Jump to content


FEJustinTH

Deploying Applications through AD/SCCM

Recommended Posts

Scenario:

 

We have AD security groups containing users to manage our product licenses (only so many in each group before we know we need to order more). We would like to deploy applications to those security groups and have them get installed on the users primary device. If someone gets added into those groups they would get the software, if they are removed from those groups it would automatically uninstall it.

 

I have discovery on and I can see those groups in SCCM, but I am trying to get the query language correct. For the uninstall and install groups, I was going to do a query where it would uninstall the application from all users computers except for the users in the install group. How would you go about doing this?

 

Would it be better to do this through User Collections rather than Device Collections?

Share this post


Link to post
Share on other sites

The answer is , "it depends". Are you using application? How many different deployment types are you using? which deployment type are you using? Do you have the primary user details configured?

 

Applications yes (Microsoft Project and Visio are primary concern).

 

I have a rule on each of those applications to only install on the users primary device.

 

One deployment type per application.

 

Here is a good example of what I am trying to do in the link before but I cannot get it to show the devices in the collections after I setup those queries:

 

https://social.technet.microsoft.com/Forums/en-US/45c5c1cc-6245-4876-9ea2-89f44ab3b308/collection-query-ad-group-membership-filter-for-addremove-programs?forum=configmgrgeneral

 

In that post he is deploying to computers though, I want to add users to the AD groups and have it deploy to that users primary device.

Share this post


Link to post
Share on other sites

Why do you want to deploy it to computer but target users? Why aren't you just targeting it users? Why make your life difficult?

 

Ok, that makes sense, would you put all users into the uninstall user group?

 

Right now I have this setup:

 

1 AD Group pointed at 2 user groups in SCCM with a query:

 

select

SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,

SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_

R_User where SMS_R_User.UserGroupName = "DOMAINNAME\\GROUPNAME"

 

Install Application (pulls from AD Securty group) -> If in this group install

Uninstall Application -> All Users -> exclude the install application group

 

Do you even need the query in the uninstall group or just put all users in there so it will only install the application if you are in the install application group?

 

Does that sound about right?

 

 

Here is the uninstall query:

 

select

SMS_R_User.ResourceId, SMS_R_User.ResourceType

, SMS_R_User.Name, SMS_R_User.UniqueUserName, SMS_

R_User.WindowsNTDomain from SMS_R_User where SMS_R_

User.UserGroupName != "FEMSI\\SCCM MS Project Standard 2013"

Share this post


Link to post
Share on other sites

First work on the install and make sure that you are happy with that.

 

The uninstall if a lot bigger problem and I question the need for it to be automated. Why you ask because, How exactly do you determine who it should be uninstalled from? What exact is your decommissioning process for a PC? What exact is the replacement staff process? How exact is primary user configured?

 

Without these questions (and more) being answer you can easily create a process that will cause you more headaches then it is worth.

Share this post


Link to post
Share on other sites

First work on the install and make sure that you are happy with that.

 

The uninstall if a lot bigger problem and I question the need for it to be automated. Why you ask because, How exactly do you determine who it should be uninstalled from? What exact is your decommissioning process for a PC? What exact is the replacement staff process? How exact is primary user configured?

 

Without these questions (and more) being answer you can easily create a process that will cause you more headaches then it is worth.

 

Thank you Garth for all of your help, I have this all working now.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.