![]()
Last March, our own Sandy Yinghua challenged David James to a friendly competition of sharing the best tips and tricks for ConfigMgr. What resulted was a month’s worth of tweets from ConfigMgr team members and the community, highlighting useful tips and handy tricks.
Due to the popularity of event, the quality and quantity of tips, and the sheer amount of fun that was generated, we are doing again in 2020!
This year’s event is “21 Days of MEM Tips”, with the hashtag #21DaysOfMEMTips.
Starting on March 5th, feel free to post your best or favorite tips for anything related to Microsoft Endpoint Manager. These can include ConfigMgr, Intune, Autopilot, Community Tools, PowerShell, SQL, or whatever you think would be beneficial. When posting, please include the hashtag #21DaysOfMEMTips so your tip can be properly archived and attribution given.
Day 1
David James
attach #configmgr 2002.2 tp to Intune, so you can see ALL of your #memcm clients (including win7 and servers) in Intune!, and take (some) actions on them now… And do much more with them later (soon)!
Chris Buck
Enable Dynamic updates as it contains updated setup files needed for Your upgrades. Also make sure you set ignore dismissible compat warnings to boost your successes rate on IPU scenarios.
RyanH
Change your CMTrace highlight color to green, then use it to highlight something your’re troubleshooting for quicker log scanning.
Matt Toto
Quick filter your Site Systems based on Role by right-clicking Server and Site System Roles then selecting the role.
Martin Himken
Hey #21DaysOfMEMTips get into baselines. Since they can be used for conditional access in conjunction with co-management for O365. That gives you way more options!
Mr Wyss
Tip: run cmtrace without navigating to c:\windows\ccm, simply do WIN+R “ccm/cmtrace” ENTER. yes forward slash
Chris Shilt
Pin the Logs folder in Quick access to get, well, quick access to your logs folder. Makes it easier to traverse to other folders, like Inboxes, as well.
Steven M. Salter
If you accidentally decline an update in WSUS, for cleanup or error and then it ended up expired in ConfigMgr but need it back, set the approval to not approved, then perform a FULL SYNC. PoSH Sync-CMSoftwareUpdate -FullSync $True
Damien Solodow
If you aren’t using the DGA WSUS/SUP maint script, you probably should.
Cody Mathis
You can find things easier on Twitter by using twitter.com/search-advanced
Day 2
Adam Gross
Did you know that you can create folders under All Software Updates in the #MEMCM console? I randomly tried it the other day and it blew my mind. I was able to move all of extra Feature Updates into a folder to make it easier to find things.
Martin Bengtsson
Not a local admin, but device is managed with ConfigMgr? No problem – add yourself as local admin in a jiffy using #ConfigMgr scripts
Sune Thomsen
Forgot the local administrator password? No worries, just change it with the build in “Run Script” in #MEMCM
RyanH
Need to help someone find something in the console quickly? The address bar is can copied and pasted! Not sure how long I have over looked this..
Chris Buck
Use indexed views when building your collections. Nobody is happy with long evaluation times, in any size environment.
Garth Jones
Explaining how to use the previous tip
Merlin from Belgium
Do you use “powercfg /s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c” in OSD Task Sequences? #MEMCM 1910 introduced the High Performance mode in the TS properties tab. Instead of changing props for each TS, add a variable to OSD collections: TSHighPerfMode = True
Nathan J Bridges
If your MEMCM collection update takes an hour or more to update once you add a device to a collection, MAKE sure your SQL “TEMP” DB is NOT out of disk space. Once space was available collection update took 1 minute!
Jörgen Nilsson
Enabling strong authentication in ConfigMgr Admin Console
Fabian Szalatnay
Found a DT id in logs and wonder which app it is? Here’s my One-Liner:
Get-CMApplication ‘*’ | % {if (([xml]$_.SDMPackageXML).AppMgmtDigest.DeploymentType.LogicalName -eq ‘DeploymentType_28fd8bcd-31e8-4121-831a-79933a574982’ ) {$_.LocalizedDisplayName}}
Sune Thomsen
Is the trust relationship broken between the client and dc? No worries, fix it with “Run Script” or a CI from the #MEMCM console
Donna Ryan
“Letting it bake…”
Day 3 and Day 4 (weekend)
Donna Ryan
Do you want to install a Distribution Point on a Domain Controller?
Chris Buck
Default software update maximum run time is 60 minutes. When ConfigMgr calculates whether an update can install, it adds five minutes to the maximum run time to account for a restart. Remember this needs to fit within your MW
Madhu Sunke
Shortcuts on client PC to open directly CCM,CCMCache folders and configuration manager control panel applet rather navigating.
1. Windows +R – type CCM 2. Windows + R – type CCMCache. 3. Windows + R – type control smscfgrc
Chris Buck
Using USMT to move data to the SMP? take a look inside your MDT Toolkit for ZTIUserState.wsf. You see the estimated need on your local disk is 1.1x the size of data you are trying to capture needs to be available.
Day 5
Donna Ryan
Use F7 in CMD and “h” in PowerShell to display a list of previously typed commands.
RyanH
Tip 3: I try to organize my source data with the same folder layout as in my console. This only works if you can use folders unlike #BigBank Whatever you do, pick a strategy and STICK with it!
Chris Buck
To avoid SMP connection refusal errors increase the default of 100 to something more suitable. The setting is for total established connections (successful or in progress) within deletion policy time, not concurrent connections.
Nouroz Gaming
Use F7 in CMD and “h” in PowerShell to display a list of previously typed commands. (Repost)
Damien Solodow
Take ci_uniqueid from Get-CMSoftwareUpdate and pass it as UpdateID to Get-WsusUpdate | DenyWSUSUpdate.
