Integrated Product Pack used to create the MEMCM Client Health policy.

For more information please refer to Guaranteed State 1.5: MEMCM Client Health Policy

Many businesses rely on Microsoft Endpoint Manager Configuration Manager (MEMCM) to deploy software, patches and updates across their company networks. It is crucial that Configuration Manager is working effectively.

The MEMCM Client Health policy monitors Configuration Manager client health and performance. It checks for cache availability, inventory cycles, service availability and Configuration Manager WMI integrity - common causes of Configuration Manager client problems on devices.

The MEMCM Client Health policy replaces the previous SCCM Client Health policy and covers the following:

  • Ensure the correct version of the CM client is installed and running and assigned to the correct site
  • Ensure the CM client is not stuck in provisioning mode
  • Ensure that heartbeat discovery, inventory and state messages are being sent regularly
  • Ensures the CM client cache is set to the correct size
  • Ensure the CM client log settings are correct
  • Ensure the BITS service exists, configured to start up automatically  and is running
  • Ensure the Windows Time service exists with correct startup settings
  • Ensure the Windows Management Instrumentation (WMI) service exists, configured to start automatically and is running 
  • Ensure WMI is healthy, the core CIMv2 and ccm namespaces and classes exist and that the WMI repository is consistent 
  • Ensure the Windows Update service exists with correct startup settings, is configured to use the correct source (CM, WSUS or Microsoft Update) and that the service can connect to the source

This policy is intended for deployment to Windows devices only.

On this page:

Instructions

This product pack contains no instructions.

Policies

The following table shows the policies included in the Integrated Product Pack.

NameDescription
MEMCM Client Health
The MEMCM (Microsoft Endpoint Manager - Configuration Manager) Client Health policy ensures that the MEMCM client and surrounding technologies are healthy.

Rules

The following table shows the rules included in the above policy. Any parameter values shown in the Check and Fix fragments, Triggers and Precondition fragment columns are specifically set in the rules when the pack is uploaded. These may be different to the default values shown in the Fragments table. You can modify these if required.

NameTypeDescriptionCheck and Fix fragmentsTriggersPrecondition fragment
MEMCM Client Assignment
FixEnsure the client is assigned to the right site. Assign it if it isn't.

1E-GuaranteedState-Check-MEMCM-AssignedSite

1E-GuaranteedState-Fix-MEMCM-SetAssignedSite

Periodic (24 hours)

1E-GuaranteedStatePrecondition-Multiple

  • 1EClientVersionToCompare=0
  • 1EClientVersionDesiredResult=SameOrHigher
  • DeviceChassisTypeList=%
  • DeviceCpuTypeList=%
  • DeviceDomainList=%
  • DeviceFqdnList=%
  • DeviceManufacturerList=%
  • DeviceModelList=%
  • DeviceRamMBMin=0
  • DeviceRamMBMax=2147483647
  • DeviceTimeZoneOffsetList=
    -720;-660;-600;-570;-540;-480;
    -420;-360;-300;-240;-180;-150;
    -120;-60;0;60;120;180;240;
    270;300;330;345;360;390;
    420;480;525;540;570;600;
    630;660;720;765;780;840
  • DirectoryExists=Exists
  • DirectoryName=%
  • DnsLookupFqdnList=%
  • FileNameExists=Exists
  • FileName=%
  • OsTypeList=Windows
  • OsArchitectureList=%
  • ProcessExists=Doesn't Exist
  • ProcessExecutableList=ccmsetup.exe
  • QuarantineStatus=%
  • RegistryExists=Exists
  • RegistryHive=HKLM
  • RegistryKey=%
  • RegistryValue=%
  • RegistryData=%
  • ServiceExists=Exists
  • ServiceName=Winmgmt
  • ServiceStartAccountName=%
  • ServiceStartType=%
  • ServiceState=Running
  • ServiceTriggerStart=%
  • ServiceType=%
  • SoftwareExists=Exists
  • SoftwareProduct=Configuration Manager Client
  • SoftwarePublisher=Microsoft%
  • SoftwareVersionToCompare=0
  • SoftwareVersionDesiredResult=SameOrHigher
  • WindowsUpdateSource=%
  • WmiNamespace=ROOT\ccm\StateMsg
  • WmiClass=CCM_StateMsg
  • WmiColumn=%
  • WmiWhereClause={none}
  • WmiVersionToCompare=0
  • WmiDesiredResult=SameOrHigher
MEMCM Client Cache Size
FixEnsure the MEMCM client cache is set to the right size.  Set it if it isn't.

1E-GuaranteedState-Check-MEMCM-CacheSizeBetween

1E-GuaranteedState-Fix-MEMCM-SetCacheSize

Periodic (24 hours)



MEMCM Client ClassExists
Check(1)Ensure the default CCM class exists in WMI. 

1E-GuaranteedState-Check-Wmi-ClassExists

1E-GuaranteedState-Fix-MEMCM-InstallClient (1)

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client ClientProvisioningMode
FixEnsure the client is not stuck in provisioning mode. Turn it off if it is.

1E-GuaranteedState-Check-MEMCM-ClientProvisioningMode

1E-GuaranteedState-Fix-MEMCM-SetClientProvisioningMode

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client DataDiscoveryRecordSent
CheckEnsure that a data discovery record (DDR) is being sent regularly.1E-GuaranteedState-Check-MEMCM-DataDiscoveryRecordSentPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client FileCollectionSent
CheckEnsure that file collection is being sent regularly.1E-GuaranteedState-Check-MEMCM-FileCollectionSentPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client HardwareInventorySent
CheckEnsure that hardware inventory is being sent regularly.1E-GuaranteedState-Check-MEMCM-HardwareInventorySentPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client IDMIFCollectionSent
CheckEnsure that IDMIF collection is being sent regularly.1E-GuaranteedState-Check-MEMCM-IDMIFCollectionSentPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client Logging
CheckEnsure the MEMCM client log settings are set to the right values.1E-GuaranteedState-Check-MEMCM-GlobalLoggingConfigurationPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client NamespaceExists
Check(1)Ensure the MEMCM (CCM) namespace exists in WMI.

1E-GuaranteedState-Check-Wmi-NamespaceExists

1E-GuaranteedState-Fix-MEMCM-InstallClient (1)

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client SoftwareInventorySent
CheckEnsure that software inventory is being sent regularly.1E-GuaranteedState-Check-MEMCM-SoftwareInventorySentPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client StateMessagesSent
CheckEnsure that state messages are being sent regularly.1E-GuaranteedState-Check-MEMCM-StateMessagesSentPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
MEMCM Client Version
Check(1)Ensure the right version of the client is installed.

