Makes sense, but it is a question for Steve. I think that since EUD is still free, I would guess the answer is no, but just a guess.

I have a quick question. Does Steve’s System Center Tools mentioned below work on user accounts.  If so, is it near instant deployments to users as mentioned for computers?  The reason why I am asking is dealing with APP-V and SCCM R2.  We are trying to stick with SCCM R2 for virtualization of applications but this loses the instantaneous deployments to users.  Normally this is not an issue, but when we delete a computer ID from SCCM (to be able to reimage) all memberships would be lost and really not create a dynamic atmosphere that we are looking to achieve.

I know that normal SCCM distribution of software to users is “flakey” at best, but was hoping that using the tools below to monitor several AD groups (i.e. Adobe Reader) for added/deleted user accounts and force SCCM to speed up the deployment.  With the application be based on user ID, then when we have to reimage a machine, when the user logs on for the first time, all the apps will be available to stream/download to the system.

Making sense?

The issue with direct is the clients generate new guids and drop out of the collection. Direct also has a limit on how many machines can be in a collection, plus you need access to the console (PIA)

The issue with AD groups (there are many) is load on the server, how slow it is. It will be quite a while between add to ad group and get software.

We do so for 1800 apps on ~30,000 machines right now,with 4 collections and 4 ads per app We also have a custom app that does much the same as what bobosky’s tool does. If you decide to go with AD groups you will HAVE to have it.

This feature in particular

Update Collection Membership Automatically when AD Group membership changes. New in R2!

http://www.systemcentertools.com/esd2007.html

If  use direct to get the software on the machine, but do not expect or rely on the machines STAYING in the collection.

Easier, and solves all your issues, is a self service front end for SMS. There are quite a few out there, my favorite is http://www.sccmexpert.com/Products/ESD.aspx

There is also a free version (Rons web tools) and another free one from Zander over on SourceForge

I put some more comments down below.

Todd

It’s my strong assumption that few of the champs from this forum already tried collections created from either “AD Groups membership” or “direct SCCM Collections” for software distribution, typically full-fledged suite of apps (~150) in production environment where the application deployment is done on daily basis

I see only few points that worth noting down while choose between these (still thinking J)…appreciate others’ suggestions / best practices

Collection based on AD Groups membership

Direct SCCM Collection

Pros

1)      Ease of mgmt, from SCCM admin point of view as rest is done at AD level  (Except all the whining about how SLooowwww it is)

1)      Quicker membership to collection as there isn’t any latency - In fact Instant

2)      Quicker response times / SLA with service consumers as latency is near to nil (latency = policy polling interval)

3)      If console is used, any issues with clients (client0 is not yes, obsolete0 is yes etc cases..or even last discovery is stale) can be fixed before the membership to collection, better higher c-sat

Cons

1)      Directory Replication latency between domain controllers – no, the issue is the discovery interval. SMS does not know it is in the group until you run ad group discovery… it can take quite a while to run, and has a heavy load on the server.  And then all the collections will need to update on the same interval as discovery runs… that will kill your server.

2)      If there is a front-end tool that talks to AD for modification of groups, then this causes further latency – no, the front end would make the change in ad instantaneously. We use NetIQ at the moment

1)      Permissions needs to be given to field, despite selective folks for tighter control

2)      Console install at each field who modifies the members in collection (console does not work very well remotely, and once they have permission to modify a collection, they can jack it up and deploy software to all the machines, or the servers – BAD BAD IDEA)

3)      I think there are some scripts around, which helps to add/remove clients to collection (Use Ron’s web front end if you need a free solution to do this)

Thanks

Vasu

==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/

==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/

==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/

==============
Missed an email? Check out the list archive:
http://myitforum.com/cs2/blogs/smslist/