Jump to content


ikkhatri

Established Members
  • Content Count

    11
  • Joined

  • Last visited

Community Reputation

1 Neutral

About ikkhatri

  • Rank
    Member
  1. Hi, I had a question in regards to granting shared drive access via security groups. 1. In AD I have created a new Shared Folder and Assigned the UNC Path of the shared folder. 2. I have created an OU --> Domain Administrators. 3. Applied GPO to the OU using Item-Level Targeting 4. User in Group is member of " OS Images" (OS Images is the name of the Security Group) If I add all the users that reside in the Domain Administrators OU to the OS Images Security Group, they get access to that Drive. I have another OU called Subscriber Accounts and this is for normal users. When I add a user residing in the Subscriber Accounts OU to the OS Images Security Group, the user isnt able to access the drive. What am I doing wrong? I don't want to move them to the Domain Administrators OU. Any help would be much appreciated. I have also attached some screenshots Thank You.
  2. Just wanted to share this with others that may have this issue (I was scratching my head for over 2 weeks) Finally I got it to work. Thanks for the RDNS tip Saligia. I haven't fully configured everything. Just wanted to get inbound and outbound mail going for now (internal and external), so here is what I did to get it working 1. Got my ISP to provide me with Reverse DNS --> Pointing to mail.publicdomain.com.au (Public domain: IE: Godaddy, Crazydomains and etc) 2. Logged in to my Public domain providers site and performed the following (Note: You may need to purchase DNS Premium service - I did! ) 3. In the DNS section: - Created A Record: Mail.publicdomain.com.au --> pointed it to my public IP address (if you don't know login to your router or call your ISP) - Created CNAME Record: autodiscover.publicdomain.com.au --> pointed it to mail.publicdomain.com.au - Created MX Record: publicdomain.com.au --> pointed it to mail.publicdomain.com.au 4. Logged in to my router and added 2 port mappings: - WAN and LAN Port: 443 (HTTPS) This will allow you to access OWA from outside of your organization/domain - WAN and LAN Port: 25 (SMTP) (Hopefully your ISP allows port forwarding) 5. In your Domain Controller or wherever you have a DNS server installed open it up and create an Mail Exchange (MX) record under DC---->Forward Lookup Zones----->Contoso.com. - Right Click Contoso.com and click New Mail Exchanger (MX). - Host or child domain: put in your exchange server hostname (IE: exch-srv001) - FQDN: exch-srv001.contoso.com - FQDN of Mail Server: mail.publicdomain.com.au (or dot com or whatever you have purchased) - Mail Server Priority: I kept it as default (10) - Hit OK. Also if you are looking for an SSL certificate. I got my free one from StartSSL. - My SSL Cert included autodiscover.publicdomain.com.au and mail.publicdomain.com.au only. I hope this helps someone. Again, I'm not a pro at this as I'm still learning however the above method worked well for me. Thanks for the help
  3. Hi, Thanks for your response. I have contacted my ISP to point my server IP address to mail.domainname.com.au Is this correct?
  4. Hi, I have installed MS Exchange 2016 in my lab. I can send emails internally just fine but not able to send emails externally. My AD Domain: Domain.com My Public Domain: DomainInc.com.au Error message I get when I send emails externally meaning to gmail, aol or yahoo: Generating server: EXCH-SRV01.domain.com username@aol.com Remote Server returned '400 4.4.7 Message delayed' Original message headers: Received: from EXCH-SRV01.domain.com (10.X.X.X) by EXCH-SRV01.domain.com (10.X.X.X) with Microsoft SMTP Server (TLS) id 15.1.225.42; Sat, 27 Feb 2016 04:56:17 -0800Received: from EXCH-SRV01.domain.com ([::1]) by EXCH-SRV01.domain.com ([::1]) with mapi id 15.01.0225.041; Sat, 27 Feb 2016 04:56:17 -0800From: Exchange Admin Account <adm_exchange@domain.com>To: username@aol.com username@aol.comSubject: testThread-Topic: testThread-Index: AQHRcV47KRzLbFmdUEagAG9gVscc+A==Date: Sat, 27 Feb 2016 12:56:16 +0000Message-ID: <5c6080469f5a41c3b2e8bc8be3a3d88b@genesys.com>Accept-Language: en-USContent-Language: en-USX-MS-Has-Attach: yesX-MS-TNEF-Correlator:x-originating-ip: [10.X.X.X]Content-Type: multipart/related; boundary="_004_5c6080469f5a41c3b2e8bc8be3a3d88bgenesyscom_"; type="multipart/alternative"MIME-Version: 