deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Added new nodes details

Browse Source
This commit is contained in:
ManikaDhiman 2019-08-22 11:11:59 +05:30
parent 4cb056b7ee
commit e98035c579
2 changed files with 91 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

91
windows/client-management/mdm/diagnosticlog-csp.md
View File

@ -14,6 +14,11 @@ ms.date: 08/05/2019
# DiagnosticLog CSP # DiagnosticLog CSP
The DiagnosticLog configuration service provider (CSP) is used in the following scenarios:
- [Controlling ETW trace sessions](#diagnosticlog-csp-for-controlling-etw-trace-sessions)
- [Triggering devices to upload existing event logs, log files, and registry values to cloud storage](#diagnosticlog-csp-for-triggering-devices-to-upload-files-to-cloud)
## DiagnosticLog CSP for controlling ETW trace sessions
The DiagnosticLog CSP is used for generating and collecting diagnostic information from the device: Event Tracing for Windows (ETW) log files and current MDM configured state of the device. The DiagnosticLog CSP is used for generating and collecting diagnostic information from the device: Event Tracing for Windows (ETW) log files and current MDM configured state of the device.
DiagnosticLog CSP supports the following type of event tracing: DiagnosticLog CSP supports the following type of event tracing:
@ -1262,13 +1267,14 @@ Replace **Enabled**
</SyncML> </SyncML>
``` ```
<!-- ## DiagnosticLog CSP for triggering devices to upload files to cloud
The DiagnosticLog CSP is used for triggering devices to upload existing event logs, log files, and registry values to cloud storage. The following section describes the nodes for the DiagnosticsArchive functionality.
<a href="" id="diagnosticarchive"></a>**DiagnosticArchive** <a href="" id="diagnosticarchive"></a>**DiagnosticArchive**
Added in Windows 10, version 1903. Root note for archive definition and collection. Added in Windows 10, version 1903. Root note for the DiagnosticsArchive functionality.
The supported operation is Get. The supported operation is Get.
<a href="" id="diagnosticarchive-archivedefinition"></a>**DiagnosticArchive/ArchiveDefinition** <a href="" id="diagnosticarchive-archivedefinition"></a>**DiagnosticArchive/ArchiveDefinition**
Added in Windows 10, version 1903. Added in Windows 10, version 1903.
@ -1277,19 +1283,27 @@ The supported operations are Add and Execute.
The data type is string. The data type is string.
Expected value: Expected value:
Set and Execute are functionality equivalent, and each accepts an XML snippet (as a string) describing what data to gather and where to upload it when done. Set and Execute are functionality equivalent, and each accepts an XML snippet (as a string) describing what data to gather and where to upload it when done. This XML defines what should be collected and compressed into a zip file to be uploaded to Azure blog storage.
The xml is in the following format: The following is an example of the XML. This example instructs that a zip file be created containing the output from a dump of the specified registry key, all the files in a folder, the output of two commands, all the files in another folder, the output of a command, all the Application events, two sets of files, and another command output. All of this will be uploaded to the blob storage URL as specified in the <SasUrl> tags and must be in the noted format with the container and the key in the URL. The administrator can retrieve this URL from Azure. The file uploaded will be in the format DiagLogs-{ComputerName}-YYYYMMDDTHHMMSSZ.zip.
``` xml ``` xml
<Collection> <Collection>
<ID>f1e20cb4-9789-4f6b-8f6a-766989764c6d</ID> <ID>f1e20cb4-9789-4f6b-8f6a-766989764c6d</ID>
<SasUrl>xxxxxx</SasUrl> <SasUrl>{web address}/{container}{key}</SasUrl>
<RegistryKey>HKLM\Software\Policies</RegistryKey> <RegistryKey>HKLM\Software\Policies</RegistryKey>
<FoldersFiles>C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\*.etl</FoldersFiles> <FoldersFiles>C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\*.etl</FoldersFiles>
<Command>c:\windows\system32\ipconfig.exe /all</Command> <Command>%windir%\system32\ipconfig.exe /all</Command>
<Events>Application</Events> <Command>%windir%\system32\mdmdiagnosticstool.exe -out c:\ProgramData\temp\</Command>
</Collection> <FoldersFiles>c:\ProgramData\temp\*.*</FoldersFiles>
<Command>%windir%\system32\ping.exe -n 50 localhost</Command>
<Events>Application</Events>
<FoldersFiles>%ProgramData%\Microsoft\DiagnosticLogCSP\Collectors\*.etl</FoldersFiles>
<FoldersFiles>%SystemRoot%\System32\LogFiles\wmi\*.etl.*
</FoldersFiles>
<Command>%windir%\system32\pnputil.exe /enum-drivers</Command>
