Packages ignoring machines with users in specific AD security groups
Hi Guys
Is it possible to run - say an uninstall package - across all computers but ignoring specific machines where the logged in user is in a particular AD security group?
EG we want to ensure people are using a licenced copy of 'MySoftware' and we manage the licensing and distribution of 'MySoftware' by adding users to an AD security group that grants them and their machine access to a network location with the licensed installer.
The problem is they can get unlicensed versions of the software from the internet, so we want to run a PDQ scheduled package that removes all instances of 'MySoftware' from all computers where the user is not in the particular AD security group.
Is that possible?
Thanks.
0
Comments
An alternate way to think about it: when the license key is entered, does it create a registry entry? If so, create a scanner for that, then a dynamic group based on the results of that scan. You can run the uninstall on all machines not in that group.
Ah that's a great way of looking at it. Thanks for the idea. I'll take a look at that.
This is doable with a powershell or batch script (dsquery). It can query who is currently logged in, check that AD group, if they are in it, send a good exit code, if not send a bad exit code and tell PDQ Deploy to quit.
Alternatively you can use pdq inventory as well to track, more of a static way.
Please sign in to leave a comment.