that setup tries to download the installation files before stopping

DEFAULT: 1440

UsePKICert

Uses a PKI cert that includes client authentication, if available. If can't find a valid cert, it uses HTTP with self-signed cert.

DEFAULT: False

Valid Values:

True

False

NoCRLCheck

Client won't check the cert revocation list when it uses HTTPS with PKI cert

DEFAULT: False

Valid Values:

True

False

ConfigFile

The name of a text file that lists client installation properties

DEFAULT: {none}

SkipPrereqFileList

A semicolon ; delimited list of prerequisite files that will be skipped during install

DEFAULT: {none}

ForceInstall

Uninstall any existing client and install a new client

DEFAULT: False

Valid Values:

True

False

ExcludeFeaturesList

Do not install the semicolon ; delimited list of features (ClientUI is supported) when installing the client

DEFAULT: {none}

Valid Values:

ClientUI

CcmSetupMsiProperties

Properties that modify the installation behavior of ccmsetup.msi

DEFAULT: {none}

ClientMsiProperties

Properties that modify the installation behavior of client.msi

DEFAULT: {none}

1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerGlobalEvaluationAction

Fix

Invoke CM Application manager global evaluation action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000123}

 

1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerPolicyAction

Fix

Invoke CM Application manager policy action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000121}

 

1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerUserPolicyAction

Fix

Invoke CM Application manager user policy action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000122}

 

1E-GuaranteedState-Fix-MEMCM-InvokeBranchDistributionPointMaintenanceTask

Fix

Invoke CM branch distribution point maintenance task

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000109}

 

1E-GuaranteedState-Fix-MEMCM-InvokeClearingProxySettingsCache

Fix

Invoke CM clearing proxy settings cache action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000037}

 

1E-GuaranteedState-Fix-MEMCM-InvokeClientMachineAuthentication

Fix

Invoke CM client machine authentication action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000012}

 

1E-GuaranteedState-Fix-MEMCM-InvokeDataDiscoveryRecord

Fix

Invoke CM data discovery record action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000001}

 

1E-GuaranteedState-Fix-MEMCM-InvokeDiscoveryDataCollectionCycle

Fix

Invoke CM discovery data collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000103}

 

1E-GuaranteedState-Fix-MEMCM-InvokeEndpointAMPolicyReevaluate

Fix

Invoke CM Endpoint Protection Antimalware policy reevaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000222}

 

1E-GuaranteedState-Fix-MEMCM-InvokeEndpointDeploymentReevaluate

Fix

Invoke CM Endpoint Protection deployment reevaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000221}

 

1E-GuaranteedState-Fix-MEMCM-InvokeExternalEventDetection

Fix

Invoke CM external event detection

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000223}

 

1E-GuaranteedState-Fix-MEMCM-InvokeFileCollection

Fix

Invoke CM file collection

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000010}

 

1E-GuaranteedState-Fix-MEMCM-InvokeFileCollectionCycle

Fix

Invoke CM file collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000104

 

1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventory

Fix

Invoke CM hardware inventory

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000001}

 

1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventoryCollectionCycle

Fix

Invoke MEMCM hardware inventory collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000101}

 

1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollection

Fix

Invoke CM IDMIF collection

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000011}

 

1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollectionCycle

Fix

Invoke CM IDMIF collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000105}

 

1E-GuaranteedState-Fix-MEMCM-InvokeLSRefreshLocationsTask

FIx

Invoke CM client Location Services refresh locations task

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000024}

 

1E-GuaranteedState-Fix-MEMCM-InvokeLSTimeoutRefreshTask

Fix

Invoke CM client Location Services timeout refresh action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000025}

 

1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAgentCleanup

Fix

Invoke CM machine policy agent cleanup action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000040}

 

1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAssignmentsRequest

Fix

Invoke CM machine policy assignments request

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000021}

 

1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyEvaluation

Fix

Invoke CM machine policy evaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000022}

 

1E-GuaranteedState-Fix-MEMCM-InvokePeerDpPendingPackageCheckSchedule

Fix

Invoke CM peer DP pending package check schedule

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000062}

 

1E-GuaranteedState-Fix-MEMCM-InvokePeerDpStatusReporting

Fix

Invoke CM peer DP status reporting

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000061}

 

