ConfigMgr

ConfigMgr Report for Antimalware Policies

Posted on Updated on

Let’s say for a moment that your organization uses SCCM for management of Windows Defender Antivirus (WDAV in Windows 10, Server 2016) or System Center Endpoint Protection (SCEP for legacy platforms).  Currently in SCCM (1706 or older) the only out-of-box mechanism to identify and report upon the antimalware policies being applied to a computer is through the SCCM console, such as in the image below.

ConsoleAntimalwarePolicies

What if the organization has a separate team or individual that needs that data – but you don’t want to provide them with the SCCM console?  You give them a report of course!  This quick guide will show you key things to do to obtain that info. The key steps are:

  1. Identify the SQL views being referenced by the SCCM console.
  2. Grant read permission of the SQL view to the SRSS reporting service account.
  3. Create the SRSS report.

Step 1: Identify the SQL views being referenced by the SCCM console.

  1. In the SCCM console, open the Antimalware Policies tab on the computer record
  2. Open the site server log SMSProv.log (and scroll to the end)
  3. Find the correlating “Execute SQL=” query to identify the SQL view(s) being used

    FindSQLqueryView

Step 2: Grant read permission of the SQL view to the SRSS reporting service account.

  1. Identify the service account being used by SCCM for SRSS reporting
    Tip: navigate to Administration > Security > Accounts, then locate the account being used for “ConfigMgr Reporting Services Point”
  2. Open SQL Management Studio (with a user account that has permissions to modify SQL permissions) and select the SCCM database
  3. Run the following GRANT command against the SCCM database
GRANT SELECT ON [dbo].[vSMS_G_SYSTEM_AmPolicyStatus] TO "DOMAIN\user"

GrantSQLview

Step 3: Create the SRSS report.  First off, there are many different ways that you can design the report.  To mimic what the SCCM console does, I usedan existing report with a selection box for the Computer Name, then just modified the executing query.

    1. Used report “Computer information for a specific computer” as an example baseline for selecting the computer name for a variable.
    2. Create a new report (using SQL Report Builder) to mimic the above report with the appropriate Data Source, Data Set(s), and Parameters

      AntimalwareReportBuilder

    3. Modified the SQL query to use the following code
SELECT APS.Name, APS.Priority, APS.LastMessageTime, @variable AS 'Computer Name'
FROM vSMS_G_SYSTEM_AmPolicyStatus as APS
JOIN v_R_System as SYS on APS.MachineID = SYS.ResourceID
WHERE SYS.Name0 = @variable
  1. Test execute the report to confirm the results
    Tip: in Report Builder, click the Run button on the Home tab
  2. Save, finish, and report!

AntimalwareReportResults

Advertisements

Inventory of systems that are using Offline Files

Posted on Updated on

If you need a mechanism by which to identity or inventory systems that have cached files using Offline Files, you can retrieve details through WMI in Win32_OfflineFilesItem.  ConfigMgr inventory can be easily expanded to collect this data for reporting.  Below is an example screen shot from my lab on a Win7 system that has a cached offline file.  Be aware, and keep in mind that you may risk exposing confidential information based upon the server or file name. 

 offlinefiles_wmi

 

p.s. happy Pi day

Getting Started with Windows 10 Provisioning Packages

Posted on Updated on

This is a quick guide to help you get started with using a Windows 10 Provisioning Package to configure Windows 10 during deployment.  This example specifically focuses on (and was tested) for a bare-metal deployment using ConfigMgr 1511 and Windows 10 1511.

[Update 2/23/17] – the WICD tool is now also available as a universal app from the Windows Store at https://www.microsoft.com/store/apps/9nblggh4tx22.

  1. Start WICD with ICD.exe from C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\
  2. Create the desired customizations, such as:
    • Disabling automatic updates for the Windows Store
      AllowAppStoreAutoUpdate
    • Homepage for the Edge browser
      HomePages
    • Allow Cortana
      AllowCortana.png
    • Disallowing Windows tips
      AllowWindowsTips
    • Set a custom Start menu layout
      Note: to easily create the LayoutModification.xml file, simply adjust the start menu as you would like, then run PowerShell command “Export-StartLayout -Path C:\Temp\LayoutModification.xml”
      StartLayout.png
  3. Export the provisioning package
    • Description of the package
      ProvPkg1
    • Set the desired security
      ProvPkg2
    • File save location
      ProvPkg4
    • Build the package
      ProvPkg5
  4. Apply the provisioning package
    More info: https://msdn.microsoft.com/en-us/library/windows/hardware/mt147439.aspx
    ProvPkg_TS

Remove Universal Apps During ConfigMgr OSD

Posted on Updated on

As part of a systems management strategy for Windows 10, many organization may choose to uninstall Universal Apps. During OSD for ConfigMgr, this uninstall process use a simple PowerShell script (as shown below) to execute the commands for removing the targeted Universal Apps.  While this does command does “remove” the Apps as seen in the event logs (Apps and Services > Microsoft > Windows > AppXDeployment-Server) the Apps are regenerated upon the first logon of a user.

Get-AppXPackage -Name *bing* -AllUsers | Remove-AppXPackage

Furthermore, there is an option (UniversalAppUninstall) within a WICD Provisioning Package.  There are times when this option would be a better approach, but I have not been successful in having it function to uninstall Apps.  Unfortunately, information is scant on this topic.

A Solution

Stumbling around for other who may have found other means to address this situation,  Jörgen Nilsson (Microsoft MVP) has a PowerShell script which does completely remove those undesired Universal Apps.  The key difference is that his script uses the Remove-AppxProvisionedPackage cmdlet against the full package name.

The variable for AppList that I use this:

$AppsList = "Microsoft.BingFinance","Microsoft.BingNews","Microsoft.BingWeather","Microsoft.XboxApp","Microsoft.SkypeApp","Microsoft.MicrosoftSolitaireCollection","Microsoft.BingSports","Microsoft.ZuneMusic","Microsoft.ZuneVideo","Microsoft.Windows.Photos","Microsoft.People","Microsoft.MicrosoftOfficeHub","Microsoft.WindowsMaps","microsoft.windowscommunicationsapps","Microsoft.Getstarted","Microsoft.3DBuilder"

To execute the script as part of a Task Sequence in ConfigMgr, it’s as easy as having placing the script file in a classic Package, and having the step “Execute PowerShell Script” with the Bypass option set.

UninstUnivApps.JPG