OSD - Deploy TS to User groups
Would be nice to be able to advertise Task Sequences to specific users or groups. We have some operating system deployments that we would like only certain users to run, support staff for instance.
Updating status to started – see https://docs.microsoft.com/en-us/sccm/core/understand/find-help#send-a-suggestion for an explanation of each value.
Our 1905 Technical Preview is now released.
This release has the first round of changes in the App model to allow a Task sequence as a deployment type allowing task sequences to be deployed to users/user groups.
Martin Rivard commented
While we wait for this to be officially supported, here is a workaround.
One could add a step at the beginning of the Task Sequence to run a script or a tool like UI++ to check for credentials and group membership. If the credentials don't belong to a user in a group allowed to image computers, the Task Sequence is aborted. http://uiplusplus.configmgrftw.com/docs/actionconfig/userauth.html
Then you simply make the Task Sequence available on all computers and if a normal tries to launch it, he'll be blocked at the credential window and can't progress further.
Eric van Voorthuizen commented
It would be good if users still had the ability, per application, to disable the install in case they don't want one or more apps to be installed if we provide them an app group with a lot of apps.
Or at least the user needs to have the possibility to uninstall an app via Software Center which was installed via the app group.
Anthony Fontanez commented
My current workaround for this is to deploy the TS as available to all systems in SC, but make the availability as far out into the future as possible, and advertise a script as an app in SC that on the fly alters the availability date of the TS client side and starts it via WMI calls. Simply making the TS available to users, as well as with icons, would be great.
I agree also. We want our techs to have the ability to reimage machines.
I am looking to do this so support staff can run task sequences in Software Center.
imu a commented
This would be really convenient for sending out task sequences to tech support staff.
Jeffrey Knox commented
This would be super convenient for sending out task sequences to tech support staff. They would not have to refer to the console every time they need to image or upgrade a computer! Sure hope to see this happen.
One use case for this is that we would rather have all OSD task sequences assigned to our Support staff. If they are not physically at the machine they can just remote in and run a rebuild rather than having to muck around with collections and groups.
Rudi Robesin commented
We would like to target task sequences with only applications to users. At the moment we use dependencies or a home made script which utilizes the CM webservice if it becomes to complex. The advantage of doing it that way is that the applications are in the users software center as installed and we also can use supersedence for the user. If deployed to a machine supersedence does not work if newer version is deployed to a user. when you work together with a lot of people in one deployment team dependencies soon get a bit unclear.
Matt Webster commented
This would be superb for managing in place upgrades as part of Windows as a service. The device affinity isn't reliable enough. Amazed this isn't already a feature. Upvoted!
Joe Novo commented
For myself it would be better if we could show/hide the Operating Systems tab in Software Center for specific users groups (just as we can for computer group). And then it would be nice if we could advertise Application TS to Users (not OSD TS), and be able to include a filter.
Dustin Hedges commented
While not exactly what you are looking for, you could use this solution I posted as a possible workaround: https://deploymentramblings.wordpress.com/2017/05/22/configmgr-user-device-affinity-uda-collection-query/
This appears to be the same as this idea which has more votes:
Thomas Osborne commented
This would be huge for us. I have a scenario where we deploy techs to reimage systems. They are very low level (contract) and we don't want them in the console. It would be so much easier to create a user collection with them in it and deploy our refresh OSD task to the Software Center.
Aaron Flaugh commented
It would be nice if we could be able to target users/ user collections and computers for Task Sequences.
For Example: We want to deploy an OSD or Application to say our Finance department.
Or another scenario, would be in small shops we might know a persons name before we would know their computer name.
Give us the option to deploy to just their primary computer.
This would be really useful in my environment because not all TSes are for OSD. For example, one of my TS is for updating the BIOS, but I only want our techs to be able to run it, not regular users. Right now I have a somewhat hokey password prompt in place to keep regular users out, but I have other TS that I'd like to restrict just to certain users/groups.
Laura Melton commented
Allow Task Sequences to be deployed to a user collection.
Current Reason: To allow upgrade TS to only been seen within Software Center by "authorized" people.
Kale Duden commented
Is there any update on this? It would be great to do application groupings to specific user teams. We're already provisioning app access using groups, would love to leverage it for app installs as well.
This would also make it easier for us to deploy our Windows 10 upgrade TS to specific users in a collection, techs, for example. They can then perform the in-place upgrade, on any device that they log into.
Jim Calvin commented
Since TS is the only place to run a command as a specific user, it will allow access to network resources that either Desktop support or normal users shouldn't have access to.