The Problem with Mixed OS Environments, the SCCM Application Model, and User Collection Based Deployments

UPDATE: I have sent my feedback to Microsoft – if you agree with me would you be willing to send a vote or three my way? https://configurationmanager.uservoice.com/forums/300492-ideas/suggestions/12873717-add-options-to-deployment-type-application-model


Let me paint a picture for you. You have a mixed environment in SCCM 2012 of server and desktop operating systems. You also choose to utilize user security groups as a way to manage applications that are only deployed to certain users (from now on we will call these Level 2 applications).  You initially set the requirements of those Level 2 applications to only deploy to desktop operating systems because you don’t want them on servers in the environment.

Now as the desktop team you have been tasked with managing your remote access infrastructure (RDS, XenApp/XenDesktop, etc.), and you’ve decided that you want to deploy certain Level 2 applications to all these machines (via TS or via Deployment) but not to the other servers in the environment.

Well you could remove the requirements on the app altogether to ensure that they are deployable via OSD TS, and then make sure you’re not deploying them to the collections containing the servers you don’t want the software on.  However, it doesn’t solve the user deployment issues – you deploy the app to a security group containing User X and then User X logs on to one of these servers – BAM! You have software you didn’t want on these servers.

Crying

So I’m throwing this question out to my readers. How would you propose that we manage this solution? The goal is to deploy the application to some systems that meet the requirements, but not to others – however, the deployment is based on USER not COMPUTER. Comment below to let me know your thoughts. Read on for two of my proposed solutions that I want to submit to Microsoft for consideration into the next major release of SCCM.

(more…)

Read More

Removing Quick Action Tiles from the Action Center in Windows 10

This is gonna be a short-but-sweet post.  You know those Quick Action tiles in the Action Center?

Action Center Icons

These “tiles” can actually be removed – and to some degree customized as well (although I’m still working on a reliable way to create my own before I share those secrets).  The list of tiles available to the Windows 10 Action Center is populated by this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ActionCenter\Quick Actions\All

Registry

Obviously before making changes to your registry make a good backup.   But if you delete a key under this “All” key (for example “SystemSettings_Connections_Add_VPN” for those of you who have a different VPN provider in your enterprise) and then reboot – you’ll no longer see that tile in the Quick Actions section of the Action Center.

Happy Admining!

Read More

Running LAPS Around Desktop Security (Part 2 – Workstation Configuration)

So we pick up where we left off last time; the domain configuration is complete, so we’ve just finished our warm-ups now it’s time to get to the starting line (I’m not even sure if I’m using the right sportsball analogy here).

pre

If you missed the first part of this series you can find it HERE – otherwise continue reading on to installation of the client side extensions for the workstations.

(more…)

Read More