I always believe a PTG should NOT include IT staff and instead have a good representation of the user base. IT cares about what we care about and the users care about what they care about. IT isn’t able to test some random accounting app that unknowingly takes advantage of a bug in the OS, which MS happened to patch this month. Multiply that by the thousands of apps floating around my organization and IT is unable to test every iteration based on the phase of the moon. So we turn to the experts of all that other software, the users themselves. Thats PTG.
There are additional controls in place as well. For example, each run can be limited to how many are added as well as the max to allow (1000 in this case). This way the helpdesk is not overloaded with removal requests or questions over what they just won. We can comfortably bring PTG up to where we want it. I have the script running on a weekly basis.
- Ability to blacklist people, VIPs for example, who should not be in here.
- Not re-add anyone who requested out
- If a machine is removed from AD for whatever reason, the person should be removed.
- Support HTML for the user email for logo etc so its prettier.
- Patch Testing Group Users
- Patch Testing Group Computers
One holds users and the other machines. The users is a DL that gets notification emails and the Computers group is tied to a Collection in ConfigMgr to get the patches early.
There is an EmailToUser.txt text file that is sent to the user when they “win”. Customize as your environment needs. The script itself has several variables at the top needing to be customized to your environment. Should be mostly self explanatory but still allows some granular control. Items worth expanding:
- blnTestRun – Test mode to make sure its running correctly before you let it loose.
- blnEmailUser – Allows you to tell the users they won or not.
- blnEmailTestUser – Lets you BCC the helpdesk to the user emails or not.
- strEmailsFromTech and strEmailsFromUser – Lets you use an established “from IT” mailbox but the techs see its coming from the script.
blnTestRun = True 'If True, the computer account and user accounts will not be added to the group. Emails will not be sent to the user either.
blnEmailUser = False 'do you want to email the end user that their computer has been added to the patch testing group? Test Run variable has to be set to False otherwise this is skipped.
blnEmailTestUser = False 'If set to True then the test email account will receive the indivdual emails as well
strPTGNameUser = "PTGTestGroupUsers" 'Name of group to contain user accounts
strPTGNameComputer = "PTGTestGroupComputers" 'Name of group to contain user accounts
intQuantity = 1000 'maximum number of computer accounts in the group
intMaxAddLimit = 50 'maximum number of computer accounts to add each time the script is run
intMinBuildDays = 30 'number of days past build date to look at for adding to the group. Make sure that User Device Affinity has had enough time to generate this
strEmailFile = ScriptPath()&"EmailToUser.txt" 'path to the standard email template
strSMTPServer = "smarthost.mycompany.com" 'SMTP server to use
strEmailsTech = "email@example.com" ' separate with semi-colon and space. Ex: "firstname.lastname@example.org; email@example.com"
strEmailFromTech = "PTGScript@mycompany.com" 'From address that goes to email addresses that receive test and summary messages
strEmailFromUser = "ITCommunications@mycompany.com" 'From address that users will see
strEmailTest = "firstname.lastname@example.org" 'Test email account that will receive the individual emails
strEmailSubjectUser = "Your computer has been added to the patch testing group" 'Subject in email that goes out to users
strSQLServer = "SCCMDBserver.mycompany.com" 'FQDN of SQL server hosting ConfigMgr database
strDB = "CM_DB" 'DB name of ConfigMgr
This script is provided as-is, no warranty is provided or implied.The author is NOT responsible for any damages or data loss that may occur through the use of this script. Always test, test, test before rolling anything into a production environment.
You can find the script referenced in this post as well as a sample enduser email here. You will need to tweak them for your environment as shown above.