Day 6
Chris Buck
If you’re on a specific version of ConfigMgr and your client is at that level in the prod environment …make sure your OSD task sequence installs that same level client, and not a client that is 1 year older so you can get the full benefits immediately
Ram Lan
When you distribute a package to DP and admin ask what % is complete – you can find it from monitoring section. Click Asset Details – Package – More Details – You will see % download complete.
RyanH
Audit your synced updates that are ‘required’ but not deployed. Then fix it. This won’t work for new patches that your environment hasn’t scanned against. I also add ‘is on or before last month’ to prevent this months patches from showing.
Fabian Szalatnay
Wanna know which Apps install in user context? Get-CMApplication | Sort LocalizedDisplayName | % {if (([xml]$_.SDMPackageXML).AppMgmtDigest.DeploymentType.Installer.ExecutionContext -eq ‘user’) {$_.LocalizedDisplayName}}
Day 7
Chris Buck
Disable Software Inventory and leverage Compliance Items to inventory files when needed. SW inventory is low priority which can take several hours to run and will both Hardware inventory and Heartbeat cycles until SW inventory is complete
David James (Retweet of Matt Benninge)
Use strcat() to combine two string columns .OperatingSystem| summarize count() by strcat(Caption, ‘ ‘, BuildNumber) | render piechart
Panu Saukko
WSUS info with #MEMCM 1906+ CMPivot: WindowsUpdate | project Device, AUOptions, UseWUServer | join (Registry(‘HKLM:\\Software\\Policies\\Microsoft\\Windows\WindowsUpdate’) | where Property ==’WUServer’ | project Device, WSUSServer=Value) | order by Device asc
Fabian Szalatnay
Cmdline my apps use: $f=”$env:temp\cl.csv”;ri $f -EA 0;Get-CMApplication|Sort LocalizedDisplayName|% {echo “$($_.LocalizedDisplayName),$(([xml]$_.SDMPackageXML).AppMgmtDigest.DeploymentType.Installer.CustomData.InstallCommandLine)”>>$f};Import-Csv $f -H Name,CL
Day 8
Chris Buck
If your site server is rejecting registration requests as those will not be functional clients. You can resolve by running 1st code below to identify them, and then 2nd code to clear revoked status and they will then begin to re-register
Day 9
Ioan Popovici
Using the #MEMCM Run Scripts feature is awesome. What sucks is to create scripts for a one time task. To solve this I’ve made a script that accepts a script block parameter. By the way this is dangerous so don’t do this on a regular basis…
Donna Ryan
Use Status Message Queries to follow TS Status and diagnose issues. It’s way easier than trying to read SMSTS.LOG. Monitoring -> Status Message Queries -> All Status Messages Filter on Task Sequence Engine or the Computer’s name
Chris Buck (RT of James Orlando)
Also use installed Software Product Name your queries will evaluate faster since that column is indexed
Gark Blok
Use an Embedded PowerShell Script to Document the TS. Just remember to Disable the Step.![😉]()
I like to add a lot of notes to the Description and make step names meaningful, but sometimes you have more info than can fit in those fields.
Julie Andreacola (RT of James Orlando)
The more you know..
Nickolaj Andersen
Driver Management script will now allow you to test any supported computer model against the driver packages to see if a match can be found, when running the script in DebugMode
Day 10 and Day 11 (weekend)
Chris Buck
Avoid using “Like” or “%” logic on collections unless absolutely necessary. If you know what you want just use “equal to” in your logic Keep your database happy.
Fabian Szalatnay
Activate the plain text filter with Index Service for *.log files and add your log folder to the index. Now you can search for content within log files within folder structures (e.g. app or package name).
Day 12
Fabian Szalatnay
If not used often I forget the string “smscfgrc”. Therefore create new shortcut file in windir, call it “sccm” and enter “control smscfgrc” as the command. Now use Windows+R -type sccm. Voilà. Deploy the .lnk file to all clients if needed.
Day 13
Cody Mathis
Show OneDrive version landscape with #CMPivot It is per logon. Old logon=old version! #21DaysOfMEMTips File(‘C:\Users\*\AppData\Local\Microsoft\OneDrive\OneDrive.exe’) | project Version = substring(Version, 0, 6) | summarize count() by Version | render barchart
Bryan Dam
Just spit-balling: Bunch of users suddenly working from home? VPN being crushed by patch rollout? On the VPN boundary group enable ‘Prefer cloud based sources over on-premises sources’. As of #ConfigMgr 1902 that includes update content. c/o @CodyMathis123
Day 14
Fabian Szalatnay
If you’re not doing it already, do it! Use direct rules instead of query rules for AD group membership collections. Great write-ups
Day 15
zvensch
Wondering that your #CMTrace shows empty logfiles? Make sure “Ingnore Existing Lines” Checkbox is unchecked.
Day 16
Dave Dyer
Simplifying User Application Deployments in ConfigMgr – A Square Dozen
Day 17
Damien Solodow
You can schedule reports to run & deliver via email. Useful for say “machines in collection not compliant with SUG” to email to your desktop team/helpdesk.
Day 21
Fabian Szalatnay
Did you know you could double click a row in deployment status and will end up with a temporary “collection” containing those clients?
RyanH
no_sms_on_drive.sms
RyanH
If you want to mess with a #MEMCM admin, change their CMTrace File > Preferences to highlight with ‘Red’ then change Tools > Highlight to ‘2020’ so that their whole log looks like its one big ‘Error’….
(3255)
The post 21 Days of MEM Tips appeared first on MSEndpointMgr.
I like to add a lot of notes to the Description and make step names meaningful, but sometimes you have more info than can fit in those fields.