1.0 I have registered a domain with crazydomains and also purchased a dns and email address to verify my domain for SSL certificates. Created an A Record : mail.domainname.com.au --> pointing to my public domain ip address. Created another A Record: autodiscover.domainname.com.au --> pointing to my exchange server EXCH-SRV01.domain.com (AD Domain) Created an MX record: mail.domainname.com.au --> pointing to mail.domainname.com.au My SSL Certificate has the following under Subject Alternative Name: DNS Name=mail.domainname.com.au DNS Name=autodiscover.domainname.com.au DNS Name=domainname.com.au Is this configured incorrectly? I have been stuck with this for a while and tried many google searches to find a resolution with no luck. Any help would be appreciated. Thanks.
  5. Ok so I have tested this and working pretty well for me. SCCM to uninstall an application when you remove the computer from the Application security group. I will be using the security group: “ Application – Google Chrome “ as an example. In Device collections as I previously mentioned I created a folder for applications and created the collections in that folder to deploy applications. I have created another folder in Device Collections called Applications – Uninstall. In there I have created a collection called: Application – Google Chrome UN Limiting Collection: All Desktop And Server Clients Clicked Add Rule, Query Rule, and named it as Application – Google Chrome UN Resource Class: System Resources then clicked Edit Query Statement then Show Query Language. Clear the box and entered: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.NetbiosName not in (Select SMS_R_System.NetBiosName from SMS_R_System where SMS_R_System.SystemGroupName = "YourDOMAIN\\YOUR APPLICATION SECURITY GROUP") and SMS_R_System.Client = 1 and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "Google Chrome" 7. Then ok. 8. Clicked on add Rule and this time clicked Exclude Collection and chose the Installation Collection I created in my earlier post. 9. Next it all the way 10. Now we need to deploy the collection we just created. 11. Right clicked then clicked Deploy à application 12. Software – Chose the google chrome application 13. Click Next until you get to Deployment Settings and Change Install to Uninstall. 14. Next it all the way.
  6. Thanks kman. I'll try that. However to query it when creating the collection...what is to be used? The bottom query? select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.NetbiosName not in (Select SMS_R_System.NetBiosName from SMS_R_System where SMS_R_System.SystemGroupName = "<Domain>\\<Security Group>") and SMS_R_System.Client = 1 and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "<NAME OF APPLICATION>" Since in the query theres already a security group specified. ..do i still need to put this: and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "<NAME OF APPLICATION>"
  7. Thank You all for all your help. I was successfully able to achieve this using the below query: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "Domain\\Application - Mozilla Firefox" How I did this was created an OU in AD and Named it Subscriber Applications and in this OU I created application security hroups. then: 1. Created the 2 applications (Chrome and Firefox) and Distributed Content. 2. Under Device Collections I created a new folder and named it Applications. 3. In the Applications folder I created 2 Device Collections named: Application - Google Chrome and Application - Mozilla Firefox. 4. For the Limiting Collection I used " All Desktop And Server Clients " 5. On The next screen, clicked add rule and chose the query rule option 6. Name: The Application name exactly has I have it named in my AD security group (Example: Application - Google Chrome) 7.Clicked Edit Query statement then clicked Show Query Language 8. Clear everything in the box and paste the above query. (make sure to change the last bit to "YOURDOMAINNAME\\YouApplicationSecurityGroupName") 9. Next it all the way. 10. Go to Software Library then right click the application and click deploy. 