For environments with a lot of applications and User-setups this is perfect.
We have appgroups for all our applications and all users are members of the appgroups they need depending on which applications they have access to.
These appgroups are the same as we use to make applications available in the Software Center.
This is just to give you a consept of how I make it possible to install applications based on AD-groups and you will probably have to change a lot of my script to make it work for you!
Also, having hardcoded username and passwords in your scripts is not a good idea. The reason I justify using it here is because these credentials have VERY limited read rights and are only used in PE and are never written to disk.
First of all, you have to make sure you have these two things working first:
- Powershell – Active Directory module in your bootimage (see this post)
- HTA / Frontend with “username input” (We use the “SMSTSUDAUsers”-variable that also sets user device affinity if configured.) see this link
To install these applications in the task sequence, we have a little script to get all appgroup memberships and create task sequence variables of these.
#########################################
## Name: Get-AppGoups.ps1 ##
## Version: 1.0 ##
## Author: Christoffer Stolpestad ##
## Mail: christoffer[at]stolpestad.net ##
#########################################
#Variables - Edit These!
$UserName = "domain\UserName" # User with AD-ReadAccess "contoso\user1"
$Password = "UserPassword" # Password
$DomainController = "DomainController" # Domain Controller
$Domain = "Contoso" # DomainName the same way you specified it in the SMSTSUDAUsers (http://technet.microsoft.com/en-us/library/hh846243.aspx)
$AppgroupPrefix = "App" # Prefix of AppGoups
$RemoveInFront = "3" # How Many Characters to remove from distinguished name."3" removes the 3 first "OU="
################################################################################################################################
#Import The ACtive Directory Module and Create the TS Environment
import-module ActiveDirectory
$TS = New-Object -ComObject Microsoft.SMS.TSEnvironment
#Get Username from TS-Var
$Username = $TS.Value('SMSTSUDAUsers')
$Username = $Username.substring($Domain.Length+1) #Removes Domain\ from Username
#Get AD Group Membership
$PW = ConvertTo-SecureString -String $Password -AsPlainText -Force
$Credentials = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName, $PW
$UserGroups = (Get-ADUser $Username -Server $DomainController -Credential $Credentials -Properties MemberOf).MemberOf
#Create Tables of AppGroups
$AppGroups = @()
Foreach ($Group in $UserGroups) {
$Group = ($Group.Substring($RemoveInFront)).split(",")[0]
$Group = $Group.Replace("Users","") # In our case we wanted to remove "Users" From the AppGroup-Name. This can be commented out
$GroupEntry = New-Object –TypeName PSObject
$GroupEntry | Add-Member -MemberType NoteProperty -Name Name -Value $Group
$AppGroups += $GroupEntry
}
#Sort out only AppGroups
$AppGroups = $AppGroups | where Name -Like "$AppgroupPrefix*"
#Create TS-Variable for each AppGroup
foreach ($App in $AppGroups) {
$App = $App.Name
$TS.Value($App) = "True"
}
What happens here:
Imports AD-module and creates the TaskSequence Environment
Gets the username you provided in your HTA/Frontend and removes “domain\” from the variable
Gets all the users group memberships from AD
Manipulates the names of the groups and creates table
Sorts out only the groups with your AppGroupPrefix (As you can see on the picture below, all our appgroups have the “App”-prefix)
Creates TS-Variable for each group and set its value to “True”
This is how the variable $AppGroups looks like after running the script (we do not use all these in our TS ;):
Right after the Frontend we launch the script to get the group memberships and set the TS-variables
On all the applications we have condition according to the appgroup name:
During OSD after the Get-AppGroups step, I opened a CMD-window and tested if the variables had been set.
And.. There we go!
If you find this useful, please leave a comment!
//Christoffer