SCCM Collection Query for Duplicate MAC Addresses

This WQL query is for creating a Query or Collection in SCCM to display all duplicate MAC addresses which will likely cause issues with OSD.

select R.ResourceID,R.ResourceType,R.Name,R.SMSUniqueIdentifier,R.ResourceDomainORWorkgroup,R.Client from SMS_R_System as r full join SMS_R_System as s1 on s1.ResourceId = r.ResourceId full join SMS_R_System as s2 on s2.Name = s1.Name where s1.Name = s2.Name and s1.ResourceId != s2.ResourceId order by r.MACAddresses

/ JC

Posted in SCCM Current Branch | Tagged , | Leave a comment

WMI/WQL “LIKE” Query Wildcards

Quick post today.

Standard Windows/DOS wildcards don’t work in WMI “LIKE” queries as they use WQL language instead:

Multiple Characters = "%" (Percentage)
Single Character    = "_" (Underscore)

For reference, the corresponding Windows wildcards are:

Multiple Characters = "*" (Asterisk)
Single Character    = "?" (Question Mark)

/ JC

Posted in OSD, Tips, Windows | Leave a comment

Use RoboCopy in ‘Run PowerShell Script’ SCCM Task Sequence Steps

I like to use PowerShell for all my scripting these days (all VB and batch files have now been rewritten in PoSh) and I also like to use RoboCopy for any file copies that I need to do such as in an OSD Task Sequence.

The pain in the arse with RoboCopy is the return/exit codes it uses which cause issues when used in PowerShell scripts.

The return codes used by PowerShell are:

0 No files were copied. No failure was encountered. No files were mismatched. The files already exist in the destination directory; therefore, the copy operation was skipped.

1 All files were copied successfully.

2 There are some additional files in the destination directory that are not present in the source directory. No files were copied.

3 Some files were copied. Additional files were present. No failure was encountered.

5 Some files were copied. Some files were mismatched. No failure was encountered.

6 Additional files and mismatched files exist. No files were copied and no failures were encountered. This means that the files already exist in the destination directory.

7 Files were copied, a file mismatch was present, and additional files were present.

8 Several files did not copy.

Because PowerShell expects an exit code of ‘0’ for success, if RoboCopy completes with an exit code of ‘1’ (i.e. All files were copied successfully) then it throws an exit code other than ‘0’.

In an OSD Task Sequence this is picked up as an error and will therefore cause the Task Sequence to fail. Bollocks.

This can easily be prevented using a wee bit of code at the end of the script used to run the RoboCopy.

In the example below I am copying a single ISO image using a PowerShell script in a Task Sequence (using a ‘Run PowerShell Script’ task). The resulting PowerShell exit code will equal ‘1’ as “all files will be copied successfully”.

    Copies VM Bootable ISO
	Copies the VM Bootable ISO from the package folder to C:\Media
	PowerShell.exe -ExecutionPolicy ByPass -File <ScriptName>.ps1
	Author:		Jonathan Conway
	Version:	1.0
	Created:	29/11/2017

# Set variable for newest ISO in package folder (in case there are more than one then the most recent will be chosen)
$ISO = Get-ChildItem '.\*.iso' | Sort-Object 'LastWriteTime' | Select-Object -last '1' | Select-Object -ExpandProperty 'Name'

# Run ROBOCOPY to copy the Bootable ISO image to "C:\Media"
& ROBOCOPY ".\" "C:\Media" $ISO

# Robocopy for a single file returns a exit code of "1" (i.e. All files were copied successfully) which causes a Task Sequence error - this "if" statement changes exit code to a "0"
if ($LASTEXITCODE -eq '1') {
    EXIT 0

To prevent a Task Sequence failure I can intercept the ‘$LASTEXITCODE’ variable and exit the script with a ‘0’ using an ‘if’ statement.

This will then be picked up by the running Task Sequence and consumed as a ‘success’ which will subsequently allow the Task Sequence to progress without error.


/ JC

Posted in OSD, PowerShell, SCCM Current Branch, Uncategorized | Leave a comment

Check TPM Status from the Command Line (Enabled | Activated | Owned)

Quick and simple way to see if the TPM on a computer is Enabled, Activated and Owned – all of which are required before using them for BitLocker:

wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsEnabled_InitialValue
wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsActivated_InitialValue
wmic /namespace:\\root\cimv2\security\microsofttpm path win32_tpm get IsOwned_InitialValue

As long as they all return as “True” you’re good to go.

/ JC

Posted in BitLocker, PowerShell, Uncategorized | Tagged , | 4 Comments

Confirm Service Account Credentials The Easy Way with PowerShell (e.g. SCCM Network Access Account)

Sometimes you will have an AD Service Account configured and you might not be sure what the password is – a good example of this that sometimes catches me out is the SCCM Network Access Account.

To safely test the account username and password we can use PowerShell with the following simple and safe command:

Start-Process -FilePath winver.exe /c -Credential (Get-Credential)

This will attempt to run “winver.exe” and a prompt will appear asking for credentials:


If the account credentials that you enter are not correct you will see the following error:


But if the credentials provided are correct then “winver.exe” will open as expected and no error message will be produced:


Simple but effective 🙂

/ JC

Posted in PowerShell, SCCM Current Branch, Tips, Uncategorized, Windows | Leave a comment

Add CMTrace.exe to Computers Being Deployed via Task Sequence

To make sure you have CMTrace.exe available for use on machines that are deployed via SCCM Task Sequences you can add a “Run Command Line” task immediately after the “Apply Operating System Image” that copies the executable from the boot image being used to deploy the OS (CMtrace.exe is included by default SCCM Current Branch WinPE boot images – WinPE is mapped as X:\ during OSD) and results in it being available once OSD completes:

 cmd /c xcopy X:\SMS\BIN\x64\CMTrace.exe %OSDTargetSystemDrive%\Windows\System32\ /E /H /C /I /Q /Y

This command line will need to be amended in the unlikely scenario (it’s 2017 after all) that you’re deploying a 32-bit Operating System to change the xcopy target path accordingly.

/ JC

Note: This was originally documented on TechNet yonks ago: Link

Posted in OSD, SCCM Current Branch, Tips, Uncategorized, WinPE | Leave a comment

Use Task Scheduler to Schedule Server Reboot Out of Hours

You may from time to time have a requirement to reboot a server out of hours after implementing a change that requires a restart.

Rather than logging in at Silly O’Clock at night you can use the Windows Task Scheduler to set up a Task to have an unattended reboot occur out of hours.

Open “Task Scheduler” from the Start menu and select “Create New Task“.

Complete the “General” tab by adding the following values for “Name“, “Account” and “Configure for“:


By using the “SYSTEM” account we can be sure that the required permissions to reboot/shutdown the computer are present.

On the “Triggers” tab click on “New” and configure a time suitable for your environment. In my example I have chosen a one time event at “22:00:00” as this is deemed out of hours:


On the “Actions” tab click on “New” and configure the task as per below:


In the “Program/script” field add the word “shutdown“.

In the “Add arguments (optional)” field make sure the following is added:

/r /t 0 /c "Planned Server Reboot via Task Scheduler Task" /f

Click “OK” twice and you’re done.

The command that you have just configured passes the following instructions to the “Shutdown.exe” executable:

  • /r = Reboot
  • /t 0 = waits 0 seconds before restarting
  • /c = comment to be added into the System log in Event Viewer
  • /f = forces the reboot even if users are logged on, programs are open, files are locked etc.

/ JC

Posted in Tips, Windows | Leave a comment