Microsoft

System Center Configuration Manager Feedback

How can we improve Configuration Manager?

Option to uninstall an application when a user or device falls out of scope of the collection

This is a buggy, Would we like the option to have ' Uninstall Application when Resource falls out of scope of this collection' when an application is deployed to a collection, this would save us having to create 2 collections ( install and uninstall) and to deployments. This would save SO much time and reduce the complicity of application management.

388 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Steven John CuthillSteven John Cuthill shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    11 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Iain FairbairnIain Fairbairn commented  ·   ·  Flag as inappropriate

        You do have to be careful with these kinds of features. I have seen some pretty horrible incidents where people use exclusion collections as a dead mans switch style approach to avoiding having something install or trigger uninstalls (even worse they use direct memberships for exclusion collections....). I am not arguing against the feature at all and would support its inclusion as an option however I would suggest, 1) ensure it is never the default setting to uninstall when out of scope. 2). perhaps have a tooltip and/or popup "are you sure?" type dialogue when someone chooses to switch this on.

      • HoustonAUHoustonAU commented  ·   ·  Flag as inappropriate

        While this can already be accomplished through creative collections, I think an integrated and supported way to do this would be much better.

        If you need to do this now you can create a collection that includes all devices with the software installed but exclude devices that are in the 'Install' collection, then just do an 'uninstall' deployment to that second collection.

        It works but is a bit of a pain to configure for every application.

        Would be preferable to simply have a tick box on the deployment to say 'Uninstall when item is out of scope' or something similar.

        I also disagree with 'Anonymous', all configuration management software is 'dangerous' if you don't know what you are doing.

      • Anonymous commented  ·   ·  Flag as inappropriate

        I also think that this would be a very bad idea. There are multitude of scenarios where a resource might get removed from a collection, one of them being accidentally removing it from the console.

      • ThoreThore commented  ·   ·  Flag as inappropriate

        I love this idea. It would be an big step from an task-based to an status-based deployment solution.

      • Mike ComptonMike Compton commented  ·   ·  Flag as inappropriate

        @Mirko Colemberg - I DO NOT feel that it is the System Center team's role, to NOT write code in case an admin uses it incorrectly. They do not have the role of policing how we administer our estates.

        If they took that approach, we would not have any OSD solution, in case people accidentally deploy a client OS to their server estate.

        If you regularly accidentally delete computer objects A) change the permissions of your role to prevent this and B) be more careful!

      • Law YTLaw YT commented  ·   ·  Flag as inappropriate

        I fully support this as currently have to developed a customized script on the client machine to monitor policy and once detected being removed then only trigger the uninstall of the application. This getting more complex when using application model especial optional deployment.

      • Steven John CuthillSteven John Cuthill commented  ·   ·  Flag as inappropriate

        Agreed it can be a powerful feature but with some improvements in how the system can remember object ID collection memberships of the object is deleted would make some of this a less of a concern. Good change controls would provent more. It's just to complex to set up an uninstall competed to other vendors and group policy.

      • Anonymous commented  ·   ·  Flag as inappropriate

        that's what SMS 1.2 (or 2.0, don't remember) had, and it was responsible for uninstalling unintentionally applications. Dangerous.

      • Mirko ColembergMirko Colemberg commented  ·   ·  Flag as inappropriate

        i thinnk this is not a god idea, in case some admin delete a client object in the konsole this object will loose all direct meberships of all collections and in this case the computernwill uninstall all software. this could be difficult.

      Feedback and Knowledge Base