FUNctions: Episode V, The MECM Logs Strike Back
The MECM Logs strike back… Get it? Instead of The Empire Strikes Back. Clever, right? (btw. a piece of trivia: The Empire Strikes back is my favorite Star Wars movie.)
Ok! Here we go!
TL;DR >>> GitHub
I used to be a SCCM/MECM* engineer, and this function comes from early on in my PowerShelling career. If you’ve worked with MECM, you know how important it is to look through your logs and run the paper trail when troubleshooting an error. You could burn through a whole morning (and pot of coffee) just scrolling through all of the logs MECM provides. Wouldn’t it be much easier if you could have the logs prescreened for a specific error code and delivered to you? Well, that’s what we’re about to do.
Section 1 | Search and Acquire
Code dump below!
function Copy-MECMLogs{
param($Computer , $ErrorCode)
$ParentPath ="\\$Computer\C$\Windows\CCM\Logs"
$Outfile = $Computer + "_Error_"+$ErrorCode+".txt"
$LogFiles = Get-ChildItem -path $ParentPath -filter "*.log" -recurse
$LogOutputPath = "C:\temp\MECM Error Logs\"+$Computer
foreach ($file in $LogFiles){
#write-host "Checking $file for $errorcode"
$Search = Get-Content -path "$ParentPath\$file" | ? { ($_ | Select-String $ErrorCode)}
if($Search){
write-host "<<<<<<< Found $errorcode in $file >>>>>>>" -ForegroundColor Green | Out-file -FilePath "$FilePath\$Outfile" -Append
New-Item -ItemType Directory -Force -Path $LogOutputPath
Copy-Item -path "$ParentPath\$file" -Destination $LogOutputPath -Verbose
} Else {
write-host "$errorcode not found in $file" -ForegroundColor Gray
}
}
}After we get the basics of our function out of the way (declaration, parameter setup) we’ll define some internal parameters. We are essentially statically assigning the following variables for the described reasons:
- $ParentPath – this is the static location of MECM logs
- $Outfile – this will be used for the final “log” to tell you what logs were identified to be containing the desired error code.
- $LogFiles – We are using this to recursively capture all log files within the aforementioned $ParentPath variable.
- $LogOutputPath – kind of self explainatory. This is where we will dump the captured logs.
Now for the meat and potatoes! We’ll use a simple foreach loop combined with Get-Content | Select-String to direct PowerShell to scroll through each log and look for the desired error code. IF we find that particular string within a log file, then display a message in the host screen, write to out $Outfile log, and copy that particular log over to our $LogOutputPath directory.
Section 2 | Closer
The purpose of this script is to provide you with most of the logs that you’ll need to troubleshoot an error code you’ve received in the SCCM console. You won’t have to remotely connect to a machine and worry that it’ll go offline mid investigation. You can also use it to build a collection of multiple machines experiencing the same error code. In my past, I’ve used it to track down application deployment issues and Windows Updates issues. I wish I had screenshots to provide you to show you how it works. I miss those MECM days… But alas, time moves on.
As Always:
This project is provided “as is” without any warranty of any kind, express or implied. Use it at your own risk. The authors and contributors are not responsible for any damage, data loss, or other issues that may arise from using this software. You are solely responsible for any actions taken based on this code.
*As of November 2025, its MECM (Microsoft Endpoint Configuration Manager). If you’re reading this in the future, its probably been renamed several times again.