Jump to content


Recommended Posts

I've been getting my info from this site for some time now. Great stuff and a big thank you for that!

 

But I've come across a problem which I can't seem to find a solution for. I want to deploy software through AD security groups in which I put our computer objects. SCCM doesn't seem to cope with that though. You can create a user collection and link it to a security group, but then only users which are linked to the group get the software. That works just fine. I tried putting computer objects in there, but they won't get it. Only users will. Since I want the installation to be computer based instead of user based, that doesn't work for me.

 

I then tried to create a device collection (which seems more logical to me than a user collection) and I thought I chose the perfect membership rule by using "System Resource/Security Group Name". But to my surprise no security groups are found. When I enter a wildcard in the value box, I only get to see client names. No security groups whatsoever. Security groups seem to be only linked to user collections. Why can't I see them? If the option is there, I should get to see them, right? This part really confuses me.

 

Of course I can create device collections within SCCM as a solution, but I want to be able to manage software deployment through AD so we can drag a computer to a security group in order for the client to get the software.

 

Is this the way it is designed, or am I overlooking something here? Or is there a way to get around this? I really hope there is, but I can't seem to find much about it on the Net. I don't understand why this doesn't seem possible. It just seems so logical.

 

Any help/thoughts would be greatly appreciated.

Share this post


Link to post
Share on other sites


have you seen this post, it's for CM07 but the same rules should apply more or less...

Share this post


Link to post
Share on other sites

It will work but there are a few issue with using security groups for a PC.

  • The PC needs to reboot to get the update security token
  • A full AD discovery need to run.

 

Also I have found that the way to write the collection will have an effect on the way the deployment work. This WQL query will work:

 

select
  SMS_R_SYSTEM.ResourceID,
  SMS_R_SYSTEM.ResourceType,
  SMS_R_SYSTEM.Name,
  SMS_R_SYSTEM.SMSUniqueIdentifier,
  SMS_R_SYSTEM.ResourceDomainORWorkgroup,
  SMS_R_SYSTEM.Client
from
  SMS_R_System
where
  SMS_R_System.SystemGroupName = "GARTEK\\Visio 2007 PC"

Share this post


Link to post
Share on other sites

Thanks guys. Haven't seen that article yet and am reading through it now. So basically the way I wanted to do it is impossible? I need to do this through a task sequence? That's actually a shame.

 

Will get back on my progress, but I need some time to go through it all. :)

Share this post


Link to post
Share on other sites

Just a quick note to say your query seems to do the trick, GarthMJ! I will test some more, but I've linked this query to a device collection based installation which in turn is linked to the security group and just a moment ago the software got delivered. Will keep on testing the next couple of days, but it's looking very good. Thanks a lot!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...