Posted by Kevin Kaminski at (


SupTool consists of two scanners and both the Endpoint scanner and the System Scanner backend components reside almost entirely within Azure. As a result, the Endpoint Scanner usually resides on a common network share and runs through a scheduled task set up through either Group Policy or a login script. The System Scanner can reside on a desktop or a dedicated server.

In keeping with UonCloud’s philosophy of simplifying, SupTool has a very simple setup process. There are only three implementation steps to get the system up and running.

• Scan environment with system scanner – scan Active Directory and SCCM

• Scan environment with endpoint scanner – scan Endpoints directly

• Analyze results in report and tune your settings – enable Automation

Once SupTool is operational, each health check can potentially trigger up to three levels of actions if a particular remediation fails at one level. Each level escalates the degree of remediation applied to an agent. If the first level fails, SupTool escalates to the next level, and so on.

The three levels of actions that SupTool executes are controlled and configured through Policy Settings on a per organization basis.

• Basic Checks (Endpoint Scanner only) – most common known problems are remediated

• Client Reinstall (Endpoint Scanner only) – if critical misconfiguration was detected then client reinstall is executed

• WMI repair + Client Reinstall (Endpoint Scanner only) – if WMI misconfiguration or corruption was detected then WMI repair and client reinstall is executed

The tool has a four-step process to assess and remediate the environment. As I already mentioned above, the first step just collects information about your Endpoints, Configuration Manager, and Active Directory.

Collecting information about your endpoints from multiple sources is not a new approach because each source of information has their view own of the environment that needs to be combined to put together the big picture regarding what exists in the environment and their health.

The advantage of their approach is combining the different sources of information, especially with the Endpoint Scanner, is the information being recently gathered and collected outside of Configuration Manager. The issue SupTool solves by taking this approach is that it avoids distortions in the data caused by misconfigurations of the Configuration Manager infrastructure and client issues, which can distort the completeness of the data when assessing the health of the client environment.

While it is important to know whether a device has the Configuration Manager client installed, that isn’t the end of the story because the update source (i.e., WSUS or Microsoft Update) can dramatically affect whether further complications occur. With SupTool, you can verify the path compliance of those devices with old Windows Update and proceed accordingly.

The next step is a round of basic checks on the Endpoint to apply simple fixes, for example, start SMSAgent service, forced to check policies. There is another valuable feature that happens with the automated basic checks that verify whether a device is a Lost Computer and immediately sends an Email to the Administrator with pertinent information to begin locating the machine.

Next step with the endpoint remediation process is to run some SCCM client and the operating system common health checks occur to make sure that the client is operating and that the Group Policy configuration of the client is up to date.

The third step consists of more sophisticated health checks and an escalation of fixes to ensure that the Configuration Manager client is operational. At this stage, SupTool verifies the health of the client by comparing the current client version to a pre-configured base version.

There are four scenarios where SupTool will force an install/reinstall of the Configuration Manager client:

1. When the client version is lower than the base version or hasn’t been installed

2. When one or more of the basic checks fail consecutively, an escalation occurs to perform more complicated fixes

3. If the Windows Management Interface repository is corrupt, missing, or not found SupTool automatically resets the WMI state of the machine.

4. If Configuration Manager client polices are missing or outdated the client is reinstalled

In the final step of the process, SupTool focuses exclusively on WMI and the Configuration Manager client. The final step of the process is designed to remedy deeper issues with the client and the operating system.

In those occasional circumstances where the Configuration Manager client health continues to fail the system will remove the Configuration Manager client, repair the WMI, and attempt to install a functioning version of the Configuration Manager client.