Software Removal Based on AD Group Membership Change
Hi,
I'm working on a strategy to deploy software based on AD Group Membership. I've got the logic worked out with an LDAP Smart Label so that the software deploys via script.
I think i've reasoned out how to get the software to REMOVE via AD group change using smart labels. What i'm now curious about is whether i can script the removal of a label. I don't want to leave things lying around.
for example:
Label: SoftwareInstall-PKG-X is an LDAP smart label.
I can create another smart label showing that a system has a software title and isn't in that group, and trigger the removal, but then the system still has the smart label applied to it.
how can i trigger the removal of a label?
Thanks,
Chris.
All Answers
Use AD groups for the machines that should have that software and Kace will read those via ldap. For each software AD group create 2 smart labels.
One for machines with that AD group.
One for machines that do not have that AD group and that software exists on the machine.
Create MI install and use the label for machines that are in that AD group.
Create un-install MI and use the label for machines that are not in that AD group and have the software installed
Then as you add or remove machines from the AD group the 2 SMA smart labels will update via ldap. The machines will update and have only one smart smart label for each software to whether they are in the AD group or not and the appropriate install or uninstall MI's will run
-
Actually, what i've done is use an LDAP Smart Label for the deployment, and a device smart label for the removal. The Device smart label logic is this: If software is present and device is not part of ldap smart label, get placed in removal smart label. since the logic is designed that way, the system will self-remove from the removal smart label after its next check-in.
Create a Device Smart Label. Criteria for the Device Smart Label should be to identify that the software is present on the device, and that the device does not have the LDAP SmartLabel used for installation applied to it. In this way, the removal of the AD security group will trigger the LDAP Smart label to self update, drop the machine into the Removal Smart Label, and because of the structure of the Removal Smart Label criteria, the machine will self-remove from the Removal Smart Label at next checkin.
This appears to work without issue (as long as i don't screw up my scripting :P )
I'm using a combination of scripts and MIs to drop software on ... just depends on the software. I work for a business school and there are several open source stat utilities and mathematical notation utilities which we use.
Comments