The token needs to renew when you add a new object to a group logoff/logon is required.
I've done both in the past. I would use members of a group instead, the user gets added directly to the collection and no logoff is required I believe. Test. Cesar On Mar 3, 2015 7:14 AM, "sccmfun" <[email protected]> wrote: > Thanks Matt. > > > > John you use the same exact WQL query that Matt uses for your > collections? When you say all your software is done using AD user groups, > so you always target only the user, you don’t put computers into AD groups > and target them also? > > > > Another question: > > > > When you look in System Resource (computer collection), there is a > Security group name and System Group name, does anyone know what the > difference is? > > > > Same question when looking at User Resource (user collection) there is a > Security group name and User Group name, does anyone know what the > difference is? > > > > Thanks > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *Marcum, John > *Sent:* Tuesday, March 3, 2015 9:58 AM > *To:* '[email protected]' > *Subject:* RE: [mssms] Deploy applications using AD groups. > > > > +1 > > > > Doing it that way means the user doesn't even have to log out and back in > before the software is deployed. *ALL *of my software is done this way > using AD user groups and the app model. > > > > > > > > > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Matt Browne > *Sent:* Tuesday, March 03, 2015 4:55 AM > *To:* [email protected] > *Subject:* RE: [mssms] Deploy applications using AD groups. > > > > The collection query we use for users and computers is : > > > > Computers : > > select SMS_R_System.ResourceId, SMS_R_System.ResourceType, > SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, > SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from > SMS_R_System where SMS_R_System.SystemGroupName = "DOM\\GROUP_NAME_FROM_AD" > > > > Users : > > select > SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain > from SMS_R_User where SMS_R_User.UserGroupName = "DOM\\GROUP_NAME_FROM_AD" > > > > Make sure the collection is set to incremental updates and you should be > good to go. It’s not instant, but the software should go out in a few > minutes. > > > > Hope that helps > > > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *sccmfun > *Sent:* 03 March 2015 10:42 > *To:* [email protected] > *Subject:* [mssms] Deploy applications using AD groups. > > > > What is the best way to create a collection to deploy software to > users/computers based off of AD Group > > > > Should I populate the collection using the security group name, in which > case the collection only has 1 member (ex: contoso\winzip) or should I > create the collection so it returns the members of the group so it shows > the actual objects (ex: 15 users/computers)? I thought I remember > something that the collection needs to have the actual computer/user names > returned and not just the 1 group name returned or users/computers would > need to logoff/logon for their token to refresh before they receive the > policy. > > > > Does anyone have the query they use? My goal is to create a collection > based off AD group (ex: contoso\winzip) and have the least amount of > wait/interaction from the user. > > > > Thanks > > > > > ------------------------------ > > Information in this message is sent in confidence and is intended only for > the use of the individual or entity to whom it is addressed. If you are not > the intended recipient, any use, distribution or copying of the information > is strictly forbidden. Please notify the sender immediately by return email > or telephone 01823 721400. If you received this email in error please > delete it and any copies of it from your system. > > Viridor Waste Management Limited > Registered Office: Peninsula House, Rydon Lane, Exeter EX2 7HR Registered > in England No. 575069 > ------------------------------ > > > ------------------------------ > > > Confidentiality Notice: This e-mail is from a law firm and may be > protected by the attorney-client or work product privileges. If you have > received this message in error, please notify the sender by replying to > this e-mail and then delete it from your computer. > > > >

