You definitely "could" have this happen if your requirement rules are not setup correctly.
From: [email protected] [mailto:[email protected]] On Behalf Of Matt Browne Sent: Tuesday, March 03, 2015 9:50 AM To: [email protected] Subject: RE: [mssms] Deploy applications using AD groups. We tend to target our software to computer collections only, with one or two exceptions. If you target the software to a user exception you could get in the situation where the software gets installed on every machine the user logs into. We never deploy software to the user and computer collections at the same time. I’ve just never needed to do this. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of sccmfun Sent: 03 March 2015 15:11 To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] Deploy applications using AD groups. Thanks Matt. John you use the same exact WQL query that Matt uses for your collections? When you say all your software is done using AD user groups, so you always target only the user, you don’t put computers into AD groups and target them also? Another question: When you look in System Resource (computer collection), there is a Security group name and System Group name, does anyone know what the difference is? Same question when looking at User Resource (user collection) there is a Security group name and User Group name, does anyone know what the difference is? Thanks From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Marcum, John Sent: Tuesday, March 3, 2015 9:58 AM To: '[email protected]' Subject: RE: [mssms] Deploy applications using AD groups. +1 Doing it that way means the user doesn't even have to log out and back in before the software is deployed. ALL of my software is done this way using AD user groups and the app model. From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Matt Browne Sent: Tuesday, March 03, 2015 4:55 AM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] Deploy applications using AD groups. The collection query we use for users and computers is : Computers : select SMS_R_System.ResourceId, SMS_R_System.ResourceType, SMS_R_System.Name, SMS_R_System.SMSUniqueIdentifier, SMS_R_System.ResourceDomainORWorkgroup, SMS_R_System.Client from SMS_R_System where SMS_R_System.SystemGroupName = "DOM\\GROUP_NAME_FROM_AD" Users : select SMS_R_USER.ResourceID,SMS_R_USER.ResourceType,SMS_R_USER.Name,SMS_R_USER.UniqueUserName,SMS_R_USER.WindowsNTDomain from SMS_R_User where SMS_R_User.UserGroupName = "DOM\\GROUP_NAME_FROM_AD" Make sure the collection is set to incremental updates and you should be good to go. It’s not instant, but the software should go out in a few minutes. Hope that helps From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of sccmfun Sent: 03 March 2015 10:42 To: [email protected]<mailto:[email protected]> Subject: [mssms] Deploy applications using AD groups. What is the best way to create a collection to deploy software to users/computers based off of AD Group Should I populate the collection using the security group name, in which case the collection only has 1 member (ex: contoso\winzip) or should I create the collection so it returns the members of the group so it shows the actual objects (ex: 15 users/computers)? I thought I remember something that the collection needs to have the actual computer/user names returned and not just the 1 group name returned or users/computers would need to logoff/logon for their token to refresh before they receive the policy. Does anyone have the query they use? My goal is to create a collection based off AD group (ex: contoso\winzip) and have the least amount of wait/interaction from the user. Thanks ________________________________ Information in this message is sent in confidence and is intended only for the use of the individual or entity to whom it is addressed. If you are not the intended recipient, any use, distribution or copying of the information is strictly forbidden. Please notify the sender immediately by return email or telephone 01823 721400. If you received this email in error please delete it and any copies of it from your system. Viridor Waste Management Limited Registered Office: Peninsula House, Rydon Lane, Exeter EX2 7HR Registered in England No. 575069 ________________________________ ________________________________ Confidentiality Notice: This e-mail is from a law firm and may be protected by the attorney-client or work product privileges. If you have received this message in error, please notify the sender by replying to this e-mail and then delete it from your computer. ________________________________ Information in this message is sent in confidence and is intended only for the use of the individual or entity to whom it is addressed. If you are not the intended recipient, any use, distribution or copying of the information is strictly forbidden. Please notify the sender immediately by return email or telephone 01823 721400. If you received this email in error please delete it and any copies of it from your system. Viridor Waste Management Limited Registered Office: Peninsula House, Rydon Lane, Exeter EX2 7HR Registered in England No. 575069 ________________________________
