Skip to main content

Overview

Query instances of specific WMI classes with custom filtering and property selection. This command provides direct access to WMI data through the SMS Provider, enabling detailed analysis of SCCM objects and configurations.

Syntax

SharpSCCM get class-instances <wmi-class> [options]

Parameters

wmi-class
string
required
The WMI class to query (e.g., “SMS_R_System”)
sms-provider
string
The IP address, FQDN, or NetBIOS name of the SMS Provider to connect to
site-code
string
The three-character site code (e.g., “PS1”)
properties
string
Specify properties to retrieve (can be used multiple times)
where-condition
string
Custom WQL WHERE clause for advanced filtering
count
boolean
Return count of results only
verbose
boolean
Display all class properties
dry-run
boolean
Display the WQL query without execution

Examples

# Query specific class
SharpSCCM get class-instances SMS_R_System -sms SCCM01.corp.local -sc PS1

# Count instances
SharpSCCM get class-instances SMS_Admin -c -sms SCCM01.corp.local -sc PS1

Required Permissions

SMS Admins local group membership on the SMS Provider server. Additional permissions may be required for specific classes.

Common Classes

SMS_R_System:
  • Device information and properties
  • Hardware and software inventory
  • User relationships and logon data
SMS_R_User:
  • User account information
  • Domain and authentication data
  • User group memberships
SMS_R_UserGroup:
  • User group definitions
  • Group membership information
  • Security group analysis
SMS_Admin:
  • Administrative user accounts
  • Security role assignments
  • Administrative scope and permissions
SMS_Role:
  • Security role definitions
  • Permission sets and capabilities
  • Role-based access control
SMS_SecuredObject:
  • Object security and permissions
  • Access control lists
  • Security scope assignments
SMS_Collection:
  • Collection definitions and properties
  • Collection types and settings
  • Collection relationships
SMS_FullCollectionMembership:
  • Complete collection membership
  • Member details and properties
  • Collection-device relationships

WQL Query Examples

SELECT Name, LastLogonUserName, IPAddresses FROM SMS_R_System WHERE Client = 1

Intelligence Gathering

Device Analysis:
# Active SCCM clients
SharpSCCM get class-instances SMS_R_System -w "Client = 1" -sms SCCM01.corp.local -sc PS1

# Admin workstations
SharpSCCM get class-instances SMS_R_System -w "LastLogonUserName LIKE '%admin%'" -sms SCCM01.corp.local -sc PS1
User Intelligence:
# Domain users
SharpSCCM get class-instances SMS_R_User -p UniqueUserName -p FullUserName -sms SCCM01.corp.local -sc PS1

# Administrative accounts
SharpSCCM get class-instances SMS_R_User -w "UniqueUserName LIKE '%admin%'" -sms SCCM01.corp.local -sc PS1
SCCM Administrators:
# All administrators
SharpSCCM get class-instances SMS_Admin -v -sms SCCM01.corp.local -sc PS1

# Full administrators
SharpSCCM get class-instances SMS_Admin -w "RoleNames LIKE '%Full Administrator%'" -sms SCCM01.corp.local -sc PS1
Security Roles:
# Available roles
SharpSCCM get class-instances SMS_Role -p RoleName -p RoleDescription -sms SCCM01.corp.local -sc PS1

Advanced Usage

Multiple Conditions:
Client = 1 AND LastLogonTimestamp > '2023-01-01' AND LastLogonUserName IS NOT NULL
Pattern Matching:
Name LIKE 'WS-%' OR Name LIKE 'LAPTOP-%'
Numeric Comparisons:
ResourceID > 1000 AND ResourceID < 2000
Essential Properties:
  • Focus on key identifying and security-relevant properties
  • Avoid retrieving unnecessary data for performance
  • Use meaningful property combinations
Security Properties:
  • User authentication and logon information
  • Administrative roles and permissions
  • Network and system configuration data

Use Cases

High-Value Systems:
  • Administrative workstations and servers
  • Systems with privileged user access
  • Critical infrastructure components
User Targeting:
  • Administrative and service accounts
  • High-privilege users
  • Domain administrators
Infrastructure Analysis:
  • Network topology and system distribution
  • Administrative boundaries and relationships
  • User-device relationship mapping
Security Assessment:
  • Permission and role analysis
  • Administrative access patterns
  • Security configuration review