Jopster Posted December 19, 2012 Report post Posted December 19, 2012 I've been getting my info from this site for some time now. Great stuff and a big thank you for that! But I've come across a problem which I can't seem to find a solution for. I want to deploy software through AD security groups in which I put our computer objects. SCCM doesn't seem to cope with that though. You can create a user collection and link it to a security group, but then only users which are linked to the group get the software. That works just fine. I tried putting computer objects in there, but they won't get it. Only users will. Since I want the installation to be computer based instead of user based, that doesn't work for me. I then tried to create a device collection (which seems more logical to me than a user collection) and I thought I chose the perfect membership rule by using "System Resource/Security Group Name". But to my surprise no security groups are found. When I enter a wildcard in the value box, I only get to see client names. No security groups whatsoever. Security groups seem to be only linked to user collections. Why can't I see them? If the option is there, I should get to see them, right? This part really confuses me. Of course I can create device collections within SCCM as a solution, but I want to be able to manage software deployment through AD so we can drag a computer to a security group in order for the client to get the software. Is this the way it is designed, or am I overlooking something here? Or is there a way to get around this? I really hope there is, but I can't seem to find much about it on the Net. I don't understand why this doesn't seem possible. It just seems so logical. Any help/thoughts would be greatly appreciated. Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted December 19, 2012 Report post Posted December 19, 2012 have you seen this post, it's for CM07 but the same rules should apply more or less... Quote Share this post Link to post Share on other sites More sharing options...
GarthMJ Posted December 19, 2012 Report post Posted December 19, 2012 It will work but there are a few issue with using security groups for a PC. The PC needs to reboot to get the update security token A full AD discovery need to run. Also I have found that the way to write the collection will have an effect on the way the deployment work. This WQL query will work: select SMS_R_SYSTEM.ResourceID, SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name, SMS_R_SYSTEM.SMSUniqueIdentifier, SMS_R_SYSTEM.ResourceDomainORWorkgroup, SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "GARTEK\\Visio 2007 PC" Quote Share this post Link to post Share on other sites More sharing options...
Jopster Posted December 19, 2012 Report post Posted December 19, 2012 Thanks guys. Haven't seen that article yet and am reading through it now. So basically the way I wanted to do it is impossible? I need to do this through a task sequence? That's actually a shame. Will get back on my progress, but I need some time to go through it all. Quote Share this post Link to post Share on other sites More sharing options...
Jopster Posted December 19, 2012 Report post Posted December 19, 2012 Just a quick note to say your query seems to do the trick, GarthMJ! I will test some more, but I've linked this query to a device collection based installation which in turn is linked to the security group and just a moment ago the software got delivered. Will keep on testing the next couple of days, but it's looking very good. Thanks a lot! Quote Share this post Link to post Share on other sites More sharing options...
