Skip to main content

Overview

Analyze application deployment assignments to understand how applications are distributed across the environment. Deployments reveal targeting strategies, security implications, and potential attack opportunities.

Syntax

SharpSCCM get deployments [options]

Parameters

sms-provider
string
The IP address, FQDN, or NetBIOS name of the SMS Provider to connect to
site-code
string
The three-character site code (e.g., “PS1”)
name
string
Filter deployments by application name (supports partial matching)
collection
string
Filter by target collection name
properties
string
Specify properties to retrieve (can be used multiple times)
where-condition
string
Custom WQL WHERE clause for advanced filtering
count
boolean
Return count of results only
verbose
boolean
Display all deployment properties

Examples

# List all deployments
SharpSCCM get deployments -sms SCCM01.corp.local -sc PS1

# Count total deployments
SharpSCCM get deployments -c -sms SCCM01.corp.local -sc PS1

Key Properties

PropertyDescriptionValues
ApplicationNameDeployed applicationApplication name
CollectionNameTarget collectionCollection name
DeploymentIntentDeployment type1 (Required), 2 (Available)
RequireUserInteractionUser interactionTrue/False
DeploymentTimeDeployment scheduleTimestamp
EnforcementDeadlineDeadline for installationTimestamp
OverrideServiceWindowsService window overrideTrue/False
RebootOutsideOfServiceWindowsReboot permissionsTrue/False

Required Permissions

Application Administrator or Read-only Analyst role

Deployment Analysis

Required Deployments (DeploymentIntent = 1):
  • Forced installation on target systems
  • No user choice or intervention
  • Automatic execution based on schedule
Available Deployments (DeploymentIntent = 2):
  • User can choose to install
  • Visible in Software Center
  • User-initiated installation
Install vs Uninstall:
  • Install deployments add software
  • Uninstall deployments remove software
  • Supersedence deployments replace software
High-Risk Deployments:
  • Required deployments with no user interaction
  • Deployments that override service windows
  • Deployments with forced reboots
  • Deployments to administrative collections
Stealth Deployments:
  • Silent installations (RequireUserInteraction = False)
  • Outside maintenance windows
  • Immediate execution deployments

Attack Opportunities

Malicious Application Deployment:
  • Deploy malicious applications to target collections
  • Use required deployments for forced execution
  • Target administrative collections for privilege escalation
Legitimate Application Abuse:
  • Abuse existing deployments for lateral movement
  • Modify deployment settings for stealth execution
  • Use application supersedence for payload delivery
High-Value Targets:
  • Administrative workstation collections
  • Server collections
  • Critical infrastructure collections
Broad Impact:
  • All Systems collection for maximum reach
  • Domain computer collections for lateral movement
  • User collections for credential harvesting

Intelligence Gathering

Deployment Strategies:
  • Pilot groups for testing
  • Phased rollouts across collections
  • Emergency deployments for critical updates
Administrative Practices:
  • Service window usage and overrides
  • User interaction requirements
  • Reboot and maintenance policies
Risk Assessment:
  • Required deployments with broad targeting
  • Silent installations without user notification
  • Deployments to privileged collections
  • Applications with system-level execution

Common Queries

DeploymentIntent = 1

Use Cases

Deployment Mechanisms:
  • Identify deployment patterns and schedules
  • Understand collection targeting strategies
  • Analyze security configurations and overrides
Privilege Escalation:
  • Target deployments to administrative collections
  • Abuse system-context applications
  • Exploit forced deployment mechanisms
Collection Analysis:
  • Identify broad-reaching collections
  • Target specific organizational groups
  • Exploit existing deployment relationships
Timing and Stealth:
  • Use service windows for stealth
  • Plan deployments during maintenance windows
  • Avoid user interaction and notification

Output Analysis

By Intent:
  • Required: Administrative control and compliance
  • Available: User choice and self-service
By Scope:
  • Broad deployments: Organization-wide software
  • Targeted deployments: Role or group-specific software
  • Test deployments: Pilot or staging deployments
By Timing:
  • Scheduled: Planned deployment windows
  • Immediate: Emergency or critical deployments
  • Recurring: Ongoing or maintenance deployments
High-Risk Deployments:
  • Required + Silent + Administrative collections
  • System context + Broad targeting
  • Service window overrides + Forced reboots
Attack Indicators:
  • Unusual deployment patterns
  • New deployments to administrative collections
  • Silent deployments of unknown applications