Creating an SCCM Collection from a List of Users or Computers

This should work for SCCM 2007 and newer.

How often do you get a request to push software or setting change to specific list of users and computers and groan at the thought of having to create the collection for it?

I cannot tell you how many times I have searched for this solution. Someone made some great PowerShell scripts, but I couldn't always get them to work and/or it was fairly slow. (REF: http://blogs.technet.com/b/mniehaus/archive/2009/04/10/adding-members-to-a-configmgr-collection-using-powershell-v2-ctp3.aspx)

I found another way to import using a .CSV, but that, too, was a little cumbersome. That method involved using a report that pulled the SMBIOS and MAC Address information, then using Access to query against the list to create the .CSV file to import. But that only worked for Computers, not users. (REF: http://www.windows-noob.com/forums/index.php?/topic/4505-how-can-i-import-computers-into-sccm-2012-using-a-file/)

A few days ago, I found a method in a forum that simplifies this tremendously (REF: http://www.myitforum.com/forums/Can-you-import-users-into-a-collection-via-CSV-m211472.aspx):

The query to import computers is simply:

select * from SMS_R_System where name in ("computer1" , "computer2" , "computer3" , "computer4" ) 

For users, you would change this to:

select * from SMS_R_User where name in ("user1" , "user2" , "user3" , "user4" ) 

The trick here is how to get your list of computers or users formatted with the quotes and commas. I did this in Excel.

Copy your list of users or computers to Column A. In cell B1, enter the following:

="""" & A1 & ""","

That's equals four quotes (space) ampersand (space) A1 (space) ampersand (space) three quotes, comma, quote. Copy the formula down from B1.

I use Notepad from here, so I can copy and paste the query into SCCM later. In Notepad, write your query like this to start:

select * from SMS_R_User where name in (

Copy and paste Column B from your Excel spreadsheet and add a closing parentheses:

select * from SMS_R_User where name in ("USER1",

"USER2",
"USER3",
"USER4",)

Now fire up your SCCM Console. The above query is a User collection, so go there to create a new user collection.

1. Give the collection a name, click Next, then choose Query Rule from the drop down list.
2. Give the query rule a name, then click Edit Query Statement...
3. Click Show Query Language
4. Copy and paste your query from Notepad into this window.
5. Click OK
6. Click Next a couple more times to finish creating the collection.
7. Update Membership, then Refresh after a couple minutes.

You should now see your list of users (or computers). If any users or computers no longer exist (or possibly misspelled), they will not appear in the collection. You can now deploy to your specific list of users/computers! :-)

Hope that helps!

Java Deployment with SCCM 2012 and PowerShell App Deployment Toolkit

OVERVIEW

Java is such a joy, isn't it?

I won't go into the trials and tribulations of potential Java version dependencies. That's another story in itself. This is to show one possible method of deployment that may or may not for your environment.

Starting with Java version 6 Update 10, the installer, by default, will try to overwrite previous Java versions. This was due to complaints from both the user and IT communities of having "too many" versions of Java installed. Older versions of Java did not remove previous versions. Systems had the potential of having dozens of Java versions installed (a reporting nightmare) requiring manual cleanup at some point in order to more easily manage "who has what".

A new parameter called STATIC was added so that the default behavior could be changed to not overwrite and keep all existing versions.


PowerShell App Deployment Toolkit

If you don't know about it, there's a nice little bundle of PowerShell scripts and configuration files that give you tons of options that can be useful. It's called the PowerShell App Deployment Toolkit.

https://psappdeploytoolkit.codeplex.com/

A couple of people put this together and it's a perfect toolkit to use if you are trying to deploy software where certain applications must be closed before they can install. They include a very easy guide to follow and get you started. Do not be daunted that this is all PowerShell based, especially if you don't know or feel comfortable with PowerShell. It's pretty simple to use and example scripts/scenarios are provided. The bonus is that you don't have to rely on a deployment tool such as SCCM. It can be run as a stand-alone package.

This has worked on Windows XP on up without having to upgrade PowerShell on XP systems, but it's something to consider if Windows XP is still in your environment. The highest version XP supports is PowerShell 2.0.

Review the App Deployment Toolkit documentation. Pay special attention to the examples provided. You can adjust some of the default behaviors set in the .XML files. In my environment, I modify the AppDeployToolkitConfig.xml file in the AppDeployToolkit folder and change the default path for the logs (<Toolkit_LogPath> and <MSI_LogPath>).


Build the Package

I create a folder for the package. In this case, the root folder is called 7Update55. Following the user App Deployment Toolkit guide, I copied the folder structure from the App Deployment Toolkit within the 7Update55 folder:

I then downloaded the latest Java version to a temp folder on my test machine. While you can use the .EXE file as it is, it's a little bit easier, in my opinion, to extract and use the .MSI file. To do that, start the install, but don't do anything beyond the Welcome screen. Once at the Welcome screen, open up Windows Explorer (My Computer) and browse to:

C:\Users\[UserName]\AppData\LocalLow\Sun\Java\[Java_Version] (where [UserName] is your user name and [Java_Version] is the version that was downloaded)

There will be two files...the .MSI and a  Data1.cab. BOTH files will be needed. Copy them into the Files folder as shown from the screenshot above, then cancel out of the Java install.

