Jump to content


Sign in to follow this  
SheilaA2

Software Deployment Based on Collections

Recommended Posts

We have a pretty basic SCCM 2012 setup for now with a single primary site with AD intergration. Things are working great but we are at the point where we would like to begin implementing security for the rest of the IT staff. I'm hoping that someone can help me with an issue that I'm having or suggest a better way of doing things. I'm new to the SCCM world and am learning as I go so if you need to ask any additional questions, please ask away.

Basically, we are implementing device collections based on software needs. So if a computer requires MS Project, we have a collection to which that application has been deployed to. We then add the computer resource to that collection. The issue that I'm having is from a security perspective. Essentually, we would like to be able to have our helpdesk staff add or remove resources from these collections based on their software needs. The only way that I've been able to achive this is to give them "modify" permissions on collections via a security role. The problem with this is that they are able to modify the collection properties. I don't want them to be able to do this....

What am I doing wrong or missing?

Thank you for your time.

Share this post


Link to post
Share on other sites


Not a bad idea but I'm not sure that it will work in my situation since a workstation can only belong to one AD group. Since there are various software packages/collections, a device or workstation will need to belong to multiple collections.

Share this post


Link to post
Share on other sites

Not a bad idea but I'm not sure that it will work in my situation since a workstation can only belong to one AD group.

 

A computer object can be a member of round about 1000 groups. (at least)

  • Like 1

Share this post


Link to post
Share on other sites

You could give a shot with this:

 

http://www.windows-noob.com/forums/index.php?/topic/892-deploy-software-through-ad-groups-linked-to-collections-in-sccm/page__st__40#entry24739

 

Basicly you create two collections, one for the removal and one for the install and everything is handled through computer account's AD group membership.

Depending on your environment (big, medium, small) you should see if there are any performance hits with this approach.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...