1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentEvaluateAssignmentUser

Fix

Invoke CM User policy evaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000027}

 

1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentRequestAssignmentUser

Fix

Invoke CM User policy request

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000026}

 

1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateMachinePolicyAssignment

Fix

Invoke CM machine policy / assignment validation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000042}

 

1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateUserPolicyAssignment

Fix

Invoke CM user policy / assignment validation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000043}

 

1E-GuaranteedState-Fix-MEMCM-InvokePowerManagementStartSummarizer

Fix

Invoke CM power management start summarizer

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000131}

 

1E-GuaranteedState-Fix-MEMCM-InvokeRefreshDefaultMPTask

Fix

Invoke CM refresh default MP task

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000023}

 

1E-GuaranteedState-Fix-MEMCM-InvokeRetryingRefreshingCertificatesInAdOnMp

Fix

Invoke CM retrying/refreshing certificates in AD on MP

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000051}

 

1E-GuaranteedState-Fix-MEMCM-InvokeScanByUpdateSource

Fix

Invoke CM scan by update source

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000113}

 

1E-GuaranteedState-Fix-MEMCM-InvokeSchedule

Fix

Invoke CM client %Schedule% action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: <ScheduleID>

List of ScheduleIDs:

Name

ScheduleId

Hardware Inventory

{00000000-0000-0000-0000-000000000001}

Software Inventory

{00000000-0000-0000-0000-000000000002}

Data Discovery Record

{00000000-0000-0000-0000-000000000003}

File Collection

{00000000-0000-0000-0000-000000000010}

IDMIF Collection

{00000000-0000-0000-0000-000000000011}

Client Machine Authentication

{00000000-0000-0000-0000-000000000012}

Machine Policy Assignments Request

{00000000-0000-0000-0000-000000000021}

Machine Policy Evaluation

{00000000-0000-0000-0000-000000000022}

Refresh Default MP Task

{00000000-0000-0000-0000-000000000023}

LS (Location Service) Refresh Locations Task

{00000000-0000-0000-0000-000000000024}

LS (Location Service) Timeout Refresh Task

{00000000-0000-0000-0000-000000000025}

Policy Agent Request Assignment (User)

{00000000-0000-0000-0000-000000000026}

Policy Agent Evaluate Assignment (User)

