Tuesday, 10 February 2026

Intune application

Written by   on   in   with No comments

Got it 👍
Below is a more detailed, document-style set of notes with deeper explanations, step-by-step clarity, example visuals, and a clear comparison table (Win32 vs Store vs MSIX).
This is written like official training material + real admin experience, not quick notes.

📘 Application Management with Microsoft Intune

1️⃣ Introduction to Application Management in Intune (Detailed)

Application Management in Intune is the process of packaging, deploying, managing, updating, and troubleshooting applications across managed devices.

Why Application Management Is Critical

In modern enterprises:

  • Users work remotely
  • Devices are cloud-managed
  • Manual installs are not scalable
  • Security must be enforced automatically

Intune solves this by providing:

  • Centralized control
  • Policy-based deployment
  • User-based or device-based installs
  • Integration with security and identity (Entra ID)

Core Capabilities

  • Application deployment
  • App updates & replacement
  • Conditional access for apps
  • App protection (MAM)
  • Reporting and troubleshooting

2️⃣ Structure of Application Management in Intune

High-Level Architecture

Admin → Intune Portal → Policy + App Config
      → Entra ID Groups
      → Device / User
      → Intune Management Extension (IME)

Logical Components

  1. App Package
  2. Deployment Configuration
  3. Detection Logic
  4. Assignment
  5. Execution on Endpoint
  6. Monitoring & Reporting

3️⃣ Overview of Applications and Types in Intune

Windows Application Types Explained

App Type Description Typical Usage
Win32 App Traditional EXE/MSI apps Enterprise apps
Microsoft Store (New) Winget-backed Store apps Common utilities
MSIX Modern packaged apps Clean installs
LOB (MSI) Simple MSI apps Legacy installs
Web App URL-based apps SaaS platforms
Microsoft 365 Apps Office apps Productivity
Microsoft Edge Browser Standardization

4️⃣ Assignment Options for Applications (Deep Explanation)

Assignment Behavior

Option What Happens
Required App installs automatically
Available User installs from Company Portal
Uninstall App removed if detected

Assignment Targeting

  • User groups → follows user across devices
  • Device groups → fixed hardware targeting
  • Filters → OS version, device ownership, SKU

Best Practices

✔ Use Required for security tools
✔ Use Available for optional apps
✔ Use Filters to reduce group sprawl

5️⃣ Creating & Deploying Windows Applications (Step-by-Step)

🔹 A. Win32 Applications (Most Important)

What Is a Win32 App?

A Win32 app is any traditional Windows installer:

  • .exe
  • .msi
  • Scripts or custom installers

Step-by-Step Deployment

  1. Package app using IntuneWinAppUtil
  2. Upload .intunewin
  3. Configure:
    • Install command
    • Uninstall command
    • Detection rules
  4. Define requirements
  5. Assign app

Detection Rule (Critical Concept)

Intune must detect the app to mark install as successful.

Detection methods:

  • File existence
  • Registry key/value
  • MSI product code
  • Custom script

⚠️ Wrong detection = endless reinstall loop

🔹 B. Microsoft Store Apps (New Experience)

Key Characteristics

  • Uses Windows Package Manager (Winget)
  • No packaging required
  • Auto updates supported
  • Cleaner than legacy Store apps

Limitations

  • Limited customization
  • Dependent on Microsoft Store availability

🔹 C. MSIX Applications

What Is MSIX?

MSIX is a modern Windows app packaging format that:

  • Is containerized
  • Has clean install/uninstall
  • Supports version upgrades

Advantages

✔ No registry pollution
✔ Built-in detection
✔ Safe rollback

Disadvantages

❌ App compatibility issues
❌ Packaging complexity

6️⃣ Deep Dive Troubleshooting (Windows Applications)

Key Log Locations

C:\ProgramData\Microsoft\IntuneManagementExtension\Logs
Log File Purpose
IntuneManagementExtension.log Core engine
AppWorkload.log App execution
Detection.log Detection logic
AgentExecutor.log Script execution

