:::: MENU ::::

Using Machine – OutPut :-User Name,AD site code,AD discoverd date,Active Client,Client Status,Obsolete Client,HW SCAN DIFFERENCE

SELECT Name0 AS [Machine Name], User_Name0 AS [User Name],AD_site_name0 as [AD site code] ,creation_date0 as [AD discoverd date],
CASE Active0 WHEN ‘0’ THEN ‘InActive’ WHEN ‘1’ THEN ‘Active’ ELSE ‘Unknown’ END AS [Active Client],

CASE Client0 WHEN ‘0’ THEN ‘No’ WHEN ‘1’ THEN ‘Yes’ ELSE ‘Unknown’ END AS [Client Status],



WHERE (Name0 IN (‘XXXXX’,’SSS’))

SQL LeftJoin Template

Select Name, [Disk_Space] from

(Select * From V_FullcollectionMembership where CollectionID = ‘ XXXX’ ) AllMachines

( XXXXXXX  ) DiskSpace

On AllMachines.Name=Diskspace.[Computer Name]

Example :—

select Name, [DISK_SPACE]
(select *
from v_FullCollectionMembership
where collectionID = ‘XXX00BB5’) allMachines
left join
v_R_System.Netbios_Name0 AS [Computer Name], v_R_System.User_Name0 as [ User name],
DisplayName AS [Baseline Item],
v_StateNames.StateName AS [Baseline Status],

case v_StateNames.StateName when ‘Compliant’ then ‘Yes’ when ‘Non-Compliant’ then ‘No’ when ‘Unknown’ then ‘Unknown’ when ‘Error’ then ‘Error’ ELSE v_StateNames.StateName END AS [DISK_SPACE]

FROM   dbo.v_CICurrentComplianceStatus INNER JOIN
dbo.v_CIAssignmentToCI ON v_CICurrentComplianceStatus.CI_ID = v_CIAssignmentToCI.CI_ID INNER JOIN
dbo.v_CIAssignment ON v_CIAssignmentToCI.AssignmentID = v_CIAssignment.AssignmentID INNER JOIN
dbo.v_LocalizedCIProperties ON v_CICurrentComplianceStatus.CI_ID = v_LocalizedCIProperties.CI_ID INNER JOIN
dbo.v_StateNames ON v_CICurrentComplianceStatus.ComplianceState = v_StateNames.StateID INNER JOIN
dbo.v_R_System ON v_CICurrentComplianceStatus.ResourceID = v_R_System.ResourceID INNER JOIN
dbo.v_FullCollectionMembership ON dbo.v_R_System.ResourceID = dbo.v_FullCollectionMembership.ResourceID
WHERE (v_StateNames.TopicType = 401) AND (v_CIAssignment.CollectionID = ‘XXX00B86’)
AND (dbo.v_FullCollectionMembership.CollectionID = ‘XXX00B86’)
and ( dbo.v_LocalizedCIProperties.DisplayName = ‘Machines With Low Disk Space (Less Than 10GB)’)
) DiskSpace
on allMachines.Name = DiskSpace.[Computer Name]

SCCM ConfigMgr 1610 Recover from Regular SCCM Maintenance Backup Folder

Unlike Old other version of SCCM it’s not supported recover wizard from SCCM software media SCCM Site recover wizard. We have to Drill down, SCCM Backup Folder CD>LATEST then launch the setup.hta for recover the SCCM Site. Below are the step by step details.

So its for same if you want to move your SCCM system to New Box or Crashed your SCCM server you want to recover from SCCM Backup Scenarios.


Assuming SCCM Server Name = MYSCCM


  • Install the Operating system server OS
  • Change the System Name to “MYSCCMNew”
  • Join into Domain
  • Install the Pre-requirements like IIS,SQL,ADK,features(BITS, remote deferential ),etc
  • Copy all data from your MYSCCM to MYSCCMNEW with similar Folder structure with same permissions better to use Robocopy.(Folder structure it includes the SCCM Installation Drive)
  • Once you copy all data includes your SCCM Maintenance Task Scheduler back (which includes CD.LATEST) change the system name to MYSCCM just like old SCCM Server. At that time make you sleep the OLD SCCM server to Avoid the duplicate machine record
  • Then launch the setup.hta from backup folder and follow the regular wizards
  • You can able to recover the TS, Apps, Collections all your settings.
  • But once you recovered the Site again try to run the AD Schema Extension to be on safe side.
  • And update all Applications, Packages ,Boot files,etc
  • You may face Image certificate issue, Please re issue the certificate to work includes pxe and create new offline media

Difference between Inactive and Obsolete

Inactive clients are clients that haven’t checked in via heartbeat.

Obsolete clients are clients that have been replaced by other clients. Maybe duplicates, or clients that have been replaced by a new client from OSD, etc


For more details


Windows Updates Classification


Service Packs

A service pack is a periodic update that corrects problems in one version of a product. In addition to correcting known problems, service packs provide tools, drivers, and updates that extend product functionality, including enhancements developed after the product was released.



Updates are code fixes for products that are provided to individual customers when those customers experience critical problems for which no feasible workaround is available.


Security Updates

Security updates address security vulnerabilities. Attackers wanting to break into systems can exploit such vulnerabilities. Security updates are analogous to updates, but should be considered mandatory, and they must be deployed quickly.




Critical updates Broadly released fixes for specific problems addressing critical, non-security related bugs.
Definition updates Updates to virus or other definition files.
Drivers Software components designed to support new hardware.
Feature packs New feature releases, usually rolled into products at the next release.
Security updates Broadly released fixes for specific products, addressing security issues.
Service packs Cumulative sets of all hotfixes, security updates, critical updates, and updates created since the release of the product. Service packs might also contain a limited number of customer-requested design changes or features.
Tools Utilities or features that aid in accomplishing a task or set of tasks.
Update rollups Cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment. A rollup generally targets a specific area, such as security, or a specific component, such as Internet Information Services (IIS).
Updates Broadly released fixes for specific problems addressing non-critical, non-security related bugs.


Configuration Manager Action cycles

Action tab has different Action cycles that will run automatically as per schedule mentioned in SCCM server.

  • Application Deployment Evaluation Cycle: This cycle will check new application deployment polices available to client computer & start installation as per schedule.
  • Data Discovery Collection Cycle: It generates a new discovery data record (DDR). When the DDR is processed by the site server, Discovery Data Manager adds or updates resource information from the DDR in the site database.
  • File Collection Cycle: When a file is specified for collection, the Microsoft System Center Configuration Manager software inventory agent searches for that file when it runs a software inventory scan on each client in the site. If the software inventory client agent finds a file that should be collected, the file is attached to the inventory file and sent to the site server. This action differs from software inventory in that it actually sends the file to the site server, so that it can be later viewed using Resource Explorer. This is a part of SCCM inventory functionality.
  • Hardware Inventory Cycle: Collects information such as available disk space, processor type, and operating system about each computer. This is a part of SCCM inventory functionality.
  • Machine Policy Retrieval & Evaluation Cycle: The client downloads its policy on a schedule. By default, this value is configured to every 60 minutes and is configured with the option Policy polling interval (minutes).
  • Software Inventory Cycle: Collects software inventory data directly from files (such as .exe files) by inventorying the file header information. SCCM can also inventory unknown files — files that do not have detailed information in their file headers. This provides a flexible, easy-to-maintain software inventory method. Software inventory and collected file information for a client can be viewed using Resource Explorer. This is a part of SCCM inventory functionality.
  • Software Metering Usage Report Cycle: collects the data that allows you to monitor and client software usage.
  • User Policy Retrieval & Evaluation Cycle: Similar to Machine Policy Retrieval & Evaluation Cycle, it will initiate user policies.
  • Windows Installer Source List update Cycle: causes the Product Source Update Manager to complete a full update cycle. When you install an application using Windows Installer, those Windows Installer applications try to return to the path they were installed from when they need to install new components, repair the application, or update the application. This location is called the Windows Installer source location. Windows Installer Source Location Manager can automatically search SCCM distribution points for the source files, even if the application was not originally installed from a distribution point.




About SCEP

SCCM and SCEP Agent License are different .so we have to buy additionally if we like to implement SCEP.

Here we have 2 separate behavior based on OS

For Windows 7 Machines:— You will be able to see as SCEP (System Center Endpoint Protection) as separate agent along with SCCM Client. For installing the SCEP.. You don’t required to push any mechanism.. When you install the SCCM Client, SCEP agent will get auto installed ( Of course assuming you have enabled SCEP) ..For Frequent SCEP client upgrade you have to Deploy with normal patching mechanism or S/W


For Windows 10:—- You won’t be see separate SCEP agent. In windows 10 you can able to see windows Defender (which is comes default with OS). When you install the SCCM Client SCEP will take your Windows Defender with customized policy. For Frequent SCEP client upgrade you have to Deploy with normal patching mechanism or S/W.


As recommends Microsoft, Please create ADR for Definition updates for deploying with Custom policy.

Some information about Ransomware & WannaCry Ransomware


What is Ransomware?


Ransomware is a malicious software that encrypts the files and locks device, such a

a computer, tablet or smartphone and then demands a ransom to unlock it. Recently, a

dangerous ransomware named ‘Wannacry’ has been affecting the computers worldwide

creating the biggest ransomware attack the world has ever seen.


What is WannaCry Ransomware?


WannaCry ransomware attacks windows based machines. It also goes by the name

WannaCrypt, WannaCry, WanaCrypt0r, WCrypt, WCRY.It leverages SMB exploit in

Windows machines called EternalBlue to attack and inject the malware. All versions of

windows before Windows 10 are vulnerable to this attack if not patched for MS-17-010.

After a system is affected, it encrypts the files and shows a pop up with a countdown and

instructions on how to pay the 300$ in bitcoins to decrypt and get back the original files. If

the ransom is not paid in 3 days, the ransom amount increases to 600$ and threatens the

user to wipe off all the data. It also installs DOUBLEPULSAR backdoor in the machine.

What can you do to prevent infection?


 Microsoft has released a Windows security patch MS17-010 for Winodws machines.

This needs to be applied immediately and urgently.

 Remove Windows NT4, Windows 2000 and Windows XP-2003 from production


 Block ports 139, 445 and 3389 in firewall.

 Avoid clicking on links or opening attachments or emails from people you don’t

know or companies you don’t do business with.

 SMB is enabled by default on Windows. Disable smb service on the machine by

going to Settings > uncheck the settings > OK

 Make sure your software is up-to-date.

 Have a pop-up blocker running on your web browser.

 Regularly backup your files.

 Install a good antivirus and a good antiransomware product for better security.

File Names:

  • @Please_Read_Me@.txt
  • @WanaDecryptor@.exe
  • @WanaDecryptor@.exe.lnk
  • Please Read Me!.txt (Older variant)
  • C:\WINDOWS\tasksche.exe
  • C:\WINDOWS\qeriuwjhrf
  • 131181494299235.bat
  • 176641494574290.bat
  • 217201494590800.bat
  • [0-9]{15}.bat #regex
  • !WannaDecryptor!.exe.lnk
  • 00000000.pky
  • 00000000.eky
  • 00000000.res
  • C:\WINDOWS\system32\taskdl.exe