How to easily launch CMTrace

Over the years I have gotten in the habit of dropping CMTrace.exe into the System32 directory so that it is in the path and easy to launch. I had also been adding it to WinPE since before it was called CMTrace. In Configuration Manager Current Branch 1802, the ConfigMgr Team granted one of my UserVoice items and starting in that release it is automatically added to WinPE and can be launched from the command prompt:

Manage boot images with Configuration Manager

In Configuration Manager Current Branch 1806, the ConfigMgr Team started installing CMTrace with the Configuration Manager client:

CMTrace

Unfortunately, the %WinDir%\CCM directory is not in the path, so hitting the Windows key and typing CMTrace does not launch it. Either the path needs to be fully qualified or it has to be launch from finding it in Windows Explorer. Instead of adding %WinDir%\CCM to the path, or copying CMTrace to %WinDir%\System32, I had a better idea – how about just creating a NTFS hard link to the original CMTrace.exe (in %WinDir%\CCM) into %WinDir%\System32. A NTFS hard link is just another pointer to the content that is already on the disk else where. This can be done using either the command line utility called fsutil or by the PowerShell cmdlet New-Item with the -ItemType HardLink parameter. Since it is easy to use PowerShell in a Configuration Item, this makes it really easy.

I was going to originally show this at the MMSMOA 2019 Tips and Tricks session, but I wanted to give others a chance to get up on stage and show case their tips for a change to win a top of the line Surface Book 2 (plus, they said MVPs were not eligible to win). After getting home I was going to create a quick blog, but then got to questioning the original robustness of my first solution. I figured I would give it to my colleague Gary Blok (who is a great bug finder) and he would find something wrong with it. So I improved it a bit to account for a few more scenarios that I could think of, these included if another version had already been copied to the %WinDir%\System32 directory.

Download the CI here: CMTrace – System32.cab

Create a new Operating System CI:

Create a new Setting:

Add the Discovery Script:

$source = "C:\Windows\CCM\CMTrace.exe"
$target = "C:\Windows\System32\CMTrace.exe"

If (!(Test-Path $target)) {
    Write-Output "Non-compliant"
    }
Elseif ((Get-FileHash $source).hash -ne (Get-FileHash $target).hash) {
    Write-Output "Non-compliant"
    }
Else {Write-Output "Compliant"}

Add the Remediation Script:

$source = "C:\Windows\CCM\CMTrace.exe"
$target = "C:\Windows\System32\CMTrace.exe"

If (!(Test-Path $target)) {
    New-Item -Path $target -ItemType HardLink -Value $source -Force
    }
Elseif ((Get-FileHash $source).hash -ne (Get-FileHash $target).hash) {
    Remove-Item $target -Force
    New-Item -Path $target -ItemType HardLink -Value $source -Force
    }

Add the Compliance Rule:

Create a Baseline and add the CI. Deploy it to machines or a User/User Group. Once it is run, the results should look something like this:

 

We can see that this is hard linked to the CMTrace.exe in the %WinDir%\CCM directory by running the following command:

No more hunting to run CMTrace, just WinKey + cmtrace + Enter.

Originally posted on https://miketerrill.net/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.