Common Issues & Fixes

Issue Root Cause Resolution
App stuck installing Detection fails Fix detection rule
Error 0x80070001 Installer failed Test locally
Reinstall loop Wrong detection Use registry/file
App not visible Assignment issue Check group

7️⃣ Other Application Types

Web Apps

  • Simple URL shortcuts
  • Can be pinned
  • Used for cloud platforms

Mobile Apps

  • iOS / Android managed apps
  • Works with:
    • App Protection Policies
    • Conditional Access
    • BYOD scenarios

8️⃣ Microsoft 365 Apps and Microsoft Edge

Microsoft 365 Apps

  • Custom install
  • App-level selection
  • Channel control
  • Shared device licensing

Microsoft Edge

  • Automatic deployment
  • Extension enforcement
  • Security baseline integration

9️⃣ ⭐ Comparison Table: Win32 vs Store vs MSIX

🔍 Detailed Comparison

Feature Win32 App Microsoft Store (New) MSIX App
Packaging Required ✅ Yes ❌ No ✅ Yes
Installer Types EXE / MSI Store / Winget MSIX
Detection Rules Manual Automatic Built-in
Custom Install Cmd ✅ Yes ❌ No ❌ Limited
Uninstall Control ✅ Full ⚠️ Limited ✅ Clean
Supersedence ✅ Yes ❌ No ✅ Versioned
Updates Manual Automatic Automatic
App Isolation ❌ No ✅ Yes ✅ Yes
Enterprise Flexibility ⭐⭐⭐⭐⭐ ⭐⭐⭐ ⭐⭐⭐⭐
Recommended Use Complex apps Common tools Modern apps

✅ When to Use What

  • Win32 → Complex enterprise software
  • Store (New) → Standard utilities
  • MSIX → Modern, clean apps

🔚 Final Summary

✔ Win32 apps give maximum control
✔ Store apps offer simplicity & auto-updates
✔ MSIX provides modern, clean deployment
✔ Detection rules decide success or failure
✔ Logs are mandatory for troubleshooting

If you want next steps, I can:

  • Convert this into a PDF / Word document
  • Create hands-on lab exercises
  • Add real interview questions
  • Make flowcharts for troubleshooting
  • Create a Win32 packaging checklist

Just tell me 👍




Perfect choice 👌

Below are clear, exam-ready troubleshooting flowcharts plus a practical Win32 packaging checklist that real Intune admins actually use in production.


I’ve written this so you can:


Follow it during a live issue


Memorize it for interviews


Use it as a build standard




---


🔧 Intune Application Troubleshooting – Flowcharts


🔁 Win32 App Installation Troubleshooting Flowchart


Step-by-Step Flow (Text Version)


App Deployment Fails

        ↓

Check Intune Portal Status

        ↓

Is status "Failed"?

        ↓ YES

Check Error Code

        ↓

Check IME Logs on Device

        ↓

Did install command run?

   ↓ YES ↓ NO

Check Detection Check Install Command

Rule (syntax, path, context)

        ↓

Is detection correct?

   ↓ YES ↓ NO

Check Requirements Fix Detection Rule

(OS, disk, user)

        ↓

Retry Deployment



---


🟡 App Stuck on "Installing" Flowchart


App shows "Installing"

        ↓

Wait > 30 minutes?

        ↓ YES

Check Detection Rules

        ↓

Does detection logic match reality?

   ↓ YES ↓ NO

Check Logs Fix detection

(AppWorkload.log)

        ↓

Is app actually installed?

   ↓ YES ↓ NO

Detection failure Install failure

        ↓ ↓

Fix detection Fix install command


💡 Most common root cause:

➡️ Detection rule checks the wrong file, registry, or version



---


🔴 App Reinstalling Repeatedly Flowchart


App installs → reinstalls → repeats

        ↓

Check Detection Rule

        ↓

Is detection static?

   ↓ NO ↓ YES

Fix detection Check context

(file/registry)

        ↓

User vs System mismatch?

        ↓

Align install + detection context


⚠️ Example mistake:


App installs to Program Files


Detection checks AppData




---


🔵 App Not Showing in Company Portal Flowchart


App not visible

        ↓

Is app assigned as "Available"?

