ConfigMgr Client Health is a PowerShell script that increased our patch compliance from 85% to 99%. It detects and fixes known errors in Windows and the Configuration Manager Client, and enforces required services to run and start as Automatic. The script should run in the system context on the computers you want to validate and fix. The script works with PowerShell version 5.1 and higher, and is tested on Windows 7 SP1, Windows 8.1 and Windows 10.

Current version: 0.8.1

Full documentation is available at my blog:

ConfigMgr Client Health detects and fixes the following errors:




0.8.1 - Script will now update database correctly when connecting directly to SQL server. Fixed an issue with BITS test. Fixing ClientCache no longer restarts SCCM agent. Fixed a bug where service uptime test didn't work properly.
0.8.0 - New feature: Webservice for improved communication with database. Fixed bug that could cause Test-Registrypol function to loop. Removed last bit of hardcoded paths in the script. Fixed and enhanced service tests. Script will now validate if Config.xml is valid before executing script.
0.7.6 - Changed test to verify SMSTSMgr is not dependent on CCMExec service, and only WMI service. Script will now abort and not run any health checks if an active task sequence is running on the
0.7.5 - Script will now test if service SMSTSMgr is dependent on CCMExec service. Added option to refresh compliance state every XX days. Uptime on services is now configurable in config.xml. Changed DNS test to only lookup DNS servers from active network adapters. Fixed a bug in Remove-CCMOrphanedCache function that potentially could be harmful. Other minor bug fixes. Removed support for PowerShell version 2 and 3.
0.7.4 - Support for PowerShell Core (PowerShell version 6). Improved detection and remediation of corrupt ConfigMgr Client database files. Corrupt WMI check now works on Finnish OS language. Localfiles defaults to C:\ClientHealth if not specified in config.xml. DNS errors, driver errors and failed connections to SQL server will no longer write to logfile if LogLevel is set to ClientInstall. Script will use COM object to assign correct sitecode, and no longer reinstall ConfigMgr client if sitecode is wrong. - Fixed a bug in the function cleaning up localfiles on the computer.
0.7.3 - Test on CcmSQLCE.log is now optional and configurable in config.xml. Fixed a bug where script could hang on Windows 7 computers running Powershell version 2. Client Health will now log the reason why it reinstalled the ConfigMgr client. Added option to store time as UTC or client local time. LocalFiles is now configurable in config.xml (default C:\ClientHealth). Script will now remove localfiles directory if locallogging is disabled.
0.7.2 - Bugfixes: Local log file will now honor MaxLogHistory, services automatic (delayed start) should now detect and configure correctly. Improved DNS check for Windows 8.1 / Server 2012 R2 and higher. Implemented another check on the CM client health. Improved testing on WUAHandler.log. BITS check, DNS, hardware inventory, software metering and updates check can now run in monitor only mode (fix="false" in config.xml) Script will now triger the built in CM client health check (ccmeval) at the end of the script.
0.7.1 - Fixed a bug where the script would fail to configure services to automatic delayed start
0.7.0 - Added a test and fix for Software Metering. Fixed bug where script would fail to update SQL database. Script will now remove errors from the logfiles where the error is fixed to false positives next time script runs. Added PatchLevel to easily discover which clients are not fully patched. Improved the installation of SCCM agent. Added fix for BITS error that would cause downloads to be stuck at 0%. ClientHealth now use c:\clienthealth as directory for temporary files. Local logging logs to c:\clienthealth\clienthealth.log if enabled.
0.6.8 - Added a test and fix for registry issue that could prevent ccmsetup from installing the sccm client. OSBuild now displays the full build number. Several bug fixes: MaxLogSize now rounds decimals, OSUpdates should no longer mix up day and month, fixed a bug with right click tool showing a parsing error.
0.6.7 - Added a right click tool to the configuration manager console to remotly start client health on devices. Detection and remediation on configmgr client no longer use hardcoded paths, added windows time services in config.xml as service to enforce as automatic. Lenovo models finally reporting correct models name. Fixed a bug where reboot application would not always start on Windows 7 with PowerShell 2.
0.6.6 - ConfigMgr Client cache check is now optional and can be enabled or disabled in config.xml Log files are no longer stored in OS specific directories. Use multiple config.xml files if you need to seperate file logs on OS. Added option to run WMI check without fixing anything. Reboot app now works fine on Windows 7, fixed a bug where DNS check did not work fully in environments where FQDN did not match AD DNS domain. Fixed a bug where ConfigMgr client cache size, max logsize and max log history would report old values instead of the remediated values to database and log files.
0.6.5 - Improved check on registry.pol file. Standard PS/2 drivers no longer reports as error. More effective logging code. Fixed bug where hardware inventory would not always trigger when supposed to.  Added support to separate updates between Windows 10 builds. Lenovo computers now report more friendly modelname.
0.6.4 - Disabled drivers no longer reports as error. Fixed a bug where reboot application was invisible for user when executing script as system. Moved WMI check to start before ConfigMgr agent check. Added check for hardware inventory.   ClientInstalled record in file log now contains a timestamp when sccm agent is installed. 
0.6.3 - Bug fixes: sccm client autoupgrade did not work correctly, SQL ClientInstalled filend would not update with correct timestamp when the script decided to install or uppgrade the sccm agent, and a bug  decided to install or uppgrade the sccm agent.
0.6.2 - Logging to file share is back with a better log engine. File logs now contains the same information as SQL. Improved detection of corrupt WMI. Client Health will no longer try to install ConfigMgr agent if ccmsetup.exe is already running on the system.
0.6.1 - Fixed a bug where ConfigMgr agent would not install or auto-upgrade.
0.6.0 - Changed logging SQL database instead of fileshare. Fixed a bug with DNS check and IPv6, and a bug with reboot application and paramters. Other minor bugfixes.


Config.xml defines neccesary configuration for script to run. Use it to specify sitecode, management point, client source share, and specific errors to detect and fix. Store config.xml on a network share to easy update settings. Run with at least administrator priveleges. Corrupt WMI fix requires SYSTEM priveleges.

ConfigMgr Client Health stores the result of the health check in an SQL database and/or log files to a file share.

Example: ConfigMgrClientHealth.ps1 -Config \\server\share\config.xml -Webservice http://server/ConfigMgrClientHealth