locked
ou-based WMI query? RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Hi there,

    we would like to add a step in task sequence for installing a software package IF the computer is a member of a specific OU in active directory - anyone knows if this is possible at all?

    Best,

    Sebastian

    Friday, February 28, 2014 11:43 AM

Answers

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    Why do you do it in task sequence? Why don't you use the application model and requirements where it's already built in?

    Friday, February 28, 2014 12:00 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    You could try using a script like http://gallery.technet.microsoft.com/scriptcenter/Script-to-determine-the-OU-5a22a0e0 and set a task sequence variable that can be used as a condition for a Install Software step then.

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, February 28, 2014 1:05 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    thank you for your answer.

    well i have 2 situations where i would need a ou-based wmi query.

    a) first we want to deny all computers within a specific ou access to software center and

    b) we want to install a specific software on all computers in a different ou

    situation b) could be solved with your solution, thank you for this. but this solution does not work for situation a) ..?

    Friday, February 28, 2014 1:24 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    thank you for this, i will take a look into that.
    Friday, February 28, 2014 1:27 PM
  • Question
    Sign in to vote
    1
    Sign in to vote

    If it is an actual Package in the SCCM sense and not a "package" in the general sense then you need to use a script. I had to use this during the days of Altiris at a customer while i migrated them over to SCCM. This isn't pretty but it gets the job done. YOu need to get the ADDSTools so you can use the DSQuery:

    REM Check Machine OU for NO UAC

		for /f "delims=* usebackq" %%a in (`@Z:\Microsoft\ADDSTools\dsquery computer -name %Computername%`) do @set computer=%%a
		set ou=%computer:"=%
		set ou=%ou:*,OU=OU%
		IF "%OU%" NEQ "OU=Laptops,OU=Computers,DC=<domain>,DC=com" (goto :error) ELSE (goto :success)
		if %errorlevel% NEQ 0 goto :error
		goto :end
	:success
		Exit 5550
	:error
		Exit 5551
	:end
		Exit %errorlevel%

    It basically checks the machines OU and says "if it isn't in this OU error out, if not run something. You can change the custom error codes and add your install command line into the ":success" section.

    If it is an application (which you should really be putting all things into apps now with the new model) then in the application itself do the following:

    • Open your deployment type
    • click the requirements tab
    • click add
    • change the category to device
    • change the condition to Organizational Unit (OU)
    • change the rule type to value
    • change the operator to one of
    • click add
    • click browse
    • find ou and click ok

    As you can see, the application model is amazingly easier than the package model was so it is definitely the desired method of deployment

    Dustin Estes - MCP | www.dustinestes.com

    • Proposed as answer by Dustin Estes Monday, March 3, 2014 2:13 PM
    Friday, February 28, 2014 1:30 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I believe Software Center gets installed as part of SCCM client. I don't think denying access to Software Center is really the right approach. In my opinion, it's the application/package/task sequence deployment that should be managed so that only the intended clients receive those. Not the otherway around.

    Pman
    http://www.pmansLab.com/

    Friday, February 28, 2014 6:00 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Basically, you do a collection of computers where you want to install the app and deploy it there. Simple. You can use your OU in the query for membership.
    • Edited by Narcoticoo Friday, February 28, 2014 8:00 PM
    Friday, February 28, 2014 7:59 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Basically, you do a collection of computers where you want to install the app and deploy it there. Simple. You can use your OU in the query for membership.

    It's SCCM, 1000 ways to skin a cat. Find the one you like the most.

    I prefer to apply the "Requirements" at the application level because thats how the app model is designed. The requirement of the OU to the App is at the app level, not the Collection. You have to be careful not to mix purposes.

    If someone were to go in and delete the collection and the deployment and you came along and tried to fix it and return it to normal you may not know that app has a hard set requirement of a specific OU. Therefore, you lost all of your app intelligence at the Collection level which isn't where it should reside.

    Dustin Estes - MCP | www.dustinestes.com

    Friday, February 28, 2014 8:04 PM
  • Question
    Sign in to vote
    0
    Sign in to vote
    I already mentioned the requirement as first option.
    Friday, February 28, 2014 8:10 PM
  • Question
    Sign in to vote
    1
    Sign in to vote
    I already mentioned the requirement as first option.

    You did. My apologies narcoticoo :-(

    Dustin Estes - MCP | www.dustinestes.com

    Friday, February 28, 2014 8:35 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    No problem :)

    To the original case:

    Are you trying to install this application with OU requirement during Operating System deployment or are you just trying to deploy the application with task sequence?

    Friday, February 28, 2014 8:47 PM