Creative Thinkers... a challenge (Full Version)

All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003



Message

thouser -> Creative Thinkers... a challenge (6/6/2008 1:33:23 AM)

I've been tasked with what appears to be impossilbe.  I'm looking for any creative ideas anyone might have.

Challenge:
All advertisements are sent to groups (not an options to change this).  We have a group of employees that log into what I will call a Mobile Laptop and also a Office Desktop.  The office desktop receives one flavor of an application while the Mobile Laptop receives another flavor.  The challenge is how to keep the Mobile Laptop from seeing the Office Desktop advertisement and vice versa.  The user must be membered to both groups as they work on both machines.  Both the Mobile Laptop and Office Desktop and running XP, so OS requirements in the package programs is out unless there is a way to add custom entries into this.

Thoughts?  Creative Thinkers?




mp115 -> RE: Creative Thinkers... a challenge (6/6/2008 6:47:39 AM)

In addition to the group membership criteria, add hardware criteria, i.e. system model info from SMS_G_System_COMPUTER_SYSTEM.

select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where SystemGroupName = "DOMAIN\\BBMS-FSD-SpecialEd" AND ResourceId in (select ResourceId from SMS_G_System_COMPUTER_SYSTEM where Manufacturer like '%Dell%' and Model = 'Optiplex 755')

If that doesn't work for your situation, could you use your OU structure to separate laptops and desktops, then point the different advertisements at their respective targets?  The criteria would use your current group check, plus adding the laptop OU  membership and the desktop OU membership to the mix.

select SMS_R_System.ResourceID,SMS_R_System.ResourceType,SMS_R_System.Name,SMS_R_System.SMSUniqueIdentifier,SMS_R_System.ResourceDomainORWorkgroup,SMS_R_System.Client from SMS_R_System where SystemGroupName = "DOMAIN\\BBMS-FSD-SpecialEd" AND SystemOUName like "DOMAIN/Somewhere/Students/Computers/Lab 166"




skissinger -> RE: Creative Thinkers... a challenge (6/6/2008 7:03:10 AM)

I have to target to users in a usergroup as well.  Beginning about a few years ago, where possible, we use this .  That way, the collection membership is computer objects, not the usergroup -- which as you know the usergroup means that anywhere that user logs in, if it's fits the program's prerequisites which is usually just "xp workstation", it'll deserve the application.  You may have to tweak the collection update settings, and possibly the # of times that user accounts are discovered in AD so that when a new user is added to a usergroup in AD, the SMS Collection query is updated within an acceptable time frame.

We use Steve Bobosky's SLAT 1.2.3 to get highest ranked user; but if you are on SP3 you could adjust the queries involved to use TopConsoleUser.  If you create two collections with the same query, but one collection is limited to a pre-existing collection of "all laptops", and the other collection query is limited to "all desktops"; should work out fine.

If you can convince the power-that-be to put computer objects in those usergroups, and not users in those usergroups, Mike's queries are great.  I lost that battle.



mp115 -> RE: Creative Thinkers... a challenge (6/6/2008 9:15:56 AM)

quote:

ORIGINAL: skissinger

I have to target to users in a usergroup as well.  Beginning about a few years ago, where possible, we use this .  That way, the collection membership is computer objects, not the usergroup -- which as you know the usergroup means that anywhere that user logs in, if it's fits the program's prerequisites which is usually just "xp workstation", it'll deserve the application.  You may have to tweak the collection update settings, and possibly the # of times that user accounts are discovered in AD so that when a new user is added to a usergroup in AD, the SMS Collection query is updated within an acceptable time frame.

We use Steve Bobosky's SLAT 1.2.3 to get highest ranked user; but if you are on SP3 you could adjust the queries involved to use TopConsoleUser.  If you create two collections with the same query, but one collection is limited to a pre-existing collection of "all laptops", and the other collection query is limited to "all desktops"; should work out fine.

If you can convince the power-that-be to put computer objects in those usergroups, and not users in those usergroups, Mike's queries are great.  I lost that battle.


I lucked out in that arena, that's for sure.  My upper managers don't really want to be involved in the infrastructure side of it, so they let us have free reign on how to use group memberships for SMS.  We had to end up pulling permissions from our field techs so they couldn't manipulate OU's and in it's place, we set them up with the ability to use Computer Groups... those are so easy to use, it's not funny.



skissinger -> RE: Creative Thinkers... a challenge (6/6/2008 11:10:47 AM)

quote:

I lucked out in that arena, that's for sure. 
You sure did.  Our licensing group uses their own database for keeping track of licensing, and it's all based around that a user is assigned a license code.  They had to do all kinds of things using the "notes" field in their home-grown db when more and more people started having multiple computers, or have a physical computer and a virtual computer but log into both with their production ID.  Of course our team is the one that has to advertise sometimes to 'where highest ranked user is in group abc', and sometimes to the usergroup, but also the computer names of these 12 machines, but don't add the users to the usergroups, because they have multiple machines.  Needless to say... it's messy. 

So Todd, if you can get the "right" people in your organization to read this thread, or you explain the issues to them that "adding a computer name to a usergroup is no more or less work than adding a username to a usergroup" -- maybe you can get it working as seemlessly as Mike has.  It would definitely be worth it to you in the long run.



rbennett806 -> RE: Creative Thinkers... a challenge (6/9/2008 10:45:49 PM)

I guess I'd think about just taking the wimpy way out and use a VBScript. Have the script check either the chassis type and/or domain group memberships of the computer running it to determine if the application should be run and what flavor it should get.

Just a snippet of code if you decide to explore this route...
Set colWin32_SystemEnclosure = objWMI.InstancesOf("Win32_SystemEnclosure")
For Each objItem In colWin32_SystemEnclosure
  intChassisType = objItem.ChassisTypes(0)
  If intChassisType > 7 and intChassisType < 15 then
      ' This should be a laptop.
      strLaptop = "YES"
  End If
Next
If strLaptop = "YES" Then
  ' Attempts to install the mobile client.
Else
  ' Attempts to install the desktop client.
End If

Of course you'd first check the domain group memberships to determine if it should even get to the point of checking to see if it's a laptop or a desktop.

Just a thought...



EdwardKK -> RE: Creative Thinkers... a challenge (6/10/2008 2:45:23 PM)

We have a similar situation.  Our OUs and groups are organized by location.  So in an office, we have a laptop group and a desktop group for that location (NY  Laptops, NY Desktops, etc. for each office).  We also have a computer group for each location (NY Computers) which is populated with both of those groups.  A computer account is placed in the appropriate local desktop or laptop group. and that's it.  The local computer group is then populated with only the local laptop and desktop groups.  And then all of these groups populate other laptop, desktop and computer groups at a regional and forest-wide way. 

In this way, I can target a laptops, desktops or all computers in local, regional or forest wide models.  My collections in SMS simply then look for systems in the groups I want and I have it update my collections a few times a day.  Using this my VPN client packages are only deployed to machines in the laptop groups, and desktops never see them, but something like Office goes to all computers.  I can also target GPOs to these groups as needed as well. 

It also gives me a little flexibility as we can leave a machine out of the group, and still have it in an AD OU for some policies or packages should I need it.



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.296875