What's new
Forums on Intune, SCCM, and Windows 11

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

PENDING Report applications installed manually by local admins

  • Thread starter Thread starter antuanbl
  • Start date Start date
  • Replies Replies 3
  • Views Views 5K
A

antuanbl

New Member
Messages
4
Reaction score
1
Points
3
Hello ,

I need to create a report with the applications installed manually by users who are local admins. So, the question is that I need to know the applications installed via SCCM/Software center and the applications installed manually by a user.

I tried by installation source but this method is not valid because some applications unzip data to other folder and makes the installation from it, and the applications installed from a net share the install source is empty.

I tried with wmi query in local computer
The second wmi query list all applications and the fist one list applications installed from sccm, but the problem is that I could not obtain the diference between 2 queries because there is not a value to compare. For example the value name is not exactly the same for the applications.

Get-WmiObject -ComputerName localhost -ClassName CCM_Application -Namespace "root\ccm\clientSDK"

Get-WmiObject -ComputerName localhost -Namespace "root\cimv2\sms" -Class SMS_InstalledSoftware


In SCCM DB i have the same problem
select * From fn_ListApplicationCIs(1033) --> Applications of sccm
select * from v_GS_INSTALLED_SOFTWARE --> All installed applications

i don´t find the way to obtain the difference (-)


Any ideas?

Thanks for all
 
Last edited:
Sort by date Sort by votes
I had a similar issue to conquer, junior level admins who were running installs directly rather than utilizing the application deployments. You pinpointed the problem though, you're at the mercy of the various installers which all don't conform to a single audit method.

My eventual solution was to lock-down all installation sources of managed software so that it could only come from SCCM and train the admins to utilize the enterprise properly.

If you're really set on trying to control deployment after-the-fact you could deploy the applications to a test system through the SC, make note of registry or ini values that indicate it came from ..\ccmcache and which account started the process. Roll it up into a PowerShell script ran as a Compliance Check. Not knowing how big/complex your baseline is though this could get pretty involved.
 
Upvote 0 Downvote
Without 3rd party tools, there is no reliable way to do this. With the 3rd party tools, all they can tell you is what was installed via SCCM. For example this is what is installed on my computer via SCCM.

Also keep in mind that I work for one of these 3rd party companies too.

Configuration Manager Application Details.jpg
 
Upvote 0 Downvote
Hello, Thank you very much for your answers, I have done it by executing the query and removing one by one the applications with sccm origin.
 
Upvote 0 Downvote
You must log in or register to reply here.

Similar threads

  • PENDING How to handle duplicate "x86/x64 unknown computer" listings within same site code
  • PENDING Intune Policy for additions to the Local administrator group
  • OPEN Installation Office 365 instead of all older versions (Office 2021, 2019...)
  • SOLVED Application hanging during SCCM task sequences with OS deployments 24H2 or 25H2
  • SOLVED New software metering got blank results

    • Forum statistics

    Threads
    7,165
    Messages
    27,971
    Members
    18,273
    Latest member
    tadeusodre

    Latest posts

    Trending content
    Back
    Top