skissinger
Posts: 1972
Score: 129
Joined: 9/13/2001
From: Sherry Kissinger
Status: offline
|
Ok, I'll join into your conversation!
First, let me start by saying "don't do it!". Why, you ask? Ok, if your collection membership contains User IDs, or it contains the Usergroup, and not resourceIDs of machines, two things will be um... fun... to work around. First, software is deserved by the user, or the user if they happen to be a member of that usergroup when they logged in. The machine does not deserve the advertisement, because it is not in the collection. So you cannot deploy "when no user logged in" Second, all of those cool tools you may be using to re-run a advertisement simply do not work. The history of a previously run ad is kept in a different place in WMI if the 'user' deserved the advertisement. And that place is defined by the SID of the user, so it's um... fun... to find if you want to re-run a user or usergroup-targetted advert. Third, yes... everywhere that user logs in, the software will install. With all that said, sure; it's possible to advertise to a collection where the collection contains a usergroup (and the usergroup has usernames), or the collection contains user ids. We've been doing it for years. I believe the company I work for, and 1 other person (Stuart W! how are you?!) advertise to users in a usergroup.
But... guess what project I'm in right now. I'm ripping all that out, and replacing it. The collection contains "Machines where the highest ranked user is in the usergroup "whatever"". It's kind of complex, I know; but I figure it's a step in the right direction. I want to get them to "Machines in usergroup "whatever"". I'm not at work as I type this out, so I don't have my template queries in front of me or I'd post them.
I'm using SLAT from systemcentertools.com to get highest ranked user (because I needed a feature it had that Top Console User didn't). But w/ConfigMgr you could use "Machines where the top console user is in the usergroup "whatever"". There's some pre-req's you need; like that Top Console User is returning data (you might need a GPO enabled), and user & usergroup discovery running frequently enough, and your collection updates frequently enough--but you can get there.
If you can, though, my next evolution of this master plan is to modify the culture enough that they buy into the fact that "computers have software installed. Users do not have software installed." If you can get *that* buy-in, for each of those usergroups that contains a username, change it to their computer name. Again, setup Discovery (I recommend ESD from systemcentertools.com, if you have a budget) so computers' groups get discovered quickly, and collection updates; and it'll be easy, and close to automated. It fits all my personal parameters. It is standard. simple. automated.
_____________________________
mofmaster@smsexpert.com (version 2007) | http://www.smsexpert.com | http://www.sccmexpert.com
Microsoft MVP - ConfigMgr
|
Printable Version
Help with a query for user groups - 
New Messages
No New Messages
Hot Topic w/ New Messages
Hot Topic w/o New Messages
Locked w/ New Messages
Locked w/o New Messages
Post New Thread