Status Message ID 11756

, , , , , , ,

I was working at a customers site where there were some infrequent issues with patching. While I was viewing all status message queries there was a frequent occurrence for status message ID 11756. This particular error points to a GPO Conflict. You can also use the report “Last Scan States By Collection” to validate my findings.

The problem was occurring at an entire office location where all scans were failing. You can see below the majority of the failures are due to group policy conflict.

I have verified there were no problems with the GPO setting the WSUS and determined the local system had issues laying down policy. It’s a meh thing, but you will find this in different environments from time to time. This is an easy fix for my customers by rebuilding the registry.pol located at “C:WindowsSystem32GroupPolicyMachineRegistry.pol”

My quick fix is to create a package with the bat file created from the lines of text. You see I delete the file, force gpupdate, software update scan and machine policy.

 

DEL /q “C:WindowsSystem32GroupPolicyMachineRegistry.pol”
Echo N | gpupdate /force
WMIC /namespace:\rootccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000113}” /NOINTERACTIVE
WMIC /namespace:\rootccm path sms_client CALL TriggerSchedule “{00000000-0000-0000-0000-000000000022}” /NOINTERACTIVE
exit

You can set up auto-remediation by creating a collection based on any system reporting status message 11756 within 24 hours and deploying the package to rebuild local policy.

Query below for collection:
select distinct SYS.Name,SYS.Client from sms_r_system as SYS join SMS_StatusMessage as stat on stat.machinename = SYS.name where stat.ModuleName = “SMS Client” and stat.MessageID = 11756 and DateDiff(dd,stat.Time, GetDate()) <1

After this runs monitor your log files to verify the software update scan has ran successfully and also run the last software update scan report for additional validation.

Please see this link for TechNet to download the bat file

https://gallery.technet.microsoft.com/Windows-update-scan-74f70f62?redir=0

 

ALSO SEE : Windows 10 Migration Project (General UEFI Queries)

Windows 10 Migration Project (General UEFI Queries)

, , ,

For environments where there several manufacturers the option to use BIOS tools to gather all information may not be possible. We can guesstimate a system will be UEFI Capable based on the PCBios Date Attribute. We will be generous and system with PC Bios date after 1/1/2013
will be UEFI Capable

UEFI Capable Systems
select distinct SMS_R_System.Name, SMS_G_System_PC_BIOS.ReleaseDate, SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.ReleaseDate > “1/1/2013 12:00:00 AM”

NOTE: There are more specific ways to identify systems that are UEFI capable but that will require
Creating a new WMI namespace. That method described will only work on certain manufacturers like Dell, Lenovo, HP in a future blogpost

UEFI CAPABLE SYSTEM MODELS
select distinct SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.ReleaseDate > “1/1/2013 12:00:00 AM”


Non-UEFI Capable Systems

select distinct SMS_R_System.Name, SMS_G_System_PC_BIOS.ReleaseDate, SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.ReleaseDate > “1/1/2013 12:00:00 AM”

Non-UEFI Capable System Models
select distinct SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_PC_BIOS on SMS_G_System_PC_BIOS.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_PC_BIOS.ReleaseDate < “1/1/2013 12:00:00 AM”

NOTE: The results from this query will be used later in the WIN 10 task sequence. These models will receive the “Warning: System Not UEFI Capable” step in the task sequence. These are the system models that will not boot UEFI and will receive Windows 10 on a MBR partition

 

ALSO SEE : Windows 10 Migration Project (General Starter Queries)

Windows 10 Migration Project (General Starter Queries)

, , , , , , , ,

For my one of my customers environments the move towards windows 10 will be purely security based.
The key features that will be used are UEFI boot w/ Secure-boot enabled, ELAM, Device Guard, and Credential Guard (explanation of features in future blog post)

When starting any operating system deployment project, it is a good idea to know what systems are in your environment so that you can determine which of these systems need to support the new Windows 10 OS.Some systems may need to be replaced, whereas others might only need a BIOS version update to be UEFI capable
Now that Windows 10 is here, now is the time to standardize on native UEFI as the default boot mode. When making this switch, it is also important to enable Secure Boot at the same time. But, before you can do that, you need to determine what is in your environment.In a previous customers environment there were 15 different manufacturers and 350+ different models. Since this environment has such a high number of manufactures we will not be able to deploy bios tools for all 15. We will
chose to run a brief SQL Query to guesstimate systems capable based on the PC Bios Date.

1. Query to identify system manufacturer and model machines
select SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceId = SMS_R_System.ResourceId

Create collections based on different manufacturers. My previous query resulted in 15 different manufacturers. I will below only provide queries for major vendors. Please note some vendors will have more than 1 name used. For example dell systems us “Dell” Dell Inc” and Dell Computer Corporation” so just use the Like value and %Dell% to obtain all systems from this manufacturer. Other companies you need to use the Like %Hewlett-Packard%” or like %HP%

Some of these collections will be used for deploying BIOS tools against to identify certain key pieces of information for future queries that we will build upon. In a future blog we will cover how to extend hardware inventory to grab newly created WMI namespaces.

2. Dell
select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “%Dell%”

3. HP
select distinct SMS_R_System.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “%Hewlett-Packard%” or SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “%HP%”

4. Lenovo
select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “%LENOVO%”

5. Transource
select SMS_R_System.Name from SMS_R_System inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_COMPUTER_SYSTEM.Manufacturer like “Transource”

6. Query SQL for count of System Models
SELECT
Manufacturer0, Model0, Count(Model0) AS ‘Count’
FROM
dbo.v_GS_COMPUTER_SYSTEM
GROUP BY
Manufacturer0,Model0
ORDER BY
Model0

BONUS (Meets Physical SPECS + TPM 1.2 and up

Criteria: 2gb ram, 1ghz processor, 120gb HD, TPM 1.2 (run in SCCM Console)

select SMS_G_System_COMPUTER_SYSTEM.Manufacturer, SMS_G_System_COMPUTER_SYSTEM.Model, SMS_G_System_SYSTEM.Name, SMS_G_System_TPM.PhysicalPresenceVersionInfo, SMS_R_System.ResourceId from SMS_R_System inner join SMS_G_System_X86_PC_MEMORY on SMS_G_System_X86_PC_MEMORY.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_PROCESSOR on SMS_G_System_PROCESSOR.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_DISK on SMS_G_System_DISK.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_TPM on SMS_G_System_TPM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_COMPUTER_SYSTEM on SMS_G_System_COMPUTER_SYSTEM.ResourceID = SMS_R_System.ResourceId inner join SMS_G_System_SYSTEM on SMS_G_System_SYSTEM.ResourceID = SMS_R_System.ResourceId where SMS_G_System_X86_PC_MEMORY.TotalPhysicalMemory > 2000000 and SMS_G_System_PROCESSOR.MaxClockSpeed > 1000 and SMS_G_System_DISK.Size >= 120000 and SMS_G_System_TPM.PhysicalPresenceVersionInfo >= “1.2”

ALSO SEE : Windows 10 Migration Project (How to start)