Packages ignoring machines with users in specific AD security groups

Follow

Jason Voice

• September 20, 2019 09:22
• Edited

Hi Guys

Is it possible to run - say an uninstall package - across all computers but ignoring specific machines where the logged in user is in a particular AD security group?

EG we want to ensure people are using a licenced copy of 'MySoftware' and we manage the licensing and distribution of 'MySoftware' by adding users to an AD security group that grants them and their machine access to a network location with the licensed installer.

The problem is they can get unlicensed versions of the software from the internet, so we want to run a PDQ scheduled package that removes all instances of 'MySoftware' from all computers where the user is not in the particular AD security group.

Is that possible?

Thanks.

0

• 

  Brad McClave

  • September 20, 2019 15:13
  • Edited

  An alternate way to think about it: when the license key is entered, does it create a registry entry?  If so, create a scanner for that, then a dynamic group based on the results of that scan.  You can run the uninstall on all machines not in that group.

  1

  Comment actions Permalink
• 

  Jason Voice

  • September 20, 2019 12:05

  Ah that's a great way of looking at it. Thanks for the idea. I'll take a look at that.

  0

  Comment actions Permalink
• 

  Brett L

  • October 02, 2019 13:12

  This is doable with a powershell or batch script (dsquery). It can query who is currently logged in, check that AD group, if they are in it, send a good exit code, if not send a bad exit code and tell PDQ Deploy to quit.

   

  Alternatively you can use pdq inventory as well to track, more of a static way.

  0

  Comment actions Permalink

Please sign in to leave a comment.