A startup script runs during a system’s initial boot up; it is applied to a system using a group policy. Startup scripts run under the context of the local computer’s SYSTEM account.
What is a startup script?
Why use a Startup Script for ConfigMgr?
To check configuration settings and the state of services that the ConfigMgr client agent depends on for successful operation as well as install the client agent if it is not installed or functioning properly.
Why use a Startup Script instead one of the built-in methods to install the client agent?
A startup script avoids most common DNS issues, firewall issues, and other connectivity issues that are common when a central system attempts to touch all of the clients. It also adds the health/configuration checks mentioned above to check for (and correct some) dependencies as well as report on systems still having issues.
Some FAQs
- Fixed two typo bugs.
- Renamed script file to not include the version number.
- Updated CacheSize checking so that a default value is no longer forced during client agent install, reinstall, or during any run of the script if the option is omitted from the configuration file or set to zero.
- Updated log file handling when moving the log file to ccm/logs. If a log file for the script already exists in ccm/logs, it will be renamed to include the date and time and then the new log will be copied in.
- Added pre-requisite checks to prevent the script from performing any checks or installing the client agent
- Corrected elapsed time calculation for the final log message
- Updated error handling when checking for admin shares
Dumb question perhaps…..
But for the “AgentVersion” setting: Defines the minimum client agent version. Systems with version less than this value will have the client agent install triggered.
It appears SCCM shows the client version as 9.99.9999.9999 in the registry – Is this what the script runs against ? Because if so, it would never run.
Where in the registry are you seeing that version number?
The AgentVersion in the Registry does show as 9.99.9999.9999.
https://technet.microsoft.com/en-us/library/cc181369.aspx?f=255&MSPPError=-2147217396
The Client’s Version is stored in the following Registry Key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Client\Client Components\ SMS Client Base Components\Installation Properties|Installed Version
Sorry, long overdue response here. No, the script uses WMI to get the client agent version and not the registry.
We have implemented the script in our test environment (where SCCM client is not available), the policy is applied and generating “ConfigMgrStartup1.75.vbs.log” but unfortunately client installation is not starting. Please find below mentioned log file for reference and help us to make the script working.
XML File
ABC
5120
5.00.8355.1000
1
\\X.X.X.X\SCCM_Client_AutoRem$
1024
\\X.X.X.X\SCCM_Client_AutoRem$\Error Logs
30
SCCM.DOMAIN.COM
SCCM.DOMAIN.COM
HIGH
ConfigMgrStartup1.75.vbs.log
Beginning Execution at 7/30/2017 10:42:19 AM ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Opened configuration file: ConfigMgrStartup.xml ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Loading Options and Parameters from configuration file ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Option loaded: SiteCode: ‘ABC’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Option loaded: CacheSize: ‘5120’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Option loaded: AgentVersion: ‘5.00.8355.1000’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Option loaded: MinimumInterval: ‘1’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Option loaded: ClientLocation: ‘\\X.X.X.X\SCCM_Client_AutoRem$’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Option loaded: MaxLogFile: ‘1024’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Option loaded: ErrorLocation: ‘\\X.X.X.X\SCCM_Client_AutoRem$\Error Logs’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Option loaded: Delay: ’30’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Property loaded: FSP: ‘SCCM.DOMAIN.COM’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Property loaded: SMSMP: ‘SCCM.DOMAIN.COM’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Parameter loaded: BITSPriority: ‘HIGH’ ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Parameter loaded: noservice: ” ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Verifying Last Result from Registry: HKLM\Software\ConfigMgrStartup\Last Execution Result ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
No last result recorded in registry ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Verifying Last Run time from Registry: HKLM\Software\ConfigMgrStartup\Last Run ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
