I recently found in our infrastructure that a lot of new Windows Server 2012 Core Edition were installed for specific reason. This edition can cause some problems to administrators that are not aware of SCCM commands.

Here is the list of actions that will be covered in this post:

Configuration Manager client services and properties
Configuration Manager agent scan trigger
EndPoint Protection client installation and properties
Logs directory

There’s a lot of commands that can be execute but I will give you the minimum to remember.

From ‘cmd’, type those commands for configuration manager.

Configuration Manager	Command
Properties	control smscfgrc
Software Center	c:\windows\ccm\scclient.exe
Client Health Evaluation	c:\windows\ccm\ccmeval.exe
Service Start	c:\windows\ccm\ccmexec.exe
Service Repair	c:\windows\ccm\ccmrepair.exe
Service Restart	c:\windows\ccm\ccmrestart.exe

Configuration Manager Client Scan Trigger with WMI

You can also trigger agent from WMI command line if you don’t want to open the configuration manager properties.

Client Agent	WMI Command
Application Deployment Evaluation Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000121}" /NOINTERACTIVE
Discovery Data Collection Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000003}" /NOINTERACTIVE
File Collection Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000010}" /NOINTERACTIVE
Hardware Inventory Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000001}" /NOINTERACTIVE
Machine Policy Retrieval Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000021}" /NOINTERACTIVE
Machine Policy Evaluation Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000022}" /NOINTERACTIVE
Software Inventory Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000002}" /NOINTERACTIVE
Software Metering Usage Report Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000031}" /NOINTERACTIVE
Software Updates Assignments Evaluation Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000108}" /NOINTERACTIVE
Software Update Scan Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" /NOINTERACTIVE
State Message Refresh	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000111}" /NOINTERACTIVE
User Policy Retrieval Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000026}" /NOINTERACTIVE
User Policy Evaluation Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000027}" /NOINTERACTIVE
Windows Installers Source List Update Cycle	WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000032}" /NOINTERACTIVE

Troubleshooting

Make sure to run those commands as administrator else you will receive an access denied error message.

If the execution is successful, you should see something like this.

Configuration Manager Client Scan Trigger with Powershell

*** Update : 2014-10-30 *** Thanks to MaxFlipz for this addition.

Powershell can also be used to launch scans on clients whether local or remote. Simply use the command Invoke-WMIMethod:

$Server = Server Name where you want to run the trigger. You can remove -ComputerName if you are locally on the server.

Client Agent	Powershell Command
Application Deployment Evaluation Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000121}"
Discovery Data Collection Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000003}"
File Collection Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000010}"
Hardware Inventory Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000001}"
Machine Policy Retrieval Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000021}"
Machine Policy Evaluation Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000022}"
Software Inventory Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000002}"
Software Metering Usage Report Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000031}"
Software Update Deployment Evaluation Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000114}"
Software Update Scan Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000113}"
State Message Refresh	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000111}"
User Policy Retrieval Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000026}"
User Policy Evaluation Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000027}"
Windows Installers Source List Update Cycle	Invoke-WMIMethod -ComputerName $Server -Namespace root\ccm -Class SMS_CLIENT -Name TriggerSchedule "{00000000-0000-0000-0000-000000000032}"

Endpoint Protection Client Installation and Properties

*** Update : 2015-05-08 ***

You can install an EndPoint Protection client locally on a machine with FEPInstall.exe. Simply copy the file somewhere locally on the device and execute with an elevated command prompt.

Client Installation	FEPInstall Switches
Silent setup	/s
Silent extraction of the setup files	/q
Normal installation	/i
Install without uninstalling third-party software	/noreplace
Policy file to be used to configure the client software	/policy
Client software installation is opted in to the Microsoft Customer Experience Improvement Program.	/sqmoptin

You can refer to TechNet for more details about FEPInstall.

You can manage a local EndPoint Protection client with MpCmdRun.exe. This table shows switches that can be used with the command line.

Client Action	MpCmdRun Switches	Additional Switches
Scan for malicious software based on default configuration	-Scan -ScanType 0
Quick scan for malicious software	-Scan -ScanType 1
Full system scan for malicious software	-Scan -ScanType 2
File and directory custom scan for malicious software	-Scan -ScanType 3	-File -DisableRemediation -BootSectorScan -Timeout
Begins tracing Microsoft antimalware service's actions	-Trace	-Grouping -Level
Gathers a bunch of files and packages them together in a compressed file in the support directory	-GetFiles	-Scan
Restores the last set of signature definitions	-RemoveDefinitions -All
Remove all Dynamic Signatures	-RemoveDefinitions -DynamicSignatures
Performs definition updates directly from UNC path file share specified	-SignatureUpdate -UNC	-Path
Performs definition updates directly from Microsoft Malware Protection Center	-SignatureUpdate -MMPC
List all quarantined items	-Restore -ListAll
Restores the most recently quarantined item based on threat name	-Restore -Name	-Path
Restores all the quarantined items	-Restore -All	-Path
Adds a Dynamic Signature	-AddDynamicSignature	-Path
Lists SignatureSet ID's of all Dynamic Signatures	-ListAllDynamicSignatures
Removes a dynamic signature	-RemoveDynamicSignature -SignatureSetID
Enables integrity services	-EnableIntegrityServices
Submit all sample requests	-SubmitSamples

Use MpCmdRun alone to see additional information about the switches.

