dunkel Posted October 13, 2015 Report post Posted October 13, 2015 Here's a quick resume of the current setup I am using. I've been using AD groups to deploy applications from SCCM with query-based collection membership for devices. In short, this means that in AD a computer is added to a group and whenever SCCM runs AD Group discovery and sees a change, the collection which queries that group also updates that group and the application is deployed on the target computer. This was done in order to preserve the historical AD structure and method of deploying applications (previously done with GPOs). This works flawlessly and is relatively quick. Since we do not have a way to remove applications as of now, I am trying to trigger an uninstall deployment whenever a computer is removed from an AD group. I cannot push an uninstall deployment method on a collection that would include all systems except those that are members of the deployment group since this would break systems with the target application installed before SCCM implementation. There is however something that I have tested with a single application which consists of deploying a configuration baseline to all systems that detects if that particular application is installed. I then create a collection that excludes the "Install target software" collection and queries for compliant computers. I then deploy an uninstall application on the resulting collection therefore uninstall the application from the member systems. It seems to work properly for now. I am using configuration baselines because of their ability to run powershell scripts as part of the compliance process. My question is, is it against best practice to have a lot of configuration baselines? I have around 40+ applications that are deployed through SCCM and it would require the same amount of configuration baselines to ensure application are uninstalled in sync with AD group membership. Thanks. Quote Share this post Link to post Share on other sites More sharing options...
NickolajA Posted October 16, 2015 Report post Posted October 16, 2015 I've not heard anything against having "a lot" of Configuration Baselines. But I'd be cautious with how often you set them to evaluate, since it may put unnecessary load on the client. Cool trick! Quote Share this post Link to post Share on other sites More sharing options...
ikkhatri Posted January 18, 2016 Report post Posted January 18, 2016 Hi Dunkel, This is exactly what I have been trying to do. Same exact setup. Give the security group membership to a computer object and SCCM deploys the application. Remove the security group membership and the application gets uninstalled. Im fairly new to SCCM and needed help on this. Do you mind posting a short step by step please. I have tried looking all over but I cant find the info to achieve this. Your help will be greatly appreciated please. Quote Share this post Link to post Share on other sites More sharing options...