Last run time: 7/30/2017 9:42:07 AM ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
30… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:19 AM 0 (0x0000)
29… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:20 AM 0 (0x0000)
28… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:22 AM 0 (0x0000)
27… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:24 AM 0 (0x0000)
26… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:27 AM 0 (0x0000)
25… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:28 AM 0 (0x0000)
24… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:29 AM 0 (0x0000)
23… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:30 AM 0 (0x0000)
22… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:31 AM 0 (0x0000)
21… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:32 AM 0 (0x0000)
20… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:34 AM 0 (0x0000)
19… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:35 AM 0 (0x0000)
18… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:36 AM 0 (0x0000)
17… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:37 AM 0 (0x0000)
16… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:38 AM 0 (0x0000)
15… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:39 AM 0 (0x0000)
14… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:40 AM 0 (0x0000)
13… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:41 AM 0 (0x0000)
12… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:42 AM 0 (0x0000)
11… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:43 AM 0 (0x0000)
10… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:44 AM 0 (0x0000)
9… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:45 AM 0 (0x0000)
8… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:46 AM 0 (0x0000)
7… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:47 AM 0 (0x0000)
6… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:48 AM 0 (0x0000)
5… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:49 AM 0 (0x0000)
4… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:50 AM 0 (0x0000)
3… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:51 AM 0 (0x0000)
2… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:52 AM 0 (0x0000)
1… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:53 AM 0 (0x0000)
Successfully Connected to WMI ConfigMgrStartup1.75.vbs 7/30/2017 10:42:54 AM 0 (0x0000)
START: Service Check… ConfigMgrStartup1.75.vbs 7/30/2017 10:42:54 AM 0 (0x0000)
*BITS…found (Stopped,Auto)…expected State of Running…started service…OK ConfigMgrStartup1.75.vbs 7/30/2017 10:43:09 AM 0 (0x0000)
*winmgmt…found (Running,Auto)…OK ConfigMgrStartup1.75.vbs 7/30/2017 10:43:09 AM 0 (0x0000)
*wuauserv…found (Stopped,Auto)…expected State of Running…started service…OK ConfigMgrStartup1.75.vbs 7/30/2017 10:43:24 AM 0 (0x0000)
*lanmanserver…found (Running,Auto)…OK ConfigMgrStartup1.75.vbs 7/30/2017 10:43:24 AM 0 (0x0000)
*RpcSs…found (Running,Auto)…OK ConfigMgrStartup1.75.vbs 7/30/2017 10:43:24 AM 0 (0x0000)
START: Admin Share Check… ConfigMgrStartup1.75.vbs 7/30/2017 10:43:24 AM 0 (0x0000)
*Admin$…found…OK ConfigMgrStartup1.75.vbs 7/30/2017 10:43:24 AM 0 (0x0000)
START: Registry Check… ConfigMgrStartup1.75.vbs 7/30/2017 10:43:24 AM 0 (0x0000)
*HKLM\SOFTWARE\Microsoft\Ole\EnableDCOM…found (Y)…OK ConfigMgrStartup1.75.vbs 7/30/2017 10:43:24 AM 0 (0x0000)
*HKLM\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel…found (2)…OK ConfigMgrStartup1.75.vbs 7/30/2017 10:43:24 AM 0 (0x0000)
Are you sure that that’s the entire log file?
Hi Jason,
Just implemented this and it looks great. My only issue is the log file, it seems to be created with permissions that make it unreadable, even by local admins. Is this something you’ve encountered? Clients are Win10 1607.
Hi John,
Do you mean the local log file created by the script? I’m assuming so. I don’t recall that ever being an issue. What folder are you looking in for the log file?
how would you add the /source parameter or the /forceinstall one
Using a CCMSetupParameter element; e.g.,HIGH .
For forceinstall:
For source:
Why would you use /source though instead of just letting ccmsetup grab the source from the closest DP?
Hi,
I still have a number of stubborn machines that do not appear to have the client installed. Will enabling automatic site-wide client push installation cause any new problems? Thanks! -G
That depends upon what you define as a problem. Auto client push attempts to copy and start ccmsetup.exe on all discovered resources that are assigned to the site and that do not already report as having the client agent installed.
Thank you for the script and your answer
we could use the source path for cases of acquisitions when we do not have all offices routed or provisioned with dps.. we can distribute the source binaries using netlogon or dfs replication.
Is there a way to use the ccmexec from the location where the script resides?ClientLocation= with something like an invocation path variable?
(if I would use a group policy to start the script and place the ccmexec into the scripts folder of the group policy..That client location could change based on the guid of the gpo.. )
Great script.
Can you also add the Windows firewall (port 80, file / print sharing…) used by sccm in the script
SCCM client will have an issue reporting to the server if those ports are not opened in the firewall.
Thanks
That’s not actually accurate depending on exactly what you are referring to. All client agent traffic in ConfigMgr is client agent initiated meaning that unless you are explicitly blocking outbound traffic on the client side firewall, then nothing is needed. Blocking outbound connections and traffic is not the default configuration on the Windows firewall and it’s not standard practice either so this is not needed in most cases.
Thanks for your script, Will this work in sccm 2016?
There’s no such thing as SCCM/ConfigMgr 2016. If you mean ConfigMgr Current Branch, then yes. ccmsetup has changed much at all from an operational perspective and neither has client agent installation in general.
Hi Jason, the admin$ check throws an error:
ConfigMgrStartup.vbs(884, 2) SWbemServicesEx:
not found
I’ve disabled the admin share with the following registry setting:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer\Parameters]
“AutoShareWks”=dword:00000000
Let me know if you need xml config or log.
That certainly looks to be an error in the script. The admin shares aren’t required for ConfigMgr client agent operation but they are required for client push. Why are you disabling them though? No one, to my knowledge, recommends disabling them anymore.
Sorry for the super late reply, i thought i subscribed to the thread.
I have disabled this on my workstation because of a (bad) habit not wanting anyone to browse my shares. But i can’t be certain that this is not configured somewhere else so a fix is appreciated.
The latest update I posted a little over a month ago (version 1.8.1) includes the fix for this. Note though, that folks can’t “browse” your admin shares unless they have local admin permissions and if they have local admin permissions, well, they can do pretty anything with or without the admin shares enabled.
Hi Jason we seem to be getting the same error at mt7479 but we do not have admin shares disabled.
Right, as noted, it looks to be a bug in the code. Same question though, why disable them? No one recommends disabling admin shares anymore?
Hi Jason, this is the first time I am implementing your script and I am getting this is in the errorlogs: ” *HKLM\SOFTWARE\Microsoft\Ole\LegacyImpersonationLevel…found (3)…expected value of 2…FAILED” Exactly what does this mean?
Info on LegacyImpersonationLevel is at https://msdn.microsoft.com/en-us/library/windows/desktop/ms680736(v=vs.85).aspx.
This used to have to be explicitly set for client push and other remote RPC calls to function correctly.
Keep in mind, the *example* XML configuration file included with the startup script is just that, an example. You don’t have to include everything in the XML is you don’t want or need it. In the case of this setting, I think the default value set by the OS is sufficient and checking it is no longer necessary.
I feel like I’m having a serious dumb struck moment here. I don’t see instructions as to how to actually Implement this. I see that it has a group policy connection, but I don’t the instructions as to how to define that group policy? Can someone point to information which tells me how to make machines actually start leveraging this?
I’m quite confused?
The walk-through at https://kb.stonegroup.co.uk/index.php?View=entry&EntryID=320 covers setting up a GPO based startup script pretty well.
Hi Jason, thanks for the script – we’ve been using it for a couple of years now and we’ve been having great success – far better than what client push would provide.
We’re currently running 1.75 and I was just taking a look at the example XML file for 1.81. Curious as to the purpose of this example PreReq:
HKLM\SOFTWARE\Microsoft\SMS\Client\Configuration\Client Properties5\
Not sure why you would use that as a prereq, whether it’s just an example or it serves some actual purpose in your test or production environments. Also, not sure if the ‘5’ on the end is a typo or not. Seems to be.
Anyway, thanks a ton for your hard work on this and the service you provide the wider ConfigMgr community.
That’s a remnant from my testing; you are correct that it is not a valid key used by ConfigMgr. You can simply remove that element or use it is an example.
Hi Jason, wanted to check what would be easiest way to disable the SCCM Client Cache size setting in your ConfigMgrStartupScript 1.8.1. I did not set a CacheSize option in the xml file, but didn’t want the script to set it to the default 5120 also, thanks
Simply exclude that element from the script. That won’t change the default cache size though as that’ll still be 5120.
What is your recommendation on the Client Install Location? Do you recommend just sharing out the default Client Folder? or copying to another share and using that?
No, never. The default location’s permissions are subject to ConfigMgr’s control. Also, these are files directly used by ConfigMgr so if these get messed up, ConfigMgr may have issues (this is a remote possibility and the impact is low, but still not something I like to tempt).
I always recommend copying the files to another location. In general, all you really need to copy is ccmsetup.exe.
Hello,
I have my startup script running, it can access the CCMSetup.exe, but it appears nothing happens. From the log it shows
-It shows the Expected version, and my Unpatched version
-It finds the CCMSetup in the network share
-It initiates the install
-Client Check Succeeded
-Finishes execution
But my client version is still old/out of date
Then your share contains the old files instead of the new ones.
Is there any way to call a WMI Script that is a Batch file ? or is it VBS only ?
I tried pointing the XML to a batch file, but it just causes the whole thing not to run. (As noticed by nothing new showing up in CCMSetup.log)
Where are you trying to call this and why?
After messing with this for 3 days I guess I need help. I copied the client installer to a network share. Shared it but no matter how I share it I get:
not found \\store1.domain.com\apps\sccm\cmmsetup.exe
I can launch the file just fine once I’m logged in. I’ve given the share (and security tab) full access for “everyone”, machine account, authenticated users, domain computers…. Nothing.
What exactly is trying to access the share on “startup”?
Thanks for any help!
Not sure if this is a typo above or not, but the setup bootstrapper is ccmsetup.exe and not cmmsetup.exe (two c’s, not two m’s).
Yes, typo. ccmsetup.exe isn’t in the XML, your code pastes that there in the error file.
Nope, not my code. I just did a find on the entire .vbs and that doesn’t exist. Perhaps something got messed up in your file? Can you search your copy of the .vbs for “cmm” or “cmmsetup” please?
Also, where exactly are you getting that error? In the script’s log file?
No, it was a typo in my comment here. Not in your error log. The error logs shows it properly. I’m not cutting and pasting from the error log. That machine isn’t on my network.
So…any insight as to what exactly is trying to authentic during “startup”?
That depends on how you are running it. If you are running it as a startup script, then its the computer account of the system running it which should be included in the Domain Computers security group.
Have you tried manually accessing the path specified?
Yes – “I can launch the file just fine once I’m logged in.”
So if it’s definitely the local computer account then I’ll concentrate on that and see what’s going on. Might be something dumb like the NIC isn’t available when it’s trying to access on start up because the computer boots from POST to login in like 2.5 seconds.
Hi,
Would you still Anders’s health check toegther with your startup script?
https://gallery.technet.microsoft.com/ConfigMgr-Client-Health-ccd00bd7
Thanks.
I honestly haven’t looked at his script in-depth at all. My initial reaction is that a lot of what his script done may be better done in a CI so that it can be reported on. There are also a couple from items in his script I would never recommend doing (not trying to bash, just stating my opinion). Of course, if it works for you and helps, go for it.
Hi Jason,
I just wanted to drop you a Big Thank You. I’ve been using your Startup Script for years and love it. Thank you sir!
Scott
You are very welcome and thank you for the kind words.
Hi
How I should run the script with admin rights ?
the GPO is linked and working, but I get the error “User is not a local admin” I’m logging as a test domain user with no rights, like most people on domain … so there’s any way to allow anyone to run the script with no admin rights at logon ?
Thanks in advances
You need to use a *startup* script and not a login script.
Jason, just a note to let you know I really appreciate the work you put in this script. We use it in our VDI environment for managing full clones, and it works without a hitch. Just gotta remember to rev the Agent Version number in the XML file after an update and then I can forget about it. Danke!
You are very welcome!
I was just trying out version 1.8.3 and I’ve not been able to get it to run as a StartUp script, so I thought I would try running the script manually. When I do, I get a compilation error at line 306, char 5 about expecting End. If I go back to the 1.7.5 version, it works as a StartUp script with no issues. Am I missing something or is there some sort of error in the 1.8.3 script?
Fire the tester … oh wait, that’s me. Can you please try the version at https://github.com/jason4tw/ConfigMgrScripts/tree/master/Startup.
I’m Sorry, you are just too valuable to the company to be let go. 🙂
I tried the new version from GitHub and it does work. Thanks so much for looking into this!
Just wanted to add a little anecdote in case someone is back here in these comments trying to figure out why their script isn’t working. This, is my story.
1. Updated to 1.8.3… without really testing it
2. Script failing. Tested manually, showed me that the failure was on 306 I think (“Else If” should have been “ElseIf”)
3. Found that Jason updated the script to fix that typo and another one.
4. Replaced 1.8.3 with 1.8.4
5. Tested via GPO, still no luck
6. Tested manually, success!
7. Spent way too much time combing through event logs to find an error that would tell me what was happening, TO NO AVAIL.
8. Looked at the scripts.ini file one directory up from the Startup folder in SysVol, noticed that it didn’t have the “/config:” part in the parameters.
9. Added /config: to the script parameters via the GPO.
10. Ran a gpupdate on the test client, rebooted… SUCCESS!
Moral of the story: Don’t be like me. Test everything (even if it’s something as great as this script), and then when you implement changes, pay attention to what you’re doing.
Trial and error is a valuable tool in every IT Pro’s toolbelt. As is sharing and learning from others.
Hi Jason,
Thanks for the script, I’d like to use your script, as I seen praises on many posts and blogs.
I have a GPO configured as a startup pointing to the vbs script and xml as parameter /config:configmgr.xml, in the sysvol\..\policies folder on DC and all replicated. I see the GPO in gpresults,
The issue here is the client doesn’t get installed, nor I am getting the error log file,
here is my xml fiile
do I need to make any more changes? or can you help here.
I am also not getting anything in the C:\Windows\Temp folder
Thanks Regards
Khush
___________
BITS
domain\cminstall
1A3
5120
5.00.8740.1012
12
\\Share\SCCM\client\install
2048
\\Share\SCCM\Client\ErrorLogs
\\Share\SCCM\Client\HotFix
5
sccm1.xx.xx.com
sccm1.xx.xx.com/InstallProperty>
HIGH
___________
Howdy. Are you sure that the script is even running and that the GPO is applied?
Thanks, very usefull script! the option to install from %logonserver% didnt work for me so i used the UNC path (\\mydomain.co.il) and it worked perfect
Hi Shay,
I don’t ever use or recommend using %logonserver% so can’t say what issues you may or may not have run into. A DFS share is typically the best location for the ccmsetup file and the logs folder though.
Hi Jason
This is a very useful script which I have used in most companies I have worked for. However, in my current placement, SCCM is running in HTTPS only. The script didn’t initially work for me as it couldn’t find any valid MPs. I ended up altering the InstallProperty line for SMSMP like the following:
https://SCCM01.Domain.com /UsePKICert
Is there a better way of telling the ccmsetup to use HTTPS in your script?
Sure, just add
Hi Jason,
Should the script be able to execute, and function, on a n ARM based Windows device (Surface Pro X)? I can confirm the GPO is applying and see an event stating the script has started but never see any log output and no client setup start (no ccmsetup folder). Would the OS architecture check in the script not know how to identify the ARM OS?
– SCCM 1906 (8853.1020 client)
– ConfigMan Startup script 1.8.1
Really late reply here but the answer is I have no idea. I doubt that VBScript is supported on ARM devices but that’s just a guess on my part.
Hi Jason, i modified the xml and created a GPO to computer OUs where computer objects are residing. In GPO, mentioned the vbs startup script name and parameters as ConfigMgrStartup.xml
I would also see the files replicated in sysvol folder. i have provided read and execute permission to domain computers on sysvol folder where the files are replicated. I did many restart and done gpupdate /force but i don’t see the script is running on startup. i don’t see any logs copied to the share path. No msgs in system event as well.
Could you please assist me on this issue.
thanks,
VJ
> i have provided read and execute permission to domain computers on sysvol folder where the files are replicated
You don’t have to do this as systems already should have permissions here otherwise they would never get any group policies in the first place. It’s possible that you may have broken group policy.
As for troubleshooting your group policy, that’s a bit beyond what can easily be helped with a Q&A, but have you reviewed the Windows Event logs for errors?
https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134223(v=ws.11) provides information on troubleshooting group policy.
Also, keep in mind that the script does not place logs on any shares, script logs are kept locally starting the %temp% folder of the user running the script (C:\Windows\Temp for computer startup scripts). A location value is also written to HKLM:\Software\ConfigMgrStartup. If you see this value, then your issue isn’t group policy related. If you don’t see this value, it’s likely that you have a group policy issue that you need to troubleshoot.
Hey mate – love the script.
I was previously using a trusted root key comparison for hierarchy migrations – and just deleting that rather than re-installing the client – but just checking the site code is much simpler.
One thing i would suggest is to force deleting the C:\Windows\ccmcache folder when a change in site code is detected. When the client moves across hierarchies, any lingering content is no longer known to the client – and therefore does not get removed by cache clean up processes.
Hey again – scratch that….. am finding approx 1/2 of the clients migrated using that method (thankfully vie only done two test sites) are failing to reporting hardware inventory correctly.
Removing the trustedrootkey and restarting the client fixes that…. dont know if your seeing the same with your hierarchy moves.
e.g.
Set objWMIService = GetObject(“winmgmts:{impersonationLevel=impersonate}!\\.\root\ccm\locationservices”)
Set TrustedRootKeys = objWMIService.ExecQuery (“Select * from TrustedRootKey”)
For Each RootKey in TrustedRootKeys
logIt “Found Key: ” & RootKey.TrustedRootKey
If Rootkey.TrustedRootKey = sTrustedRootKey Then
logIT “Trusted root key matches the primary site key”
Else
logIT “Trusted root key did not match key for primary site – deleting”
sErrorType=”RootKey”
bFoundErrors=TRUE
RootKey.Delete_
End If
Thanks for the script.
I’d like to suggest a small change to the script in order to accommodate those of us who need very large cache sizes.
In order to make it work in our environment I had to change
desiredCacheSize = CInt(GetOptionValue(OPTION_CACHESIZE, DEFAULT_CACHESIZE, options))
to
desiredCacheSize = CLng(GetOptionValue(OPTION_CACHESIZE, DEFAULT_CACHESIZE, options))
in Sub CheckCache and Sub CheckCacheDuringStartup
The changes do not seem to create any problems as far as I can see.
Those are great suggestions. Thank you!
Hi Jason! Thanks for this script. Is needed that all the users have access to the share where the client install is?
That depends on exactly how you run it. If you indeed are running it as startup script via group policy then no, machine accounts need access to where ccmsetup is located.
Hi Jason Love the script and have been using it for a couple years now with great success. One problem Im having is that the log file does not get pruned or deleted even though it should be after reaching the specified size limit. They just keep growing and I can run some kind of cleanup script but would prefer to do it through this script itself. Have you seen or heard of this issue ?
Im specifying this in the XML file 2048
No, I’ve not seen this. The log should indicate that’s rolling. Perhaps permissions on the location are preventing this.