SCCM Collection Query

Question

SCCM Collection Query

Nitin Singh 20

Hi All,

Many machines in my environment are not installing latest Windows Update. One of the key finding is issue with Registry.Pol Files. After investigating, we could find that few of the machines are missing registry.pol files (like they dont exits or renamed to .old ). In few machines registry.pol exits but has not updated from months although machine is online and running gpupdate /force does not make difference until registry.pol is manually deleted and recreated.

I have created a Configuration Baseline in SCCM that removes the reigistry.pol (old files) and recreates a new registry.pol file.

I need your expert advice to create a query based collection that lists out all the devices where Registry.Pol in C:\Windows\System32\GroupPolicy\Machine is missing.

If also possible another condition can be applied - if registry.pol exits what is the last modified Date and size

Answer accepted by question author

0 additional answers

Your answer

Answer 1

AllenLiu-MSFT 49,436 Microsoft External Staff

Hi, @Nitin Singh Thank you for posting in Microsoft Q&A forum.

Like you mentioned, we can create a configuration baseline to check the existence of reigistry.pol file, and create the device collection baseline on the deployment result:

We can also create a collection that registry.pol exits, and run CMPivot and run below command for this collection to get the last modified Date and size: File('c:\Windows\System32\GroupPolicy\Machine\Registry.pol')

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

Nitin Singh 20 Reputation points

2023-04-17T06:52:44.78+00:00

I really like this way of creating a Collection, however, I dont want to deploy the CB in Prod at this stage of time as it needs change process to be followed. It will be great if Asset Discovery can give this result as query and I can use small subset to apply the remediation to test if its fixes the problem.
AllenLiu-MSFT 49,436 Reputation points Microsoft External Staff

2023-04-17T07:11:44.08+00:00

Hi, @nitin singh

OK, we also can use CMPivot to find the device without the file Registry.pol, you may run the query for the device collection with all clients:

Device | join kind=leftouter (File('C:\Windows\System32\GroupPolicy\Machine\Registry.pol')) | where isnull(FileName)
AllenLiu-MSFT 49,436 Reputation points Microsoft External Staff

2023-04-19T05:45:30.7766667+00:00

Just checking if there's any progress or updates?
AllenLiu-MSFT 49,436 Reputation points Microsoft External Staff

2023-04-28T03:05:13.6833333+00:00

May we know the current status of the problem? Is there any other assistance we can provide?
Nitin Singh 20 Reputation points

2023-04-28T03:52:26.0666667+00:00

Thank you Allen for the input. I am able to use CMPivot table to run report in live environment. I think all good now.

Share via

SCCM Collection Query

0 additional answers

Your answer