I ran into the same problem and did what Jason mentioned. Luckily, our tech’s
have an “admin” (-a) account that they (are supposed to) use in that scenario
so I regularly run the following script to remove them from all machines they
get auto-assigned to by UDA. If your techs are using their regular domain
account and do not have a separate admin account, then you’ll have to run this
for each user individually. Or you could try loading up all of their userid’s
into one variable and do a foreach loop.
$ConfigMgrModulePath = Join-Path
($Env:SMS_ADMIN_UI_PATH.ToString().SubString(0,$Env:SMS_ADMIN_UI_PATH.Length –
5)) "ConfigurationManager.psd1"
# Load the PowerShell module for ConfigMgr
Import-Module $ConfigMgrModulePath
# Enter PSDrive
cd "$((Get-PSDrive -PSProvider CMSite).Name):"
# Create variable to hold results for reporting at the end
$results = @{}
# Gather all userids
$users = Get-CMUser -Name "*-a" | Select SMSID
ForEach ($user in $users) {
# Get the assigned devices for each userid
$UDAs = Get-CMUserDeviceAffinity -Username $user.SMSID | Select
UniqueUserName, ResourceName, ResourceID
# Go through each and remove the UDA association
ForEach ($UDA in $UDAs)
{
# Add results to variable for reporting in Out-GridView below
$results.add($UDA.ResourceName,$UDA.UniqueUserName)
# Uncomment the line below to do the work!
#Remove-CMUserAffinityFromDevice -DeviceId $UDA.ResourceID -UserName
$UDA.UniqueUserName -Force -Confirm:$False
}
}
$results | Out-GridView
From: [email protected] [mailto:[email protected]] On
Behalf Of Jason Sandys
Sent: Friday, May 20, 2016 10:44 PM
To: [email protected]
Subject: RE: [mssms] Is it possible exclude IT staff from Automatic User Device
Affinity?
No, but you should be able to script it pretty easily to remove users from
devices based upon some custom criteria and then run the script peridocially.
J
From: [email protected]<mailto:[email protected]>
[mailto:[email protected]] On Behalf Of Steve Whitcher
Sent: Friday, May 20, 2016 10:25 AM
To: [email protected]<mailto:[email protected]>
Subject: [mssms] Is it possible exclude IT staff from Automatic User Device
Affinity?
I've got automatic User Device Affinity enabled, and for the most part it works
fairly well. However, IT staff sometimes end up getting associated with a
device that isn't their primary device. For example, after our desktop tech
images a computer, he logs in to change a couple of settings and make sure
everything worked right. If he doesn't log out, and leaves the computer on the
bench over the weekend, he's over the threshold of 2880 min in 15 days and the
device is set as one of his primary devices. It hits in other circumstances
and with other IT staff sometimes as well.
Is there any way to exclude specific users from automatic User Device Affinity?
________________________________
Confidentiality Notice: This e-mail is intended only for the addressee named
above. It contains information that is privileged, confidential or otherwise
protected from use and disclosure. If you are not the intended recipient, you
are hereby notified that any review, disclosure, copying, or dissemination of
this transmission, or taking of any action in reliance on its contents, or
other use is strictly prohibited. If you have received this transmission in
error, please reply to the sender listed above immediately and permanently
delete this message from your inbox. Thank you for your cooperation.
