Skip to main content

Creating Global Conditions in System Center Configuration Manager for Office 365 deployments

By

Creating Global Conditions in System Center configuration Manager for Office 365 deployments

Firstly I would recommend reading the Microsoft docs article below.
https://docs.microsoft.com/en-us/sccm/apps/deploy-use/create-global-conditions

Software Library > Application Management > Global Conditions.

Scenario: I have an AD group "SD-LSG-Comp-Microsoft Project ClickToRun" with computer objects that should install Office 365 - ProjectProXVolume edition. I wanted to create one application with multiple deployment types depending on their AD membership.

For example if the computer is only a members of the "SD-LSG-Comp-Microsoft Project ClickToRun" AD group then the deployment should only run the deployment Type "Office 365 Default Deployment Type-Install_InstallProject.cmd".  

This deplyoment Type calls the Office 365 setup.exe with a configuration xml detailing the <Product ID="ProjectProXVolume">.

(For a detailed understanding of how to package Office 365 see here. This blog will be updated to reflect the latest setup.exe and the switch <RemoveMSI All="True" />)

<Configuration>
<Add OfficeClientEdition="32" Channel="Monthly" OfficeMgmtCOM="True" AllowCdnFallback="True">
<Product ID="ProjectProXVolume">
<Language ID="en-us" />
</Product>
</Add>
<Updates Enabled="TRUE" />
<Display Level="none" AcceptEULA="TRUE" />
<Logging Path="%Windir%\Temp\" />
<Property Name="AUTOACTIVATE" Value="1" />
</Configuration>

For the deployment to choose  "Office 365 Default Deployment Type-Install_InstallProject.cmd" we need to create a global condition that will issue a $True value if the computer is a member of the AD group "SD-LSG-Comp-Microsoft Project ClickToRun".



The global condition created below, will run a Powershell script on the local computer listing all the groups the computer is a member of and if one of the groups found matches the AD group "SD-LSG-Comp-Microsoft Project ClickToRun" issue a $true value and stop the script. 




#Get groups of local computer
$Group = "AD Group Name"
$ComputerMembership = ([adsisearcher]"(&(objectCategory=computer)(cn=$env:COMPUTERNAME))").FindOne().Properties.memberof -replace '^CN=([^,]+).+$','$1' | % {If ($_ -ieq $Group) {$true;break;} }

For the deployment to be linked to the AD group  the deployment type "Office 365 Default Deployment Type-Install_InstallProject.cmd" must have a "Requirement type" set.

We now simply set a the global condition created to equal True. 




In my screen shot i have multiple deployment types for several scenarios i.e. Visio and Project, Visio, Project, Office365, Office 365 during a Task Sequence.





See Global Condition details below.

 #Get groups of local computer
$Group = "AD Group Name" #The AD group name to be filtered.
$ComputerMembership = ([adsisearcher]"(&(objectCategory=computer)(cn=$env:COMPUTERNAME))").FindOne().Properties.memberof -replace '^CN=([^,]+).+$','$1' | % {If ($_ -ieq $Group) {$true;break;} }































#Get process TSManager; will issue true if within a Task Sequence
[bool] (Get-Process TSmanager -ea 0)







Labels:

Comments

  1. Kevin DellingerMarch 11, 2019 at 6:47 AM

    Touche. Solid arguments. Keep up the amazing spirit. I loved this: How To Password Protect Folder The Marine Way

    ReplyDelete
  2. mikejasonukMay 4, 2021 at 3:50 AM

    Snap on the Start button on your PC, and afterward click on the Devices and Printers option.Now right-click your Brother printer symbol and snap on the See What's Printing choice on your screen.Click on the Brother Printer alternative at the highest point of the window, search for the check mark before the Use Printer Offline choice. Eliminate the check mark, presently your reports will begin printing once more. Furthermore, on the off chance that it actually doesn't work, continue to the following step.Turn off your Brother printer and eliminate the printer's USB link from your computer.Now turn on your printer.A duplicate of the How can I fix Brother Printer OfflineIcon is Listed in Devices and Printers. There might be a copy of your Brother printer recorded with a comparable name in Devices and Printers. This can be made when you Introduce a comparative printer driver more than once.Nearness of more than one copy of a comparative printer in Devices and Printers will make a segment of the copies of the printer not working suitably. In such a case, Brother printer disconnected macintosh you ought to pick a copy that you know is working. For help with that or some different concerns with your contraption, associate with our printer specialized care group over the complementary number recorded already.

    ReplyDelete

Post a Comment

Popular posts from this blog

Windows 7 Offline files will not go Online when connected to network

By
Issue Several laptop users move between networks, domain, home, etc and when they attempt to access DFS shares explorer status is working offline.  The issue only resolves it self after a reboot. Connecting directly to the share works and i am able to ping network resources.  This behavior occurs for VPN users as well. Possible Causes "slow-link mode". In win7 (with default settings) a client will enter slow-link mode if the latency to the server is above 80ms. In slow-link mode all writes are made to the local cache and a background sync only happens every 6 hours.  Depending on your connection the default slow link detection speed is 64,000 bps On client computers running Windows 7 or Windows Server 2008 R2, a shared folder automatically transitions to the slow-link mode if the round-trip latency of the network is greater than 80 milliseconds, or as configured by the "Configure slow-link mode" policy. After transitioning a folder to the slow-link mode, Offline Fil
164 comments
Read more

SCCM Unknown computer not able to see Task Sequences after installing Current Branch 1702

By
Soon after installing SCCM CB 1702 we were unable to see Task Sequences deployed to the unknown collection. This issue was identified as a random system taking the GUID of the 'x64 Unknown Computer (x64 Unknown Computer)' record. As a result it was now a known GUID; as we were only deploying Task Sequences to the Unknown collection none were made available. 'x64 Unknown Computer (x64 Unknown Computer)' record 'x86 Unknown Computer (x86 Unknown Computer)' record To get the GUID of your unknown systems open SQL management studio and run the following command: --Sql Command to list the name and GUID for UnknownSystems record data select ItemKey, Name0,SMS_Unique_Identifier0 from UnknownSystem_DISC Using the returned GUID (SMS_Unique_Identifier0) we can find the hostname that has been assigned the 'x64 Unknown Computer (x64 Unknown Computer)' GUID by running the query below. --x64 Unknown Computers select Name0,SMS_Unique_Identifier0,Decommissioned0 from Sys
165 comments
Read more

SCCM Client Certificate (PKI) Value is None

By
SCCM Client Certificate (PKI) Value is None Symptoms: Are you seeing the following errors logged? ClientIDManagerStartup.log - Error: 0x87d00231 [RegTask] - Client is not registered. Sending registration request for GUID:12345678...98C1AE ... RegTask: Failed to send registration request message. Error: 0x87d00231 ClientIDManagerStartup RegTask: Failed to send registration request. Error: 0x87d00231 ClientIDManagerStartup LocationServices.log Failed to send management point list Location Request Message to SiteServer.Domain.local 1 assigned MP errors in the last 10 minutes, threshold is 5. CcmMessaging.log Status Agent hasn't been initialized yet. Attempting to create pending event. Successfully queued event on HTTP/HTTPS failure for server 'SiteServer.Domain.local'. Post to https://SiteServer.Domain.local/ccm_system_windowsauth/request failed with 0x87d00231. Failed to open to WMI namespace '\\.\root\ccm' (80041003) Failed in WinHtt
3 comments
Read more