1E-GuaranteedState-Check-Software-Version

1E-GuaranteedState-Fix-MEMCM-InstallClient (1)

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Network IPv4 PrimaryAddressInDNS
CheckCheck the FQDN matches DNS by looking up the primary IPv4 address in DNS1E-GuaranteedState-Check-Network-PrimaryIPv4InDNSPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service BITS DelayedStart
FixEnsure that the BITS (Background Intelligent Transfer Service) service is set to Automatic (Delayed Start). Set it if not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service BITS Exists
CheckEnsure that the BITS (Background Intelligent Transfer Service) service exists.1E-GuaranteedState-Check-Service-ExistsPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service BITS Running
FixEnsure that the BITS (Background Intelligent Transfer Service) service is running.  Start it if it isn't

1E-GuaranteedState-Check-Service-State

1E-GuaranteedState-Fix-Service-Start

Service Status Change1E-GuaranteedState-Precondition-Multiple
Service ccmexec DelayedStart
FixEnsure that the ccmexec (SMS Agent Host) service is set to Automatic (Delayed Start).  Set it if not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service ccmexec Exists
Check(1)Ensure that the ccmexec (SMS Agent Host) service exists.

1E-GuaranteedState-Check-Service-Exists

1E-GuaranteedState-Fix-MEMCM-InstallClient (1)

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service ccmexec Running
FixEnsure that the ccmexec (SMS Agent Host) service is running.  Start it if it isn't

1E-GuaranteedState-Check-Service-State

1E-GuaranteedState-Fix-Service-Start

Service Status Change1E-GuaranteedState-Precondition-Multiple
Service W32Time Exists
CheckEnsure that the W32Time (Windows Time) service exists.1E-GuaranteedState-Check-Service-ExistsPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service W32Time Manual
FixEnsure that the W32Time (Windows Time) service is set to manual.  Set it to manual if it's not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeManual

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service W32Time TriggerStart
CheckEnsure that the W32Time (Windows Time) service is set to trigger start.1E-GuaranteedState-Check-Service-TriggerStartPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service Winmgmt Automatic
FixEnsure that the Winmgmt (Windows Management Instrumentation) service is set to automatic. Set it to automatic if it's not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeAutomatic

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service Winmgmt Exists
CheckEnsure that the Winmgmt (Windows Management Instrumentation) service exists.1E-GuaranteedState-Check-Service-ExistsPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service Winmgmt Running
FixEnsure that the Winmgmt (Windows Management Instrumentation) service is running.  Start it if it isn't

1E-GuaranteedState-Check-Service-State

1E-GuaranteedState-Fix-Service-Start

Service Status Change1E-GuaranteedState-Precondition-Multiple
Service wuauserv Exists
Check(2)Ensure that the wuauserv (Windows Update) service exists.

1E-GuaranteedState-Check-Service-Exists

1E-GuaranteedState-Fix-WindowsUpdate-ResetWindowsUpdate (2)

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service wuauserv Manual
FixEnsure that the wuauserv (Windows Update) service is set to manual.  Set it to manual if it's not.

1E-GuaranteedState-Check-Service-StartType

1E-GuaranteedState-Fix-Service-SetStartTypeManual

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
Service wuauserv TriggerStart
CheckEnsure that the wuauserv (Windows Update) service is set to trigger start.1E-GuaranteedState-Check-Service-TriggerStartPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
WindowsUpdate ConnectionOK
CheckEnsure the connection to Windows Update is OK1E-GuaranteedState-Check-WindowsUpdate-ConnectionOKPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
WindowsUpdate Source
CheckEnsure the connection to Windows Update is using the right source (Configuration Manager, WSUS, Microsoft Update)1E-GuaranteedState-Check-WindowsUpdate-SourcePeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
WMI cimv2 NamespaceExists
CheckEnsure the default (cimv2) namespace exists in WMI.1E-GuaranteedState-Check-Wmi-NamespaceExistsPeriodic (24 hours)1E-GuaranteedState-Precondition-Multiple
WMI Repository Consistency
FixEnsure the WMI repository is consistent. Salvage the repository or (optionally) reset it if inconsistent.

1E-GuaranteedState-Check-Wmi-Repository

1E-GuaranteedState-Fix-Wmi-Repository

Periodic (24 hours)1E-GuaranteedState-Precondition-Multiple
WMI Win32_ComputerSystem ClassExists
CheckEnsure the default Win32_ComputerSystem class exists in WMI.1E-GuaranteedState-Check-Wmi-ClassExistsPeriodic (60 min)1E-GuaranteedState-Precondition-Multiple

Fragments

The Parameters column in the following table shows the ranges and default values for the parameters. The default values are used when you create custom rules using these fragments, unless you select alternative values.

Fragments used in MEMCM Client Health Policy rules

The following fragments are used by the rules defined above in the MEMCM Client Health policy.

NameTypeReadable Payload and summaryParameters
1E-GuaranteedState-Check-MEMCM-AssignedSite
CheckCheck the CM client has been assigned to site %SiteCode%SiteCode
Check to see if the MEMCM client is assigned to this site code
1E-GuaranteedState-Check-MEMCM-CacheSizeBetween
Check Check the CM cache size is between %MinMB% and %MaxMB%

MinMB
The cache size should be at least this big (in Megabytes)

MaxMB
The cache size should be at most this big (in Megabytes)

1E-GuaranteedState-Check-MEMCM-ClientProvisioningMode
CheckCheck the CM ClientProvisioningMode is set to %TrueFalse%TrueFalse
True represents client provisioning ON, False represents client provisioning OFF
1E-GuaranteedState-Check-MEMCM-DataDiscoveryRecordSent
Check Check the CM client has sent a DDR (Data Discovery Record) within the last %Days% days Days
Look for DDRs sent back in this number of days
1E-GuaranteedState-Check-MEMCM-FileCollectionSent
Check Check the CM client has performed a file collection within the last %Days% days

Days
Look for file collection sent back in this number of days

1E-GuaranteedState-Check-MEMCM-GlobalLoggingConfiguration
Check Check the CM client logging is configured with %Loglevel%, %MaxSize%, %MaxHistoryFiles% and %DebugLogging% settings

LogLevel
The logging level
Valid Values: Verbose, Normal, None

MaxSize
The maximum size (in Bytes) that the MEMCM logs may grow before rolling over

MaxHistoryFiles
The number of incremented log files to accumulate before deleting

DebugLogging
True means debug logging should be on, False means it should be off

1E-GuaranteedState-Check-MEMCM-HardwareInventorySent
Check Check the CM client has sent hardware inventory within the last %Days% days Days
Look for hardware inventory data sent back in this number of days
1E-GuaranteedState-Check-MEMCM-IDMIFCollectionSent
Check Check the CM client has performed an IDMIF collection within the last %Days% days Days
Look for IDMIFs sent back within this number of days
1E-GuaranteedState-Check-MEMCM-SoftwareInventorySent
CheckCheck the CM client has sent software inventory within the last %Days% daysDays
Look for software inventory data sent back within this number of days
1E-GuaranteedState-Check-MEMCM-StateMessagesSent
CheckCheck the CM client has sent state messages within the last %Days% daysDays
Look for state messages sent back within this number of days
1E-GuaranteedState-Check-Network-IPv4-PrimaryAddressInDNS
Check

Check the Device FQDN matches the value from DNS

Take the primary IP address for the default route and look it up in DNS. Make sure the fqdn from device summary matches the fqdn returned from DNS


1E-GuaranteedState-Check-Service-Exists
CheckCheck that %ServiceName% service existsServiceName
Shortname of the service
1E-GuaranteedState-Check-Service-StartType
CheckCheck that %ServiceName% start type is %StartType%

ServiceName
Shortname of the service

StartType
The startup setting for the service

Valid Values:

  • Automatic
  • Automatic (Delayed Start)
  • Boot
  • Disabled
  • Manual
  • System
1E-GuaranteedState-Check-Service-State
Check

Check the %ServiceName% service is in %State% state

For completeness, all valid service states are included. Realistically, however, making a precondition out of transition states like

  • About To Continue
  • Pausing
  • Starting
  • Stopping

isn't a very good idea as a service will only be in that state for a very short time.

