Is it possible to assign a Managed Installation to a Active Drirectory group.
Here is the plan.
Create a group in AD assign users to group in AD then create a Managed Install and assign it to the AD group
User is just to login as they normally do and if the application is not installed on the computer then it will install the app.
Just have to manage users in AD to assign applications.
Is this possible?
Answers (3)
This is, in fact, possible. You can create an LDAP Device Label that is populated based on the user that is logged in. Granted, this would get kind of tricky on shared workstations, but if you generally have a 1:1 relationship of PC to User, then you should be fine.
We have several LDAP Device Labels that are based on the user. Here is one example:
Base DN: DC=domain,DC=org
Filter: (&(sAMAccountName=KBOX_USERNAME)(memberOf=CN=IS Staff,OU=Groups,DC=domain,DC=org))
As you can see, we're filtering on KBOX_USERNAME, which when run as a device label, contains the currently logged in user, and we're checking to see if that user is a member of our IS Staff group.
Comments:
-
But does the AD user have to have an account on the KACE appliance? Does the user have to be logged in to the appliance? - Mr_Moose 10 years ago
OK I have been tweaking a scripted install I created an small app that will return error if the user is not a member if a specified group. Tell me what you think
Verify
Launch “$(KACE_DEPENDENCY_DIR)\adgroups.exe” with params “Gajim Users”
Verify that the product “C:\Program Files (x86)\Gajim\bin\gajim.exe” does not hav version “0.15.1.0”
On Success
Install “Gajim” with arguments “gajim-0.15.4-3.exe /S”
Comments:
-
Forgot to add it runs as system and after login every time. - Mr_Moose 10 years ago