我有以下 WQL 查询:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_EndpointProtectionStatus on SMS_G_System_EndpointProtectionStatus.ResourceID = SMS_R_System.ResourceId where SMS_G_System_EndpointProtectionStatus.SignatureOlderThan7Days = 1
我可以通过使用
Invoke-CMWmiQuery -Query $WQL -Option Lazy
但是有没有办法可以限制它针对特定的设备集合运行,就像在 SCCM 控制台中所做的那样?
谢谢!
答案1
您可以创建一个 SCCM 查询,然后针对设备集合运行它。 https://docs.microsoft.com/en-us/sccm/core/servers/manage/create-queries
答案2
我找到了答案Reddit,感谢 u/Johnny_Script:
为了将结果限制为一个集合,您需要
join SMS_FullCollectionMembership on SMS_FullCollectionMembership.ResourceID = SMS_R_System.ResourceID在查询中添加一个,以便可以访问集合数据。然后,您需要AND SMS_FullCollectionMembership.CollectionID = 'ABC0001'在查询末尾添加一个,以限制为特定集合。使用其中一个 CollectionID 的 CollectionID 更新 ABC0001。最终的 WQL 语句应如下所示:
SELECT SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client
FROM SMS_R_System INNER JOIN SMS_G_System_EndpointProtectionStatus on SMS_G_System_EndpointProtectionStatus.ResourceID = SMS_R_System.ResourceId JOIN SMS_FullCollectionMembership on SMS_FullCollectionMembership.ResourceID = SMS_R_System.ResourceID
WHERE SMS_G_System_EndpointProtectionStatus.SignatureOlderThan7Days = 1 and SMS_FullCollectionMembership.CollectionID = 'ABC0001'