Go to the 7Update55 folder, right mouse click the Deploy-Application.ps1 file and choose Edit. PowerShell ISE should launch. Enter the relevant information in the # Variables: Application section. Some of the information is shown in the dialog boxes during the deployment.

Again, using the guide, determine the tasks and setting you want to do for each section (PRE-INSTALLATION, INSTALLATION, POST-INSTALLATION, and UNINSTALLATION). For this example, I'm doing the following:

PRE-INSTALLATION:

This is not going to be a silent deployment because user interaction is required. I set:

Show-InstallationProgress

I want to check to see if any browsers are running, and if they are, prompt the user to close them. I set:

Show-InstallationWelcome -CloseApps "iexplore,firefox,chrome,safari,opera" -PersistPrompt

Using the -PersistPrompt switch will make the dialog box re-appear every minute until the browsers are closed.

INSTALLATION:

This is where you set your command line for the install. Most vendors will have documentation on what switches and parameters are available.
To make the client aware of the installation progress, I set:
Show-InstallationProgress and add what I want the message box to say. Below that is the Execute-MSI command needed. Notice that I use the silent install switch "/qn". The client will see the PowerShell dialog box, NOT the Windows Installer progress bar.
For this particular package, I do not want the previous Java versions overwritten, so I also have the STATIC=1 parameter.

No steps were configured in the POST-INSTALLATION section.

UNINSTALLATION

I again want to check if any browsers are running before the removal. In this case, because it is being removed most likely by choice, I set the parameter, -CloseAppsCountdown to kill the browsers after 2 minutes if the client isn't there to do or ignores the dialog box. I then go on to set the uninstall command line switches.

Note that the path is the Product ID for this particular version of Java. The Product ID will be DIFFERENT if another version of Java is being packaged. To determine the Product ID, you can install manually on a test machine, then go into the test machine registry:


Determine Product ID for other versions of Java

32-bit Systems:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

64-bit Systems:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall

Do a search for Java in the Uninstall folder and a subfolder should quickly be found. This folder name is the Product ID you need for the uninstall command.

Create SCCM 2012 Application

Fire up the SCCM Console and click on Software Library in the lower left corner.

Expand Application Management. Right mouse click Applications and choose Create Application

Even though there is an .MSI, we are going to use the Deploy-Application.EXE from the App Deployment Toolkit, so choose to Manually specify the application information and click Next.

In the General Information window, set the Name, Publisher, and Software version. If you want to use this in an SCCM Task Sequence, make sure the "Allow this application to be installed from the Install Application task sequence action without being deploy" option is checked. Setting the Owner and Support Contacts is optional. Click Next when done.

Setting the Application Catalog options will depend on your environment and if you are using a company portal or not. Click Next.

The Deployment Type is where we specify the package location and command line to install. Click the Add... button.

Change type to Script Installer in the drop down menu (it defaults to Windows Installer *.msi file). Changing the type will automatically select the Manually specify the deployment type information option. Click Next.

You can use the same name as before or simply call it "Install". I chose Java 7 Update 55 - Install. No language settings are necessary. Click Next.

Browse to the location of the 7Update55 folder, then set the commands for Installation and Uninstall. I also select the "Run installation and install program as 32-bit process on 64-bit clients" because this is a 32-bit package.

We now need to add a detection rule so SCCM can confirm if the install completed successfully. Because we are using the .MSI, we can use the Product ID as the detection method. Click Add Clause...

Change the Setting Type: to Windows Installer in the drop down list. Click Browser and point to the .MSI in the Files folder under 7Update55 and click OK. The Product code: field will automatically be populated. In most cases, this will be enough, however, if clients may have a newer version already installed, this version won't be necessary. Change the rule so the version is greater than or equal to the version being deployed. This will make it so only clients with 7 Update 54 or older will get the install. Anything newer will show as Already Compliant. Click OK, then click Next.

Because we need user interaction, we want to make sure the dialog boxes appear. Therefore, it must only install when a user is logged in. This is not a profile specific application, so we can choose to Install for system (uses the SYSTEM account priviledges) as the Install behavior. Logon requirement MUST BE set to Only when a user is logged on. Installation program visibility MUST BE set to Normal. "Allow users to view and interact with the program" MUST BE checked. Setting the Maximum allowed run time and Estimated installation time is optional but good practice.

Requirements are optional. You can set things like required disk space or OS versions if you choose.

There are no prerequisites needed for Java to install, so simply click Next.

The Summary will let you review your settings. Click Next to complete the build of the Application.

Before distributing content and deploying to collections, I test the install (copy the 7Update55 folder to a test machine) as a stand-alone (double-click Deploy-Application.EXE) and confirm it works as expected. Tweak settings as needed in the Deploy-Application.ps1 file and repeat testing. When satisfied with the results, remember to copy any changes back to your network source location of the package before distributing.

Once validated as a stand-alone install, you should be ready to distribute content and test the deployment to a test or pilot collection of systems.

Good luck!