Packages ignoring machines with users in specific AD security groups

Hi Guys

Is it possible to run - say an uninstall package - across all computers but ignoring specific machines where the logged in user is in a particular AD security group?

EG we want to ensure people are using a licenced copy of 'MySoftware' and we manage the licensing and distribution of 'MySoftware' by adding users to an AD security group that grants them and their machine access to a network location with the licensed installer.

The problem is they can get unlicensed versions of the software from the internet, so we want to run a PDQ scheduled package that removes all instances of 'MySoftware' from all computers where the user is not in the particular AD security group.

Is that possible?




Date Votes
  • An alternate way to think about it: when the license key is entered, does it create a registry entry?  If so, create a scanner for that, then a dynamic group based on the results of that scan.  You can run the uninstall on all machines not in that group.

  • Ah that's a great way of looking at it. Thanks for the idea. I'll take a look at that.

  • This is doable with a powershell or batch script (dsquery). It can query who is currently logged in, check that AD group, if they are in it, send a good exit code, if not send a bad exit code and tell PDQ Deploy to quit.


    Alternatively you can use pdq inventory as well to track, more of a static way.


Please sign in to leave a comment.

Didn't find what you were looking for?

New post