{00000000-0000-0000-0000-000000000027}

Software Metering Generating Usage Report

{00000000-0000-0000-0000-000000000031}

Source Update Message

{00000000-0000-0000-0000-000000000032}

Clearing proxy settings cache

{00000000-0000-0000-0000-000000000037}

Machine Policy Agent Cleanup

{00000000-0000-0000-0000-000000000040}

User Policy Agent Cleanup

{00000000-0000-0000-0000-000000000041}

Policy Agent Validate Machine Policy / Assignment

{00000000-0000-0000-0000-000000000042}

Policy Agent Validate User Policy / Assignment

{00000000-0000-0000-0000-000000000043}

Retrying/Refreshing certificates in AD on MP

{00000000-0000-0000-0000-000000000051}

Peer DP Status reporting

{00000000-0000-0000-0000-000000000061}

Peer DP Pending package check schedule

{00000000-0000-0000-0000-000000000062}

SUM Updates install schedule

{00000000-0000-0000-0000-000000000063}

Hardware Inventory Collection Cycle

{00000000-0000-0000-0000-000000000101}

Software Inventory Collection Cycle

{00000000-0000-0000-0000-000000000102}

Discovery Data Collection Cycle

{00000000-0000-0000-0000-000000000103}

File Collection Cycle

{00000000-0000-0000-0000-000000000104}

IDMIF Collection Cycle

{00000000-0000-0000-0000-000000000105}

Software Metering Usage Report Cycle

{00000000-0000-0000-0000-000000000106}

Windows Installer Source List Update Cycle

{00000000-0000-0000-0000-000000000107}

Software Updates Assignments Evaluation Cycle

{00000000-0000-0000-0000-000000000108}

Branch Distribution Point Maintenance Task

{00000000-0000-0000-0000-000000000109}

Send Unsent State Message

{00000000-0000-0000-0000-000000000111}

State System policy cache cleanout

{00000000-0000-0000-0000-000000000112}

Scan by Update Source

{00000000-0000-0000-0000-000000000113}

Update Store Policy

{00000000-0000-0000-0000-000000000114}

State system policy bulk send high

{00000000-0000-0000-0000-000000000115}

State system policy bulk send low

{00000000-0000-0000-0000-000000000116}

Application manager policy action

{00000000-0000-0000-0000-000000000121}

Application manager user policy action

{00000000-0000-0000-0000-000000000122}

Application manager global evaluation action

{00000000-0000-0000-0000-000000000123}

Power management start summarizer

{00000000-0000-0000-0000-000000000131}

Endpoint deployment reevaluate

{00000000-0000-0000-0000-000000000221}

Endpoint AM policy reevaluate

{00000000-0000-0000-0000-000000000222}

External event detection

{00000000-0000-0000-0000-000000000223}

 

Schedule

The MEMCM client schedule (client action) to trigger

Valid Values: Select a name from the table in the Summary column. These are presented as a dropdown in the UI. The string values are converted to the ScheduleID required by the WMI method.

1E-GuaranteedState-Fix-MEMCM-InvokeSendUnsentStateMessage

Fix

Invoke CM send unsent state message action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000111}

 

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventory

Fix

Invoke CM software inventory action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000002}

 

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventoryCollectionCycle

Fix

Invoke CM software inventory collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000102}

 

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringGeneratingUsageReport

Fix

Invoke CM software metering generate usage report action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000031}

 

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringUsageReportCycle

Fix

Invoke CM software metering usage report cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000106}

 

1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareUpdatesAssignmentsEvaluationCycle

Fix

Invoke CM software updates assignments evaluation cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000108}

 

1E-GuaranteedState-Fix-MEMCM-InvokeSourceUpdateMessage

Fix

Invoke CM source update message

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000032}

 

1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendHigh

Fix

Invoke CM state system policy bulk send high

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000115}

 

1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendLow

Fix

Invoke CM state system policy bulk send low

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000116}

 

1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyCacheCleanout

Fix

Invoke CM state system policy cache cleanout

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000112}

 

1E-GuaranteedState-Fix-MEMCM-InvokeSumUpdatesInstallSchedule

Fix

Invoke CM Software Updates install schedule

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000063}

 

1E-GuaranteedState-Fix-MEMCM-InvokeUpdateStorePolicy

Fix

Invoke CM update store policy

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000114}

 

1E-GuaranteedState-Fix-MEMCM-InvokeUserPolicyAgentCleanup

Fix

Invoke CM user policy agent cleanup

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000041}

 

1E-GuaranteedState-Fix-MEMCM-InvokeWindowsInstallerSourceListUpdateCycle

Fix

Invoke CM Windows Installer source list update cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000107}

 

1E-GuaranteedState-Fix-MEMCM-RefreshServerComplianceState

Fix

Refresh CM server compliance state

Com Object: Microsoft.CCM.UpdatesStore.RefreshServerComplianceState()

 

1E-GuaranteedState-Fix-MEMCM-ResetPolicy

Fix

Reset CM policy

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: ResetPolicy

uFlags: <see list below>

Name

Flag

RequestFullPolicy

0

PurgeAndRequestFullPolicy

1

 

ResetOption

Valid values

  • RequestFullPolicywill request a full instead of delta.

  • PurgeAndRequestFull will completely remove the existing policy and request full (possibly re-running deployments).

These are presented as a dropdown in the UIO and converted to the numeric value required by the WMI method.

1E-GuaranteedState-Fix-WindowsUpdate-ResetWindowsUpdate

Fix

Completely reset Windows Update from scratch (Experimental)

Process mostly inspired Reset-WindowsUpdate.ps1 and tweaked a little to be more forceful

Process also inspired by https://www.definit.co.uk/2012/02/powershell-recursively-taking-ownership-of-files-and-folders-and-adding-permissions-without-removing-existing-permissions/

This is a very destructive and involved process. It should only be used as a last resort to fix a broken Windows Update system.

The machine will be somewhat unusable until it is rebooted and should be rebooted right away.

Many different and unrelated apps may throw odd and misleading errors until the reboot happens.

