SCCM 2012 - Global Conditions for AD Security Groups
Hello,
I have been trying to wrap my head around this problem. I am an SCCM 2007 administrator and we are porting over our packaged applications to SCCM 2012. Some of our packages have multiple programs attached to them. The programs attached to some of our packages define certain settings a group will get. For example "Package A" is used by 3 different business units and each has a certain configuration, so Program 1 will perform a slightly different configuration then program 2 or 3. Here inlays the problem, one of the major differences with the Application model in SCCM 2012 is that you can have multiple deployment types but they will be sequentially run at deployment time with whatever requirements are met.
One way I have been trying to get around this with little luck is create a scripted Global Condition that will pull back a list of all the groups a user is in.
$Raw = C:\Windows\system32\whoami
$isgroup = $Raw | %{$_.Split(",")[0] } | %{ $_ -replace ","""}
Return $isgroup
If run this in PowerShell it will return every single group a user is in from their current logged on system, each group is displayed on a new line. I have also tried to make them display all in one line
$sg = $isgroup -join ' '
Return $sg
Since I know each group will have an Active Directory Security Group that is unique to the business unit I can then add that requirement set the operator to "Contains" and the value to "Domain\ADGroup" in the Requirements tab in the deployment type.
When I go to deploy the application this explicitly fails out during the Requirements evaluation phase.
Has anyone been able to resolve this problem? Or is this a limitation of SCCM 2012?
I have seen examples online which basically run the whoami tool and compare it to a static group within the script. I do not want to create dozens of these Global Conditions. I would like to tackle this with one condition.
Any ideas would be appreciated.
I have been trying to wrap my head around this problem. I am an SCCM 2007 administrator and we are porting over our packaged applications to SCCM 2012. Some of our packages have multiple programs attached to them. The programs attached to some of our packages define certain settings a group will get. For example "Package A" is used by 3 different business units and each has a certain configuration, so Program 1 will perform a slightly different configuration then program 2 or 3. Here inlays the problem, one of the major differences with the Application model in SCCM 2012 is that you can have multiple deployment types but they will be sequentially run at deployment time with whatever requirements are met.
One way I have been trying to get around this with little luck is create a scripted Global Condition that will pull back a list of all the groups a user is in.
$Raw = C:\Windows\system32\whoami
$isgroup = $Raw | %{$_.Split(",")[0] } | %{ $_ -replace ","""}
Return $isgroup
If run this in PowerShell it will return every single group a user is in from their current logged on system, each group is displayed on a new line. I have also tried to make them display all in one line
$sg = $isgroup -join ' '
Return $sg
Since I know each group will have an Active Directory Security Group that is unique to the business unit I can then add that requirement set the operator to "Contains" and the value to "Domain\ADGroup" in the Requirements tab in the deployment type.
When I go to deploy the application this explicitly fails out during the Requirements evaluation phase.
Has anyone been able to resolve this problem? Or is this a limitation of SCCM 2012?
I have seen examples online which basically run the whoami tool and compare it to a static group within the script. I do not want to create dozens of these Global Conditions. I would like to tackle this with one condition.
Any ideas would be appreciated.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.