        ↓ NO → Fix assignment

        ↓ YES

Is user licensed?

        ↓ NO → Assign license

        ↓ YES

Is device compliant?

        ↓ NO → Fix compliance

        ↓ YES

Sync device + restart portal



---


📦 Win32 Application Packaging Checklist (Production-Grade)


✅ Pre-Packaging Checklist


☐ Confirm installer type (.exe / .msi)

☐ Test manual install locally

☐ Identify silent install switches

☐ Identify silent uninstall command

☐ Confirm install context (System/User)

☐ Check app architecture (x64 / x86)



---


🧰 Packaging Checklist (IntuneWinAppUtil)


☐ Place installer + files in one folder

☐ Run IntuneWinAppUtil

☐ Confirm .intunewin file created

☐ Store source files securely



---


⚙️ App Configuration Checklist


App Information


☐ App name clear & versioned

☐ Publisher populated

☐ Category assigned


Program


☐ Install command tested

☐ Uninstall command tested

☐ Correct install behavior (System/User)

☐ Return codes validated



---


🔍 Detection Rule Checklist (MOST IMPORTANT)


☐ Detection method chosen:


☐ File


☐ Registry


☐ MSI product code


☐ Script



☐ Detection checks post-install state

☐ Detection is version independent (if possible)

☐ Detection matches install context


🚫 Avoid:


Temp folders


User paths for system installs


Version-specific EXE names




---


📋 Requirements Checklist


☐ OS version defined

☐ Architecture correct

☐ Disk space sufficient

☐ No conflicting requirements



---


🎯 Assignment Checklist


☐ Assigned to correct group

☐ Required vs Available correct

☐ Filters applied (if needed)

☐ Test group used first



---


📊 Post-Deployment Checklist


☐ App installs successfully

☐ App reports Installed

☐ No reinstall loop

☐ Logs clean

☐ User experience verified



---


🚀 Best Practices (Real-World)


✔ Always test on pilot group

✔ Prefer registry detection

✔ Keep install commands simple

✔ Use Win32 over LOB

✔ Document detection logic



---


🧠 Interview Tip (Bonus)


If asked:


> “Why do Intune app deployments fail?”




Correct answer:


> “Mostly because of incorrect detection rules or mismatched install context.”





---


If you want next, I can:


Turn these flowcharts into printable diagrams


Create a Win32 packaging template


Add real Intune error codes explained


Build a hands-on lab with test cases


Create interview Q&A based on these



Just say the word 👍





Share:

Tuesday, 22 July 2025

**Reset Windows Update with PowerShell**

Written by   on   with No comments

✅ How to use

  1. Open PowerShell as Administrator.
  2. Copy-paste the script and press Enter.
  3. After it finishes, open Settings → Windows Update and check for updates again.
 ##########################################################################
# Run as Administrator PowerShell / PowerShell IE

Write-Host "Allowing PowerShell script execution..." -ForegroundColor Yellow
Set-ExecutionPolicy -ExecutionPolicy Undefined -Scope LocalMachine -Force
Start-Sleep -Seconds 5
# Reset Windows Update components script
# Run this in an elevated PowerShell (Run as Administrator)

Write-Output "Stopping services..."
Stop-Service -Name bits, wuauserv, cryptsvc -ErrorAction Stop

Write-Output "Renaming SoftwareDistribution and Catroot2 folders..."
$sd = "$env:SystemRoot\SoftwareDistribution"
$cr = "$env:SystemRoot\System32\catroot2"
# Add timestamp to avoid collision
$ts = (Get-Date).ToString('yyyyMMddHHmmss')
Rename-Item -Path $sd -NewName "SoftwareDistribution.bak_$ts" -ErrorAction Stop
Rename-Item -Path $cr -NewName "catroot2.bak_$ts" -ErrorAction Stop

Write-Output "Starting services..."
Start-Service -Name cryptsvc, bits, wuauserv -ErrorAction Stop

Write-Output "Windows Update components reset successfully."


