Not sure if this is possible with SCCM or not but I know when you deploy and App via AD you can give it the option to uninstall if a computer is removed from the group. Is it possible to do this with SCCM? I am doing deployment with SCCM 2 ways, Querring AD groups for computers with mandatory/not-mandatory advertisements, and just SCCM Collections. Is it possible to have SCCM just remove applications that computers are not part of collection/AD group anymore or do I need to create a new collection/advertisement to do that?
Remove SCCM deployed applications
August 26th, 2011 4:28pm
Yes, you can do that, but you have to build the logic into a collection design. Create two programs (one that install, and one that uninstall). Create two collections, one that includes all computers in the Install group in AD, and one collection that
has the software installed but is not member of the AD install group.
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2011 5:27pm
Im sorry I dont understand what you mean.
"Create two collections, one that includes all computers in the Install group in AD, and one collection that has the software installed but is not member of the AD install group."
Maybe just focus on the AD group one. For instance I have an AD group for Office 2010 that SCCM will querry to advertise Office 2010. I need to create another group to remove it?
August 26th, 2011 6:07pm
Im sorry I dont understand what you mean.
"Create two collections, one that includes all computers in the Install group in AD, and one collection that has the software installed but is not member of the AD install group."
Maybe just focus on the AD group one. For instance I have an AD group for Office 2010 that SCCM will querry to advertise Office 2010. I need to create another group to remove it?
yes, another collection with systems which are installed with office 2010 and NOT part of AD group and assign that collection UNINSTALL program of office 2010 package along with new advertisment. So it will remove the application from unauthorized systems.
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2011 6:18pm
ok that makes more sense. But in my case we just started 2010 and only the computers in the group have it. I spose I create a collection to uninstall and move the computers into that if ever I need to remove it.
August 26th, 2011 6:55pm
Hi,
That could be an option as well, the solution Kent refered to will do it for you automatically, I use i all the time, works great.
You can also create a third collection with a repair command line for office and publish it to the clients, then the users can repair office if needed..
Regards,
Jörgen
Free Windows Admin Tool Kit Click here and download it now
August 26th, 2011 7:03pm
ok that makes more sense. But in my case we just started 2010 and only the computers in the group have it. I spose I create a collection to uninstall and move the computers into that if ever I need to remove it.
Yes, but remember you need to remove the systems from installation AD group before adding it removal AD group.
August 26th, 2011 7:15pm
You can follow Kent Suggestion that is used by most of the sccm admins i think ,here is the step by step guides with collection quiries how to remove applications automatically http://www.windows-noob.com/forums/index.php?/topic/677-automatic-removal-of-applications/
Free Windows Admin Tool Kit Click here and download it now
August 29th, 2011 6:32am
Hi RCCMG,
Kent's solution is like this:
Assume, AD OU "Software Install"
- create a collection A who's membership rule is based on "All computers in the OU "Software Install""
- create a software package to install software and deploy to collection A, then all computers in the collection A will receive the software
- create a collection B who's membership rule is based on "All computers not in the OU "Software Install", but have software installed"
- create a software package to uninstall the software and deploy to collection B
Then, when computer join OU "Software Install", the software will be installed. And when the computer is removed from the OU "Software Install" it's status is "Not in the OU "Softawre Install", but have the software installed", thus this computer will be added to collection B and receive the software uninstall package to uninstall the software.
Hope this will help.
Thanks
- Marked as answer by Michael W [MSFT] Tuesday, August 30, 2011 5:03 PM
August 29th, 2011 9:07am
Hi RCCMG,
Kent's solution is like this:
Assume, AD OU "Software Install"
- create a collection A who's membership rule is based on "All computers in the OU "Software Install""
- create a software package to install software and deploy to collection A, then all computers in the collection A will receive the software
- create a collection B who's membership rule is based on "All computers not in the OU "Software Install", but have software installed"
- create a software package to uninstall the software and deploy to collection B
Then, when computer join OU "Software Install", the software will be installed. And when the computer is removed from the OU "Software Install" it's status is "Not in the OU "Softawre Install", but have the software installed", thus this computer will be added to collection B and receive the software uninstall package to uninstall the software.
Hope this will help.
Thanks
- Marked as answer by Michael W [MSFT] Tuesday, August 30, 2011 5:03 PM
Free Windows Admin Tool Kit Click here and download it now
August 29th, 2011 9:07am
Hi RCCMG,
Kent's solution is like this:
Assume, AD OU "Software Install"
- create a collection A who's membership rule is based on "All computers in the OU "Software Install""
- create a software package to install software and deploy to collection A, then all computers in the collection A will receive the software
- create a collection B who's membership rule is based on "All computers not in the OU "Software Install", but have software installed"
- create a software package to uninstall the software and deploy to collection B
Then, when computer join OU "Software Install", the software will be installed. And when the computer is removed from the OU "Software Install" it's status is "Not in the OU "Softawre Install", but have the software installed", thus this computer will be added to collection B and receive the software uninstall package to uninstall the software.
Hope this will help.
Thanks
- Marked as answer by Michael W [MSFT] Tuesday, August 30, 2011 5:03 PM
August 29th, 2011 9:07am
anyone knows the quaries for these 2 collections?
Free Windows Admin Tool Kit Click here and download it now
September 7th, 2012 6:07am
Adding computers to collection depending on AD Security group :
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "<DOMAIN>\\<Security Group>"
Removing software from computers because they arent in the AD Security group for it :
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.NetbiosName not in (Select SMS_R_System.NetBiosName from SMS_R_System where SMS_R_System.SystemGroupName = "<Domain>\\<Security Group>") and SMS_R_System.Client = 1 and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "<NAME OF APPLICATION>"
Just some notes..
Change <DOMAIN> with your Domain Name
Change <Security Group> to your AD Security Group
Change <Name of Application> to EXACTLY what it is named in Add Remove Programs.
- Marked as answer by RCCMG Wednesday, September 12, 2012 2:44 PM
September 12th, 2012 2:44pm
Adding computers to collection depending on AD Security group :
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "<DOMAIN>\\<Security Group>"
Removing software from computers because they arent in the AD Security group for it :
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.NetbiosName not in (Select SMS_R_System.NetBiosName from SMS_R_System where SMS_R_System.SystemGroupName = "<Domain>\\<Security Group>") and SMS_R_System.Client = 1 and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "<NAME OF APPLICATION>"
Just some notes..
Change <DOMAIN> with your Domain Name
Change <Security Group> to your AD Security Group
Change <Name of Application> to EXACTLY what it is named in Add Remove Programs.
- Marked as answer by RCCMG Wednesday, September 12, 2012 2:44 PM
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2012 2:44pm
Adding computers to collection depending on AD Security group :
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.SystemGroupName = "<DOMAIN>\\<Security Group>"
Removing software from computers because they arent in the AD Security group for it :
select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceID = SMS_R_System.ResourceId where SMS_R_System.NetbiosName not in (Select SMS_R_System.NetBiosName from SMS_R_System where SMS_R_System.SystemGroupName = "<Domain>\\<Security Group>") and SMS_R_System.Client = 1 and SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName = "<NAME OF APPLICATION>"
Just some notes..
Change <DOMAIN> with your Domain Name
Change <Security Group> to your AD Security Group
Change <Name of Application> to EXACTLY what it is named in Add Remove Programs.
- Marked as answer by RCCMG Wednesday, September 12, 2012 2:44 PM
September 12th, 2012 2:44pm
Kent, what if the group is using user accounts as opposed to computer accounts?
Is there some collection logic which can facilitate removal based on user accounts??
Cheers
Max
Free Windows Admin Tool Kit Click here and download it now
January 21st, 2014 11:08pm
Id like to state this question is more than a year old, and SCCM 2007 which didn't do a whole lot based on users.
January 22nd, 2014 2:11pm
I'd like to do this same thing with user collections rather than device collections (the WQL listed here does not work in user collections)
I figured I can use 2 deployments install and uninstall and I have managed to get an application to install automatically with the following membership rule query applied to a user collection when a user is added to an AD group (Audacity):
select
SMS_R_USERGROUP.ResourceID,SMS_R_USERGROUP.ResourceType,SMS_R_USERGROUP.Name,SMS_R_USERGROUP.UniqueUsergroupName,SMS_R_USERGROUP.WindowsNTDomain
from SMS_R_UserGroup where SMS_R_UserGroup.UsergroupName = "Audacity"
What I would like to do now is uninstall the application automatically when a user is removed from the AD group, so I've created an uninstall user collection, but I would like to do it without rules that include all the users and exclude the installation collection. it just seems like a lot of overhead if I have 2500 users.
Free Windows Admin Tool Kit Click here and download it now
July 30th, 2015 1:38pm
This topic is archived. No further replies will be accepted.
Other recent topics
