FEJustinTH Posted April 22, 2016 Report post Posted April 22, 2016 Scenario: We have AD security groups containing users to manage our product licenses (only so many in each group before we know we need to order more). We would like to deploy applications to those security groups and have them get installed on the users primary device. If someone gets added into those groups they would get the software, if they are removed from those groups it would automatically uninstall it. I have discovery on and I can see those groups in SCCM, but I am trying to get the query language correct. For the uninstall and install groups, I was going to do a query where it would uninstall the application from all users computers except for the users in the install group. How would you go about doing this? Would it be better to do this through User Collections rather than Device Collections? Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted April 22, 2016 Report post Posted April 22, 2016 The answer is , "it depends". Are you using application? How many different deployment types are you using? which deployment type are you using? Do you have the primary user details configured? Quote Share this post Link to post Share on other sites More sharing options...
FEJustinTH Posted April 22, 2016 Report post Posted April 22, 2016 The answer is , "it depends". Are you using application? How many different deployment types are you using? which deployment type are you using? Do you have the primary user details configured? Applications yes (Microsoft Project and Visio are primary concern). I have a rule on each of those applications to only install on the users primary device. One deployment type per application. Here is a good example of what I am trying to do in the link before but I cannot get it to show the devices in the collections after I setup those queries: https://social.technet.microsoft.com/Forums/en-US/45c5c1cc-6245-4876-9ea2-89f44ab3b308/collection-query-ad-group-membership-filter-for-addremove-programs?forum=configmgrgeneral In that post he is deploying to computers though, I want to add users to the AD groups and have it deploy to that users primary device. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted April 22, 2016 Report post Posted April 22, 2016 ok, that should work. Why do you think that it does work? Quote Share this post Link to post Share on other sites More sharing options...
FEJustinTH Posted April 22, 2016 Report post Posted April 22, 2016 ok, that should work. Why do you think that it does work? I have my user account in the AD group, and I have the application installed also but I am not showing up in the device collection. Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted April 22, 2016 Report post Posted April 22, 2016 Why do you want to deploy it to computer but target users? Why aren't you just targeting it users? Why make your life difficult? Quote Share this post Link to post Share on other sites More sharing options...
FEJustinTH Posted April 22, 2016 Report post Posted April 22, 2016 Why do you want to deploy it to computer but target users? Why aren't you just targeting it users? Why make your life difficult? Ok, that makes sense, would you put all users into the uninstall user group? Right now I have this setup: 1 AD Group pointed at 2 user groups in SCCM with a query: select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name, SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_ R_User where SMS_R_User.UserGroupName = "DOMAINNAME\\GROUPNAME" Install Application (pulls from AD Securty group) -> If in this group install Uninstall Application -> All Users -> exclude the install application group Do you even need the query in the uninstall group or just put all users in there so it will only install the application if you are in the install application group? Does that sound about right? Here is the uninstall query: select SMS_R_User.ResourceId, SMS_R_User.ResourceType , SMS_R_User.Name, SMS_R_User.UniqueUserName, SMS_ R_User.WindowsNTDomain from SMS_R_User where SMS_R_ User.UserGroupName != "FEMSI\\SCCM MS Project Standard 2013" Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted April 23, 2016 Report post Posted April 23, 2016 First work on the install and make sure that you are happy with that. The uninstall if a lot bigger problem and I question the need for it to be automated. Why you ask because, How exactly do you determine who it should be uninstalled from? What exact is your decommissioning process for a PC? What exact is the replacement staff process? How exact is primary user configured? Without these questions (and more) being answer you can easily create a process that will cause you more headaches then it is worth. Quote Share this post Link to post Share on other sites More sharing options...
FEJustinTH Posted April 27, 2016 Report post Posted April 27, 2016 First work on the install and make sure that you are happy with that. The uninstall if a lot bigger problem and I question the need for it to be automated. Why you ask because, How exactly do you determine who it should be uninstalled from? What exact is your decommissioning process for a PC? What exact is the replacement staff process? How exact is primary user configured? Without these questions (and more) being answer you can easily create a process that will cause you more headaches then it is worth. Thank you Garth for all of your help, I have this all working now. Quote Share this post Link to post Share on other sites More sharing options...