Jump to content


  • 0
Max

deploy software through AD Groups linked to Collections in SCCM

Question

10 answers to this question

Recommended Posts

  • 0

the advantage is that you set the collections up (one time) and create the appropriate queries for those collections,

 

all you have to do after that is add (or remove) computers (or users) to the respective Active Directory Security Group, this makes things Dynamic in nature and needs a lot less work in the ConfigMgr console than if you were adding computers/users manually to the collections and/or advertising the software to those resources separately

  • Like 1

Share this post


Link to post
Share on other sites

  • 0

Thanks to the quick answer.

 

I try to explain the way I did.

 

We created an advertise folder, in which we advertised the tasks that we needed

 

post-3343-0-47750000-1294924010_thumb.jpg

 

to the collection below

 

post-3343-0-04387500-1294924067_thumb.jpg

 

That means if we have to make a new machine or install a new software package, we only have to advertise it to the collection.

 

Isn’t this way similar to the “AD Groups linked to Collections “process?

Share this post


Link to post
Share on other sites

  • 0

well i think it's cleaner and more efficient (less prone to error) to add/remove users/computers to the respective Active Directory Security Group

, what if you have to add say 100 new computers ? 1000 ?

 

hopefully othes will add their opinion here also

Share this post


Link to post
Share on other sites

  • 0

I'd also suggest looking into using Active Directory groups. You can then grant access to add/remove accounts to the domain group without having to give someone access to SCCM. Also, you can probably save time by using AD and a dynamic membership query. We actually set our advertisements to always rerun. This way, if an application gets uninstalled for some reason, the processes will later put the computer back into the collection and it'll get the app installed again.

 

Here's an example of a dynamic collection query that uses domain groups:

select SYS.ResourceID,SYS.ResourceType,SYS.Name,SYS.SMSUniqueIdentifier,SYS.ResourceDomainORWorkgroup,SYS.Client from SMS_R_System AS sys WHERE sys.ResourceID NOT IN (SELECT ARP.ResourceID FROM SMS_G_System_ADD_REMOVE_PROGRAMS AS ARP WHERE ARP.DisplayName = "Google Earth" AND ARP.Version = "5.2.1.1588") AND sys.SystemGroupName = "YourDomain\\SCCM-Google Earth 5.x"

 

Oh, and we limit our collections to another collection that only contains healthy clients (so we never beat our heads against the wall trying to figure out why the app isn't going out).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.