11. For the Collection on the left pane drop down, change to device collections and locate the application collection we just created. ( you will receive a popup stating that the collection doesn't not contain any members (that's ok), just hit ok. 12.Next it all the way. Now in AD open up computer properties --> member of --> and add the application group in it. Mine took about 12 minutes and it deployed it successfully to the PC which was in the Google Chrome group. Hope this helps someone. ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ Next thing I would like to do is uninstall the application. Same process but this time once I remove the application security group from the computer membership I would like SCCM to uninstall the application automatically. I have no clue on how to do this. Any help would be great. The only thing I could find was a Query: select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.NetbiosName not in (Select SMS_R_System.NetBiosName from SMS_R_System where SMS_R_System.SystemGroupName = "<Domain>\\<Security Group>") and SMS_R_System.Client = 1 and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "<NAME OF APPLICATION>" Can someone please help with some instructions. Thanks.
  8. Hi Dunkel, This is exactly what I have been trying to do. Same exact setup. Give the security group membership to a computer object and SCCM deploys the application. Remove the security group membership and the application gets uninstalled. Im fairly new to SCCM and needed help on this. Do you mind posting a short step by step please. I have tried looking all over but I cant find the info to achieve this. Your help will be greatly appreciated please.
  9. I see the computers in the AD groups and Yes I have enabled AD group discovery in SCCM. And clicked yes to run the Discovery as soon as possible when I first enabled it. However I have again ran the discovery again. Also: Under Software Library -> Overview -> Application Management -> Applications I right click on the Google Chrome application and click deploy it does deploy the application but to all the computers. Is there a new collection that I may need to create and put the computers in there? What are the steps to configure SCCM in a way where all I have to do is add the application security group membership to a computer in Active Directory and SCCM deploys it to that computer only automatically? Example PC Names: testpc1 , testpc2 and testpc3. In the properties of testpc1 I click member of and add the group membership for Chrome and SCCM will deploy the application to testpc1 only. Thank you so much for helping me out. (Still new with SCCM)
  10. Hi GarthMJ, Thanks for your response. In my chrome collection there are 9 computers. When I created the collection I chose All Systems.
  11. Hello, This is my first post as I just registered with W-N. This question may have been asked before however I wasn't able to find it so I would like to apologise if I'm asking it again. I have a lab setup and I have successfully deployed the OS's to various VM's in my network. What I would like to do is add a security group to a computer object and have SCCM deploy it to the specified computer. 1. I have created an OU called " Subscriber Applications ". And in this OU I have created 2 Security Groups: Security Group 1: Application - Google Chrome Security Group 2: Application- Mozilla Firefox 2. In CM 2012 Console ( -> Software Library -> Overview -> Application Management -> Applications ) Under Applications I have created the 2 Applications using it's MSI installation file, then Distributed Content to DP. (Named it as: Mozilla Firefox and Google Chrome) 3. Under Assets and Compliance-> Overview-> Device Collections I created a new folder called Applications. 4. In that folder I created a Device collection called Google Chrome. 5. Limiting Collection was set to All Systems. 6. In Query Rule properties I named is as Google Chrome again. Then clicked Edit Query Statement. 7. In Criterion Properties, Type was set as Simple Value. Attribute Class: System Resource, Attribute: System Group Name; Value: I chose the security group. Query Statement: select * from SMS_R_System where SMS_R_System.SystemGroupName = Domain\Application - Google Chrome. Once it's created I right click and deploy it. It installs Google Chrome to all computers. instead of only on the computer that has Google chrome membership. Can someone please guide me on this. I know I'm doing this all wrong. Once again...Sorry for the double post. And many many thanks for your assistance.
×
×
  • Create New...