Forums on Intune, SCCM, and Windows 11

Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!

PENDING SCCM 2012 Application deployment with AD integration

Sabach

New Member
Messages
1
Reaction score
0
Points
1
Hello

Im looking for sccm 2012 Application deployment with AD integration ( with security groups ) step by step guide.

Can you please paste link ?

Thanks Alot
 
Actually....i figured it out.


Query:
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "Domain\\Application - Mozilla Firefox"



How I did this was created an OU in AD and Named it Subscriber Applications and in this OU I created application security groups. then:

1. Created the 2 applications (Chrome and Firefox) and Distributed Content.

2. Under Device Collections I created a new folder and named it Applications.

3. In the Applications folder I created 2 Device Collections named: Application - Google Chrome and Application - Mozilla Firefox.

4. For the Limiting Collection I used " All Desktop And Server Clients "

5. On The next screen, clicked add rule and chose the query rule option

6. Name: The Application name exactly has I have it named in my AD security group (Example: Application - Google Chrome)

7.Clicked Edit Query statement then clicked Show Query Language

8. Clear everything in the box and paste the above query.

(make sure to change the last bit to "YOURDOMAINNAME\\YouApplicationSecurityGroupName")

9. Next it all the way.

10. Go to Software Library then right click the application and click deploy.

11. For the Collection on the left pane drop down, change to device collections and locate the application collection we just created. ( you will receive a popup stating that the collection doesn't not contain any members (that's ok), just hit ok.

12.Next it all the way.



Now in AD open up computer properties --> member of --> and add the application group in it.

Mine took about 12 minutes and it deployed it successfully to the PC which was in the Google Chrome group




Can one of give an example of this ?.
 
Now what I would like to do is reverse.

Once I remove the application security group from the computer membership I would like SCCM to uninstall the application.

Prajwal...could you please help with this. I have no clue how to do this....and where to start.


All I could find was:

Removing software from computers because they arent in the AD Security group for it :

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.NetbiosName not in (Select SMS_R_System.NetBiosName from SMS_R_System where SMS_R_System.SystemGroupName = "<Domain>\\<Security Group>") and SMS_R_System.Client = 1 and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "<NAME OF APPLICATION>"
 
Ok so I have tested this and working pretty well for me.

SCCM to uninstall an application when you remove the computer from the Application security group.



I will be using the security group: “ Application – Google Chrome “ as an example.



In Device collections as I previously mentioned I created a folder for applications and created the collections in that folder to deploy applications.

  1. I have created another folder in Device Collections called Applications – Uninstall.
  2. In there I have created a collection called: Application – Google Chrome UN
  3. Limiting Collection: All Desktop And Server Clients
  4. Clicked Add Rule, Query Rule, and named it as Application – Google Chrome UN
  5. Resource Class: System Resources then clicked Edit Query Statement then Show Query Language.
  6. Clear the box and entered:


select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.NetbiosName not in (Select SMS_R_System.NetBiosName from SMS_R_System where SMS_R_System.SystemGroupName = "YourDOMAIN\\YOUR APPLICATION SECURITY GROUP") and SMS_R_System.Client = 1 and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "Google Chrome"



7. Then ok.

8. Clicked on add Rule and this time clicked Exclude Collection and chose the Installation Collection I created in my earlier post.

9. Next it all the way

10. Now we need to deploy the collection we just created.

11. Right clicked then clicked Deploy à application

12. Software – Chose the google chrome application

13. Click Next until you get to Deployment Settings and Change Install to Uninstall.

14. Next it all the way.
 

Forum statistics

Threads
7,026
Messages
27,491
Members
17,677
Latest member
Nairolf

Trending content

Back
Top