I recently found in our infrastructure that a lot of new Windows Server 2012 Core Edition were installed for specific reason. This edition can cause some problems to administrators that are not aware of SCCM commands.
Here is the list of actions that will be covered in this post:
- Configuration Manager client services and properties
- Configuration Manager agent scan trigger
- EndPoint Protection client installation and properties
- Logs directory
There’s a lot of commands that can be execute but I will give you the minimum to remember.
From ‘cmd’, type those commands for configuration manager.
Configuration Manager | Command |
---|---|
Properties | control smscfgrc |
Software Center | c:\windows\ccm\scclient.exe |
Client Health Evaluation | c:\windows\ccm\ccmeval.exe |
Service Start | c:\windows\ccm\ccmexec.exe |
Service Repair | c:\windows\ccm\ccmrepair.exe |
Service Restart | c:\windows\ccm\ccmrestart.exe |
Configuration Manager Client Scan Trigger with WMI
You can also trigger agent from WMI command line if you don’t want to open the configuration manager properties.
Client Agent | WMI Command |
---|---|
Application Deployment Evaluation Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000121}" /NOINTERACTIVE |
Discovery Data Collection Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000003}" /NOINTERACTIVE |
File Collection Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000010}" /NOINTERACTIVE |
Hardware Inventory Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000001}" /NOINTERACTIVE |
Machine Policy Retrieval Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000021}" /NOINTERACTIVE |
Machine Policy Evaluation Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000022}" /NOINTERACTIVE |
Software Inventory Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000002}" /NOINTERACTIVE |
Software Metering Usage Report Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000031}" /NOINTERACTIVE |
Software Updates Assignments Evaluation Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000108}" /NOINTERACTIVE |
Software Update Scan Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" /NOINTERACTIVE |
State Message Refresh | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000111}" /NOINTERACTIVE |
User Policy Retrieval Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000026}" /NOINTERACTIVE |
User Policy Evaluation Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000027}" /NOINTERACTIVE |
Windows Installers Source List Update Cycle | WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000032}" /NOINTERACTIVE |
Troubleshooting
Make sure to run those commands as administrator else you will receive an access denied error message.
If the execution is successful, you should see something like this.
Configuration Manager Client Scan Trigger with Powershell
*** Update : 2014-10-30 *** Thanks to MaxFlipz for this addition.
Powershell can also be used to launch scans on clients whether local or remote. Simply use the command Invoke-WMIMethod:
$Server = Server Name where you want to run the trigger. You can remove -ComputerName if you are locally on the server.
Client Agent | Powershell Command |
---|---|
Application Deployment Evaluation Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000121}" |
Discovery Data Collection Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000003}" |
File Collection Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000010}" |
Hardware Inventory Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000001}" |
Machine Policy Retrieval Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000021}" |
Machine Policy Evaluation Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000022}" |
Software Inventory Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000002}" |
Software Metering Usage Report Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000031}" |
Software Update Deployment Evaluation Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000114}" |
Software Update Scan Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000113}" |
State Message Refresh | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000111}" |
User Policy Retrieval Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000026}" |
User Policy Evaluation Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000027}" |
Windows Installers Source List Update Cycle | Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000032}" |
Endpoint Protection Client Installation and Properties
*** Update : 2015-05-08 ***
You can install an EndPoint Protection client locally on a machine with FEPInstall.exe. Simply copy the file somewhere locally on the device and execute with an elevated command prompt.
Client Installation | FEPInstall Switches |
---|---|
Silent setup | /s |
Silent extraction of the setup files | /q |
Normal installation | /i |
Install without uninstalling third-party software | /noreplace |
Policy file to be used to configure the client software | /policy |
Client software installation is opted in to the Microsoft Customer Experience Improvement Program. | /sqmoptin |
You can refer to TechNet for more details about FEPInstall.
You can manage a local EndPoint Protection client with MpCmdRun.exe. This table shows switches that can be used with the command line.
