1

I can use Get-AppvClientPackage -all [| select name] or Get-WmiObject -Namespace root\appv -Class AppvClientPackage [|select name] to list all installed AppV packages installed on my own machine. It doesn't appear to be possible to use this cmdlet to get the AppV packages installed on another machine, without remote execution.

I am asking this question in hopes of finding something that works (see purpose) or get a definitive answer that it's not possible. There may be better options available (other than PS), but my question is simply if it is possible or not, so that if the latter is the case, we can push to develop a script (which could be run by someone with elevated privileges) to gather information needed.

Purpose: Our team doesn't have visibility into SCCM (that's another option is to have that team report on what is installed where, though sometimes we need answers quickly) and remote PS execution is restricted to one security team (which is understandable), but at times (for support or decommission purposes) we need to check to see if a specific client machine has a package installed, check what AppV packages a specific client has installed, as well as check to see which machines have a particular package installed.

If there is another module or cmdlet (or even something other than powershell or WMI) that might be able to yield the same information, suggestions are welcome.

Dallas
  • 542
  • 1
  • 8
  • 19
  • Your `Get-WmiObject` method will work if you pass it a `-ComputerName` and have proper privileges on the target. – Maximilian Burszley Nov 01 '17 at 14:58
  • Our team members are not using an account that would be found within the local administrators group on the majority of client machines. The security team could do that, so a script they can run is another option. – Dallas Nov 01 '17 at 15:08
  • 1
    Why is PSRemoting limited to one group? There are *a lot* of different options with PSRemoting (for example, limiting execution based on cmdlet, etc.). For what you're asking, I don't think you have the privileges to do what you need. – Maximilian Burszley Nov 01 '17 at 15:11
  • I am not certain it is, but our entire branch can't connect to another remote machines/servers with PS unless the logged in AD account is local admin on the machine. Admittedly, I haven't used WMI much, other than poking around my own machine. Good point though, I wasn't aware they could limit execution to just the cmdlets needed. – Dallas Nov 01 '17 at 15:18
  • 1
    Here's a [great collection of articles](https://blogs.technet.microsoft.com/ashleymcglone/2016/06/29/whos-afraid-of-powershell-security/) on the topic. – Maximilian Burszley Nov 01 '17 at 15:31
  • Good article, and that is quite the collection... thanks for passing it on. – Dallas Nov 01 '17 at 15:41
  • @TheIncorrigible1 If you want to post this as an answer, I will accept it as the answer to my question. With the proper permissions to remote, WMI or registry queries will pull out the answers needed. Our team simply needs to obtain the permissions needed, to make it possible, or pursue another non-PS option (ex- SCCM report). – Dallas Nov 20 '17 at 21:46
  • Done with a full explanation! – Maximilian Burszley Nov 21 '17 at 14:24

1 Answers1

1

Get-WmiObject utilizes RPC to connect to remote PCs and does not require PSRemoting. In this effort, all you need to do is add the -ComputerName parameter.

#Requires -Version 3
$Target = 'localhost'
$Params=@{
    Namespace = 'root\appv'
    Class = 'AppvClientPackage'
    Property = 'Name'
    ComputerName = $Target
}
Get-WmiObject @Params

PS C:\> Get-Help -Name 'Get-WmiObject' -Parameter 'ComputerName'

-ComputerName <String[]>
    Specifies the target computer for the management operation. Enter a fully
    qualified domain name (FQDN), a NetBIOS name, or an IP address. When the remote
    computer is in a different domain than the local computer, the fully qualified
    domain name is required.

    The default is the local computer. To specify the local computer, such as in a
    list of computer names, use "localhost", the local computer name, or a dot (.).

    This parameter does not rely on Windows PowerShell remoting, which uses
    WS-Management. You can use the ComputerName parameter of Get-WmiObject even if
    your computer is not configured to run WS-Management remote commands.

    Required?                    false
    Position?                    named
    Default value                None
    Accept pipeline input?       False
    Accept wildcard characters?  false
Maximilian Burszley
  • 18,243
  • 4
  • 34
  • 63