sonofsanta (13th July 2012)
sonofsanta (13th July 2012)
Just to give my answer to the original question: I can't really see the point in mimicing AD structure, surely the the beauty of SCCM collections is that you aren't limited to the restrictions of AD OU (with machines being in one group only).
Here is a stripped down version of my collections:
------Year 1 machines
------Year 2 machines
An AD discovery is run on a schedule and new machines are added to 'Entire site'. Most groups below are updated on a schedule by running an SQL query and machines are put in the right group based on their name. For example I name machines on the format <site-code>-<machine-type>-<room>(optional)-<ID>, therefore a teacher laptop would be abc-tl-01, this automatically goes into the 'teacher laptop' group, abc-st-suite-01 goes into 'computer suite', abc-sr-sccm (sccm server) goes into 'servers' etc etc.
Therefore when I migrated to Office 2010 I advertised the package at the 'Workstation' level and chose to apply to sub groups.
Right, 2012 is in, which was actually fairly painless - all the HTTPS stuff worked straight off the bat, possibly as a result of fiddling with 2k7 - and despite the Metro interface and ribbon and everything, it does seem a nicer product; the FEP integration certainly seems nicer.
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType, SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier ,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYST EM.Client from SMS_R_System where SMS_R_System.SystemOUName = "top.level/maincontainer/Computers/Laptops/TeacherLaptops"
I use this to cover all teachers, then specific sub group for departments that require extra software: Art, dt,ict, maths, media. You can then just add "direct rules" for those teachers laptops that aren't in the specificed OU. Software deployed to those groups and away you go.
Software Center is 100% better than the old optional deployments, allows them to install/uninstall software easy and you can provide lots of info on the software. Me likey.
Last edited by Theblacksheep; 17th July 2012 at 04:09 PM.
sonofsanta (17th July 2012)
Again, I suspect I know the answer here, but can I create a query based collection and directly exclude some? e.g. collection for the Science OU, but exclude the S9 OU as that's the computer room and would be better off with its own collection. I imagine it doesn't work as the collection is repopulated overnight/on set schedule, but I suppose it doesn't matter if S9 is in multiple collections, either.
And one last question*: the software centre, can that be restricted so that teachers can install software but not kids? Guessing this will tie into User Collections if so.
*for this post
You can also exclude. I do this for 'all systems inactive' that includes all systems, but excludes 'unknown computers', 'mobile devices' and 'all systems active'.
At the moment Software Center only works for admins/power users or all users. You could direct software to the user rather than the machine but you might get something for the office installed on the curricular desktop. At the moment I use a mix of optional software for teachers laptop groups and mandatory software for curricular machines (doesn't appear in software center).
Hope that helps.
Last edited by Theblacksheep; 17th July 2012 at 04:32 PM.
Shame on the Software Centre front but I was only thinking about the times our Head of IT asks for software to be put on the tech staff room PCs anyway so I'll not lose too much sleep over it. I shudder to think what would happen if I tried to explain it to most members of staff, after all!
Thanks again, best get on with my collection creation then... time for another cuppa to go with that I reckon.
Another one into the mix... I use AD groups, with Search Collections pointed at them...
which seems to do the trick and add in devices from sub OUsCode:select * from SMS_R_System where SMS_R_System.SystemOUName like "TOP.LEVEL/MAIN CONTAINER/COMPUTERS/LOCATIONS/"
(someone at Microsoft seems very angry lately as well, what with the OU query there and Office 2013's SHOUTY CAPS)
had a thought about deploying software to staff. In 2012 you could set deploy to users, optional install that requires admin approval. Then you staff can install software on curricular PCs if they need to.
Targeting these to normal staff could be messy, depending on your deployments they could install software only intended for their office on a curricular PC. You could for instance provide IT teachers with a custom user login, with all curricular software deployed to this custom user login (still requiring admin approval if you wish).
1) All users can access Software Center, but installing anything prompts for an admin login (to be tapped in by $ITperson)
2) Domain admins can access Software Center and install stuff for all users
I suspect the latter is true anyway, but I've only deployed FEP so far which works differently to normal packages in 2012 so not sure. If we could get the former working, though, it would make random software requests much easier to deal with.
There are currently 1 users browsing this thread. (0 members and 1 guests)