Client Action | MpCmdRun Switches | Additional Switches |
---|---|---|
Scan for malicious software based on default configuration | -Scan -ScanType 0 | |
Quick scan for malicious software | -Scan -ScanType 1 | |
Full system scan for malicious software | -Scan -ScanType 2 | |
File and directory custom scan for malicious software | -Scan -ScanType 3 | -File -DisableRemediation -BootSectorScan -Timeout |
Begins tracing Microsoft antimalware service's actions | -Trace | -Grouping -Level |
Gathers a bunch of files and packages them together in a compressed file in the support directory | -GetFiles | -Scan |
Restores the last set of signature definitions | -RemoveDefinitions -All | |
Remove all Dynamic Signatures | -RemoveDefinitions -DynamicSignatures | |
Performs definition updates directly from UNC path file share specified | -SignatureUpdate -UNC | -Path |
Performs definition updates directly from Microsoft Malware Protection Center | -SignatureUpdate -MMPC | |
List all quarantined items | -Restore -ListAll | |
Restores the most recently quarantined item based on threat name | -Restore -Name | -Path |
Restores all the quarantined items | -Restore -All | -Path |
Adds a Dynamic Signature | -AddDynamicSignature | -Path |
Lists SignatureSet ID's of all Dynamic Signatures | -ListAllDynamicSignatures | |
Removes a dynamic signature | -RemoveDynamicSignature -SignatureSetID | |
Enables integrity services | -EnableIntegrityServices | |
Submit all sample requests | -SubmitSamples | |
Use MpCmdRun alone to see additional information about the switches.
You will receive a return code if you use switch -Scan.
- 0 if no malware is found or successfully remediated
- 2 if malware is found and not remediated
Logs
You can find configuration manager logs in C:\Windows\CCM\Logs for any troubleshoot or C:\Windows\CCMSetup for installation logs.
You are now ready to troubleshoot client on a Windows Server 2012 Core Edition.
35 Comments on “Configuration Manager 2012 Client Command List”
Pingback: Server Bug Fix: SCCM - How to make new deployed applications appear in Software Center faster? - TECHPRPR
Don’t ask what others have done for you, but ask what you have done for others
Hi Nicolas,
This may be a very stupid question, but we have a test domain setup using SCCM 2012 R2 and tried forcing a software update on the client using one of the above 2 methods (WMIC or PowerShell). But we do not see the SMS_Client WMI class under root\ccm at all.
Do need to have something installed first on each of the domain client systems before we see this WMI Class?
Thanks a lot Nicolas, appreciated!
I’m trying to figure out how to run the User Policy Evaluation Cycle. If I run it as Admin, it returns “Not Found”. If I run it as the user, it returns “Access Denied”. Any suggestions?
15mqauNWLOp
Pingback: Scripting bulk client actions. » brokensolenoid
The PowerShell part is what I was looking for.
Thanks a lot Nicolas!
this is awesome, thank you Nicolas Pilon for the info .
thank you all for the interaction
Hello,
is there an option to check if the upgrade for OS was recieved(and not installed) on the Client?
Hi, is there a way to use this command to trigger all clients in the environment to run software update scan?
Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule “{00000000-0000-0000-0000-000000000113}”
CS,
Not sure if you’re still looking for an answer but the -ComputerName parameter takes an array. For instance you could do:
>$computers = Get-AdComputer -Filter * | Select-Object -ExpandProperty Name
>Invoke-WMIMethod -ComputerName $computers -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule “{00000000-0000-0000-0000-000000000113}”
I know I’m late to this party, but thanks Nicolas for this excellent write-up!!!
any new codes for current branch?
like how to trigger the SCCM restart feature?
Pingback: SCCM: refresh ‘Machine Policy Retrieval & Evaluation Cycle’ via WMI | RID500's Blog
Really tired of reading the lame powershell. My 2 cents:
$SMSCLI = [wmiclass]”\root\ccm:SMS_Client”
try
{
#machine policy retrival cycle
Write-Log “Running SCCM Machine Policy Cycle”
$SMSCLI.TriggerSchedule(“{00000000-0000-0000-0000-000000000021}”) | Out-Null
}
catch { Write-Log “SCCM Machine Policy Cycle not run” }
All work ok for me except the ‘User Policy Retrival Cycle” and ‘User Policy Evaluation Cycle” , any ideas or way around this? Am running CMD as administrator with WIN 7.
This is a great post! The only thing I’m missing is to trigger the SCCM client to show a ‘RebootPending’ pop-up. I’m writing a PowerShell script that does some settings with the SYSTEM ACCOUNT, but when it’s done it would be great if it could trigger SCCM to show the reboot pop-up like for other apps. Something like posted here: https://social.technet.microsoft.com/Forums/windowsserver/en-US/de340965-e2cf-45b2-82ec-9d49ce1f3b4a/trigger-sccm-client-computer-reboot?forum=configmanagersdk&prof=required
Hi, extremely helpful post, still!
Can we run these WMIC/PS commands directly after one another, or do we need to insert time-outs when scripting these actions? If so, whats the recommended wait?
