3

We're reviewing our code and are trying to replace the WMI CmdLets with the CIM ones. The following code works fine:

$Query = "SELECT InstalledLocation,ProductVersion,ProductName FROM SMS_R_System
JOIN
    SMS_G_SYSTEM_Installed_Software on SMS_R_System.ResourceID =
    SMS_G_SYSTEM_Installed_Software.ResourceID
WHERE SMS_R_SYSTEM.Name=""$C"" "

Get-WmiObject -ComputerName $SCCMServer -Namespace $SCCMNameSpace -Query $Query

Because WMI uses DCOM by default we thought it was as easy as using the following instead:

$CimSessionOption = New-CimSessionOption –Protocol DCOM
$CimSession = New-CimSession -ComputerName $SCCMServer -SessionOption $CimSessionOption
Get-CimInstance -CimSession $CimSession -Namespace $SCCMNameSpace -Query $Query

But we receive the error New-CimSession : Access denied although we're using the same connection protocol.

Is there something obvious we're missing here?

DarkLite1
  • 13,637
  • 40
  • 117
  • 214
  • I do value your thought but I wish to know why you are looking for this conversion. Also, WMI permissions are controlled through DCOM. If you don't want to mess with the DCOM permissions, you can set up a constrained delegated session, and grant the non-admin user permission to use that session. You can set constraints on the session so that they can only run the Get-CimInstance cmdlets, or any other cmdlets, functions, or scripts that you specify, and then have the commands run under a set of delegated admin credentials. – Ranadip Dutta Feb 07 '19 at 08:28
  • Adding to the previous comment. Use [Delegated Administration](https://blogs.technet.microsoft.com/heyscriptingguy/2014/04/03/use-delegated-administration-and-proxy-functions/) – Ranadip Dutta Feb 07 '19 at 08:29
  • 1
    The problem is I don't have permissions on the machine `$SCCMServer` to change anything over there. My thinking was that if `Get-WmiObject` can do it, the newer `Get-CimInstance` should be able to do it too... – DarkLite1 Feb 07 '19 at 08:31
  • 1
    Thanks for the prompt response. Technically no. It is not the same. It encapsulates another layer and there is a big enhancement on `cim` over `wmi`. – Ranadip Dutta Feb 07 '19 at 08:33
  • 1
    I hear you @RanadipDutta, so it seems my request is not possible then. In that case we have to stick with `WMI`. Thank you for your insight, much appreciated. – DarkLite1 Feb 07 '19 at 08:36
  • @DarkLite1 See if https://stackoverflow.com/questions/19279099/what-are-the-permissions-required-for-cimsessions helps. The same code with Get-CimInstance worked for me. However, I have Local Admin access, and Full Admin access on SCCM. – Mudit Bahedia Feb 07 '19 at 08:36
  • 1
    @DarkLite1: Just to add on top of it. The CIM cmdlets use different .NET classes to WMI cmdlets. `Get-WmiObject Win32_DiskDrive` and `Get-WmiObject CIM_DiskDrive` returns the same object but CIM is a super class of win32 – Ranadip Dutta Feb 07 '19 at 08:44

0 Answers0