General process:

  1. Stop Windows Update Services

    1. Stop BITS

    2. Stop wuauserv

    3. Stop appidsvc

    4. Stop cryptsvc

  2. Remove QMGR Data File

  3. Rename the software distribution and CatRoot folders

  4. Remove the old Windows Update log

  5. Reset the Windows Update services to default settings (bits and wuauserv anyway)

  6. Re-Register a pile of DLLS related to windows update and surrounding technologies

  7. Remove the WSUS client settings from the registry

  8. Reset WinSock

  9. Delete any-and-all BITS jobs

  10. Install the Windows Update Agent (KB2937636)

  11. Force discovery

  12. Reboot

 

1E-GuaranteedState-Precondition-1EClient-Version

PreCondition

Checks for the existence of the 1E client with version lower, same or higher (%DesiredResults%) than %VersionToCompare%.

VersionToCompare

A version number to compare against the installed 1E Client version number.

Examples:

5

5.0

5.0.0

5.0.0.745

DEFAULT: 0

DesiredResultsThe outcome that's desired when actual version is compared to passed in version.

DEFAULT: SameOrHigher

Valid values:

  • SameOrLower

  • Lower

  • Lower_MajorLower

  • Lower_SameMajor

  • Lower_SameMajorMinor

  • Lower_SameMajorMinorRelease

  • Same

  • Higher_SameMajorMinorRelease

  • Higher_SameMajorMinor

  • Higher_SameMajor

  • Higher_MajorHigher

  • Higher

  • SameOrHigher

1E-GuaranteedState-Precondition-MEMCM-AssignedSite

PreCondition

Check the CM client is assigned to %SiteCode%

SiteCode

Check to see if the MEMCM client is assigned to this site code

1E-GuaranteedState-Precondition-MEMCM-CacheSizeBetween

PreCondition

Check the CM cache size is between %MinMB% and %MaxMB%

MinMB

The cache size should be at least this big (in Megabytes)

MaxMBThe cache size should be at most this big (in Megabytes)

1E-GuaranteedState-Precondition-MEMCM-CertificateInStore

PreCondition

Check the CM certificate is in the certificate store by checking CM log files in %MEMCMLogsDirectory%

This checks the ClientIDManagerStartup.log for "Failed to find the certificate in the store" error messages, which indicates the CM client certificate is likely missing.

MEMCMLogsDirectory

The full path to the MEMCM client logs directory (%Environment% variables accepted)

1E-GuaranteedState-Precondition-MEMCM-ClientCommunication

PreCondition

Check the CM client has sent data back within the last %Days% days

This checks to see if hardware inventory, software inventory, DDRs or IDMIFs have been sent anytime in the past %Days% days.

Days

Look for client messages sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-ClientProvisioningMode

PreCondition

Check if the CM ClientProvisioningMode is set to %TrueFalse%

TrueFalse

True represents client provisioning ON, False represents client provisioning OFF

1E-GuaranteedState-Precondition-MEMCM-DataDiscoveryRecordSent

PreCondition

Check the CM client has sent a DDR (Data Discovery Record) within the last %Days% days

Days

Look for DDRs sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-FileCollectionSent

PreCondition

Check the CM client has performed a file collection within the last %Days% days

Days

Look for file collection sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-GlobalLogginConfiguration

PreCondition

 Check the CM client logging is configured with %Loglevel%, %MaxSize%, %MaxHistoryFiles% and %DebugLogging% settingsconfiguration %LogLevel% %MaxSize% %MaxHistoryFiles% %DebugLogging%

LogLevel

The logging level

Valid Values: Verbose, Normal, None

MaxSize

The maximum size (in Bytes) that the MEMCM logs may grow before rolling over

MaxHistoryFiles

The number of incremented log files to accumulate before deleting

DebugLogging

True means debug logging should be on, False means it should be off

1E-GuaranteedState-Precondition-MEMCM-HardwareInventorySent

PreCondition

Check the CM client has sent hardware inventory within the last %Days% days

Days

Look for hardware inventory data sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-IDMIFCollectionSent

PreCondition

Check the CM client has performed an IDMIF collection within the last %Days% days

Days

Look for IDMIFs sent back within this number of days

1E-GuaranteedState-Precondition-MEMCM-MachinePolicyValid

PreCondition

Check the CM client has checked for machine policy within the last %Days% days

Days

Look for machine policy validated within this number of days

1E-GuaranteedState-Precondition-MEMCM-SoftwareInventorySent

PreCondition

Check the CM client has sent software inventory within the last %Days% days.

