Getting Started with the Windows Client On-Demand Assessment

The Windows Client Assessment assesses the Client environment in the following areas: Windows Client Baselines and Windows Client Security. The Windows Client Assessment checks the client configuration and operation against Microsoft best practices. We are checking several areas like base configuration, devices, network, group policy, performance, security, reliability, and more. Clients are ITs representation on the customer/user side and good working performant clients will drive customer and business satisfaction. On the other hand, it will reduce outages and improve business outcome.

Most customers do a lot to keep the server side of the environment running in a good state but they forget that in most cases not working clients will have a huge business impact too and that's the point where you should start your discussion. Assessments are available through the Services Hub to help you optimize the availability, security, and performance of your Microsoft technology investments. These assessments use Microsoft Azure Log Analytics, which is designed to give you simplified IT and security management across your environment.

Running the Windows Client Assessment


In order to take full advantage of the On-Demand Assessments available through Services Hub, you must:

  1. Have linked an active Azure Subscription to Services Hub and added the Windows Client Assessment. For more information please see: Getting Started with On-Demand Assessments or watch the how to link video.

  2. Install the Microsoft Monitoring Agent and choose the appropriate agent setup option on a supported Windows Server machine. You can also watch the video guide on how to install the agent or how to configure the gateway.

  3. A domain account (User or Managed Service Account) with the following rights:
    a. Member of the local Administrators group on all clients in the environment
    b. Member of the local Administrators group of the tools machine
    c. Unrestricted network access from the Tools machine to all clients
    d. Powershell Remoting (Enable-PSRemoting on all machines or configure using GPO on all domain controllers)
    e. On the data collection machine, change the following setting in the group policy editor (gpedit.msc) from "not configured" to "enabled":
    Computer Configuration->Administrative Templates->System-> User Profiles
     'Do not forcefully unload the user registry at user logoff'

  4. Review the Pre-Requisites document for the Windows Client Assessment. This document explains the detailed technical documentation of the Windows Client Assessment and the server preparation needed to run the assessment. It also documents the different types of data collected by the assessment.

Note: On average, it takes two hours to initially configure your environment to run an On-Demand Assessment. After you run an assessment you can review the data in Azure Log Analytics. This will provide you with a prioritized list of recommendations, categorized across six focus areas. This allows you and your team to quickly understand risk levels, the health of your environments, act to decrease risk, and improve your overall IT health.

Setup the Windows Client Assessment on the data collection machine - Watch Video Guide

Note: You will only be able to successfully setup the assessment once you have linked your Azure Subscription to Services Hub and added the Windows Client Assessment from Health -> Assessments in Services Hub.

  1. On the data collection machine create the following folder: C:\OMS\WinCli (or any other folder as you may please).

  2. Open regular Powershell (not ISE) in Administrator mode and run the below cmdlet:

Add-WindowsClientAssessmentTask -TargetNames <YourClientNames> -TargetDomain <TargetDomain> -WorkingDirectory <Directory>

command where YourClientNames is the semi-colon separated FQDN or NetBIOS name of the Clients that need to be assessed, <TargetDomain> is the domain from which the target clients would be selected and <Directory> is the path to an existing directory used to store the files created while collecting and analyzing the data from the environment.

  1. Provide the required user account credentials that satisfy the requirements mentioned in this article earlier.

  2. Data collection is triggered by the scheduled task named WindowsClientAssessment within an hour of running the previous script and then every 7 days. The task can be modified to run on a different date/time or even forced to run immediately from the task scheduler library -> Microsoft -> Operations Management Suite -> AOI*** -> Assessments -> WindowsClientAssessment.

  3. During collection and analysis, data is temporarily stored under the Working Directory folder that was configured during setup.

  4. After a few hours, your assessment results will be available on your Log Analytics and Services Hub Dashboard. You can navigate to see the results by going into Services Hub -> Health -> Assessments and then clicking on "View all recommendations" against the active assessment.

  5. If you wish to get a Microsoft Accredited Engineer to go over the issues about your Windows Server Environment with you, you can contact your Microsoft Representative and ask them about the Remote or Onsite PFE Led Delivery.

    Contract Remote Engineer Onsite Engineer
    Premier Windows Client Remote Datasheet Windows Client Onsite Datasheet
    Premier Windows Client Security Remote Datasheet Windows Client Security Onsite Datasheet
    Unified Windows Client Remote Datasheet Windows Client Onsite Datasheet
    Unified Windows Client Security Remote Datasheet Windows Client Security Onsite Datasheet

For general feedback on the Resource Center or content, please submit your response to UserVoice. For specific requests and content updates regarding the Services Hub, contact our Support Team to submit a case.