ConfigMgr Run Script: Collect Logs

Microsoft introduced the Run Script feature way back in ConfigMgr 1706. This feature allows a ConfigMgr administrator to execute a PowerShell script on a system. For a complete review of this feature, see our blog post here: ConfigMgr 1706: Run Script – (

I recently wrote a script that will copy or export a host of interesting logs to a file share. This can be helpful in troubleshooting device issues, or just gathering logs for any purpose that you may find. I’ll go through setting up the file share, and provide details as to what the script captures. The script is available for download at the bottom.

Creating the File Share

First, we must set up a file share to copy the logs too. I suggest creating a share (it can be on any Windows server) and giving your Domain Computers group write access only. Because the script executes as the system account, it will perform the copy as the computer’s computer object. By granting write access only, you prevent other computer objects or users from accessing these files. You will of course have to grant yourself, or a group of users read access to be able to retrieve the files.

I would suggest making this a hidden share.


The script itself is pretty simple, and you can add to it if you want. It will copy the files into a folder that is formatted like <computer name>-<date>. Just change the first part of line 2 to reflect the file share.

The script currently performs these actions:

  • Copies the entire SCCM client log directory (normally C:\Windows\CCM\Logs)
  • Copies the Windows Update log.
    • Pre-Windows 10, it grabs C:\Windows\WindowsUpdate.log
    • For Windows 10, it runs the Get-WindowsUpdateLog PowerShell cmdlet and outputs the result to the file share
  • Exports the System, Application, BitLocker, KMS, MBAM, and Windows Defender event logs
  • It runs section 3 of this script:, which gathers various details about the client

Happy Scripting!

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.



Contact Us

On Key

More Posts

WME Security Briefing 27 May 2024

Kinsing Hacker Group Exploits Docker Vulnerabilities Overview Recent investigations have shown that the hacker group Kinsing is actively exploiting Docker vulnerabilities to gain unauthorized access to systems. The modified hacker group targets misconfigured Docker API ports deployed with cryptocurrency mining malware.

Read More »
WME Cybersecurity Briefings No. 010
Cyber Security

WME Security Briefing 20 May 2024

Advanced Persistent Threats: North Korean Hackers Launch Golang Malware Overview A new malware strain, called Titan Stealer, is currently actively circulating in the threat landscape, targeting a variety of personal data and linked to North Korean state-sponsored cyber espionage

Read More »
WME Cybersecurity Briefings No. 009
Cyber Security

WME Security Briefing 08 May 2024

Exploitable vulnerability in Microsoft Internet Explorer, used to deploy VBA Malware Overview Cybersecurity researchers discovered a severe exploitation targeting a bug that had already been patched in the Microsoft Internet Explorer browser. Their report added that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.