Jump to content


dunkel

SCCM 2012 Application deployment with AD integration

Recommended Posts

Here's a quick resume of the current setup I am using. I've been using AD groups to deploy applications from SCCM with query-based collection membership for devices. In short, this means that in AD a computer is added to a group and whenever SCCM runs AD Group discovery and sees a change, the collection which queries that group also updates that group and the application is deployed on the target computer. This was done in order to preserve the historical AD structure and method of deploying applications (previously done with GPOs). This works flawlessly and is relatively quick.

 

Since we do not have a way to remove applications as of now, I am trying to trigger an uninstall deployment whenever a computer is removed from an AD group. I cannot push an uninstall deployment method on a collection that would include all systems except those that are members of the deployment group since this would break systems with the target application installed before SCCM implementation.

 

There is however something that I have tested with a single application which consists of deploying a configuration baseline to all systems that detects if that particular application is installed. I then create a collection that excludes the "Install target software" collection and queries for compliant computers. I then deploy an uninstall application on the resulting collection therefore uninstall the application from the member systems. It seems to work properly for now. I am using configuration baselines because of their ability to run powershell scripts as part of the compliance process.

 

My question is, is it against best practice to have a lot of configuration baselines? I have around 40+ applications that are deployed through SCCM and it would require the same amount of configuration baselines to ensure application are uninstalled in sync with AD group membership.

 

Thanks.

Share this post


Link to post
Share on other sites

Hi Dunkel,

 

This is exactly what I have been trying to do. Same exact setup. Give the security group membership to a computer object and SCCM deploys the application. Remove the security group membership and the application gets uninstalled.

 

Im fairly new to SCCM and needed help on this.

 

Do you mind posting a short step by step please. I have tried looking all over but I cant find the info to achieve this.

 

Your help will be greatly appreciated please.

 

 

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.