In this guide I will try to explain how to setup fully automated application groups that will install an application when you add a computer to the Active Directory Group and then remove the application when you remove the computer from the AD group.
This solution will also automaticlly resend/reinstall the program if a computer that is suppose to have a specific program (computer member of the AD group) manually removes it. Which will mean we don´t have to rerun any advertisements any more
Note: This works fine in a LAB Environment, you will need to adjust it accordingly to suit your requirements.
Before we begin check this:
*Hardware inventory enabled - this should be set to quite often, minimum once per hour (atleast thats what i think)
*Active Directory System Group Discovery needs to be enabled and poll on a regular basis, minimum once per hour (atleast thats what i think)
*Make sure your clients pick up a new policy quite often (i set mine to once every 10mins - in a lab)
*Make sure you have a package to test this with one install and one uninstall program (just make sure you know these program actually work)
Okay now to the first easy part
1. Create an active directory group and add a computer on the members tab
2. Create a collection structure that looks something like this:
3. Make sure booth your INST and UNINST collections update quite often, in my lab i set mine to once every 5 mins
Second part and this is the tricky part...
1. Begin with creating a membershiprule on the Installation collection (i named mine "INST.Adobe_Reader_9.1")
2. Press "Edit Query Statement"
3. Press "Show Query Language"
Now the hardest part!
4. Input the following code:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "MASTERDOMAIN\\INST.Adobe_Reader_9.1" and SMS_R_System.ResourceId not in (select SMS_R_System.ResourceID from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.ProdID = "{AC76BA86-7AD7-1053-7B44-A91000000001}")
{AC76BA86-7AD7-1053-7B44-A91000000001}
MASTERDOMAIN\\INST.Adobe_Reader_9.1
5. Now edit the product code (marked in red)to match your application
6. Now edit the AD group (marked in green) to match your Active Directory Group (note there is suppose to be two "\\")
7. Press OK on all windows!
Okay that was easy!
Now to the Uninstall Collection (since we have done this once im not uploading a picture for each step)..
1. Create a membership rule
2. Press "Edit Query Statement"
3. Press "Show Query Language"
4. Input the following code (note that this is not the same code as above!):
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.ResourceId not in (select SMS_R_System.ResourceID from SMS_R_System where SMS_R_System.SystemGroupName = "MASTERDOMAIN\\INST.Adobe_Reader_9.1") and SMS_G_System_ADD_REMOVE_PROGRAMS.ProdID = "{AC76BA86-7AD7-1053-7B44-A91000000001}"
{AC76BA86-7AD7-1053-7B44-A91000000001}
MASTERDOMAIN\\INST.Adobe_Reader_9.1
5. Now edit the product code (marked in red)to match your application
6. Now edit the AD group (marked in green) to match your Active Directory Group (note there is suppose to be two "\\")
7. Press OK on all windows!
Okay! So far so good!
Now we need to create an install advertisement and a uninstall advertisement.
Now what is important is that we edit this setting:
This will make the advertisement rerun even if it has been succesfully run earlier.
If you are running SMS 2003 this setting is not available so then you have to create a mandatory reoccuring schedule:
could look something like this:
Okay!
Now you need to try it out, begin with looking if your computer has recived the application. When it has recived it, try removing the computer from the AD group and see what happens
Note time is a crucial factor so make sure you have configured all update times correctly (install collection, uninstall collection, hardware inventory, policy update)
We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.
In this guide I will try to explain how to setup fully automated application groups that will install an application when you add a computer to the Active Directory Group and then remove the application when you remove the computer from the AD group.
This solution will also automaticlly resend/reinstall the program if a computer that is suppose to have a specific program (computer member of the AD group) manually removes it. Which will mean we don´t have to rerun any advertisements any more
Note: This works fine in a LAB Environment, you will need to adjust it accordingly to suit your requirements.
Before we begin check this:
*Hardware inventory enabled - this should be set to quite often, minimum once per hour (atleast thats what i think)
*Active Directory System Group Discovery needs to be enabled and poll on a regular basis, minimum once per hour (atleast thats what i think)
*Make sure your clients pick up a new policy quite often (i set mine to once every 10mins - in a lab)
*Make sure you have a package to test this with one install and one uninstall program (just make sure you know these program actually work)
Okay now to the first easy part
1. Create an active directory group and add a computer on the members tab
2. Create a collection structure that looks something like this:
3. Make sure booth your INST and UNINST collections update quite often, in my lab i set mine to once every 5 mins
Second part and this is the tricky part...
1. Begin with creating a membershiprule on the Installation collection (i named mine "INST.Adobe_Reader_9.1")
2. Press "Edit Query Statement"
3. Press "Show Query Language"
Now the hardest part!
4. Input the following code:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "MASTERDOMAIN\\INST.Adobe_Reader_9.1" and SMS_R_System.ResourceId not in (select SMS_R_System.ResourceID from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.ProdID = "{AC76BA86-7AD7-1053-7B44-A91000000001}"){AC76BA86-7AD7-1053-7B44-A91000000001}
MASTERDOMAIN\\INST.Adobe_Reader_9.1
5. Now edit the product code (marked in red)to match your application
6. Now edit the AD group (marked in green) to match your Active Directory Group (note there is suppose to be two "\\")
7. Press OK on all windows!
Okay that was easy!
Now to the Uninstall Collection (since we have done this once im not uploading a picture for each step)..
1. Create a membership rule
2. Press "Edit Query Statement"
3. Press "Show Query Language"
4. Input the following code (note that this is not the same code as above!):
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.ResourceId not in (select SMS_R_System.ResourceID from SMS_R_System where SMS_R_System.SystemGroupName = "MASTERDOMAIN\\INST.Adobe_Reader_9.1") and SMS_G_System_ADD_REMOVE_PROGRAMS.ProdID = "{AC76BA86-7AD7-1053-7B44-A91000000001}"{AC76BA86-7AD7-1053-7B44-A91000000001}
MASTERDOMAIN\\INST.Adobe_Reader_9.1
5. Now edit the product code (marked in red)to match your application
6. Now edit the AD group (marked in green) to match your Active Directory Group (note there is suppose to be two "\\")
7. Press OK on all windows!
Okay! So far so good!
Now we need to create an install advertisement and a uninstall advertisement.
Now what is important is that we edit this setting:
This will make the advertisement rerun even if it has been succesfully run earlier.
If you are running SMS 2003 this setting is not available so then you have to create a mandatory reoccuring schedule:
could look something like this:
Okay!
Now you need to try it out, begin with looking if your computer has recived the application. When it has recived it, try removing the computer from the AD group and see what happens
Note time is a crucial factor so make sure you have configured all update times correctly (install collection, uninstall collection, hardware inventory, policy update)
Cheers!
Share this post
Link to post
Share on other sites