ServiceName
Shortname of the service

State
The state the service should be in

Valid Values:

  • About to Continue
  • Pausing
  • Paused
  • Running
  • Starting
  • Stopping
  • Stopped
1E-GuaranteedState-Check-Service-TriggerStart
Check

Check the %ServiceName% service is set to start on a trigger

The actual trigger is not checked or reported

ServiceName
Shortname of the service
1E-GuaranteedState-Check-Software-Version
Check

Check for the existence of %Publisher% %Product% with version %VersionDesiredResult% than %VersionToCompare%

Checks if the specified Publisher and Product is installed and that the version is lower, same or higher than the target (VersionToCompare)   

Publisher
Check for this publisher name

Product
Check for this product name

VersionToCompare

The software product version to use as the comparison

DEFAULT: 0

VersionDesiredResult
The outcome that's desired when the software product version is compared to VersionToCompare

Valid values:

  • SameOrLower
  • Lower
  • Lower_MajorLower
  • Lower_SameMajor
  • Lower_SameMajorMinor
  • Lower_SameMajorMinorRelease
  • Same
  • Higher_SameMajorMinorRelease
  • Higher_SameMajorMinor
  • Higher_SameMajor
  • Higher_MajorHigher
  • Higher
  • SameOrHigher

DEFAULT: SameOrHigher

1E-GuaranteedState-Check-WindowsUpdate-ConnectionOK
CheckCheck that the client can connect to the configured Windows Update source
1E-GuaranteedState-Check-WindowsUpdate-Source
Check

Check Windows Update agent is configured to use %Source% as source

If Source is set to % (Default) this will check each of the sources and pass with the first one that succeeds.  

Source
The windows update source (% wildcard accepted)

Valid Values:

  • SCCM (MEMCM)
  • WSUSL (WSUS - Local)
  • WSUSR (WSUS - Remote)
  • %

DEFAULT: %

1E-GuaranteedState-Check-Wmi-ClassExists
Check

Check that WMI %Class% exists in %Namespace%


Namespace
The WMI namespace to check existence (ROOT\cimv2 for example)

Class
The WMI class that should exist in specified namespace

1E-GuaranteedState-Check-Wmi-NamespaceExists
CheckCheck that WMI %Namespace% existsNamespace
The WMI namespace to check existence (ROOT\cimv2 for example)
1E-GuaranteedState-Check-Wmi-Repository
Check

Check that the WMI repository is consistent

Runs winmgmt.exe /verifyrepository and fails if 'is not consistent' appears in the returned result 


1E-GuaranteedState-Fix-MEMCM-SetAssignedSite
Fix

Set CM assigned site to %SiteCode%

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: SetAssignedSite

sSiteCode: %SiteCode%

SiteCode
Assign the client to this site code
1E-GuaranteedState-Fix-MEMCM-SetCacheSize
Fix

Set CM client cache size to %MaxMB% MB

Com Object: UIResource.UIResourceMgr.GetCacheInfo().TotalSize

MaxMB
The cache size should be at least this size (in MB)

DEFAULT: 5120

1E-GuaranteedState-Fix-MEMCM-SetClientProvisioningMode
Fix

Set MEMCM client provisioning mode to %TrueFalse%

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: SetClientProvisioningMode

bEnable: <true/false>

TrueFalse
True   sets client provisioning mode to ON
False  sets client provisioning mode to OFF

DEFAULT: False

Valid Values:
True
False

1E-GuaranteedState-Fix-Service-SetStartTypeAutomatic
FixSet %ServiceName% service to Automatic start type and confirm change within %Timeout% seconds

ServiceName
The name of the service on which we want to operate

Timeout
The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not

DEFAULT: 15

1E-GuaranteedState-Fix-Service-SetStartTypeAutomaticDelayedStart
FixSet %ServiceName% service to Automatic (Delayed Start) start type and confirm change within %Timeout% seconds

ServiceName
The name of the service on which we want to operate

Timeout
The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not

DEFAULT: 15

1E-GuaranteedState-Fix-Service-SetStartTypeManual
FixSet %ServiceName% service to Manual start type and confirm change within %Timeout% seconds

ServiceName
The name of the service on which we want to operate

Timeout
The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not

DEFAULT: 15

1E-GuaranteedState-Fix-Service-Start
FIx Start %ServiceName% service and confirm as started within %Timeout% seconds

ServiceName
The name of the service on which we want to operate

Timeout
The maximum number of seconds to wait for the fix to enforce the correct state before considering it "fixed" or not

DEFAULT: 15

1E-GuaranteedState-Fix-Wmi-Repository
Fix

Fix the consistency of the WMI Repository and ResetRepository command if %ResetRepository%=True

SALVAGE:

winmgmt /salvagerepository

RESET: (optional)

winmgmt /resetrepository

ResetRepository
True  will reset the WMI repository (only if salvage fails)
False  will only try to salvage
1E-GuaranteedState-Precondition-Multiple
PreCondition

Multiple checks using specified parameters %1EClientVersionToCompare% %1EClientVersionDesiredResult% %DeviceChassisTypeList% %DeviceCpuTypeList% %DeviceDomainList% %DeviceFqdnList% %DeviceManufacturerList% %DeviceModelList% %DeviceRamMBMin% %DeviceRamMBMax% %DeviceTimeZoneOffsetList% %DirectoryExists% %DirectoryName% %DnsLookupFqdnList% %FileNameExists% %FileName% %OsTypeList% %OsArchitectureList% %ProcessExists% %ProcessExecutableList% %QuarantineStatus% %RegistryExists% %RegistryHive% %RegistryKey% %RegistryValue% %RegistryData% %ServiceExists% %ServiceName% %ServiceStartAccountName% %ServiceStartType% %ServiceState% %ServiceTriggerStart% %ServiceType% %SoftwareExists% %SoftwareProduct% %SoftwarePublisher% %SoftwareVersionToCompare% %SoftwareVersionDesiredResult% %WindowsUpdateSource% %WmiNamespace% %WmiClass% %WmiColumn% %WmiWhereClause% %WmiVersionToCompare% %WmiDesiredResult%

Most parameters will be ignored if % is entered so they don't take up any resources trying to lookup a precondition on something that isn't relevant. The default values for the parameters will do this.

In other words, if you don't want to search for a precondition on something like a directory, leave it's parameters at their defaults and it will skip the search for that.

 1E Client...

