Skip to main content
| Sherry Kissinger
For some objects in the console, the metadata for that object is within an xml-formatted object, saved as a single field in SQL. As XML, that makes it a bit more difficult to tease out what you might want to see, in a SQL query or SQL Report. One of those objects you might be interested in would b…
| Sherry Kissinger
I was recently tasked with using the EntraID SDK (think get-mgDevice and update-MgDevice) to query, clear, or update any one of the 15 extensionAttributes which are available for Azure / EntraID devices. Devices.  Not users.  There were lots of examples out there on setting attributes for users in…
| Sherry Kissinger
I had the occasion to want to check the DP and SUP configurations for whether or not LEDBat was enabled for those roles, and yes... I absolutely could go look in the console, go to every server with a dp or sup role, right-click, and look.  But... being me, I knew that information had to be in SQL…
| Sherry Kissinger
Have you ever noticed that by default, the devices (Windows 10, 11, Servers) don't report up their 'marketing name' in standard inventory?  Like 22H2, or 21H2? Ever find that annoying?  Sure, you can extend inventory to pull in the regkey of SOFTWARE\Microsoft\Windows NT\CurrentVersion\DisplayVersi…
| Sherry Kissinger
An important, but often neglected, feature of Software Center is to associate icons with the visible deployments in Software Center.  You can add a visible icon to your Available things in Software Center:  Applications, Packages(Advertisements), and Task Sequences (Advertisements... or OSD deploym…
| Sherry Kissinger
Because of this reddit post, Maintenance Task does not finish, I got inspired to look closer at maintenance tasks.  There is already a view for seeing what your tasks are set to, and how long they have taken to run the last time they ran. There is also a very helpful instructions here, How site ma…
| Sherry Kissinger
At my company, there was recently a need to verify a custom vendor browser extension, specifically for Edge.  I found several methods for gathering Chrome extensions (including a clumsy attempt by myself several years ago), but then stumbled across this method, which could be modified to run as a C…
| Sherry Kissinger
There are several examples of 'how to inventory' per-user installed applications and version, like Teams, or OneDrive, etc.  This is another one, from Benjamin Reynolds, and I've tested it a few times to make sure it worked like I thought it would. Overall, the steps are.. 1) deploy the CI inside…
| Sherry Kissinger
If you are less than pleased with how file inventory functions (badly named 'Software Inventory' in CM), like me, this is possibly something you'd want to test in your lab (you have a lab, right) and see if for those occasional requests we all seem to get for "can't you just inventory a file...", t…
| Sherry Kissinger
Update to this previous blog: https://tcsmug.org/blogs/sherry-kissinger/287-cm12disableinventorythrottling  That blog entry, from 2013, was written in vbscript.  This is updated to be powershell, and to ensure that the local policy override is 'the latest version' so that it does end up…
| Sherry Kissinger
If your internal security team require you to harden IIS, specifically in regard to QID 2011827 (a Qualys recommendation), depending upon how your security team requires you to implement QID 2011827 recommendations, you may need to set those "customHeaders" at either the root level of iis (…
| Sherry Kissinger
It used to be (prior to 1809 Windows 10) that one could inventory the wmi class win32_optionalfeatures and know if RSAT was installed or not. Apparently that is no longer the case; and from what I could discover online, the only supported method is to use the powershell command Get-WindowsCapabilit…
| Sherry Kissinger
"Back in the Day", --> Here <-- a vbscript was created to allow for ConfigMgr (version 2012 at the time was the version I was using) to be able to custom inventory the members of Local Groups. This was mostly in response to manager-type requests to know "what individuals or groups are inside…
| Sherry Kissinger
Over the years we've uncovered various iis settings for our Management Points and Distribution Points, which we've found needed tweaking (for a company our size and complexity). Perhaps none of these settings will be relevant in your environment. If you have some issues with your clients' ability t…
| Sherry Kissinger
I thought this information was already blogged by someone else--I certainly know I stole it from someone else years ago. But now I can't find that blog. If this is your work; please accept my apologies for not crediting you correctly. Reporting on "Attached Monitors" is occasionally something whic…
| Sherry Kissinger
If you happen to be curious about what versions of Powershell are installed/available on your clients, here's one way to pull out the information.  Note that the regkey locations for some of this information has changed from version 2 to higher versions, so it's completely possible that a future up…
| Sherry Kissinger
Background for context: I happen to work at a large company, which has more than 300,000 employees. Using Enterprise Client Management (MEMCM), we often deploy 'free' Software to the majority of users (think something like Adobe Reader, or Google Chrome). This is so that as soon as <new employe…
| Sherry Kissinger
Have you ever wondered if you could get a report of all your Application Deployments' options?  The ones which are in the GUI for things like "User Experience, Show a dialog window instead of a toast", or "Deployment Settings, Send wake-up packets".  No?  Well, I did.  So with the help of my good f…
| Sherry Kissinger
We were tasked at our company to get some statistics around machines which went through inplace upgrades, vs. machines which were on an 'original image' (or bare metal image, or whatever phrase you would like to give that). With the assistance of --> Gary Blok <-- he suggested using the subk…
| Sherry Kissinger
There is a situation which MIGHT happen for you.  The default for Cumulative Updates is, I believe 60 minutes now.  But many updates are still defaulting to 10 minutes.  I don't personally think that default should change, however, occasionally there are large updates (think Microsoft Office update…
| Sherry Kissinger
As part of a presentation for the 2019 Midwest Management Summit in Minneapolis, one of the sessions I'm presenting with Jeff Bolduan is Configuration Items.  As part of that session, we'll be demoing using a PowerShell Script to create PowerShell-based Configuration Item.   If you want to see ho…
| Sherry Kissinger
Thanks very much to Umair Khan, Twitter @TheFrankUK, for the assist!  One of the hiccups recently was making sure to exclude "globaldata" type HIST tables, so that DRS replication doesn't want to go into MAINTENANCE_MODE and re-initialize global data. Have you ever noticed, being the extreme Co…
| Sherry Kissinger
This routine has only had a limited life in a lab environment with only 3 clients.  Use at your own risk, etc. etc.  No promises or guarantees, and it might be the Worst Thing Ever.  Test, test, and test some more.  What this routine would be for, is a custom powershell script, which tries to read…
| Sherry Kissinger
To assist in answering a question in this forum post: https://social.technet.microsoft.com/Forums/en-us/9017aca5-06aa-4a79-a034-a646b19b89fe/collecting-log-files-from-the-client?forum=configmgrcbgeneral I'm blogging on behalf of Srikant Yadav; he gave me permission to do so.  Thanks Srikant!  How…
| Sherry Kissinger
Over the years of troubleshooting the SCCM Client, even with the built-in CCMEval task to attempt to watch and remediate client health of the SCCM Client, experience has shown to those of us in the trenches that sometimes, despite everything else, simply restarting the SMS Agent Host (aka, ccmexec…