##########################################################################











Share:

Monday, 21 July 2025

Microsoft Intune overview

Written by   on   with No comments

Microsoft Intune securely manages identities, manages apps, and manages devices

Source:- Microsoft Intune overview

As organizations adapt to hybrid and remote work models, managing various devices accessing company resources becomes a challenge. Microsoft Intune addresses these needs by enabling secure collaboration, access, and data protection across personal and corporate devices. It's a cloud-based endpoint management solution that streamlines user access and device/app management, supporting Zero Trust principles.

Key features and benefits

  • Manage users and devices
    Intune supports cross-platform device management (Windows, macOS, iOS/iPadOS, Android, Linux Ubuntu). Admins can apply access policies on both organization-owned and personal devices. If managing on-prem Windows Servers, Configuration Manager can be used in parallel.
  • Simplify app management
    Admins can deploy, update, and retire apps using Intune’s built-in app management. It supports Microsoft 365 apps (like Teams), Win32, LOB, and custom apps. You can enforce app protection policies for security and control access to data within apps.
  • Automate policy deployment
    Admins can configure and deploy a wide range of policies (security, compliance, device config, etc.) to users and devices over the internet—automating endpoint management at scale.
  • Use the self-service features
    End users can use the Company Portal app or website to reset passwords, install apps, join groups, and more—reducing IT support demand. Admins can customize the portal experience.
  • Integrate with mobile threat defense
    Intune integrates with Microsoft Defender for Endpoint and other partner solutions to enhance endpoint protection. Admins can create threat response policies, automate remediation, and perform real-time risk analysis.
  • Use a web-based admin center
    The Intune Admin Center enables full cloud-based endpoint management with built-in reporting and Graph API support. It can be accessed from any internet-connected device.
  • Advanced endpoint management and security
    The Intune Suite includes advanced tools like Remote Help, Endpoint Privilege Management, and Microsoft Tunnel for MAM, extending the functionality of core Intune.
  • Use Microsoft Copilot in Intune for AI-generated analysis
    Copilot in Intune, powered by Security Copilot, can summarize policies, surface recommendations, highlight setting conflicts, and help troubleshoot issues by analyzing device and policy data.

Integrates with other Microsoft services and apps

  • Configuration Manager: Co-management and tenant attach options allow integration with on-premises infrastructure.
  • Windows Autopilot: Streamlines OS deployment by provisioning new or existing devices for modern use.
  • Endpoint analytics: Provides insights into device health, user experiences, and policy impact—helping proactively improve productivity.
  • Microsoft 365: Enables automated deployment and management of Office apps.
  • Microsoft Defender for Endpoint: Enables threat detection, risk-based compliance, and Conditional Access enforcement.
  • Windows Autopatch: Automates patching of Windows, Microsoft 365 Apps, Edge, and Teams—using Intune as the patch management platform.

Integrates with third party partner devices and apps

  • Android (Managed Google Play): Admins can deploy private or public apps using a connected Google Play account.
  • Apple (Tokens & Certificates): Supports iOS/iPadOS/macOS enrollment and VPP-based app deployment via Apple Business Manager.
  • TeamViewer: Enables remote assistance for Intune-managed devices via an integrated TeamViewer account.

Supports deployment and management of:

  • Public store apps
  • Line-of-business (LOB) apps
  • Private/internal apps
  • Custom and third-party partner apps

Guides are available for Android, iOS, macOS, and Linux device enrollment.

Enroll in device management, application management, or both

  • Organization-owned devices (MDM):
    Enrolled using Mobile Device Management. IT admins fully control device configuration, apps, and data policies. Security and compliance settings are enforced during the enrollment process.
  • Personal devices (BYOD - MAM):
    Managed via Mobile Application Management, focusing on protecting app data rather than the device itself. Ideal for securing corporate data in apps like Outlook or Teams without managing the full device.
  • Combined MDM + MAM:
    For enrolled devices requiring additional app-level security, both MDM and MAM policies can be used together.

Protect data on any device

Managed Devices (MDM):

  • Full control over device security.
  • Deploy encryption, password, certificate, and threat protection policies.
  • Use Conditional Access and remote wipe for security enforcement.

