question

Rath-3851 avatar image
0 Votes"
Rath-3851 asked Jason-MSFT commented

SCCM CB OSD TS Using Dynamic Variables (?) with Software Collections


We have a large organization (over 12,000 computers/users each) and we are doing OS deployment using Task Sequences. In addition, our computers may be members of various collection to which software packages are deployed. Not all computers are members of the same software collections but they all use the same OSD TS for re-imaging.

What I would like to do, is to deploy the OSD TS to one OSD collection, add computers to that collection to receive the Task Sequence, then also in the TS, have it check to see if the computer is a member of a collection that should also have software of some sort, installed. Now, I know I can add one 'Install Package' line for each package into the TS, referencing the specific software and add the TS Var in the options, but I am hoping to utilize dynamic variables so that whenever a new piece of software is available to members of a new software collection, the OSD TS does not require updating but it will get picked up because the software collection will have a variable defined.

Correct me if I am wrong, but the Prefix001, Prefix002, etc. would be defined on the OSD collection and not the software. I tried the latter and it failed, because it tried to install the software to a system that was not licensed for the product which means ofc, that it tried to install all software that had a variable of the same prefix, defined.

80824-capture.png

Similar to the above image, ideally the end result would be that all computers that are part of the OSD TS Collection would receive the same TS, however only PC 1, PC 2, PC 4 and PC 7 would have MS office installed during the sequence, PC 3 and PC 4 would get Adobe Reader, and so on. Is this even possible to do dynamically? or am I going to need to do one task per piece of software in my TS?

Kind Regards,
Rath


PS - I don't think I have the right tag, but did not see one for Configuration Manager or Software Deployment


mem-cm-osdmem-cm-application
capture.png (12.4 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered Jason-MSFT commented

How exactly is the "re-image" initiated and what's the purpose of re-image?

· 9
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

The purpose or how it get initiated does not impact the effectiveness or ability of what I am looking to achieve, but to answer your question, they are re-imaged for a number of reasons; anywhere from it being the easiest of things to do to get the client back up and running quickly when the tech can't figure out the problem, to potential device failure, or simply to restore it to a default state.

0 Votes 0 ·

The purpose and scenario are always important as there are often other paths that can be taken to address the challenge.

In this case, if the "re-image" TS is initiated from the existed OS, you use a custom script to gather the software installed on the system currently and map them to existing applications and packages in ConfigMgr so that they can all be reinstalled. This would require no variables or collections. If you search the web, there are various community-based scripts that can do this. UI++ can do this as well.

If you kick off the re-image using boot media or PXE, this becomes slightly more challenging as there's no direct way to query what's on this system currently application-wise, but you could you a web service or MDT to accomplish the same goal. Here's an older blog post of mine discussing just this: https://home.memftw.com/mdt-application-mapping-in-configmgr-2012/.

0 Votes 0 ·

use a custom script to gather the software installed on the system currently and map them to existing apps and pkgs in ConfigMgr so that they can all be reinstalled.

Could have some success with ZTI

kick off the re-image using boot media or PXE

Occurs the majority of time. We roll out about 50 new sys/week.

you could [use] a web service or MDT

With Win10 1909 it's my understanding that it no longer supports MDT and our org has moved completely away from this. As for the web service, that could work. I had something a while back with SCCM 2007 that I might dig out.

One thing I forgot to mention, is that computers are added to AD security groups and these groups are queried for populating the software collections. So basically an existing SCCM solution does not exist as such
0 Votes 0 ·
Show more comments

An alternative approach here is to start targeting users instead of devices; these deployments will persist any "re-image" or new device scenario without any additional complexity.

0 Votes 0 ·

Not viable here. People move around to different roles / positions but the sw remains with the position which is why we deploy to wkstns instead of users.

0 Votes 0 ·
Show more comments
GaryBlok avatar image
0 Votes"
GaryBlok answered Rath-3851 commented

I have not tried using the method you are attempting, but have had good luck managing with AD Groups and a webservice, like this post: https://docs.recastsoftware.com/ConfigMgr-Docs/Community-Tools/Community-Tools-OneVinn-Tools.html#web-service-for-cm

As for your situation, you'd have to pause the TS, confirm it has the policy for those apps, and if it does, you could trigger the installs with PowerShell. I've never tried this idea, but as long as the machine has the policy for the applications, I don't see why it wouldn't work. You'd have to write a script that looked through WMI for all Application Deployments to the Computer, then start looping through and trigging the install. You'd want to build in error handling too.
There are several community tools that have similar code you could steal from, like CM Client Center or Application Tester

Application Tester: https://www.ephingadmin.com/test-configmgr-applications-automatically-with-powershell-and-hyper-v/
Client Center: https://github.com/rzander/sccmclictr

But I honestly haven't tested this idea, I would want to pause the TS after it has the client, and start playing around to see if it pulls down the machine policy (perhaps manually trigger that), then see if the apps policy pull down into WMI.

Good Luck!

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Thanks for the feedback. To test the scenario, what I am currently doing is advertising just the TS that contains the software deployment (not the OSD TS) to a test collection so in this way I can be sure it is getting the policy and when it runs, I see it start the commands. the SMSTS logs indicate it triggered, and tried to run but failed but that was because the computer was not authorized to use the software. I need to have it try to install the software ONLY if the computer is a member of the collection for that software.

I looked at those tools you linked and I am looking more for a hand's off (ZTI if you will) approach to installing the software during the OSD.

I am wondering if I put in the task's options, as an if statement by having the task pass the variable to the if statement and verify if a computer is a member of the collection that the variable is defined on. This would keep it dynamic, but might be too complicated for CM.

0 Votes 0 ·