Days

Look for software inventory data sent back within this number of days

1E-GuaranteedState-Precondition-MEMCM-StatusMessagesSent

PreCondition

Check the CM client has sent status messages within the last %Days% days.

Days

Look for status messages sent back within this number of days

1E-GuaranteedState-Precondition-MEMCM-UserPolicyValid

PreCondition

Check the CM client has checked for user policy within the last %Days% days

Days

Look for user policy validated within this number of days

1E-GuaranteedState-Precondition-Process-Exists

PreCondition

Check the %Executable% process exists (is running)

Executable

The name of the executable that should be running

1E-GuaranteedState-Precondition-Service-Exists

PreCondition

Check the %ServiceName% service exists

ServiceName

Shortname of the service

1E-GuaranteedState-Precondition-Software-Exists

PreCondition

Check for the existence of %Publisher% %Product% with version %VersionDesiredResult% than %VersionToCompare%

Checks if the specified Publisher and Product is installed and that the version is lower, same or higher than the target (VersionToCompare

Publisher

Check for this publisher name

Product

Check for this product name

VersionToCompare

The software product version to use as the comparison

DEFAULT: 0

VersionDesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

  • SameOrLower

  • Lower

  • Lower_MajorLower

  • Lower_SameMajor

  • Lower_SameMajorMinor

  • Lower_SameMajorMinorRelease

  • Same

  • Higher_SameMajorMinorRelease

  • Higher_SameMajorMinor

  • Higher_SameMajor

  • Higher_MajorHigher

  • Higher

  • SameOrHigher

DEFAULT: SameOrHigher

1E-GuaranteedState-Precondition-WindowsUpdate-ConnectionOK

PreCondition

Check that the Windows Update connection is OK

 

1E-GuaranteedState-Precondition-WindowsUpdate-Source

PreCondition

Check that the connection to the %Source% Windows Update source is OK

Source

The windows update source (% wildcard accepted)

Valid Values:

  • SCCM (MEMCM)

  • WSUSL (WSUS - Local)

  • WSUSR (WSUS - Remote)

  • %

DEFAULT: %

1E-GuaranteedState-Precondition-WindowsUpdate-SourceId

PreCondition

Check that a Windows Update connection is OK for %SourceId%

SourceId

The identity of the source of updates. E.g. for a ' SCCM ' source this will be the site ID, or for WSUS it will be the URL to WSUS.

1E-GuaranteedState-Precondition-Wmi-ClassColumnVersion

PreCondition

Check if the value of the WMI attribute defined by %Namespace%, %Class%, %ColumnName% (and optional %WhereClause%) is a version number (e.g. 7.2.5.612) that is lower, higher or the same (defined by %DesiredResult%) as %VersionToCompare%

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example)

ClassThe WMI class that should exist in specified namespace (ignored if %)

WhereClause

The WHERE clause to use when querying this class (use {none} for no filter)

ColumnName

The column name from querying the class which holds a version string

VersionToCompare

The software product version to use as the comparison

DEFAULT: 0

DesiredResultThe outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

  • SameOrLower

  • Lower

  • Lower_MajorLower

  • Lower_SameMajor

  • Lower_SameMajorMinor

  • Lower_SameMajorMinorRelease

  • Same

  • Higher_SameMajorMinorRelease

  • Higher_SameMajorMinor

  • Higher_SameMajor

  • Higher_MajorHigher

  • Higher

  • SameOrHigher

DEFAULT: SameOrHigher

1E-GuaranteedState-Precondition-Wmi-ClassExists

PreCondition

Check for the existence of WMI %Class% in %NameSpace%

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example)

ClassThe WMI class that should exist in specified namespace (ignored if %)

1E-GuaranteedState-Precondition-Wmi-ClassQuery

PreCondition

Check for any data returned from specified WMI %Class% and %Namespace% using (optional) %WhereClause% and %ColumnList%

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example, ignored if %)

ClassThe WMI class that should exist in specified namespace (ignored if %)

WhereClause

The WHERE clause to use when querying this class (use {none} for no filter)

ColumnList

A list of columns to select from the WMI class (use {all} for all columns)

1E-GuaranteedState-Precondition-Wmi-NamespaceExists

PreCondition

Check for the existence of WMI %Namespace%

Namespace

The WMI namespace to check existence (ROOT\cimv2 for example)

1E-GuaranteedState-Precondition-Wmi-RepositoryConsistent

PreCondition

Check that the WMI repository is consistent

Runs winmgmt.exe /verifyrepository and fails if 'is not consistent' appears in the returned result

 

Trigger templates

The following table shows the trigger templates included in the Nomad Client Health Integrated Product Pack.