I run then in both PS and in batch files and don’t use any timeouts. Works great
Yes ! No need for time out.
Thanks for posting this list! However, I think the entry for “Software Update Deployment Evaluation Cycle” may not be correct. I’ve had to use {00000000-0000-0000-0000-000000000108} to initiate this scan cycle.
Yeah you’re right. 108 is Software Updates Assignments Evaluation Cycle. I don’t why but before it was Software Updates Deployments Evaluation Cycle. 114 is Update Store Policy. The post has been updated.
Thanks for the flag.
Hi nice article. I’ve been trying by wmic and invoke-wmi for the trigger:
{00000000-0000-0000-0000-000000000122} app man user policy
But it’s saying it’s not found. 121 works.
Any thoughts?
No… on all your clients? your goal is to force an application deployment on users? I would suggest to use 121 if the users received the popup.
Yeah that’s what I thought too, but the app is a user based install. I have a custom client setting where software deployment is checked daily. The app discovery log shows that it checks everyday, but not for app user policies. I used client center to trigger the application manager user policy which I’m assuming is 122 and there was an immediate trigger to the deployment.
Hello… I was wondering if there was a trigger that can be run that will delete the local client cache? I am looking to put together a quick script that when run on a workstation will 1) clear the sccm cache 2) run a machine policy 3) run a software update scan cycle and 4) run a software update deployment evaluation cycle. Steps 2, 3, & 4 are easy thanks to your article but clearing cache seems to be more diffucult that I thought it would be. Are there any quick commands that can be run to do this or will clearing the cache require its own script? Thanks in advance for any info you can provide!!
Hello Leon,
There’s no builtin command to clear ccmcache because SCCM do it automatically when reaching the limit. However, you can check this nice post from Dave O’Brien explaining how to clear cache with a vbscript.
Based on Kaido Järvemets posting at http://cm12sdk.net, you need to do it with vbscript. Referred to this post for more details.
Great information. Thank you.
Dear,
I am facing issue in FEP client report. The client machines are updated with the latest definition, but in server the report are shows old data. Could you tell me which one of the above action item is responsible for FEP client to report that the Definition updated in a particular machine?
You can try the State Message Refresh from the list or check for Windows Updates Scan Cycle. State Message are updated each 15 minutes by default. You can configure in client settings.
class SCCMAgentActions
{
public void TriggerClientAction(string _computerName, string _ClientAction, string _ActionName)
{
try
{
ManagementScope scp = new ManagementScope(string.Format(@”\\{0}\root\ccm”, _computerName));
ManagementClass cls = new ManagementClass(scp.Path.Path, “sms_client”, null);
ManagementBaseObject inParams;
inParams = cls.GetMethodParameters(“TriggerSchedule”);
inParams[“sScheduleID”] = _ClientAction;
ManagementBaseObject outMPParams = cls.InvokeMethod(“TriggerSchedule”, inParams, null);
}
catch (System.Management.ManagementException ex)
{
MessageBox.Show(“There was an error trying to trigger action : ” + _ActionName + ” on : ” + _computerName + “, error = ” + ex.Message);
}
catch (System.Runtime.InteropServices.COMException ex)
{
MessageBox.Show(“There was an error trying to trigger action : ” + _ActionName + ” on : ” + _computerName + “, error = ” + ex.Message);
}
catch (System.UnauthorizedAccessException ex)
{
MessageBox.Show(“There was an error trying to trigger action : ” + _ActionName + ” on : ” + _computerName + “, error = ” + ex.Message);
}
}
}
you call the method like this
string computername = “”;
if (tracingDGV.SelectedRows.Count != 0)
{
for (int i = 0; i Actions.TriggerClientAction(computername, “{00000000-0000-0000-0000-000000000001}”, “Hardware Inventory”));
t.Start();
}
}
else
{
MessageBox.Show(“You did not select a row, select 1 or more rows and select the action again”);
}
Hi Mark, Can you provide more information about your comment? Thanks
Very helpful and for those who want to perform this in Powershell use:
$trigger = “{00000000-0000-0000-0000-000000000113}”
$trigger2 = “{00000000-0000-0000-0000-000000000114}”
Invoke-WmiMethod -ComputerName $server -Namespace root\ccm -Class sms_client -Name TriggerSchedule $trigger
Invoke-WmiMethod -ComputerName $server -Namespace root\ccm -Class sms_client -Name TriggerSchedule $trigger2
Obviously, we have added your suggestion in the post. Thanks!