As most of you already know, Microsoft has released a new function in ConfigMgr to run scripts directly on computers and/or servers in your environment. With this new function, scripts can be run in real time on a single computer or an entire collection. How cool is that?
This was initially released in the 1706 Tech Preview, but since then Microsoft has put a lot of effort into the functionality of the latest builds and have really made it shine!
If you’re like me, you might get stuck in the “this is awesome but how do I move forward with it” mindset. With this new feature, I felt kind of stuck and in need of inspiration. I was lucky enough to find a blog post from Jörgen Nilsson (ccmexec.com – check it out, this guy is really good!) where he used Run Script on client computers to gather ConfigMgr log files, and put them on a share. Perfect!
After some thinking, his specific solution didn’t quite suit my needs as I also wanted the client event logs, and I wanted it more “categorized” on a server share.
Using Jörgen’s post as a foundation, I modified the code to fetch the event logs and also to name the folder with a computer name and date. One thing I had to keep in mind is the script output as I wanted to keep the ConfigMgr console script output clean and neat. To achieve this, I have piped a lot of the cmdlets to “Out-Null”.
If you do not know how to enable the Run Script feature, I would definitely recommend you check out this blog post from my fellow colleague, Timmy Andersson (where he demonstrates how to enable the feature).
Also, if you are not familiar with how to use “Run Script”, take a look at this blog post wherewhere Timmy also explains everything step by step.
Anyways, let’s get to it!
param( $logShare ) try { #Get path for SCCM client Log files $ccmLogDirReg = Get-ItemProperty -path HKLM:\Software\Microsoft\CCM\Logging\@Global $ccmLogs = $ccmLogDirReg.LogDirectory #Create folders $logDir = "$env:temp\LogDir" New-Item -Path $logDir\SCCMLogs -ItemType Directory -Force | Out-Null New-Item -Path $logDir\EventLogs -ItemType Directory -Force | Out-Null #Copy CCM logs Copy-item -path $ccmLogs\* -destination $logDir\Sccmlogs -Force | Out-Null #back up event logs from WMI $eventLogs = Get-WmiObject -Class Win32_NTEventLogFile foreach ($log in $eventLogs) { $path = "$logDir\EventLogs\$($log.LogfileName).evt" $log.BackupEventlog($path) > $null } #Create a .zip archive with sccm logs and event logs $filePrefix = (get-date -UFormat "%Y%m%d") + '_' + $env:Computername Compress-Archive -Path $logDir\* -CompressionLevel Optimal -DestinationPath $logDir\$filePrefix | Out-Null #Copy zipped logfile to servershare $computerLogShare = $logShare + “\” + $env:Computername New-Item -Path $computerLogShare -ItemType Directory -Force | Out-Null Copy-Item $logDir\$($filePrefix).zip -Destination $computerLogShare -force | Out-Null #Cleanup temporary files/folders Remove-Item $logDir -Recurse | Out-Null #if all goes well, exit with success Write-Output "Success!" Exit 0 } Catch { #errors? we don't like them Write-Output 'Script exited with error 1603' Exit 1603 }
After running the script, you can see that the log files has successfully been uploaded to the share.
Feel free to use this as you’d like, make modifications and share it with everyone!
Again, check out Timmy’s blogs! He can be reached at https://timmyit.com and here at blog.ctglobalservices.com.
And a BIG thanks to Jörgen Nilsson aka ccmexec.com. This guy is brilliant!
Thank you for reading. Until next time.
And of course – Merry Christmas!
Didnt understand anything, and now my computer is on fire. 10/10, would read again.