I saw that question pop up frequently on the forums, so I thought i would give it a try.

Situation: You install an application which is ‘required’ on the computer (you could think of an antivirus product, tracking software, etc).

The user, who has administrative priviledges (I know, this should never happen ;-), removes the program for a another reason that for him, makes more sense (I don’t want to be tracked, I need space on the drive, I will clean up my computer so that it runs faster, you name it…).

Now you are in a situation where you do not want to redistribute the application to all computers since most of the computers still have it : basically, in Sccm terms, you do not want to change the deployment to ‘Always rerun advertisement’ as this would redeploy the application everywhere and most probably cause more problems than benefits. You don’t want either to have to monitor those computers that ‘loose’ that product and have to maintain a collection and reset the schedule to redeploy it.

The first thing to do is create a baseline collection, ie a collection that includes all computers where you want the application to be present (note that you could reuse an existing collection). Let’s call this collection ‘Basecollection’

The second step is to create a ‘sub-collection’ that filters the first collection by checking if the application is installed (it would usually be done via add/remove program or file inventory). Note that for this to work you will need to have Hardware or Software inventory enabled, and the effective update of the collection will be based on the frequency of the inventory (if you run the inventory once a week, you potentially could have to wait one week for the software to be reinstalled). Let’s call this collection ‘Sub-coll’

Example query for adobe reader X:

select SMS_R_SYSTEM.ResourceID,SMS_R_SYSTEM.ResourceType,SMS_R_SYSTEM.Name,SMS_R_SYSTEM.SMSUniqueIdentifier,SMS_R_SYSTEM.ResourceDomainORWorkgroup,SMS_R_SYSTEM.Client from SMS_R_System where SMS_R_System.Name not in (select SMS_R_System.Name  from  SMS_R_System inner join SMS_G_System_ADD_REMOVE_PROGRAMS on SMS_G_System_ADD_REMOVE_PROGRAMS.ResourceId = SMS_R_System.ResourceId where SMS_G_System_ADD_REMOVE_PROGRAMS.DisplayName like “Adobe Reader X”)

Do not forget to limit the sub collection via the ‘Limit To’ setting of the Query.

Now you can deploy the application to Sub-coll with a schedule of ‘As soon as possible’ and ‘Always rerun advertisement’ selected.

Of course, you would make sure that the package is deployed without the user being able to cancel the install (hidden or for Msi, use the ‘!’ character in the install command, and the ‘cancel’ button will not be visible)

Here is the command i use for reader X:

msiexec.exe /qb! ALLUSERS=2 /m MSIBBOPR /i “AdbeRdr1000_en_US.msi” TRANSFORMS=acread10.mst

By principle, one computer in the ‘BaseColl’ should not be present in the Sub-coll by default (at least if the application is already deployed). You can also choose to deploy the application the first time via this process, then you would potentially update the base collection query if you want a progressive install on groups of computers, or let it as it is if you want a mass deployment at a specific time. (I think it is easier to first deploy, then manage the uninstalls separately)

Once the application is removed and the inventory runs the sub collection is populated again with the computer where the application is now missing.

Since the application deployment is set to always rerun, it will simply reinstall.

Note that for this to work, you need to make sure that

Hardware or software Inventory is enabled, the sub collection is set to update at interval and the combined lag between removal, inventory and collection update is in line with the time you are allowed to have this computer without the application.

I tested it and it works fine in my environment. Of course no solution is perfect, but this one has the following advantages:

You can target any collection (since you use a base collection, you have full control of where the application will be reinstalled and where you prefer to not automatically do it).

The detection method for the application existence is simply based on existing inventory

The process is fully automated

You avoid the problem of reinstalling the application where it already exists.

Final note: do not forget that when you upgrade the application or the user updates it himself (I guess that if he can remove it, he can upgrade it), then you will have to monitor and change your subcollection query appropriately to avoid ‘downgrades’

Feel free to post comments if you need more information or to correct some mistakes.

Advertisements