+ Post New Thread
Results 1 to 6 of 6
Enterprise Software Thread, SCCM 2012 - Group membership query in Technical; Im in the process of migrating away from sophos and onto Endpoint protection. Im looking to create a collection which ...
  1. #1

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199

    SCCM 2012 - Group membership query

    Im in the process of migrating away from sophos and onto Endpoint protection.

    Im looking to create a collection which membership rules are 'has sophos but doesn't have endpoint protection'

    How would I go about this please, the SCCM queries baffle me

  2. #2

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,841
    Thank Post
    569
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    Without being by an SCCM console, I can't say precisely but like for collections & software deployment you can query by MSI code - or indeed by the presence of a file. So if sophos.exe exists in it's normal installation path, or the MSI GUID is present AND the MSEP is NOT present (again either by file or MSI code) - bob's your uncle. If you don't get an answer tonight I'll take a look in the morning for you.

  3. Thanks to synaesthesia from:

    RabbieBurns (24th February 2014)

  4. #3

    synaesthesia's Avatar
    Join Date
    Jan 2009
    Location
    Northamptonshire
    Posts
    5,841
    Thank Post
    569
    Thanked 994 Times in 766 Posts
    Blog Entries
    15
    Rep Power
    460
    Argh I see what you mean. The query isn't quite the same as the ones used in software deployment to see if something already exists!

  5. #4

    RabbieBurns's Avatar
    Join Date
    Apr 2008
    Location
    Sydney
    Posts
    5,512
    Thank Post
    1,320
    Thanked 469 Times in 306 Posts
    Blog Entries
    6
    Rep Power
    199
    Im abandoning the idea, and instead just going to go after computers that have Sophos installed.

    Ive got a remove_sophos.bat file from Sophos, which works great when run manually from an elevated command prompt, however I cannot seem to get it to work via SSCM.

    Ive created the package with the .bat as the program, it seems to deploy and run but its not removing sophos

    Anyone got a better method with SCCM to remove Sophos?

  6. #5
    Norphy's Avatar
    Join Date
    Jan 2006
    Location
    Harpenden
    Posts
    2,227
    Thank Post
    50
    Thanked 271 Times in 209 Posts
    Blog Entries
    6
    Rep Power
    108
    Is Sophos installed with an MSI? If so, you'd be better adding Sophos as an application to SCCM and creating a deployment to remove said application to the Sophos collection that you created

  7. #6
    jaminben's Avatar
    Join Date
    Oct 2012
    Location
    Norfolk
    Posts
    215
    Thank Post
    46
    Thanked 15 Times in 14 Posts
    Rep Power
    6
    This probably isn't going to be much help to you but I did have success when using a package and .bat file to remove Sophos with SCCM so it does work.

    IIRC all I did was to add the .bat file to the command line field in the package program and made sure 'Program can run: Whether or not a user is logged on' was selected.

    Apart from that I don't think there was anything special about it.

    EDIT

    To obtain the list of computers I ran a report from SCCM looking for sophos.exe (or something similar) and used a find and replace to create the query in notepad++.

    The query I used was a simple:

    Code:
    select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Name = "ComputerName" 
    or SMS_R_System.Name = "ComputerName" 
    or SMS_R_System.Name = "ComputerName" 
    or SMS_R_System.Name = "ComputerName"
    EDIT 2

    Actually I just made a better query which finds chrome.exe but you could swap it out for sophos.exe or something similar:

    Code:
    select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_SoftwareFile on SMS_G_System_SoftwareFile.ResourceId = SMS_R_System.ResourceId where SMS_G_System_SoftwareFile.FileName = "chrome.exe"
    Last edited by jaminben; 26th February 2014 at 09:07 AM.

  8. Thanks to jaminben from:

    RabbieBurns (26th February 2014)

SHARE:
+ Post New Thread

Similar Threads

  1. Replies: 6
    Last Post: 31st July 2013, 03:20 AM
  2. Replies: 4
    Last Post: 29th July 2009, 02:49 PM
  3. [ASP.net] Show webpage based on group membership
    By MK-2 in forum Web Development
    Replies: 1
    Last Post: 9th April 2009, 11:53 AM
  4. Group Policy Query
    By acrobson in forum Windows
    Replies: 1
    Last Post: 4th May 2008, 02:26 PM
  5. Group Membership Woes (Need Help)
    By ICTNUT in forum Windows
    Replies: 11
    Last Post: 2nd December 2005, 03:19 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •