I recently found in our infrastructure that a lot of new Windows Server 2012 Core Edition were installed for specific reason. This edition can cause some problems to administrators that are not aware of SCCM commands.

Here is the list of actions that will be covered in this post:

  • Configuration Manager client services and properties
  • Configuration Manager agent scan trigger
  • EndPoint Protection client installation and properties
  • Logs directory

There’s a lot of commands that can be execute but I will give you the minimum to remember.

From ‘cmd’, type those commands for configuration manager.

Configuration ManagerCommand
Propertiescontrol smscfgrc
Software Centerc:\windows\ccm\scclient.exe
Client Health Evaluationc:\windows\ccm\ccmeval.exe
Service Startc:\windows\ccm\ccmexec.exe
Service Repairc:\windows\ccm\ccmrepair.exe
Service Restartc:\windows\ccm\ccmrestart.exe

Configuration Manager Client Scan Trigger with WMI

You can also trigger agent from WMI command line if you don’t want to open the configuration manager properties.

Client AgentWMI Command
Application Deployment Evaluation CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000121}" /NOINTERACTIVE
Discovery Data Collection CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000003}" /NOINTERACTIVE
File Collection CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000010}" /NOINTERACTIVE
Hardware Inventory CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000001}" /NOINTERACTIVE
Machine Policy Retrieval CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000021}" /NOINTERACTIVE
Machine Policy Evaluation CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000022}" /NOINTERACTIVE
Software Inventory CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000002}" /NOINTERACTIVE
Software Metering Usage Report CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000031}" /NOINTERACTIVE
Software Updates Assignments Evaluation CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000108}" /NOINTERACTIVE
Software Update Scan CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" /NOINTERACTIVE
State Message RefreshWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000111}" /NOINTERACTIVE
User Policy Retrieval CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000026}" /NOINTERACTIVE
User Policy Evaluation CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000027}" /NOINTERACTIVE
Windows Installers Source List Update CycleWMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000032}" /NOINTERACTIVE

Troubleshooting

Make sure to run those commands as administrator else you will receive an access denied error message.

Configuration Manager 2012 Client Command List 01

If the execution is successful, you should see something like this.

Configuration Manager 2012 Client Command List 02

Configuration Manager Client Scan Trigger with Powershell

*** Update : 2014-10-30 *** Thanks to MaxFlipz for this addition.

Powershell can also be used to launch scans on clients whether local or remote. Simply use the command Invoke-WMIMethod:

$Server = Server Name where you want to run the trigger. You can remove -ComputerName if you are locally on the server.

Client AgentPowershell Command
Application Deployment Evaluation CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000121}"
Discovery Data Collection CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000003}"
File Collection CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000010}"
Hardware Inventory CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000001}"
Machine Policy Retrieval CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000021}"
Machine Policy Evaluation CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000022}"
Software Inventory CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000002}"
Software Metering Usage Report CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000031}"
Software Update Deployment Evaluation CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000114}"
Software Update Scan CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000113}"
State Message RefreshInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000111}"
User Policy Retrieval CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000026}"
User Policy Evaluation CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000027}"
Windows Installers Source List Update CycleInvoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000032}"

Endpoint Protection Client Installation and Properties

*** Update : 2015-05-08 ***

You can install an EndPoint Protection client locally on a machine with FEPInstall.exe. Simply copy the file somewhere locally on the device and execute with an elevated command prompt.

Client InstallationFEPInstall Switches
Silent setup/s
Silent extraction of the setup files/q
Normal installation/i
Install without uninstalling third-party software/noreplace
Policy file to be used to configure the client software/policy
Client software installation is opted in to the Microsoft Customer Experience Improvement Program./sqmoptin

You can refer to TechNet for more details about FEPInstall.

You can manage a local EndPoint Protection client with MpCmdRun.exe. This table shows switches that can be used with the command line.

Client ActionMpCmdRun SwitchesAdditional Switches
Scan for malicious software based on default configuration-Scan -ScanType 0
Quick scan for malicious software-Scan -ScanType 1
Full system scan for malicious software-Scan -ScanType 2
File and directory custom scan for malicious software-Scan -ScanType 3-File -DisableRemediation -BootSectorScan -Timeout
Begins tracing Microsoft antimalware service's actions -Trace-Grouping -Level
Gathers a bunch of files and packages them together in a compressed file in the support directory-GetFiles-Scan
Restores the last set of signature definitions-RemoveDefinitions -All
Remove all Dynamic Signatures-RemoveDefinitions -DynamicSignatures
Performs definition updates directly from UNC path file share specified -SignatureUpdate -UNC-Path
Performs definition updates directly from Microsoft Malware Protection Center-SignatureUpdate -MMPC
List all quarantined items-Restore -ListAll
Restores the most recently quarantined item based on threat name-Restore -Name-Path
Restores all the quarantined items -Restore -All-Path
Adds a Dynamic Signature-AddDynamicSignature-Path
Lists SignatureSet ID's of all Dynamic Signatures-ListAllDynamicSignatures
Removes a dynamic signature-RemoveDynamicSignature -SignatureSetID
Enables integrity services-EnableIntegrityServices
Submit all sample requests-SubmitSamples

Use MpCmdRun alone to see additional information about the switches.

You will receive a return code if you use switch -Scan.

  • 0 if no malware is found or successfully remediated
  • if malware is found and not remediated

Logs

You can find configuration manager logs in C:\Windows\CCM\Logs for any troubleshoot or C:\Windows\CCMSetup for installation logs.

You are now ready to troubleshoot client on a Windows Server 2012 Core Edition.

Comments (35)

Gold.Chapman

03.01.2020 AT 06:48 AM
Don't ask what others have done for you, but ask what you have done for others

Manoj Jain

02.10.2020 AT 04:08 PM
Hi Nicolas, This may be a very stupid question, but we have a test domain setup using SCCM 2012 R2 and tried forcing a software update on the client using one of the above 2 methods (WMIC or PowerShell). But we do not see the SMS_Client WMI class under root\ccm at all. Do need to have something installed first on each of the domain client systems before we see this WMI Class?

Guenay

01.17.2020 AT 04:41 AM
Thanks a lot Nicolas, appreciated!

Holly Newman

10.07.2019 AT 02:59 PM
I'm trying to figure out how to run the User Policy Evaluation Cycle. If I run it as Admin, it returns "Not Found". If I run it as the user, it returns "Access Denied". Any suggestions?

2XXUW3Q1 www.yandex.ru

08.29.2019 AT 05:17 PM
15mqauNWLOp

Tobbi

03.22.2019 AT 05:10 AM
The PowerShell part is what I was looking for. Thanks a lot Nicolas!

Joe Ismail

03.12.2019 AT 06:37 AM
this is awesome, thank you Nicolas Pilon for the info . thank you all for the interaction

Firas

01.24.2019 AT 06:00 AM
Hello, is there an option to check if the upgrade for OS was recieved(and not installed) on the Client?

CS

11.16.2018 AT 09:53 AM
Hi, is there a way to use this command to trigger all clients in the environment to run software update scan? Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000113}"

JI

12.21.2018 AT 01:13 PM
CS, Not sure if you're still looking for an answer but the -ComputerName parameter takes an array. For instance you could do: >$computers = Get-AdComputer -Filter * | Select-Object -ExpandProperty Name >Invoke-WMIMethod -ComputerName $computers -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule “{00000000-0000-0000-0000-000000000113}”

Rick

10.18.2018 AT 04:04 PM
I know I'm late to this party, but thanks Nicolas for this excellent write-up!!!

Russ

05.04.2018 AT 11:00 AM
any new codes for current branch? like how to trigger the SCCM restart feature?

Serg

07.10.2017 AT 07:17 AM
Really tired of reading the lame powershell. My 2 cents: $SMSCLI = [wmiclass]"\root\ccm:SMS_Client" try { #machine policy retrival cycle Write-Log "Running SCCM Machine Policy Cycle" $SMSCLI.TriggerSchedule("{00000000-0000-0000-0000-000000000021}") | Out-Null } catch { Write-Log "SCCM Machine Policy Cycle not run" }

Ben

10.06.2016 AT 08:45 AM
All work ok for me except the 'User Policy Retrival Cycle" and 'User Policy Evaluation Cycle" , any ideas or way around this? Am running CMD as administrator with WIN 7.

Brecht Gijbels

05.18.2016 AT 07:26 AM
This is a great post! The only thing I'm missing is to trigger the SCCM client to show a 'RebootPending' pop-up. I'm writing a PowerShell script that does some settings with the SYSTEM ACCOUNT, but when it's done it would be great if it could trigger SCCM to show the reboot pop-up like for other apps. Something like posted here: https://social.technet.microsoft.com/Forums/windowsserver/en-US/de340965-e2cf-45b2-82ec-9d49ce1f3b4a/trigger-sccm-client-computer-reboot?forum=configmanagersdk&prof=required

John

04.05.2016 AT 06:14 AM
Hi, extremely helpful post, still! Can we run these WMIC/PS commands directly after one another, or do we need to insert time-outs when scripting these actions? If so, whats the recommended wait?

Benoit Lecours

04.06.2016 AT 11:29 AM
Yes ! No need for time out.

Lee Langley

04.05.2016 AT 06:18 AM
I run then in both PS and in batch files and don't use any timeouts. Works great

Ryan Steele

12.07.2015 AT 02:59 PM
Thanks for posting this list! However, I think the entry for "Software Update Deployment Evaluation Cycle" may not be correct. I've had to use {00000000-0000-0000-0000-000000000108} to initiate this scan cycle.

Nicolas Pilon

12.08.2015 AT 08:19 AM
Yeah you're right. 108 is Software Updates Assignments Evaluation Cycle. I don't why but before it was Software Updates Deployments Evaluation Cycle. 114 is Update Store Policy. The post has been updated. Thanks for the flag.

kevin

12.03.2015 AT 08:26 PM
Hi nice article. I've been trying by wmic and invoke-wmi for the trigger: {00000000-0000-0000-0000-000000000122} app man user policy But it's saying it's not found. 121 works. Any thoughts?

Nicolas Pilon

12.04.2015 AT 12:10 PM
No... on all your clients? your goal is to force an application deployment on users? I would suggest to use 121 if the users received the popup.

Kevin

12.05.2015 AT 09:24 PM
Yeah that's what I thought too, but the app is a user based install. I have a custom client setting where software deployment is checked daily. The app discovery log shows that it checks everyday, but not for app user policies. I used client center to trigger the application manager user policy which I'm assuming is 122 and there was an immediate trigger to the deployment.