Solved

SCCM 2012 - Global Conditions for AD Security Groups

Posted on 2013-06-20
1
1,091 Views
Last Modified: 2013-09-05
Hello,
 
I have been trying to wrap my head around this problem. I am an SCCM 2007 administrator and we are porting over our packaged applications to SCCM 2012. Some of our packages have multiple programs attached to them. The programs attached to some of our packages define certain settings a group will get. For example "Package A" is used by 3 different business units and each has a certain configuration, so Program 1 will perform a slightly different configuration then program 2 or 3. Here inlays the problem, one of the major differences with the Application model in SCCM 2012 is that you can have multiple deployment types but they will be sequentially run at deployment time with whatever requirements are met.
One way I have been trying to get around this with little luck is create a scripted Global Condition that will pull back a list of all the groups a user is in.
 
$Raw = C:\Windows\system32\whoami /groups /fo csv /nh
$isgroup = $Raw |  %{$_.Split(",")[0] } | %{ $_ -replace ","""}
Return $isgroup
 
If run this in PowerShell it will return every single group a user is in from their current logged on system, each group is displayed on a new line. I have also tried to make them display all in one line  
$sg = $isgroup -join ' '
 Return $sg
 
Since I know each group will have an Active Directory Security Group that is unique to the business unit I can then add that requirement set the operator to "Contains" and the value to "Domain\ADGroup" in the Requirements tab in the deployment type.
 
When I go to deploy the application this explicitly fails out during the Requirements evaluation phase.
 
Has anyone been able to resolve this problem? Or is this a limitation of SCCM 2012?
 
I have seen examples online which basically run the whoami tool and compare it to a static group within the script. I do not want to create dozens of these Global Conditions. I would like to tackle this with one condition.
 
Any ideas would be appreciated.
0
Comment
Question by:osstesteast
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 18

Accepted Solution

by:
Mike T earned 500 total points
ID: 39322465
Hi,

I think I can see what you're trying to do. If I recap with an example of what it sounds like you have setup.

Business units:
France
Germany
Spain

Apps
Visio

2007
Visio package
    Program: Install Visio /French.xml
    Program: Install Visio /German.xml
    Program: Install Visio /Spanish.xml

If so, have you tried just using a task-sequence instead. I had to deploy a package that someone in their wisdom in the past had split into 8 different MSIs and then installed them according to what OU and machine was used. It worked fine in AD but getting dependencies to work failed miserably.
My solution was to create a new task-sequence for each type of machine (6 max) and then control the targeting using the WMI conditions, with collections targeting the specific OUs.

The above Visio bundle would be a simple group with a condition on the outer group and then finer conditions on each sub-step.

There may well be a simpler way using deployments but I'd need to look at my lab machine and experiment. Task-sequences simplify it greatly.

If I've misunderstood please post a picture or three if you can :).

Mike
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
The viewer will learn how to create two correlated normally distributed random variables in Excel, use a normal distribution to simulate the return on different levels of investment in each of the two funds over a period of ten years, and, create a …
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question