<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

SCCM 2012 Application Approval workaround

Published on
15,210 Points
8,410 Views
3 Endorsements
Last Modified:
Approved
SCCM 2012 Application Approval Process Problem

I am not sure how many of you use the new feature in SCCM called “Application Catalog” to allow users to request & install software.

Well we have implemented it to control what software gets installed & allow us to get users to request software.

Now one problem we had with this was that we would never know that a user has requested an application for approval unless we constantly refreshed the “Approval Requests” tab in the SCCM console. This was a big issue for us as we needed our SAM to be notified when new requests were made & then to be able to approve without having to go into the console to approve.

This is the solution we came up with


Systems Used

•      SCCM 2012 SP1
•      Orchestrator 2012 SP1
•      Visual Studio 2010
•      HP Service Manager
•      Active Directory


Thanks To the following people:
•      For the integration into our HP system I thank our local HPSM guys
Chris.Visagie
•      For providing the outline of the runbooks which contained the PowerShell scripts as well as an idea for the ASP.Net page.
Neil Peterson  - http://blogs.technet.com/b/neilp/archive/2012/09/25/configuration-manager-application-request-notification-and-approval-solution.aspx
As you will see in my article I have changed the layout a bit to suit my needs & my environment.
•      For providing the SCORCH IP’s
http://technet.microsoft.com/en-us/library/hh295851.aspx


Firstly what we did was import the needed IP’s into Orchestrator
•      SC Configuration Manager IP
•      Data Manipulation IP
•      HP Service Manager
•      Active Directory IP

Then we created the 3 needed Runbooks, as stated before you will get the same 3 from the above link provided by Neil but I have changed them a bit as follows:

•      CM Gather Requests
Gather Requests RunbookHere I am running a SQL query to collect all the data on each request from the application catalog in SCCM made by users.
Gather all requests activityThen the next link would be to split the fields
Split fields activityWe would then create link filters where we would let the respective “leg” of the runbook run according to the result from true or false on the query, so if there was a request equal to or less than 2 min then the “First Mail” would be fired off sending a mail to the software asset manager detailing the request.
First Mail activityMail Body would be as below
Mail BodyThe Software asset manager will get the following example mail where a link will be provided to the ASP page so that he can approve or deny the request.
Approval MailWhere they would then be taken to the following page after clicking on the link
ASP.Net linkI have set my runbook to run every 2 min as done by Neil but I have run it from the Task Scheduler using the Runbook command tool which you can find anywhere on the net.

So as you can see above the runbook will send another mail if the request has not been looked at by the SAM in 1 day & then it will auto deny the request after 10 days of no activity where it will invoke the next required runbook.



•      CM Approval Mail
CM Approval RunbookThis runbook would be doing the call logging, letting the user know if their request has been approved as well as adding the machine to the SCCM collection for install if approved.
Initialize Data ActivityInitialize data inputted from the ASP.Net page that was filled in by the SAM

You would then run the below activity that would run the PowerShell script to approve or deny the request & this entry would be taken from the “Initialize data”
Run.Net Script ActivityI then gather data about the specific request to get the details of the user as well as the application.
Gather data about the request activityIf the request has been approved it will follow my link filters & automatically log a call in HPSM for the requesting user as well as add the user’s computer to the respective SCCM collection, update the machine policy as well as run an application eval cycle.

The Following Activity will add the requesting users machine to the SCCM collection that was collected from the "Gather Data about the request"
Add to collection
The "Update Machine Policy" client action activity will then be run to force the client to look for any new/updated policies.
Update Machine Policy
Next the "Application Deployment Evaluation" client activity will be run so that the agent can get the notification that an application is ready to be installed.
Application Deployment Evaluation
This will then fire off the application install automatically & will start the setup of the requested application.


You will notice that in this runbook is the “Get Email Address” runbook invoke
This would run the next required runbook which would get the requesting users email address & then send them a mail letting them know if the SAM approved or denied their request & what the reason was.

•      Get Emails
Get EmailsThis would get the username from the “Gather data about the request” & then split the domain field & then query AD for the user’s details returning the email address to the original runbook.

If needed i can mail you the runbook export which would give you a starting point

Please note, there is the new “Application Approval Workflow” which can be downloaded here

http://www.microsoft.com/en-us/download/details.aspx?id=29687

I have not used this approach as it makes my users have to go to 2 different portals, the SCCM one as well as the SCSM (System Center Service Manager) & I wanted them to not have to many areas to go to.

We are also working on auto quoting workflow if the user does not have a license which would then be incorporated into the “CM Approval Mail” runbook & will give the SAM an extra option to select something like “No License”

Also, although there might be a lot of data similar to this it has been difficult to find a solution that helped us & many of my other colleagues  get the complete solution like this allowing us to automate almost all of the process, even installing the application for us.


Thanks
3
2 Comments

Expert Comment

by:James Avery
Leon,

Have you finished the "We are also working on auto quoting workflow if the user does not have a license which would then be incorporated into the “CM Approval Mail” runbook & will give the SAM an extra option to select something like “No License”?

I'm working on creating one like this as well and I wanted to know if you have completed it and if I can borrow the code?

I want to also add the "Optional Reference" field in the application to signify if the application requires a license or not. Thoughts?

James
0
LVL 9

Author Comment

by:Leon Taljaard
Hi James

Sorry for the late reply, it has been madness :)

I have not had a chance to get going with the Application Approval work flow because I have been focusing on some other urgent requirements that were needed like New Infrastructure Requests/Quotes, New Drive Backup Requests, Telephone Requests and now currently New Desktop/Laptop and personal Equipment requests.

Now all of the above work from a custom web page where the user inputs their details and either gets the quote directly on the page dynamically or requests the quote from our Facilities team and then gets the quote back for approval before order. Really very cool, and the back end is all SCSM, Orchestrator and some custom DB's :)

What I was thinking about is looking at taking our local DB which our software asset manager currently looks at and then every time there is a request for an application then I reference that DB and if they are not found then it would send them a link or a price for that requested application where they would either use the link to say approve and be required to fill in a form with their cost code and so on and then only approved afterwards.

I have so many ideas on it but it is just to get it going, I know this doesn't help you much right now but if you would like more help or ideas let me know and I would be more than willing to help anytime, it might be a little delayed but I will always reply :)

If I get this quoting going for the application approval I will most definitely share this with you.

Let me know

Thanks
0

Featured Post

IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Microsoft Office 365 Backup and Restore Solution by SysTools to export Office 365 mailbox to PST / EML file format on Windows OS. On Mac, tool backup O365 to PST / MBOX / MSG / EML / EMLX file formats. Not only this, restore option helps to import s…
I've published three five-minute Experts Exchange video Micro Tutorials that describe terrific features in an excellent, free PDF product called PDF-XChange Editor: How to rotate pages in a PDF with free software (https://www.experts-exchange.com…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month