You will receive a return code if you use switch -Scan.

0 if no malware is found or successfully remediated
2 if malware is found and not remediated

Logs

You can find configuration manager logs in C:\Windows\CCM\Logs for any troubleshoot or C:\Windows\CCMSetup for installation logs.

You are now ready to troubleshoot client on a Windows Server 2012 Core Edition.

Application Deployment Evaluation Cycle configuration manager properties Core Edition Discovery Data Collection Cycle Endpoint Protection FEPInstall File Collection Cycle Hardware inventory Machine Policy Evaluation Cycle Machine Policy Retrieval Cycle Microsoft Security Client mpcmdrun sccm client command software center Software Inventory Cycle Software Metering Usage Report Cycle Software Update Deployment Evaluation Cycle Software Update Scan Cycle Trigger User Policy Retrieval Cycle Windows Server 2012 Core Edition WMIC /namespace

Comments (35)

Leon Langley

11.02.2015 AT 12:43 PM

Hello... I was wondering if there was a trigger that can be run that will delete the local client cache? I am looking to put together a quick script that when run on a workstation will 1) clear the sccm cache 2) run a machine policy 3) run a software update scan cycle and 4) run a software update deployment evaluation cycle. Steps 2, 3, & 4 are easy thanks to your article but clearing cache seems to be more diffucult that I thought it would be. Are there any quick commands that can be run to do this or will clearing the cache require its own script? Thanks in advance for any info you can provide!!

Hide replies

1 0

Nicolas Pilon

11.04.2015 AT 08:22 AM

Hello Leon, There's no builtin command to clear ccmcache because SCCM do it automatically when reaching the limit. However, you can check this nice post from Dave O'Brien explaining how to clear cache with a vbscript. Based on Kaido Järvemets posting at http://cm12sdk.net, you need to do it with vbscript. Referred to this post for more details.

0 0

HeyAdmin

10.17.2015 AT 09:37 PM

Great information. Thank you.

Sudharsan

03.24.2015 AT 09:46 AM

Dear, I am facing issue in FEP client report. The client machines are updated with the latest definition, but in server the report are shows old data. Could you tell me which one of the above action item is responsible for FEP client to report that the Definition updated in a particular machine?

03.25.2015 AT 02:47 PM

You can try the State Message Refresh from the list or check for Windows Updates Scan Cycle. State Message are updated each 15 minutes by default. You can configure in client settings.

Mark Bakker

03.19.2015 AT 04:23 PM

class SCCMAgentActions { public void TriggerClientAction(string _computerName, string _ClientAction, string _ActionName) { try { ManagementScope scp = new ManagementScope(string.Format(@"\\{0}\root\ccm", _computerName)); ManagementClass cls = new ManagementClass(scp.Path.Path, "sms_client", null); ManagementBaseObject inParams; inParams = cls.GetMethodParameters("TriggerSchedule"); inParams["sScheduleID"] = _ClientAction; ManagementBaseObject outMPParams = cls.InvokeMethod("TriggerSchedule", inParams, null); } catch (System.Management.ManagementException ex) { MessageBox.Show("There was an error trying to trigger action : " + _ActionName + " on : " + _computerName + ", error = " + ex.Message); } catch (System.Runtime.InteropServices.COMException ex) { MessageBox.Show("There was an error trying to trigger action : " + _ActionName + " on : " + _computerName + ", error = " + ex.Message); } catch (System.UnauthorizedAccessException ex) { MessageBox.Show("There was an error trying to trigger action : " + _ActionName + " on : " + _computerName + ", error = " + ex.Message); } } } you call the method like this string computername = ""; if (tracingDGV.SelectedRows.Count != 0) { for (int i = 0; i Actions.TriggerClientAction(computername, "{00000000-0000-0000-0000-000000000001}", "Hardware Inventory")); t.Start(); } } else { MessageBox.Show("You did not select a row, select 1 or more rows and select the action again"); }

03.20.2015 AT 08:35 AM

Hi Mark, Can you provide more information about your comment? Thanks

maxflipz

10.29.2014 AT 02:26 AM

Very helpful and for those who want to perform this in Powershell use: $trigger = "{00000000-0000-0000-0000-000000000113}" $trigger2 = "{00000000-0000-0000-0000-000000000114}" Invoke-WmiMethod -ComputerName $server -Namespace root\ccm -Class sms_client -Name TriggerSchedule $trigger Invoke-WmiMethod -ComputerName $server -Namespace root\ccm -Class sms_client -Name TriggerSchedule $trigger2

10.30.2014 AT 08:03 AM

Obviously, we have added your suggestion in the post. Thanks!

Back
1
2
Next

Configuration Manager 2012 Client Command List

Table of Content

Configuration Manager Client Scan Trigger with WMI

Troubleshooting

Configuration Manager Client Scan Trigger with Powershell

Endpoint Protection Client Installation and Properties

Logs

Configuration Manager 2012 Client Command List

Table of Content

Share

Configuration Manager Client Scan Trigger with WMI

Troubleshooting

Configuration Manager Client Scan Trigger with Powershell

Endpoint Protection Client Installation and Properties

Logs

Share