Unmanaged/Personal Devices (MAM):

  • App protection without full device control.
  • Prevents copy/paste between corporate and personal apps.
  • Enforces MFA and Conditional Access rules on specific apps.

Both approaches allow using Mobile Threat Defense tools and Conditional Access for secure data access.

Simplify access

  • Use Windows Hello for Business:
    Replaces passwords with biometrics or PIN for faster, more secure authentication—stored locally on the device.
  • Create a VPN connection for remote users:
    Intune supports configuring VPN policies using various vendors. VPNs can be certificate-based to avoid manual login.
  • Use Microsoft Tunnel for MAM:
    Provides secure app access for unenrolled devices—extending VPN capabilities for MAM scenarios.
  • Create a Wi-Fi connection for on-premises users:
    Configure and deploy Wi-Fi profiles with certificate-based authentication to simplify and secure network access.
  • Enable single sign-on (SSO) to your apps and services:
    • Windows: Built-in SSO using Entra ID (formerly Azure AD).
    • iOS/macOS: Use Microsoft Enterprise SSO plug-in.
    • Android: Enable SSO with Microsoft Authentication Library (MSAL).
    SSO enhances productivity and reduces login friction across Microsoft and partner apps.
Share:

Thursday, 25 January 2024

Sunday, 16 April 2023

Read the offersum box for SVF Files- PowershellScript

Written by   on   in ,   with No comments

 ##Read the offersum box for SVF Files

$configMgrBoxpath = "E:\Temp\offersum Files TO scan"

$count = O

Get-ChildItem -Path $configMgrBoxpath -Include *.SVF -Recurse -Force -ErrorAction

Silentlycontinue -outBuffer 1000 | ForEach-Object {

$File = $_.FullName;

$count = $count + 1

If (($count % 1000) -eg 0) {

   write-host $count "files scanned"

try {


     ( ##Search for the non-existing deployment id passed in below select string within the SVF File


       Get-content _ReadCount 1 _TotalCount 6 -Path $_.FullName _ErrorAction Stop |

       select-String _Pattern ('2147024894') -ErrorAction stop

      ).Matches.Result($File)

} catch {

       ##write-warning -Message "Given deployment id not found in SFi1e"

}

     ##Write the non-existing deployment SVF file location on a text file

} | move-iten -Force -destination "E:\Temp|Offersum Files Irrelvent"

write-host "Script Finished !!!"

Share:

Saturday, 19 November 2022

MECM Daily usage SQL Queries

Written by   on   with No comments

Client:

List Of Devices in perticular Colelction
  
  select sys.Name0 as 'Host Name',
fcm.CollectionID as 'Collection ID',
vc.Name as 'Collection Name',
sys.Operating_System_Name_and0 as 'O.S. Name',
sys.Build01 as 'Build Version'
from v_R_System sys
inner join v_FullCollectionMembership fcm on fcm.ResourceID=sys.ResourceID
inner join v_Collection vc on vc.CollectionID = fcm.CollectionID
where fcm.CollectionID = 'SMS00001'

Query Results:

Check the machine part of which the collections
  
  select sys.Name0 as 'Host Name',
fcm.CollectionID as 'Collection ID',
vc.Name as 'Collection Name',
sys.Operating_System_Name_and0 as 'O.S. Name',
sys.Build01 as 'Build Version'
from v_R_System sys
inner join v_FullCollectionMembership fcm on fcm.ResourceID=sys.ResourceID
inner join v_Collection vc on vc.CollectionID = fcm.CollectionID
where 
sys.Name0 = 'WIN10'
--sys.Name0 in ('WIN10','SCCMPRI')

  
  Query Results:



  List the client version count and list
  
  select sys.Client_Version0 as 'Client Version',
count(sys.Client_Version0) as 'Client Count'
from v_R_System sys
group by sys.Client_Version0
order by sys.Client_Version0 desc

Query Results:


List of Operating System Count and list
  
  select sys.Operating_System_Name_and0 as 'O.S. Name',
Count(sys.Operating_System_Name_and0) as 'Count'
from v_R_System sys
group by sys.Operating_System_Name_and0

Query Results:

Package Details, Distrubution Status and Deployment Query:

Package Deployment Status with Deployment ID
  
select 
sys.Name0 as 'Host Name',
vc.Name as 'CollectionName',
pkg.Name as 'Pacakge Name',
sys.User_Name0 as 'User Name',
adv.AdvertisementID as 'Deplyment ID',
ads.LastAcceptanceStateName as 'Package Acceptance Status',
ads.LastAcceptanceStatusTime as 'Last Stuats',
ads.LastStateName as 'Package Status',
ads.LastStatusMessageIDName as 'Last Message ID',
ads.LastExecutionResult as 'Execution Result'
from v_Advertisement as adv
inner join v_Package pkg on pkg.PackageID = adv.PackageID
inner join v_ClientAdvertisementStatus as ads on adv.AdvertisementID=ads.AdvertisementID
inner join v_R_System as sys on ads.ResourceID=sys.ResourceID
inner join v_Collection as VC on adv.CollectionID=VC.CollectionID
Where adv.AdvertisementID = 'PS120001'
order by ads.LastStateName

Query Results:

Application Details, Status and Deployment Status Query:

Devices base Application Deployment Status with Deplyment ID 
  
SELECT distinct
vrs.Name0 [Computer Name], vgos.Caption0 [OS],vrs.User_Name0 [User Name],
v_CIAssignment.Assignment_UniqueID ,lac.DisplayName AS 'ApplicationName',CollectionName,
IIf([EnforcementState]=1001,'Installation Success',
IIf([EnforcementState]>=1000 And [EnforcementState]<2000 And [EnforcementState]<>1001,'Installation Success',
IIf([EnforcementState]>=2000 And [EnforcementState]<3000,'In Progress', IIf([EnforcementState]>=3000 And [EnforcementState]<4000,
'Requirements Not Met ', 
IIf([EnforcementState]>=4000 And [EnforcementState]<5000,'Unknown', IIf([EnforcementState]>=5000 
And [EnforcementState]<6000,'Error','Unknown')))))) AS Status
FROM dbo.v_R_System AS vrs
INNER JOIN (dbo.vAppDeploymentResultsPerClient
INNER JOIN v_CIAssignment
ON dbo.vAppDeploymentResultsPerClient.AssignmentID = v_CIAssignment.AssignmentID)
ON vrs.ResourceID = dbo.vAppDeploymentResultsPerClient.ResourceID
INNER JOIN dbo.fn_ListApplicationCIs(1033) lac
ON lac.ci_id=dbo.vAppDeploymentResultsPerClient.CI_ID
INNER JOIN dbo.v_GS_WORKSTATION_STATUS AS vgws
ON vgws.ResourceID=vrs.resourceid
INNER JOIN v_FullCollectionMembership coll
ON coll.ResourceID = vrs.ResourceID
INNER JOIN dbo.v_GS_OPERATING_SYSTEM AS vgos
ON vgos.ResourceID = vrs.ResourceID
WHERE v_CIAssignment.Assignment_UniqueID like '{C6073DF3-DBFD-4F62-BC47-5FE360A03347}'
Query Results:




User & Device based Application Deployment Status with Deplyment ID 
  
select a.UserName,a.MachineName,a.CollectionID,a.CollectionName,lac.DisplayName as'Application Nmae',a.Assignment_UniqueID as 'Deployment ID',a.Technology,
IIf([EnforcementState]=1001,'Installation Success',
IIf([EnforcementState]>=1000 And [EnforcementState]<2000 And [EnforcementState]<>1001,'Installation Success',
IIf([EnforcementState]>=2000 And [EnforcementState]<3000,'In Progress', IIf([EnforcementState]>=3000 And [EnforcementState]<4000,
'Requirements Not Met ', 
IIf([EnforcementState]>=4000 And [EnforcementState]<5000,'Unknown', IIf([EnforcementState]>=5000 
And [EnforcementState]<6000,'Error','Unknown')))))) AS Status
from vAppDeploymentAssetData a
INNER JOIN dbo.fn_ListApplicationCIs(1033) lac ON lac.ci_id=a.AppCI

where a.Assignment_UniqueID like '%{83B0F9D5-3436-49DB-8025-0E6775FF41B0}%'

order by a.UserName



Query Results:

Software Update deployment Status and patch scan staus (Updates Required,Not required,Installed & Unknown):

Sofware Update Deployment Status with Deplyment ID  
select vrs.Name0,vrs.Active0,
--vrs.AD_Site_Name0,vrs.User_Name0,vrs.Operating_System_Name_and0,

a.Assignment_UniqueID as DeploymentID,C.CollectionID,c.Name 'Collection Name',
a.AssignmentName as DeploymentName,a.StartTime as Available,a.EnforcementDeadline as Deadline,sn.StateName as LastEnforcementState,
wsus.LastErrorCode as 'LasErrorCode',wsus.LastScanTime as 'LastWSUSScan',DateDiff(D, wsus.LastScanTime, GetDate()) as 'LastWSUSScan Age',
wks.LastHWScan,
DateDiff(D, wks.LastHwScan, GetDate()) as 'LastHWScan Age'
from v_CIAssignment a
join v_AssignmentState_Combined assc on a.AssignmentID=assc.AssignmentID
join v_StateNames sn on assc.StateType = sn.TopicType and sn.StateID=isnull(assc.StateID,0)
join v_R_System vrs on vrs.ResourceID = assc.ResourceID
join v_GS_WORKSTATION_STATUS wks on wks.ResourceID = assc.ResourceID
join v_UpdateScanStatus wsus on wsus.ResourceID = assc.ResourceID
LEFT JOIN v_Collection C ON C.CollectionID = a.CollectionID
where a.Assignment_UniqueID like '{9846A1A8-3289-447C-9CCF-EA41C48EB916}'
and assc.StateType in (300,301)
order by 11 desc
Query Results:






Enforcement states for a software updates deployment
select
 vrs.name0 as ComputerName,
 a.AssignmentName as DeploymentName,
 assc.StateTime ,
 a.CollectionName, sn.StateName as LastEnforcementState
 from v_CIAssignment a
 join v_AssignmentState_Combined assc on a.AssignmentID=assc.AssignmentID
 join v_StateNames sn on assc.StateType = sn.TopicType and sn.StateID=isnull(assc.StateID,0)
 join v_R_System vrs on vrs.ResourceID=assc.ResourceID
 where 
--a.AssignmentID='xxxxxxxx' or 
a.Assignment_UniqueID like '{9846A1A8-3289-447C-9CCF-EA41C48EB916}'
 order by LastEnforcementState
 
 Query Results:
 
 

 
 

Software updates Instllation Status

select rsys.name0 AS 'Computername',
os.Caption0 AS 'Operating System',
--os.BuildNumber0 AS 'Build Number',
ui.ArticleID AS 'Update ID',
ui.Title,
--ui.Description,
--Set Install Status
Case
when ucs.Status='0' then 'Detection state unknown'
When ucs.Status='1' then 'Update is not required'
when ucs.Status='2' then 'Update is required'
When ucs.Status='3' then 'Update is installed'
End As 'Install Status',
--Set client Activity
Case
When ch.ClientActiveStatus='1' then 'Active'
When ch.ClientActiveStatus='0' then 'Inactive'
End As 'Client Active Status',
ui.InfoURL,
ui.DatePosted
from v_updateinfo ui
join v_Update_ComplianceStatusAll ucs on ucs.ci_id=ui.ci_id
join v_CICategories_All catall on catall.CI_ID=UCS.CI_ID
join v_CategoryInfo catinfo on catall.CategoryInstance_UniqueID = catinfo.CategoryInstance_UniqueID and catinfo.CategoryTypeName='UpdateClassification'
join v_R_System rsys on rsys.resourceid=ucs.resourceid
join v_GS_OPERATING_SYSTEM os on os.ResourceID = ucs.ResourceID
join v_CH_ClientSummary ch on ch.resourceID = ucs.ResourceID


where rsys.name0 in ('ORG5405DBA9F104')  
 --and ucs.Status in ('0','1','2','3')
order by ui.Title

 Query Results:
Share: