Udostępnij za pośrednictwem


Running the SCCM Client policy via a Package Deployment

Though the SCCM client re-run all the SCCM client policy at a respective interval, there would be some requirement where we need certain policies to be triggered explicitly.

This can be done directly from the Configuration Manager client that is installed on the client machine, but still we 'may' need to have this in a script and deploying it via SCCM.

There are multiple ways to achieve this but here I have outlined what i have used in my environment to automate.

  1. Create a .bat file with below lines [to trigger the policies on the client machine]

WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000021}" /NOINTERACTIVE
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000022}" /NOINTERACTIVE
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000113}" /NOINTERACTIVE
WMIC /namespace:\\root\ccm path sms_client CALL TriggerSchedule "{00000000-0000-0000-0000-000000000114}" /NOINTERACTIVE

The above lines is to trigger below policies:

Machine Policy Evaluation Cycle
Machine Policy Retrieval Cycle
Software Update Scan Cycle
Software Update Deployment Evaluation Cycle

NOTE: You can change the set of policies as per your requirement, you just need ammend the WMI command with correct to specify the correct

  1. Create a .vbs file with below lines [to call the .bat file created in the above step]

Dim objShell
Dim runBatFile

Set objShell = WScript.CreateObject("WScript.Shell")
runBatFile = "BatFileName.bat"
objShell.Run runBatFile, 0, false

Set objShell = Nothing
Set runBatFile = Nothing

  1. Create a package in SCCM including both .bat and .vbs file.
  2. Create a program that calls .vbs file.
  3. Create a deployment using the program

 

The deployment can be created either as available or required. If the deployment is in required mode then it can also be scheduled so that it re-runs on certain interval.

Also take note that these scripts can also be deployed to end user machines via SCCM by creating a schedule task.

You can verify the below SCCM client logs to confirm that the script is indeed working:

              Machine Policy:
                            PolicyEvaluator.log
                            PolicyAgent.log
                            StatusAgent.log

              Software Update Deployment Evaluation Cycle:
                            UpdateStore.log
                            StateMessage.log

              Software Update Scan Cycle:
                            ScanAgent.log
                            StateMessage.log

The above steps can also be achieved by implementing these scripts via GPO by creating a Schedule task, but if we need reports to be generated then SCCM is the best.