1EClientVersionToCompare
The version to use as the comparison

DEFAULT: 0

1EClientVersionDesiredResult
The outcome that's desired when the 1E Client Version is compared to the passed in version

DEFAULT: Same or Higher

 Device details...

DeviceChassisTypeList
A semi-colon separated list of acceptable ChassisType values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceCpuTypeList

A semi-colon separated list of acceptable CpuType values. (% wildcards are acceptable within each item

DEFAULT: %

DeviceDomainList
A semi-colon separated list of acceptable Domain values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceFqdnList

A semi-colon separated list of acceptable Fqdn values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceManufacturerList
A semi-colon separated list of acceptable Manufacturer values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceModelList
A semi-colon separated list of acceptable Model values. (% wildcards are acceptable within each item)

DEFAULT: %

DeviceRamMBMin
The minimum amount of RAM (in MB) a device should have

DEFAULT: 0

DeviceRamMBMax
The minimum amount of RAM (in MB) a device should have

DEFAULT: 9223372036854775807

DeviceTimeZoneOffsetList
A semi-colon separated list of acceptable time zone offsets

 Directory and File...

DirectoryExists
Exists  if the directory should exist
Doesn't Exist  if the directory shouldn't exist

DEFAULT: %

DirectoryName
The name of the directory to check for existence

DEFAULT: %

FileNameExists

Exists  if the file should exist
Doesn't Exist  if the file shouldn't exist

DEFAULT: Exists

FileName
The name of the file to check for existence

DEFAULT: %

 DNS...

DnsLookupFqdnList
A semi-colon separated list of acceptable Fqdns that have been looked up in DNS by the device

DEFAULT: %

 Operating System...

OsArchitectureList
A semi-colon separated list of acceptable OS Architectures

DEFAULT: %

OsTypeList

A semi-colon separated list of acceptable OS Types

DEFAULT: %

 Process...

ProcessExists

Exists  if the process should exist
Doesn't Exist  if the process shouldn't exist

DEFAULT: Exists

ProcessExecutableList
A semi-colon separated list of acceptable processes

DEFAULT: %

 Quarantine...

QuarantineStatus
Quarantined  if the device should be quarantined
NotQuarantined  if the device should not be quarantined

DEFAULT: %

 Registry Key...

RegistryExists
Exists  if the registry key should exist
Doesn't Exist  if the registry key should not exist

DEFAULT: Exists

RegistryHive
The registry hive in which the registry key should exist.

Valid Values:

  • HKCR
  • HKCC
  • HKCU
  • HKLM
  • HKU
  • %

DEFAULT: %

RegistryKey
The registry key to find in the specified hive

DEFAULT: %

RegistryValue 
Exists  if the registry key value should exist
Doesn't Exist  if the registry key value should not exist

DEFAULT: Exists

RegistryData 
Exists  if the registry key value data should exist
Doesn't Exist  if the registry key value data should not exist

DEFAULT: Exists

 Service...

ServiceExists
Exists  if the registry key value data should exist
Doesn't Exist  if the registry key value data should not exist

DEFAULT: Exists

ServiceName
The short name of the service

DEFAULT: %

ServiceStartAccountName
The account name under which the service starts

DEFAULT: %

ServiceStartType
The start type of the service.

Valid Values:

  • Automatic
  • Automatic (Delayed Start)
  • Boot
  • Disabled
  • Manual
  • System
  • %

DEFAULT: %

ServiceState
The state the service should be in

Valid Values:

  • About to Continue
  • Pausing
  • Paused
  • Running
  • Starting
  • Stopping
  • Stopped
  • %

DEFAULT: %

ServiceTriggerStart
Is the service set to TriggerStart

Valid Values:

  • True
  • False
  • %

DEFAULT: %

ServiceType
The type of service (use {none} to match null/empty value)

Valid Values:

  • {none}
  • File system driver
  • Kernel driver
  • Own process
  • Shared process
  • %

DEFAULT: %

 Software...

SoftwareExists
Exists  if the software should exist
Doesn't Exist  if the software shouldn't exist

DEFAULT: Exists

SoftwareProduct
Check for this product name

DEFAULT: %

SoftwarePublisher
Check for this publisher name

DEFAULT: %

SoftwareVersionToCompare
The software product version to use as the comparison

DEFAULT: 0

SoftwareVersionDesiredResult
The outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

  • SameOrLower
  • Lower
  • Lower_MajorLower
  • Lower_SameMajor
  • Lower_SameMajorMinor
  • Lower_SameMajorMinorRelease
  • Same
  • Higher_SameMajorMinorRelease
  • Higher_SameMajorMinor
  • Higher_SameMajor
  • Higher_MajorHigher
  • Higher
  • SameOrHigher

DEFAULT: SameOrHigher

 Windows Update...

WindowsUpdateSource
The source to check for Windows Update connectivity

Valid Values:

  • SCCM (MEMCM)
  • WSUSL (WSUS - Local)
  • WSUSR (WSUS - Remote)
  • %

DEFAULT: %

 WMI...

WmiNamespace
The WMI namespace to check existence (ROOT\cimv2 for example)

WmiClass
The WMI class that should exist in specified namespace (ignored if %)

WmiWhereClause
The WHERE clause to use when querying this class (use {none} for no filter)

WmiColumn
The column name from querying the class which holds a version string

WmiVersionToCompare

The software product version to use as the comparison

DEFAULT: 0

WmiVersionDesiredResult
The outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

  • SameOrLower
  • Lower
  • Lower_MajorLower
  • Lower_SameMajor
  • Lower_SameMajorMinor
  • Lower_SameMajorMinorRelease
  • Same
  • Higher_SameMajorMinorRelease
  • Higher_SameMajorMinor
  • Higher_SameMajor
  • Higher_MajorHigher
  • Higher
  • SameOrHigher

DEFAULT: SameOrHigher

Spare fragments 

The following fragments are included in the MEMCM Client Health Integrated Product Pack but are not used in any predefined rules. You can use these in rules that you create or modify in any policy.

NameTypeReadable Payload and summaryParameters

1E-GuaranteedState-Check-MEMCM-CertificateInStore

Check

Check that the CM certificate is in the certificate store by looking in the CM client logs located in %MEMCMLogsDirectory%

This checks the ClientIDManagerStartup.log for "Failed to find the certificate in the store" error messages, which indicates the CM client certificate is likely missing.

MEMCMLogsDirectory
The full path to the MEMCM client logs directory (%Environment% variables accepted)

1E-GuaranteedState-Check-MEMCM-ClientCommunication

Check

Check that the CM client has sent data back within the last %Days% days.

This checks to see if hardware inventory, software inventory, DDRs or IDMIFs have been sent anytime in the past %Days%  days.

