Let’s check who initiated CMPivot query. CMPivot is a real-time reporting tool available for SCCM admins. Microsoft introduced CMPivot with ConfigMgr version 1806.
The CMPivot is a new in-console (stand-alone tool also available) utility that now provides access to the real-time state of Windows 10 devices using the fast channel mechanism.
The CMPivot helps to run a query (Kusto Query) on all currently connected devices in the target collection and returns the results.
More details about six status message queries are listed under the Administrative Security category. I have uploaded a YouTube video here to explain the process of audit reporting.
Who Initiated CMPivot Query?
It’s important to track who initiated CMPivot Query.
- Open the SQL Management Studio.
- Click on the New Query button.
- Select the CM_MEM database from the drop-down menu.
- MEM is the ConfigMgr site code.
- Copy the following SQL query to find the Legacy version of Edge.
- Click on the Execute button.
select * from vStatusMessagesWithStrings where MessageID = '40805'
Let’s find the results of the query.
Status Message Query
Let’s check the status message query!
- Launch ConfigMgr Console
- Navigate to Monitoring > System Status > Status Message Queries.
- You can run All Audit status Messages for a Specific User, All Audit status Messages for a Specific Site, or create your own status message query.
MessageId 40805: User <UserName> ran script Script-Guid with hash Script-Hash on collection Collection-ID
Results
MachineID | MachineName | ModuleName | Win32Error | Time | SiteCode | TopLevelSiteCode | Component | ProcessID | ThreadID | Severity | MessageID | ReportFunction | SuccessfulTransaction | PartOfTransaction | PerClient | MessageType | InsStrValue1 | InsStrValue2 | InsStrValue3 | InsStrValue4 | InsStrValue5 | InsStrValue6 | InsStrValue7 | InsStrValue8 | InsStrValue9 | InsStrValue10 |
NULL | CMMEMCM.memcm.com | SMS Provider | 0 | 43:40.3 | MEM | Microsoft.ConfigurationManagement.exe | 4900 | 13036 | 1.07E+09 | 40805 | 0 | 0 | 0 | 0 | 768 | MEMCM\anoop | MEMCM\anoop | A66E52B0-4289-49CD-BBF8-DC20AF6BC120 | B140D2798BB2EF5CC70F7FBC389FA4D51490645F43DAABEBB6C19EEC9BF4A474 | MEM00014 | 0 | NULL | NULL | NULL | NULL |
Resources
- CMPivot for real-time data in Configuration Manager
- Creating custom report models for Configuration Manager in SQL Server Reporting Services.