</Collection>
``` ```
Where: Where:
@ -1303,7 +1317,58 @@ Added in Windows 10, version 1903. This policy setting displays the results of t
The supported operation is Get. The supported operation is Get.
The data type is string. The data type is string.
-->
A Get to the above URI will return the results of the gathering of data for the last diagnostics request. So for the example above it returns:
``` xml
<SyncML>
<SyncHdr/>
<SyncBody>
<Status>
<CmdID>1</CmdID>
<MsgRef>1</MsgRef>
<CmdRef>0</CmdRef>
<Cmd>SyncHdr</Cmd>
<Data>200</Data>
</Status>
<Status>
<CmdID>2</CmdID>
<MsgRef>1</MsgRef>
<CmdRef>1</CmdRef>
<Cmd>Get</Cmd>
<Data>200</Data>
</Status>
<Results>
<CmdID>3</CmdID>
<MsgRef>1</MsgRef>
<CmdRef>1</CmdRef>
<Item>
<Source>
<LocURI>./Vendor/MSFT/DiagnosticLog/DiagnosticArchive/ArchiveResults</LocURI>
</Source>
<Data>
<Collection HRESULT="0">
<ID>f1e20cb4-9789-4f6b-8f6a-766989764c6d</ID>
<RegistryKey HRESULT="0">HKLM\Software\Policies</RegistryKey>
<FoldersFiles HRESULT="0">C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\*.etl</FoldersFiles>
<Command HRESULT="0">%windir%\system32\ipconfig.exe /all</Command>
<Command HRESULT="-2147024637">%windir%\system32\mdmdiagnosticstool.exe -out c:\ProgramData\temp\</Command>
<FoldersFiles HRESULT="0">c:\ProgramData\temp\*.*</FoldersFiles>
<Command HRESULT="0">%windir%\system32\ping.exe -n 50 localhost</Command>
<Events HRESULT="0">Application</Events>
<FoldersFiles HRESULT="0">%ProgramData%\Microsoft\DiagnosticLogCSP\Collectors\*.etl</FoldersFiles>
<FoldersFiles HRESULT="0">%SystemRoot%\System32\LogFiles\wmi\*.etl.*</FoldersFiles>
<Command HRESULT="0">%windir%\system32\pnputil.exe /enum-drivers</Command>
</Collection>
</Data>
</Item>
</Results>
<Final/>
</SyncBody>
</SyncML>
```
> [!Note]
> Each data gathering node is annotated with the HRESULT of the option and the collection is also annotated with an HRESULT. In this example, note that the mdmdiagnosticstool.exe command failed.
## Reading a log file ## Reading a log file
To read a log file: To read a log file:

13
windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
View File

@ -56,6 +56,7 @@ For details about Microsoft mobile device management protocols for Windows 10 s
- [What is dmwappushsvc?](#what-is-dmwappushsvc) - [What is dmwappushsvc?](#what-is-dmwappushsvc)
- **Change history in MDM documentation** - **Change history in MDM documentation**
- [August 2019](#august-2019)
- [July 2019](#july-2019) - [July 2019](#july-2019)
- [June 2019](#june-2019) - [June 2019](#june-2019)
- [May 2019](#may-2019) - [May 2019](#may-2019)
@ -143,6 +144,12 @@ For details about Microsoft mobile device management protocols for Windows 10 s
<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p> <td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
</td></tr> </td></tr>
<tr> <tr>
<td style="vertical-align:top"><a href="diagnosticlog-csp.md" data-raw-source="[DiagnosticLog CSP](diagnosticlog-csp.md)">DiagnosticLog CSP</a></td>
<td style="vertical-align:top"><p>Added the following new nodes in Windows 10, version 1903:<br>
Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.
</p>
</td></tr>
<tr>
<td style="vertical-align:top"><a href="enrollmentstatustracking-csp.md" data-raw-source="[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)">EnrollmentStatusTracking CSP</a></td> <td style="vertical-align:top"><a href="enrollmentstatustracking-csp.md" data-raw-source="[EnrollmentStatusTracking CSP](enrollmentstatustracking-csp.md)">EnrollmentStatusTracking CSP</a></td>
<td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p> <td style="vertical-align:top"><p>Added new CSP in Windows 10, version 1903.</p>
</td></tr> </td></tr>
@ -1890,6 +1897,12 @@ What data is handled by dmwappushsvc? | It is a component handling the internal
How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. | How do I turn if off? | The service can be stopped from the "Services" console on the device (Start > Run > services.msc). However, since this is a component part of the OS and required for the proper functioning of the device, we strongly recommend not to do this. |
## Change history in MDM documentation ## Change history in MDM documentation
### August 2019
|New or updated topic | Description|
|--- | ---|
|[DiagnosticLog CSP](diagnosticlog-csp.md)|Added the following new nodes:<br>Policy, Policy/Channels, Policy/Channels/ChannelName, Policy/Channels/ChannelName/MaximumFileSize, Policy/Channels/ChannelName/SDDL, Policy/Channels/ChannelName/ActionWhenFull, Policy/Channels/ChannelName/Enabled, DiagnosticArchive, DiagnosticArchive/ArchiveDefinition, DiagnosticArchive/ArchiveResults.|
### July 2019 ### July 2019