SCCM Collection Queries By Server Role
Nereu Theiss
More precisely, if i have a query that gets all domain controllers by role, is there anyway to easily split them up by the first and second half so that I have two collections? The reason for this is to split them out for patching.
In this post I will be sharing the queries which can be used for SCCM collection query for Site System Server Roles. We can create different queries for specific system role installed on Windows Server.
For big infrastructures, there could be heaps of Site System Server installed, hence to look for list of all Servers with specific role is an important factor to consider. Below mentioned queries and the tip shared in the last will be helpful to see those lists.
Launch Configuration Manager Admin Console, navigate to \Administration\Overview\Site Configuration\Servers and Site System Roles, right click Servers and Site System Roles and select any of the option to display list of servers with specific Site System Server role installed:
With Configuration Manager, you use role-based administration to secure the access that administrative users need to use Configuration Manager. You also secure access to the objects that you manage, like collections, deployments, and sites.
With the combination of roles, scopes, and collections, you segregate the administrative assignments that meet your organization's requirements. Used together, they define the administrative scope of a user. This administrative scope controls the objects that an administrative user views in the Configuration Manager console, and it controls the permissions that a user has on those objects.
Collections specify the users and devices that an administrative user can view or manage. For example, to deploy an application to a device, the administrative user needs to be in a security role that grants access to a collection that contains the device.
To be proactive with operational maintenance, once a week you run CMPivot against a collection of servers that you manage, and select Query all on the AppCrash entity. You right-click the FileName column and select Sort Ascending. One device returns seven results for sqlsqm.exe with a timestamp about 03:00 every day. You select the file name in one of the rows, right-click it, and select Bing It. Browsing the search results in the web browser, you find a Microsoft support article for this issue with more information and resolution.
You need to temporarily store a large file on a network file server, but aren't sure which one has enough capacity. Start CMPivot against a collection of file servers, and query the Disk entity. Modify the query for CMPivot to quickly return a list of active servers with real-time storage data:
CMPivot sends queries to clients using the Configuration Manager "fast channel". This communication channel from server to client is also used by other features such as client notification actions, client status, and Endpoint Protection. Clients return results via the similarly quick state message system. State messages are temporarily stored in the database. For more information about the ports used for client notification, see the Ports article.
I've been tasked with creating a collection in SCCM that will run a query and add any servers with no maintenance window configured to the collection. This will allow us to then target those machines to get them added to the maintenance windows we want. Unfortunately building SCCM queries is completely new to me so I'm not really sure where to begin. The query builder is somewhat overwhelming with how many options there are available when presented with the Select Attribute screen.
EDIT - Found where I was going wrong. The queries I've been finding are SQL queries so are made for an SCCM report rather than a Collection Membership Rule query. It doesn't look like what I want to do is possible to do directly with a collection, but I've got a Report that gives me the output I need and can then use to do what we need to do.
Recently, I got an email asking how to find all the DHCP servers and create a SCCM collection for it. The goal here is to find out all the DHCP servers existing in Active Directory setup and group them into a device collection.
A DHCP Server is a network server that automatically provides and assigns IP addresses, default gateways and other network parameters to client devices. It relies on the standard protocol known as Dynamic Host Configuration Protocol or DHCP to respond to broadcast queries by clients.
The procedure to create DHCP server collection in SCCM is very similar to creating device collection for Windows Server 2022. The only difference is the SCCM WQL query for DHCP server is unique here. Device Collections are nothing but a group of devices or users. Configuration Manager contains several built-in collections but in some cases you may need to create custom collections based on the requirements.
On the Query rule properties box, specify the name of the query and click Edit Query Statement. In the Query Language box enter the following query to create SCCM device collection for DHCP servers.
Wait for few minutes while the query runs in the background and finds all the DHCP servers in your network. To speed up things, right-click the DHCP server device collection and click Update Membership.
I setup a new offering for people to add a server to a sccm collection. I created the runbook for this and tried setting up a picker query to show all the sccm collections but that does not appear to work. Is there a certain way this is done?
if you are referring to maybe a powershell runbook activity then yes I would be happy to see something. As long as the powershell can grab the server name field variable and the collection name field variable.
For all Workgroup Windows Servers and workstation I used this queries below, the key thing is I queried the variable found in the resource Explorer Domain Role and Operating system Name & version %server% or %Workstation%.
I have used SMS_G_System_COMPUTER_SYSTEM.DomainRole. The attribute class is Computer System and the attribute is Domain Role for Workgroup devices are Standalone Server but I also used SMS_R_System.OperatingSystemNameandVersion like to isolate the collection type with a %server% or %workstation% wildcard.
Hi Cora, it depends on what the purpose of your collection is. All Systems is fine, unless you're looking to ensure that they're in a collection you've already setup, such as all laptops, all servers, etc.
There are a couple of really simple tweaks we can make to help reduce our overall collection query evaluation times. (NOTE: Making changes to existing collections or collection queries will immediately cause that collection to update its membership)
To recap, use CEViewer to keep an eye on your Collection Evaluations. In addition, when creating your collection queries make sure to use SELECT DISTINCT and split out your query rules to improve performance where possible.
One of the fundamental things you need to do with any SCCM installation and deployment, you need to get the basics right. Queries are those basic building blocks which everything else in SCCM is based on. Once you have all your custom queries setup, then you can setup collections based on the queries, once this is done, all other SCCM components is relatively strait forward.
In this blog post, we will see how to use compliance item in configuration manager to check specific server role or feature installed on server or not .This request has come up to due to the fact that ,one of the engineer has enabled desktop experience feature on some of the servers which leads to install/enable flash player components in C:\windows\System32\Macromed\Flash folder. Qualys is is a provider of cloud security, compliance services which scan your network, servers, desktops or web apps for security vulnerabilities ,more at
In this blog post, am not going with remediation script .what it means is ,if the specific role/feature that you are looking is found ,run the remediation script like remove the role from the server to fix it.
Have you ever needed to get a really fast real-time look at if a service is running on a set of servers or workstations? Open CMPivot against a collection, type in your query, and send it. Seconds later you get real-time answers to your query for any online device. Queries for CMPivot run on 42 devices at once, until all devices you're querying have responded.
The last time my organization did server updates, I (and a trusty super awesome coworker) had to verify if a couple of SQL services were running on a small collection of servers. As we were manually checking these one by one, I came up with the idea that it would be incredibly helpful to use CMPivot.
I will just be doing a basic query to check for a specific service. Highlight the entities you want to query and select insert. If you run the queries with just service it will return all services from every device in the collection.
All database platforms come with a pre-defined role called public, but the implementation of this role varies by platform. In SQL Server, the public role is part of the fixed server role, and permissions can be granted to, denied to or revoked from the SQL Server public role permissions.
aa06259810