The Parameters column in the following table shows the ranges and default values for the parameters. The default values are used when you create custom rules using these templates, unless you select alternative values.

Name

Readable Payload and summary

Parameters

TriggerTemplate-FileChange

On change of file "<fileName>"

When a file changes (Windows only)

File Name

  • File path of file to be monitored, default is null.

TriggerTemplate-IntervalHours

Every <intervalHours> hours

Periodic (hours)

Interval Hours

  • 0 to 999 hours (approximately 42 days), default interval is 12 hours.

TriggerTemplate-IntervalMinutes

Every <intervalMinutes> minutes

Periodic (minutes)

Interval Minutes

  • 0 to 99,999 minutes (approximately 69 days), default interval is 30 minutes.

TriggerTemplate-IntervalSeconds

Every <intervalSeconds> seconds

Periodic (seconds)

Interval Seconds

  • 0 to 999,999 seconds (approximately 11 days), default interval is 3600 seconds (1 hour).

TriggerTemplate-ProcessCrash

On crash of process "<executable>"

When a process crashes (Windows only)

Monitors the Windows Application Event Log for event 1000.

Executable is case insensitive but is required to be the whole filename without the folder path, such as unreliableapp.exe A partial string such as unreliableapp will not trigger on a crash of unreliableapp.exe.

Executable

  • Filename of executable to be monitored, default is empty.

TriggerTemplate-ProcessLaunch

On launch of process "<executable>"

When a process starts (Windows only)

Monitors the Windows Security Event Log for event 4688.

Executable

  • File path of executable to be monitored, default is empty.

TriggerTemplate-ServiceStatusChange

On change of running state of the "<serviceName>" service

When the state of the named Windows service changes

You can determine the short name of a service using the PowerShell cmdlet

get-service -DisplayName "Network Location Awareness"

This will return NlaSvc in the above example. It is this short name you specify in the <ServiceName> parameter.

Service Name

  • Short name of service - for example NomadBranch.

TriggerTemplate-WindowsEventLog

On Windows"<channel>"; event log entry matching "<query>" (debounce for <debounce> seconds)

When an event log entry is created (Windows only)

A channel is an event sink, example standard channel names are Application or Security.

To determine the available event channels execute the following PowerShell command:

                              Get-WinEvent -ListLog *
                          

Or to view the event channels on a remote computer:

                              Get-WinEvent -ListLog * -ComputerName <hostname>
                          

Similarly to view event log entries for a given channel either use Event Viewer or from PowerShell for example:

Get-EventLog application | where {($_.EntryType -Match "Error") -or ($_.EntryType -Match "Warning")}

Or:

                              [dateTime]$oneWeekAgo = (get-date).addDays(-7)
Get-EventLog -LogName Application -After $oneWeekAgo -computerName . | ? {$_.EventID -eq 1000}
                          

A query is used to filter the event log messages for a given channel. Examples can be found at https://docs.microsoft.com/en-us/windows/win32/wes/consuming-events.

For example to query all OneNote application crashes error log messages:

*[System[(Level=2) and (EventID=1000)]] and *[EventData[Data='onenote.exe']]

Debounce is a settling period to ensure that in the case of multiple events, only a single event is registered within the space of a given time period.

Channel

  • Text string, default null.

Query

  • Text string, default null.

Debounce Time Seconds

  • 0 to 99 seconds, default 0.

TriggerTemplate-WindowsRegistryChange

On change of registry values in "<hive>\<subkey>" (include subkeys=<includeSubkeys>)

When the value of a Windows registry key changes.

Hive, which must be one of:

  • HKLM (default)

  • HKCR

Subkey: free text string, default empty.

Include Sub Keys : 1/0 default 0.