Microsoft

Microsoft Endpoint Configuration Manager Feedback

Suggestion box powered by UserVoice - Update: Microsoft will be moving away from UserVoice sites on a product-by-product basis throughout the 2021 calendar year. We will leverage 1st party solutions for customer feedback. Learn more

Matt Seng

My feedback

  1. 4 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas » Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
    Matt Seng supported this idea  · 
    An error occurred while saving the comment
    Matt Seng commented  · 

    Agreed. Trying to use this to delete hundreds of user profiles on lab computers and the script just ends with no real reason. The only way I figured it out was by finding this suggestion, and then confirming that my scripts were only running for about an hour before cutting off.

    Where is the timeout even documented?

    Edit: I see the following on the official documentation (https://docs.microsoft.com/en-us/mem/configmgr/apps/deploy-use/create-deploy-scripts#run-a-script):

    "After a script is approved, it can be run against a single device or a collection. Once execution of your script begins, it's launched quickly through a high priority system that times-out in one hour. The results of the script are then returned using a state message system."

    and

    "If a script does not run, for example because a target device is turned off during the one hour time period, you must run it again."

    However neither of these explicitly state that a script will be actively killed after an hour. At best, they only imply that the processes which start and monitor the script are only good for an hour.

  2. 7 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    3 comments  ·  Ideas » Application Management  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Matt Seng commented  · 

    I threw together this Powershell function which effectively does the same thing as tRew's code, but is more flexible and much more optimized for environments with lots of collections. It also has the code necessary so you can run it in a vanilla Powershell prompt, but that could be removed if you just use the prepared Powershell prompt via the admin console app.

    ---------------------------------------

    function Get-CMCollsWhichIncludeColl {

    param(
    [Parameter(Position=0,Mandatory=$true)]
    [string]$CollectionName,

    [switch]$GetDeployments,

    [string]$SiteCode="MP0", # Customize this for your site

    [string]$Provider="your-provider.company.com", # customize this for your provider

    [string]$CMPSModulePath="$($ENV:SMS_ADMIN_UI_PATH)\..\ConfigurationManager.psd1", # May need to customize this, depending on your environment

    [switch]$Loud
    )

    function log($msg) {
    if($Loud) {
    $ts = Get-Date -Format "yyyy-MM-dd HH:mm:ss:ffff"
    Write-Host "[$ts] $msg"
    }
    }

    function Prep-SCCM {
    log "Preparing connection to SCCM..."
    $initParams = @{}
    if((Get-Module ConfigurationManager) -eq $null) {
    # The ConfigurationManager Powershell module switched filepaths at some point around CB 18##
    # So you may need to modify this to match your local environment
    Import-Module $CMPSModulePath @initParams -Scope Global
    }
    if((Get-PSDrive -Name $SiteCode -PSProvider CMSite -ErrorAction SilentlyContinue) -eq $null) {
    New-PSDrive -Name $SiteCode -PSProvider CMSite -Root $Provider @initParams
    }
    Set-Location "$($SiteCode):\" @initParams
    log "Done prepping connection to SCCM." -v 2
    }

    $myPWD = $pwd.path
    Prep-SCCM

    # Get Collection ID
    $id = (Get-CMDeviceCollection -Name $CollectionName).CollectionId

    # Make arrays to store matching collections
    $colls = @()

    # Get all collections
    log "Getting all collections..."
    $allColls = Get-CMDeviceCollection
    log "Found $(@($allColls).count) collections."

    # Looping through all collections would takes forever (~10min in our environment), because it has to retrieve rules for each individual collection.
    # The collections don't store membership rules directly, but they DO store the number of Include/Exclude membership rules they have.
    # So, to save time, filter out collections which have <1 include rule.
    # In our environment, that cuts it down from ~680 collections to ~180, and from ~10min to ~3min.
    log "Filtering out collections which have no include rules..."
    $allColls = $allColls | Where { $_.IncludeExcludeCollectionsCount -gt 0 }
    log "Found $(@($allColls).count) collections with include/exclude rules."

    log "Looping through collections..."
    $i = 1
    foreach($coll in $allColls) {
    log " Processing collection #$i/$(@($allColls).count): `"$($coll.Name)`"..."

    log " Getting membership rules..."
    $rules = Get-CMCollectionIncludeMembershipRule -CollectionName $coll.Name

    log " Looping through membership rules..."
    $j = 1
    foreach($rule in $rules) {
    log " Processing rule #$j/$(@($rules).count)..."
    if($rule.IncludeCollectionId -eq $id) {
    log " Rule includes target collection."
    $colls += $coll

    if($GetDeployments) {
    log " -GetDeployments was specified. Getting deployments to this collection..."
    $coll | Add-Member -NotePropertyName "_Deployments" -NotePropertyValue (Get-CMDeployment -CollectionName $coll.Name)
    }

    break
    }
    else {
    log " Rule does not include target collection."
    }
    $j += 1
    }
    log " Done looping through rules."

    $i += 1
    }
    log "Done looping through collections."

    Set-Location $myPWD

    log "EOF"

    $colls
    }

    ---------------------------------------

    As the function name implies, by default this just gets collections which include a target collection, but it's only a couple extra lines of code to get deployments associated with those collections, which you can do with the -GetDeployments parameter.

