I know why :-) This is why I did not use security groups.
IF.... If the ad is set to run on members of a collection and you added the AD group directly instead of doing a query for members of the AD group, the policy tells the client "if you are a member of this AD Group THEN you should install X...." The problem is when you add a user or a machine to an AD group it never finds out until it reboots or for the user when they log off and on. The group membership is contained in the Kerberos ticket, and that gets issued at boot or expoiration time. If you are using a query based collection and then advertising to the members of the collection then this would not apply. On Fri, Jul 19, 2013 at 8:32 AM, Stuart Watret <[email protected]>wrote: > Yes Phil, that sums it up. > > > > The collection gets the group added ok, if i query the members of the > group via sccm it shows the members; but the clients don't pickup the > advert for hours. > > > > Our clients are set to 3 minute polling interval......... > > > > Generally the process is felt to be quick and smooth, existing adverts > with a new user added to the group (after the initial slowness) are almost > instantly seeing the advert; so we had been getting these groups created > and populated in advance, which was fine, but occasionally we get caught > out. > > > > Stuart Watret > > Offshore - IT Ltd > ------------------------------ > *From:* [email protected] [[email protected]] > on behalf of Schwan, Phil [[email protected]] > *Sent:* 19 July 2013 13:31 > *To:* [email protected] > *Subject:* [mssms] RE: slow advert deployment to security groups > > So you’re saying the collections show the users being added in a timely > manner, but the clients aren’t seeing the resultant deployment for 12-24 > hours? > > > > What do you have the clients set to as far as software deployment > evaluation cycle? > > > > -Phil > > _________________________________________________________________ > > Phil Schwan | Technical Specialist, Enterprise Windows Services > > *Project Leadership Associates** *|* *2000 Town Center, Suite 1900, > Southfield, MI 48075 > > Mobile: 419.262.5133 > > www.projectleadership.net > > *[image: Description: Description: Description: Arrow email] **Lead with > Strategy. Leverage Technology. Deliver Results.* > > [image: linkedin_logo-19x20] <http://www.linkedin.com/in/philschwan>[image: > Twitter-Logo1-20x20] <https://twitter.com/philschwan> [image: > wordpress-logo3] <http://myitforum.com/myitforumwp/author/philschwan> > > > > > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Stuart Watret > *Sent:* Friday, July 19, 2013 8:15 AM > *To:* [email protected] > *Subject:* [mssms] slow advert deployment to security groups > > > > SCCM 2012 (not sp1) > > Single Site > > > > This has been happening for a while, but I've worked round it; but the > "just in time" nature of stuff here has brought the issue to the forefront. > > > > User Collection with an AD Security Group as a member. > > Advert targeted at that collection. > > > > Advert may take 12/24 hrs to appear in the Application Catalogue. > > > > Querying the group in sccm, reveals all the users who are members, there > are no backlogs in discovery processes and everything looks good. > > > > Any thoughts on why the delay, or where to start checking? > > > > Stuart Watret > > Offshore - IT Ltd > > > ------------------------------ > > > PRIVILEGED AND CONFIDENTIAL. This email and any files transmitted with it > are privileged and confidential and intended solely for the use of the > individual or entity to whom they are addressed. If you have received this > email in error please notify the sender. If you are not the named addressee > you should not disseminate, distribute or copy this e-mail or any of its > attachments. > > > > >
<<image001.jpg>>
<<image003.jpg>>
<<image004.jpg>>
<<image002.jpg>>
