myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


Enforce policy?

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Enforce policy? Page: [1]
Login
Message << Older Topic   Newer Topic >>
Enforce policy? - 6/19/2008 2:23:56 PM   
turbokitty

 

Posts: 49
Score: 0
Joined: 6/12/2008
Status: offline 		If SCCM installs a package and the user uninstalls it manually, what will happen?  Will SCCM enforce the policy and reinstall on the next policy refresh?
Where does SCCM store its list of installed applications?  Does it use a WMI query of A/R programs?

I doubt..

Post #: 1
RE: Enforce policy? - 6/19/2008 2:40:11 PM   
skissinger


Posts: 2114
Score: 134
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline 		Hmm... this almost sounds like you might want to check out "Desired Configuration Management".

_____________________________

mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
My Blog
Microsoft MVP - ConfigMgr

(in reply to turbokitty)
Post #: 2
RE: Enforce policy? - 6/19/2008 4:00:51 PM   
turbokitty

 

Posts: 49
Score: 0
Joined: 6/12/2008
Status: offline 		Desired Config Mgmt only reports back on non-compliance, it doesn't enforce it.  That's my understanding anyway.

What if I removed the machine from the collection, refreshed it, then re-added the collection and refreshed it?

(in reply to skissinger)
Post #: 3
RE: Enforce policy? - 6/19/2008 11:12:42 PM  1 votes
wbracken


Posts: 1036
Score: 22
Joined: 4/12/2002
From: St. Louis
Status: offline 		Unfortunately that will not work.  Unless you have it set to be able to re-run if successful and create a new advertisement it will not change as the "policy" if you will is still local and successful so it will skip right past it.  For one offs the SMS Client Center tool is a great solution.  You can right click and advertisement and force a rerun whether successful or failed. (screenshots here, download here).  That tool is great in many more ways but thats for another topic  

Works for both SMS and SCCM (Newest version)



_____________________________

William Bracken

Visit my new Blog
http://wbracken.wordpress.com/

(in reply to turbokitty)
Post #: 4
RE: Enforce policy? - 6/22/2008 1:05:46 PM   
turbokitty

 

Posts: 49
Score: 0
Joined: 6/12/2008
Status: offline 		Great, I'll try that out.. thanks William.

One other thing, where does SCCM store the "successfully installed" marker?  Can it be manually deleted from the machine so that SCCM thinks it didn't run the advertisement yet?


< Message edited by turbokitty -- 6/22/2008 1:08:22 PM >

(in reply to wbracken)
Post #: 5
RE: Enforce policy? - 6/22/2008 7:50:11 PM   
wbracken


Posts: 1036
Score: 22
Joined: 4/12/2002
From: St. Louis
Status: offline 		Its in the registry (and WMI I believe).  I cant say with complete confidence that deleting the registry key would do the trick.  Would be worth a try though.  :)

I am not at work atm so I dont have the exact path to give you..however it's located in the HKLM\Software\Microsoft\SMS key somewhere.  I'll pull up the correct path tomorrow and reply here just for refernce.  Also if you get a chance to test that before me, please post back with your results.  Its something I have always been curious about but have never spent the time to validate one way or the other.

_____________________________

William Bracken

Visit my new Blog
http://wbracken.wordpress.com/

(in reply to turbokitty)
Post #: 6
RE: Enforce policy? - 6/23/2008 9:42:19 AM  1 votes
wbracken


Posts: 1036
Score: 22
Joined: 4/12/2002
From: St. Louis
Status: offline 		Follow Up..

The exact path in the registry is:

HKLM\Software\Microsoft\SMS\Mobile Client\Software Distribution\Execution History

_____________________________

William Bracken

Visit my new Blog
http://wbracken.wordpress.com/

(in reply to wbracken)
Post #: 7
RE: Enforce policy? - 6/24/2008 6:43:07 PM   
turbokitty

 

Posts: 49
Score: 0
Joined: 6/12/2008
Status: offline 		And thanks yet again!

(in reply to wbracken)
Post #: 8
RE: Enforce policy? - 6/25/2008 12:40:18 AM   
Speedimon

 

Posts: 9
Score: 0
Joined: 5/28/2008
Status: offline 		I think you can try another trick in case you don't have lots of packages to "enforce". Create the collection, having computers not having the product in Add/Remove Programs, or not having, for example, program's executable. Set a short update period for that collection. It would contain all your clients without the package installed. After that you can manually Re-run advertisement against the collection to reinstall the package. The main disadvantage is that the client would "get in" and "get out" of that collection not instantly, but only after the software/hardware discovery, so if you can't afford short period for them, the method wouldn't be very nice.

(in reply to turbokitty)
Post #: 9
RE: Enforce policy? - 6/30/2008 9:12:21 AM   
gjones


Posts: 824
Score: 50
Joined: 6/5/2001
From: Ottawa, Ontario, Canada
Status: offline
quote:

ORIGINAL: skissinger
Hmm... this almost sounds like you might want to check out "Desired Configuration Management".


Sherry is right DCM is a good way to do this. In a nutshell you would do this:

-          Create package to install application X
-          Create a DCM rule for application X
-          Create a advert to install application X to all those that DCM show as not having application X

Yes, this can also be do for ARP as well, it depend on your clients and how they try to get around having the application installed. DC will allow for more checking to be done.


_____________________________

Garth@enhansoft.com

For a List of my Articles
http://www.myitforum.com/contrib/default.asp?cid=116
Blogs:
http://smsug.ca/blogs/garth_jones/default.aspx
http://myitforum.com/cs2/blogs/gjones/default.aspx


(in reply to skissinger)
Post #: 10
RE: Enforce policy? - 6/30/2008 10:45:05 AM   
jsandys


Posts: 530
Score: 17
Joined: 3/24/2005
From: San Antonio, TX
Status: offline 		Take away local admin privileges from the users. If users are doing something they shouldn't be doing, then you've given them too much power. Do you give your 12 year old keys to the car? Your jumping through hoops and causing yourself pain because you're not following best practices. If users install World of Warcraft, do you want ConfigMgr to automatically uninstall it also?

_____________________________

Jason
________________________________________
http://myitforum.com/cs2/blogs/jsandys/default.aspx

(in reply to gjones)
Post #: 11
Page:   [1]
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Enforce policy? Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.639