If I run the following query against WMI:
\\.\root\ccm\ClientSDK
Select * from CCM_Application where InstallState = "Installed"
when run as a local account (elevated) I get back, say 26 results, when run as the local SYSTEM account (from a Windows Service), I get back less. On some PCs it's just one different, on others it's say 10 results different, but no error or failure, just a different number of results. And it's always SYSTEM which has less, never the user query which has less.
How can I resolve this so that running as SYSTEM gives me back all the data?
P.S. this is the SCCM WMI provider incase you haven't heard of that namespace.
This was caused by some applications being targeted to the user instead of the machine.
The only way I found to resolve this issue was to impersonate the currently logged in user in order to make this WMI call. I did this with a the following native windows APIs:
WTSGetActiveConsoleSessionId
WTSQueryUserToken
in order to get a token to the currently logged in user (the user with the open console session on the machine). Then assuming these return okay then a call to :
ImpersonateLoggedOnUser
to impersonate that user token, then we call the WMI query under that impersonation. Once the WMI call comes back, we then call:
RevertToSelf
So the service could continue and do other actions. Seems to work fine and give the same results as running as elevated user.