Jump to content


  • 0
wmmayms

Fully automated Application Groups

Question

In this guide I will try to explain how to setup fully automated application groups that will install an application when you add a computer to the Active Directory Group and then remove the application when you remove the computer from the AD group.

 

This solution will also automaticlly resend/reinstall the program if a computer that is suppose to have a specific program (computer member of the AD group) manually removes it. Which will mean we don´t have to rerun any advertisements any more :D

 

Note: This works fine in a LAB Environment, you will need to adjust it accordingly to suit your requirements.

 

 

 

Before we begin check this:

*Hardware inventory enabled - this should be set to quite often, minimum once per hour (atleast thats what i think)

*Active Directory System Group Discovery needs to be enabled and poll on a regular basis, minimum once per hour (atleast thats what i think)

*Make sure your clients pick up a new policy quite often (i set mine to once every 10mins - in a lab)

*Make sure you have a package to test this with one install and one uninstall program (just make sure you know these program actually work)

 

 

 

Okay now to the first easy part :)

1. Create an active directory group and add a computer on the members tab

post-2500-12508839402721_thumb.png

 

2. Create a collection structure that looks something like this:

post-2500-12508835244908_thumb.png

 

3. Make sure booth your INST and UNINST collections update quite often, in my lab i set mine to once every 5 mins

post-2500-12508836411931_thumb.png

 

 

Second part and this is the tricky part...

1. Begin with creating a membershiprule on the Installation collection (i named mine "INST.Adobe_Reader_9.1")

post-2500-12508840439198_thumb.png

 

2. Press "Edit Query Statement"

post-2500-12508841485028_thumb.png

 

3. Press "Show Query Language"

post-2500-12508842180226_thumb.png

 

Now the hardest part!

4. Input the following code:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "MASTERDOMAIN\\INST.Adobe_Reader_9.1" and SMS_R_System.ResourceId not in (select SMS_R_System.ResourceID  from  SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.ProdID = "{AC76BA86-7AD7-1053-7B44-A91000000001}")

{AC76BA86-7AD7-1053-7B44-A91000000001}

MASTERDOMAIN\\INST.Adobe_Reader_9.1

 

5. Now edit the product code (marked in red)to match your application

6. Now edit the AD group (marked in green) to match your Active Directory Group (note there is suppose to be two "\\")

 

7. Press OK on all windows!

 

Okay that was easy!

 

Now to the Uninstall Collection (since we have done this once im not uploading a picture for each step)..

1. Create a membership rule

post-2500-1250884604657_thumb.png

 

2. Press "Edit Query Statement"

 

3. Press "Show Query Language"

 

4. Input the following code (note that this is not the same code as above!):

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.ResourceId not in (select SMS_R_System.ResourceID  from  SMS_R_System where SMS_R_System.SystemGroupName = "MASTERDOMAIN\\INST.Adobe_Reader_9.1") and SMS_G_System_ADD_REMOVE_PROGRAMS.ProdID = "{AC76BA86-7AD7-1053-7B44-A91000000001}"

{AC76BA86-7AD7-1053-7B44-A91000000001}

MASTERDOMAIN\\INST.Adobe_Reader_9.1

 

5. Now edit the product code (marked in red)to match your application

6. Now edit the AD group (marked in green) to match your Active Directory Group (note there is suppose to be two "\\")

 

7. Press OK on all windows!

 

 

Okay! So far so good!

 

Now we need to create an install advertisement and a uninstall advertisement.

Now what is important is that we edit this setting:

post-2500-12508851386118_thumb.png

 

This will make the advertisement rerun even if it has been succesfully run earlier.

If you are running SMS 2003 this setting is not available so then you have to create a mandatory reoccuring schedule:

could look something like this:

post-2500-1250885343482_thumb.png

 

Okay!

Now you need to try it out, begin with looking if your computer has recived the application. When it has recived it, try removing the computer from the AD group and see what happens B)

 

Note time is a crucial factor so make sure you have configured all update times correctly (install collection, uninstall collection, hardware inventory, policy update)

 

Cheers!

  • Like 1

Share this post


Link to post
Share on other sites

9 answers to this question

Recommended Posts

  • 0

I don't think it is a good idea to have al large group of collections updated every 5 minutes. This will have serious impact on the performance of your SCCM server.

 

Yes o totally agree... I have only set it to 5minutes in my labratory where i only have a coupple computers and a coupple of collection.

 

in a production enviroment i would proberbly set it to 15-30mins on the install collections and maybe every 4th hour or something on the uninstall collections.

 

It all depends on how your enviroment looks B)

Share this post


Link to post
Share on other sites

  • 0

I tested this method and it works nicely - but how practical is it in a production environment as I can see it will hammer the GC for collection updates (granted this will be resolved in R3) and SMS Database (for Add Remove info) if it has to collect hardware inventory on short schedules - any advice would be greatly appreciated.

Share this post


Link to post
Share on other sites

  • 0

well you can experiment with timing, change it to 3 hours and work your way forwards or backwards noting the DB and SERVER and network activity

 

always test it in your lab first :)

Share this post


Link to post
Share on other sites

  • 0

well you can experiment with timing, change it to 3 hours and work your way forwards or backwards noting the DB and SERVER and network activity

 

always test it in your lab first :)

 

Thanks for this - environments set up to test this. Have you considered how you would handle say a software upgrade, for example, from Firfox 3.5 say to Firefox 4.0 - What would be the best process for this - I am considering setting up new discreet packages for new versions (new collection, adverts, ad group would also be required). But I'd also need to consider adding an uninstall program for the previous version into the new Advert.

 

Is there a better way?

Share this post


Link to post
Share on other sites

  • 0

Thanks for this - environments set up to test this. Have you considered how you would handle say a software upgrade, for example, from Firfox 3.5 say to Firefox 4.0 - What would be the best process for this - I am considering setting up new discreet packages for new versions (new collection, adverts, ad group would also be required). But I'd also need to consider adding an uninstall program for the previous version into the new Advert.

 

Is there a better way?

 

In the upgrade process,you can use the program dependcies so before installing Firefox 4.0,u can uninstall lower version and install the newer version.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.