Days
Look for client messages sent back in this number of days

1E-GuaranteedState-Check-MEMCM-MachinePolicyValid

CheckCheck that the CM client has checked for machine policy within the last %Days% daysDays
Look for machine policy validated within this number of days

1E-GuaranteedState-Check-MEMCM-UserPolicyValid

CheckCheck that the CM client has checked for user policy within the last %Days% daysDays
Look for user policy validated within this number of days

1E-GuaranteedState-Fix-MEMCM-InstallClient

FIx

Install the CM client using CCMSETUP.EXE from %CcmSetupFileUrl% having size %CcmSetupFileSize% and hash %CcmSetupFileHash% with command line options %SourceList%, %MpList%, %RetryMinutes%, %ServiceNoService%, %InstallUninstall%, %Logon%, %ForceReboot%, %BITSPriority%, %DownloadTimeout%, %UsePKICert%, %NoCRLCheck%, %ConfigFile%, %SkipPrereqFileList%, %ForceInstall%, %ExcludeFeaturesList%, %CcmSetupMsiProperties%, %ClientMsiProperties%

This is essentially a front-end for the ccmsetup.exe installation parameters found in Microsoft Documentation.

See  https://docs.microsoft.com/en-us/configmgr/core/clients/deploy/about-client-installation-properties  for more information about the installation parameters.

 Expand parameters...

CcmSetupFileUrl
Either the full HTTP or HTTPS URL path to the ccmsetup.exe file on a web server or the relative path to be appended to the Content directory under the background channel URL

DEFAULT: ccmsetup.exe

CcmSetupFileSize
The size of the ccmsetup.exe file in bytes

DEFAULT: 4099328

CcmSetupFileHash
The SHA256 hash of the ccmsetup.exe file

DEFAULT: ab85f58b0cc257d25628384b0ec8fab1f9e15ca2b110a1e425e86e56b47ebde1

SourceList
A semicolon ; delimited list of download locations for setup media

DEFAULT: {none}

MpList
A semicolon ; delimited list of management points or cloud management gateway

DEFAULT: {none}

RetryMinutes
The retry interval in minutes to retry setup if it fails to download installation files.  -1 to ignore this parameter

DEFAULT: -1

ServiceNoService
Tells setup to install as a service or no service

DEFAULT: Service

Valid Values:
Service
NoService

InstallUninstall
Tell setup to install or uninstall the client

DEFAULT: Install

Valid Values:
Install
Uninstall

Logon
If any version of the client is already installed, install will stop

DEFAULT: False

Valid Values:
True
False

ForceReboot
Setup should force the client to reboot if necessary to complete installation

Valid Values:
True
False

BITSPriority
Download priority when client installation files are downloaded over HTTP connection

DEFAULT: Normal

Valid Values:
Foreground
High
Normal
Low

DownloadTimeout
Length of time in minutes that setup tries to download the installation files before stopping

DEFAULT: 1440

UsePKICert
Uses a PKI cert that includes client authentication, if available. If can't find a valid cert, it uses HTTP with self-signed cert.

DEFAULT: False

Valid Values:
True
False

NoCRLCheck
Client won't check the cert revocation list when it uses HTTPS with PKI cert

DEFAULT: False

Valid Values:
True
False

ConfigFile
The name of a text file that lists client installation properties

DEFAULT: {none}

SkipPrereqFileList
A semicolon ; delimited list of prerequisite files that will be skipped during install

DEFAULT: {none}

ForceInstall
Uninstall any existing client and install a new client

DEFAULT: False

Valid Values:
True
False

ExcludeFeaturesList
Do not install the semicolon ; delimited list of features (ClientUI is supported) when installing the client

DEFAULT: {none}

Valid Values:
ClientUI

CcmSetupMsiProperties
Properties that modify the installation behavior of ccmsetup.msi

DEFAULT: {none}

ClientMsiProperties
Properties that modify the installation behavior of client.msi

DEFAULT: {none}

1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerGlobalEvaluationAction

Fix

Invoke CM Application manager global evaluation action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000123}


1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerPolicyAction

Fix

Invoke CM Application manager policy action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000121}


1E-GuaranteedState-Fix-MEMCM-InvokeApplicationManagerUserPolicyAction

Fix

Invoke CM Application manager user policy action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000122}


1E-GuaranteedState-Fix-MEMCM-InvokeBranchDistributionPointMaintenanceTask

Fix

Invoke CM branch distribution point maintenance task

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000109}


1E-GuaranteedState-Fix-MEMCM-InvokeClearingProxySettingsCache

Fix

Invoke CM clearing proxy settings cache action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000037}


1E-GuaranteedState-Fix-MEMCM-InvokeClientMachineAuthentication

Fix

Invoke CM client machine authentication action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000012}


1E-GuaranteedState-Fix-MEMCM-InvokeDataDiscoveryRecord

Fix

Invoke CM data discovery record action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000001}


1E-GuaranteedState-Fix-MEMCM-InvokeDiscoveryDataCollectionCycle

Fix

Invoke CM discovery data collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000103}


1E-GuaranteedState-Fix-MEMCM-InvokeEndpointAMPolicyReevaluate

Fix

Invoke CM Endpoint Protection Antimalware policy reevaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000222}


1E-GuaranteedState-Fix-MEMCM-InvokeEndpointDeploymentReevaluate

Fix

Invoke CM Endpoint Protection deployment reevaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000221}


1E-GuaranteedState-Fix-MEMCM-InvokeExternalEventDetection

Fix

Invoke CM external event detection

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000223}


1E-GuaranteedState-Fix-MEMCM-InvokeFileCollection

Fix

Invoke CM file collection

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000010}


1E-GuaranteedState-Fix-MEMCM-InvokeFileCollectionCycle

Fix

Invoke CM file collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000104


1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventory

Fix

Invoke CM hardware inventory

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000001}


1E-GuaranteedState-Fix-MEMCM-InvokeHardwareInventoryCollectionCycle

Fix

Invoke MEMCM hardware inventory collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000101}


1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollection

Fix

Invoke CM IDMIF collection

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000011}


1E-GuaranteedState-Fix-MEMCM-InvokeIDMIFCollectionCycle

Fix

Invoke CM IDMIF collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000105}


1E-GuaranteedState-Fix-MEMCM-InvokeLSRefreshLocationsTask

FIx

Invoke CM client Location Services refresh locations task

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000024}


1E-GuaranteedState-Fix-MEMCM-InvokeLSTimeoutRefreshTask

Fix

Invoke CM client Location Services timeout refresh action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000025}


1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAgentCleanup

Fix

Invoke CM machine policy agent cleanup action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000040}


1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyAssignmentsRequest

Fix

Invoke CM machine policy assignments request

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000021}


1E-GuaranteedState-Fix-MEMCM-InvokeMachinePolicyEvaluation

Fix

Invoke CM machine policy evaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000022}


1E-GuaranteedState-Fix-MEMCM-InvokePeerDpPendingPackageCheckSchedule

Fix

Invoke CM peer DP pending package check schedule

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000062}


1E-GuaranteedState-Fix-MEMCM-InvokePeerDpStatusReporting

Fix

Invoke CM peer DP status reporting

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000061}


1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentEvaluateAssignmentUser

Fix

Invoke CM User policy evaluation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000027}


1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentRequestAssignmentUser

Fix

Invoke CM User policy request

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000026}


1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateMachinePolicyAssignment

Fix

Invoke CM machine policy / assignment validation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000042}


