Automating collection of Configuration Manager client logs
Automating the Collection of Configuration Manager Client Logs
Configuration Manager client logs are useful in troubleshooting many types of client issues including client installation, client health, software update installation, hardware inventory, and client policy. In many cases the administrator assisting with troubleshooting client issues does not have direct access to the systems with the required logs. This increases the time required to troubleshoot client issues, especially when multiple clients are involved or when clients are across multiple time zones. The following is a way for the Config Manager administrator to automate the collection of the client logs.
The Configuration Manager client logs are stored in several folders, one for client logs, and one for client installation logs. The client installation log folder is located on the system drive under Windows\ccmsetup\logs. The client logs folder is normally located on the system drive under Windows\ccm\logs, however this location may be different in some situations. You can get the location of the client logs by running the following powershell command:
Get-itemproperty “hklm:\software\Microsoft\ccm\logging\@global” | select –expandproperty Logdirectory
In order to automate the collection of the client logs we need to create a shared folder to copy the logs to, and a ConfigMgr package to deploy to clients. In a small environment creating a single share location may be fine, however, in larger multi-site environments we would want to reduce WAN traffic as much as possible when copying client log files. One possibility is creating the shared folder on the ConfigMgr management point assigned to the client. Each client would then copy log files to its associated management point instead of a single location across a WAN link. We can get the clients management point by running the following powershell command:
(get-ciminstance –namespace root\ccm\locationservices –class sms_mpinformation).MP[0]
Now that we have the location of the client logs and a location to create the shared folders, we can begin to automate log collection. Client logs will be collected by deploying a package that runs a powershell script on the client. The required shared folders can be created by using compliance settings in ConfigMgr. By using compliance settings we can ensure that any new management point installed will automatically have the required share created.
Creating the required shared folders using compliance settings
Note: If you would rather import the configuration item and baseline into Configuration Manager using an exported CAB file it is attached below. If you import the configuration item and baseline skip to step number 2 below.
To manually create the configuration item and baseline follow these instructions
1. Create the Configuration Item and Configuration Baseline
Create a new configuration item named CM-ClientLogShare
a. Select all versions of Windows
b. On the Specify settings for this operating system click New…
c. Provide a Name for the setting
Setting type: Script
Data type: Integer
d. Add the discovery and remediation scripts and click OK
Discovery Script: (Script Language: Windows Powershell)
Remediation Script: (Script Language: Windows Powershell)
Note1: The log share created in the remediation script is created on the E:\ of the management point server. To change this location modify variable $Sharepath in the remediation script above.
Note2: The discovery and remediation scripts will create an Event Log “ConfigMgr” on the management point servers as shown below: This can be used to troubleshoot discovery and remediation script execution.
e. On the Specify compliance rules for this operating system page click New…
Provide a name for the compliance condition
Under Selected setting: Choose the setting created in the last step
Rule type: Value
Under setting must comply with the following rule:
The value returned by the specified script: Equals 1
Select check boxes for:
Run the specified remediation script when the setting is noncompliant
Report noncompliance if this setting instance is not found
f. Complete the Create Configuration Item Wizard
g. Create a configuration baseline for deployment
Provide a name for the configuration baseline
Under Configuration Data, add the configuration item created in the last step
2. Create a collection and deploy the configuration baseline
This collection will contain all the Configuration Manager servers with the Management Point role installed
To create the collection use the following query criteria:
- Verify the newly created collection contains the expected management point servers
a. Deploy the configuration baseline to the management point collection created in step 2
In the ConfigMgr console under Assets and Compliance > Compliance Settings > Configuration Baselines, right click the CCM Client Log Share baseline and click deploy
Verify the baseline is selected
Select Remediate noncompliant rules when supported
Select Allow remediation outside the maintenance window
Under Select the collection for this configuration baseline deployment, choose the collection created in step 2
Configure a schedule for how often the compliance rule should run
Click OK 
b. Verify the shared folder is created on the management point servers after the compliance rule has run
Folder Name: Client Logs
Share Name: Clientlogs
Share permissions:
Domain Computers (Change, Read)
Administrators (Full Control)
NTFS permissions:
Creator Owner (Special)
System (Full Control)
Administrators (Full Control)
Users (Read and Execute)
3. Create and deploy the package to copy client log files
When deployed to a device collection this package will execute a script that completes the following:
Note: This script uses the command Compress-Archive which requires powershell 5
- Creates a zip file containing the client log directories
- Copies the zip file to the shared drive on the clients associated management point
- Removes the zip file on the client
Follow these steps to create the package:
a. Create a powershell script named ArchiveCCMLogs.ps1 with the following content:
b. Create a new package with source files, ArchiveCCMLogs.ps1 will be in the source file location for the packageCreate a program for the new package:
c. Create a program for the new package:
d. Command line: %WINDIR%\Sysnative\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -file ArchiveCCMLogs.ps1
- Configure to run with administrative rights (Whether or not a user is logged on)
e. Distribute the package to your distribution points
f. Create a new deployment collection with no members, deploy this package to the collection as either required, or available
g. Add clients to the deployment collection to collect client logs
Note: Once the client updates policy and executes the script, the client logs will be on the share associated with the system’s management point.