This post covers on user application deployment with SCCM 1910. Using Configuration Manager you can deploy applications to user collections and device collections.
In addition to that, you can also simulate the application deployment. To know more about deploying applications with Configuration Manager, read this article.
Lets look at a scenario where we need to deploy an application to a Business unit group. With SCCM, it becomes very easy to deploy the application directly to the user collection.
In the previous SCCM versions, you had to first install and configure both Application Catalog roles to benefit with this feature.
- Application Catalog Website Service point
- Application Catalog Web Service point
Most of all starting with SCCM 1806, you no longer need to install the above roles. That’s because the client uses their Management Point to discover the application deployed to the user collection and shows them in the Software Center.
Furthermore starting in SCCM version 1906, you can’t install new application catalog roles. Support ends for the application catalog roles with version 1910.
So let’s see how to deploy application to users with Microsoft Endpoint Configuration Manager 1910.
Enable Active Directory User Discovery Method
Before creating a dynamic SCCM user collection based on the Department attribute, you have to enable Active Directory User Discovery method. Follow the below steps :-
- Open the SCCM console.
- Go to Administration > Hierarchy Configuration > Discovery Methods.
- Make sure that the Active Directory User Discovery method is enabled.
Double click Active Directory User Discovery to view the Properties. Add Active Directory container that contains the related users. For example, we’re specifying the complete Domain to discover all Domain Users.
Click Active Directory Attributes tab. Under Available attributes, select department and click Add. Click OK.
Right click AD User Discovery method and click Run Full Discovery Now. Click Yes to confirm.
To monitor the Active Directory User Discovery, open the adusdis.log file. This log is located in Configuration Manager install directory\Microsoft Configuration Manager\Logs.
If you go to Assets and Compliance > Users Collection > All Users, the discovery method was successful.
Create User Collection in SCCM
Now we will create a dynamic collection that contains all IT Users. Select User Collections, and on top ribbon click Create User Collection.
On the Create User Collection Wizard, type in the name of collection. Click Browse and specify the Limiting Collection. Click Next.
In Membership rules, click Add Rule and select Query Rule.
Specify Query name and click Edit Query Statement.
On the General tab, click Show Query Language.
Copy and Paste the following query and click OK.
select * from SMS_R_User where SMS_R_User.department = “IT”
Click OK.
Finally on the Completion page, click Close.
SCCM User Application Deployment
Before deploying the application to the user collection, ensure that the deployment type is configured for user. You can follow the below steps.
Go to Software Library > Application Management > Applications. Select the application, in the Deployment Types tab, right click on the related one and click Properties.
In User Experience tab, select Install for system If resource is device; otherwise install for user in the Installation behavior option and click OK.
Right click the application and click Deploy.
On the General page, click Browse and select a target user collection. Click Next.
Select the deployment settings. You can deploy the application either as Available or Required. Click Next.
Specify the user experience settings. Click Next.
On the Completion page, click Close.
Login to the computer. Open the Software Center and you can see now the Microsoft Edge Chromium application.
Does user needs admin rights to install the application from software center once the app is exposed in software center?
Any article related to this will be helpful.
It shouldn’t be like that, but it acts like it is. When IT colleagues pick up from the Software Center to initiate the installation, the application is installed. When an unauthorized user starts the installation, the installation script will not run. ScriptHandler :: EnforceApp failed (0x800702e4).
Does anyone know a script to create user collections based on department. Just want to save time creating them all. I know it can be done by PShell but it’s beyond me to write it 🙂
I love using User collection. However, I have an issue with a few users that the application NOT showing up in there Software Center. I even created a new application and collection deployment and still with same results. I checked the logs on server and client too and nothing that pop-out significantly. Anybody experience this?
this solution is not working in Mutiple domains any thoughts ?
Is there way to deploy only to users primary device. When user login only should see application on their device not when user login to other devices
Yes – from the Deployment Type – Requirements tab. Type, select User – Primary Device and set the value to True.