1E-GuaranteedState-Fix-MEMCM-InvokePolicyAgentValidateUserPolicyAssignment

Fix

Invoke CM user policy / assignment validation

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000043}


1E-GuaranteedState-Fix-MEMCM-InvokePowerManagementStartSummarizer

Fix

Invoke CM power management start summarizer

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000131}


1E-GuaranteedState-Fix-MEMCM-InvokeRefreshDefaultMPTask

Fix

Invoke CM refresh default MP task

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000023}


1E-GuaranteedState-Fix-MEMCM-InvokeRetryingRefreshingCertificatesInAdOnMp

Fix

Invoke CM retrying/refreshing certificates in AD on MP

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000051}


1E-GuaranteedState-Fix-MEMCM-InvokeScanByUpdateSource

Fix

Invoke CM scan by update source

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000113}


1E-GuaranteedState-Fix-MEMCM-InvokeSchedule

Fix

Invoke CM client %Schedule% action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: <ScheduleID>

 Click here to expand list of ScheduleIDs...
NameScheduleId
Hardware Inventory{00000000-0000-0000-0000-000000000001}
Software Inventory{00000000-0000-0000-0000-000000000002}
Data Discovery Record{00000000-0000-0000-0000-000000000003}
File Collection{00000000-0000-0000-0000-000000000010}
IDMIF Collection{00000000-0000-0000-0000-000000000011}
Client Machine Authentication{00000000-0000-0000-0000-000000000012}
Machine Policy Assignments Request{00000000-0000-0000-0000-000000000021}
Machine Policy Evaluation{00000000-0000-0000-0000-000000000022}
Refresh Default MP Task{00000000-0000-0000-0000-000000000023}
LS (Location Service) Refresh Locations Task{00000000-0000-0000-0000-000000000024}
LS (Location Service) Timeout Refresh Task{00000000-0000-0000-0000-000000000025}
Policy Agent Request Assignment (User){00000000-0000-0000-0000-000000000026}
Policy Agent Evaluate Assignment (User){00000000-0000-0000-0000-000000000027}
Software Metering Generating Usage Report{00000000-0000-0000-0000-000000000031}
Source Update Message{00000000-0000-0000-0000-000000000032}
Clearing proxy settings cache{00000000-0000-0000-0000-000000000037}
Machine Policy Agent Cleanup{00000000-0000-0000-0000-000000000040}
User Policy Agent Cleanup{00000000-0000-0000-0000-000000000041}
Policy Agent Validate Machine Policy / Assignment{00000000-0000-0000-0000-000000000042}
Policy Agent Validate User Policy / Assignment{00000000-0000-0000-0000-000000000043}
Retrying/Refreshing certificates in AD on MP{00000000-0000-0000-0000-000000000051}
Peer DP Status reporting{00000000-0000-0000-0000-000000000061}
Peer DP Pending package check schedule{00000000-0000-0000-0000-000000000062}
SUM Updates install schedule{00000000-0000-0000-0000-000000000063}
Hardware Inventory Collection Cycle{00000000-0000-0000-0000-000000000101}
Software Inventory Collection Cycle{00000000-0000-0000-0000-000000000102}
Discovery Data Collection Cycle{00000000-0000-0000-0000-000000000103}
File Collection Cycle{00000000-0000-0000-0000-000000000104}
IDMIF Collection Cycle{00000000-0000-0000-0000-000000000105}
Software Metering Usage Report Cycle{00000000-0000-0000-0000-000000000106}
Windows Installer Source List Update Cycle{00000000-0000-0000-0000-000000000107}
Software Updates Assignments Evaluation Cycle{00000000-0000-0000-0000-000000000108}
Branch Distribution Point Maintenance Task{00000000-0000-0000-0000-000000000109}
Send Unsent State Message{00000000-0000-0000-0000-000000000111}
State System policy cache cleanout{00000000-0000-0000-0000-000000000112}
Scan by Update Source{00000000-0000-0000-0000-000000000113}
Update Store Policy{00000000-0000-0000-0000-000000000114}
State system policy bulk send high{00000000-0000-0000-0000-000000000115}
State system policy bulk send low{00000000-0000-0000-0000-000000000116}
Application manager policy action{00000000-0000-0000-0000-000000000121}
Application manager user policy action{00000000-0000-0000-0000-000000000122}
Application manager global evaluation action{00000000-0000-0000-0000-000000000123}
Power management start summarizer{00000000-0000-0000-0000-000000000131}
Endpoint deployment reevaluate{00000000-0000-0000-0000-000000000221}
Endpoint AM policy reevaluate{00000000-0000-0000-0000-000000000222}
External event detection{00000000-0000-0000-0000-000000000223}


Schedule
The MEMCM client schedule (client action) to trigger

Valid Values: Select a name from the table in the Summary column. These are presented as a dropdown in the UI. The string values are converted to the ScheduleID required by the WMI method.

1E-GuaranteedState-Fix-MEMCM-InvokeSendUnsentStateMessage

Fix

Invoke CM send unsent state message action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000111}


1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventory

Fix

Invoke CM software inventory action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000002}


1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareInventoryCollectionCycle

Fix

Invoke CM software inventory collection cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000102}


1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringGeneratingUsageReport

Fix

Invoke CM software metering generate usage report action

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000031}


1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareMeteringUsageReportCycle

Fix

Invoke CM software metering usage report cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000106}


1E-GuaranteedState-Fix-MEMCM-InvokeSoftwareUpdatesAssignmentsEvaluationCycle

Fix

Invoke CM software updates assignments evaluation cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000108}


1E-GuaranteedState-Fix-MEMCM-InvokeSourceUpdateMessage

Fix

Invoke CM source update message

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000032}


1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendHigh

Fix

Invoke CM state system policy bulk send high

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000115}


1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyBulkSendLow

Fix

Invoke CM state system policy bulk send low

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000116}


1E-GuaranteedState-Fix-MEMCM-InvokeStateSystemPolicyCacheCleanout

Fix

Invoke CM state system policy cache cleanout

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000112}


1E-GuaranteedState-Fix-MEMCM-InvokeSumUpdatesInstallSchedule

Fix

Invoke CM Software Updates install schedule

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000063}


1E-GuaranteedState-Fix-MEMCM-InvokeUpdateStorePolicy

Fix

Invoke CM update store policy

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000114}


1E-GuaranteedState-Fix-MEMCM-InvokeUserPolicyAgentCleanup

Fix

Invoke CM user policy agent cleanup

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000041}


1E-GuaranteedState-Fix-MEMCM-InvokeWindowsInstallerSourceListUpdateCycle

Fix

Invoke CM Windows Installer source list update cycle

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: TriggerSchedule

ScheduleId: {00000000-0000-0000-0000-000000000107}


1E-GuaranteedState-Fix-MEMCM-RefreshServerComplianceState

Fix

Refresh CM server compliance state

Com Object: Microsoft.CCM.UpdatesStore.RefreshServerComplianceState()


1E-GuaranteedState-Fix-MEMCM-ResetPolicy

Fix

Reset CM policy

Namespace: ROOT\CCM

Class: SMS_CLIENT

Method: ResetPolicy

uFlags: <see list below>

NameFlag
RequestFullPolicy0
PurgeAndRequestFullPolicy1

ResetOption

Valid values

  • RequestFullPolicy  will request a full instead of delta.
  • PurgeAndRequestFull  will completely remove the existing policy and request full (possibly re-running deployments).