    Example usage:

    ---------------------------------------

    # Get the data
    $colls = Get-CMCollsWhichIncludeColl "Target-Collection-Name" -GetDeployments

    # Output the names of the resulting collections
    $colls.Name

    # Output the names of the deployments to the resulting collections
    $colls._Deployments.ApplicationName

    An error occurred while saving the comment
    Matt Seng commented  · 

    I would also like to see this.

    In our environment, it makes more sense to create collections named after software titles, e.g. "Deploy AutoCAD (Required)". Otherwise the sheer number of duplicate deployments to various device collections becomes absurd.

    We'll include various collections in the "Deploy AutoCAD (Required)" collection's membership. So perhaps this collection includes a lab collection called "Engineering Lab".

    This works fine, however, if I select the "Engineering Lab" collection, and look at the deployments, nothing is listed, because the deployments to this lab are indirect, or "inherited" as tRew puts it.

    The powershell tRew provides is a helpful first step in finding what is indirectly deployed to a given collection, but this takes a long time to run (~10 minutes in our environment), and isn't very accessible to most of our MECM console users.

    There is already a function built into the console which finds "include" references that reference a given collection (it happens when you try to delete a collection which is included elsewhere). This function does not take a long time to work, so that logic is already solved and could be reused.

    Also, as tRew mentions, you can do this for individual devices, looking at the "Deployments" tab of a device's properties dialog. This is a useful workaround, but isn't ideal as it may list deployments that not all of its target collection mates will share, and the individual device could be excluded from collections (and thus from deployments) that its target collection mates may NOT be excluded from.

    Matt Seng supported this idea  · 
  3. 94 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    10 comments  ·  Ideas » Software Center  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Matt Seng commented  · 

    This is such a PITA that whenever I make changes to an app and am testing them, I run this Powershell code to confirm the app revision on the local test machines:

    function Get-RevisionOfAssignment($name) {
    $assignments = Get-WmiObject -Namespace root\ccm\Policy\Machine -Query "Select * FROM CCM_ApplicationCIAssignment" | where { $_.assignmentname -like $name }
    foreach($assignment in $assignments) {
    $xmlString = @($assignment.AssignedCIs)[0]
    $xmlObject = New-Object -TypeName System.Xml.XmlDocument
    $xmlObject.LoadXml($xmlString)
    $rev = $xmlObject.CI.ID.Split("/")[2]
    $assignment | Add-Member -NotePropertyName "Revision" -NotePropertyValue $rev
    }
    $assignments | Select Revision,AssignmentName
    }

    Get-RevisionOfAssignment "*autocad*"

    Matt Seng supported this idea  · 
  4. 37 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    9 comments  ·  Ideas » PowerShell  ·  Flag idea as inappropriate…  ·  Admin →

    Thank you for your feedback. Folder support is something that is very limited in the cmdlet library today and something that’s in our backlog to improve in a future release. In my opinion, I think the way things should work is if you’re in a collection folder in the cmdlet drive provider, it should just create the collection in the right place.

    I’ve linked this feedback to our internal work item to improve folder support so this doesn’t get lost.

    Thanks!

    Matt Seng supported this idea  · 
  5. 27 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  4 comments  ·  Ideas » Application Management  ·  Flag idea as inappropriate…  ·  Admin →
  6. 3 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas » Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Matt Seng commented  · 
  7. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Ideas » Software Center  ·  Flag idea as inappropriate…  ·  Admin →

    Updating status to Noted – see https://docs.microsoft.com/en-us/configmgr/core/understand/find-help#send-a-suggestion for an explanation of each value.

    Our 2002 release is now in the opt-in phase.

    Part of the new feature set is the addition of the task sequence deployment type. With that you would be able to use the friendly/localized name – this only applies to Software Center.

    Blog: https://techcommunity.microsoft.com/t5/configuration-manager-blog/update-2002-for-microsoft-endpoint-configuration-manager-current/ba-p/1272670
    Docs: https://docs.microsoft.com/configmgr/core/plan-design/changes/whats-new-in-version-2002
    Support Information: https://aka.ms/cmcssreleaseinfo

    Try it out and let us know your thoughts/feedback.

    Matt Seng shared this idea  · 
  8. 18 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Ideas » Operating System Deployment  ·  Flag idea as inappropriate…  ·  Admin →
    Matt Seng supported this idea  · 
  9. 1 vote
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Ideas » Client Operations  ·  Flag idea as inappropriate…  ·  Admin →
    Matt Seng shared this idea  · 
  10. 5 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    2 comments  ·  Ideas » Client Operations  ·  Flag idea as inappropriate…  ·  Admin →
    Matt Seng supported this idea  · 
  11. 18 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Noted  ·  4 comments  ·  Ideas » Client Operations  ·  Flag idea as inappropriate…  ·  Admin →
    Matt Seng supported this idea  · 
  12. 8 votes
    Vote

    We're glad you're here

    Please sign in to leave feedback

    Signed in as (Sign out)
    You have left! (?) (thinking…)
    1 comment  ·  Ideas » Tools  ·  Flag idea as inappropriate…  ·  Admin →
    Matt Seng shared this idea  · 

Feedback and Knowledge Base