These are presented as a dropdown in the UIO and converted to the numeric value required by the WMI method. 

1E-GuaranteedState-Fix-WindowsUpdate-ResetWindowsUpdate

Fix

Completely reset Windows Update from scratch (Experimental)

Process mostly inspired by  https://gallery.technet.microsoft.com/Reset-WindowsUpdateps1-e0c5eb78  and tweaked a little to be more forceful

Process also inspired by  https://www.definit.co.uk/2012/02/powershell-recursively-taking-ownership-of-files-and-folders-and-adding-permissions-without-removing-existing-permissions/

This is a very destructive and involved process. It should only be used as a last resort to fix a broken Windows Update system.

The machine will be somewhat unusable until it is rebooted and should be rebooted right away.

Many different and unrelated apps may throw odd and misleading errors until the reboot happens

General process:

  1. Stop Windows Update Services
    1. Stop BITS
    2. Stop wuauserv
    3. Stop appidsvc
    4. Stop cryptsvc
  2. Remove QMGR Data File
  3. Rename the software distribution and CatRoot folders
  4. Remove the old Windows Update log
  5. Reset the Windows Update services to default settings (bits and wuauserv anyway)
  6. Re-Register a pile of DLLS related to windows update and surrounding technologies
  7. Remove the WSUS client settings from the registry
  8. Reset WinSock
  9. Delete any-and-all BITS jobs
  10. Install the Windows Update Agent (KB2937636)
  11. Force discovery
  12. Reboot

1E-GuaranteedState-Precondition-1EClient-Version

PreCondition

Checks for the existence of the 1E client with version lower, same or higher (%DesiredResults%) than %VersionToCompare%.


VersionToCompare
A version number to compare against the installed 1E Client version number.
Examples:
5
5.0
5.0.0
5.0.0.745

DEFAULT: 0

DesiredResults
The outcome that's desired when actual version is compared to passed in version.

DEFAULT: SameOrHigher

Valid values:

  • SameOrLower
  • Lower
  • Lower_MajorLower
  • Lower_SameMajor
  • Lower_SameMajorMinor
  • Lower_SameMajorMinorRelease
  • Same
  • Higher_SameMajorMinorRelease
  • Higher_SameMajorMinor
  • Higher_SameMajor
  • Higher_MajorHigher
  • Higher
  • SameOrHigher

1E-GuaranteedState-Precondition-MEMCM-AssignedSite

PreConditionCheck the CM client is assigned to %SiteCode%SiteCode
Check to see if the MEMCM client is assigned to this site code

1E-GuaranteedState-Precondition-MEMCM-CacheSizeBetween

PreCondition Check the CM cache size is between %MinMB% and %MaxMB%

MinMB
The cache size should be at least this big (in Megabytes)

MaxMB
The cache size should be at most this big (in Megabytes)

1E-GuaranteedState-Precondition-MEMCM-CertificateInStore

PreCondition

Check the CM certificate is in the certificate store by checking CM log files in %MEMCMLogsDirectory%

This checks the ClientIDManagerStartup.log for "Failed to find the certificate in the store" error messages, which indicates the CM client certificate is likely missing.

MEMCMLogsDirectory
The full path to the MEMCM client logs directory (%Environment% variables accepted)

1E-GuaranteedState-Precondition-MEMCM-ClientCommunication

PreCondition

Check the CM client has sent data back within the last %Days% days

This checks to see if hardware inventory, software inventory, DDRs or IDMIFs have been sent anytime in the past %Days% days.

Days
Look for client messages sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-ClientProvisioningMode

PreConditionCheck if the CM ClientProvisioningMode is set to %TrueFalse%TrueFalse
True represents client provisioning ON, False represents client provisioning OFF

1E-GuaranteedState-Precondition-MEMCM-DataDiscoveryRecordSent

PreCondition Check the CM client has sent a DDR (Data Discovery Record) within the last %Days% days Days
Look for DDRs sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-FileCollectionSent

PreCondition Check the CM client has performed a file collection within the last %Days% days Days
Look for file collection sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-GlobalLogginConfiguration

PreCondition Check the CM client logging is configured with %Loglevel%, %MaxSize%, %MaxHistoryFiles% and %DebugLogging% settings configuration %LogLevel% %MaxSize% %MaxHistoryFiles% %DebugLogging%

LogLevel
The logging level
Valid Values: Verbose, Normal, None

MaxSize
The maximum size (in Bytes) that the MEMCM logs may grow before rolling over

MaxHistoryFiles
The number of incremented log files to accumulate before deleting

DebugLogging
True means debug logging should be on, False means it should be off

1E-GuaranteedState-Precondition-MEMCM-HardwareInventorySent

PreCondition Check the CM client has sent hardware inventory within the last %Days% days Days
Look for hardware inventory data sent back in this number of days

1E-GuaranteedState-Precondition-MEMCM-IDMIFCollectionSent

PreCondition Check the CM client has performed an IDMIF collection within the last %Days% days Days
Look for IDMIFs sent back within this number of days

1E-GuaranteedState-Precondition-MEMCM-MachinePolicyValid

PreConditionCheck the CM client has checked for machine policy within the last %Days% daysDays
Look for machine policy validated within this number of days

1E-GuaranteedState-Precondition-MEMCM-SoftwareInventorySent

PreConditionCheck the CM client has sent software inventory within the last %Days% days.Days
Look for software inventory data sent back within this number of days

1E-GuaranteedState-Precondition-MEMCM-StatusMessagesSent

PreConditionCheck the CM client has sent status messages within the last %Days% days.Days
Look for status messages sent back within this number of days

1E-GuaranteedState-Precondition-MEMCM-UserPolicyValid

PreConditionCheck the CM client has checked for user policy within the last %Days% daysDays
Look for user policy validated within this number of days

1E-GuaranteedState-Precondition-Process-Exists

PreConditionCheck the %Executable% process exists (is running)Executable
The name of the executable that should be running

1E-GuaranteedState-Precondition-Service-Exists

PreConditionCheck the %ServiceName% service existsServiceName
Shortname of the service

1E-GuaranteedState-Precondition-Software-Exists

PreCondition

Check for the existence of %Publisher% %Product% with version %VersionDesiredResult% than %VersionToCompare%

Checks if the specified Publisher and Product is installed and that the version is lower, same or higher than the target (VersionToCompare

Publisher
Check for this publisher name

Product
Check for this product name

VersionToCompare

The software product version to use as the comparison

DEFAULT: 0

VersionDesiredResult
The outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

  • SameOrLower
  • Lower
  • Lower_MajorLower
  • Lower_SameMajor
  • Lower_SameMajorMinor
  • Lower_SameMajorMinorRelease
  • Same
  • Higher_SameMajorMinorRelease
  • Higher_SameMajorMinor
  • Higher_SameMajor
  • Higher_MajorHigher
  • Higher
  • SameOrHigher

DEFAULT: SameOrHigher

1E-GuaranteedState-Precondition-WindowsUpdate-ConnectionOK

PreConditionCheck that the Windows Update connection is OK

1E-GuaranteedState-Precondition-WindowsUpdate-Source

PreConditionCheck that the connection to the %Source% Windows Update source is OK

Source
The windows update source (% wildcard accepted)

Valid Values:

  • SCCM (MEMCM)
  • WSUSL (WSUS - Local)
  • WSUSR (WSUS - Remote)
  • %

DEFAULT: %

1E-GuaranteedState-Precondition-WindowsUpdate-SourceId

PreConditionCheck that a Windows Update connection is OK for %SourceId%

SourceId

The identity of the source of updates. E.g. for a ' SCCM ' source this will be the site ID, or for WSUS it will be the URL to WSUS.

1E-GuaranteedState-Precondition-Wmi-ClassColumnVersion

PreCondition

Check if the value of the WMI attribute defined by %Namespace%, %Class%, %ColumnName% (and optional %WhereClause%) is a version number (e.g. 7.2.5.612) that is lower, higher or the same (defined by %DesiredResult%) as %VersionToCompare%


Namespace
The WMI namespace to check existence (ROOT\cimv2 for example)

Class
The WMI class that should exist in specified namespace (ignored if %)

WhereClause
The WHERE clause to use when querying this class (use {none} for no filter)

ColumnName
The column name from querying the class which holds a version string

VersionToCompare

The software product version to use as the comparison

DEFAULT: 0

DesiredResult
The outcome that's desired when the software product version is compared to SoftwareVersionToCompare

Valid values:

  • SameOrLower
  • Lower
  • Lower_MajorLower
  • Lower_SameMajor
  • Lower_SameMajorMinor
  • Lower_SameMajorMinorRelease
  • Same
  • Higher_SameMajorMinorRelease
  • Higher_SameMajorMinor
  • Higher_SameMajor
  • Higher_MajorHigher
  • Higher
  • SameOrHigher

DEFAULT: SameOrHigher

1E-GuaranteedState-Precondition-Wmi-ClassExists

PreConditionCheck for the existence of WMI %Class% in %NameSpace%

Namespace
The WMI namespace to check existence (ROOT\cimv2 for example)

Class
The WMI class that should exist in specified namespace (ignored if %)

1E-GuaranteedState-Precondition-Wmi-ClassQuery

PreConditionCheck for any data returned from specified WMI %Class% and %Namespace% using (optional) %WhereClause% and %ColumnList%

Namespace
The WMI namespace to check existence (ROOT\cimv2 for example, ignored if %)

Class
The WMI class that should exist in specified namespace (ignored if %)

WhereClause
The WHERE clause to use when querying this class (use {none} for no filter)

ColumnList
A list of columns to select from the WMI class (use {all} for all columns)

1E-GuaranteedState-Precondition-Wmi-NamespaceExists

PreConditionCheck for the existence of WMI %Namespace%Namespace
The WMI namespace to check existence (ROOT\cimv2 for example)

1E-GuaranteedState-Precondition-Wmi-RepositoryConsistent

PreCondition

Check that the WMI repository is consistent

Runs winmgmt.exe /verifyrepository and fails if 'is not consistent' appears in the returned result 


Trigger templates

The following table shows the trigger templates included in the Nomad Client Health Integrated Product Pack.

The Parameters column in the following table shows the ranges and default values for the parameters. The default values are used when you create custom rules using these templates, unless you select alternative values.

NameReadable Payload and summaryParameters
TriggerTemplate-FileChange


On change of file "<fileName>"

When a file changes (Windows only)


File Name

  • File path of file to be monitored, default is null.
TriggerTemplate-IntervalHours


Every <intervalHours> hours

Periodic (hours)


Interval Hours

  • 0 to 999 hours (approximately 42 days), default interval is 12 hours.
TriggerTemplate-IntervalMinutes


Every <intervalMinutes> minutes

Periodic (minutes)


Interval Minutes

  • 0 to 99,999 minutes (approximately 69 days), default interval is 30 minutes.
TriggerTemplate-IntervalSeconds


Every <intervalSeconds> seconds

Periodic (seconds)


Interval Seconds

  • 0 to 999,999 seconds (approximately 11 days), default interval is 3600 seconds (1 hour).
TriggerTemplate-ProcessCrash


On crash of process "<executable>"

When a process crashes (Windows only)

Monitors the Windows Application Event Log for event 1000.

Executable is case insensitive but is required to be the whole filename without the folder path, such as unreliableapp.exe A partial string such as unreliableapp will not trigger on a crash of unreliableapp.exe.


Executable

  • Filename of executable to be monitored, default is empty.
TriggerTemplate-ProcessLaunch


On launch of process "<executable>"

When a process starts (Windows only)

Monitors the Windows Security Event Log for event 4688.


Executable

  • File path of executable to be monitored, default is empty.
TriggerTemplate-ServiceStatusChange


On change of running state of the "<serviceName>" service

When the state of the named Windows service changes

You can determine the short name of a service using the PowerShell cmdlet

get-service -DisplayName "Network Location Awareness"

This will return  NlaSvc  in the above example. It is this short name you specify in the <ServiceName> parameter.


Service Name

  • Short name of service - for example NomadBranch.
TriggerTemplate-WindowsEventLog


On Windows"<channel>"; event log entry matching "<query>" (debounce for <debounce> seconds)

When an event log entry is created (Windows only)

A  channel  is an event sink, example standard channel names are Application or Security.

To determine the available event channels execute the following PowerShell command:

Get-WinEvent -ListLog *

Or to view the event channels on a remote computer:

Get-WinEvent -ListLog * -ComputerName <hostname>

Similarly to view event log entries for a given channel either use Event Viewer or from PowerShell for example:

 Get-EventLog application | where {($_.EntryType -Match "Error") -or ($_.EntryType -Match "Warning")}

Or:

[dateTime]$oneWeekAgo = (get-date).addDays(-7)
Get-EventLog -LogName Application -After $oneWeekAgo -computerName . | ? {$_.EventID -eq 1000}

A  query  is used to filter the event log messages for a given channel. Examples can be found at  https://docs.microsoft.com/en-us/windows/win32/wes/consuming-events.

For example to query all OneNote application crashes error log messages:

*[System[(Level=2) and (EventID=1000)]] and *[EventData[Data='onenote.exe']]

Debounce is a settling period to ensure that in the case of multiple events, only a single event is registered within the space of a given time period.


Channel

  • Text string, default null.

Query

  • Text string, default null.

Debounce Time Seconds

  • 0 to 99 seconds, default 0.
TriggerTemplate-WindowsRegistryChange


On change of registry values in "<hive>\<subkey>" (include subkeys=<includeSubkeys>)

When the value of a Windows registry key changes.


Hive, which must be one of:

  • HKLM (default)
  • HKCR

Subkey  : free text string, default empty.

Include Sub Keys  : 1/0 default 0.